Search Results

Search found 21268 results on 851 pages for 'null route'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 658/851 | < Previous Page | 654 655 656 657 658 659 660 661 662 663 664 665  | Next Page >

  • NFS4 permission denied when userid does not match (even though idmap is working)

    - by SystemParadox
    I have NFS4 setup with idmapd working correctly. ls -l from the client shows the correct user names, even though the user ids differ between the machines. However, when the user ids do not match, I get 'permission denied' errors trying access files, even though ls -l shows the correct username. When the user ids do happen to match by coincidence, everything works fine. sudo sysctl -w sunrpc.nfsd_debug=1023 gives the following output in the server syslog for the failed file access: nfsd_dispatch: vers 4 proc 1 nfsv4 compound op #1/3: 22 (OP_PUTFH) nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) nfsv4 compound op ffff88003d0f5078 opcnt 3 #1: 22: status 0 nfsv4 compound op #2/3: 3 (OP_ACCESS) nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) nfsd: fh_verify - just checking nfsv4 compound op ffff88003d0f5078 opcnt 3 #2: 3: status 0 nfsv4 compound op #3/3: 9 (OP_GETATTR) nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) nfsd: fh_verify - just checking nfsv4 compound op ffff88003d0f5078 opcnt 3 #3: 9: status 0 nfsv4 compound returned 0 nfsd_dispatch: vers 4 proc 1 nfsv4 compound op #1/7: 22 (OP_PUTFH) nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) nfsv4 compound op ffff88003d0f5078 opcnt 7 #1: 22: status 0 nfsv4 compound op #2/7: 32 (OP_SAVEFH) nfsv4 compound op ffff88003d0f5078 opcnt 7 #2: 32: status 0 nfsv4 compound op #3/7: 18 (OP_OPEN) NFSD: nfsd4_open filename dom_file op_stateowner (null) renewing client (clientid 4f96587d/0000000e) nfsd: nfsd_lookup(fh 28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba, dom_file) nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) nfsd: fh_verify - just checking nfsd: fh_lock(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) locked = 0 nfsd: fh_compose(exp 08:01/22806529 srv/dom_file, ino=22809724) nfsd: fh_verify(36: 01070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) nfsd: fh_verify - just checking fh_verify: srv/dom_file permission failure, acc=804, error=13 nfsv4 compound op ffff88003d0f5078 opcnt 7 #3: 18: status 13 nfsv4 compound returned 13 Is that useful to anyone? Any hints on to debug this would be greatly appreciated. Server kernel: 2.6.32-40-server (Ubuntu 10.04) Client kernel: 3.2.0-27-generic (Ubuntu 12.04) Same problem with my new server running 3.2.0-27-generic (Ubuntu 12.04). Thanks.

    Read the article

  • Jira access with AJP-Proxy

    - by user60869
    I want to Configure the Jira-Acces over APJ-Proxy. I proceeded as follows (Following this howto: http://confluence.atlassian.com/display/JIRA/Configuring+Apache+Reverse+Proxy+Using+the+AJP+Protocol) : 1) In the server.xml I activate the AJP: 2) Edit VHOST Konfiguration: # Load Proxy-Modules LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so # Load AJP-Modules LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so # Proxy Configuration <IfModule proxy_http_module> ProxyRequests Off ProxyPreserveHost On # Basic AuthType configuration <Proxy *> AuthType Basic AuthName Bamboo-Server AuthUserFile /var/www/userdb Require valid-user AddDefaultCharset off Order deny,allow Deny from all Allow from 192.168.0.1 satisfy any </Proxy> ProxyPass /bamboo http://localhost:8085/bamboo ProxyPassReverse /bamboo http://localhost:8085/bamboo ProxyPass /jira ajp://localhost:8009/ ProxyPassReverse /jira ajp://localhost:8009/ </IfModule> EDIT: In the logs if found follow: //localhost:8080/ [Fri Nov 19 14:51:13 2010] [debug] proxy_util.c(1819): proxy: worker ajp://localhost:8080/ already initialized [Fri Nov 19 14:51:13 2010] [debug] proxy_util.c(1913): proxy: initialized single connection worker 1 in child 5578 for (localhost) [Fri Nov 19 14:51:32 2010] [error] ajp_read_header: ajp_ilink_receive failed [Fri Nov 19 14:51:32 2010] [error] (120006)APR does not understand this error code: proxy: read response failed from (null) (localhost) [Fri Nov 19 14:51:32 2010] [debug] proxy_util.c(2008): proxy: AJP: has released connection for (localhost) [Fri Nov 19 14:51:32 2010] [debug] mod_deflate.c(615): [client xx.xx.xx.xx Zlib: Compressed 468 to 320 : URL /jira But It dosen´t work. Somebody have an idea?

    Read the article

  • Samba 3.5 Shadow Copy for Windows 7

    - by Prashanth Sundaram
    Over the past several days I have been trying to get the shadow to work with samba but haven’t been successful. Can someone check below config and let me know if I am missing something? We are using Equallogic SAN and iSCSI LUNS to mount volumes. I can cleanly access samba shares on Windows 7 clients but just not shadow copy. I have referred the official how-to but couldn’t get it to work. I see these messages in the logs. Any help is deeply appreciated. [2012/10/31 12:20:53.549863, 0] smbd/nttrans.c:2170(call_nt_transact_ioctl) FSCTL_GET_SHADOW_COPY_DATA: connectpath /fs/test-01, failed. [2012/10/31 12:21:13.887198, 0] modules/vfs_shadow_copy2.c:734(shadow_copy2_get_shadow_copy2_data) shadow:snapdir not found for /fs/test-01 in get_shadow_copy_data [2012/10/31 12:21:13.887265, 0] smbd/nttrans.c:2170(call_nt_transact_ioctl) FSCTL_GET_SHADOW_COPY_DATA: connectpath /fs/test-01, failed. == Samba pkgs == samba-3.5.10-116.el6_2.x86_64 samba-common-3.5.10-116.el6_2.x86_64 samba-winbind-clients-3.5.10-116.el6_2.x86_64 samba-client-3.5.10-116.el6_2.x86_64 === df –h == First is the iSCSI LUN and 2 others are snapshots. /dev/mapper/eql-0-fs-test01 5.0G 2.3G 2.5G 48% /fs/test-01 /dev/mapper/eql-2-0+fs-test01 5.0G 2.3G 2.5G 48% /fs/test-01/@GMT-2012.10.26-17.32.42/fs/test-01 (SNAPSHOT-1) /dev/mapper/eql-d-0+fs-test01 5.0G 2.3G 2.5G 48% /fs/test-01/@GMT-2012.10.31-11.52.42/fs/test-01 (SNAPSHOT- 2) ===/etc/samba/smb.conf === [global] workgroup = DOMAIN server string = Samba Server Version %v security = ads realm = DOMAIN.CORP encrypt passwords = yes guest account = nobody map to guest = bad uid log file = /var/log/samba/%m.log domain master = no local master = no preferred master = no os level = 0 load printers = no show add printer wizard = no printable = no printcap name = /dev/null disable spoolss = yes follow symlinks = yes wide links = yes unix extensions = no [test] comment = Test Directories path = /fs/test-01 vfs objects = shadow_copy2 #shadow_copy2: sort = desc #shadow: localtime = yes #shadow: snapdir = /fs/test-01/test #shadow: basedir = /fs/test-01 guest ok = yes writeable = yes map archive = no force create mode = 0660 force directory mode = 2770 inherit owner = yes inherit permissions = yes All feedback is welcome. Thanks!

    Read the article

  • "Options ExecCGI is off in this directory" When try to run Ruby code using mod_ruby

    - by Itay Moav
    I am on Ubuntu, Apache 2.2 Installed the fcgi via apt-get then removed it via apt-get remove. Installed mod-ruby configuration I added to Apache: LoadModule ruby_module /usr/lib/apache2/modules/mod_ruby.so RubyRequire apache/ruby-run <Directory /var/www> Options +ExecCGI </Directory> <Files *.rb> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> <Files *.rbx> SetHandler ruby-object RubyHandler Apache::RubyRun.instance </Files> I have a file in the www direcoty with puts 'baba' I have other files in that directory, all accessible via Apache. Test file has been chmod 777 In the browser I get 403. In Apache error log I get: [error] access to /var/www/t.rb failed for (null), reason: Options ExecCGI is off in this directory If I move this to a sub folder rubytest and modify the relevant config to be: <Directory /var/www/rubytest> Options +ExecCGI </Directory> and making sure the directory has 755 permissions on it, it just try to download the file, as if it does not recognize the postfix *.rb any more If I give directory and files 777 it fails: usr/lib/ruby/1.8/apache/ruby-run.rb:53: warning: Insecure world writable dir /var/www/rubytest in LOAD_PATH, mode 040777 [Tue May 24 19:39:58 2011] [error] mod_ruby: error in ruby [Tue May 24 19:39:58 2011] [error] mod_ruby: /usr/lib/ruby/1.8/apache/ruby-run.rb:53:in load': loading from unsafe file /var/www/rubytest/t.rb (SecurityError) [Tue May 24 19:39:58 2011] [error] mod_ruby: from /usr/lib/ruby/1.8/apache/ruby-run.rb:53:in handler' BUT, IF I USE *.rbx it works like a charm...go figure.

    Read the article

  • Why would I be getting IXFR and AXFR transfer denied on my DNS server?

    - by danielj
    From everything I've researched and tried, it appears that my named.conf is configured correctly, including the allow-transfer section. Here is a sample of the errors. It is only happening with a couple of my secondary servers, but it is happening for every zone for those servers that are failing. One of the servers is attempting IXFR, the other AXFR. The result is the same: 18-Mar-2011 14:27:51.372 security: error: client 84.234.24.90#59208: zone transfer 'juansgaranton.com/IXFR/IN' denied 18-Mar-2011 14:32:18.015 security: error: client 174.37.196.55#50783: zone transfer 'cheshirecat.net/AXFR/IN' denied Here is the relevant part of named.conf. options { directory "/etc/bind"; pid-file "/var/run/named/named.pid"; files 4096; allow-transfer { 140.186.190.103; 84.234.24.90; 207.246.95.34; 203.20.52.5; 140.186.190.103; 127.0.0.1; 174.37.196.55; }; }; logging { channel "bind" { file "/var/log/bind.log" versions 3; print-time yes; print-severity yes; print-category yes; severity info; }; category lame-servers { null; }; category "default" { "bind"; }; };

    Read the article

  • How do I troubleshoot a segfault in Ubuntu that occurs when typing a bogus command?

    - by Alan
    We've got a production server running Ubuntu 11.10. We're encountering segfaults that appear under various conditions. The simplest reproducible case is when we login to an ssh session as our administrative user and enter a bogus command. You'd expect the standard "command not found" error message. Instead, we get a segfault in python. The user's default shell is /bin/bash. For example: $ asdf Segmentation fault Info from /var/log/syslog: Jul 6 15:39:20 PROD001 kernel: [2155960.605695] python[7873]: segfault at 0 ip (null) sp 00007fffd030b808 error 14 in python2.7[400000+233000] Some details about the server: $ uname -a Linux PROD001 3.0.0-16-server #29-Ubuntu SMP Tue Feb 14 13:08:12 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux $ cat /etc/issue Ubuntu 11.10 \n \l Before we ask the IT department to reinstall the O.S., I'd like to understand what got us here. The system and/or this particular user's environment is suspect. Many people have touched this server over the past year, so I'm wondering if it is missing libraries, incorrectly installed packages, etc. I'm hoping that if we can understand what's going wrong in this case, it will help explain why we're getting segfaults in a couple of other scenarios. Any tips on troubleshooting this segfault will be appreciated!

    Read the article

  • Unable to start tomcat6: Java error (Exception in thread "main")

    - by Nyxynyx
    After installing tomcat6 on CentOS 6.3, I am unable to start tomcat6 server. root@host [/var/log/tomcat6]# service tomcat6 start Starting tomcat6: [ OK ] Although it says OK, I cant access http://mydomain.com:8080. catalina.out Exception in thread "main" java.lang.NullPointerException at java.lang.VMClassLoader.defineClass(libgcj.so.10) at java.lang.ClassLoader.defineClass(libgcj.so.10) at java.security.SecureClassLoader.defineClass(libgcj.so.10) at java.net.URLClassLoader.findClass(libgcj.so.10) at gnu.gcj.runtime.SystemClassLoader.findClass(libgcj.so.10) at java.lang.ClassLoader.loadClass(libgcj.so.10) at java.lang.ClassLoader.loadClass(libgcj.so.10) at gnu.java.lang.MainThread.run(libgcj.so.10) Tomcat6 was installed using yum: yum -y install java tomcat6 tomcat6-webapps tomcat6-admin-webapps When I tried to find the version: tomcat6 version: Exception in thread "main" java.lang.NoClassDefFoundError: org.apache.catalina.util.ServerInfo at gnu.java.lang.MainThread.run(libgcj.so.10) Caused by: java.lang.ClassNotFoundException: org.apache.catalina.util.ServerInfo not found in gnu.gcj.runtime.SystemClassLoader{urls=[], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}} at java.net.URLClassLoader.findClass(libgcj.so.10) at gnu.gcj.runtime.SystemClassLoader.findClass(libgcj.so.10) at java.lang.ClassLoader.loadClass(libgcj.so.10) at java.lang.ClassLoader.loadClass(libgcj.so.10) at gnu.java.lang.MainThread.run(libgcj.so.10) Any idea what I should do? Thanks!

    Read the article

  • Filtering bad requests from Apache -> logger -> rsyslog to syslog-ng on a remote logging server possible?

    - by zeyus
    EDIT: Thanks for the help Here is a quick idea of the setup: webserver X In apache httpd.conf: LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vcombined CustomLog "|/usr/bin/logger -p local6.info -t access " vcombined In rsyslog.conf: *.* @logserver Logserver syslog-ng.conf: ... parser p_apache {csv-parser(columns( "APACHE.VIRTUAL_HOST", "APACHE.CLIENT_IP", "APACHE.IDENT_NAME", "APACHE.USER_NAME", "APACHE.TIMESTAMP", "APACHE.REQUEST_URL", "APACHE.REQUEST_STATUS", "APACHE.CONTENT_LENGTH", "APACHE.REFERER", "APACHE.USER_AGENT", "APACHE.PROCESS_TIME", "APACHE.SERVER_NAME") # flags: # escape-none,escape-backslash,escape-double-char, # strip-whitespace flags(escape-double-char,strip-whitespace) delimiters(" ") quote-pairs('""[]') );}; ... source s_net { udp(ip(0.0.0.0) port(514) so_rcvbuf(1048576)); }; destination hosts_acc { file("/var/log/hosts/$HOST/${APACHE.VIRTUAL_HOST}_acc.log"); }; filter f_apacheacc { facility(local6); }; log { source(s_net); parser(p_apache); filter(f_apacheacc); destination(hosts_acc); }; ... The log's get there just fine, but there are a LOT of logs like the following: -rw------- 1 root root 5726 Apr 6 01:02 xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 23435 Apr 6 01:06 \xc3\x9ed$yA;_acc.log -rw------- 1 root root 745 Apr 6 00:57 xc3\x9ed$yA;_acc.log -rw------- 1 root root 8440 Apr 5 22:50 \xc3\xaf_F\xc3\x95$yA;_acc.log -rw------- 1 root root 3112 Apr 6 00:58 xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 4220 Apr 5 22:03 xe2\x80\x98\twd\xc2\xa2\xc2\xb0\xc3\x96$yA;_acc.log -rw------- 1 root root 1055 Apr 5 22:03 xe2\x80\x98\xc2\x9dw\xc3\x94\xc3\xb4T\xc5\x93$yA;_acc.log -rw------- 1 root root 1821 Apr 6 00:58 \xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 2875 Apr 6 01:02 xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log -rw------- 1 root root 3165 Apr 5 22:48 \xe2\x80\x99-w\xc3\xaf_F\xc3\x95$yA;_acc.log -rw------- 1 root root 3165 Apr 5 22:40 \xe2\x80\x99\xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 15825 Apr 5 22:50 xe2\x80\x99\xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 1055 Apr 5 22:39 \xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 2110 Apr 5 22:50 xe2\x80\x9aw\xe2\x82\xac\xc2\xbd\xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 2034 Apr 5 22:50 \xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 4066 Apr 5 22:45 xe2\x80\x9d($yA;_acc.log -rw------- 1 root root 7212 Apr 6 13:30 \xe2\x80\xb9>$yA;_acc.log -rw------- 1 root root 3000 Apr 6 13:25 xe2\x80\xb9>$yA;_acc.log My question is where, and how can I filter these out, I don't want them on the filesystem (But actually I guess it wouldn't be a bad idea to keep them logged, but in their correct VHost file) Here is an example VHost <VirtualHost *:80> ServerAdmin [email protected] ServerName xxx.xx DocumentRoot /var/www/vhosts/xxx <Directory /var/www/vhosts/xxx> AllowOverride All Options All RewriteEngine on </Directory> </VirtualHost> And the default "catch-all" vhost at the bottom of the vhosts config file: <VirtualHost *:80> ServerName default ServerAlias * ServerAlias catchall.xxx.xx DocumentRoot /var/www/vhosts/nodomain <Directory "/var/www/vhosts/nodomain"> Options Indexes FollowSymLinks AllowOverride none Allow from All </Directory> CustomLog /dev/null combined ErrorLog /dev/null </VirtualHost> I had posted this in a related question but It's better in it's own question. Here are some examples from inside the log files r_acc.log: Apr 7 11:16:27 xxxxx access: r PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" Apr 7 11:16:28 xxxxx access: r PC 5.0; eSobiSubscriber 2.0.4.16; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" ######################## D46-28E2-0FBC95-78798EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log: Apr 7 14:54:06 xxxxx access: D46-28E2-0FBC95-78798EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; B557000E-F20D-35DD-021A-9824EC-17A4AFV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 3BD03D7B-EEFD-83FF-7599-B751AD-6F0A2EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 9CAE0724-D455-0B31-3378-871C11-BBD0A4V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; C1E24799-3979-2452-81-3BAA0FFD361F5A; 0E701CBC-5832-5AB6-D5-CFBF9BDE863EAA; 464714B1-B3E2-774A-A4-FEA612A46CEE06; 74C817B0-D081-D2CC-6D-C4EF0F1B4F49BB; 1338B1DE-67CD-977C-B35D-1F2C4441DD6A; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; BRI/2)" ######################## V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA;_acc.log: Apr 7 14:55:04 xxxxx access: V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; FEEACE4F-092A-1D46-28E2-0FBC95-78798EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; B557000E-F20D-35DD-021A-9824EC-17A4AFV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 3BD03D7B-EEFD-83FF-7599-B751AD-6F0A2EV\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; 9CAE0724-D455-0B31-3378-871C11-BBD0A4V\xe2\x80\x94w\xe2\x80\x98\xc3\x9d\xc3\x9ed$yA; C1E24799-3979-2452-81-3BAA0FFD361F5A; 0E701CBC-5832-5AB6-D5-CFBF9BDE863EAA; 464714B1-B3E2-774A-A4-FEA612A46CEE06; 74C817B0-D081-D2CC-6D-C4EF0F1B4F49BB; 1338B1DE-67CD-977C-B35D-1F2C4441DD6A; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; BRI/2)" ################### xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA;_acc.log: Apr 7 19:48:39 xxxxx access: xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 3C12D25C-9D40-91CF-1F40-AC-B1A083426DV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; D4713FA8-0142-A0C2-4812-BA-E03221005BV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 199BAF2A-ECD5-39FA-65C3-E8-B107FAFF08V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 384BDA70-9954-7744-05A0-C4-C7D9FEA685V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; EE7292A9-333C-AF70-5A7F-55-CAA7D0BA39V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; -AD7D48FA3A55-2A33-D10B-B4B66276D8B8; -166A9C6A2E71-24DF-A192-C8258AA4DE14; -00077C6C84E0-A302-4954-3D6D17C54D31; 3F56C318-EC3C-432B-680F-7E4BB2B852C4; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" Apr 7 19:48:39 xxxxx access: xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 3C12D25C-9D40-91CF-1F40-AC-B1A083426DV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; D4713FA8-0142-A0C2-4812-BA-E03221005BV-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 199BAF2A-ECD5-39FA-65C3-E8-B107FAFF08V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; 384BDA70-9954-7744-05A0-C4-C7D9FEA685V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; EE7292A9-333C-AF70-5A7F-55-CAA7D0BA39V-w\xc2\x90\xc3\x91\xc3\x94\xc2\xab$yA; -AD7D48FA3A55-2A33-D10B-B4B66276D8B8; -166A9C6A2E71-24DF-A192-C8258AA4DE14; -00077C6C84E0-A302-4954-3D6D17C54D31; 3F56C318-EC3C-432B-680F-7E4BB2B852C4; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" Thanks

    Read the article

  • arp problems with transparent bridge on linux

    - by Mink
    I've been trying to secure my virtual machines on my esx server by putting them behind a transparent bridge with 2 interfaces, one in front, one at the back. My intention is to put all the firewall rules in one place (instead of on each virtual server). I've been using as bridge a blank new virtual machine based on arch linux (but I suspect it doesn't matter which brand of linux it is). What I have is 2 virtual switchs (thus two Virtual Network, VN_front and VN_back), each with 2 types of ports (switched/separated or promiscious/where the machine can see all packets). On my bridge machine, I've set up 2 virtual NIC, one on VN_front, one on VN_back, both in promisc mode. I've created a bridge br0 with both NIC in it: brctl addbr br0 brctl stp br0 off brctl addif br0 front_if brctl addif br0 back_if Then brought them up: ifconfig front_if 0.0.0.0 promisc ifconfig back_if 0.0.0.0 promisc ifconfig br0 0.0.0.0 (I use promisc mode, because I'm not sure I can do without, thinking that maybe the packets don't reach the NICs) Then I took one of my virtual server sitting on VN_front, and plugged it to VN_back instead (that's the nifty use case I'm thinking about, being able to move my servers around just by changing the VN they are plugged into, without changing anything in the configuration). Then I looked into the macs "seen" by my addressless bridge using brctl showmacs br0 and it did show my server from both sides: I get something that looks like this : port no mac addr is local? ageing timer 2 00:0c:29:e1:54:75 no 9.27 1 00:0c:29:fd:86:0c no 9.27 2 00:50:56:90:05:86 no 73.38 1 00:50:56:90:05:88 no 0.10 2 00:50:56:90:05:8b yes 0.00 << FRONT VN 1 00:50:56:90:05:8c yes 0.00 << BACK VN 2 00:50:56:90:19:18 no 13.55 2 00:50:56:90:3c:cf no 13.57 the thing is that the server that are plugged in front/back are not shown on the correct port. I suspect some horrible thing happening in the ARP-world... :-/ If I ping from a front virtual server to a back virtual server, I can only see the back machine if that back machine pings something in the front. As soon as I stop the ping from the back machine, the ping from the front machine stops getting through... I've noticed that if the back machine pings, then its port on the bridge is the correct one... I've tried to play with the arp_ switch of /proc/sys, but with no clear effect on the end result... /proc/sys/net/ipv4/ip_forward doesn't seem to be of any use when using a bridge (seems it's all taken care of by brctl) /proc/sys/net/ipv4/conf//arp_ don't seem to change much either... (tried arp_announce to 2 or 8 - like suggested elsewhere - and arp_ignore to 0 or 1 ) All the examples I've seen have a different subnet on either side like 10.0.1.0/24 and 10.0.2.0/24... In my case I want 10.0.1.0/24 on both side (just like a transparent switch - except it's a hidden fw ). Turning stp on/off doesn't seem to have any impact on my issue. It's as if the arp packets where getting through the bridge, corrupting the other side with false data... I've tried to use the -arp on each interface, br0, front, back... it breaks the thing altogether... I suspect it has something to do with both side being on the same subnet... I've thought about putting all my machine behind the fw, so as to have all the same subnet at the back... but I'm stuck with my provider's gateway standing at the front with part of my subnet (in fact 3 appliance to route the whole subnet), so I'll always have ips from the same subnet on both side, whatever I do... (I'm using fixed front IPs on my delegated subnet). I'm at a loss... -_-'' Thx for your help. (As anyone tried something like this? from within ESXi?) (It's not just a stunt, the idea is to have something like fail2ban running on some servers, sending their banned IP to the bridge/fw so that it too could ban them - saving all the other servers from that same attacker in one go, allowing for some honeypot that would trigger the fw from any kind of suitable response, and stuffs of the sort... I am aware I could use something like snort, but it addresses some completely different kind of problems, in a completely different way... )

    Read the article

  • Samba server NETBIOS name not resolving, WINS support not working

    - by Eric
    When I try to connect to my CentOS 6.2 x86_64 server's samba shares using address \\REPO (NETBIOS name of REPO), it times out and shows an error; if I do so directly via IP, it works fine. Furthermore, my server does not work correctly as a WINS server despite my samba settings being correct for it (see below for details). If I stop the iptables service, things work properly. I'm using this page as a reference for which ports to use: http://www.samba.org/samba/docs/server_security.html Specifically: UDP/137 - used by nmbd UDP/138 - used by nmbd TCP/139 - used by smbd TCP/445 - used by smbd I really really really want to keep the secure iptables design I have below but just fix this particular problem. SMB.CONF [global] netbios name = REPO workgroup = AWESOME security = user encrypt passwords = yes # Use the native linux password database #passdb backend = tdbsam # Be a WINS server wins support = yes # Make this server a master browser local master = yes preferred master = yes os level = 65 # Disable print support load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # Restrict who can access the shares hosts allow = 127.0.0. 10.1.1. [public] path = /mnt/repo/public create mode = 0640 directory mode = 0750 writable = yes valid users = mangs repoman IPTABLES CONFIGURE SCRIPT # Remove all existing rules iptables -F # Set default chain policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # Allow incoming SSH iptables -A INPUT -i eth0 -p tcp --dport 22222 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22222 -m state --state ESTABLISHED -j ACCEPT # Allow incoming HTTP #iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT #iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT # Allow incoming Samba iptables -A INPUT -i eth0 -p udp --dport 137 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 137 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 138 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 138 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 139 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 139 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 445 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 445 -m state --state ESTABLISHED -j ACCEPT # Make these rules permanent service iptables save service iptables restart**strong text**

    Read the article

  • Launch synergy client on boot in Mac OS X

    - by Herms
    I have a mac as a secondary machine at work. Currently I use synergy on my main machine to share its keyboard and mouse with the mac. I created a launch agent for my user to launch synergy when I log in, and that's working. However, this means I still have to pull out the mac's keyboard and mouse in order to log in. I tried making a user daemon so that it would launch on boot, but I get the following errors in the console: LaunchSynergy[52] Tue Jul 14 12:41:44 testmacpro.local synergyc[52] <Warning>: 3891612: (CGSLookupServerRootPort) Untrusted apps are not allowed to connect to or launch Window Server before login. LaunchSynergy[52] Tue Jul 14 12:41:44 testmacpro.local synergyc[52] <Error>: kCGErrorRangeCheck : On-demand launch of the Window Server is allowed for root user only. LaunchSynergy[52] Tue Jul 14 12:41:44 testmacpro.local synergyc[52] <Error>: kCGErrorRangeCheck : Set a breakpoint at CGErrorBreakpoint() to catch errors as they are returned LaunchSynergy[52] _RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL. Is there a way to get this to work? Looks like the Mac's security doesn't want to allow anything to take control of the window while at the login screen. I can understand that, but I'd like a way to override it, as it would make my life a lot easier.

    Read the article

  • needing storage integrity (write/read) test - for BASH

    - by Mr. Bash
    In need of shell scripts / bash commands to verify data integrity of local harddrives, usb-drives, etc, ... Like the famous www.heise.de/download/h2testw; or something that is at least common within repositories. (h2testw writes a specific datastring over and over onto the medium, then reads it again to verify if it was written correctly and displays write/read time/speed.) please no dd if=/dev/random of=/dev/sdx bs=1k && dd if=/dev/sdx of=/dev/null bs=1k since it won't verify if everything was written correctly. It is only a test if read/write is successful to the device. So far, I'm not too happy with badblocks -w -v /dev/sdx1 either, since it seems rather slow and I don't know what it exactly writes, and if it considers wear-leveling on flash media. There is also a program named F3 http://oss.digirati.com.br/f3/ that needs to be compiled. Designed after h2testw, the concept sounds interesting, i'd just rather have it as a ready to go bash script.

    Read the article

  • Windows Task Scheduler fails on EventData instruction

    - by Pete
    The Scheduled Task fails on the Event Data instruction in this XML: <ValueQueries> <Value name="eventChannel">Event/System/Channel</Value> <Value name="eventRecordID">Event/System/EventRecordID</Value> <Value name="eventData">Event/EventData/Data</Value> </ValueQueries> The other 2 fields can be passed as arguments and the EventData syntax matches other websites, so I don't know why it's failing. This is the Event Viewer XML: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Aptify.ExceptionManagerPublishedException" /> <EventID Qualifiers="0">0</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-07T19:39:14.000000000Z" /> <EventRecordID>97555</EventRecordID> <Channel>Application</Channel> <Computer>[Computer Name]</Computer> <Security /> </System> <EventData> <Data>General Information ********************************************* Additional Info: ExceptionManager.MachineName: [Computer Name] ExceptionManager.TimeStamp: 11/7/2013 12:39:14 PM ExceptionManager.FullName: AptifyExceptionManagement, Version=4.0.0.0, Culture=neutral, PublicKeyToken=[key] ExceptionManager.AppDomainName: Aptify Shell.exe ExceptionManager.ThreadIdentity: ExceptionManager.WindowsIdentity: ACA_DOMAIN\pbassett 1) Exception Information ********************************************* Exception Type: Aptify.Framework.BusinessLogic.GenericEntity.AptifyGenericEntityValidationException Entity: Tasks ErrorString: Task Type "Make Contact" is not active. MachineName: [machine] CreatedDateTime: 11/7/2013 12:39:14 PM AppDomainName: Aptify Shell.exe ThreadIdentityName: WindowsIdentityName: [identity] Severity: 0 ErrorNumber: 0 Message: Task Type "Make Contact" is not active. Data: System.Collections.ListDictionaryInternal TargetSite: Boolean Save(Boolean, System.String ByRef, Sys tem.String) HelpLink: NULL Source: AptifyGenericEntity StackTrace Information ********************************************* at Aptify.Framework.BusinessLogic.GenericEntity.AptifyGenericEntity.Save(Boolean AllowGUI, String& ErrorString, String TransactionID)</Data> </EventData> </Event>

    Read the article

  • Cisco ASA - Enable communication between same security level

    - by Conor
    I have recently inherited a network with a Cisco ASA (running version 8.2). I am trying to configure it to allow communication between two interfaces configured with the same security level (DMZ-DMZ) "same-security-traffic permit inter-interface" has been set, but hosts are unable to communicate between the interfaces. I am assuming that some NAT settings are causing my issue. Below is my running config: ASA Version 8.2(3) ! hostname asa enable password XXXXXXXX encrypted passwd XXXXXXXX encrypted names ! interface Ethernet0/0 switchport access vlan 400 ! interface Ethernet0/1 switchport access vlan 400 ! interface Ethernet0/2 switchport access vlan 420 ! interface Ethernet0/3 switchport access vlan 420 ! interface Ethernet0/4 switchport access vlan 450 ! interface Ethernet0/5 switchport access vlan 450 ! interface Ethernet0/6 switchport access vlan 500 ! interface Ethernet0/7 switchport access vlan 500 ! interface Vlan400 nameif outside security-level 0 ip address XX.XX.XX.10 255.255.255.248 ! interface Vlan420 nameif public security-level 20 ip address 192.168.20.1 255.255.255.0 ! interface Vlan450 nameif dmz security-level 50 ip address 192.168.10.1 255.255.255.0 ! interface Vlan500 nameif inside security-level 100 ip address 192.168.0.1 255.255.255.0 ! ftp mode passive clock timezone JST 9 same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network DM_INLINE_NETWORK_1 network-object host XX.XX.XX.11 network-object host XX.XX.XX.13 object-group service ssh_2220 tcp port-object eq 2220 object-group service ssh_2251 tcp port-object eq 2251 object-group service ssh_2229 tcp port-object eq 2229 object-group service ssh_2210 tcp port-object eq 2210 object-group service DM_INLINE_TCP_1 tcp group-object ssh_2210 group-object ssh_2220 object-group service zabbix tcp port-object range 10050 10051 object-group service DM_INLINE_TCP_2 tcp port-object eq www group-object zabbix object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service http_8029 tcp port-object eq 8029 object-group network DM_INLINE_NETWORK_2 network-object host 192.168.20.10 network-object host 192.168.20.30 network-object host 192.168.20.60 object-group service imaps_993 tcp description Secure IMAP port-object eq 993 object-group service public_wifi_group description Service allowed on the Public Wifi Group. Allows Web and Email. service-object tcp-udp eq domain service-object tcp-udp eq www service-object tcp eq https service-object tcp-udp eq 993 service-object tcp eq imap4 service-object tcp eq 587 service-object tcp eq pop3 service-object tcp eq smtp access-list outside_access_in remark http traffic from outside access-list outside_access_in extended permit tcp any object-group DM_INLINE_NETWORK_1 eq www access-list outside_access_in remark ssh from outside to web1 access-list outside_access_in extended permit tcp any host XX.XX.XX.11 object-group ssh_2251 access-list outside_access_in remark ssh from outside to penguin access-list outside_access_in extended permit tcp any host XX.XX.XX.10 object-group ssh_2229 access-list outside_access_in remark http from outside to penguin access-list outside_access_in extended permit tcp any host XX.XX.XX.10 object-group http_8029 access-list outside_access_in remark ssh from outside to internal hosts access-list outside_access_in extended permit tcp any host XX.XX.XX.13 object-group DM_INLINE_TCP_1 access-list outside_access_in remark dns service to internal host access-list outside_access_in extended permit object-group TCPUDP any host XX.XX.XX.13 eq domain access-list dmz_access_in extended permit ip 192.168.10.0 255.255.255.0 any access-list dmz_access_in extended permit tcp any host 192.168.10.29 object-group DM_INLINE_TCP_2 access-list public_access_in remark Web access to DMZ websites access-list public_access_in extended permit object-group TCPUDP any object-group DM_INLINE_NETWORK_2 eq www access-list public_access_in remark General web access. (HTTP, DNS & ICMP and Email) access-list public_access_in extended permit object-group public_wifi_group any any pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu public 1500 mtu dmz 1500 mtu inside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 60 global (outside) 1 interface global (dmz) 2 interface nat (public) 1 0.0.0.0 0.0.0.0 nat (dmz) 1 0.0.0.0 0.0.0.0 nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface 2229 192.168.0.29 2229 netmask 255.255.255.255 static (inside,outside) tcp interface 8029 192.168.0.29 www netmask 255.255.255.255 static (dmz,outside) XX.XX.XX.13 192.168.10.10 netmask 255.255.255.255 dns static (dmz,outside) XX.XX.XX.11 192.168.10.30 netmask 255.255.255.255 dns static (dmz,inside) 192.168.0.29 192.168.10.29 netmask 255.255.255.255 static (dmz,public) 192.168.20.30 192.168.10.30 netmask 255.255.255.255 dns static (dmz,public) 192.168.20.10 192.168.10.10 netmask 255.255.255.255 dns static (inside,dmz) 192.168.10.0 192.168.0.0 netmask 255.255.255.0 dns access-group outside_access_in in interface outside access-group public_access_in in interface public access-group dmz_access_in in interface dmz route outside 0.0.0.0 0.0.0.0 XX.XX.XX.9 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 telnet timeout 5 ssh 192.168.0.0 255.255.255.0 inside ssh timeout 20 console timeout 0 dhcpd dns 61.122.112.97 61.122.112.1 dhcpd auto_config outside ! dhcpd address 192.168.20.200-192.168.20.254 public dhcpd enable public ! dhcpd address 192.168.0.200-192.168.0.254 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics host threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 130.54.208.201 source public webvpn ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp !

    Read the article

  • netsnmp - how to register string?

    - by user1495181
    I use net-snmp. I try to add my own mibs (no need in handler, just a MIB that i can get and set by snmp call), so i followed the scalar example. In order to add my own mibs i defined them in the mib file and create an agent extension.(see below). It work, so i have now an integer MIB. Now i want to add string mib, so i define the MIB , but i dont find a register API for string, like i have for the int - netsnmp_register_int_instance. I look in the includes file , but dosnt found matching one. agent: #include <net-snmp/net-snmp-config.h> #include <net-snmp/net-snmp-includes.h> #include <net-snmp/agent/net-snmp-agent-includes.h> #include "monitor.h" static int int_init = 0; /* default value */ void init_monitor(void) { oid open_connections_count_oid[] = { 1, 3, 6, 1, 4, 1, 8075, 1, 0 }; netsnmp_register_int_instance("open_connections_count", open_connections_count_oid, OID_LENGTH(open_connections_count_oid), &int_init, NULL); }

    Read the article

  • Apache mod_auth_kerb asking 2 authentication

    - by Rianto Wahyudi
    I've configured Apache to use mod_auth_kerberos. So far everything is working nicely for client thats connected to Active Directory and have their browser to ntlm enabled. When clients are not in the domain or the browser configurerd not to authenticate automatically, they are being prompted by 2 login prompt. The first login prompt is blank and the second one is the oen that we configured First Login prompt: http://www.screencast.com/t/ZGNlZTQwZm Second Login prompt : http://www.screencast.com/t/MDA2N2Fl From the log ( first authentication) : [Wed Jan 06 15:47:29 2010] [debug] src/mod_auth_kerb.c(1684): [client x.x.x.x] [pid 2562] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos In the first loging prompt , I can put any text for username and password. Once the first login form submited, it will ask for the 2nd login prompt. Apache have following config : <Directory /web/apache2/htdocs> AllowOverride All AuthType Kerberos AuthName "Staff Access ONLY Kerb-Auth" KrbAuthRealms EXAMPLE.COM Krb5Keytab /etc/httpd/conf.d/example.ktab Allow from localhost Require valid-user <Directory> What could be the cause of the first authentication and how can I get rid of them ?

    Read the article

  • SpamAssassin bayesian score discrepancies

    - by CaptSaltyJack
    This makes my brain hurt. For some reason, SpamAssassin is giving high scores to certain emails, but when I test them on the command line, they get a low score. This one particular email has this in the header: X-Spam-Flag: YES X-Spam-Score: 8.521 X-Spam-Level: ******** X-Spam-Status: Yes, score=8.521 tagged_above=-9999 required=5 tests=[BAYES_99=3.5, BAYES_999=0.2, HTML_MESSAGE=0.001, NO_RECEIVED=-0.001, NO_RELAYS=-0.001, RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886, RAZOR2_CHECK=0.922, URIBL_RHS_DOB=1.514] autolearn=no Yet when I dump the raw email into a file msg and run sudo su amavis -c 'spamassassin -t msg', I get this output: Content analysis details: (3.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread) [URIs: cliobeads.com] -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% [score: 0.1855] 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) I'm really confused as to why when the email comes in, it gets a completely different score attached to it than when I run spamassassin -t. Is there some other way I should be testing emails? Also, my users have the ability to drag false positives into a folder called "False Positives," and every day a cron job fires off that runs this on every message in every user's folder: sa-learn --dbpath=/var/lib/amavis/.spamassassin --ham /tmp/*-*.eml >/dev/null I ran sudo locate bayes_toks and there's definitely only one bayes DB on the system, in /var/lib/amavis/.spamassassin. I'm clueless, any help would be great and may help restore my sanity!

    Read the article

  • trying to allow domain admins access in apache

    - by sharif
    I am trying to authenticate domain admins through apache and it is not working. Error i get is as follows [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(1432): [client 172.16.0.85] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(915): [client 172.16.0.85] Using HTTP/[email protected] as server principal for password verification [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(655): [client 172.16.0.85] Trying to get TGT for user [email protected] [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(569): [client 172.16.0.85] Trying to verify authenticity of KDC using principal HTTP/[email protected] [Mon Sep 24 14:54:45 2012] [debug] src/mod_auth_kerb.c(994): [client 172.16.0.85] kerb_authenticate_user_krb5pwd ret=0 [email protected] authtype=Basic [Mon Sep 24 14:54:45 2012] [debug] mod_authnz_ldap.c(561): [client 172.16.0.85] ldap authorize: Creating LDAP req structure [Mon Sep 24 14:54:45 2012] [debug] mod_authnz_ldap.c(573): [client 172.16.0.85] auth_ldap authorise: User DN not found, LDAP: ldap_simple_bind_s() failed Below is what I have in my httpd file Alias /compass "/data/intranet/html/compass" <Directory "/data/intranet/html/compass"> AuthType Kerberos AuthName KerberosLogin KrbServiceName HTTP/intranet.xxx.com KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms xxx.COM Krb5KeyTab /etc/httpd/conf/intranet.keytab # require valid-user # Options Indexes MultiViews FollowSymLinks # AllowOverride All # Order allow,deny # Allow from all # SetOutputFilter DEFLATE # taken from http://blogs.freebsdish.org/tmclaugh/2010/07/15/mod_auth_kerb-ad-and-ldap-authorization/ # download extra module and install # Strip the kerberos realm from the principle. # MapUsernameRule (.*)@(.*) "$1" AuthLDAPURL "ldap://echo.uk.xxx.com akhutan.usa.xxx.com/dc=xxx,dc=com?sAMAccountName" AuthLDAPBindDN cn=Administrator,ou=Users,dc=xxx,dc=com AuthLDAPBindPassword *** Require ldap-group cn=Domain Admins,ou=Users,dc=xxx,dc=com </Directory> I have followed this guide. I have download and install the tarball. when I try to uncomment MapUsernameRule i get failed error when restarting apache Reloading httpd: not reloading due to configuration syntax error I am using centos 5 64bit. I have added the following line but i still get syntax error LoadModule mod_map_user modules/mod_map_user.so

    Read the article

  • sendmail relay status

    - by Andy
    Hello all, I have a RHEL3 server with sendmail configured to relay mail to: # "Smart" relay host (may be null) DSmailrelay This relay server is an exchange server not administered by me. A few days ago its IP address was changed without my knowledge so I've updated the correct ip in /etc/hosts for the mail relay entry. Unfortunately no mail is currently going through and maillog reports: Oct 26 14:32:39 fsimag sendmail[12580]: n9Q3VxPA012580: from=root, size=3685, class=0, nrcpts=1, msgid=<~R.*.2009102614315955@*>, relay=root@localhost Oct 26 14:32:39 fsimag sendmail[12580]: n9Q3VxPA012580: to=wodwest@*.net, delay=00:00:40, mailer=esmtp, pri=33685, dsn=4.4.3, stat=queued Oct 26 14:36:09 fsimag sendmail[13670]: n9Q3ZTcf013670: from=root, size=5831, class=0, nrcpts=1, msgid=<~R.medicus.2009102614352914@*>, relay=root@localhost Oct 26 14:36:09 fsimag sendmail[13670]: n9Q3ZTcf013670: to=tsgastro@(.net, delay=00:00:40, mailer=esmtp, pri=35831, dsn=4.4.3, stat=queued Oct 26 14:36:50 fsimag sendmail[13882]: n9Q3aAxj013882: from=root, size=5830, class=0, nrcpts=1, msgid=<~C.medicus.2009102614361009@*>, relay=root@localhost Oct 26 14:36:50 fsimag sendmail[13882]: n9Q3aAxj013882: to=elmwood@*.net, delay=00:00:40, mailer=esmtp, pri=35830, dsn=4.4.3, stat=queued (With domains obscured) The mailq command shows nothing, and I've also tried connecting to this new mail server via telnet and manually sending and reports as being queued but not sent. The administrator of this machine has put it back to me saying he sees no problems, and I just want to cover everything before passing it back to him. Is there any other tests/logs/reasons for sendmail to only report it as "stat=queued" ? I've looked in previous logs and the relay is set to root@localhost in those but none were ever set to queued. Thanks for any help, Andy

    Read the article

  • Sporadic crash of master-slave MySQL replication process

    - by obarshay
    Hello, I was wondering if someone has experienced this and can perhaps provide some insight into this issue. We have a plan-vanilla MySQL master-slave replication set up. The tables are MyISAM and the master can get quite read/write active. We use the slave instance to perform full daily backups in order to avoid bringing down the master server. The backup process does the following: STOP SLAVE SQL_THREAD mysqlhotcopy all tables START SLAVE SQL_THREAD Every once in a while (once a month or so) the replication breaks with varying error messages indicating a corrupt query or log file. Here's one that happened last night: mysql> show slave status \G *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: server8.propreports.com Master_User: nexus8 Master_Port: 3306 Connect_Retry: 60 Master_Log_File: bin.000045 Read_Master_Log_Pos: 581644327 Relay_Log_File: relay.000086 Relay_Log_Pos: 94131 Relay_Master_Log_File: bin.000045 Slave_IO_Running: Yes Slave_SQL_Running: No Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 1064 Last_Error: Error 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '138070603'£' at line 1' on query. Default database: 'wtsdb'. Query: 'UPDATE fill SET clearing_fee='0.0E id='138070603'£' Skip_Counter: 0 Exec_Master_Log_Pos: 4164743 Relay_Log_Space: 577574251 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: NULL I follow the following procedure to recover from above error and resume replication: stop slave; change master to MASTER_LOG_POS = 4164743, MASTER_LOG_FILE = 'bin.000045'; start slave; We have multiple servers set up this way and they all sporadically stop replicating with a similar error. Any advice on how to resolve this would be greatly appreciated.

    Read the article

  • Why does this batch script terminate unexpectedly?

    - by neurolysis
    This batch script terminates when %CHECKCONTINUE% is given a null value by not inputting anything on line 13 (SET /p CHECKCONTINUE=Okay to continue? (y/n):), why is this? @ECHO OFF SETLOCAL TITLE Registry restore script REM Restores registry settings and disables the cloud SET %CHECKCONTINUE%= :listaction ECHO I'm about to... ECHO 1.) Remove the registry data that specifies settings for TF2 ECHO 2.) Forcibly disable Steam Cloud. ECHO. SET /p CHECKCONTINUE=Okay to continue? (y/n): REM No? IF %CHECKCONTINUE%==n GOTO exit IF %CHECKCONTINUE%==no GOTO exit REM Yes? IF %CHECKCONTINUE%==y GOTO start IF %CHECKCONTINUE%==yes GOTO start REM Did they put something else? IF DEFINED %CHECKCONTINUE% GOTO loop-notvalid REM Did they not put anything at all? IF NOT DEFINED %CHECKCONTINUE% GOTO loop-noreply :start REM Delete application specific data REG DELETE HKEY_CURRENT_USER\Software\Valve\Source\tf\Settings /f REG DELETE HKEY_CURRENT_USER\Software\Valve\Steam\Apps\440 /f REM Disable Steam Cloud for TF2 REG ADD HKEY_CURRENT_USER\Software\Valve\Steam\Apps\440 /v Cloud /t REG_DWORD /d "0x0" /f :exit ENDLOCAL EXIT :loop-notvalid ECHO. ECHO That's not a valid reply. Try again. ECHO. SET %CHECKCONTINUE%= GOTO listaction :loop-noreply ECHO. ECHO You must enter a reply. ECHO. SET %CHECKCONTINUE%= GOTO listaction

    Read the article

  • Increasing Java's heapspace in Tomcat startup script

    - by Ankur
    I want to increase my heap size when using Tomcat. I was told to add this line export CATALINA_OPTS=-Xms16m -Xmx256m; In to the startup.sh script - I did so (at the beginning) but got the error export: 24: -Xmx256m: bad variable name Where am I supposed to add it, am I doing something else wrong? <b>export CATALINA_OPTS=-Xms16m -Xmx256m;</b> # Better OS/400 detection: see Bugzilla 31132 os400=false darwin=false case "`uname`" in CYGWIN*) cygwin=true;; OS400*) os400=true;; Darwin*) darwin=true;; esac # resolve links - $0 may be a softlink PRG="$0" while [ -h "$PRG" ] ; do ls=`ls -ld "$PRG"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '/.*' > /dev/null; then PRG="$link" else PRG=`dirname "$PRG"`/"$link" fi done PRGDIR=`dirname "$PRG"` EXECUTABLE=catalina.sh # Check that target executable exists if $os400; then # -x will Only work on the os400 if the files are: # 1. owned by the user # 2. owned by the PRIMARY group of the user # this will not work if the user belongs in secondary groups eval else if [ ! -x "$PRGDIR"/"$EXECUTABLE" ]; then echo "Cannot find $PRGDIR/$EXECUTABLE" echo "This file is needed to run this program" exit 1 fi fi exec "$PRGDIR"/"$EXECUTABLE" start "$@"

    Read the article

  • How to set up a serial connection to a Windows 7 computer

    - by oli_arborum
    I need to set up a "dial in" connection to a Windows 7 (Ultimate) computer via a serial null-modem cable to be able to connect from a Windows XP client to that computer and exchange data over IP. Question 1: How do I do that? I did neither find the information via Google nor in the MSDN. Seems like no one tried ever before... ;-) I already managed to install a legacy modem device called "Communications cable between two computers" and found the menu entry "New Incoming Connection..." in Network and Internet Network Connections. When I finish this wizard I get the message that the "Routing and Remote Access service" cannot be started. In the event viewer I see the following error messages: "The currently configured authentication provider failed to load and initialize successfully. The requested name is valid, but no data of the requested type was found." (Source: RemoteAccess, EventID: 20152) "The Routing and Remote Access service terminated with service-specific error The requested name is valid, but no data of the requested type was found." (Source: Service Control Manager, EventID: 7024) The Windows 7 installation is "naked", i.e. no additional software or services are installed. Question 2: Am I on the right path to set up the connection? Question 3: How can I get the Routing and Remote Access service running?

    Read the article

  • Which ports are needed for NTLM (Windows Authentication) to connect to SQL Server?

    - by Adam Bellaire
    I've got SQL server running on a machine which is not in a domain, and which is not operating in mixed mode (it's running with "Windows Authentication"). I'm trying to connect to it from a Linux web server running freetds via TCP/IP, using NTLM to authenticate. The firewall on the SQL server is very restrictive. 1433 is open to my web server, but I'm getting conflicting information from the web on what additional ports (TCP/UDP) are needed for NTLM to succeed. It is currently fail; I can talk on 1433 to request NTLM, but the actual authentication always fails. One source says 137, 138, 139, but those are just the NetBIOS ports. Do I really need those? Another source says 135. Still others seem to say 1434... I can't make heads or tails of it. Dammit Jim, I'm a programmer, not a network administrator! EDIT: The exact error message: Msg 18452, Level 14, State 1, Server , Line 0 Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. Msg 20002, Level 9, State -1, Server OpenClient, Line -1 Adaptive Server connection failed I am attempting to connect with a remote machine username, i.e. 'servername\username'. Some sources recommend that I set up mirrored accounts on the local and remote machines, but the local machine is running Linux, not IIS under Windows.

    Read the article

  • Java issues with Apache 2.0 Agent 2.202 for RHEL5 Linux 64bit

    - by Richard
    In trying to install Apache 2.0 Agent 2.202 for RHEL5 Linux 64bit, the dialogue appears as follows. $ ./setup Error : java is not present in path. Please enter JAVAHOME path to pick up java:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/ Launching installer... Attach to native process failed $ ./setup Error : java is not present in path. Please enter JAVAHOME path to pick up java:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib ./setup: line 80: [: 107:: integer expression expected ./setup: line 83: [: 107:: integer expression expected Error : Incorrect java version (1.2.2 or above is needed). Please enter JAVAHOME path to pick up java: On the server we have the following JREs and I've tried both. $ sudo rpm -qa | egrep "(openjdk|icedtea)" java-1.6.0-openjdk-1.6.0.0-1.27.1.10.8.el5_8 $ find 2>/dev/null | grep -i '/jre/' ./usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre/bin/ ... ./usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/ Any suggestions? I know I'm overlooking something. In previous searches I've only found one other posting that comes close but it has no responses (http://forum.parallels.com/showthread.php?t=76556).

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 654 655 656 657 658 659 660 661 662 663 664 665  | Next Page >