| The virtual machine was deleted while its host was disconnected from vCenter Server during clone VM from Esxi host to Esxi host Posted: 23 Oct 2021 09:04 PM PDT In my case I want to clone the VM from esxi01 to esxi02 but it alway fail with the status "The virtual machine was deleted while its host was disconnected from vCenter Server"  |
| Permission denied (publickey) Google Cloud Posted: 23 Oct 2021 09:02 PM PDT ssh-copy-id root@34.71.159.89 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@34.71.159.89: Permission denied (publickey). qaisarmughal69@lamp-upwork-1:~/.ssh$ I have a server public key i have to add it to my cloud VM and im not able to authenticate it after via command ssh root@34.71.159.89  |
| domain.com:8123 > domain.com/page? Posted: 23 Oct 2021 07:39 PM PDT I only do public-facing internet stuff every once in a while, so it seems like every time I want to do something new, its a challenge. I have an nginx server hosting a page at domain.com, and I also have an instance of homeassistant at domain.com:8123. What I would like to do is, either through Nginx, or DNS records, or however's best, is redirect domain.com:8123 to domain.com/homeassistant. I also just want to make sure a couple things: - If I redirect to
domain.com/homeassistant, would domain.com:8123/foo become domain.com/homeassistant/foo, and so forth? - Would my SSL certificate for
domain.com also certify domain.com/homeassistant? Currently, domain.com:8123 is an "insecure" connection since it's on a different port, and the certificate doesn't cover that. Thanks, and apologies for the ignorance.  |
| Require root password when executing "sudo -s" Posted: 23 Oct 2021 06:59 PM PDT I have a CentOS 7 server on AWS. When logged in with the centos user, how can I prevent sudo -s logging in to root without requiring root's password? [root@server ~]# cat /etc/sudoers | grep rootpw Defaults rootpw [root@server ~]# getent group wheel wheel:x:10:centos [root@server ~]# gpasswd -d centos wheel Removing user centos from group wheel [root@server ~]# getent group wheel wheel:x:10: [root@server ~]# su centos [centos@server root]$ sudo -s [root@server ~]# !!!!!!!!!!!!!!!!
 |
| Can ESXI be Installed to a partitioned HDD Posted: 23 Oct 2021 06:38 PM PDT I am trying to install VMware ESXi on a 1TB hard drive that has (several) existing Windows 10 partitions on it, and some free spaces. - I don't want to install ESXi onto a USB flash drive or SD card
- and I can't loose my Windows 10
Would it be possible? Also, would I be able to choose which to boot to, Windows or ESXi, via my EFI firmware?  |
| Postfix: How to forward mail matching a specific pattern to a local mailbox, instead of a catch-all? Posted: 23 Oct 2021 06:26 PM PDT I have a Postfix mailserver, and when I made it I expected to be the only user, so I set up a catch-all rule using a virtual_alias_maps rule using regexp mode: /.+@example.com/ username
I have since then given out several ...@example.com addresses to different people and websites, so I need to maintain the catch-all rule. However, now I need to create a separate mailbox that should receive mail that has a specific prefix: a message sent to whatever@example.com should still go to the username mailbox, but mail to prefix-whatever@example.com should go to prefixed instead. The obvious idea of putting the second rule into the regexp file doesn't work, and the mail still goes to the catch-all: /prefix-.+@example.com/ prefixed /.+@example.com/ username
Neither does creating a separate file for the catch-all rule, and putting it after the prefix one: virtual_alias_maps=regexp:/etc/postfix/regexp-prefix-rule, regexp:/etc/postfix/regexp-catchall
 |
| Slow Windows Virtualbox VM on a Ubuntu Cloud Server Posted: 23 Oct 2021 06:24 PM PDT I am trying to run a Windows 10 Virtualbox VM on a Ubuntu 20.04 cloud server from DigitalOcean (2 vCPU, 4GB memory, Premium Intel with NVMe SSD), which I suppose is nesting a VM in another VM. However, the Windows VM appears to run extremely slowly. Under the Virtualbox settings, the Windows VM has been provided with 2GB of memory and 2 CPU core. The virtualization setting has been set to KVM. Do you expect the Windows VM to run so slowly? Is it because this is a nested VM? Is there a Virtualbox setting or 2 to run this VM more efficiently? Thanks!  Windows 10 VM running using Virtualbox in a VNC session with xfce desktop environment. Stuck at "Just a moment" screen for over 30 minutes
 |
| Server changes Domain Name to IP in address bar Posted: 23 Oct 2021 05:05 PM PDT I'm no server guru so looking for some assistance. I am hosting a laravel project on a digital ocean droplet, and pointing a subdomain registered at godaddy to said droplet. The address bar is updating to display the server IP rather than the relevant domain when attempting to access the site. The Domain is split into two parts with the base domain pointing to a wordpress server, and the myaccount subdomain pointing to a digital ocean droplet. Domain Name: myaccount.alphamark.net registered at godaddy DNS records applied: CNAME www -> @ A @ -> 35.237.30.127 A myaccount -> 184.168.131.241 (automatically set by godaddy when setting forwarding rule to point towards the server at 68.183.26.235, I'm guessing some internal forwarding address). Digital Ocean Droplet IP: 68.183.26.235 Server Configurations: Nginx Conf Proxy Params Virtual Host Laravel Application Environment: APP_NAME=AlphamarkClient APP_ENV=production APP_DEBUG=false APP_URL=https://myaccount.alphamark.net When attempting to access the subdomain, the server can be accessed. However, the address bar updates to reflect the server IP. This also breaks the ssl certificate do to it being registered to the subdomain. Any help with identifying which part of my setup is causing this behavior would be greatly appreciated.  |
| Right method to start namenode (HDFS) Posted: 23 Oct 2021 03:01 PM PDT I have a Hadoop Cluster over 2 nodes which i launch the namenode on master like so : hdfs namenode -regular
Is this command a good alternative to the hdfs --daemon start namenode ? and why my start-dfs opens datanode on the master ? Thanks for clarifying this.  |
| Error getting the correct Python3 dependency Posted: 23 Oct 2021 02:48 PM PDT I get this error when trying to install HTCondor on Amazon Linux 2 instance: Error: Package: python3-condor-8.8.15-1.el7.x86_64 (htcondor-stable) Requires: libpython3.6m.so.1.0()(64bit)
I tried installing python 3.6 on my own (given that the one installed was 3.7) and in /usr/local/lib I have libpython3.6m.so.1.0. Is this the same as libpython3.6m.so.1.0()(64bit)? Adding it to the LD Library Path (export LD_LIBRARY_PATH=/usr/local/lib/) doesn't seem to work.  |
| IPv4 DNS address not working, but IPv6 works Posted: 23 Oct 2021 02:25 PM PDT my server is not able to resolve hostnames using the IPv4 address of a DNS server. But when I use the IPv6 address of the same DNS, it works properly. This is what happens when I use IPv4 DNS, $ dig @8.8.8.8 www.google.com ; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> @8.8.8.8 www.google.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached $ dig @8.8.4.4 www.google.com ; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> @8.8.4.4 www.google.com ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached
And this is the result of using IPv6, $ dig @2001:4860:4860::8888 www.google.com ; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> @2001:4860:4860::8888 www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31987 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 112 IN A 216.58.212.164 ;; Query time: 5 msec ;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888) ;; WHEN: Sat Oct 23 23:02:36 CEST 2021 ;; MSG SIZE rcvd: 59 $ dig @2001:4860:4860::8844 www.google.com ; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> @2001:4860:4860::8844 www.google.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31798 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 300 IN A 142.250.185.196 ;; Query time: 26 msec ;; SERVER: 2001:4860:4860::8844#53(2001:4860:4860::8844) ;; WHEN: Sat Oct 23 23:02:58 CEST 2021 ;; MSG SIZE rcvd: 59
I am able to ping the DNS server using the IPv4, $ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=5.10 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=5.14 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=5.06 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=5.08 ms 64 bytes from 8.8.8.8: icmp_seq=5 ttl=118 time=5.14 ms 64 bytes from 8.8.8.8: icmp_seq=6 ttl=118 time=5.08 ms 64 bytes from 8.8.8.8: icmp_seq=7 ttl=118 time=5.06 ms ^C --- 8.8.8.8 ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 6007ms rtt min/avg/max/mdev = 5.058/5.093/5.142/0.082 ms
Also here is my Network Manager configuration, connection.id: System eno1 connection.uuid: xxxx connection.stable-id: -- connection.type: 802-3-ethernet connection.interface-name: eno1 connection.autoconnect: yes connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (default) connection.multi-connect: 0 (default) connection.auth-retries: -1 connection.timestamp: 1635023380 connection.read-only: no connection.permissions: -- connection.zone: -- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) connection.secondaries: -- connection.gateway-ping-timeout: 0 connection.metered: unknown connection.lldp: default connection.mdns: -1 (default) connection.llmnr: -1 (default) connection.wait-device-timeout: -1 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: no 802-3-ethernet.mac-address: -- 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.generate-mac-address-mask:-- 802-3-ethernet.mac-address-blacklist: -- 802-3-ethernet.mtu: auto 802-3-ethernet.s390-subchannels: -- 802-3-ethernet.s390-nettype: -- 802-3-ethernet.s390-options: -- 802-3-ethernet.wake-on-lan: default 802-3-ethernet.wake-on-lan-password: -- ipv4.method: auto ipv4.dns: 1.1.1.1,1.0.0.1 ipv4.dns-search: -- ipv4.dns-options: -- ipv4.dns-priority: 0 ipv4.addresses: xxx.xxx.xx.xxx/32 ipv4.gateway: xxx.xxx.xx.xxx ipv4.routes: -- ipv4.route-metric: -1 ipv4.route-table: 0 (unspec) ipv4.routing-rules: -- ipv4.ignore-auto-routes: no ipv4.ignore-auto-dns: yes ipv4.dhcp-client-id: -- ipv4.dhcp-iaid: -- ipv4.dhcp-timeout: 0 (default) ipv4.dhcp-send-hostname: yes ipv4.dhcp-hostname: -- ipv4.dhcp-fqdn: -- ipv4.dhcp-hostname-flags: 0x0 (none) ipv4.never-default: no ipv4.may-fail: yes ipv4.dad-timeout: -1 (default) ipv4.dhcp-vendor-class-identifier: -- ipv4.dhcp-reject-servers: -- ipv6.method: auto ipv6.dns: -- ipv6.dns-search: -- ipv6.dns-options: -- ipv6.dns-priority: 0 ipv6.addresses: xxxx:xxx:xxx:xxxx::2/64 ipv6.gateway: xxxx::1 ipv6.routes: -- ipv6.route-metric: -1 ipv6.route-table: 0 (unspec) ipv6.routing-rules: -- ipv6.ignore-auto-routes: no ipv6.ignore-auto-dns: yes ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: -1 (unknown) ipv6.addr-gen-mode: eui64 ipv6.ra-timeout: 0 (default) ipv6.dhcp-duid: -- ipv6.dhcp-iaid: -- ipv6.dhcp-timeout: 0 (default) ipv6.dhcp-send-hostname: yes ipv6.dhcp-hostname: -- ipv6.dhcp-hostname-flags: 0x0 (none) ipv6.token: -- proxy.method: none proxy.browser-only: no proxy.pac-url: -- proxy.pac-script: -- GENERAL.NAME: System eno1 GENERAL.UUID: xxxx GENERAL.DEVICES: eno1 GENERAL.IP-IFACE: eno1 GENERAL.STATE: activated GENERAL.DEFAULT: yes GENERAL.DEFAULT6: yes GENERAL.SPEC-OBJECT: -- GENERAL.VPN: no GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/10 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/1 GENERAL.ZONE: -- GENERAL.MASTER-PATH: -- IP4.ADDRESS[1]: xxx.xxx.xx.xxx/32 IP4.ADDRESS[2]: xxx.xxx.xx.xxx/26 IP4.GATEWAY: xxx.xxx.xx.xxx IP4.ROUTE[1]: dst = xxx.xxx.xx.xxx/26, nh = 0.0.0.0, mt = 100 IP4.ROUTE[2]: dst = xxx.xxx.xx.xxx/32, nh = 0.0.0.0, mt = 100 IP4.ROUTE[3]: dst = 0.0.0.0/0, nh = xxx.xxx.xx.xxx, mt = 100 IP4.DNS[1]: 1.1.1.1 IP4.DNS[2]: 1.0.0.1 DHCP4.OPTION[1]: dhcp_lease_time = 43200 DHCP4.OPTION[2]: dhcp_server_identifier = xxx.xx.xx.xxx DHCP4.OPTION[3]: domain_name = domain.com DHCP4.OPTION[4]: domain_name_servers = xxx.xxx.xx.xxx xxx.xxx.xx.xxx xxx.xxx.xx.xxx DHCP4.OPTION[5]: expiry = 1635064350 DHCP4.OPTION[6]: ip_address = xxx.xxx.xx.xxx DHCP4.OPTION[7]: next_server = xxx.xxx.xx.xxx DHCP4.OPTION[8]: requested_broadcast_address = 1 DHCP4.OPTION[9]: requested_domain_name = 1 DHCP4.OPTION[10]: requested_domain_name_servers = 1 DHCP4.OPTION[11]: requested_domain_search = 1 DHCP4.OPTION[12]: requested_host_name = 1 DHCP4.OPTION[13]: requested_interface_mtu = 1 DHCP4.OPTION[14]: requested_ms_classless_static_routes = 1 DHCP4.OPTION[15]: requested_nis_domain = 1 DHCP4.OPTION[16]: requested_nis_servers = 1 DHCP4.OPTION[17]: requested_ntp_servers = 1 DHCP4.OPTION[18]: requested_rfc3442_classless_static_routes = 1 DHCP4.OPTION[19]: requested_root_path = 1 DHCP4.OPTION[20]: requested_routers = 1 DHCP4.OPTION[21]: requested_static_routes = 1 DHCP4.OPTION[22]: requested_subnet_mask = 1 DHCP4.OPTION[23]: requested_time_offset = 1 DHCP4.OPTION[24]: requested_wpad = 1 DHCP4.OPTION[25]: routers = xxx.xxx.xx.xxx DHCP4.OPTION[26]: subnet_mask = xxx.xxx.xxx.xxx IP6.ADDRESS[1]: xxxx:xxx:xx:xxxx::x/64 IP6.ADDRESS[2]: xxxx::xxx:xxxx:xxxx:xxxx/64 IP6.GATEWAY: xxxx::1 IP6.ROUTE[1]: dst = xxxx::/64, nh = ::, mt = 100 IP6.ROUTE[2]: dst = xxxx::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[3]: dst = xxxx:xxx:xxx:xxxx::/64, nh = ::, mt = 100 IP6.ROUTE[4]: dst = ::/0, nh = fe80::1, mt = 100
I can just set the IPv6 as the default nameservers using nmcli but I also want my docker containers to use the same nameserver, but I am not able to use the IPv6 address as a nameserver on docker. Does anyone know what the issue could be? Any help is appreciated.  |
| Erreur IIS 10.0 HTTP 404.0 - Not Found Posted: 23 Oct 2021 04:17 PM PDT https://i.stack.imgur.com/W5AU8.png Hello I try to connect to the localhost of the phpadmin and its always giving me the same answer I put the photo on it, I do not see where its could come from preventing me from moving forward in my project I tried to change my internet browser, to uninstall and reinstall everything, I tried with another computer that works but just not on mine. Module IIS Web Core Notification MapRequestHandler Administrator StaticFile Error code 0x80070002 Requested url http://localhost:80/phpmyadmin/ Physical path C:\inetpub\wwwroot\phpmyadmin
Login Method Anonyme User session Anonyme  |
| Can't run docker-container 'failed to create endpoint frosty_varahamihira on network bridge' Posted: 23 Oct 2021 03:48 PM PDT When I try to run the hello-world docker image I get the following error: ubuntu@ubuntu:~$ sudo docker run hello-world docker: Error response from daemon: failed to create endpoint frosty_varahamihira on network bridge: failed to add the host (vethc6c068f) <=> sandbox (veth82a7475) pair interfaces: operation not supported. ERRO[0000] error waiting for container: context canceled
I red this post which seems to be the exact same problem but I can't manage to install a different kernel. I tried the following to install a new kernel, which led me to the next error: ubuntu@ubuntu:~$ sudo wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.7.5/amd64/linux-headers-5.7.5-050705-generic_5.7.5-050705.202006220832_amd64.deb --2021-10-22 13:47:14-- https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.7.5/amd64/linux-headers-5.7.5-050705-generic_5.7.5-050705.202006220832_amd64.deb Resolving kernel.ubuntu.com (kernel.ubuntu.com)... 91.189.94.216 Connecting to kernel.ubuntu.com (kernel.ubuntu.com)|91.189.94.216|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1223448 (1.2M) [application/x-debian-package] Saving to: 'linux-headers-5.7.5-050705-generic_5.7.5-050705.202006220832_amd64.deb' linux-headers-5.7.5-050705-generic_5.7.5-05070 100%[===================================================================================================>] 1.17M 2.53MB/s in 0.5s 2021-10-22 13:47:20 (2.53 MB/s) - 'linux-headers-5.7.5-050705-generic_5.7.5-050705.202006220832_amd64.deb' saved [1223448/1223448] ubuntu@ubuntu:~$ sudo dpkg -i *.deb dpkg: error processing archive linux-headers-5.7.5-050705-generic_5.7.5-050705.202006220832_amd64.deb (--install): package architecture (amd64) does not match system (arm64) dpkg: error processing archive linux-image-unsigned-5.14.9-051409-generic_5.14.9-051409.202109300934_amd64.deb (--install): package architecture (amd64) does not match system (arm64) Errors were encountered while processing: linux-headers-5.7.5-050705-generic_5.7.5-050705.202006220832_amd64.deb linux-image-unsigned-5.14.9-051409-generic_5.14.9-051409.202109300934_amd64.deb
For that error I found this for example, which did not help. This might also help ubuntu@ubuntu:~$ ls -l /boot total 33299 -rw------- 1 root root 5112454 Sep 29 07:51 System.map-5.13.0-1008-raspi -rw-r--r-- 1 root root 241335 Sep 29 07:51 config-5.13.0-1008-raspi drwxr-xr-x 4 root root 2560 Jan 1 1970 firmware lrwxrwxrwx 1 root root 28 Oct 13 13:29 initrd.img -> initrd.img-5.13.0-1008-raspi -rw-r--r-- 1 root root 19242515 Oct 13 13:30 initrd.img-5.13.0-1008-raspi lrwxrwxrwx 1 root root 28 Oct 13 13:29 initrd.img.old -> initrd.img-5.13.0-1008-raspi lrwxrwxrwx 1 root root 25 Oct 13 13:29 vmlinuz -> vmlinuz-5.13.0-1008-raspi -rw------- 1 root root 9492544 Sep 29 07:51 vmlinuz-5.13.0-1008-raspi lrwxrwxrwx 1 root root 25 Oct 13 13:29 vmlinuz.old -> vmlinuz-5.13.0-1008-raspi
I am using Raspberry Pi 4 Model B Rev 1.2. Here other versions: Docker ubuntu@ubuntu:~$ docker --version Docker version 20.10.7, build 20.10.7-0ubuntu5
Ubuntu OS-Version Ubuntu 21.10 aarch64
Kernel ubuntu@ubuntu:~$ uname -rn ubuntu 5.13.0-1008-raspi
I am thankful for any hint and idea!  |
| ERROR: Cannot ioctl TUNSETIFF tun1: Operation not permitted (errno=1) Posted: 23 Oct 2021 05:58 PM PDT I am trying to use openvpn to install the vpn but very unsuccessful from couple of days. Appreciate your help in this case. openvpn vpnbook-ca198-tcp443.ovpn 2021-10-20 20:32:18 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2021-10-20 20:32:18 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning. 2021-10-20 20:32:18 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2021-10-20 20:32:18 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 🔐 Enter Auth Username: vpnbook 🔐 Enter Auth Password: *******
2021-10-20 20:32:37 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2021-10-20 20:32:37 NOTE: --fast-io is disabled since we are not using UDP 2021-10-20 20:32:37 TCP/UDP: Preserving recently used remote address: [AF_INET]198.27.69.198:443 2021-10-20 20:32:37 Socket Buffers: R=[131072->131072] S=[16384->16384] 2021-10-20 20:32:37 Attempting to establish TCP connection with [AF_INET]198.27.69.198:443 [nonblock] 2021-10-20 20:32:37 TCP connection established with [AF_INET]198.27.69.198:443 2021-10-20 20:32:37 TCP_CLIENT link local: (not bound) 2021-10-20 20:32:37 TCP_CLIENT link remote: [AF_INET]198.27.69.198:443 2021-10-20 20:32:37 TLS: Initial packet from [AF_INET]198.27.69.198:443, sid=d1e1f50f dcea1bbc 2021-10-20 20:32:37 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com 2021-10-20 20:32:37 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com 2021-10-20 20:32:37 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA 2021-10-20 20:32:37 [vpnbook.com] Peer Connection Initiated with [AF_INET]198.27.69.198:443 2021-10-20 20:32:38 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1) 2021-10-20 20:32:38 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 213.186.33.99,dhcp-option DNS 91.239.100.100,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.6 10.9.0.5,peer-id 0,cipher AES-256-GCM' 2021-10-20 20:32:38 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results 2021-10-20 20:32:38 OPTIONS IMPORT: timers and/or timeouts modified 2021-10-20 20:32:38 OPTIONS IMPORT: --ifconfig/up options modified 2021-10-20 20:32:38 OPTIONS IMPORT: route options modified 2021-10-20 20:32:38 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2021-10-20 20:32:38 OPTIONS IMPORT: peer-id set 2021-10-20 20:32:38 OPTIONS IMPORT: adjusting link_mtu to 1627 2021-10-20 20:32:38 OPTIONS IMPORT: data channel crypto options modified 2021-10-20 20:32:38 Data Channel: using negotiated cipher 'AES-256-GCM' 2021-10-20 20:32:38 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-10-20 20:32:38 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-10-20 20:32:38 net_route_v4_best_gw query: dst 0.0.0.0 2021-10-20 20:32:38 net_route_v4_best_gw result: via 192.168.1.1 dev eth0 2021-10-20 20:32:38 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:9d:e6:b6 2021-10-20 20:32:38 ERROR: Cannot ioctl TUNSETIFF tun1: Operation not permitted (errno=1) 2021-10-20 20:32:38 Exiting due to fatal error  |
| Clickhouse: Failed to get D-Bus connection: Operation not permitted - CentOS 7, no docker image Posted: 23 Oct 2021 02:03 PM PDT I am trying to set up a Clickhouse server on my WSL which is based on CentOS. After following instructions in this page, and installing the DB successfully, when I want to enable the service I get following: # systemctl enable clickhouse-server clickhouse-server.service is not a native service, redirecting to /sbin/chkconfig. Executing /sbin/chkconfig clickhouse-server on
And when I want to start the service, I get the below error: # systemctl start clickhouse-server Failed to get D-Bus connection: Operation not permitted
I googled but all I got were issues about CentOS docker images which did not work for me. Is there any way to make it work?  |
| Adding machines to the domain in a Read Only Domain Controller (RODC) site Posted: 23 Oct 2021 04:07 PM PDT I have a site with terrible physical security and a terrible network connection. So I need a domain controller onsite (for when the network connection goes down) but it also needs to be a RODC for security reasons. The machines onsite in this office have access to other read write domain controllers in other parts of the network. There's no firewall blocking them. I just don't want someone to be able to plug a keyboard / mouse into our domain controller on site and change stuff. When adding new machines to the domain on this site, do I need to follow the process of creating a computer object in AD and then doing an offline domain join (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd392267(v=ws.10))? Or can I somehow force machines that are currently not part of the domain to go to a RWDC (configured in another AD site) to get added to the domain the normal way?  |
| Gmail rejects forwarded mail with DMARC but I AM using SRS Posted: 23 Oct 2021 05:08 PM PDT I'm forwarding mail from my domain leif@example.org to leifex@gmail.com. I have followed this: Why is Google rejecting mails forwarded from my Postfix server? Install pfix-srs. Create an spf record for my mail servers domain, allowing my ip4 and ip6 to send. (E.g. v=spf1 ip4:1.1.1.1 ip6:abcd:abc:123:4567::8 ~all) Create an rdns entry for my mail severs domain, pointing to its IP. My difference is I'm using postsrsd instead of pfix-srs and I'm using the domainname of my server instead of listing the ipv4 and ipv6 addresses. I have rdns to both ipv4 and ipv6. gmail rejects the mail with 550-5.7.1 Unauthenticated email from netflix.com is not accepted due to domain's 550-5.7.1 DMARC policy. It is as if gmail is not looking at the SRS-rewritten addresses, according to the logs the addresses DO get rewritten. What am I missing? I am using MailScanner, so the message ids in the log gets changed in the way from received to sent. Jan 17 22:09:10 mail postfix/smtpd[9438]: connect from a41-48.smtp-out.amazonses.com[54.240.41.48] Jan 17 22:09:11 mail postfix/smtpd[9438]: 3396B328CF: client=a41-48.smtp-out.amazonses.com[54.240.41.48] Jan 17 22:09:11 mail postsrsd[9443]: srs_forward: <010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@mailer.netflix.com> rewritten as <SRS0=YrTC=PZ=mailer.netflix.com=010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@example.org> Jan 17 22:09:11 mail postfix/cleanup[9442]: 3396B328CF: hold: header Received: from a41-48.smtp-out.amazonses.com (a41-48.smtp-out.amazonses.com [54.240.41.48])?? by mail.example.org (Postfix) with ESMTPS id 3396B328CF??for <leif@example.org>; Thu, 17 Jan 2019 22:09:11 +0100 from a41-48.smtp-out.amazonses.com[54.240.41.48]; from=<srs0=yrtc=pz=mailer.netflix.com=010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@example.org> to=<leif@example.org> proto=ESMTP helo=<a41-48.smtp-out.amazonses.com> Jan 17 22:09:11 mail postfix/cleanup[9442]: 3396B328CF: message-id=<010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@email.amazonses.com> Jan 17 22:09:11 mail opendkim[812]: 3396B328CF: a41-48.smtp-out.amazonses.com [54.240.41.48] not internal Jan 17 22:09:11 mail opendkim[812]: 3396B328CF: not authenticated Jan 17 22:09:12 mail opendkim[812]: 3396B328CF: message has signatures from netflix.com, amazonses.com Jan 17 22:09:12 mail opendkim[812]: 3396B328CF: signature=c9tTKm4w domain=netflix.com selector=emotixlbezkp6gpvmko5lunmgwd5syff result="no signature error"; signature=VmSNlFSx domain=amazonses.com selector=ug7nbtf4gccmlpwj322ax3p6ow6yfsug result="no signature error" Jan 17 22:09:12 mail opendkim[812]: 3396B328CF: DKIM verification successful Jan 17 22:09:12 mail opendkim[812]: 3396B328CF: s=emotixlbezkp6gpvmko5lunmgwd5syff d=netflix.com SSL Jan 17 22:09:13 mail MailScanner[31292]: Requeue: 3396B328CF.A0D92 to C662E32963 Jan 17 22:09:13 mail postfix/qmgr[9218]: C662E32963: from=<srs0=yrtc=pz=mailer.netflix.com=010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@example.org>, size=89685, nrcpt=1 (queue active) Jan 17 22:09:13 mail MailScanner[31292]: Uninfected: Delivered 1 messages Jan 17 22:09:13 mail MailScanner[31292]: Deleted 1 messages from processing-database Jan 17 22:09:13 mail postfix/qmgr[9218]: 97B26328CF: from=<srs0=yrtc=pz=mailer.netflix.com=010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@example.org>, size=90760, nrcpt=1 (queue active) Jan 17 22:09:13 mail postfix/smtp[9497]: Trusted TLS connection established to gmail-smtp-in.l.google.com[2a00:1450:400c:c02::1b]:25: TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits) Jan 17 22:09:14 mail postfix/smtp[9497]: 97B26328CF: to=<leifex@gmail.com>, orig_to=<leif@example.org>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c02::1b]:25, delay=0.5, delays=0.01/0/0.26/0.23, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c02::1b] said: 550-5.7.1 Unauthenticated email from netflix.com is not accepted due to domain's 550-5.7.1 DMARC policy. Please contact the administrator of netflix.com domain 550-5.7.1 if this was a legitimate mail. Please visit 550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1 DMARC initiative. j17si56462544wri.283 - gsmtp (in reply to end of DATA command)) Jan 17 22:09:14 mail postsrsd[9443]: srs_forward: <""> not rewritten: No at sign in sender address Jan 17 22:09:14 mail postsrsd[9444]: srs_reverse: <srs0=yrtc=pz=mailer.netflix.com=010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@example.org> rewritten as <010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@mailer.netflix.com> Jan 17 22:09:14 mail postsrsd[9444]: srs_reverse: <srs0=yrtc=pz=mailer.netflix.com=010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@example.org> rewritten as <010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@mailer.netflix.com> Jan 17 22:09:14 mail postfix/cleanup[9442]: 20BA932965: message-id=<20190117210914.20BA932965@mail.example.org> Jan 17 22:09:14 mail postfix/bounce[9596]: 97B26328CF: sender non-delivery notification: 20BA932965 Jan 17 22:09:14 mail postfix/qmgr[9218]: 20BA932965: from=<>, size=6444, nrcpt=1 (queue active) Jan 17 22:09:14 mail postfix/qmgr[9218]: 97B26328CF: removed Jan 17 22:09:14 mail postfix/smtp[9497]: Trusted TLS connection established to feedback-smtp.us-east-1.amazonses.com[72.21.206.91]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Jan 17 22:09:15 mail postfix/smtp[9497]: 20BA932965: to=<010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@mailer.netflix.com>, orig_to=<srs0=yrtc=pz=mailer.netflix.com=010001685da56f5d-8bfccbd3-896e-4700-b9a0-66e94467cab3-000000@example.org>, relay=feedback-smtp.us-east-1.amazonses.com[72.21.206.91]:25, delay=1.4, delays=0.01/0/0.93/0.5, dsn=2.0.0, status=sent (250 Ok XCS73MIlZ28B7iH7tzWF-1) Jan 17 22:09:15 mail postfix/qmgr[9218]: 20BA932965: removed Jan 17 22:09:34 mail postfix/smtpd[9438]: disconnect from a41-48.smtp-out.amazonses.com[54.240.41.48] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
 |
| fixed-address is not behaving properly with DHCP version 4.2.5 Posted: 23 Oct 2021 04:07 PM PDT If I configure an IP address range in dhcp, and allocate two addresses to two different MACs using fixed-address, and if those two or one of the systems is not active in the network, then the corresponding IP address is getting assigned to some other system which is not mentioned in any host declaration. I have configured dhcp server 4.2.5 on CentOS 7.1 and configured dhcpd.conf as given below: log-facility local7; ping-checks; ping-timeout 5; deny declines; lease-file-name "/etc/dhcp/dhcpd.leases"; infinite-is-reserved on; #######################- eth0 -####################### subnet 192.168.72.0 netmask 255.255.255.0 { range 192.168.72.56 192.168.72.100; option domain-name-servers 192.168.72.35; option routers 192.168.72.35; default-lease-time 86400; max-lease-time 172800; } host abc { hardware ethernet 00:90:fb:38:15:ae; fixed-address 192.168.72.56; } host xyz { hardware ethernet 11:22:88:55:66:22; fixed-address 192.168.72.57; }
Now if the system with MAC address "11:22:88:55:66:22" is not active in the network, then IP address "192.168.72.57" can be assigned to any other machine. But if the system with MAC address "11:22:88:55:66:22" is active then it's working properly. Please tell me whether it is expected behaviour or not. In the previous version of dhcp 4.1 I never observed this behaviour. I thought a reserved IP address should not get assigned to any other system.  |
| Cannot activate Windows 2012r2 Standard Posted: 23 Oct 2021 09:02 PM PDT Running cmd.exe as Administrator: Slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX -->> it gives error: Windows Script Host Error: 0x8007041D On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8007041D' to display the error text.
and: slui.exe 0x2a 0x8007041D -->> Windows Activation An error has occured You can also contact Microsoft by phone to help resolve this problem. Code: 0x8007031D Description: The service did not respond to the start or control request in a timely fashion.
Telnet is not installed. Cannot install it via Windows Features, gives error, maybe because it isn't activated. Question: What is this activation error? If I try with the: Slmgr.vbs /skms kms_server:1688
I got the same error message, maybe a client-side problem?  |
| SSL certificate cname verification Posted: 23 Oct 2021 03:00 PM PDT I have renewed the company website's SSL certificate but need to verify ownership of the domain by adding a Cname to the DNS. I've not got much experience installing SSL certificates and I'm struggling to get it to work. We use AWS route 53 DNS and the record that i need to add is shown like this: randomlettersandnumbers.www.example.com. 10800 IN CNAME randomlettersandnumbers.comodoca.com. I find this a little confusing, but I'm pretty sure the example.com should be the name for the record and the comodoca.com for the value. However the TTL is set to only 300 and it has yet to be detected by the SSL site. Maybe i should set it to 10800 but I'm not sure it matters too much? Any ideas what may be going wrong, I've never used AWS's DNS before so maybe it works differently to others?  |
| Remote Desktop gateway for Linux Posted: 23 Oct 2021 08:07 PM PDT I am trying to setup a Linux, for some kind like Remote Desktop proxy. My network setup is something like this: 
I drew only 3 sites and 3 servers to illustrate, but in fact, we have about 7 sites in a mesh, and about 2-3 servers per site. All of those sites are connected through L2TP/IPSEC tunnels through various media, from fiber, to 3G or EDGE connection. Right now, I am using DDNS to connect to those remote locations, but this is getting tedious, since I have to maintain multiple DDNS, while I have multiple IP blocks at our data center unused. So I think I need something like an RD gateway, to proxy my requests to Server A, Server B, and Server C through one Static IP at Server A. Problem is, servers in A site are all Linux based. But some in site B and C are Windows based, especially that we are now using Windows 2016 Hyper-V Edition for our newest site. Now, is there a way so I can Remote Desktop to ALL servers in ALL sites, using Server A as a proxy? Thank you  |
| how can I make contacts from a shared Exchange mailbox show up in my Outlook address book? Posted: 23 Oct 2021 03:00 PM PDT Running Exchange 2013 with Outlook 2013 clients. I have AD (2012 R2) users with mailboxes, that have also been granted SendAs and Full Access to various shared mailboxes. These shared mailboxes automatically show up when the user logs into Windows and opens their Outlook 2013. If they click on the People category in Outlook 2013, they can see Contacts, under My Contacts, from both their user mailbox (some.name@domain.com) as well as from the shared mailbox. Therefore, I can confirm that they have access to contacts from both sources. However, when they go to actually compose an email, and open the address book to search for contacts, none of the available options from the pull-down menu give them access to the contacts stored in the shared mailbox. How can I fix this?  |
| Can't connect to PFSense webconfig (virtual machine) Posted: 23 Oct 2021 06:05 PM PDT I've setup a new PFSense VM (version 2.2.2) in virtualbox, it's connected to three network interfaces, vboxnet6 and vboxnet7 (both host-only adapters) and eth0 (bridged). In this case vboxnet6 is setup as the lan interface, vboxnet7 is opt1 and eth0 is the wan interface. Configuring the network interfaces and assiging addresses worked as it should have, and I can ping to the lan interface. However I can't connect to the web interface. As per usual I checked nmap to see if the required ports were open and I noticed port 80 was not showing up there. I also did an arp-scan of vboxnet6, and well here it gets weird. There are 510 duplicates of the same pfsense virtual machine there. Any help or advice on how to fix this situation? Thanks in advance.  |
| Exchange 2013 IPBlockListProvider blocking some (but not all) matched IPs Posted: 23 Oct 2021 05:08 PM PDT I have configured our Exchange 2013 Edge Transport server to utilize several IPBlockListProviders including Spamhaus. While they work great most of the time, there are still some emails which despite being matched by one of the block list providers get through. Taking for instance an email that was received recently from IP 66.248.197.240 which is most certainly on the Spamhaus SBL as well as a few others (http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a66.248.197.240&run=toolpage) and correctly identified by the Edge server as such: [PS] C:\Users\Administrator>Test-IPBlockListProvider -Identity "Spamhaus" -IPAddress 66.248.197.240 Provider ProviderResult Matched -------- -------------- ------- Spamhaus {127.0.0.3} True
I have verified that I'm not using any public DNS forwarders (such as Google's), so it's not an issue of all or nothing being blocked. What's most confusing is that this configuration works for the majority of messages received which are on an SBL: [PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\get-AntispamTopRBLProviders.ps1 Name Value ---- ----- Spamhaus 4594 SpamCop 48
Interestingly, one thing that seems to have made a significant difference is modifying the priority of the transport agents such that the Connection Filtering Agent is first. This is my current configuration in case it's pertinent: [PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-TransportAgent Identity Enabled Priority -------- ------- -------- Connection Filtering Agent True 1 Sender Id Agent True 2 Sender Filter Agent True 3 Recipient Filter Agent True 4 Content Filter Agent True 5 Address Rewriting Inbound Agent True 6 Edge Rule Agent True 7 Attachment Filtering Agent True 8 Address Rewriting Outbound Agent True 9 Protocol Analysis Agent True 10
I'm including the full message headers (with my server's identities redacted) of an email from an IP address that is on an SBL below. It's clear that the inclusion of all of the SPAM filtering I have is impacting the time it takes for a message to make it through to the mailbox server (in this case, 8 seconds between submission and delivery), however it doesn't seem to be enough. X-Ms-Exchange-Organization-Network-Message-Id: 32388ce4-005a-4090-a363-08d2612d1e23 X-Ms-Exchange-Organization-Authas: Anonymous Pm-Xs: 15766241f_7460962er.x15766241 X-Ms-Exchange-Organization-Avstamp-Enterprise: 1.0 Vr-Yhkrg: 15766241s-15766241e_i7460962 X-Ms-Exchange-Organization-Prd: heliq240.emited.work X-Ms-Exchange-Organization-Pcl: 2 Return-Path: Remote-Job-Op@heliq240.emited.work X-Ms-Exchange-Organization-Scl: 1 Mime-Version: 1.0 Ybu-Efa: c3195284488a449ed165c2c50f18376bb-ec3195284488a449ed165c2c50f18376b.u15766241 Okul-Lfp: 15766241y.15766241n_c7460962 X-Ms-Exchange-Organization-Senderidresult: None X-Ms-Exchange-Organization-Antispam-Report: DV:3.3.14519.472;SID:SenderIDStatus None;OrigIP:66.248.197.240 Message-Id: <c3195284488a449ed165c2c50f18376b.15766241.7460962@heliq240.emited.work> X-Ms-Exchange-Organization-Authsource: edgeserver.mydomain.com Content-Type: multipart/alternative; boundary="15766241" Received-Spf: None (edgeserver.mydomain.com: Remote-Job-Op@heliq240.emited.work does not designate permitted sender hosts) Received: from mailboxserver.mydomain.com (192.168.1.2) by mailboxserver.mydomain.com (192.168.1.2) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Mailbox Transport; Wed, 20 May 2015 10:59:49 -0500 Received: from mailboxserver.mydomain.com (192.168.1.49) by mailboxserver.mydomain.com (192.168.1.49) with Microsoft SMTP Server (TLS) id 15.0.847.32; Wed, 20 May 2015 10:59:43 -0500 Received: from edgeserver.mydomain.com (192.168.1.4) by mailboxserver.mydomain.com (192.168.1.49) with Microsoft SMTP Server (TLS) id 15.0.847.32 via Frontend Transport; Wed, 20 May 2015 10:59:43 -0500 Received: from heliq240.emited.work (66.248.197.240) by edgeserver.mydomain.com (192.168.1.4) with Microsoft SMTP Server id 15.0.847.32; Wed, 20 May 2015 10:59:41 -0500 New telecommuting opportunities available today - 05/20/15
Any suggestions? Also, this is my first post on any of the Stack Exchange sites. I hope this question is both merited and on the correct site. If not, please do let me know!  |
| Unable to authenticate LDAP client with PAM when pwdReset = TRUE Posted: 23 Oct 2021 08:07 PM PDT I have searched tons of webs and tutorials but I couldn't find an answer to my problem. I have set up OpenLDAP 2.4 on a OpenSUSE 12.3 machine with a password policy overlay. The client is a Linux Mint 17.1 machine with libnss-ldap and libpam-ldap packages installed. The client and server are configured to use TLS with self-signed certificates (the server works as a CA and signs its own certificate). Everything works fine until I add the attribute pwdReset: TRUE to a user. My intention is to force the user to change his password at next login. However, after setting this attribute the user can no longer authenticate: if I try to 'su' (or login with) the user I get the error "Authentication Failure". Also, the syslog shows the following messages: Mar 4 07:27:11 client-desktop nslcd[3198]: [90cde7] <authc="johndoe"> ldap_result() failed: Insufficient access: Operations are restricted to bind/unbind/abandon/StartTLS/modify password Mar 4 07:27:11 client-desktop nslcd[3198]: [dcc233] <authc="johndoe"> cn=John Doe,ou=people,cd=domain,dc=com: lookup failed: Invalid credentials
This messages tell me that the user credentials are no longer valid, which is reasonable since I reset his password but the user is not prompted about the need to change his password or whatsoever. Addtionally, I want to prevent the use of openldap utils like ldappasswd as the clients are not experts. Therefore, I want them to keep on using the typical passwd command to change their own passwords. At least, this is possible when pwdReset is not set. Also, I can get this behaviour by setting the shadowLastChange attribute to 0, but I would like to do everything with password policies since I am also trying to enforce the use of passwords of at least 8 chars. By the way, this feature works perfectly fine. This is an excerpt of my base DN so that you can check if I am missing something. Note that pwdReset is set to TRUE on the user and pwdMustChange variable is set to TRUE in the policy itself. # John Doe, people, domain.com dn: cn=John Doe,ou=people,dc=domain,dc=com cn: John Doe sn: Doe objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount uid: johndoe uidNumber: 1003 gidNumber: 1000 homeDirectory: /home/johndoe loginShell: /bin/bash userPassword: e1NTSEF9VWFSMDVsSGNIWFMxcnJ5VzBtaWRkOHFmTDE1ai9RYlQ= pwdReset: TRUE # This attribute only appears if I explicitly request it # policies, domain.com dn: ou=policies,dc=domain,dc=com objectClass: top objectClass: organizationalUnit ou: policies
(The following attributes belong in cn=default,ou=policies but for some reason they don't appear unless I write something here) pwdInHistory: 3 pwdLockout: TRUE pwdMaxFailure: 3 pwdLockoutDuration: 30 pwdMustChange: TRUE pwdSafeModify: FALSE pwdAllowUserChange: TRUE pwdFailureCountInterval: 0 pwdGraceAuthNLimit: 0
And this is the configuration of my backend and the password policies: # {1}hdb, config dn: olcDatabase={1}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=domain,dc=com olcAccess: {0}to attrs=userPassword by self write by * auth olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to attrs=userPKCS12 by self read by * none olcAccess: {3}to * by * read olcRootDN: cn=admin,dc=domain,dc=com olcRootPW: {SSHA}############## omited olcDbCacheSize: 10000 olcDbCheckpoint: 1024 5 olcDbConfig: {0}set_cachesize 0 15000000 1 olcDbConfig: {1}set_lg_regionmax 262144 olcDbConfig: {2}set_lg_bsize 2097152 olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE olcDbConfig: {4}set_lk_max_locks 30000 olcDbConfig: {5}set_lk_max_objects 30000 olcDbIDLcacheSize: 30000 olcDbIndex: objectclass eq [...more indexes...] # {0}ppolicy, {1}hdb, config dn: olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config objectClass: top objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {0}ppolicy olcPPolicyDefault: cn=default,ou=policies,dc=domain,dc=com olcPPolicyHashCleartext: TRUE
(The following two attributes belong also in {0}ppolicy) olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE
I hope someone can shed some light on this. Any help is extremely appreaciated! Regards Edit: I have made some modifications to the default policy in order to gain insight into what was impeding the user authentication. I have realised that if pwdMustChange is set to TRUE and pwdReset is also set to TRUE (this one on the user entry), then user authentication fails with error 'su: Authentication failure'. However, if pwdReset is TRUE and pwdMustChange is FALSE, then I login as many times as I want with that user. I think that having two varibles for this is useless and counterintuitive. Instead a single variable should be used on user's entry only, whatever you want to call it either pwdReset or pwdMustChange.  |
| how to test server's performance online? Posted: 23 Oct 2021 07:03 PM PDT I have three Liferay portal -- ApacheTomcat 7 running on a Dedicated server (RAM : 32 , CPU 8 cores, 3.4 Ghz). All portals are running on the same Mysql instance. The problem is the response of the server is incredibly SLOW (1 min to log in -- database encryption for password is SHA-512 ) , and 30 sec to load a simple page. It is the same problem for the three portals ( 3 websites ). The web-server is IIS running on windows server 2008 R2 . The question is how to determine why the response is so slow . Is there a way to test if it is a traffic or network problem or could it be just performance problem ? any help will be highly appreciated. Thanks.  |
| vsftpd server allow anonymous to upload files and nothing else Posted: 23 Oct 2021 09:02 PM PDT Trying to let anonymous users login and upload files to a directory "/srv/ftp/dropbox" but not see or download anything. Can login as anonymous but when I try and upload a file with the following command I get these error's. put /home/username/TestFTP /srv/ftp/dropbox/TestFTP 229 Entering Extended Passive Mode (|||30094|). 553 Could not create file.
The "/etc/vsftpd.conf" file has this in it, If its not on list its commented out most likely. write_enable=YES dirmessage_enable=YES nopriv_user=ftpsecure local_enable=YES chroot_local_user=YES chroot_list_enable=NO allow_writeable_chroot=YES anonymous_enable=YES anon_world_readable_only=YES anon_upload_enable=YES chown_uploads=YES chown_username=username anon_root=/srv/ftp/dropbox syslog_enable=YES log_ftp_protocol=YES xferlog_enable=YES vsftpd_log_file=/var/log/vsftpd.log connect_from_port_20=YES ssl_enable=NO userllist_deny=NO userlist_enable=YES userlist_file=/etc/vsftpd.allow_users
Permissions on the directories are srv = drwxr-xr-x ftp = drwxr-xr-x dropbox = drwx-wx---
Ownership of the 3 folders is set to root right now The OS i am running is openSUSE 12.2 for more information.  |
| apache user directory access permission denied Posted: 23 Oct 2021 06:05 PM PDT I've run chmod 777 on /home/cache/, however the apache user is still unable to write to it. My php script is writing to this directory but got a permission denied error and don't know why. ls -ld cache shows:
drwxrwxrwx. 2 root root 69632 Aug 24 17:04 cache/ ls -ld /home shows:
drwxr-xr-x. 19 root root 4096 Aug 24 18:30 /home  |
| /dev/zero equivalent in windows? Posted: 23 Oct 2021 07:50 PM PDT I am trying to use the windows version of dd to copy a RHEL iso to a USB stick. However, I wanted to zero out the drive first to ensure there is no filesystem on it before writing it out. Is there an equivalent of /dev/zero in windows that I can use as the infile?  |
| Mount a remote Linux hard drive as another Windows 7 partition during boot? Posted: 23 Oct 2021 07:03 PM PDT I would like to mount a hard drive on a remote computer (running on CentOS 6) as a Windows drive so that I can install programs to that drive. The primary hard drive for my Windows machine (which is at home) is pretty small, I have a Linux server sitting in a remote data center with a much larger hard drive and allow me to install more stuff. I know most of you are going to say Samba, unfortunately the biggest problem for me in this case is that I can not mount Samba as a network share unless I start OpenVPN or SSH tunneling first, which is not good for my case because I will install some startup programs to the remote drive as well. Therefore, the remote drive has to be ready and work just like another drive BEFORE any of the startup programs start to load. Is that possible? My home PC has Windows 7 Professional 32 bit installed and the remote server is a Xen virtual server running on CentOS 6. I have admin/root permissions for both. Thanks a lot!  |
No comments:
Post a Comment