Search Results

Search found 4946 results on 198 pages for 'proper benchmarking'.

Page 137/198 | < Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >

• configure a Cisco ASA to use MS-CHAP v2 for RADIUS authentication

  - by DrStalker

  Cisco ASA5505 8.2(2) Windows 2003 AD server We want to configure our ASA (10.1.1.1) to authenticate remote VPN users through RADIUS on the Windows AD controller (10.1.1.200) We have the following entry on the ASA: aaa-server SYSCON-RADIUS protocol radius aaa-server SYSCON-RADIUS (inside) host 10.1.1.200 key ***** radius-common-pw ***** When I test a login using the account COMPANY\username I see the users credentials are correct in the security log, but I get the following in the windows system logs: User COMPANY\myusername was denied access. Fully-Qualified-User-Name = company.com/CorpUsers/AU/My Name NAS-IP-Address = 10.1.1.1 NAS-Identifier = <not present> Called-Station-Identifier = <not present> Calling-Station-Identifier = <not present> Client-Friendly-Name = ASA5510 Client-IP-Address = 10.1.1.1 NAS-Port-Type = Virtual NAS-Port = 7 Proxy-Policy-Name = Use Windows authentication for all users Authentication-Provider = Windows Authentication-Server = <undetermined> Policy-Name = VPN Authentication Authentication-Type = PAP EAP-Type = <undetermined> Reason-Code = 66 Reason = The user attempted to use an authentication method that is not enabled on the matching remote access policy. My assumption is that the ASA is using PAP authentication, instead of MS-CHAP v2; the credentials are confirmed, the proper Remote Access Policy is being used, but this policy is set to only allow MS-CHAP2. What do we need to do on the ASA to make it us MS-CHAP v2? In the ADSM GUI The "Microsoft CHAP v2 compatible" tickbox is enabled, but I don't know what this corresponds to in the config.

  Read the article

• Setting up Tomcat6 properly in Ubuntu 10.04

  - by aasukisuki

  We have a Tomcat6 instance running on Ubuntu 10.04LTS. Our test box was just a Windows machine running Tomcat6. Both machines (Linux and Windows) have 1GB of ram. Via the Tomcat configuration tool in windows, I was able to set the min/max/permgen sizes of the JVM. Those were set to 256/512/128 respectively. Now on the Ubuntu box, I've tried setting the JVM options in several different places including: Adding JAVA_OPTS & CATALINA_OPTS in /etc/environment Adding JAVA_OPTS in $CATALINA_HOME/bin/catalina.sh Creating setenv.sh and adding JAVA_OPTS in $CATALINA_HOME/bin Adding JAVA_OPTS directly to /etc/init.d/tomcat6 Un-commenting the JAVA_OPTS and modifying it in /etc/default/tomcat6 Nearly all of those methods did not work, except for modifying /etc/init.d/tomcat6 directly (and possibly the /etc/default/tomcat6 change, but I just did that). However, my understanding is that when you change these settings, only one JVM should be used for the entire tomcat6 instance, and that memory is shared among the applications. On our windows box, tomcat6 is run as a service, and appears to behave this way. However, when I look at htop on the linux box, there are 20+ tomcat6 instances (I have an app that triggers internal jobs every X seconds using chron, so maybe these are threads? Or are they actual instances) all with those memory settings. The app runs fine for a bit, but eventually ends up locking up. I'm guessing each of these apps thinks it has 512m to work with and never GC's and then locks tomcat up completely. What is the proper way to set all of this up?

  Read the article

• Postfix Send Error: Must Issue STARTTLS command

  - by Mary Elizabeth

  Running Ubuntu 12.04 and trying to configure postfix to relay send and receive through GMAIL. Am running into connection issues particularly with TLS. Have tried a bunch of troubleshooting solutions and have changed my main.cf to address TLS but still receive the below errors. Tried debugging connection issues with: `root@mailservice:/etc/postfix# openssl s_client -connect localhost:587 -starttls smtp` and I recveive these errors `connect: Connection refused' 'connect:errno=111` in my logs I see: Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: cannot get RSA certificate from file /etc/postfix/cert.pem: disabling TLS support Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: TLS library problem: 3765:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: TRUSTED CERTIFICATE: Jun 11 13:54:31 mailservice postfix/smtp[3765]: warning: TLS library problem: 3765:error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:729: Jun 11 13:54:31 mailservice postfix/smtp[3765]: 9986B6846A: to= <[email protected]>, relay=smtp.gmail.com[173.194.77.109]:587, delay=0.15, delays=0.02/0.02/0.09/0.02, dsn=5.7.0, status=bounced (host smtp.gmail.com[173.194.77.109] said: 530 5.7.0 Must issue a STARTTLS command first. hd9sm12170509obc.6 (in reply to MAIL FROM command)) The contents of my main.cf (pertaining to TLS) look like this: #TLS Parameters smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache #TLS Settings smtp_use_tls = yes smtp_tls_security_level = may smtp_tls_loglevel = 1 smtp_enforce_tls = yes smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_cert_file = /etc/postfix/cert.pem smtp_tls_key_file = $smtp_tls_cert_file smtp_tls_session_cache_dataabase = btree:/var/run/smtp_tls_session_cache smtp_tls_note_starttls_offer = yes smtpd_use_tls = yes smtpd_tls_security)level = may smtpd_tls_auth_only = no smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_key_file = /etc/postfix/key.pem smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom As far as I can tell everything is in order for a proper TLS Connection, and I am unsure what would need to change in main.cf or elsewhere for mail to send.

  Read the article

• Installing ikiwiki on nginx - fastcgi/fcgi wrapper

  - by meder

  My ultimate goal is to setup ikiwiki, my current goal is to get a fcgi wrapper working for nginx, so I can move on to the next step... The ikiwiki page points out this page as an example for a fcgi wrapper: http://technotes.1000lines.net/?p=23 So far I've installed the ikiwiki and libfcgi-perl modules through aptitude: aptitude install libfcgi-perl aptitude install ikiwiki It installed those packages as well as some minimal dependency packages. So the next step following the guide at technotes, I grabbed http://technotes.1000lines.net/fastcgi-wrapper.pl but I'm not sure where to actually place this file... do I run it as a service? The script makes a socket file in /var/run/nginx but that directory does not exist.. do I manually create it? So in addition to the .pl file for the cgi wrapper, I need to also define a separate cgi file for parameters. If my conf looks like this... server { listen 80; server_name notes.domain.org; access_log /www/notes/public_html/notes.domain.org/log/access.log; error_log /www/notes/public_html/notes.domain.org/log/error.log; location / { root /www/notes/public_html/notes.domain.org/public/; index index.html; } } And I don't have a cgi-bin directory, where exactly should I create it within my structure, and regarding that I'd obviously have to update the below before I include it in my conf, but I'm just not exactly sure how this would work out. # /cgi-bin configuration location ~ ^/cgi-bin/.*\.cgi$ { gzip off; fastcgi_pass unix:/var/run/nginx/perl_cgi-dispatch.sock; [1]* fastcgi_param SCRIPT_FILENAME /www/blah.com$fastcgi_script_name; [2]* include fastcgi_params; [3]* } Also since the user is www-data and /var/run is root owned, what's the proper way of giving it access? Any tips appreciated.

  Read the article

• Windows 7 Folder Redirection (GPO)

  - by Kev

  Hi - I have been fighting this issue for a day or two now, so I am looking for some insight. I am taking over admin duties in a domain of 800 users, and the previous admins really did not employ much of any GPO settings for the clients of the Domain. In each site, there is a location on the file server where "Home" folders were manually created. EX: \server\home\enduser Whenever a user got a machine, the admin would manually right-click on the "My Documents" folder and manually enter the path to the home folder. We are planning to start putting Windows 7 machines on the Network, and I am wanting to automate as much as I can, everything that was not done in the past. Since everyone has exising "Home" folders I have been fighting and trying to get Folder Redirection to work with a new Windows 7 machine (In a Test OU). I am getting all kinds of errors and I can't get the Windows 7 "Documents" folder to redirect to the users EXISTING home folders. As I stated earlier, all of the Home folders were (and still are) manually created on the File Server and are set with the following Security permissions - Domain Admins - Full Control euser (end user) - Modify (Everything but Full) Can someone point me in the right direction on the proper setting to put in the Folder Redirection GPO to get this to work with the Existing Home folders. I can't seem to make it work but I will keep trying. Thanks In Advance !

  Read the article

• XRDP errors when trying to use sesman-x11rdp

  - by Nicholas

  I've just installed Ubuntu 11.10 Desktop on an old laptop of mine and I wanted to set it up so I could remote into it from my windows desktop. I've installed XRDP, but when I attempt to login using sesman-x11rdp it logs in, then the window shuts down. I've checked over the logs and here is what I get at the time of login: [20120123-16:49:23] [INFO ] scp thread on sck 8 started successfully [20120123-16:49:23] [INFO ] granted TS access to user nicholas [20120123-16:49:24] [INFO ] starting X11rdp session... [20120123-16:49:24] [CORE ] error starting X server - user nicholas - pid 3869 [20120123-16:49:24] [DEBUG] errno: 2, description: No such file or directory [20120123-16:49:24] [DEBUG] execve parameter list: 11 [20120123-16:49:24] [DEBUG] argv[0] = X11rdp [20120123-16:49:24] [DEBUG] argv[1] = :11 [20120123-16:49:24] [DEBUG] argv[2] = -geometry [20120123-16:49:24] [DEBUG] argv[3] = 1280x720 [20120123-16:49:24] [DEBUG] argv[4] = -depth [20120123-16:49:24] [DEBUG] argv[5] = 16 [20120123-16:49:24] [DEBUG] argv[6] = -bs [20120123-16:49:24] [DEBUG] argv[7] = -ac [20120123-16:49:24] [DEBUG] argv[8] = -nolisten [20120123-16:49:24] [DEBUG] argv[9] = tcp [20120123-16:49:25] [DEBUG] argv[10] = (null) [20120123-16:49:34] [ERROR] X server for display 11 startup timeout [20120123-16:49:34] [ERROR] X server for display 11 startup timeout [20120123-16:49:34] [INFO ] starting xrdp-sessvc - xpid=3869 - wmpid=3868 [20120123-16:49:34] [ERROR] another Xserver is already active on display 11 [20120123-16:49:34] [DEBUG] aborting connection... [20120123-16:49:34] [INFO ] session 3867 - user nicholas - terminated Can anyone point me to the proper way to get this working with x11rdp?

  Read the article

• Installing PHP 5.2.17 Dependencies on Centos 5

  - by user1114330

  I have followed the wget method here hoping it was my solution: Howto install php 5.2.17 on centos 6 x86_64 However I get the following error when trying to install: # rpm -ivh php-5.2.17-1.x86_64.rpm error: Failed dependencies: libaspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 libcrypto.so.6()(64bit) is needed by php-5.2.17-1.x86_64 libcurl.so.3()(64bit) is needed by php-5.2.17-1.x86_64 libpspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 libssl.so.6()(64bit) is needed by php-5.2.17-1.x86_64 php-cli = 5.2.17-1 is needed by php-5.2.17-1.x86_64 Would be awesome if someone could help. UPDATE: I have now installed an instance of CentOS 5 and am attempting to install php 5.2.17 yet again...anyone know the best way to deal with the following dependencies: libaspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 libgmp.so.3()(64bit) is needed by php-5.2.17-1.x86_64 libpspell.so.15()(64bit) is needed by php-5.2.17-1.x86_64 php-cli = 5.2.17-1 is needed by php-5.2.17-1.x86_64 php-common = 5.2.17-1 is needed by php-5.2.17-1.x86_64 Wondering what libgmp, libaspell, php-cli and php-common are and where to get the proper versions for php 5.2.17. Any help is most appreciated. Thank you!

  Read the article

• Disable raid member check upon mount to mount damaged nvidia raid1 member

  - by Halfgaar

  Hi, A friend of mine destroyed his Nvidia RAID1 array somehow and in trying to fix it, he ended up with a non-working array. Because of the RAID metadata, the actual disk data was stored at an offset from the beginning. I was able to identify this offset with dd and a hexeditor and then I used losetup to create a loop device with the proper offset, so that I could mount the partition. It was then that I ran into problems, namely that mount says: "mount: unknown filesystem type 'nvidia_raid_member'". I also had this when trying to mount a Linux MD component the other day, and because I can remember that doing that in the past worked, I surmised that it may be some kind of protection. I therefore booted an old Sysrescue CD and tried it there, which worked (because of the older version of mount/libc/kernel/whatever). I still need to try to get more data, and because I don't want to keep using that SysrecueCD, I'd like to be able to mount the disk on my normal system. So, my question is: can the check for a disk being a raid member be disabled? I guess I could also zero out blocks that look like the raid block, but I'd rather not... I made an image of the disk with par2 data, so it's revertable, but still...

  Read the article

• IIS6 Wildcard Mapping to ASP.NET - no file extension results in IIS 404

  - by Ian Robinson

  I'm trying to perform what I understand to be a relatively simple task. I'd like to remove the extensions from the URLs on my website. I have the proper set up in my application to handle and rewrite the URLs - the trouble is I can't get past IIS to actually get to my application without the extensions. The details: I'm running IIS6 on Windows Server 2003. I've gone into the web site for my application, gone to the home directory tab, clicked "Configuration" and added a wildcard map to the following file: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll Which I verified is the same as what is used above in the application extensions portion by .ascx, etc. If I navigate to http://mywebsite.com/Blogs the result is as follows: HTTP/1.1 404 Not Found Content-Length: 1635 Content-Type: text/html Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Thu, 14 Jan 2010 15:04:49 GMT Which seems to be a standard IIS 404 message. If I navigate to http://mywebsite.com/Blogs.aspx I get my ASP.NET app.... How can I troubleshoot this? I feel like I've double checked everything a dozen times but to no avail. I must be missing something obvious. Update: Here are the exact instructions given by the asp.net url rewriter that I'm using: IIS 6.0 - Windows 2003 Server open property page for website / virtual directory. click the 'home directory' tab click the 'configuration' button, select the 'mappings' tab click 'insert' next to the 'Wildcard application maps' section browse to the aspnet_isapi.dll (normally at c:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll) Ensure that 'check that file exists' is unchecked Click OK, OK, OK to close and apply changes Update 2: I have yet to find a resolution for this. The application does not seem to be receiving the request from IIS, any further ideas?

  Read the article

• Crazy problem with Nginx, PHP5-FPM on Ubuntu

  - by Emmanuel

  I've been trying to get a domain from shared hosting to my new VPS. Everything was working just 100% fine, and then all of a sudden rewrites stopped working, pictures that should work started returning 404s. I've got no idea why, but for some reason on my site: http://www.onlythebible.com/ only the home page works, all the other pages depend on rewrites which were working perfectly fine at one stage, but all of a sudden stopped working. Some of the pictures like this url: http://www.onlythebible.com/bgsPreview/Matthew-8.10.jpg which doesn't use a rewrite throws a 404? I almost certain it was nothing to do with the nginx configuration. I've got suspicions that it could be something to do with php5-fpm? The funny thing is, all of a sudden it started working again. And then an hour or so later it broke again and has now gone back to only displaying the home-page and all of the links (and some of the pictures) are just showing 404s. Does anyone have an idea of what the problem might be? I'm pretty new to the whole Linux VPS thing, but this just seems very strange. *edit Here's a line from the error log which might shed some light on the problem: 2011/02/06 03:04:59 [error] 2873#0: *220 open() "/usr/local/nginx/html/bgsPreview/Matthew-8.10.jpg" failed (2: No such file or directory), client: 114.77.115.211, server: onlythebible.com, request: "GET /bgsPreview/Matthew-8.10.jpg HTTP/1.1", host: "www.onlythebible.com", referrer: "http://www.onlythebible.com/" I wonder why it's trying to find the file in /usr/local/nginx/html instead of the proper root which is /var/www/ etc... Oh, and for some reason it's just started working again... for how long I don't know. Another thing that was a bit weird, is that the pages on my website are pulled from a database. But when I edited the database, the pages didn't change... It's almost like they've been cached or something.

  Read the article

• What's the right way to start a node.js service?

  - by elliot42

  I'm running a node.js service (statsd) on CentOS 6. What's the proper way to daemonize and start such a service? Potential Daemonizers--are daemonizers supposed to be language-specific or general?: forever (node-specific) daemonize nohup (presumably wrong) start-stop-daemon(debian-only? is this for daemonizing or starting/stopping? what is the Centos equivalent?) Should the app itself really know how to daemonize itself and then have a -d flag? (e.g. via node-daemonize2 or forever-monitor?) Service starters--should these be from the system/distro, or should they be from monitoring tools such as monit?: service? is really /etc/init.d on CentOS? service? is really Upstart on Ubuntu? monit? daemontools? runit? I'm unfortunately new to this--where can I read up on what is the most standard, classic, reliable way of doing this?

  Read the article

• backupexec 12.5 not following symlinks on linux agent

  - by Peter Carrero

  Ok, we are at a loss here trying to backup a linux box to a backupexec server... we got a backupexec 12.5 server and a "backupexec for windows servers linux agent" (sigh) running on one of our linux boxes. When a backup runs, we get exceptions reported for our symbolic links. it says something like: BACKUP- \\<servername>\[ROOT] File \\<servername>\[ROOT]/<foldername>/<symlink> is in the backup selection list but was not found. Looking at the selection list, the symlink shows as a 1k file on BUE. Tools-Options-Backup has Backup files and directories by following symbolic links/junction points selected. These same checkboxes are selected on the Job Setup-Job Properties-Edit Template-Advanced Additionally, all the checkboxes are checkeced on Tools-Options-Linux, Unix, and Macintosh and on the Job Set-Job Properties-Edit Template-Linux, Unix, and Macintosh. These checkboxes read: "Preserve change time", "Follow local mount points", "Follow remote mount points", "Backup contents of soft-linked directories" and "Lock remote files", but apparently changing those options produce the same result. Any help on how to get BUE to make a proper backup would be greatly appreciated. Thanks.

  Read the article

• IBM HS23 Blade Server (7875) onboard NIC driver for linux

  - by Igor Spivak

  I work with IBM HS23 Blade Server (7875). It's onboard NIC adapter is: Emulex OCl11104-F-X Virtual Fabric Adapter 2-port 10GB and 2-port 1GB LOM . I'm tryed to the following Linux OS with the server: 2.6.32-22-generic-pae #36-Ubuntu SMP. and discovered my OS has not proper Network drive installed (for the NIC adapter described above). After investigation I made, I discovered that the driver I need is "be2net" placed in "net" directory of the linux under the folder "be2net". I managed to download this driver with the latest package for my kernel. Driver info ("modinfo be2net" result) is as follows: --------------------------------------------------------------------------------------- filename: /lib/modules/2.6.32-22-generic-pae/kernel/drivers/net/benet/be2net.ko license: GPL author: ServerEngines Corporation description: ServerEngines BladeEngine2 10Gbps NICDriver 2.101.205 version: 2.101.205 srcversion: 199ADD251CB874C3727CC47 alias: pci:v000019A2d00000710sv*sd*bc*sc*i* alias: pci:v000019A2d00000701sv*sd*bc*sc*i* alias: pci:v000019A2d00000700sv*sd*bc*sc*i* alias: pci:v000019A2d00000221sv*sd*bc*sc*i* alias: pci:v000019A2d00000211sv*sd*bc*sc*i* depends: vermagic: 2.6.32-22-generic-pae SMP mod_unload modversions 586TSC parm: rx_frag_size:Size of a fragment that holds rcvd data. (uint) --------------------------------------------------------------------------------------- After starting linux, I get the following error: be2net 0000:16:00.x: Emulex OneConnect 10Gbps NIC (be3) initilization failed. I checked the same server with another Linux version (Red-Had 5.5.1.0) and the NICs worked properly, so seems there is no problem in HW. Also, on IBM or Emulex offical sites I managed to find drivers only for Red-Had and SUSE versions.

  Read the article

• Setting up SQL Server 2005 to use all available memory in 32bit Windows Server 2003 - and verifying

  - by Rizwan Kassim

  There are a number of questions along this line - but they either sometimes contradict each other, or don't show how to properly verify that everything is actually working - hopefully this can be comprehensive... I'm running SQL Server 2005 SP3 Standard on Windows Server 2003 R2 Standard. My server has 8GB of memory installed - my system is almost entirely used as a Database Server - there are some services running on them, but the OS + services can run within 1Gb of RAM. What I've done (please tell me if I'm doing something wrong): /3GB in the boot.ini. (To increase the amount of user-space memory available - info) /PAE in the boot.ini. (Windows claimed to be doing PAE even without this switch, somethow.) Enabled AWE in SQL Server. Enabled Lock Pages in Memory Option for users SYSTEM and Local Service. (info). SQL Server Standard doesn't seem to use this until Cumulative Update 4, which isn't installed on my server. (info) Set Min/Max Memory to : 1024Mb/5112Mb After doing all the above, we definately saw a level of improvement - but I'd like now to verify my settings, make sure that I'm making full use of the memory available. (There appeared to be a slowdown when max = 7Gb, so I edged off from that value, but it might have been just perceptual.) To verify, I checked the following levels in PerfMon : Process(sqlserv):Working Set : 76386304 SQL Server(Memory Manager) : Total Server Memory : 3538944 (I saw a doc that noted that this wasn't the full memory used by SQL Server, so I'm not sure whether to trust it) So -- my questions... Should my max be around 7Gb? If not, what should it be? Why is total server memory at 3.5G, when it's been allocated 5G? What is the proper metric for the amount of memory allocated to SQL Server? The Working Set seems a bit large... Am I possibly missing any steps in the setup? Any recommended resources on starting to tune the caching system now? Thanks

  Read the article

• Unconvert Text File from Binary Format

  - by Hammer Bro.

  I've got a rather large CSV file (~700MB) which I know to consist of lines of 27-character alpha-numeric hashes; no commas or anything fancy. Somehow, during its migration from Windows to Linux (via winSCP and then a few regular SCPs), it has converted into some kind of binary format I am unfamiliar with. If I open the file in vi, everything appears fine, and it says [converted] at the bottom, although I know it's not a line endings issue (and dos2unix doesn't help). If I 'head' the file, it looks proper except for a "ÿþ" at the beginning of the first line. If I open up the file in nano, however, I see the "ÿþ" at the start and then "^@" before every character (even newlines and EoF). If I try to re-save or copy the file (say via: head file.csv short.txt), this special encoding is preserved. I copied the first ten lines out of vi (which displays it properly) into my Windows clipboard via my SSH client, then pasted it into a new text file, test.txt. This file is visually identical when opened in vi (and similar through 'head', minus the "ÿþ"), although it's roughly half of the filesize. Additionally, file test.txt test.txt: ASCII text file short.txt short.txt: I have no idea what format this once-text file got converted to (it's notoriously hard to search the internet for symbols), but surely there must be some way to convert it back. Any ideas?

  Read the article

• Why can't “knife data bag from file” find existing json file on chef server?

  - by ellisera

  Summary: I'm running into a problem with "knife data bag from file", where knife doesn't recognize the .json data bag file pulled down from a remote git repo. Background: I'm currently trying to transition from chef-solo use to chef server while using the cookbooks, data bags and other chef info from our remote git repo. I've currently pulled down a copy of our git repo and set the cookbook path and data bag path in knife.rb. I also loaded the cookbooks, made adjustments, etc. Details: When trying to load our .json data bags by doing "knife data bag add from file FOLDER FILE" it looks like it worked until I do "knife data bag list" and it comes up blank. So I decided to try adding the edit option at the end to see what's being loaded, if it is. This is the error I get: knife data bag from file local_settings test.json -e nano ERROR: Could not find or open file 'test.json' in current directory or in 'data_bags/local_settings/test.json' The data bag file does exist, in the proper location, in a tested, working json file. I've also sometimes gotten an error saying "could not open data bag "local_settings". I would obviously like to keep the data bag path within the appropriate git repo folder to be able to keep track of changes in a more centralized location (our git repo, as opposed to the chef server). Any solutions, advice or pointers in the right direction are appreciated.

  Read the article

• frequent "SNMP error" with Cacti

  - by nn4l

  When adding new devices to my Cacti instance, I get frequent "SNMP error" messages in the device screen. But the error is not consistent, not even for the same device. Here's what I already have checked: Sometimes a device shows that "SNMP error" message even when it did not had that error an hour before, and vice versa. I tried this with several different Cacti releases, installed on different OS (Debian squeeze: 0.8.7g-1+squeeze1, Debian Sid: 0.8.7i-3, CentOS 6.0: 0.8.7i-2.el6) tried both from a local (192.168.1.xy) network and from a different data center so I don't think it is a network problem reinstalled the Cacti database, rerun the scripts to install my devices. Now different devices have that error when executing a snmpwalk or snmpgetnext command from the command line, it is always successful increasing the timeout to 20000 (20 seconds) and the retry count to 10 does not make a difference The cacti.log says: 04/14/2012 02:10:19 PM - CMDPHP: Poller[0] WARNING: SNMP GetNext Timeout for Host:'s0026.mydomain.de', and OID:'.1.3.6.1.2.1.1.3.0' 04/14/2012 02:10:20 PM - CMDPHP: Poller[0] WARNING: SNMP GetNext Timeout for Host:'s0026.mydomain.de', and OID:'.1.3' However, when executing snmpget or snmpget with that from the command line a proper response is returned immediately.

  Read the article

• Easiest way to allow direct HTTPS connection in Intercept mode?

  - by Nick Lin

  I know the SSL issue has been beaten to death I'm using DNS redirect to force my clients to use my intercept proxy. As we all know, intercepting HTTPS connection is not possible unless I provide a fake certificate. What I want to achieve here is to allow all HTTPS requests connect directly to the source server, thus bypassing Squid: HTTP connection Proxy by Squid HTTPS connection Bypass Squid and connect directly I spent the past few days goolging and trying different methods but none worked so far. I read about SSL tunneling using the CONNECT method but couldn't find any more information on it. I tried a similar method in using RINETD to forward all traffic going through port 443 of my Squid back to the original IP of www.pandora.com. Unfortunately, I did not realize all other HTTPS requests are also forwarded to the IP of www.pandora.com. For example, https://www.gmail.com also takes me to https://www.pandora.com Since I'm running the Intercept mode, the forwarding needs to be dynamic and match each HTTPS domain name with proper original IP. Can this be done in Squid or iptables? Lastly, I'm directing traffic to my Squid server using DNS zone redirect. For example, a client requests www.google.com, my DNS server directs that request to my Squid IP, then my transparent Squid will proxy that request. Will this set up affect what I'm trying to achieve? I tried many methods but couldn't get it to work. Any takes on how to do this?

  Read the article

• Ionic Isapi Rewrite error on IIS6, Windows 2003 Server

  - by EsiX

  First of all my setup is a VPS running Windows 2003 Server with multiple domains on it IIS 6, Plesk IsapiRewrite4.ini RewriteLogLevel 3 RewriteCond %{HTTP_HOST} ^mydomain.com$ RewriteRule ^/(.*)$ http://www.mydomain.com/$1 [R] This is one of their basic examples. Ionic is installed and setup proper because if I use another rule (a simpler one ... like the one following) it works instant # IsapiRewrite4.ini # RewriteLogLevel 3 # # This ini file illustrates the use of a redirect rule. # Any incoming URL that starts with an uppercase W # will be redirected to the specified server. RewriteRule ^/(W.*)$ http://server.dyndns.org:7070/$1 [R] This one works in the TestDriver tool and none of them gives any error or warnings in TestParse tool, but it doesn't do a thing on the webserver... The fact that one rule works means that the isapi module works. I am using the last version. RedirectRule http://mydomain.com/someplace/somefile.html http://www.mydomain.com/howto/someplace/anotherfile.html [I,L] Both examples were taken from http://iirf.codeplex.com/Wiki/View.aspx?title=Redirection&referringTitle=Home So my IsapiRewrite4.ini needs to do this two tasks: auto transform and redirection for a number of urls. Can you help out.. I really don't know what I'm doing wrong.

  Read the article

• Can't access IIS 7 server URL from the same IIS 7 server.

  - by Kevin Raffay

  We have an intranet site ie, xxx.yyyy.com, that users access by entering "http"://xxx.yyy.com. Our problems started when we migrated to IIS 7 running on a new 2003 server. We got rid of our single-sign on code and implemented a security model where we capture a user's domain credentials which we then authenticate against a DB. In order to get the domain credentials passed to our ASP.NET app, we have the following settings: Anonymous Authentication:Disabled ASP.NET Impersonation: Enabled Basic/Digest/Forms Authentication: Disabled Windows Authentication: Enabled We allow "*" and deny "?" in the web.config. Browsing "http"://xxx.yyy.com from any client PC results in a domain login prompt, and if your enter a proper user/pwd, you can get in. However, browsing "http"://xxx.yyy.com while remoting into the server results in 3 domain login prompts and eventually a 401 error - unauthorized. We have traced this behavior to problems with our web site where we have pages doing "screen scraping" using the HttpRequest calling a url on the same server. When doing a HttpRequest from any other client, using a test harness that passes authorized credentials, all is good. So internal HttpRequest calls on the server fail, just like attempts to browse that server's url from within a remote session. Why would a to "http"://xxx.yyy.com on server xxx.yyy.com fail authentication?

  Read the article

• Remote Scripted Installation of Sun/Oracle JRE

  - by chrisbunney

  I'm attempting to automate the installation of a Debian server (debian 6.0 squeeze 64bit). Part of the installation requires the Sun JRE package to be installed. This package has a licence agreement, which has to be accepted. I have a script which uses the following lines to accept and install the JRE: echo "sun-java6-bin shared/accepted-sun-dlj-v1-1 boolean true" | debconf-set-selections apt-get install -y sun-java6-jre This works fine when executing the script locally. However, I need to execute the script remotely using the ssh command, e.g.: ssh -i keyFile root@hostname './myScript' This doesn't work. In particular, it fails on apt-get install -y sun-java6-jre. It would seem that in spite of me setting the licence agreement to accepted, when run remotely in this manner it is ignored. Despite setting the value to true, I still get prompted to manually accept the agreement when I run this command: ssh -i keyFile root@hostname 'apt-get install -y sun-java6-jre' I suspect it is something to do with environment that is taken care of when running a proper terminal session, but have no idea what to try next to fix it. So, what do I have to do to get this command (and hence my deployment script) to run correctly when executing it remotely? Or is there an alternative way that allows me to install the JRE remotely by another means? Edit 0: I have compared the output of env when executed remotely via ssh and when executed via a local terminal session. The only difference between the outputs is that the local terminal session has the additional value TERM=xterm.

  Read the article

• IPCop Packet Mangling

  - by Zenham

  I've found myself in a pickle replacing an old firewall for a client this afternoon. I'm configuring their new IPCop firewall (1.4.21), Zerina OpenVPN addon is installed. What I need to do: There are three network interfaces, currently set up as red (WAN), green (LAN, 192.168.20.0/24) and orange (remote network 10.1.20.0/24). The orange interface is a direct fiber link to another organization. Simple description: Traffic and networks appear to be properly configured at this point, but I have many (150+) specific IPs on the LAN which, when accessing the resources on the 10.1.20.x network, need to be mangled to appear to be coming from the 10.1.20.0/24 network (and return traffic properly delivered). The routing on the far side was configured earlier and should be fine, but I need to redirect any packets coming across destined for those IPs to end up at their proper destination. The addressing is fixed and predictable (ie. 192.168.20.125 - 10.1.20.125). I need to insert whatever rules I have into the IPCop ruleset through /etc/rc.local I know, I'm just not sure about how I should structure this. There's CUSTOMOUTPUT and CUSTOMINPUT targets, both which currently just consist of the single rule redirecting packets to the OVPNOUTPUT/OVPNINPUT targets, so I'm guessing I should insert a rule matching outbound packets destined for the 10.1.20.x network and redirecting to a new target (maybe called TO-ORANGE) and a rule at the top of CUSTOMINPUT which redirects to a FROM-ORANGE target. Under those targets, I would have rules which do the IP matching and mangling. Am I approaching this right? If so, I'm not very familiar with mangle, and would appreciate seeing examples of how to write that source-IP rewrite. If not, how would you suggest doing this? TIA! edit: I notice additionally that the nat table has CUSTOMPREROUTING and CUSTOMPOSTROUTING targets, I guess I could alternatively post the rules in there....

  Read the article

• ipvsadm lists a few hosts by IP only, rest by name

  - by dmourati

  We use keepalived to manage our Linux Virtual Server (LVS) load balancer. The LVS VIPs are setup to use a FWMARK as configured in iptables. virtual_server fwmark 300000 { delay_loop 10 lb_algo wrr lb_kind NAT persistence_timeout 180 protocol TCP real_server 10.10.35.31 { weight 24 MISC_CHECK { misc_path "/usr/local/sbin/check_php_wrapper.sh 10.10.35.31" misc_timeout 30 } } real_server 10.10.35.32 { weight 24 MISC_CHECK { misc_path "/usr/local/sbin/check_php_wrapper.sh 10.10.35.32" misc_timeout 30 } } real_server 10.10.35.33 { weight 24 MISC_CHECK { misc_path "/usr/local/sbin/check_php_wrapper.sh 10.10.35.33" misc_timeout 30 } } real_server 10.10.35.34 { weight 24 MISC_CHECK { misc_path "/usr/local/sbin/check_php_wrapper.sh 10.10.35.34" misc_timeout 30 } } } http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.fwmark.html [root@lb1 ~]# iptables -L -n -v -t mangle Chain PREROUTING (policy ACCEPT 182G packets, 114T bytes) 190M 167G MARK tcp -- * * 0.0.0.0/0 w1.x1.y1.4 multiport dports 80,443 MARK set 0x493e0 62M 58G MARK tcp -- * * 0.0.0.0/0 w1.x1.y2.4 multiport dports 80,443 MARK set 0x493e0 [root@lb1 ~]# ipvsadm -L IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn FWM 300000 wrr persistent 180 -> 10.10.35.31:0 Masq 24 1 0 -> dis2.domain.com:0 Masq 24 3 231 -> 10.10.35.33:0 Masq 24 0 208 -> 10.10.35.34:0 Masq 24 0 0 At the time the realservers were setup, there was a misconfigured dns for some hosts in the 10.10.35.0/24 network. Thereafter, we fixed the DNS. However, the hosts continue to show up as only their IP numbers (10.10.35.31,10.10.35.33,10.10.35.34) above. [root@lb1 ~]# host 10.10.35.31 31.35.10.10.in-addr.arpa domain name pointer dis1.domain.com. OS is CentOS 6.3. Ipvsadm is ipvsadm-1.25-10.el6.x86_64. kernel is kernel-2.6.32-71.el6.x86_64. Keepalived is keepalived-1.2.7-1.el6.x86_64. How can we get ipvsadm -L to list all realservers by their proper hostnames?

  Read the article

• Validating signature trust with gpg?

  - by larsks

  We would like to use gpg signatures to verify some aspects of our system configuration management tools. Additionally, we would like to use a "trust" model where individual sysadmin keys are signed with a master signing key, and then our systems trust that master key (and use the "web of trust" to validate signatures by our sysadmins). This gives us a lot of flexibility, such as the ability to easily revoke the trust on a key when someone leaves, but we've run into a problem. While the gpg command will tell you if a key is untrusted, it doesn't appear to return an exit code indicating this fact. For example: # gpg -v < foo.asc Version: GnuPG v1.4.11 (GNU/Linux) gpg: armor header: gpg: original file name='' this is a test gpg: Signature made Fri 22 Jul 2011 11:34:02 AM EDT using RSA key ID ABCD00B0 gpg: using PGP trust model gpg: Good signature from "Testing Key <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: ABCD 1234 0527 9D0C 3C4A CAFE BABE DEAD BEEF 00B0 gpg: binary signature, digest algorithm SHA1 The part we care about is this: gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. The exit code returned by gpg in this case is 0, despite the trust failure: # echo $? 0 How do we get gpg to fail in the event that something is signed with an untrusted signature? I've seen some suggestions that the gpgv command will return a proper exit code, but unfortunately gpgv doesn't know how to fetch keys from keyservers. I guess we can parse the status output (using --status-fd) from gpg, but is there a better way?

  Read the article

• PAM Winbind Expired Password

  - by kernelpanic

  We've got Winbind/Kerberos setup on RHEL for AD authentication. Working fine however I noticed that when a password has expired, we get a warning but shell access is still granted. What's the proper way of handling this? Can we tell PAM to close the session once it sees the password has expired? Example: login as: ad-user [email protected]'s password: Warning: password has expired. [ad-user@server ~]$ Contents of /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 account sufficient pam_succeed_if.so user ingroup AD_Admins debug account requisite pam_succeed_if.so user ingroup AD_Developers debug account required pam_access.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 session sufficient pam_succeed_if.so user ingroup AD_Admins debug session requisite pam_succeed_if.so user ingroup AD_Developers debug session optional pam_mkhomedir.so umask=0077 skel=/etc/skel session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so

  Read the article

< Previous Page | 133 134 135 136 137 138 139 140 141 142 143 144  | Next Page >