Search Results

Search found 4906 results on 197 pages for 'ssh tunnel'.

Page 182/197 | < Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >

• Which isn't working on linode servers (Ubuntu 10.04)?

  - by chrisjlee

  Currently trying to configure a linode server running on ubuntu 10.04. I utilized a stackscript (Default drupal profile) which seemed to run successfully. The log indicate so as well. Then ssh'd into the server (as root) to try to configure php. When i run a which php, which php5 they both return nothing. A which python returns something though. I know where the default path to php but i usually just like to use it as confirmation that php exists. Do i have to modify some configurations to enable which to work? Also tab completion doesn't seem to work for when i apt-get install? Update: Thanks for the suggestions guys. I've ran a couple commands and no luck either: [ root@ ~ ] $ dpkg -l |grep php [ root@ ~ ] $ apt-get install php5-cli Reading package lists... Done Building dependency tree Reading state information... Done Package php5-cli is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package php5-cli has no installation candidate Then i tried installing php and php cli: [ root@ ~ ] $ sudo apt-get install php5 php5-cli sudo: unable to resolve host xxxxxxx Reading package lists... Done Building dependency tree Reading state information... Done Package php5 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package php5 has no installation candidate

  Read the article

• Java: very slow tomcat and too big war file

  - by NaN

  I created some sort of RESTful API backend for a mobile app. It's written completely in Java using Jersey as Framework. At the moment no database is used, it's all in the memory, but this is no problem so far (it's only for prototyping purposes). I ordered the smallest package from digital ocean and installed tomcat7. All in all tomcat works, but I have three major problems: 1) It takes a long time until tomcat deploys the app: I deploy it per tomcat manager and it takes about 2 minutes unit the site works (excl. war upload time). 2) The war files are quite big (16MB): I don't know why they are so big. There are no database dependencies and most logic is written in plain java. Okay, we are using jersey, but 16MB are a lot for the logic of a small webservice. 3) I have to restart tomcat all 3 days or so. It looks like a memory leak or something similar. If the app runs for a few days the response time is quite high and the server seems to be frozen. It works again, if I restart tomcat per ssh. You can find my mvn pom file right here. Do you have some tips? Are there good tomcat alternatives?

  Read the article

• ESXi 5 VM Putty session hangs, vSphere client timing out

  - by user192702

  First of all I believe this is a ESXi issue but let me know if you have seen this. It started about a year ago when I noticed occasionally when I putty via SSH to my VM guests, if I do anything that makes it to display a lot of things at once, the session will hang and I have to start a new one quite often only to find the same behaviour. What I meant by display a lot of things can be any of the following: 1) tail -f filename 2) Paste a long command 3) less filename If I type in one character at a time this won't happen. I tried searching online and it always point me to flow control settings and the various suggestions I've tried have never been able to resolve the issue. Since last week, I've noticed I'm not able to connect to my POP3 server from Outlook (it's timing out from Outlook's perspective). Today I tried to connect to the ESXi via vSphere client and it gives me a time out also. Exact behavior and error I saw is similar to the one posted at the following URL but the suggested technique also failed to resolve the issue. http://davidcocke.blogspot.hk/2012/02/unable-to-login-with-vsphere-client.html Has anyone experienced this before? Any suggestions on how to troubleshoot this?

  Read the article

• How can I remotely display images on my computer?

  - by Jakob

  What I Have: A laptop booted with Ubuntu and a stationary computer dual-booted with Ubuntu and Vista, both connected through a wireless ad-hoc network. What I Want: I want a way to display images in fullscreen on my stationary, using my laptop as a "remote control". I want to be able to choose another picture at any time and have my stationary computer remain in fullscreen mode at all times. Preferably, I should also be able to display just an empty (black) screen. How can I arrange for this? What I Have Tried: I have tried simply SSH:ing into my stationary computer and opening the image files using an image viewer, but all of the ones that I have tried (Eye of Gnome, Mirage, Gwenview, and others) open a new window for every new image. I don't know how to force them into using a single instance. I have tried using the VLC remote control command line interface, but apart from seeming somewhat unreliable (exiting with segmentation faults at one point), it also displays some images with a green border and forces me to pause playback in order for the image to remain on screen. Bonus Question: In my final setup, I also need to play music through my stationary computer's speaker and have the ability to switch to another track at any point, like with the images. Preferably, I would like to control the images and the audio through the same interface. How can I best achieve this?

  Read the article

• why is Mac OSX Lion losing login/network credentials?

  - by Larry Kyrala

  (moved from stackoverflow...) Symptoms So at work we have OSX 10.7.3 installed and every once in a while I will see the following behaviors: 1) if the screen is locked, then multiple tries of the same user/pass are not accepted. 2) if the screen is unlocked, then opening a new bash term may yield prompts such as: `I have no name$` or lkyrala$ ssh lkyrala@ah-lkyrala2u You don't exist, go away! Even when our macs are working normally, everyone here has to login twice. The first time after boot always fails, but the second time (with the same password, not changing anything, just pressing enter again) succeeds. Weird? Workarounds There are some workarounds that resolve the immediate problem, but don't prevent it from happening again: a) wait (maybe an hour or two) and the problems sometimes go away by themselves. b) kill 'opendirectoryd' and let it restart. (from https://discussions.apple.com/thread/3663559) c) hold the power button to reset the computer Discussion Now, the evidence above points me to something screwy with opendirectory and login credentials. Some other people report having these login problems, but it's hard to determine where the actual problem is (Mac, or network environment?). I should add that most of the network are Windows machines, but we have quite a few Macs and Linux machines as well, but I'm not sure of the details of how the network auth is mapped from various domains to others... all I know is that our network credentials work in Windows domains as well as mac and linux logins -- so something is connecting separate systems, or using the same global auth system.

  Read the article

• Freebsd jail for an small company - checklist - what shouldn't forget

  - by cajwine

  Looking for an checklist for an "small company freebsd/jail server". Having pretty common starting point: FreeBSD jail (remote/headless) for the company: public web, email, ftp server, and private (maybe in the future partially public) wiki (foswiki) 4 physical persons, (6 email addresses) + one admin - others will never use ssh) have already done usual hardening on the host side (like pf, sshguard etc). my major components are: dovecot, exim, apache22, proftpd, perl5.14. Looking for an checklist, what I shouldn't forget. My plan: openssl self-signed certificates for exim, dovecot and proftpd (wildcard keys) openssl self-signed certificate for apache (later will go for "trusted-signed" key) My questions are: is is an "good practice" having one pair of wildcard SSL-certificates for many programs? (exim, dovecot, proftpd) - or should I generate one key for each service? should I add all 4 persons as standard (unix) users, or I should go with virtual users? Asking because: have only small count of users, and it is more simple to configure everything (exim, dovecot) for local users ($HOME/Maildir), plus ability to set $HOME/.forward/vacation and etc. is here some (special) things what I should consider? (e.g. maybe, in the future we want setup our own webmail - will make this any difference?) any other recommendation? Thank you, hoping that this question fit into the http://serverfault.com/faq under the: Server and Business Workstation operating systems, hardware, software Operations, maintenance, and monitoring Looking for an checklist, but please explain why you're recommending it. See Good Subjective, Bad Subjective. related: What's your suggested mail server configuration for a FreeBSD server?

  Read the article

• How can I implement ansible with per-host passwords, securely?

  - by supervacuo

  I would like to use ansible to manage a group of existing servers. I have created an ansible_hosts file, and tested successfully (with the -K option) with commands that only target a single host ansible -i ansible_hosts host1 --sudo -K # + commands ... My problem now is that the user passwords on each host are different, but I can't find a way of handling this in Ansible. Using -K, I am only prompted for a single sudo password up-front, which then seems to be tried for all subsequent hosts without prompting: host1 | ... host2 | FAILED => Incorrect sudo password host3 | FAILED => Incorrect sudo password host4 | FAILED => Incorrect sudo password host5 | FAILED => Incorrect sudo password Research so far: a StackOverflow question with one incorrect answer ("use -K") and one response by the author saying "Found out I needed passwordless sudo" the Ansible docs, which say "Use of passwordless sudo makes things easier to automate, but it’s not required." (emphasis mine) this security StackExchange question which takes it as read that NOPASSWD is required article "Scalable and Understandable Provisioning..." which says: "running sudo may require typing a password, which is a sure way of blocking Ansible forever. A simple fix is to run visudo on the target host, and make sure that the user Ansible will use to login does not have to type a password" article "Basic Ansible Playbooks", which says "Ansible could log into the target server as root and avoid the need for sudo, or let the ansible user have sudo without a password, but the thought of doing either makes my spleen threaten to leap up my gullet and block my windpipe, so I don’t" My thoughts exactly, but then how to extend beyond a single server? ansible issue #1227, "Ansible should ask for sudo password for all users in a playbook", which was closed a year ago by mpdehaan with the comment "Haven't seen much demand for this, I think most people are sudoing from only one user account or using keys most of the time." So... how are people using Ansible in situations like these? Setting NOPASSWD in /etc/sudoers, reusing password across hosts or enabling root SSH login all seem rather drastic reductions in security.

  Read the article

• Find slow network nodes between two data centers

  - by 2called-chaos

  I've got a problem with syncing big amount of data between two data centers. Both machines have got a gigabit connection and are not fully occupied but the fastest that I am able to get is something between 6 and 10 Mbit = not acceptable! Yesterday I made some traceroute which indicates huge load on a LEVEL3 router but the problem exists for weeks now and the high response time is gone (20ms instead of 300ms). How can I trace this to find the actual slow node? Thought about a traceroute with bigger packages but will this work? In addition this problem might not be related to one of our servers as there are much higher transmission rates to other servers or clients. Actually office = server is faster than server <= server! Any idea is appreciated ;) Update We actually use rsync over ssh to copy the files. As encryption tends to have more bottlenecks I tried a HTTP request but unfortunately it is just as slow. We have a SLA with one of the data centers. They said they already tried to change the routing because they say this is related to a cheap network where the traffic gets routed through. It is true that it will route through a "cheapnet" but only the other way around. Our direction goes through LEVEL3 and the other way goes through lambdanet (which they said is not a good network). If I got it right (I'm a network intermediate) they simulated a longer path to force routing through LEVEL3 and they announce LEVEL3 in the AS path. I basically want to know if they're right or they're just trying to abdicate their responsibility. The thing is that the problem exists in both directions (while different routes), so I think it is in the responsibility of our hoster. And honestly, I don't believe that there is a DC2DC connection which only can handle 600kb/s - 1,5 MB/s for weeks! The question is how to detect WHERE this bottleneck is

  Read the article

• Browsing \\computer\share fails, but net use \\computer\share works?

  - by JMD

  I've had mixed results with using Windows Explorer to browse remote file shares. The setup: I'm at work on Windows XP SP3 Files are at home on Windows XP SP3 Two separate VPNs are available to access my PC at home corporate OpenVPN (10.1.2.3) a Hamachi/LogMeIn connection (5.1.2.3) With respect to my problem, it doesn't matter which IP I use. They both perform exactly the same way: I expect that if I open Windows Explorer and type in \\10.1.2.3\Shared I should be interrupted with a challenge for credentials, and then be able to interact with the files in the share. However, I just get that annoying dialog, "Windows cannot find '\10.1.2.3\Shared' Check the spelling and try again, or try searching for the item ..." However, I can take that exact same computername/sharename and with net use I can: net use * \\10.1.2.3\Shared * /user:homecomputername\username with this result: Type the password for \\5.69.83.158\C$: Drive Z: is now connected to \\5.69.83.158\C$. The command completed successfully. I can then access the files in Z: in Windows Explorer which was my original intent. Even after Z: is already mapped and the credentials are cached I still cannot bring up \\10.1.2.3\Shared in Windows Explorer. Why does the latter work, but not the former? Edit: Other services work fine, such as RDP. (I have a problem in which I can't SSH home, but I'll consider that separately.)

  Read the article

• postfix - connection refused from behind NAT

  - by manchine

  When attempting to telnet postfix from a different host in the same LAN through the FQDN (and thus the LAN's public IP), the following error occurs: root@mailer:/var/log# telnet mail.domain.com 25 Trying 1.2.3.4... telnet: Unable to connect to remote host: Connection refused Other services can be reached from the exact same host, however: root@mailer:/var/log# telnet mail.domain.com 22 Trying 1.2.3.4... Connected to mail.domain.com. Escape character is '^]'. SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u1 To make matters more intriguing, Postfix can be accessed from outside the LAN: nunos-mbp:mailog nzimas$ telnet mail.domain.com 25 Trying 1.2.3.4... Connected to mail.domain.com. Escape character is '^]'. 220 mail.domain.com ESMTP Postfix (Ubuntu) To sum thing up: a) Postfix (running on 10.10.10.4 / mail.domiain.com) refuses connection from a host in the same LAN (10.10.10.2), but only when queried through the FQDN (mail.domain.com) b) mail.domain.com accepts connections to other services (but Postfix) from 10.10.10.2 c) mail.domain.com accepts connections to all services, including Postfix, from the outside world If it were a firewall issue, then I believe it would not be possible to connect to any service from 10.10.10.2 through the FQSN / public IP. It ought to be some missing parameter in Postfix, although I haven't found any clear pointers so far.

  Read the article

• Converting flv and mp4 video format to '.ogg' using FFmpeg

  - by user163906

  I have HostGator VPS server with FFmpeg installed. It allows me to convert .wmv to .flv as well as .mp4 files successfully using the following commands for flv and mp4: ffmpeg -i WantsABath.wmv -b 600k -r 24 -ar 22050 -ab 96k WantsABath.flv ffmpeg -i WantsABath.wmv WantsABath.mp4 but it won't allow me to convert any file format to .ogg. I tried using the command: ffmpeg -i input.mp4 -acodec libvorbis -vcodec libtheora -f ogv output.ogv by mondain but no luck with it. I am doubting that my VPS doesn't have libtheora installed. I tried configuring it by using SSH but I don't know how to make sure if it is installed or not. I tried checking with php_info but can't find anything regarding libtheora. Here's my FFmpeg version: FFmpeg version SVN-r19795, Copyright (c) 2000-2009 Fabrice Bellard, et al. configuration: --enable-libmp3lame --enable-libvorbis --disable-mmx --enable-shared --prefix=/usr/ --enable-gpl libavutil 50. 3. 0 / 50. 3. 0 libavcodec 52.35. 0 / 52.35. 0 libavformat 52.38. 0 / 52.38. 0 libavdevice 52. 2. 0 / 52. 2. 0 libswscale 0. 7. 1 / 0. 7. 1 This details doean't show libtheor Can anyone please suggest me something?

  Read the article

• Syntax error at '{'; expected '}' when using nagios in puppet

  - by jiangchengwu

  It's a big problem to me, because I'm not familiar with puppet. ERROR on the puppetmaster: debug: importing '/etc/puppet/manifests/nodes/group-1.pp' err: Could not parse for environment production: Syntax error at '{'; expected '}' at /etc/puppet/manifests/nodes/group-1.pp:6 ERROR on the puppet client: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Syntax error at '{'; expected '}' at /etc/puppet/manifests/nodes/group-1.pp:6 in group-1.pp: node 'group1' { include ntp class { 'nagios::host': #this is line 6 nodename => $clientcert, appname => 'test', } } nagios::host in module module/nagios/host.pp code are here: class nagios::host($nodename, $hostgroup) { file { '/usr/lib/nagios/plugins': mode = "755", require = Package["nagios-plugins"], } ... @@nagios_service { "${nodename}_check_ssh": ensure => present, use => 'generic-service', host_name => "${nodename}", notification_interval => 60, flap_detection_enabled => 0, service_description => "SSH", check_command => "check_ssh", target => "/etc/nagios3/services.d/${nodename}.cfg", } } and the file module/nagios/init.pp is blank How could I fix it ?

  Read the article

• The best way to hide data Encryption,Connection,Hardware

  - by Tico Raaphorst

  So to say, if i have a VPS which i own now, and i wanted to make the most secure and stable system that i can make. How would i do that? Just to try: I installed debian 7 with LVM Encryption via installation: You get the 2 partitions a /boot and a encrypted partition. When booting you will be prompted to fill in the password to unlock the encryption of the encrypted partition, Which then will have more partitions like /home /usr and swapspace which will automatically mount. Now, i do need to fill in the password over a VNC-SSL connection via the control panel website of the VPS hoster, so they can see my disk encryption password if they wanted to, they have the option if they wanted to look at what i have as data right? Data encryption on VPS , Is it possible to have a 100% secure virtual private server? So lets say i have my server and it is sitting well locked next to me, with the following examples covered bios (you have to replace bios) raid (you have to unlock raid-config) disk (you have to unlock disk encryption) filelike-zip-tar (files are stored in encrypted archives) which are in some other crypted file mounted as partition (archives mounted as partitions) all on the same system So it will be slow but it would be extremely difficult to crack the encryption. So to say if you stole the server. Then i only need to make the connection like ssh safer with single use passwords, block all incoming and outgoing connections but give one "exception" for myself. And maybe one for if i somehow lose my identity for the "exeption" What other overkill but realistic security options are available, i have heard about SElinux?

  Read the article

• Terminal emulation has stopped working. Garbage escape chars

  - by oligofren

  To enable me to do some remote administration of our servers I started using a terminal emulation program called TouchTerm Pro on my iPhone. While not the smoothest experience, it has allowed me to leave my computer behind when going out of town, which makes the slightly painful experience worthwhile. As of late, the app unfortunately no longer works. Pressing up and down keys after logging on via ssh gives me garbage like ^[[A and ^[[B. Combinations with Ctrl - like you can see in the video - no longer works either. Writing full command lines and executing by the enter key works though. Being able to search my bash history was the difference between a usable app and endless frustration, so getting it to work is essential. The app has (of course) met its end of life, not getting updated anymore. I am not quite sure, which side (client or server) that has to be "fixed"/hacked to make the control sequences work again. But is there something I can do to make it work as intended? You can see a video of TouchTerm in operation here.

  Read the article

• Managing rolling deployments in the cloud

  - by Josh Nankin

  Recently I've been experimenting with various cloud management tools like RightScale, Scalr, custom scripts for managing a variety of servers, each hosting several roles (app, db, load balancer, job queues, etc). The one thing I find lacking in most solutions is a way to do rolling deployments, i.e. running deployments sequentially across a number of servers with the same role. For instance, I dont want to build all of my webservers at the same time, as that will almost definitely result in some down time or 500s for my customers. I'd rather have one or two servers build at a time, while other servers are still available to handle requests. The other alternative is obviously to launch new servers that automatically update themselves on boot, but this isn't as cost effective, and most likely requires more time for the build to complete (it's faster to build on an existing server than to launch a new server and kill old ones). We've all heard of the big companies having the famous "push to build" button (companies like Twilio, Etsy, etc.) but it seems that they all have custom implementations of this. I'm not talking about a simple ssh-loop, clusterssh, or even an mcollective - I preferably want something with a nice simple interface that allows me to specify something like a RightScript or a Scalr script to run on a set of servers with a specific role, and it builds them sequentially. Does any one know of easy ways to get this done, or is this a candidate for a new open source project?

  Read the article

• Can't get IPv6 address using radvd on wireless interface on windows, wired works fine.

  - by AndrejaKo

  I set up my router to use OpenWRT and set it up to use IPv6 using a tunnel form SixXs. I'm having problems with stateless autoconfiguration using radvd. On my computer, wired connection can get its IPv6 address fine, but wireless can't. After spending some time on OpenWRT forums, I'm pretty much sure now that router is set up fine and that the problem is with my windows settings. Also, I do not have any problems getting IPv6 address on openSUSE 11.3. So what should I do to solve this and what information should I post? Here's radvdump output for wired interface: interface br-lan { AdvSendAdvert on; # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump AdvManagedFlag on; AdvOtherConfigFlag on; AdvReachableTime 0; AdvRetransTimer 0; AdvCurHopLimit 64; AdvDefaultLifetime 1800; AdvHomeAgentFlag off; AdvDefaultPreference medium; AdvSourceLLAddress on; prefix 2001:15c0:67d0::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 14400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition }; # End of interface definition Here's radvdump output for wireless interface: # # radvd configuration generated by radvdump 1.6 # based on Router Advertisement from fe80::a0b7:deff:fef0:5b34 # received by interface br-lan # interface br-lan { AdvSendAdvert on; # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump AdvManagedFlag on; AdvOtherConfigFlag on; AdvReachableTime 0; AdvRetransTimer 0; AdvCurHopLimit 64; AdvDefaultLifetime 1800; AdvHomeAgentFlag off; AdvDefaultPreference medium; AdvSourceLLAddress on; prefix 2001:15c0:67d0::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 14400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition }; # End of interface definition # # radvd configuration generated by radvdump 1.6 # based on Router Advertisement from fe80::a0b7:deff:fef0:5b34 # received by interface br-lan # interface br-lan { AdvSendAdvert on; # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump AdvManagedFlag on; AdvOtherConfigFlag on; AdvReachableTime 0; AdvRetransTimer 0; AdvCurHopLimit 64; AdvDefaultLifetime 1800; AdvHomeAgentFlag off; AdvDefaultPreference medium; AdvSourceLLAddress on; prefix 2001:15c0:67d0::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 14400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition }; # End of interface definition

  Read the article

• SNMP closed state in CentOS

  - by anksoWX

  I'm having a problem here, I've added to my IPtables rules this: -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT but when I scan with nmap or any other tool it says this: Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 161/tcp closed snmp also when I am doing: netstat -apn | grep snmpd tcp 0 0 127.0.0.1:199 0.0.0.0:* LISTEN 3669/snmpd<br> udp 0 0 0.0.0.0:161 0.0.0.0:* 3669/snmpd<br> unix 2 [ ] DGRAM 226186 3669/snmpd Also: service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:161 5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:161 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination Any idea what's going on? There is no UDP in closed/open state. what do I have to do?

  Read the article

• Cisco ASA user authentication options - OpenID, public RSA sig, others?

  - by Ryan

  My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT, one primary outside interface with some secondary public IPs in the PAT pool for public-facing services, a couple site-to-site IPSec links to other branches, etc. - and I'm working now on VPN. I have the WebVPN (clientless SSL VPN) working and even traversing the site-to-site links. At the moment I'm leaving a legacy OpenVPN AS in place for thick client VPN. What I would like to do is standardize on an authentication method for all VPN then switch to the Cisco's IPSec thick VPN server. I'm trying to figure out what's really possible for authentication for these VPN users (thick client and clientless). My organization uses Google Apps and we already use dotnetopenauth to authenticate users for a couple internal services. I'd like to be able to do the same thing for thin and thick VPN. Alternatively a signature-based solution using RSA public keypairs (ssh-keygen type) would be useful to identify user@hardware. I'm trying to get away from legacy username/password auth especially if it's internal to the Cisco (just another password set to manage and for users to forget). I know I can map against an existing LDAP server but we have LDAP accounts created for only about 10% of the user base (mostly developers for Linux shell access). I guess what I'm looking for is a piece of middleware which appears to the Cisco as an LDAP server but will interface with the user's existing OpenID identity. Nothing I've seen in the Cisco suggests it can do this natively. But RSA public keys would be a runner-up, and much much better than standalone or even LDAP auth. What's really practical here?

  Read the article

• NFS-shared file-system is locking up

  - by fredden

  Our NFS-shared file-system is locking up. Please feel free to ask any questions you feel relevant. :) At the time, there are a lot of processes in "disk sleep" state, and the load averages on our machines sky-rocket. The machines are responsive on SSH, but our the majority of our websites (apache+mod_php) just hang, as does our email system (exim+dovecot). Any websites which don't require write access to the file-system continue to operate. The load averages continue to rise until some kind of time-out is reached, but for at least 10-15 minutes. I've seen load averages over 800, yet the machines are still responsive for actions which don't require writing to the shared file-system. I've been investigating a variety of options, which have all turned out to be red-herrings: nagios, proftpd, bind, cron tasks. I'm seeing these messages in the file server's system log: Jul 30 09:37:17 fs0 kernel: [1810036.560046] statd: server localhost not responding, timed out Jul 30 09:37:17 fs0 kernel: [1810036.560053] nsm_mon_unmon: rpc failed, status=-5 Jul 30 09:37:17 fs0 kernel: [1810036.560064] lockd: cannot monitor node2 Jul 30 09:38:22 fs0 kernel: [1810101.384027] statd: server localhost not responding, timed out Jul 30 09:38:22 fs0 kernel: [1810101.384033] nsm_mon_unmon: rpc failed, status=-5 Jul 30 09:38:22 fs0 kernel: [1810101.384044] lockd: cannot monitor node0 Software involved: VMWare, Debian lenny (64bit), ancient Red Hat (32 bit) (version 7 I believe), Debian etch (32bit) NFS, apache2+mod_php, exim, dovecot, bind, amanda, proftpd, nagios, cacti, drbd, heartbeat, keepalived, LVS, cron, ssmtp, NIS, svn, puppet, memcache, mysql, postgres Joomla!, Magento, Typo3, Midgard, Symfony, custom php apps

  Read the article

• OpenBSD pf - implementing the equivalent of an iptables DNAT

  - by chutz

  The IP address of an internal service is going to change. We have an OpenBSD access point (ssh + autpf rules) where clients connect and open a connection to the internal IP. To give us more time to reconfigure all clients to use the new IP address, I thought we can implement the equivalent of a DNAT on the authpf box. Basically, I want to write a rule similar to this iptables rule which lets me ping both $OLD_IP and $NEW_IP. iptables -t nat -A OUTPUT -d $OLD_IP -j DNAT --to-dest $NEW_IP Our version of OpenBSD is 4.7, but we can upgrade if necessary. If this DNAT is not possible we can probably do a NAT on a firewall along the way. The closest I was able to accomplish on a test box is: pass out on em1 inet proto icmp from any to 10.68.31.99 nat-to 10.68.31.247 Unfortunately, pfctl -s state tells me that nat-to translates the source IP, while I need to translate the destination. $ sudo pfctl -s state all icmp 10.68.31.247:7263 (10.68.30.199:13437) -> 10.68.31.99:8 0:0 I also found lots of mentions about rules that start with rdr and include the -> symbol to express the translation, but it looks like this syntax has been obsoleted in 4.7 and I cannot get anything similar to work. Attempts to implement a rdr fail with a complaint that /etc/pf.conf:20: rdr-to can only be used inbound

  Read the article

• Recommended programming language for linux server management and web ui integration.

  - by Brendan Martens

  I am interested in making an in house web ui to ease some of the management tasks I face with administrating many servers; think Canonical's Landscape. This means doing things like, applying package updates simultaneously across servers, perhaps installing a custom .deb (I use ubuntu/debian.) Reviewing server logs, executing custom scripts, viewing status information for all my servers. I hope to be able to reuse existing command line tools instead of rewriting the exact same operations in a different language myself. I really want to develop something that allows me to continue managing on the ssh level but offers the power of a web interface for easily applying the same infrastructure wide changes. They should not be mutually exclusive. What are some recommended programming languages to use for doing this kind of development and tying it into a web ui? Why do you recommend the language(s) you do? I am not an experienced programmer, but view this as an opportunity to scratch some of my own itches as well as become a better programmer. I do not care specifically if one language is harder than another, but am more interested in picking the best tools for the job from the beginning. Feel free to recommend any existing projects except Landscape (not free,) Ebox (not entirely free, and more than I am looking for,) and webmin (I don't like it, feels clunky and does not integrate well with the "debian way" of maintaining a server, imo.) Thanks for any ideas!

  Read the article

• How to disable monitor "sleep" on Ubuntu without access to X?

  - by exhuma

  I just received a CuBox (basically a tiny ARM based PC). It comes pre-installed with Ubuntu, and I did not (yet) want to fiddle with the OS itself. My aim is to have it automaticall start a browser in fullscrren upon boot. Using chromium with the "--kiosk" flag works perfectly in that regard. But now I have the problem that the screen turns off after a certain time. I managed to turn off the screen saver using: gconftool-2 -s /apps/gnome-screensaver/idle_activation_enabled --type=bool false And tried to turn off the power management using: gconftool-2 -s /apps/gnome-power-manager/ac_sleep_display --type=int 0 and gconftool-2 -s /apps/gnome-power-manager/timeout/sleep_display_ac --type=int 0 Neither of the power-management commands worked. Theoretically I could hook up a mouse and keyboard and configure it manually. But I want to learn how to do it over the console. The box will eventually be only reachable via SSH. So I'd like to be able to trouble-shoot it later. I don't quite know where to look for. I searched the gconf tree using gconftool-2 -S for anything related to the terms power, idle and sleep but did not find anything promising. Maybe it's not even gconf related... Any ideas what else I could look for?

  Read the article

• Replace Linux Boot-Drive | ext3 to btrfs

  - by bardiir

  I've got a headless server running Debian Linux currently. Linux vault 3.2.0-3-686-pae #1 SMP Mon Jul 23 03:50:34 UTC 2012 i686 GNU/Linux The root filesystem is located on an ext3 partition on the main harddrive. My data is located on multiple harddrives that are bundled to a storage pool running with btrfs. UUID=072a7fce-bfea-46fa-923f-4fb0827ae428 / ext3 errors=remount-ro 0 1 UUID=b50965f1-a2e1-443f-876f-578b5f93cbf1 none swap sw 0 0 UUID=881e3ad9-31c4-4296-ae60-eae6c98ea45f none swap sw 0 0 UUID=30d8ae34-e2f0-44b4-bbcc-22d761a128f6 /data btrfs defaults,compress,autodefrag 0 0 What I'd like to do is to place / into the btrfs pool too. The ideal solution would provide the flexibility to boot from any disk in the system alike, so if the main drive fails I'd just need to swap another one into the main slot and it would be bootable like the main one. My main problem is, everything I do needs to result in a bootable system that is open to ssh logins via network as this server is 100% headless so there is no possibility to boot it from a live cd or anything like that. So I'd like to be extra sure everything works out fine :) How would I best go about this? Can anybody hint me to guides or whip something up for these tasks? Anything I forgot to think about? Copy root-data into btrfs pool, adjust mountpoints,... Adjust GRUB to boot from btrfs pool UUID or the local device where GRUB is installed Sync GRUB to all harddrives so every drive is equally bootable (is this even possible without destroying the btrfs partitions on the drives or would I need to disconnect the drives, install grub on them and then connect them back with a slightly smaller partition?)

  Read the article

• Whats the best cloud backup solution for a small scale server envoirnment?

  - by nbv4

  I have a server that runs a postgres database that contains about 200MB of data. Currently I have a cron job setup on my home computer which: ssh's into my server runs a remote script which makes a backup of the database scp's that dump over to my local hard drive for storage. Each dump is 20MiB. does this every six hours (one months of backups is roughly 2GiB) The problem with this setup is that if my local machine goes down for whatever reason, no backups will be made. Also, I can't have the cron run from the server, because I can't have it scp'd to my local machine from my server (firewalls and all that crap). My local machine is running Ubuntu 10.04, and my server is Ubuntu 9.10 server edition. I looked into Ubuntu One, but currently it's gui-only. I also looked into dropbox, but it's a pain in the ass to get setup in linux without gui support. Amazon S3 looks good but it's not free (yet dirt cheap). Is there any other alternative that I should look into? I'd prefer something where I can just have my script dump the database into a directory, and have the backup service 'watch' that folder and sync accordingly. I can maybe also have my local machine sync to the cloud backup so I have even more redundancy, plus easy access to my backups for use in testing.

  Read the article

• File permission woes on an Ubuntu ec2 instance

  - by Pardoner

  I've set up an amazon ec2 instance and I'm have some file permission issues. I've created myself a new user and added myself to the following groups: adm:x:4:me,ubuntu sudo:x:27:me www-data:x:33:me,www-data ssh:x:108:me admin:x:111:me ubuntu:x:1000:www-data,me me:x:1001:me but when I cd /var/www I can't do simple commands without doing sudo. So I chown -R www-data:www-data /var/www to ensure that I'm in the owning group but I still have to type sudo for everything. If I sudo su www-data it works fine. Since I'm in the www-data group shouldn't I have the same privilages as www-data? One strange thing I'm noticing is that when I ls -l it list the owner but not the group names. Could this possibly be part of the issue? Is is posible for a directory to not be part of a group? drwxr-xr-x 4 www-data 4.0K Oct 24 16:39 . drwxr-xr-x 14 root 4.0K Oct 10 16:58 .. drwxrwxr-x 9 www-data 4.0K Oct 23 04:03 admin.mywebsite.com drwxrwxr-x 2 www-data 4.0K Oct 4 00:29 mywebsite.com drwxrwxr-x 9 www-data 4.0K Oct 23 04:03 staging.mywebsite.com Edit : It appears I had some alias messing with my ls command. By calling \ls -l I can see that all my files are in the correct group.

  Read the article

< Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >