Search Results

Search found 14062 results on 563 pages for 'domain forwarding'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 260/563 | < Previous Page | 256 257 258 259 260 261 262 263 264 265 266 267  | Next Page >

  • HP to Cisco spanning tree root flapping

    - by Tim Brigham
    Per a recent question I recently configured both my HP (2x 2900) and Cisco (1x 3750) hardware to use MSTP for interoperability. I thought this was functional until I applied the change to the third device (HP switch 1 below) at which time the spanning tree root started flapping causing performance issues (5% packet loss) between my two HP switches. I'm not sure why. HP Switch 1 A4 connected to Cisco 1/0/1. HP Switch 2 B2 connected to Cisco 2/0/1. HP Switch 1 A2 connected to HP Switch 2 A1. I'd prefer the Cisco stack to act as the root. EDIT: There is one specific line - 'spanning-tree 1 path-cost 500000' in the HP switch 2 that I didn't add and was preexisting. I'm not sure if it could have the kind of impact that I'm describing. I'm more a security and monitoring guy then networking. EDIT 2: I'm starting to believe the problem lies in the fact that the value for my MST 0 instance on the Cisco is still at the default 32768. I worked up a diagram: This is based on every show command I could find for STP. I'll make this change after hours and see if it helps. Cisco 3750 Config: version 12.2 spanning-tree mode mst spanning-tree extend system-id spanning-tree mst configuration name mstp revision 1 instance 1 vlan 1, 40, 70, 100, 250 spanning-tree mst 1 priority 0 vlan internal allocation policy ascending interface TenGigabitEthernet1/1/1 switchport trunk encapsulation dot1q switchport mode trunk ! interface TenGigabitEthernet2/1/1 switchport trunk encapsulation dot1q switchport mode trunk ! interface Vlan1 no ip address ! interface Vlan100 ip address 192.168.100.253 255.255.255.0 ! Cisco 3750 show spanning tree: show spanning-tree MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Address 0004.ea84.5f80 Cost 200000 Port 53 (TenGigabitEthernet1/1/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address a44c.11a6.7c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Te1/1/1 Root FWD 2000 128.53 P2p MST1 Spanning tree enabled protocol mstp Root ID Priority 1 Address a44c.11a6.7c80 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 1 (priority 0 sys-id-ext 1) Address a44c.11a6.7c80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Te1/1/1 Desg FWD 2000 128.53 P2p Cisco 3750 show logging: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up HP Switch 1: ; J9049A Configuration Editor; Created on release #T.13.71 vlan 1 name "DEFAULT_VLAN" untagged 1-8,10,13-16,18-23,A1-A4 ip address 100.100.100.17 255.255.255.0 no untagged 9,11-12,17,24 exit vlan 100 name "192.168.100" untagged 9,11-12,17,24 tagged 1-8,10,13-16,18-23,A1-A4 no ip address exit vlan 21 name "Users_2" tagged 1,A1-A4 no ip address exit vlan 40 name "Cafe" tagged 1,4,7,A1-A4 no ip address exit vlan 250 name "Firewall" tagged 1,4,7,A1-A4 no ip address exit vlan 70 name "DMZ" tagged 1,4,7-8,13,A1-A4 no ip address exit spanning-tree spanning-tree config-name "mstp" spanning-tree config-revision 1 spanning-tree instance 1 vlan 1 40 70 100 250 password manager password operator HP Switch 1 show spanning tree: show spanning-tree Multiple Spanning Tree (MST) Information STP Enabled : Yes Force Version : MSTP-operation IST Mapped VLANs : 2-39,41-69,71-99,101-249,251-4094 Switch MAC Address : 0021f7-126580 Switch Priority : 32768 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 363,490 Time Since Last Change : 14 hours CST Root MAC Address : 0004ea-845f80 CST Root Priority : 32768 CST Root Path Cost : 200000 CST Root Port : 1 IST Regional Root MAC Address : 0021f7-126580 IST Regional Root Priority : 32768 IST Regional Root Path Cost : 0 IST Remaining Hops : 20 Root Guard Ports : TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : PVST Protected Ports : PVST Filtered Ports : | Prio | Designated Hello Port Type | Cost rity State | Bridge Time PtP Edge ----- --------- + --------- ---- ---------- + ------------- ---- --- ---- A1 | Auto 128 Disabled | A2 10GbE-CX4 | 2000 128 Forwarding | 0021f7-126580 2 Yes No A3 10GbE-CX4 | Auto 128 Disabled | A4 10GbE-SR | Auto 128 Disabled | HP Switch 1 Logging: I removed the date / time fields since they are inaccurate (no NTP configured on these switches) 00839 stp: MSTI 1 Root changed from 0:a44c11-a67c80 to 32768:0021f7-126580 00839 stp: MSTI 1 Root changed from 32768:0021f7-126580 to 0:a44c11-a67c80 00842 stp: MSTI 1 starved for an MSTI Msg Rx on port A4 from 0:a44c11-a67c80 00839 stp: MSTI 1 Root changed from 0:a44c11-a67c80 to 32768:0021f7-126580 00839 stp: MSTI 1 Root changed from 32768:0021f7-126580 to 0:a44c11-a67c80 00839 stp: MSTI 1 Root changed from 0:a44c11-a67c80 to ... HP Switch 2 Configuration: ; J9146A Configuration Editor; Created on release #W.14.49 vlan 1 name "DEFAULT_VLAN" untagged 1,3-17,21-24,A1-A2,B2 ip address 100.100.100.36 255.255.255.0 no untagged 2,18-20,B1 exit vlan 100 name "192.168.100" untagged 2,18-20 tagged 1,3-17,21-24,A1-A2,B1-B2 no ip address exit vlan 21 name "Users_2" tagged 1,A1-A2,B2 no ip address exit vlan 40 name "Cafe" tagged 1,13-14,16,A1-A2,B2 no ip address exit vlan 250 name "Firewall" tagged 1,13-14,16,A1-A2,B2 no ip address exit vlan 70 name "DMZ" tagged 1,13-14,16,A1-A2,B2 no ip address exit logging 192.168.100.18 spanning-tree spanning-tree 1 path-cost 500000 spanning-tree config-name "mstp" spanning-tree config-revision 1 spanning-tree instance 1 vlan 1 40 70 100 250 HP Switch 2 Spanning Tree: show spanning-tree Multiple Spanning Tree (MST) Information STP Enabled : Yes Force Version : MSTP-operation IST Mapped VLANs : 2-39,41-69,71-99,101-249,251-4094 Switch MAC Address : 0024a8-cd6000 Switch Priority : 32768 Max Age : 20 Max Hops : 20 Forward Delay : 15 Topology Change Count : 21,793 Time Since Last Change : 14 hours CST Root MAC Address : 0004ea-845f80 CST Root Priority : 32768 CST Root Path Cost : 200000 CST Root Port : A1 IST Regional Root MAC Address : 0021f7-126580 IST Regional Root Priority : 32768 IST Regional Root Path Cost : 2000 IST Remaining Hops : 19 Root Guard Ports : TCN Guard Ports : BPDU Protected Ports : BPDU Filtered Ports : PVST Protected Ports : PVST Filtered Ports : | Prio | Designated Hello Port Type | Cost rity State | Bridge Time PtP Edge ----- --------- + --------- ---- ---------- + ------------- ---- --- ---- A1 10GbE-CX4 | 2000 128 Forwarding | 0021f7-126580 2 Yes No A2 10GbE-CX4 | Auto 128 Disabled | B1 SFP+SR | 2000 128 Forwarding | 0024a8-cd6000 2 Yes No B2 | Auto 128 Disabled | HP Switch 2 Logging: I removed the date / time fields since they are inaccurate (no NTP configured on these switches) 00839 stp: CST Root changed from 32768:0021f7-126580 to 32768:0004ea-845f80 00839 stp: IST Root changed from 32768:0021f7-126580 to 32768:0024a8-cd6000 00839 stp: CST Root changed from 32768:0004ea-845f80 to 32768:0024a8-cd6000 00839 stp: CST Root changed from 32768:0024a8-cd6000 to 32768:0004ea-845f80 00839 stp: CST Root changed from 32768:0004ea-845f80 to 32768:0024a8-cd6000 00435 ports: port B1 is Blocked by STP 00839 stp: CST Root changed from 32768:0024a8-cd6000 to 32768:0021f7-126580 00839 stp: IST Root changed from 32768:0024a8-cd6000 to 32768:0021f7-126580 00839 stp: CST Root changed from 32768:0021f7-126580 to 32768:0004ea-845f80

    Read the article

  • Redirect URL using Mac OS X Server Lion

    - by pheedsta
    I have just set up a Mac Mini with OS X Lion Server to host my own website. I have registered multiple domain names, but I would like the user to be automatically redirected to my main domain name if they type in one of the others (i.e. if the user types in www.myotherdomain.com the URL will be forwarded instantly to www.mymaindomain.com). In the Web settings of Server.app, you can easily add additional domains (which works) but it does not change the URL in the browser to www.mymaindomain.com. It keeps www.myotherdomain.com whilst still displaying the correct pages. Does the redirects or alias options do what I want? I can't seem to work out how to use them (there seems to be no documentation that I can find). In Redirects, you need to enter: 'Redirect Type' (Exact Match or Regular Expression) 'Redirect Path' 'Destination URL' 'Redirect Status' (Original was permanently moved, etc) In Alias, you need to enter: 'Alias Type' (Exact Match or Regular Expression) 'Alias Path' 'Destination Folder' Any help would be great.

    Read the article

  • Customizing post-commit messages in svn for different users

    - by Suresh
    I have an svn repository that users can access (read/write) using their account OR via tunneling over ssh with svnserve. I also have a post-commit hook that sends mails to specific users for different projects via svnnotify: the typical command is svnnotify <params> --to-regex-map <list of email IDs> <regex> For users who have accounts on the system, the notification email is sent from @machine.domain, which is fine. For users coming in via tunnelling, the email gets sent from @machine.domain, which is a fake address since these users don't have an account - the only reason I specify a tunnel-user id is to keep track of who made which update. So my question (finally) is: is there a way to pass a parameter (the "true" email address) to svnserve so that when the post-commit mail is sent, it can be sent "from" the correct email address ? p.s this is my first post here - if I haven't provided sufficient information, apologies: I'm happy to provide more details.

    Read the article

  • Exim not sending email to our own email addresses

    - by RH01
    Here is a situation. We use google app for our emails. Our application is hosted at another host and this application sends out emails. The emails from the application are being sent fine to every email except our own email addresses. Lets say our domain name is example.com, the emails to [email protected] is not getting delivered, but they are getting stored locally on the box only. We are using exim as a mail server on the box where the application is deployed. We have also set up dc_relay_domains. What could be missing? How do we make sure that the email to email addresses of our own domain names get delivered?

    Read the article

  • Not able to connect to a mac client from a windows machine

    - by Manish
    I have a Server.exe file which I use to connect to a mac.(I am fairly confident that server.exe is not buggy ).When i try to do this I get this often cited error "No connection could be made because the target machine actively refused it " I did search some existing questions about this on the forum and it looked like this might be a firewall issue.FWIW I dont have any firewall set on my mac (client) and on my server machine (Windows 7 64 bit ) under the firewall settings I have :- Incoming connections : Block all connections to programs that are not on the list of allowed programs. Active Domain Networks: Same domain as the one which my client is on. Windows Firewire State: Off. Do you think i need to change something here?Can someone help me with next steps?

    Read the article

  • Windows Server 2008, IIS7 and Windows Authentication

    - by Chalkey
    We currently have a development server set up which we are trying to test some Windows authentication ASP.NET code on. We have turned on Windows Authentication in IIS7 on Windows Server 2008 R2 fine, and it asks the user for a username and password as excepted, but the problem is it doesn't appear to accept any credentials. This code for example... Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Page.Title = "Home page for " + User.Identity.Name End Sub ...always returns an empty string. One theory we have is that we dont have Active Directory installed as of yet, we are just testing this by logging on via the machine name not a domain. Is this type of authentication only applicatable to domains (if so we can probably install Active Directory and some test accounts) - or is it possible to get the user identity when logging in using the machine name? Ideally we would like to be able to test this on our local machines (Windows 7 Pro) using our own accounts (again these aren't on a domain) and IIS but this has the same issue as our dev server. Thanks,

    Read the article

  • What kind of DNS and IIS configuration is needed to allow multiple domains to point to a multi-tenant web application?

    - by holiveira
    I'm developping a multi-tenant web application in ASP.NET MVC and it will provide my users the ability to have a custom subdomain pointing to their account page (like user.myapp.com). I already have it working by using a wildcard DNS entry and a code to query the database to load the user data based on the domain. I'm planning to offer the possibility of using custom domains, allowing the users to buy their own domains and use it instead of the subdomains that will be provided by default. I currently use DNSMadeEasy to host the DNS for the application main domain. I just don't know what kind of settings I must make to allow this feature to work, since the users will have domains hosted in several companies. Will I have to create my own nameservers and provide it to my users? What other things I must consider to implement it efficiently?

    Read the article

  • Smart card authentication to a Cisco switch?

    - by murisonc
    We have our Cisco network devices configured to authenticate network administrators using their domain accounts via RADIUS running on a Windows 2008R2 server with the network protection role. This works great for logging into the switch via SSH when configuring the devices. We are now in the beginning stages of deploying smart cards for logins. Does anyone know of a way to login to a Cisco switch using a smart card instead of a domain username and password? The SSH client we are using is Putty. Workstations are Windows 7. RADIUS is running on Windows 2008R2. We are running our own certificate authority on Windows 2008; network is not connected to the Internet. We prefer to not have to purchase additional proprietary devices for this functionality.

    Read the article

  • Where to set catch-all address in Postfix (virtual mailboxes in affect)

    - by Cem
    I successfully configured Postfix to deliver messages to virtual mailboxes. I can set aliases and pipes inside /etc/postfix/virtual and mailboxes inside /etc/postfix/virtual_mailbox files. However, whenever I set a catch-all domain and point to a remote email address, it overrides all other virtual mailboxes and virtual aliases set in postfix. How can I set a catch-all forwarding to the remote email address when virtual mailbox is enabled? I set catch-all like this: @mydomain.com [email protected] Thanks for your help!

    Read the article

  • Server Application Unavailable ?

    - by suryasasidhar
    hi, i am a developer and i developed the web application(asp.net). It is working in my local server fine when i take new domain and upload the site in to that domain i am getting this error hi, After completion of my project. I placed in online the default page is coming but when i click on any link button it is giving this error can you help me. m3connect.in is url of my site and error is Server Application Unavailable The web application you are attempting to access on this web server is currently unavailable. Please hit the "Refresh" button in your web browser to retry your request. Administrator Note: An error message detailing the cause of this specific request failure can be found in the application event log of the web server. Please review this log entry to discover what caused this error to occur.

    Read the article

  • How can I centralise MySQL data between 3 or more geographically separate servers?

    - by Andy Castles
    To explain the background to the question: We have a home-grown PHP application (for running online language-learning courses) running on a Linux server and using MySQL on localhost for saving user data (e.g. results of tests taken, marks of submitted work, time spent on different pages in the courses, etc). As we have students from different geographic locations we currently have 3 virtual servers hosted close to those locations (Spain, UK and Hong Kong) and users are added to the server closest to them (they access via different URLs, e.g. europe.domain.com, uk.domain.com and asia.domain.com). This works but is an administrative nightmare as we have to remember which server a particular user is on, and users can only connect to one server. We would like to somehow centralise the information so that all users are visible on any of the servers and users could connect to any of the 3 servers. The question is, what method should we use to implement this. It must be an issue that that lots of people have encountered but I haven't found anything conclusive after a fair bit of Googling around. The closest I have seen to solutions are: something like master-master replication, but I have read so many posts suggesting that this is not a good idea as things like auto_increment fields can break. circular replication, this sounded perfect but to quote from O'Reilly's High Performance MySQL, "In general, rings are brittle and best avoided" We're not against rewriting code in the application to make it work with whatever solution is required but I am not sure if replication is the correct thing to use. Thanks, Andy P.S. I should add that we experimented with writes to a central database and then using reads from a local database but the response time between the different servers for writing was pretty bad and it's also important that written data is available immediately for reading so if replication is too slow this could cause out-of-date data to be returned. Edit: I have been thinking about writing my own rudimentary replication script which would involve something like having each user given a server ID to say which is his "home server", e.g. users in asia would be marked as having the Hong Kong server as their own server. Then the replication scripts (which would be a PHP script set to run as a cron job reasonably frequently, e.g. every 15 minutes or so) would run independently on each of the servers in the system. They would go through the database and distribute any information about users with the "home server" set to the server that the script is running on to all of the other databases in the system. They would also need to suck new information which has been added to any of the other databases on the system where the "home server" flag is the server where the script is running. I would need to work out the details and build in the logic to deal with conflicts but I think it would be possible, however I wanted to make sure that there is not a correct solution for this already out there as it seems like it must be a problem that many people have already come across.

    Read the article

  • What are some of the best wireless routers for a price-conscious home power-user?

    - by Alain
    I'm extremely dissatisfied with the 'popular' choice for routers in homes and small offices. They are expensive (upwards of 60$), lack a great deal of useful configuration options, and seem to need to be restarted quite often. (Linksys comes to mind). I've been on the market for a good router lately, and slowly collecting a set of requirements I feel good routers should meet. Maximum number of TCP/IP connections. - This isn't something I see any routers advertise, but in terms of supporting torrent applications, I've been screwed by routers that support less than 20 here. From what I understand a fairly standard number is 200, but there are not so expensive routers that support thousands. Router configuration menu - Most have standard menu's that let you set up basic things like your wireless network encryption settings, uPnP, and maybe even DMZ (demilitarized zones). An absolute requirement for me, however, are routers with good enough firmware to support: Explicit Port forwarding Assigning static local ips to specific mac addresses, or at least Port forwarding by MAC address Port, IP and MAC filtering Dynamic DNS service for home users who want to set up a server but have a dynamic IP Traffic shaping (ideally) - giving priority to packets from certain machines or over certain ports. Strong wireless signal - If getting a reliable signal requires me to be so close to the router that I can connect an Ethernet cable, it's not good enough. As many Ethernet ports as possible. - Because I want to be able to switch from console gaming to PC gaming without visiting my router. So far, the best thing I've stumbled upon (in the bargain bin at staples) was a 20$ retail plus router. It was meant to be the cheapest alternative until I could find something better to purchase online, but I was actually blown away by the firmware capabilities. It supports defining reserved bandwidth for certain network traffic, dynamic DNS, reserving local IPs for specific MAC addresses, etc. At 2 am when my roommate is killing our Internet with their torrents, I can limit their bandwidth without outright blacklisting them. I have, however, met serious limitations when it comes to network traffic between local machines. It claims a 300Mbps connection, but I have trouble streaming videos from my PC to my console or other laptops wirelessly. It has a meltdown and needs to be reset once in a while (no more than a couple times a month), and it's got a 200 connection limit. There 4 Ethernet ports in the back but I'm pretty sure the first doesn't work. So some great answers to this question would be: Any metrics you use to compare routers, and requirements you have for new candidates. The best routers you've found for supporting home servers, file management systems, high volume torrent traffic, good price/feature ratio, etc. Good configuration advice (aside from 'use Ethernet whenever possible') Thanks for your feedback and experiences!

    Read the article

  • Can I completely remove the Windows DNS in favour of BIND9 in an AD network?

    - by Vinícius Ferrão
    I would like to remove the DNS feature of Windows Domain Controllers and point the DNS servers to our BIND9 servers. I know it's possible to setup coexistence but this requires a number of extra Windows DNS Servers equals to the number of Domain Controllers in the network. Active Directory expects the _msdcs zone and other things like _tcp, _udp; etc. The main question is: how to make BIND9 takes care of all this AD specific data? And with dynamic updating to make AD even more happier. Thanks, PS: Making BIND9 points to the Windows DNS Servers to resolve the Active Directory specific zones isn't an option. We already do this... EDIT: As today, I'm running without Windows DNS. I'm writing up a guide on how to do this, and I'll update this topic.

    Read the article

  • Active directory authentication for Ubuntu Linux login and cifs mounting home directories...

    - by Jamie
    I've configured my Ubuntu 10.04 Server LTS Beta 2 residing on a windows network to authenticate logins using active directory, then mount a windows share to serve as there home directory. Here is what I did starting from the initial installation of Ubuntu. Download and install Ubuntu Server 10.04 LTS Beta 2 Get updates # sudo apt-get update && sudo apt-get upgrade Install an SSH server (sshd) # sudo apt-get install openssh-server Some would argue that you should "lock sshd down" by disabling root logins. I figure if your smart enough to hack an ssh session for a root password, you're probably not going to be thwarted by the addition of PermitRootLogin no in the /etc/ssh/sshd_config file. If your paranoid or not simply not convinced then edit the file or give the following a spin: # (grep PermitRootLogin /etc/ssh/sshd_conifg && sudo sed -ri 's/PermitRootLogin ).+/\1no/' /etc/ssh/sshd_conifg) || echo "PermitRootLogin not found. Add it manually." Install required packages # sudo apt-get install winbind samba smbfs smbclient ntp krb5-user Do some basic networking housecleaning in preparation for the specific package configurations to come. Determine your windows domain name, DNS server name, and IP address for the active directory server (for samba). For conveniance I set environment variables for the windows domain and DNS server. For me it was (my AD IP address was 192.168.20.11): # WINDOMAIN=mydomain.local && WINDNS=srv1.$WINDOMAIN If you want to figure out what your domain and DNS server is (I was contractor and didn't know the network) check out this helpful reference. The authentication and file sharing processes for the Windows and Linux boxes need to have their clocks agree. Do this with an NTP service, and on the server version of Ubuntu the NTP service comes installed and preconfigured. The network I was joining had the DNS server serving up the NTP service too. # sudo sed -ri "s/^(server[ \t]).+/\1$WINDNS/" /etc/ntp.conf Restart the NTP daemon # sudo /etc/init.d/ntp restart We need to christen the Linux box on the new network, this is done by editing the host file (replace the DNS of with the FQDN of the windows DNS): # sudo sed -ri "s/^(127\.0\.0\.1[ \t]).*/\1$(hostname).$WINDOMAIN localhost $(hostname)/" /etc/hosts Kerberos configuration. The instructions that follow here aren't to be taken literally: the values for MYDOMAIN.LOCAL and srv1.mydomain.local need to be replaced with what's appropriate for your network when you edit the files. Edit the (previously installed above) /etc/krb5.conf file. Find the [libdefaults] section and change (or add) the key value pair (and it is in UPPERCASE WHERE IT NEEDS TO BE): [libdefaults] default_realm = MYDOMAIN.LOCAL Add the following to the [realms] section of the file: MYDOMAIN.LOCAL = { kdc = srv1.mydomain.local admin_server = srv1.mydomain.local default_domain = MYDOMAIN.LOCAL } Add the following to the [domain_realm] section of the file: .mydomain.local = MYDOMAIN.LOCAL mydomain.local = MYDOMAIN.LOCAL Conmfigure samba. When it's all said done, I don't know where SAMBA fits in ... I used cifs to mount the windows shares ... regardless, my system works and this is how I did it. Replace /etc/samba/smb.conf (remember I was working from a clean distro of Ubuntu, so I wasn't worried about breaking anything): [global] security = ads realm = MYDOMAIN.LOCAL password server = 192.168.20.11 workgroup = MYDOMAIN idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 Start and stop various services. # sudo /etc/init.d/winbind stop # sudo service smbd restart # sudo /etc/init.d/winbind start Setup the authentication. Edit the /etc/nsswitch.conf. Here are the contents of mine: passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files Start and stop various services. # sudo /etc/init.d/winbind stop # sudo service smbd restart # sudo /etc/init.d/winbind start At this point I could login, home directories didn't exist, but I could login. Later I'll come back and add how I got the cifs automounting to work. Numerous resources were considered so I could figure this out. Here is a short list (a number of these links point to mine own questions on the topic): Samba Kerberos Active Directory WinBind Mounting Linux user home directories on CIFS server Authenticating OpenBSD against Active Directory How to use Active Directory to authenticate linux users Mounting windows shares with Active Directory permissions Using Active Directory authentication with Samba on Ubuntu 9.10 server 64bit How practical is to authenticate a Linux server against AD? Auto-mounting a windows share on Linux AD login

    Read the article

  • Why are emails sent from my applications being marked as spam?

    - by Brian
    Hi. I have 2 web apps running on the same server. The first is www.nimikri.com and the other is www.hourjar.com. Both apps share the same IP address (75.127.100.175). My server is through a shared hosting company. I've been testing my apps, and at first all my emails were being delivered to me just fine. Then a few days ago every email from both apps got dumped into my spam box (in gmail and google apps). So far the apps have just been sending emails to me and nobody else, so I know people aren't manually flagging them as spam. I did a reverse DNS lookup for my IP and the results I got were these: 100.127.75.in-addr.arpa NS DNS2.GNAX.NET. 100.127.75.in-addr.arpa NS DNS1.GNAX.NET. Should the reverse DNS lookup point to nimikri.com and hourjar.com, or are they set up fine the way they are? I noticed in the email header these 2 lines: Received: from nimikri.nimikri.com From: Hour Jar <[email protected]> Would the different domain names be causing gmail to think this is spam? Here is the header from one of the emails. Please let me know if any of this looks like a red flag for spam. Thanks. Delivered-To: [email protected] Received: by 10.231.157.85 with SMTP id a21cs54749ibx; Sun, 25 Apr 2010 10:03:14 -0700 (PDT) Received: by 10.151.130.18 with SMTP id h18mr3056714ybn.186.1272214992196; Sun, 25 Apr 2010 10:03:12 -0700 (PDT) Return-Path: <[email protected]> Received: from nimikri.nimikri.com ([75.127.100.175]) by mx.google.com with ESMTP id 28si4358025gxk.44.2010.04.25.10.03.11; Sun, 25 Apr 2010 10:03:11 -0700 (PDT) Received-SPF: neutral (google.com: 75.127.100.175 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=75.127.100.175; Authentication-Results: mx.google.com; spf=neutral (google.com: 75.127.100.175 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] Received: from nimikri.nimikri.com (localhost.localdomain [127.0.0.1]) by nimikri.nimikri.com (8.14.3/8.14.3) with ESMTP id o3PH3A7a029986 for <[email protected]>; Sun, 25 Apr 2010 12:03:11 -0500 Date: Sun, 25 Apr 2010 12:03:10 -0500 From: Hour Jar <[email protected]> To: [email protected] Message-ID: <[email protected]> Subject: [email protected] has invited you to New Event MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit

    Read the article

  • How to setup a host as a sendmail relay for particular IP subnet

    - by Abhinav
    Hi, By default, sendmail (I have version 8.13 on an RHEL4) allows only local mails. I wanted to allow mails from a particular network to be relayed via the system, so I did the following based on suggestions from various places : /etc/mail/access : Added the subnet and the domain 8.37 RELAY mydomain.com RELAY (I assume this is the originating email's domain) This alone did not work, so I added the following to sendmail.mc FEATURE(access_db)dbl Now, the problem is that it is allowing access from other domains as well. To test it out, I removed 8.37 RELAY from the access, and changed the email from field to [email protected] However, I still receive the mail. What is the correct way to configure this, so that only mails from a particular subnet are relayed ?

    Read the article

  • Exposing the AnyConnect HTTPS service to outside network

    - by Maciej Swic
    We have a Cisco ASA 5505 with firmware ASA9.0(1) and ASDM 7.0(2). It is configured with a public ip address, and when trying to reach it from the outside by HTTPS for AnyConnect VPN, we get the following log output: 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Built inbound TCP connection 2889 for outside:<client-ip>/51000 (<client-ip>/51000) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Built inbound TCP connection 2890 for outside:<client-ip>/50999 (<client-ip>/50999) to identity:<asa-ip>/443 (<asa-ip>/443) 6 Nov 12 2012 07:01:40 <client-ip> 51000 <asa-ip> 443 Teardown TCP connection 2889 for outside:<client-ip>/51000 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency 6 Nov 12 2012 07:01:40 <client-ip> 50999 <asa-ip> 443 Teardown TCP connection 2890 for outside:<client-ip>/50999 to identity:<asa-ip>/443 duration 0:00:00 bytes 0 No valid adjacency We finished the startup wizard and the anyconnect vpn wizard and here is the resulting configuration: Cryptochecksum: 12262d68 23b0d136 bb55644a 9c08f86b : Saved : Written by enable_15 at 07:08:30.519 UTC Mon Nov 12 2012 ! ASA Version 9.0(1) ! hostname vpn domain-name office.<redacted>.com enable password <redacted> encrypted passwd <redacted> encrypted names ip local pool vpn-pool 192.168.67.2-192.168.67.253 mask 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.68.250 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address <redacted> 255.255.255.248 ! ftp mode passive dns server-group DefaultDNS domain-name office.<redacted>.com object network obj_any subnet 0.0.0.0 0.0.0.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! object network obj_any nat (inside,outside) dynamic interface timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.68.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec security-association pmtu-aging infinite crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map inside_map interface inside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=vpn proxy-ldc-issuer crl configure crypto ca trustpool policy crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 <redacted> quit crypto ca certificate chain ASDM_TrustPoint0 certificate f678a050 <redacted> quit crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.68.0 255.255.255.0 inside ssh timeout 5 console timeout 0 vpn-addr-assign local reuse-delay 60 dhcpd auto_config outside ! dhcpd address 192.168.68.254-192.168.68.254 inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point ASDM_TrustPoint0 inside ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside enable inside anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 1 anyconnect image disk0:/anyconnect-linux-3.1.01065-k9.pkg 2 anyconnect image disk0:/anyconnect-macosx-i386-3.1.01065-k9.pkg 3 anyconnect profiles GM-AnyConnect_client_profile disk0:/GM-AnyConnect_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_GM-AnyConnect internal group-policy GroupPolicy_GM-AnyConnect attributes wins-server none dns-server value 192.168.68.254 vpn-tunnel-protocol ikev2 ssl-client default-domain value office.<redacted>.com webvpn anyconnect profiles value GM-AnyConnect_client_profile type user username <redacted> password <redacted> encrypted tunnel-group GM-AnyConnect type remote-access tunnel-group GM-AnyConnect general-attributes address-pool vpn-pool default-group-policy GroupPolicy_GM-AnyConnect tunnel-group GM-AnyConnect webvpn-attributes group-alias GM-AnyConnect enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global prompt hostname context call-home reporting anonymous Cryptochecksum:12262d6823b0d136bb55644a9c08f86b : end Clearly we are missing something, but the question is, what?

    Read the article

  • Email sent from server with rDNS & SPF being blocked by Hotmail

    - by Canadaka
    I have been unable to send email to users on hotmail or other Microsoft email servers for some time. Its been a major headache trying to find out why and how to fix the issue. The emails being sent that are blocked from my domain canadaka.net. I use Google Aps to host my regular email serverice for my @canadaka.net email addresses. I can sent email from my desktop or gmail to a hotmail without any problem. But any email sent from my server on behalf of canadaka.net is blocked, not even arriving in the junk email. The IP that the emails are being sent from is the same IP that my site is hosted on: 66.199.162.177 This IP is new to me since August 2010, I had a different IP for the previous 3-4 years. This IP is not on any credible spam lists http://www.anti-abuse.org/multi-rbl-check-results/?host=66.199.162.177 The one list spamcannibal.org my IP is listed on seems to be out of my control, says "no reverse DNS, MX host should have rDNS - RFC1912 2.1". But since I use Google for my email hosting, I don't have control over setting up RDNS for all the MX records. I do have Reverse DNS setup for my IP though, it resolves to "mail.canadaka.net". I have signed up for SNDS and was approved. My ip says "All of the specified IPs have normal status." Sender Score: 100 https://www.senderscore.org/lookup.php?lookup=66.199.162.177&ipLookup.x=55&ipLookup.y=14 My Mcafee threat level seems fine I have a TXT SPF record setup, I am currently using xname.org as my DNS, and they don't have a field for SPF, but their FAQ says to add the SPF info as a TXT entry. v=spf1 a include:_spf.google.com ~all Some "SPF checking" tools ive used detect that my domain has a valid SPF, but others don't. Like Microsoft's SPF wizard, i think this is because its specifically looking for an SPF record and not in the TXT. "No SPF Record Found. A and MX Records Available". From my home I can run "nslookup -type=TXT canadaka.net" and it returns: Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: canadaka.net text = "v=spf1 a include:_spf.google.com ~all" One strange thing I found is i'm unable to ping hotmail.com or msn.com or do a "telnet mail.hotmail.com 25". I am able to ping gmail.com and many other domains I tried. I tried changing my DNS servers to Google's Public DNS and did a ipconfig /flushdns but that had no effect. I am however able to connect with telnet to mx1.hotmail.com This is what the email headers look like when I send to a Google email server and I receive the email with no troubles. You can see that SPF is passing. Delivered-To: [email protected] Received: by 10.146.168.12 with SMTP id q12cs91243yae; Sun, 27 Feb 2011 18:01:49 -0800 (PST) Received: by 10.43.48.7 with SMTP id uu7mr4292541icb.68.1298858509242; Sun, 27 Feb 2011 18:01:49 -0800 (PST) Return-Path: Received: from canadaka.net ([66.199.162.177]) by mx.google.com with ESMTP id uh9si8493137icb.127.2011.02.27.18.01.45; Sun, 27 Feb 2011 18:01:48 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates 66.199.162.177 as permitted sender) client-ip=66.199.162.177; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 66.199.162.177 as permitted sender) [email protected] Message-Id: <[email protected] Received: from coruscant ([127.0.0.1]:12907) by canadaka.net with [XMail 1.27 ESMTP Server] id for from ; Sun, 27 Feb 2011 18:01:29 -0800 Date: Sun, 27 Feb 2011 18:01:29 -0800 Subject: Test To: [email protected] From: XXXX Reply-To: [email protected] X-Mailer: PHP/5.2.13 I can send to gmail and other email services fine. I don't know what i'm doing wrong! UPDATE 1 I have been removed from hotmails IP block and am now able to send emails to hotmail, but they are all going directly to the JUNK folder. UPDATE 2 I used Telnet to send a test message to port25.com, seems my SPF is not being detected. Result: neutral (SPF-Result: None) canadaka.net. SPF (no records) canadaka.net. TXT (no records) I do have a TXT record, its been there for years, I did change it a week ago. Other sites that allow you to check your SPF detect it, but some others like Microsofts Wizard doesn't. This iw what my SPF record in my xname.org DNS file looks like: canadaka.net. 86400 IN TXT "v=spf1 a include:_spf.google.com ~all" I did have a nameserver as my 4th option that doens't have the TXT records since it doens't support it. So I removed it from the list and instead added wtfdns.com as my 4th adn 5th nameservers, which does support TXT.

    Read the article

  • Event ID 8021 The browser was unable to retrieve a list of servers from the browser master

    - by Ash
    We have a LAN where workstations are randomly losing network connectivity for brief moments of time. The workstations can also take a long time to login to the domain. During our troubleshooting we have found an error log on a few Windows 7 workstations: Warning BROWSER 8021 The browser was unable to retrieve a list of servers from the browser master \\random-pc on the network \Device\NetBT_Tcpip_{BBABCDE9-D8A0-4399-93F2-492FE0848B12}. The data is the error code. What do these errors mean? What computers should have the Computer Browser service enabled, workstations and/or servers? The environment is a mix of Windows 7 & Windows XP workstations on a Windows Server SBS 2011 SP1 domain.

    Read the article

  • MSMQ Resilience

    - by Paddy Carroll
    I have a requirement for a resilient MSMQ setup on VMWare ESX5. I am aware that we cannot allow the queue storage to be shared as it must be installed on physical disk mount, e.g. it cant be an CIFS or DFS Share. The following constraints apply: We don't use windows clustering We dont't rely on hot standbys Is there a way I can replicate the queue storage to another platform so that it can assume MSMQ duties on failure of the primary platforms using any method including queue forwarding?

    Read the article

  • Point dns server to root dns servers [duplicate]

    - by Dhaksh
    This question already has an answer here: What is a glue record? 3 answers Why does DNS work the way it does? 4 answers I have setup a custom authoritative only DNS server using bind9. Its a Master ans Slave method. Assume DNS Servers are: ns1.customdnsserver.com [192.168.91.129] ==> Master ns2.customdnsserver.com [192.168.91.130] ==> Slave Now i will host few shared hosting websites in my own web server. Where i will link above Nameservers to my domains in shared hosting. My Question is: How do i tell root DNS servers about my own authoritative only DNS server? So that when someone queries for domain www.example.com and if the domain's website is hosted in my shared hosting i want root servers to point the query to my own DNS Server so that the www.example.com get resolved for IP address.

    Read the article

  • requests are taken to the wrong directory

    - by gidireich
    Hi, I use xampp on windows 7 64, to test locally my php web application I use virtual hosts to have access to my code from different domain names. Now, I created a new version of the code and want to access both versions using different domain names. I added a new virtual host newversion.mysite.local to httpd-vhosts.conf and directed it to the directory of the new version. Also updated the windows hosts file with the line 127.0.0.4 newversion.mysite.local A strange thing happens: when browsing to newversion.mysite.local I'm being taken to the old version, which is located at a different location. How the hell this happens? Please help me with ideas Thank you Gidi

    Read the article

  • Managing Active Directory Group Membership with a Non-Administrator Account In Server 2008

    - by Laranostz
    I am running Server 2008 R2 in an Active Directory Domain Environment. I have created a group in Active Directory and I have delegated management authority to that group to a user. I want this user to be able to add and remove accounts as needed from that group so that they are exercising some measurement of control without giving them other authority. When I have the user attempt to access the Active Directory Users & Computers Console it prompts them for Administrator credentials. They are using Remote Desktop to access the server, because they do not have Windows 7, and firewall rules prevent using the Remote Management Kit. I do not want to provide them with any level of Administrative rights except the minimum required for them to add/remove users from this group. There are two servers that 'talk' to each other in this isolated environment, a domain controller and a member server, both are only reachable through RDP. Any suggestions?

    Read the article

  • Redirect HTTP requests based on subdomain address without changing accessed URL?

    - by tputkonen
    Let's say I have a domain: www.mydomain.com And I ordered a new domain: abc.newdomain.com Both domains are hosted in the same ISP, so currently requests to either of those addresses result in the same page being shown. I want to redirect all requests to abc.newdomain.com to folder /wp so that when users access abc.newdomain.com they would see whatever is inside folder /wp without seeing the URL change. Questions: 1) How can I achieve this using .htaccess? 2) How can I prevent users from accessing directly /wp directory (meaning that www.mydomain.com/wp would be blocked)?

    Read the article

  • Windows 7 PC crashes after being locked a few minutes

    - by White Island
    I have a problem with an Optiplex 755 PC running (32-bit) Windows 7 Professional. I just installed the operating system last week, and ever since, it seems to crash when I lock the screen. It doesn't happen immediately; it's usually after I walk away, so a few minutes (but I'm not sure exactly how many). I have this non-specific error in the Event log. I've run a chkdsk, thinking it might be hard drive-related, but that didn't help. Any ideas on what to check and how are appreciated. :) Log Name: System Source: Microsoft-Windows-Kernel-Power Date: 11/17/2010 3:09:28 PM Event ID: 41 Task Category: (63) Level: Critical Keywords: (2) User: SYSTEM Computer: WORKSTATION.domain.local Description: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. Event Xml: 41 2 1 63 0 0x8000000000000002 6250 System WORKSTATION.domain.local 0 0x0 0x0 0x0 0x0 false 0

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 256 257 258 259 260 261 262 263 264 265 266 267  | Next Page >