| Debian automated install preseed auto partitioning seemingly ignored Posted: 10 Jul 2021 09:26 PM PDT I'm playing with Debian preseed files trying to auto-partitioning a single disk. The final disk state I'm trying to reach is the following : boot Primary Partition 1 ext3 [256MB] primary /boot (/dev/sda1) rootfs Primary Partition 2 f2fs [16GB] primary / (/dev/sda2) swap swap swap [4GB] swap (/dev/sda3) extended Extended partition ext4 [42GB] primary (/dev/sda4) |- application ext4 [4GB] logical /application (/dev/sda5) |- database btrfs [4GB] logical /database (/dev/sda6) |- medias btrfs [32GB] logical /medias (/dev/sda7)
For that purpose, I created the following section in the preseed file : d-i partman-auto/expert_recipe string \ boot-root :: \ 256 256 256 ext3 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext3 } \ label{ boot } \ mountpoint{ /boot } \ . \ 4096 4096 200% linux-swap \ method{ swap } format{ } \ label{ swap_part } \ mountpoint{ /swap } \ . \ 16384 16384 16384 f2fs \ method{ format } format{ } \ use_filesystem{ } filesystem{ f2fs } \ label{ rootfs } \ mountpoint{ / } \ . \ 42000 42000 -1 ext4 \ $primary{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ 4096 4096 4096 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ label{ application } \ mountpoint{ /application } \ . \ 4096 4096 4096 btrfs \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ database } \ mountpoint{ /database } \ . \ 32768 32768 32768 btrfs \ method{ format } format{ } \ use_filesystem{ } filesystem{ btrfs } \ label{ medias } \ mountpoint{ /medias } \
It doesn't work as expected and create the following : user@debian:~$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 80G 0 disk |--sda1 8:1 0 79G 0 part / |--sda2 8:2 0 1K 0 part |--sda5 8:5 0 975M 0 part [SWAP] sr0 11:0 1 1024M 0 rom
It's pretty confusing since it has nothing expected based on the preseed instructions. The preseed is being downloaded on the fly and the full content can be found here : preseed.cfg Thanks for your insights.  |
| Centos 7 pecl install mysqlnd_azure failed to install Posted: 10 Jul 2021 08:10 PM PDT In Centos 7.9 with PHP - 7.4 enr, I want to install below Pear Extension https://pecl.php.net/package/mysqlnd_azure/1.1.1 However When i run below to install it gives me that package is not found. Any reason why it doesn't recognise the package? [root@a-1 ~]# pecl install mysqlnd_azure No releases available for package "pecl.php.net/mysqlnd_azure" install failed
 |
| Ansible - become: true - not becoming root on server Posted: 10 Jul 2021 06:37 PM PDT I am not sure if this is the right stackexchange site. Please let m know, if I should ask it on other forum and which one? I need root access to perform an action, so I tried to use become: true - name: Modify server.properties hosts: kafka_broker become: true vars: ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" ansible_host_key_checking: false tasks: - name: I am confused command: 'whoami' register: myidentity - name: my secret identity debug: msg: "{{ myidentity.stdout }}" - name: "Add the line if it does not exist" become: true tags: addifnotexists lineinfile: path: /etc/kafka/server.properties line: "ssl.enabled.protocols = TLSv1.2" insertafter: EOF state: present backup: yes register: addifnotexists - debug: var=addifnotexists
One one set of servers, the user is actually root, on other set it is the account from which the script was executed. TASK [my secret identity] ********************************************************************************************************************************************* ok: [server016] => { "msg": "svcacct" } ok: [server031] => { "msg": "svcacct" } ok: [server033] => { "msg": "svcacct" }
Other set of servers TASK [my secret identity] ********************************************************************************************************************************************* ok: [server010] => { "msg": "root" } ok: [server011] => { "msg": "root" } ok: [server012] => { "msg": "root" }
Is this difference in the output due to any difference on the server set-up? What do I need to ask the systems admins to check or set-up Thank you for any pointers you can provide  |
| Migrate web server to new datacenter and new IP Posted: 10 Jul 2021 03:15 PM PDT I have a web server that hosts 200+ domains but it needs to be moved to another data center and get a new IP address. But since all DNS settings have to be updated manually, I thought about whether you could set up some kind of transparent proxy at the old IP address that forwards all http/https traffic to the new IP. So visitors do not discover the move to the DNS is being corrected. My first thought was to use nginx for it, but thinking it will cause problems with SSL certificates on the domains. Is there a good way to solve the problem?  |
| Why ZFS spare is in use with all drives working Posted: 10 Jul 2021 06:28 PM PDT I have a zpool with 7 drives, 6 for raidz-2 and 1 for spare. Just now the system is suddenly off, and after restarting it shows the spare is in use, but the drives seems to be working. Also, it has a message with future date "Sat Jul 10 01:33:47 2021", which is several minutes later. Does this mean ata-TOSHIBA_HDWD120_80E68AVAS once failed but recovered somehow? Can it be a bad cable? And should I make sdc spare again? and how? pool: mypool state: ONLINE scan: resilvered 54.5G in 00:21:51 with 0 errors on Sat Jul 10 01:33:47 2021 config: NAME STATE READ WRITE CKSUM mypool ONLINE 0 0 0 raidz2-0 ONLINE 0 0 0 ata-WDC_WD20EZAZ-00GGJB0_WD-WXK2A60D6605 ONLINE 0 0 0 ata-WDC_WD20EZAZ-00GGJB0_WD-WXK2A60D6ZND ONLINE 0 0 0 spare-2 ONLINE 0 0 0 ata-TOSHIBA_HDWD120_80E68AVAS ONLINE 0 0 0 sdc ONLINE 0 0 0 ata-TOSHIBA_HDWD120_80E65YSAS ONLINE 0 0 0 scsi-3600605b0059cf8f02763bc271987e6e0 ONLINE 0 0 0 scsi-3600605b0059cf8f02763bc2719883269 ONLINE 0 0 0 spares sdc INUSE currently in use errors: No known data errors
 |
| Apache .htaccess to NGINX RewriteRules Port Posted: 10 Jul 2021 09:33 PM PDT So, I am actually trying to port the RewriteRules from Apache to NGINX but it seems I am not able to completely port out. Actually, on my server I do have a running site on https://example.com domain and /var/www/html/ path on the server. What I am trying to do is install a custom script in a subdirectory under the var/www/html/subdirectory path and domain https://example.com/subdirectory. The problem is rewrite rules are not working and even 404 not found errors are occuring. Kindly help me. My Apache .htaccess file: RewriteRule ^page/?$ pages/page.php [L] RewriteRule ^about/?$ pages/about.php [L] RewriteRule ^privacy-policy/?$ pages/privacy-policy.php [L] RewriteRule ^contact/?$ pages/contact.php [L] RewriteRule ^terms/?$ pages/tos.php [L] RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^(.+) - [PT,L] RewriteRule ^sitemap-([0-9]+).xml$ parts/sitemaps/sitemap-$1.xml [QSA,L] RewriteRule ^(.*)/(.*)/(.*)/(.*)/?$ index.php?bank=$1&state=$2&district=$3&branch=$4 [QSA,L] RewriteRule ^(.*)/(.*)/(.*)/?$ index.php?bank=$1&state=$2&district=$3 [QSA,L] RewriteRule ^(.*)/(.*)/?$ index.php?bank=$1&state=$2 [QSA,L] RewriteRule ^(.*)/?$ index.php?bank=$1 [QSA,L]
and NGINX config file that I have tried to port: server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # Add index.php to the list if you are using PHP index index.php index.html; server_name localhost; location / { try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server location ~ \.php$ { include snippets/fastcgi-php.conf; # # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; } location /subdirectory { root /var/www/html/subdirectory; index index.php; try_files $uri $uri/ /index.php$args$query_string location ~ ^/(.+) { } location /page { rewrite ^/page/?$ /pages/page.php break; } location /about { rewrite ^/about/?$ /pages/about.php break; } location /privacy { rewrite ^/privacy-policy/?$ /pages/privacy-policy.php break; } location /contact { rewrite ^/contact/?$ /pages/contact.php break; } location /terms { rewrite ^/terms/?$ /pages/tos.php break; } location / { if (-e $request_filename) { rewrite ^/sitemap-([0-9]+).xml$ /parts/sitemaps/sitemap-$1.xml break; } rewrite ^/(.*)/(.*)/(.*)/(.*)/?$ /index.php?bank=$1&state=$2&district=$3&branch=$4 break; rewrite ^/(.*)/(.*)/(.*)/?$ /index.php?bank=$1&state=$2&district=$3 break; rewrite ^/(.*)/(.*)/?$ /index.php?bank=$1&state=$2 break; rewrite ^/(.*)/?$ /index.php?bank=$1 break; } location ~ /subdirectory /(.+\.php)$ { include snippets/fastcgi-php.conf; # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; } } }
 |
| Centos ntpd can't sync Posted: 10 Jul 2021 08:48 PM PDT I have a Centos 5(I know that Centos5 is very very old) virtual machine that is refusing to sync. My virtual machine host is Windows 10 with HyperV and is syncing without problems. Things that I have tried: - Restart the vm.
- Disable the vm firewall.
- Compare ntpd.conf to a remote ntpd.conf that is working and is Centos 5 too.
- Enable HyperV integration services
- Enable HyperV time sync service
- Install all Windows updates.
Here is an extract of my /var/log/messages: [root@evtest etc]# cat /var/log/messages | grep "ntpd" Jul 5 15:10:03 evtest ntpd[2174]: ntpd exiting on signal 15 Jul 6 01:44:26 evtest ntpd[2174]: ntpd 4.2.2p1@1.1570-o Sat Dec 20 02:52:11 UTC 2014 (1) Jul 6 01:44:26 evtest ntpd[2175]: precision = 1.000 usec Jul 6 01:44:26 evtest ntpd[2175]: Listening on interface wildcard, 0.0.0.0#123 Disabled Jul 6 01:44:26 evtest ntpd[2175]: Listening on interface lo, 127.0.0.1#123 Enabled Jul 6 01:44:26 evtest ntpd[2175]: Listening on interface eth0, 192.168.1.36#123 Enabled Jul 6 01:44:26 evtest ntpd[2175]: kernel time sync status 0040 Jul 6 01:44:26 evtest ntpd[2175]: getaddrinfo: "::1" invalid host address, ignored Jul 6 01:44:26 evtest ntpd[2175]: frequency initialized 2.488 PPM from /var/lib/ntp/drift Jul 6 01:47:47 evtest ntpd[2175]: synchronized to LOCAL(0), stratum 10 Jul 6 01:47:47 evtest ntpd[2175]: kernel time sync enabled 0001 Jul 6 14:30:39 evtest ntpd[2175]: ntpd exiting on signal 15 Jul 7 00:16:54 evtest ntpd[2174]: ntpd 4.2.2p1@1.1570-o Sat Dec 20 02:52:11 UTC 2014 (1) Jul 7 00:16:54 evtest ntpd[2175]: precision = 1.000 usec Jul 7 00:16:54 evtest ntpd[2175]: Listening on interface wildcard, 0.0.0.0#123 Disabled Jul 7 00:16:54 evtest ntpd[2175]: Listening on interface lo, 127.0.0.1#123 Enabled Jul 7 00:16:54 evtest ntpd[2175]: Listening on interface eth0, 192.168.1.36#123 Enabled Jul 7 00:16:54 evtest ntpd[2175]: kernel time sync status 0040 Jul 7 00:16:54 evtest ntpd[2175]: getaddrinfo: "::1" invalid host address, ignored Jul 7 00:16:56 evtest ntpd[2175]: frequency initialized 2.488 PPM from /var/lib/ntp/drift Jul 7 00:20:12 evtest ntpd[2175]: synchronized to LOCAL(0), stratum 10 Jul 7 00:20:12 evtest ntpd[2175]: kernel time sync enabled 0001
Here is and extract of the remote /var/log/messages: [root@centos5 etc]# cat /var/log/messages.1 | grep "ntpd" Jun 29 20:25:13 centos5 ntpd[3301]: ntpd exiting on signal 15 Jun 29 20:44:25 centos5 ntpd[3298]: ntpd 4.2.2p1@1.1570-o Sat Dec 20 02:52:11 UTC 2014 (1) Jun 29 20:44:25 centos5 ntpd[3299]: precision = 1.000 usec Jun 29 20:44:25 centos5 ntpd[3299]: Listening on interface wildcard, 0.0.0.0#123 Disabled Jun 29 20:44:25 centos5 ntpd[3299]: Listening on interface lo, 127.0.0.1#123 Enabled Jun 29 20:44:25 centos5 ntpd[3299]: Listening on interface eth0, 1.10.100.57#123 Enabled Jun 29 20:44:25 centos5 ntpd[3299]: kernel time sync status 0040 Jun 29 20:44:25 centos5 ntpd[3299]: getaddrinfo: "::1" invalid host address, ignored Jun 29 20:44:26 centos5 ntpd[3299]: frequency initialized 39.595 PPM from /var/lib/ntp/drift Jun 29 20:47:41 centos5 ntpd[3299]: synchronized to LOCAL(0), stratum 10 Jun 29 20:47:41 centos5 ntpd[3299]: kernel time sync enabled 0001 Jun 29 20:49:51 centos5 ntpd[3299]: synchronized to 192.36.143.130, stratum 1 Jun 29 21:09:14 centos5 ntpd[3299]: time reset +2.461477 s Jun 29 21:13:01 centos5 ntpd[3299]: synchronized to LOCAL(0), stratum 10 Jun 29 21:15:10 centos5 ntpd[3299]: synchronized to 192.36.143.130, stratum 1 Jul 3 18:52:20 centos5 ntpd[3299]: ntpd exiting on signal 15 Jul 3 22:08:54 centos5 ntpd[3299]: ntpd 4.2.2p1@1.1570-o Sat Dec 20 02:52:11 UTC 2014 (1) Jul 3 22:08:54 centos5 ntpd[3300]: precision = 1.000 usec Jul 3 22:08:54 centos5 ntpd[3300]: Listening on interface wildcard, 0.0.0.0#123 Disabled Jul 3 22:08:54 centos5 ntpd[3300]: Listening on interface lo, 127.0.0.1#123 Enabled Jul 3 22:08:54 centos5 ntpd[3300]: Listening on interface eth0, 1.10.100.57#123 Enabled Jul 3 22:08:54 centos5 ntpd[3300]: kernel time sync status 0040 Jul 3 22:08:54 centos5 ntpd[3300]: getaddrinfo: "::1" invalid host address, ignored Jul 3 22:08:55 centos5 ntpd[3300]: frequency initialized 37.845 PPM from /var/lib/ntp/drift Jul 3 22:12:08 centos5 ntpd[3300]: synchronized to LOCAL(0), stratum 10 Jul 3 22:12:08 centos5 ntpd[3300]: kernel time sync enabled 0001 Jul 3 22:14:16 centos5 ntpd[3300]: synchronized to 45.231.168.6, stratum 2 Jul 3 22:29:31 centos5 ntpd[3300]: time reset +15.928958 s Jul 3 22:33:42 centos5 ntpd[3300]: synchronized to LOCAL(0), stratum 10 Jul 3 22:34:17 centos5 ntpd[3300]: synchronized to 45.231.168.6, stratum 2 Jul 3 23:17:50 centos5 ntpd[3300]: synchronized to 41.220.128.73, stratum 2 Jul 3 23:33:59 centos5 ntpd[3300]: synchronized to 193.182.111.13, stratum 2 Jul 3 23:38:16 centos5 ntpd[3300]: synchronized to 45.231.168.6, stratum 2 Jul 4 00:00:48 centos5 ntpd[3300]: synchronized to 41.220.128.73, stratum 2 Jul 4 00:08:13 centos5 ntpd[3300]: synchronized to 45.231.168.6, stratum 2 Jul 4 00:13:02 centos5 ntpd[3300]: synchronized to 41.220.128.73, stratum 2 Jul 4 00:15:57 centos5 ntpd[3300]: synchronized to 45.231.168.6, stratum 2 Jul 4 00:16:13 centos5 ntpd[3300]: synchronized to 193.182.111.13, stratum 2 Jul 4 00:48:05 centos5 ntpd[3300]: synchronized to 41.220.128.73, stratum 2 Jul 4 03:07:45 centos5 ntpd[3300]: synchronized to 45.231.168.6, stratum 2
As you see, the remote messages file have several "synchronized to" lines but those lines doesn`t appear in my messages file. How do I enable time syncronization? EDIT1: [root@evtest etc]# echo "peers" | ntpq remote refid st t when poll reach delay offset jitter ============================================================================== karhu.miuku.net .INIT. 16 u - 1024 0 0.000 0.000 0.000 ntp2.flashdance .RMOT. 16 u - 1024 0 0.000 0.000 0.000 *LOCAL(0) .LOCL. 10 l 24 64 377 0.000 0.000 0.001 [root@evtest etc]#
EDIT2: I'd rather like to use ntpd EDIT3: [root@evtest etc]# cat /etc/ntp.conf # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict -6 ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 0.centos.pool.ntp.org server 1.centos.pool.ntp.org server 2.centos.pool.ntp.org server 3.centos.pool.ntp.org #broadcast 192.168.1.255 key 42 # broadcast server #broadcastclient # broadcast client #broadcast 224.0.1.1 key 42 # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 key 42 # manycast client # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. server 127.127.1.0 fudge 127.127.1.0 stratum 10 # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. driftfile /var/lib/ntp/drift # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 restrict 0.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 1.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 2.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery restrict 3.centos.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery [root@evtest etc]#
EDIT4: [root@evtest etc]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination [root@evtest etc]#
EDIT5: Working (remote) system clock (this would be the correct time): Thu Jul 8 08:19:36 CDT 2021
My (incorrect) clock: Thu Jul 8 01:08:51 CDT 2021
EDIT6: Output of tcpdump -ni eth0 'udp port 123' [root@evtest ~]# tcpdump -ni eth0 'udp port 123' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 09:16:26.065503 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 09:16:30.064984 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 09:33:30.065630 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 09:33:33.064632 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 09:50:35.065585 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 09:50:39.065966 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 10:07:40.065476 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 10:07:42.065569 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 10:24:44.065691 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 10:24:45.066300 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 10:41:49.065627 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 10:41:50.065270 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 10:58:54.065499 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 10:58:55.065089 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 11:15:58.065713 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 11:15:59.065277 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 11:33:01.065423 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 11:33:05.064858 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 11:50:07.065780 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 11:50:09.066043 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 12:07:11.065087 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 12:07:14.065845 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 12:24:16.064951 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 12:24:18.065121 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 12:41:21.065706 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 12:41:21.065719 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 12:58:24.065325 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 12:58:25.064950 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 13:15:29.066151 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 13:15:31.066342 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 13:32:32.065751 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 13:32:37.065828 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 13:49:35.065384 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 13:49:41.065109 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 14:06:41.065836 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 14:06:47.066553 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 14:23:44.065511 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 14:23:51.065093 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 14:40:47.066145 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 14:40:55.065992 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 14:57:50.065718 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 14:57:58.065650 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 15:14:55.064675 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 15:15:01.065336 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48 15:32:01.065972 IP 192.168.1.36.ntp > 195.3.254.2.ntp: NTPv4, Client, length 48 15:32:07.065768 IP 192.168.1.36.ntp > 192.36.143.130.ntp: NTPv4, Client, length 48
 |
| Why does my Linux Kernel have missing directories / files that are crucial for ip_tables to run? Posted: 10 Jul 2021 06:56 PM PDT as mentioned in the header - my Linux Kernel seems to be missing files / directories that are crucial for iptables to run properly. I'm able to temporarily resolve this by reinstalling my kernel, but it's not a permanent resolve as after a reboot I'm back to where I started. When I run iptables -L I receive an error saying, "Perhaps iptables or your kernel needs to be upgraded." I've found I'm able to resolve this error by running sudo apt-get install --reinstall linux-modules-5.8.0-59-generic. I've noticed that after the reinstall I have additional files and directories in my /lib/modules/5.8.0-59-generic directory, which leads me to believe that my kernel by default is missing these and disabling iptables from functioning properly. After a reboot it goes back to missing these said files/directories and iptables not working. Is it possible to reinstall the kernel module permanently, so I don't have to reinstall after every reboot to get iptables to work? I'm running Ubuntu 20.04.2, and as mentioned above my kernel is 5.8.0-59-generic. I appreciate any assistance I can get! edit: The output I get from ls /boot/vmlinuz* is: [vmlinuz output]: https://i.stack.imgur.com/dDroe.png OR as text: /boot/vmlinuz /boot/vmlinuz-5.4.0-77-generic /boot/vmlinuz-5.8.0-48-generic /boot/vmlinuz-5.8.0-55-generic /boot/vmlinuz-5.8.0-59-generic /boot/vmlinuz.old
And the ouput I get from apt-cache policy linux-image-generic is: [apt-cache output]: https://i.stack.imgur.com/OY9Cj.png OR as text: linux-image-generic: Installed: 5.4.0.77.80 Candidate: 5.4.0.77.80 Version table: *** 5.4.0.77.80 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages 100 /var/lib/dpkg/status 5.4.0.26.32 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
The computer that is running is a Dell Optiplex 3020 with specs of: - CPU: Quad Core Intel(R) Core(TM) i5-4570 CPU @ 3.20 GHz
- RAM: 8Gb ram
edit: I'm unsure how the output from these commands will help me, and I'd really appreciate further guidance as I'm still no closer to getting this resolved!  |
| I am trying to create similar rules with firewall-cmd command. They should work exactly the Iptables rules are written. can someone help plese Posted: 10 Jul 2021 09:45 PM PDT iptables -t nat -A OUTPUT -p tcp -o lo --dport 2222 -j REDIRECT iptables -t nat -A PREROUTING -p tcp --dport 2222 -j REDIRECT
When I run this rules, I see some packets counts. Vs firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 0.0.0.0 -p tcp --dport 2222 -j REDIRECT firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -s 127.0.0.1 -p tcp --dport 2222 -j REDIRECT
But when I run this rules, I don't see any packet counts when I run iptables -L -t nat -nv | grep 22 0 0 REDIRECT tcp -- * * 0.0.0.0 0.0.0.0/0 tcp dpt:2222 0 0 REDIRECT tcp -- * 0.0.0.0 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 0 0 REDIRECT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 0 0 REDIRECT tcp -- * * 127.0.0.1 0.0.0.0/0 tcp dpt:2222 0 0 REDIRECT tcp -- * * 0.0.0.0 0.0.0.0/0 tcp dpt:2222
I need firewall-cmd version rules, iptables rules are working fine. Or better would be if I can make iptables rules service-restart persistent.  |
| 500 internal error in nginx centos Posted: 10 Jul 2021 09:14 PM PDT i'm trying to add a captcha in my wordpress login page. i get 500 internal error in firefox console when inspecting the page. i also have this in my nginx error logs: FastCGI sent in stderr: "PHP message: PHP Warning: Use of undefined constant 'FS_METHOD' - assumed ''FS_METHOD'' (this will throw an Error in a future version of PHP)
these are some parts of my configs: nginx site config: server { listen 443 ssl http2; server_name example.com; set $base /var/www/html/mysite; root $base/public; # restrict methods if ($request_method !~ ^(GET|POST|HEAD)$) { return '444'; } # index.php index index.php; # index.php fallback location / { try_files $uri $uri/ /index.php?$args; } # additional config include /etc/nginx/general.conf; include /etc/nginx/wordpress.conf; # handle .php #location ~ \.php$ { # fastcgi_pass unix:/var/run/php/php-fpm/php7.4-fpm.sock; # include /etc/nginx/php_fastcgi.conf; #} location ~ \.php$ { #try_files $uri =404; include /etc/nginx/php_fastcgi.conf; fastcgi_pass unix:/var/run/php/php-fpm/php7.4-fpm.sock; #include fastcgi_params; }
wordpress config: # WordPress: allow TinyMCE location = /wp-includes/js/tinymce/wp-tinymce.php { include /etc/nginx/php_fastcgi.conf; } # WordPress: deny wp-content, wp-includes php files location ~* ^/(?:wp-content|wp-includes)/.*\.php$ { deny all; } # WordPress: deny wp-content/uploads nasty stuff location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ { deny all; } # WordPress: SEO plugin location ~* ^/wp-content/plugins/wordpress-seo(?:-premium)?/css/main-sitemap\.xsl$ {} # WordPress: deny wp-content/plugins (except earlier rules) location ~ ^/wp-content/plugins { deny all; } # WordPress: deny general stuff location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ { deny all; }
and security config: # security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # . files location ~ /\.(?!well-known) { deny all; }
 |
| Allow files to be listed when viewing a directory but protected (via HTTP authentication) when accessed directly Posted: 10 Jul 2021 09:24 PM PDT I created a password protected directory using .htaccess and .htpasswd, but the files don't show up when I go to the directory URL. I have this in my .htaccess: #Protect multiple files <FilesMatch "^(.*).csv$"> AuthName "Dialog prompt" AuthType Basic AuthUserFile /xxxxx/test #AuthUserFile ".htpasswd" Require valid-user </FilesMatch>
UPDATE: I'm protecting the CSV files in that directory. They disappear from the directory listing when that auth directive is set. They show up when I remove it. I want to be able to at least see the files in the directory listing, but when accessing these files it would offer an auth prompt.  |
| Can't access internet inside docker windows container inside corporate proxy Posted: 10 Jul 2021 09:05 PM PDT I need to connect to the Internet from inside a container. Initially, the Docker daemon was not able to connect to the Internet and I was unable to run: docker pull hello-world
I resolved this by specifying a manual proxy in the docker desktop GUI settings, under resources
Once I manually set the proxy I was able to pull the hello-world image - so I know this proxy works. I then created a test Dockerfile to see if I could get a container to connect to the internet when building an image, and this is the Dockerfile: FROM mcr.microsoft.com/windows/servercore:1903 RUN curl 'www.google.co.za'
and got this output: PS C:\Projects\Test> docker build -t test:01 . Sending build context to Docker daemon 3.906GB Step 1/2 : FROM mcr.microsoft.com/windows/servercore:1903 ---> 66c07b0d3e85 Step 2/2 : RUN curl 'www.google.co.za' ---> Running in 99f79ea70731 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: 'www.google.co.za' The command 'cmd /S /C curl 'www.google.co.za'' returned a non-zero code: 6
As was suggested here I tried adding a DNS as follows: "dns": ["1.1.1.1"]
but got the same result as above.
I had previously had issues in Linux containers where I couldn't install packages inside the container and I had to add the following to the Dockerfile which worked: ENV HTTP_PROXY http://myproxy:3128 ENV http_proxy http://myproxy:3128
I have tried doing this in my test Dockerfile and I get this result (note that this is the output without the DNS settings): PS C:\Projects\Test> docker build -t test:01 . Sending build context to Docker daemon 3.906GB Step 1/4 : FROM mcr.microsoft.com/windows/servercore:1903 ---> 66c07b0d3e85 Step 2/4 : ENV HTTP_PROXY http://myproxy.com:3128 ---> Using cache ---> d6bbca2c1984 Step 3/4 : ENV http_proxy http://myproxy.com:3128 ---> Using cache ---> a22311c57c8d Step 4/4 : RUN curl 'www.google.co.za' ---> Running in 3e3be3786b62 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 874 100 874 0 0 874 0 0:00:01 --:--:-- 0:00:01 1189 <HTML><HEAD> <TITLE>Network Error</TITLE> </HEAD> <BODY> <FONT face="Helvetica"> <big><strong></strong></big><BR> </FONT> <blockquote> <TABLE border=0 cellPadding=1 width="80%"> <TR><TD> <FONT face="Helvetica"> <big>Network Error (dns_unresolved_hostname)</big> <BR> <BR> </FONT> </TD></TR> <TR><TD> <FONT face="Helvetica"> Your requested host "'www.google.co.za'" could not be resolved by DNS. </FONT> </TD></TR> <TR><TD> <FONT face="Helvetica"> </FONT> </TD></TR> <TR><TD> <FONT face="Helvetica" SIZE=2> <BR> For assistance, contact your network support team.<br><br>Your request was categorized by Blue Coat Web Filter as 'none'. <br>If you wish to question or dispute this result, please click <a href="http://sitereview.bluecoat.com/sitereview.jsp?referrer=136&url=http://'www.google.co.za'/">here</a>. </FONT> </TD></TR> </TABLE> </blockquote> </FONT> </BODY></HTML> Removing intermediate container 3e3be3786b62 ---> 79dcdbf32644 Successfully built 79dcdbf32644 Successfully tagged test:01
If I add the DNS settings back into the Docker GUI I get this output: PS C:\Projects\Test> docker build -t test:01 . Sending build context to Docker daemon 3.906GB Step 1/4 : FROM mcr.microsoft.com/windows/servercore:1903 ---> 66c07b0d3e85 Step 2/4 : ENV HTTP_PROXY http://myproxy.com:3128 ---> Running in 4ac3e6e23b5f Removing intermediate container 4ac3e6e23b5f ---> 6bfbb6923789 Step 3/4 : ENV http_proxy http://myproxy.com:3128 ---> Running in 7e7b08cef7b3 Removing intermediate container 7e7b08cef7b3 ---> 4a827371e6fa Step 4/4 : RUN curl 'www.google.co.za' ---> Running in 317a2ea37342 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:10 --:--:-- 0curl: (5) Could not resolve proxy: myproxy.com The command 'cmd /S /C curl 'www.google.co.za'' returned a non-zero code: 5
So with the DNS settings it can't resolve the proxy and without the DNS settings it can't resolve the URL. I don't know how to proceed from here.
Removing the literal single quotes from my curl command was necessary but this hasn't solved my problem yet unfortunately. I don't properly understand what setting the dns to "1.1.1.1" does but from the reading I did, it seemed I should rather specify the dns to the DNS server within my company's network. I discovered this info with this command: ipconfig -all
and there I saw 2 IP address listed as DNS servers under "Ethernet adapter Ethernet:", so I rather specified these 2 in the Docker Desktop GUI "Docker Engine" settings. I then ran tests with 4 permutations as follows: - Set DNS in Docker Desktop + set proxy ENV in Dockerfile
- Set DNS in Docker Desktop + no proxy set in Dockerfile
- No DNS set in Docker Desktop + set proxy ENV in Dockerfile
- No DNS set in Docker Desktop + no proxy set in Dockerfile
In each test I tried to run the following commands from my dockerfile during the build: RUN curl www.google.co.za RUN tracert www.google.co.za
Setting the DNS didn't seem to make any difference to the results. Setting the ENV HTTP_PROXY set in the Dockerfile seemed to make a difference to the curl command. Without setting it I get the following output: Failed to connect to www.google.co.za port 80: Timed out
With the ENV HTTP_PROXY set in the Dockerfile I get what looks like the HTML of the google.co.za site which makes it appear to be working. But the tracert command shows that the request gets out of the container but doesn't get past my default gateway and it reports "Destination host unreachable". So instead of running the curl command to www.google.co.za I used a banks site and here the curl command reports: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:10 --:--:-- 0
and the tracert command fails. I am guessing that when running curl www.google.co.za, I am getting a cached page somehow. So I am still stuck and looking for help.  |
| AWS: Connecting Lambda to a Secret doesn't work Posted: 10 Jul 2021 09:05 PM PDT I am trying to connect a Lambda to a secret as per AWS docs. I set the following resource-based policy on the secret, and verified that it has indeed been set: { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789:role/my-lambda-execution-role" }, "Action": ["secretsmanager:GetSecret", "secretsmanager:GetSecretValue"], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "secretsmanager:VersionStage": "AWSCURRENT" } } }] }
However, I am getting timeouts when attempting to actually retrieve the policy (using Amazon's generated starter code for python3 client). I am executing the Lambda in the web IDE. I tried it with and without the Condition filter. I also, just to be safe, granted the SecretsManagerReadWrite policy to the lambda execution role. No effect -- still timeouts. I have a feeling that I am missing some important step there, but I have no idea what it could be... Can anyone help? Thanks!  |
| iptables - bridge / routing between two independent LANs (and router) Posted: 10 Jul 2021 06:00 PM PDT I can't find a solution in a network like in the drawing below. - I need to be able to open admin page of router 2 on LAN2 from a pc in a LAN1, w/o routing throught Internet.
- I have a "bridge" PC with 2 NIC and linux (Debian) and I can doing everything on it.
I would like that from any PC connected to LAN 1 it's possible to access port 80 of the LAN 2 router. Internet 1 Internet 2 ! ! +---------------------+ +---------------------+ | Router 1 | | Router 2 | | LAN 192.168.55.1/24 | | LAN 192.168.2.1/24 | | | | | +---------------------+ +---------------------+ | | | | | +-----------------------+ | | | | | | | BRIDGE | | |-------|eth0 | | | |192.168.55.2 eth1|---| | | 192.168.2.2| | | +-----------------------+ | | | | | Other clients other clients LAN 1 LAN 2
The idea is to set a port (example 8080) on eth0, of the (PC) "bridge" and exit on eth1 on LAN 2 to the IP of the router 192.168.2.1:80 The answer from 192.168.2.1 would not go through the gateway but would go back to eth1. After manipulation, the IP pachet come out from eth0. The "bridge" should replace the source address, as if it originated from 192.168.55.2. I've done a lot of testing, but I can't find a solution with various test with iptables settings. Obviously, I enabled ip_forward = 1 and I set iptables so. iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 8080 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 8080 -j DNAT --to 192.168.2.1:80
and forwarding: sysctl -a | grep "\.forwarding" | grep ipv4 sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret" sysctl: reading key "net.ipv6.conf.wlan0.stable_secret" net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.eth0.forwarding = 1 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.wlan0.forwarding = 1
has anyone had a similar problem and can you give me a hint? Thanks in advance!  |
| pure-ftpd returns 550 Can't change directory to /: Permission denied Posted: 10 Jul 2021 07:06 PM PDT I have pure-ftpd running onn ubuntu 16.04.5 LTS and have trouble uploading files. The server connects, but I can not create any directory nor can I upload files. It apears to be a permission problem. The server is configured with virtual users over mysql, where each user has a directory. This used to work, but the config might have changed. While trying to connect over filezilla: Status: Resolving address of ftp.example.com Status: Connecting to myip... Status: Connection established, waiting for welcome message... Status: Insecure server, it does not support FTP over TLS. Status: Logged in Status: Retrieving directory listing... Status: Directory listing of "/" successful Status: Resolving address of ftp.example.com Status: Connecting to myip... Status: Connection established, waiting for welcome message... Status: Insecure server, it does not support FTP over TLS. Status: Logged in Status: Starting upload of /Users/user/Desktop/test.vcf Command: CWD / Response: 550 Can't change directory to /: Permission denied Command: MKD / Response: 550 Can't create directory: File exists Command: CWD / Response: 550 Can't change directory to /: Permission denied Command: SIZE /test.vcf Response: 550 Can't check for file existence Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (myip) Command: STOR /test.vcf Response: 553 Can't open that file: Permission denied Error: Critical file transfer error
On the server site: Feb 12 14:18:33 fx pure-ftpd: (stangeimmo@199.203.151.209) [INFO] Logout. Feb 12 14:18:33 fx pure-ftpd: (?@199.203.151.209) [INFO] New connection from 199.203.151.209 Feb 12 14:18:33 fx pure-ftpd: (?@199.203.151.209) [INFO] stangeimmo is now logged in Feb 12 14:19:34 fx pure-ftpd: (stangeimmo@199.203.151.209) [INFO] Can't change directory to /: Permission denied Feb 12 14:19:34 fx pure-ftpd: (stangeimmo@199.203.151.209) [ERROR] Can't create directory: File exists Feb 12 14:19:34 fx pure-ftpd: (stangeimmo@199.203.151.209) [INFO] Can't change directory to /: Permission denied Feb 12 14:19:35 fx pure-ftpd: (stangeimmo@199.203.151.209) [ERROR] Can't open that file: Permission denied
The mysql config file for pure-ftpd has this line: MYSQLGetDir SELECT CONCAT('/mnt/project/data/ftp-upload/', user) AS Dir FROM ftp_access WHERE User="\L"
Also I noticed that the .welcome message will not be displayed, not sure if this is also an indication. Folder permissions are: rwxrwx--- 218 www users 4096 Feb 12 13:14 ftp-upload/
What could be the reason for this problem?  |
| Nginx to redirect to specific PHP Posted: 10 Jul 2021 04:03 PM PDT I wanted to rewrite the url path to point to certain PHP. Here is the flow: User Login https://admin.abc.com
After they logged in, the system will pass url to be redirected https://admin.abc.com/MX/Home
What it does here is the it is actually redirecting to main.php?url=Home, so I'm expecting the URL rewrite to rewrite to the above. The physical path for MX/Home doesn't exist, but path towards MX exists. This main.php is inside the MX folder, here is the path: /var/www/html/MX/main.php
So after login, it should redirect to main.php and rewrite to the url into like this https://admin.abc.com/MX/Home
but it is actually main.php running the based on the url parameter. Below is my configuration but seems to unable achieve the above. Kindly advise. server { listen 80; root /var/www/html; index login.php; server_name admin.abc.com; location / { try_files $uri $uri/ login.php?$args; } location ^/MX { rewrite ^/MX/^(.*)$ /MX/main.php?url=$1 last; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; } }
 |
| How to monitor systemd service with snmp? Posted: 10 Jul 2021 10:13 PM PDT So I have a Gunicorn service on my Ubuntu server. First I added proc gunicorn to this file: /etc/snmp/snmpd.conf.
But I'm not sure how to get the right values. I've seen this question (How to monitor services with SNMP?) and tried this command snmpwalk -v 2c -c public localhost 1.3.6.1.2.1.25.4.2.1.2 but I got this message: HOST-RESOURCES-MIB::hrSWRunName = No more variables left in this MIB View (It is past the end of the MIB tree)
So I guess the OID is wrong or I have other configurations.
How can I get the status of my services with snmp?  |
| HAProxy ACL Not Working Posted: 10 Jul 2021 09:29 PM PDT I'm building a load balancer using HAProxy. I want to have a frontend with multiple backend, divided using path. For example: - 172.20.20.10/tomcat1 using backend tomcat1
- 172.20.20.10/tomcat2 using backend tomcat2
(172.20.20.10) is the HAProxy Node IP. Here is my config: frontend frontend bind *:80 option httpclose acl tomcat1acl url_beg /tomcat1 acl tomcat2acl url_beg /tomcat2 use_backend tomcat1backend if tomcat1acl use_backend tomcat2backend if tomcat2acl backend tomcat1backend balance roundrobin mode http server serv01 172.20.20.20:8080 check backend tomcat2backend balance roundrobin mode http server serv01 172.20.20.25:8084 check
But I'm getting error 503 Service Unavailable on both 172.20.20.10/tomcat1 and 172.20.20.10/tomcat2. Is there any misconfig ?  |
| software raids and kvm Posted: 10 Jul 2021 05:04 PM PDT I have 4 drives for data storage, that i want to arrange in a software raid 10 (hardware raid is no option). I was asked to set all things up in a vm, so it is easier to change the hardware, if it is necessary. I have no experiences with software raid and vm's and I am wondering if it is even working. I am running ubuntu and i want to use kvm. I have a additional ssd where both are running. There are 2 ways that i can think about. - Do the raid on the host and pass it to kvm
- Set up the raid in kvm.
I have a few concerns that both of these are really bad ideas(especially the 2.). So does it work? And if do i still have the advantages of a raid 10(faster, redundancy)? What is the best way to do this? 1. or 2. or a 3.?  |
| Multiple site hosting: Virtual hosts not working properly Posted: 10 Jul 2021 04:03 PM PDT I have a CentOS 7 server running Apache 2, and am trying to host 2 sites. My two domain names are pointed to the server at IP 70.61.231.8. verizondecom.com windstreamdecom.com
On the server, I have a virtual host set up for each site. NameVirtualHost *:80 <VirtualHost *:80> ServerName windstreamdecom.com ServerAlias www.windstreamdecom.com ErrorLog /var/log/httpd/windstreamdecom.err CustomLog /var/log/httpd/windstreamdecom.log combined DocumentRoot /var/www/windstreamdecom/public SetEnv ENVIRONMENT "production" <Directory "/var/www/windstreamdecom/public"> AllowOverride ALL Order allow,deny Allow from all Require all granted </Directory> </VirtualHost> <VirtualHost *:80> ServerName verizondecom.com ServerAlias www.verizondecom.com ErrorLog /var/log/httpd/verizondecom.err CustomLog /var/log/httpd/verizondecom.log combined DocumentRoot /var/www/www.verizondecom.com/public SetEnv ENVIRONMENT "production" <Directory "/var/www/www.verizondecom.com/public"> AllowOverride ALL Order allow,deny Allow from all Require all granted </Directory> </VirtualHost>
When I type in either domain name, I get the first Vhost (Windstream). The URL in the browser also changes to the server's IP address. What am I missing here? I need to be able to go to both websites, and the URL should be the hostname, not the IP.  |
| Excessive delay or not delivery for Yahoo emails to Exchange mailboxes Posted: 10 Jul 2021 06:00 PM PDT Emails with attachments from Yahoo mail not deliver to our exchange mailboxes or receive with to much delay.The bigger the attachment the later delivery.Emails with 10MB attachments not deliver at all and "Failure Notice" message appear in yahoo mailbox. Receive connector maximum size set to 15MB and sending same emails from gmail deliver successfully to our mailboxes. Analyzing header of delivered Yahoo mails shows that delay occurs between internal yahoo servers: Received: from edge.mydomain.com (...) by hubtransport.mydomain.com (...) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 17 Oct 2017 09:46:19 +0330 Received: from sonic301-2.consmr.mail.bf2.yahoo.com (74.6.129.41) by edge.mydomain.com (...) with Microsoft SMTP Server id 14.1.438.0; Tue, 17 Oct 2017 09:42:10 +0330 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1508220732; bh=bksjW5TROZcxTvYHCLqUYpF9HOWQ9JF0oMeKW5qc+uY=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=phTCEcma9Zp3i5o5U3hPunGTiqrIBBn8vXKX8XV847eQ/YYbxaqNQ6in+hTiiB4nepTLME7idDYC52Jo/1Yu3o3MmCebT849+/6bq32hmB9ynTiWdqcWAEKhXLmXSlammDKB0shbHG26rC7VX840V2NtxKLB5QMLYxgHbgCVgh5gFaPsd6yP1Pz0XLIwI59n619lDrtHQYcAW2ghtTukh3I2UMByuteAJKYC/d/eq8eoayen14xMgcc/J08osx4MAtcLPl5PenXzBQpTf+hgUljqixKjKiBVZ1+D8OtVRwrD7qT13pj95YOPJHqr3Sjs28uLaaL1HZdbu9f9PTZQSw== X-YMail-OSG: bPRSVbgVM1mj9nLbjTnKbn5kHc._OmtaBeC0DmqQFJdYlBvKo1Z1LJj7IM28zQs F0grQ1hFHudHa_8YL.jM.3gxQjhZq45uEbgAYQE1QOyOZgijZuRWYwqFKseJ1koAiJMvByg_810l CdN.03xyqzjrg90iYKGQQFlQDS3R2sVT5Emo4o30_6qD..FEKvVAFLLHpNXMKjQLxxljH03MRdWk 0Kq9PYqzhHe1s50rA.ldANwdftqBEDnpJzUiirf..iYYgpBtV8kxSXtMkqnE5jF5YnbgZGudTrVj cTCBDAQAfDyixUpmj0sB9VHdU6Kenec6fkqmwJGfoZj4_U4l_brm30KxU9DItRSoKYg9Ypr.trIA 7BThj_iBPzWpK4XVT_FytNOr5GINp_FaUTYlj.EqsTgfEPQ6Pf3TtIgmqvs.AjCdAKT4_ciz2..Q Kz6T8hAxAbbetbGTPCPwMdtFw41s3sXu62tj6Jeoffh.Q2Fu.YlM8cewZOM86Xz.0.dkLUNPAEEs - Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.bf2.yahoo.com with HTTP; Tue, 17 Oct 2017 06:12:12 +0000 Date: Tue, 17 Oct 2017 06:00:02 +0000 From: test <test@yahoo.com> To: =?UTF-8?B?2YbbjNmF2Kcg2LTYp9uM2YI=?= <test@mydomain.com> Message-ID: <...@mail.yahoo.com> Subject: 929 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_322010_1330634417.1508220003126" X-Mailer: WebService/1.1.10774 YahooMailNeo Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Content-Length: 5861292 Return-Path: test@yahoo.com X-MS-Exchange-Organization-PRD: yahoo.com Received-SPF: Pass (...) client-ip=74.6.129.41; helo=sonic301-2.consmr.mail.bf2.yahoo.com; X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-Antispam-Report: DV:3.3.16312.857;SID:SenderIDStatus Pass;OrigIP:74.6.129.41 X-MS-Exchange-Organization-SCL: 0 X-MS-Exchange-Organization-SenderIdResult: PASS X-MS-Exchange-Organization-AuthSource: edg.mydomain.com X-MS-Exchange-Organization-AuthAs: Anonymous
Pay attention to "Date" header and delay in receiving email from from sonic.gate.mail.ne1.yahoo.com to sonic301.consmr.mail.bf2.yahoo.com with HTTP in "Received" header which is almost 12 minute. Obviously Sending email from yahoo to gmail don't suffer from such problem but the different internal yahoo server are in use in that. Update: Blow is the returned "Failure Notice" email to Yahoo mailbox: X-Apparently-To: test@mydomain.com; Tue, 17 Oct 2017 10:39:58 +0000 Return-Path: <> Received-SPF: none (domain of sonic309-13.consmr.mail.bf2.yahoo.com does not designate permitted sender hosts) X-YMailISG: EyD_Pj4WLDvW5UziFeMPpsIVOtNXaMd1k80he9MFvw2jTbMD FQ.Ct3tOPTQH7kF9.y7CKUy2tg5OEiKv4wau.h2wfsQFnFYxArH9Y8hGnNp6 m1_shZNNK9bkroRxhmCZEOP5Q.z3dbT97ypq048LwaYKcXENkKtpO8WSScSU 7EqB1A7ZYvX37Yj8G8AsItNSbd_G34wpB9zEgTvrZfr4G6LN6UjhT71Cd15I C.CgBJKXCHsANyNlzghnA4L59Jz5FULsMK8EKDN4b8HE0emYJh4jgR0sgr.R _D0MXr2aYJhgwTiEHeRYWaEX_3Q1RlxAkSMOFcG6c1VOFdSY1uYiJLX0yASD eSnrFiLilvIZGjmf3JNPK1n1pYbsw4.0eiyOVWx9.bRMVeWFKAyp767BvdT. efrKX1rLQ9geOldqyq0QhvlHf4ua4WLew13h7oNz.UftMTj.kbb1FSIcli5V QLMXPA6dcAMWA4bb9kCJxs7fwFK7yce_dEJoBtmqINi8Zbtgbvte40qvOtP8 4XYSffz3F2ZF8N7uqRFOI7Ve77Qg0ro5joiXZK0ssex6qxu9ckRpHM95GU0B OhcGvTnYMomCii2hrK1IqG4ELjTou9M9fGR4XTmFQEqtSr3lqOjURS0Hjwbk nSqpNDmt3TEs2xmXtH1L92gfBEMiT_V34R6j0076MXly59YTEsFVpKZGggy4 m3kfHdNxs2yrH3VV.6Q8tGqm6D5AplLKHlpkmzpTuPZHUZgM.rwbDSvADG1A cyg5IlpD63Fd4j_.dKUlp290xY7ti_yYJdCve6uLihiujxmcQ0yW9L688I34 4ew.E1X_cbzkhCx7XfVCFkLgZRf.VGyQNOlBlN2kKogb8_5qwiDIa.S8zwqZ .bUo7c6CfHlbH81gHDAAdIkCT8IBnrcIUwf7fhrKwhevrn.4hd0kpFGOf9YN M3gE70lzayzkZLnw12Z7WgSI56PMkdI_7cVBs5nk4HBbhfG8Y77AVYokSNnB 4pg3KaJ2xIb0uVkdGKata4CdVkxaYC3OltXUGKlCfVeQTitPbd10nskVAXxD pfxNeGG592s5t2rkIpK87WvhSXsDqvCei5qtRMyzCsTCKtIootgfxHjJQxAR kpjm2UT0xNFbQ7Txn3Xalb.y8yQhIN1mXTs6koaTvd5AiUCQTZhv8drvfueR qW6ldJ2Cjn60_VnRAPf_9X9ZB8ouG8XTj7R3SKw1XpN_8iB0MF21Z2kCV.M0 D6nW7vE_cfwxRRlZCtPdQxkCra0BkX63RuCxNIKWVsH3AG2K7arHEacYRPi_ oXJ1bSubccNmrMxJfXxpSQEZqy51CifFwXoqkf6sYulnu6vrtz1xCriuBLkS X-Originating-IP: [74.6.129.123] Authentication-Results: mta1038.mail.gq1.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok) Received: from 127.0.0.1 (EHLO sonic309-13.consmr.mail.bf2.yahoo.com) (74.6.129.123) by mta1038.mail.gq1.yahoo.com with SMTPS; Tue, 17 Oct 2017 10:39:58 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=bounce; t=1508236797; bh=HBViP8ksLRRBMVsngkSc1xd9E7HF0hs0Z7TUk1trgs0=; h=Date:From:To:Subject:From:Subject; b=Akywhnxfnu7B79RDSgA6WFjQAKR1xM5sCfUQ/swEFWkRRcHife7JjAYE6FZT8Tc006bo4d3jHb5AVyDGoyEmTyp6An/Hm6+WhaZHDrmYfpaUZCe+w4AP2YtpT6Mr8gpcmCqQyYBHlWhxgPVX7umjai7rPt4xpIuNqi6TRplB2m4= Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.bf2.yahoo.com with HTTP; Tue, 17 Oct 2017 10:39:57 +0000 Date: Tue, 17 Oct 2017 10:39:57 +0000 From: MAILER-DAEMON@yahoo.com To: test@mydomain.com Message-ID: <829224876.370562.1508236797219@sonic309.consmr.mail.bf2.yahoo.com> Subject: Failure Notice MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Length: 30563 Sorry, we were unable to deliver your message to the following address. <test@mydomain.com>: Unable to deliver message after multiple retries, giving up. --- Below this line is a copy of the message. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1508236495; bh=05+txvVD/0X1C1jzEbs51ITk3qlI/U56iABbC6omHQc=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject; b=mDp0ROYHIb64wmkZedr5AJ5Tr+D0DBAlQ8E2oW5ZO7V/BzqYof89/le/xR4xdUiRCMCJ0fDKNFFcs54nsgCt/QJ092SpLvkvBoFP37Y5TU0OWOH7M8zmoIAcyfYLQyC9HReYaWgcwkWyD6d70AXwOyE93ReApl46xo3+/ocm8zugO7T5RqtrsQmK5Ufr0GKo7scE6q9K0Crfcdke2FX3xQ55Xctr/JW4R+5KUgmw4iKZzOmlvz7XTj4baSp5fkNURkKkjViihYyZnjzdu2Wdi4mZaLMxFWmaTy3aUBOtvptJTG18if3zNcqCtWmQQEsyU4wTRGd/p8hfCygb0cly2g== X-YMail-OSG: 8U.aQjsVM1nQWEX9W4_6faDyxdY3HwSgCPyG5deJnM2q5PD8vG8Dz6FJPMm4gVa fNvkk6oB8kwLRbFQ98skbWm2v5zzaEbRehoj7fEZtylioWiy4D13HNYIdX42sY.OXj1K5jRkFGiw IW56WSiD652kP.yuOzuNE5_mADT5Bry4g.M_Lhfpsg42.hTW0xsYAyFac0UWeLTUy6tLjWBSaLbb lGcyjCeGY58ifsKrc8zNfiZsdHiYt35.XT8oBiMEKppl6KUpTXfnthUTqmb1ZrcIJyTDPs4xYqna REbEHPqyBSgAUa8dScrwFvcdrQfshXmiIEfU.Wd35A4OKVZYZxzDnQ8TuK5ttXpigMwna7bq_tvZ DncMPlWs7PuVcBdrDLkW2ID0_8U5eRsXz6yzTVkwSQYFppDOlxxoQiHLx9b5dbNP76OShzk8hhO3 nwe8cn.EN_Q.RMkN4HlajXaGziE.7SH5XPurm.NXGkHm_Zdxz17O0JAj86Wg- Received: from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.bf2.yahoo.com with HTTP; Tue, 17 Oct 2017 10:34:55 +0000 Date: Tue, 17 Oct 2017 07:36:05 +0000 (UTC) From: test <test@mydomain.com> To: =?UTF-8?B?2KzZiNin2K8g2LTYudin2LnbjA==?= <test@mydomain.com> Message-ID: <1001794763.351576.1508225766737@mail.yahoo.com> In-Reply-To: <2076977144.308793.1508219707757@mail.yahoo.com> References: <2076977144.308793.1508219707757.ref@mail.yahoo.com> <2076977144.308793.1508219707757@mail.yahoo.com> Subject: Fw: scasdfddd MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_351575_1109119668.1508225766737" X-Mailer: WebService/1.1.10774 YMailNorrin Mozilla/5.0 (Windows NT 6.3; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0 Content-Length: 11219432 ------=_Part_351575_1109119668.1508225766737 Content-Type: multipart/alternative; boundary="----=_Part_351568_178096500.1508225765923" ------=_Part_351568_178096500.1508225765923 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ----- Forwarded Message ----- From: test <test@mydomain.com>To: = =D8=AC=D9=88=D8=A7=D8=AF =D8=B4=D8=B9=D8=A7=D8=B9=DB=8C <test@mydomain.com> Sent: Tuesday, October 17, 2017, 9:25:08 AM GMT+3:30Subject: scasdfddd dfdsfsffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff =20 ------=_Part_351568_178096500.1508225765923 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body><div style=3D"font-family:Helvetica Neue, Helvetic= a, Arial, sans-serif;font-size:13px;"><div></div> <div>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br></div><div><br></div> =20 <div id=3D"ydp23e139d9yahoo_quoted_8242600409" class=3D"ydp23e1= 39d9yahoo_quoted"> <div style=3D"font-family:'Helvetica Neue', Helvetica, Aria= l, sans-serif;font-size:13px;color:#26282a;"> <div>----- Forwarded Message -----</div> <div><b>From:</b> test <test@mydomain.com>= ;</div><div><b>To:</b> =D8=AC=D9=88=D8=A7=D8=AF =D8=B4=D8=B9=D8=A7=D8=B9=DB= =8C <test@mydomain.com></div><div><b>Sent:</b> Tuesday, October 17,= 2017, 9:25:08 AM GMT+3:30</div><div><b>Subject:</b> scasdfddd</div><div><b= r></div> <div><div style=3D"font-family:Helvetica Neue, Helvetic= a, Arial, sans-serif;font-size:13px;"><div>dfdsfsffffffffffffffffffffffffff= ffffffffffffffffffffffffffffffffffffff<br></div></div></div> </div> </div></div></body></html> ------=_Part_351568_178096500.1508225765923-- ------=_Part_351575_1109119668.1508225766737 Content-Type: application/pdf Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Microsoft Lync Server 2013 Step by Step for Anyone_REV014.pdf" Content-ID: <b088c57a-957b-2761-59c8-16dcf0766adc@yahoo.com> JVBERi0xLjUNJeLjz9MNCjU5NjcgMCBvYmoNPDwvTGluZWFyaXplZCAxL0wgODMwMzY2Mi9PIDU5 NjkvRSAxOTUzMzkvTiAyNTgvVCA4MzAwMTU2L0ggWyA1MjMgMjM2NF0+Pg1lbmRvYmoNICAgICAg DQo1OTg3IDAgb2JqDTw8L0RlY29kZVBhcm1zPDwvQ29sdW1ucyA1L1ByZWRpY3RvciAxMj4+L0Zp bHRlci9GbGF0ZURlY29kZS9JRFs8QkUyODQxNEY3MkFBMzE0M0EzRkEyOTZENUY2NTMxMkU+PEY3 NDA0MERBMjZGNzVCNERBOTc0QTBFMTNENzI3NkMzPl0vSW5kZXhbNTk2NyAyOV0vSW5mbyA1OTY2 IDAgUi9MZW5ndGggMTA4L1ByZXYgODMwMDE1Ny9Sb290IDU5NjggMCBSL1NpemUgNTk5Ni9UeXBl L1hSZWYvV1sxIDMgMV0+PnN0cmVhbQ0KaN5iYmRgEGBgYmDgNgeRDE0gkmkLiGReACJZVEDkxHlA kilXFsRm/A9WEwoipQJApM4+sIg7iGTVBKvhApFiJ8EiRSBSIBtEZr0Ay4oAyX/svxiYGBnE74Ht ZWAkQP5neL3zF0CAAQA49BFJDQplbmRzdHJlYW0NZW5kb2JqDXN0YXJ0eHJlZg0KMA0KJSVFT0YN CiAgICAgICANCjU5OTUgMCBvYmoNPDwvQyAzNDkyL0ZpbHRlci9GbGF0ZURlY29kZS9JIDM1MTgv TGVuZ3RoIDIyNzAvUyAzMzY2Pj5zdHJlYW0NCmje7FdvUFPZFb8vL3lESDJ5ITjwRBcCyJ9xMTQk Im01mAdEZd0IhA1ZWUlFeAI7VQuIzq5zkQSfrFvZWTWAu/WBgIFRh1ra8c/UJSOrO647VasodmaX 0u00dNotbv3U3XZ77gu0O/3ar5vc3HvuOb9zzu+c+17mPYSQEiHF22RW/wAZ0H8/BtAx8FPPIgpR [remainder of message body omitted; too large]
 |
| Resolv.conf reset automatically after reboot to the wrong dns Posted: 10 Jul 2021 05:04 PM PDT With my ubuntu 16.04, my /etc/resolv.conf change every system start cat /etc/resolv.conf nameserver 127.0.0.1
Network-manager have the correct dns name server 192.168.1.1
I removed bind9 and all related packages.
No special config on rc folders nor rc.local
No dns-nameserver options with /etc/network/interfaces. I missed something? What app can change this file automatically?  |
| Apache 2.4 with Kerberos Auth and LDAP Authorization Posted: 10 Jul 2021 03:03 PM PDT I am trying to setup an Apache SVN repository with Kerberos authentication and LDAP group membership authorization, so that only users that belong to a specific group can access it. Kerberos auth on its own is working OK, as LDAP on its own does. But I'd like to combine them in such way, so that I have no plain-text credentials to bind to the LDAP directory in the apache configuration. My current config (which does not work) is: LDAPVerifyServerCert Off <Location /svn01> DAV svn SVNParentPath /var/www/svn01 AuthType Kerberos Authname "Test Repo" KrbMethodK5Passwd On KrbAuthRealms KOUKOU.LOCAL KrbSaveCredentials On KrbServiceName HTTP Krb5KeyTab /etc/httpd/conf.d/svnusr.http.keytab AuthLDAPUrl ldaps://ad01.koukou.local:636/dc=koukou,dc=local?krbPrincipalName Require ldap-group CN=admins,CN=Users,DC=koukou,DC=local </Location>
I've seen this kind of configuration on the internet, but it does not work for me. What I'm getting in browser is "Unauthorized" and in apache error log I get: [Thu Mar 02 09:55:21.817559 2017] [authnz_ldap:debug] [pid 10314] mod_authnz_ldap.c(838): [client 172.21.11.13:57737] AH01711: auth_ldap authorise: User DN not found, User not found
and [Thu Mar 02 09:55:21.817605 2017] [authz_core:error] [pid 10314] [client XXX.XXX.XXX.XXX:57737] AH01631: user username@KOUKOU.LOCAL: authorization failure for "/svn01/repo":
Am I getting something wrong? Even if a add a segment to bind with credentials in the config, I'm still getting the above errors. Apache version is 2.4.6, Centos is 7.2 and Windows AD is 2012R2 with 2008 functional level. Thanks in advance, Nick  |
| Postfix Failed to start : unable to set exclusive lock: Resource temporarily unavailable Posted: 10 Jul 2021 09:17 PM PDT Postfix was running well untill I decided for some reason to restart since I updated message_size_limit By doing this postconf -e message_size_limit=24840000 Stopped it and Now ... Postfix wont start , It keeps on saying fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable I tried reverting the change but no luck, Sep 23 20:47:45 example.com systemd[1]: Starting Postfix Mail Transport Agent... Sep 23 20:47:45 example.com postfix/postfix-script[13392]: starting the Postfix mail system Sep 23 20:47:45 example.com postfix/master[13394]: fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable Sep 23 20:47:46 example.com postfix/master[13393]: fatal: daemon initialization failure Sep 23 20:47:47 example.com postfix/postfix-script[13395]: fatal: mail system startup failed Sep 23 20:47:47 example.com systemd[1]: postfix.service: control process exited, code=exited status=1 Sep 23 20:47:47 example.com systemd[1]: Failed to start Postfix Mail Transport Agent. Sep 23 20:47:47 example.com systemd[1]: Unit postfix.service entered failed state. Sep 23 20:47:47 example.com systemd[1]: postfix.service failed.
If it would help , I also installed SSL from LetsEncrypt like 2 weeks ago , perhaps that might be the cause of the problem?  |
| Event ID 9646 What is a Folder View Object and how is it used by Outlook/Exchange in the MAPI session? Posted: 10 Jul 2021 08:02 PM PDT Error is: Mapi session (UserMAPI session LegacyDN ID) with client type MoMT exceeded the maximum of 500 objects of type FolderView. Current setup: Outlook 365 Pro Plus client and Exchange server 2013 CU6 on-premise houses the mailboxes I am trying to find out what the folder view object is and how it is used, this error is only appearing for one user reporting freezing when he goes to edit calendar items. He has other glitchy behaviour as well which I am still trying to troubleshoot but so far the most obvious is the event error being recorded. I have increased the counts via the registry fix as suggested by many sites and blogs, but I still want to know what the Folder Object view is and why he is reaching the max in the first place. Last count I did he had a total of 376 folder (he has full control to multiple mailboxes). Can anyone elaborate or know of a site that explains what a folder view is and how a user can reach the maximum? Thanks Shal  |
| 503 AUTH command used when not advertised exim4 - Outlook Posted: 10 Jul 2021 10:04 PM PDT I do keep on getting this error: 503 AUTH command used when not advertised I have seen this question: exim configuration: 503 AUTH command used when not advertised The difference is that I do not even have the AUTH option displayed when I telnet to the server. EHLO example: Escape character is '^]'. 220 mail.server.com ESMTP Exim 4.80 Wed, 20 Jan 2016 23:41:12 +0000 ehlo maciej 250-mail.server.com Hello maciej [185.83.216.7] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250 HELP auth 503 AUTH command used when not advertised HELO example: Escape character is '^]'. 220 mail.server.com ESMTP Exim 4.80 Wed, 20 Jan 2016 23:42:54 +0000 helo maciej 250 mail.server.com Hello maciej [185.83.216.7]
As per the post and this document (saved page) I have tried to enable hosts = * control = allow_auth_unadvertised
but either I am doing this in a wrong place or it just does not work. I have also tried google-ing, tried few examples that I have found but neither worked. What I am trying to achieve is: Connect Outlook (as per title) with my servers exim4. PS. Thunderbird and RainLoop seems to be working fine. It's just the Outlook that refuses to work. Does anyone know how I can get this working?  |
| How can I use openssl to get results from HTTP GET requests? Posted: 10 Jul 2021 05:49 PM PDT I need to use openssl to perform some HTTP GET requests in a shell script. The line I'm using to do this right now is shown below. This is parsing the content of an XML response of the following formats. <Result>success</Result>
<Result>failure</Result>
echo -e "GET /test HTTP/1.1\r\nHost:$(hostname)\r\n\r\n" | openssl 2>&1 s_client -quiet -connect server-url:443 | grep -o -P --color '(?<=Result\>).*(?=\</Result)'
This works and returns the string 'success' or 'failure' accordingly. The problem I'm facing is that the openssl command does not terminate after doing the GET request but instead sits there waiting on more input. I believe this is due to the implicit -ign_eof which prevents automatic termination caused by the -quiet option. I've tried using the -no_ign_eof option but that causes the openssl command to terminate before the GET request has received a response so I can't get the content of the response if I use that. How can I modify this command so I can pass the GET request through stdin (required as I want to put this in a loop) but have the openssl command terminate after each request?  |
| How to compile FreeTDS on FreeBSD10.0-64 in a right way Posted: 10 Jul 2021 10:04 PM PDT When i try compile freetds-stable from source (today is a 0.91 version) with: ./configure --with-iodbc=/usr/local --with-tdsver=7.2 --disable-libiconv make make install
i didn't find the libtdsodbc.so library as it was in the previous version from the original ports. There were just .a and .la extension files. So where i can find it, or how to compile it in a right way cause the iODBC refers to .so library in odbcinst.ini config: [FreeTDS] Description=freetds driver Driver=/usr/local/lib/libtdsodbc.so
 |
| Can't connect to oracle remotelly Posted: 10 Jul 2021 07:06 PM PDT I've been trying to install oracle in my home for more than a month now, but I still having some issues. Currently I have the server installed and running on a dedicated Win2k8R2 virtual machine. The installation seems alright. Locally it works the way it's supposed to do. However I can't logon remotely in sqlplus/sqldeveloper/Visual Studio or whatsoever. Initially I was getting a ORA-12514 error. After I corrected the TNS I got stuck on this situation whenever I try to logon: C:\>sqlplus gama@main SQL*Plus: Release 11.2.0.3.0 Production on Tue Jan 17 09:22:43 2012 Copyright (c) 1982, 2011, Oracle. All rights reserved. Enter password:
The connection get stucked after I give the password and hit enter. There is no error message. I tough that I would receive a timeout, but no matter how long I wait, nothing happens (yesterday, it took a 3 hour skyrim session before I give up and hit CTRL+C) Again, I can connect locally and also I have no firewall problems (I've even disabled the firewall in client and server). The client machine can connect to the server via Remote desktop. The connection to Oracle is established as I can confirm in netstat and finally, here's the output of the LSNRCTL services for the server while in the 'stuck state': LSNRCTL> services Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521))) Services Summary... Service "CLRExtProc" has 1 instance(s). Instance "CLRExtProc", status UNKNOWN, has 1 handler(s) for this service... Handler(s): "DEDICATED" established:0 refused:0 LOCAL SERVER Service "MAIN.WIN2k8-ORACLE" has 1 instance(s). Instance "main", status READY, has 1 handler(s) for this service... Handler(s): "DEDICATED" established:1 refused:0 state:ready LOCAL SERVER Service "MAINXDB.WIN2k8-ORACLE" has 1 instance(s). Instance "main", status READY, has 1 handler(s) for this service... Handler(s): "D000" established:0 refused:0 current:0 max:1022 state:ready DISPATCHER <machine: WIN2K8-ORACLE, pid: 1712> (ADDRESS=(PROTOCOL=tcp)(HOST=WIN2k8-ORACLE)(PORT=49160)) The command completed successfully
Note the service MAIN.WIN2k8-ORACLE has 1 established connection. I do have some experience developing for Oracle but this is the first time I try to install it. Thanks in advance. ====EDIT======
Folow my tnsnames.ora: MAIN = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = <MY SERVER'S IP>)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = MAIN.WIN2k8-ORACLE) ) )
 |
| block access to wrt from vlan using iptables dd-wrt Posted: 10 Jul 2021 08:02 PM PDT I set up multiple isolated vlans in dd-wrt. Now I need to forward a port to vlan2. I isolated the vlans using: iptables -I FORWARD -i br0 -o vlan2 -j DROP iptables -I FORWARD -i br0 -o vlan3 -j DROP iptables -I FORWARD -i br0 -o vlan4 -j DROP
Now I need to block a clients on each vlan from accessing the router. This doesn't work: iptables -I INPUT -i br0 -o vlan2 --dport telnet -j REJECT --reject-with tcp-reset
I'm new it iptables... am I missing something?  |
No comments:
Post a Comment