Recent Questions - Server Fault

---

• Multiple path in Nginx
• L2TP VPN with 2 network interfaces
• How to manage employees from different regions, different nationalities, and different cultures?
• Ubuntu Apache Proxy Pass causing an ERR_ABORTED 404 (Not Found)
• Forwarding emails from hMailserver through postfix to their destination
• GKE metrics agent logging many errors
• add-apt-repository fails due to gpg key timeout
• Reverse Proxy to multiple ports/servers in Apache2.4
• 4562605504:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
• DigitalOcean Ubuntu droplet not serving port 80
• Keycloak - Null Pointer Exception when trying to map client role to a user
• Connect to a IPSec/L2TP VPN pre-shared-key
• Azure cloud VM change letter of temporary drive
• nginx multiple paths (too many)
• OS X NFS Automount: "locallocks" ignored?
• What process is causing unexpected nslcd syslog entries?
• Exchange 2010 - Auto-forwarded email not arriving at destination (20/40% missing)
• Make: Permission Denied (until I `cd .`)

Multiple path in Nginx Posted: 05 Mar 2022 10:55 PM PST I am trying nginx for the first time and I am running it locally. I have been able to get my services up but I have a puzzling question because I run a Microservice and during upgrade I want to be able to just block a particular service. Now, each service has a a path eg \api\v1\wallet \api\v1\card the issue I have is that both wallet and card path are in the same service. If I have different paths would I have to duplicate or there's a way I could make it work better? Here is my conf file worker_processes 4; events { worker_connections 1024; } http { server { listen 80; charset utf-8; location ~ ^/api/v1/user { rewrite ^/api/v1/user/(.*) /$1 break; proxy_pass http://user-service:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'Upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location /api/v1/wallet/ { # rewrite /api/v1/wallet/(.*) /$1 break; proxy_pass http://wallet-service:3007/api/v1/wallet/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'Upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } location /api/v1/card/ { # rewrite /api/v1/wallet/(.*) /$1 break; proxy_pass http://wallet-service:3007/api/v1/card/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'Upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } }

L2TP VPN with 2 network interfaces Posted: 05 Mar 2022 09:32 PM PST I came up with this idea to use an AWS EC2 with two ethernet interfaces for an L2TP/IPSec VPN. One interface (eth0) will be receiving L2TP/IPSec connections (and ssh connections) from clients while the other (eth1) will be acting as the primary VPN interface. The point is that I could use the eth1 interface and it's identity to browse the internet while eth0 is only used to connect to the VPN; it's never known to the public. I have tried routing it with iptables, done some research on using the ip route and ip rule commands, and messed with the settings of xl2tpd, pppd, and IPsec. Nothing has worked properly. I'm using this script on GitHub to setup the VPN. https://github.com/hwdsl2/setup-ipsec-vpn

How to manage employees from different regions, different nationalities, and different cultures? Posted: 05 Mar 2022 09:30 PM PST I am the CTO of a multinational company.(enter link description here) My employees are in many regions around the world, and they speak different languages and different cultures. Moreover, many countries have different time zones. How do you manage it if you have experience?

Ubuntu Apache Proxy Pass causing an ERR_ABORTED 404 (Not Found) Posted: 05 Mar 2022 08:43 PM PST I running two Node.js servers on a Ubuntu EC2 instance listening on two different ports... http://127.0.0.1:8080/ (Express Server) http://127.0.0.1:1337/ (Strapi CMS Server) In front, I have an Apache server that is acting as a proxy to direct the client to the correct application based on their URL path. I'm trying to get Apache to direct the client to http://127.0.0.1:1337/admin whenever they go to the /admin URL path. However, whenever I go there the browser is throwing the following errors. GET http://myserver.com/admin/runtime~main.f9af2365.js net::ERR_ABORTED 404 (Not Found) GET http://myserver.com/admin/main.2e76d653.js net::ERR_ABORTED 404 (Not Found) It seems as though the server can't locate the build files required to run the application. However if I go the path http://myserver:1337/admin directly it works perfectly fine. This seems to tell me that the issue has to do with my proxy server, I'm just not sure what it could be. The proxy pass to http://127.0.0.1:8080/ works perfectly fine. Here is my /etc/apache2/sites-available/000-default.conf file. <VirtualHost *:80> ServerName myserver.com ServerAlias myserver.com ProxyPreserveHost On ProxyPass /admin http://127.0.0.1:1337/admin/ ProxyPassReverse /admin http://127.0.0.1:1337/admin/ ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ErrorLog ${APACHE_LOG_DIR}/efh-app-web_error.log # Possible values include: debug, info, notice, warn, error, crit, LogLevel warn CustomLog ${APACHE_LOG_DIR}/efh-app-web_access.log combined </VirtualHost> I've tried many different guides and forums about issues similar to this one however none of them have seemed to have resolved my issue. I'm fairly new to web development and server configuration so I apologize if there is a lack of detail. Please let me know if you require more information.

Forwarding emails from hMailserver through postfix to their destination Posted: 05 Mar 2022 08:12 PM PST Right now my email config is the normal sender -> server -> server -> receiver, but since the first server (sender side) is behind a residential IP, it is on a blocklist and isn't accepted in a lot of places. I have a cheap VPS that I was trying to get another email server on to make that relay: sender -> server under my IP -> server on VPS (non-blocked IP) -> receiver server -> receiver I've been trying to get Postfix to accomplish the man in the middle task, but can't seem to get it configured right. The server under my IP uses hMailServer, so it was easy to get it to forward SMTP to the VPS, but I can't get the VPS to forward that on under its IP. Am I using the correct software, and if so, how would I go about using it correctly? Everything I find is for forwarding Postfix emails through something like gmail, but I want to forward hMailServer emails through Postfix.

GKE metrics agent logging many errors Posted: 05 Mar 2022 07:38 PM PST We have created GKE cluster and we are getting errors from gke-metrics-agent. The errors shows up every cca 30 minutes. It's always the same 62 errors. All the errors have label k8s-pod/k8s-app: "gke-metrics-agent". First error is: error exporterhelper/queued_retry.go:245 Exporting failed. Try enabling retry_on_failure config option. {"kind": "exporter", "name": "googlecloud", "error": "rpc error: code = DeadlineExceeded desc = Deadline expired before operation could complete." This error is followed by these errors in order "go.opentelemetry.io/collector/exporter/exporterhelper.(*retrySender).send" "/go/src/gke-logmon/gke-metrics-agent/vendor/go.opentelemetry.io/collector/exporter/exporterhelper/queued_retry.go:245" go.opentelemetry.io/collector/exporter/exporterhelper.(*metricsSenderWithObservability).send /go/src/gke-logmon/gke-metrics-agent/vendor/go.opentelemetry.io/collector/exporter/exporterhelper/metrics.go:120 There are cca 40 errors like this. Two errors which stand out are: - error exporterhelper/queued_retry.go:175 Exporting failed. Dropping data. Try enabling sending_queue to survive temporary failures. {"kind": "exporter", "name": "googlecloud", "dropped_items": 19}" - warn batchprocessor/batch_processor.go:184 Sender failed {"kind": "processor", "name": "batch", "error": "rpc error: code = DeadlineExceeded desc = Deadline expired before operation could complete."}" I tried to search those errors on google but I could not find anything. I can't even find any documentation for gke-metrics-agent. Things I tried: check quotas update GKE to newer version (current version is 1.21.3-gke.2001) update nodes disable all firewall rules give all permissions to k8s nodes I can provide more information about our kubernetes cluster but I don't know what information may be important to solve this issue.

add-apt-repository fails due to gpg key timeout Posted: 05 Mar 2022 09:06 PM PST I am running a Mail-in-a-Box server on Ubuntu 18.04. As part of the setup/update script, it attempts to execute the command add-apt-repository -y ppa:certbot/certbot. This fails with the following error message: FAILED: add-apt-repository -y ppa:certbot/certbot ----------------------------------------- Error: retrieving gpg key timed out. ----------------------------------------- When I try to run the command manually, I get the following error: Error: retrieving gpg key timed out. Things I have already tried I have tried all of the following and none of them resolved my issue. If there was an obvious way to undo what I tried, I undid it before trying the next thing. Reboot I rebooted the server with sudo reboot. apt-get --allow-releaseinfo-change This person had a similar problem and solved it with sudo apt-get --allow-releaseinfo-change update. Let's Encrypt down It has been suggested (twice) that Let's Encrypt may be down. However, I have tried running the command at various times, their status dashboard doesn't indicate any major issues and it runs fine on a different Ubuntu 18.04 machine I set up for testing. Wrong nameserver This user had a similar issue, which he solved by editing his /etc/resolv.conf file. My file had the contents nameserver 127.0.0.1. I know that Mail-in-a-Box can also function as a nameserver, so I assume it is fine. For thoroughness' sake I changed it to nameserver 8.8.8.8, but this didn't fix the problem. apt autoclean & autoremove A commenter suggested running sudo apt autoclean && sudo apt autoremove. Switch keyserver This user suggests editing the ~/.gnupg/gpg.conf file to use a different keyserver: keyserver keys.openpgp.org This other user does what appears to be the same thing but inline. I tried sudo add-apt-repository -k hkp://keyserver.ubuntu.com:80 -y ppa:certbot/certbot and sudo add-apt-repository -k hkp://pool.sks-keyservers.net:80 -y ppa:certbot/certbot. This third user apparently tries to change the keyserver and port in a different way. I tried his command gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 94558F59. A fourth person suggested the following two commands: gpg --keyserver hkp://keys.gnupg.net --recv-keys 94558F59 and gpg --keyserver hkp://pgp.mit.edu --recv-keys 94558F59. Disable firewall This person tried disabling their firewall before running the command. So did I with sudo ufw disable. Someone else thought unblocking port 11371 might work. I tried sudo ufw allow 11371. I also don't believe that an ISP-firewall is causing issues. I am running a VPS from Vultr and my testing-machine (on which it works) is also hosted by them. Miscellaneous I believe a fresh install of the operating system would alleviate this issue. However, I would prefer not to do this if at all possible. I was unsure, whether this question would better fit the ask ubuntu or the server fault Stackexchange so I took the liberty of posting it on both sites.

Reverse Proxy to multiple ports/servers in Apache2.4 Posted: 05 Mar 2022 08:32 PM PST I want to forward a single request to multiple ports on the same server. I tried using ProxyPass and ProxyPassReverse with different configurations on the same VirtualHost file but it only forwards to one port. I also tried using proxy_balancer but still only forwards the request to a single port. Is there something I am missing or maybe this is not the best way to accomplish this? code: <Proxy balancer://mycluster> #1st port BalancerMember http://127.0.0.1:8000/ #2nd port BalancerMember http://127.0.0.1:8001/ ProxySet lbmethod=bytraffic </Proxy> <Location /app> ProxyPass balancer://mycluster/ ProxyPassReverse balancer://mycluster/ </Location> I also tried: <Location /app> ProxyPass http://127.0.0.1:8000/ ProxyPassReverse http://127.0.0.1:8000/ </Location> <Location /app> ProxyPass http://127.0.0.1:8001/ ProxyPassReverse http://127.0.0.1:8001/ </Location>

4562605504:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE Posted: 05 Mar 2022 07:23 PM PST The certificate of my website just expired, and I bought a new (free) one from AliCloud, downloaded one server.pem file and one server.key file. Then, I use openssl x509 -outform der -in server.pem -out server.crt to create the server.crt file. Then openssl x509 -noout -text -in server.crt returned me an error: unable to load certificate 4562605504:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE I also tried server.crt in production, it just did not work. Does anyone know how to properly generate .crt file?

DigitalOcean Ubuntu droplet not serving port 80 Posted: 05 Mar 2022 07:01 PM PST I have a simple Python server on a DigitalOcean Ubuntu droplet that should serve the index.html file in the /dist folder: port = 8000 os.chdir(os.path.join(os.path.dirname(__file__), 'dist')) Handler = http.server.SimpleHTTPRequestHandler httpd = socketserver.TCPServer(('', port), Handler) print('Serving at port ', port) httpd.serve_forever() I have no cloud firewalls running on this box. I ran 'sudo ufw allow 80/tcp' to open the firewall and if I run ufw status it shows port 80 as being open to everybody. I ran 'sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8000' to redirect traffic from port 80 to port 8000. If I run nmap from another box, the only open port is ssh on 22. Port 80 is filtered. Navigating to the host in my browser results in a connection timeout. Trying to serve directly from port 80 yields the same results. If I try nmap or netstat locally, the port shows open but the server crashes (connection reset by peer, no other useful error info). What could be causing this?

Keycloak - Null Pointer Exception when trying to map client role to a user Posted: 05 Mar 2022 09:06 PM PST Hopefully someone proficient with Keycloak can help me on this issue. How to replicate: Search for a user, then go to Role Mappings > Client Roles > select the client (let's call it Portal-app for now). This would trigger the error "Error! An unexpected server error has occurred" on the top portion of the page. Checking the logs, I see a Null Pointer Exception being recorded: 2019-08-01 10:47:15,305 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-66) Uncaught server error: java.lang.NullPointerException at org.keycloak.services.resources.admin.permissions.RolePermissions.checkAdminRoles(RolePermissions.java:141) at org.keycloak.services.resources.admin.permissions.RolePermissions.canMapRole(RolePermissions.java:288) at org.keycloak.services.resources.admin.ClientRoleMappingsResource.lambda$getAvailableClientRoleMappings$0(ClientRoleMappingsResource.java:142) at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174) at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1556) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) at org.keycloak.services.resources.admin.ClientRoleMappingsResource.getAvailableClientRoleMappings(ClientRoleMappingsResource.java:143) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139) at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399) at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363) at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:439) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355) at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) at javax.servlet.http.HttpServlet.service(HttpServlet.java:791) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90) at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) at java.lang.Thread.run(Thread.java:748) The client in question, Portal-app, has 2 roles defined: user admin The weird thing is that: I tried deleting the admin role, do the steps over again (search for a user, go to Role Mappings > Client Roles > select the client Portal-app), and the client role user is shown! (no error) Add back a new role called admin, do the steps over again, the same error is displayed. Remove the admin role and add another role such as admin1, do the steps over again, then no error is displayed. So the question is, why doesn't it accept the admin role? We have other realms in the same Keycloak instance which have clients with admin role, and they don't get the same issue! Keycloak version: 5.0.0 Java version: 1.8.0_201 I know these are old versions, but right now we cannot perform an upgrade for various reasons. Any idea how to troubleshoot this? Many thanks in advance.

Connect to a IPSec/L2TP VPN pre-shared-key Posted: 05 Mar 2022 08:02 PM PST I want to connect to an IPSec secured L2TP tunnelled VPN network with a pre-shared-key. I'm using networkmanager-l2tp for this. As Phase1 Algorithms as well as for Phase2 Algorithms I have: aes128-sha1-modp2048! Otherwise, I have like the standard settings. I've looked into the journal of my operating system but there I only see that the CHAP authentication failed, I can't see anything helpful in the rest of the log. I can see on the server in/var/log/auth.log` that the request is coming into the server. Can someone have a look at the logs and help me? I've masked my IP address as 12.123.123.1 and the remote address as 98.987.98.987 Client(journal): pc audit[738]: USYS_CONFIG pid=738 uid=0 auid=4294967295 ses=4294967295 msg='op=connection-activate uuid=06be7e74-f0fc-49be-884f-48f679984be7 name=56504E20636F6E6E656374696F6E2033 pid=1491 uid=1000 result=success exe="/usr/bin/NetworkManager" hostname=? addr=? terminal=? res=success' pc NetworkManager[738]: <info> [1554190253.1395] audit: op="connection-activate" uuid="06be7e74-f0fc-49be-884f-48f679984be7" name="VPN connection 3" pid=1491 uid=1000 result="success" pc kernel: kauditd_printk_skb: 7 callbacks suppressed pc kernel: audit: type=1111 audit(1554190253.133:141): pid=738 uid=0 auid=4294967295 ses=4294967295 msg='op=connection-activate uuid=06be7e74-f0fc-49be-884f-48f679984be7 name=56504E20636F6E6E656374696F6E2033 pid=1491 uid=1000 result=success exe="/usr/bin/NetworkManager" hostname=? addr=? terminal=? res=success' pc NetworkManager[738]: <info> [1554190253.1434] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: Started the VPN service, PID 19814 pc NetworkManager[738]: <info> [1554190253.1518] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: Saw the service appear; activating connection pc NetworkManager[738]: <info> [1554190253.2070] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN connection: (ConnectInteractive) reply received pc nm-l2tp-service[19814]: Check port 1701 pc NetworkManager[738]: Stopping strongSwan IPsec failed: starter is not running pc NetworkManager[738]: Starting strongSwan 5.7.2 IPsec [starter]... pc ipsec_starter[19827]: Starting strongSwan 5.7.2 IPsec [starter]... pc NetworkManager[738]: Loading config setup pc NetworkManager[738]: Loading conn '06be7e74-f0fc-49be-884f-48f679984be7' pc ipsec_starter[19827]: Loading config setup pc ipsec_starter[19827]: Loading conn '06be7e74-f0fc-49be-884f-48f679984be7' pc NetworkManager[738]: found netkey IPsec stack pc ipsec_starter[19827]: found netkey IPsec stack pc ipsec_starter[19843]: Attempting to start charon... pc charon[19844]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.0.5-arch1-1-ARCH, x86_64) pc charon[19844]: 00[CFG] PKCS11 module '<name>' lacks library path pc charon[19844]: 00[CFG] attr-sql plugin: database URI not set pc charon[19844]: 00[NET] using forecast interface wlp3s0 pc charon[19844]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250 pc charon[19844]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' pc charon[19844]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' pc charon[19844]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' pc charon[19844]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' pc charon[19844]: 00[CFG] loading crls from '/etc/ipsec.d/crls' pc charon[19844]: 00[CFG] loading secrets from '/etc/ipsec.secrets' pc charon[19844]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets' pc charon[19844]: 00[CFG] loaded IKE secret for %any pc charon[19844]: 00[CFG] sql plugin: database URI not set pc charon[19844]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory pc charon[19844]: 00[CFG] loaded 0 RADIUS server configurations pc charon[19844]: 00[CFG] HA config misses local/remote address pc charon[19844]: 00[CFG] no script for ext-auth script defined, disabled pc charon[19844]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters pc charon[19844]: 00[LIB] dropped capabilities, running as uid 0, gid 0 pc charon[19844]: 00[JOB] spawning 16 worker threads pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc charon[19844]: 05[IKE] installed bypass policy for 192.168.178.0/24 pc charon[19844]: 05[KNL] received netlink error: Invalid argument (22) pc charon[19844]: 05[KNL] unable to install source route for %any6 pc charon[19844]: 05[IKE] installed bypass policy for ::1/128 pc charon[19844]: 05[IKE] installed bypass policy for 2003:e4:72b:f000::/64 pc charon[19844]: 05[IKE] installed bypass policy for fe80::/64 pc kernel: audit: type=1415 audit(1554190255.439:142): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc kernel: audit: type=1415 audit(1554190255.439:143): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc kernel: audit: type=1415 audit(1554190255.439:144): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc kernel: audit: type=1415 audit(1554190255.439:145): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc kernel: audit: type=1415 audit(1554190255.439:146): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc kernel: audit: type=1415 audit(1554190255.439:147): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc kernel: audit: type=1415 audit(1554190255.439:148): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc kernel: audit: type=1415 audit(1554190255.439:149): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc kernel: audit: type=1415 audit(1554190255.439:150): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc ipsec_starter[19843]: charon (19844) started after 20 ms pc charon[19844]: 09[CFG] received stroke: add connection '06be7e74-f0fc-49be-884f-48f679984be7' pc charon[19844]: 09[CFG] added configuration '06be7e74-f0fc-49be-884f-48f679984be7' pc charon[19844]: 11[CFG] rereading secrets pc charon[19844]: 11[CFG] loading secrets from '/etc/ipsec.secrets' pc charon[19844]: 11[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets' pc charon[19844]: 11[CFG] loaded IKE secret for %any pc charon[19844]: 14[CFG] received stroke: initiate '06be7e74-f0fc-49be-884f-48f679984be7' pc charon[19844]: 15[IKE] initiating Main Mode IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] to 98.987.98.987 pc charon[19844]: 15[IKE] initiating Main Mode IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] to 98.987.98.987 pc charon[19844]: 15[ENC] generating ID_PROT request 0 [ SA V V V V V ] pc charon[19844]: 15[NET] sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (180 bytes) pc charon[19844]: 16[NET] received packet: from 98.987.98.987[500] to 192.168.178.84[500] (144 bytes) pc charon[19844]: 16[ENC] parsed ID_PROT response 0 [ SA V V V ] pc charon[19844]: 16[IKE] received FRAGMENTATION vendor ID pc charon[19844]: 16[IKE] received DPD vendor ID pc charon[19844]: 16[IKE] received NAT-T (RFC 3947) vendor ID pc charon[19844]: 16[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 pc charon[19844]: 16[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] pc charon[19844]: 16[NET] sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (372 bytes) pc charon[19844]: 07[NET] received packet: from 98.987.98.987[500] to 192.168.178.84[500] (372 bytes) pc charon[19844]: 07[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] pc charon[19844]: 07[IKE] local host is behind NAT, sending keep alives pc charon[19844]: 07[IKE] remote host is behind NAT pc charon[19844]: 07[ENC] generating ID_PROT request 0 [ ID HASH ] pc charon[19844]: 07[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (76 bytes) pc charon[19844]: 06[NET] received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (76 bytes) pc charon[19844]: 06[ENC] parsed ID_PROT response 0 [ ID HASH V ] pc charon[19844]: 06[ENC] received unknown vendor ID: 49:4b:45:76:32 pc charon[19844]: 06[IKE] IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] established between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] pc charon[19844]: 06[IKE] IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] established between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] pc charon[19844]: 06[IKE] scheduling reauthentication in 9921s pc charon[19844]: 06[IKE] maximum IKE_SA lifetime 10461s pc charon[19844]: 06[ENC] generating QUICK_MODE request 723900467 [ HASH SA No KE ID ID NAT-OA NAT-OA ] pc charon[19844]: 06[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (460 bytes) pc charon[19844]: 08[NET] received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (428 bytes) pc charon[19844]: 08[ENC] parsed QUICK_MODE response 723900467 [ HASH SA No KE ID ID ] pc charon[19844]: 08[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ pc audit: MAC_IPSEC_EVENT op=SAD-add auid=4294967295 ses=4294967295 src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) res=1 pc audit: MAC_IPSEC_EVENT op=SAD-add auid=4294967295 ses=4294967295 src=192.168.178.84 dst=98.987.98.987 spi=4115387067(0xf54bd2bb) res=1 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=98.987.98.987 dst=192.168.178.84 pc audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.84 dst=98.987.98.987 pc charon[19844]: 08[IKE] CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} established with SPIs c1cacaf0_i f54bd2bb_o and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] pc charon[19844]: 08[IKE] CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} established with SPIs c1cacaf0_i f54bd2bb_o and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] pc charon[19844]: 08[ENC] generating QUICK_MODE request 723900467 [ HASH ] pc NetworkManager[738]: initiating Main Mode IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] to 98.987.98.987 pc NetworkManager[738]: generating ID_PROT request 0 [ SA V V V V V ] pc NetworkManager[738]: sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (180 bytes) pc NetworkManager[738]: received packet: from 98.987.98.987[500] to 192.168.178.84[500] (144 bytes) pc NetworkManager[738]: parsed ID_PROT response 0 [ SA V V V ] pc NetworkManager[738]: received FRAGMENTATION vendor ID pc NetworkManager[738]: received DPD vendor ID pc NetworkManager[738]: received NAT-T (RFC 3947) vendor ID pc NetworkManager[738]: selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 pc NetworkManager[738]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ] pc NetworkManager[738]: sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (372 bytes) pc NetworkManager[738]: received packet: from 98.987.98.987[500] to 192.168.178.84[500] (372 bytes) pc NetworkManager[738]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] pc NetworkManager[738]: local host is behind NAT, sending keep alives pc NetworkManager[738]: remote host is behind NAT pc NetworkManager[738]: generating ID_PROT request 0 [ ID HASH ] pc NetworkManager[738]: sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (76 bytes) pc NetworkManager[738]: received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (76 bytes) pc NetworkManager[738]: parsed ID_PROT response 0 [ ID HASH V ] pc NetworkManager[738]: received unknown vendor ID: 49:4b:45:76:32 pc NetworkManager[738]: IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] established between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] pc NetworkManager[738]: scheduling reauthentication in 9921s pc NetworkManager[738]: maximum IKE_SA lifetime 10461s pc NetworkManager[738]: generating QUICK_MODE request 723900467 [ HASH SA No KE ID ID NAT-OA NAT-OA ] pc NetworkManager[738]: sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (460 bytes) pc NetworkManager[738]: received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (428 bytes) pc NetworkManager[738]: parsed QUICK_MODE response 723900467 [ HASH SA No KE ID ID ] pc NetworkManager[738]: selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ pc NetworkManager[738]: CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} established with SPIs c1cacaf0_i f54bd2bb_o and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] pc NetworkManager[738]: connection '06be7e74-f0fc-49be-884f-48f679984be7' established successfully pc charon[19844]: 08[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (60 bytes) pc nm-l2tp-service[19814]: xl2tpd started with pid 19877 pc NetworkManager[738]: xl2tpd[19877]: Not looking for kernel SAref support. pc NetworkManager[738]: xl2tpd[19877]: Using l2tp kernel support. pc NetworkManager[738]: xl2tpd[19877]: xl2tpd version xl2tpd-1.3.13 started on farbbox PID:19877 pc NetworkManager[738]: xl2tpd[19877]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. pc NetworkManager[738]: xl2tpd[19877]: Forked by Scott Balmos and David Stipp, (C) 2001 pc NetworkManager[738]: xl2tpd[19877]: Inherited by Jeff McAdams, (C) 2002 pc NetworkManager[738]: xl2tpd[19877]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 pc NetworkManager[738]: xl2tpd[19877]: Listening on IP address 0.0.0.0, port 1701 pc NetworkManager[738]: xl2tpd[19877]: Connecting to host 98.987.98.987, port 1701 pc NetworkManager[738]: <info> [1554190256.7594] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: state changed: starting (3) pc NetworkManager[738]: xl2tpd[19877]: Connection established to 98.987.98.987, 1701. Local: 18031, Remote: 6532 (ref=0/0). pc NetworkManager[738]: xl2tpd[19877]: Calling on tunnel 18031 pc NetworkManager[738]: xl2tpd[19877]: Call established with 98.987.98.987, Local: 59328, Remote: 58391, Serial: 1 (ref=0/0) pc NetworkManager[738]: xl2tpd[19877]: start_pppd: I'm running: pc NetworkManager[738]: xl2tpd[19877]: "/usr/sbin/pppd" pc NetworkManager[738]: xl2tpd[19877]: "plugin" pc NetworkManager[738]: xl2tpd[19877]: "pppol2tp.so" pc NetworkManager[738]: xl2tpd[19877]: "pppol2tp" pc NetworkManager[738]: xl2tpd[19877]: "7" pc NetworkManager[738]: xl2tpd[19877]: "passive" pc NetworkManager[738]: xl2tpd[19877]: "nodetach" pc NetworkManager[738]: xl2tpd[19877]: ":" pc NetworkManager[738]: xl2tpd[19877]: "file" pc NetworkManager[738]: xl2tpd[19877]: "/var/run/nm-l2tp-06be7e74-f0fc-49be-884f-48f679984be7/ppp-options" pc pppd[19878]: Plugin pppol2tp.so loaded. pc pppd[19878]: Plugin /usr/lib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded. pc pppd[19878]: pppd 2.4.7 started by root, uid 0 pc pppd[19878]: Using interface ppp0 pc pppd[19878]: Connect: ppp0 <--> pc pppd[19878]: Overriding mtu 1500 to 1400 pc pppd[19878]: Overriding mru 1500 to mtu value 1400 pc NetworkManager[738]: <info> [1554190256.8151] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/8) pc systemd-udevd[19881]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable. pc pppd[19878]: CHAP authentication failed pc pppd[19878]: CHAP authentication failed pc pppd[19878]: Overriding mtu 1500 to 1400 pc pppd[19878]: Overriding mru 1500 to mtu value 1400 pc pppd[19878]: Connection terminated. pc charon[19844]: 06[KNL] interface ppp0 deleted pc NetworkManager[738]: xl2tpd[19877]: death_handler: Fatal signal 15 received pc NetworkManager[738]: xl2tpd[19877]: Terminating pppd: sending TERM signal to pid 19878 pc NetworkManager[738]: xl2tpd[19877]: Connection 6532 closed to 98.987.98.987, port 1701 (Server closing) pc NetworkManager[738]: <warn> [1554190259.8744] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: failed: connect-failed (1) pc NetworkManager[738]: <info> [1554190259.8773] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: state changed: stopping (5) pc NetworkManager[738]: Stopping strongSwan IPsec... pc charon[19844]: 00[DMN] signal of type SIGINT received. Shutting down pc charon[19844]: 00[IKE] closing CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} with SPIs c1cacaf0_i (473 bytes) f54bd2bb_o (589 bytes) and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.84 dst=98.987.98.987 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=98.987.98.987 dst=192.168.178.84 pc audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) res=1 pc audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 src=192.168.178.84 dst=98.987.98.987 spi=4115387067(0xf54bd2bb) res=1 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc kernel: kauditd_printk_skb: 7 callbacks suppressed pc kernel: audit: type=1415 audit(1554190259.883:158): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.84 dst=98.987.98.987 pc kernel: audit: type=1415 audit(1554190259.883:159): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=98.987.98.987 dst=192.168.178.84 pc kernel: audit: type=1415 audit(1554190259.883:160): op=SAD-delete auid=4294967295 ses=4294967295 src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) res=1 pc kernel: audit: type=1415 audit(1554190259.883:161): op=SAD-delete auid=4294967295 ses=4294967295 src=192.168.178.84 dst=98.987.98.987 spi=4115387067(0xf54bd2bb) res=1 pc kernel: audit: type=1415 audit(1554190259.883:162): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc kernel: audit: type=1415 audit(1554190259.883:163): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc kernel: audit: type=1415 audit(1554190259.883:164): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 pc kernel: audit: type=1415 audit(1554190259.883:165): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc kernel: audit: type=1415 audit(1554190259.883:166): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc kernel: audit: type=1415 audit(1554190259.883:167): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 pc charon[19844]: 00[IKE] closing CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} with SPIs c1cacaf0_i (473 bytes) f54bd2bb_o (589 bytes) and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] pc charon[19844]: 00[IKE] sending DELETE for ESP CHILD_SA with SPI c1cacaf0 pc charon[19844]: 00[ENC] generating INFORMATIONAL_V1 request 1337363464 [ HASH D ] pc charon[19844]: 00[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (76 bytes) pc charon[19844]: 00[IKE] deleting IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] pc charon[19844]: 00[IKE] deleting IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] pc charon[19844]: 00[IKE] sending DELETE for IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] pc charon[19844]: 00[ENC] generating INFORMATIONAL_V1 request 2220117092 [ HASH D ] pc charon[19844]: 00[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (92 bytes) pc audit: MAC_IPSEC_EVENT op=SA-notfound src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) seqno=13 pc pppd[19878]: Exit. pc charon[19844]: 00[IKE] uninstalling bypass policy for 192.168.178.0/24 pc charon[19844]: 00[IKE] uninstalling bypass policy for 2003:e4:72b:f000::/64 pc charon[19844]: 00[IKE] uninstalling bypass policy for fe80::/64 pc charon[19844]: 00[IKE] uninstalling bypass policy for ::1/128 pc ipsec_starter[19843]: child 19844 (charon) has quit (exit code 0) pc ipsec_starter[19843]: pc ipsec_starter[19843]: charon stopped after 200 ms pc ipsec_starter[19843]: ipsec starter stopped pc nm-l2tp-service[19814]: ipsec shut down pc NetworkManager[738]: <info> [1554190260.0988] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: state changed: stopped (6) pc NetworkManager[738]: <info> [1554190260.1019] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN service disappeared

Azure cloud VM change letter of temporary drive Posted: 05 Mar 2022 11:03 PM PST In azure cloud when you start a windows image the running vm will have a temporary drive D: where the page file is set. Is any way I can call the api (powershel, az cli etc.) and be able to specify which letter to assign to the temporary drive ? I want for example to have the disk C: as OS and disk Z: for the temporary drive. thanks, ps: i know how to change it after the vm is running as per https://docs.microsoft.com/en-us/azure/virtual-machines/windows/change-drive-letter

nginx multiple paths (too many) Posted: 05 Mar 2022 07:01 PM PST i got this working nginx config: server { listen 80; server_name mydomain.com; root /var/www/mydomain/wordpress; index index.html index.php; location /customer1 { alias /var/www/mydomain/customers/custumer1; } location /customer2 { alias /var/www/mydomain/customers/custumer2; } ... location /customerN { alias /var/www/mydomain/customers/custumerN; } where customer1...customerN are nicknames. the problem is that custmers are growing fast. so, is there a way to make this config more efficient? is there a way to create arrays maybe? thanks!

OS X NFS Automount: "locallocks" ignored? Posted: 05 Mar 2022 11:03 PM PST I'm having an issue with file-locking and auto mounting on OS X. Here is my auto_master file: # # Automounter master map # +auto_master # Use directory service /net -hosts -nobrowse,hidefromfinder,nosuid /home auto_home -nobrowse,hidefromfinder /Network/Servers -fstab /- -static /- /etc/auto_nfs And here is auto_nfs: # Common Configuration /Shared/Family -fstype=nfs,rw,nodev,nosuid,nfc,locallocks nfs://10.0.0.11/Volumes/PDISK3/VDISKS/General1/Groups/Family\ Shared /Shared/Users/christopher -fstype=nfs,rw,nodev,nosuid,nfc,locallocks nfs://10.0.0.11/Volumes/PDISK3/VDISKS/General1/Users/christopher /Shared/Scratch1 -fstype=nfs,rw,nodev,nosuid,nfc,locallocks nfs://10.0.0.11/Volumes/PDISK2/VDISKS/Scratch1 # END Common Configuration It appears as though locallocks is ignored (the mount command doesn't show it and chflags fails and Finder's info window has a greyed-out Locked box). I've tried all combinations (e.g. nolocks, nolocks,locallocks, etc) to no avail. While I'm OK with not having locks in general on the NFS side, having the lack of even a facade of locks is causing OS X to go insane if I try to have home directories on the NFS mount. So: how do I get locks (or even a facade of locks) to work on an NFS share? Misc details: The server is an NFS4 server on Linux Mint with exports like this: /Volumes/PDISK2 10.0.0.2(rw,async,no_subtree_check,insecure,no_root_squash) 10.0.0.3(rw,async,no_subtree_check,insecure,no_root_squash) 10.0.0.0/16(rw,async,no_subtree_check,insecure) /Volumes/PDISK3 10.0.0.2(rw,async,no_subtree_check,insecure,no_root_squash) 10.0.0.3(rw,async,no_subtree_check,insecure,no_root_squash) 10.0.0.0/16(rw,async,no_subtree_check,insecure) /Volumes/PDISK4 10.0.0.2(rw,async,no_subtree_check,insecure,no_root_squash) 10.0.0.3(rw,async,no_subtree_check,insecure,no_root_squash) 10.0.0.0/16(rw,async,no_subtree_check,insecure) (Note: this computer is not one of the computers given root access and will remain that way). If I set no_auth_rlm on the server, the Locked checkbox is no longer greyed out in the Finder but it won't let me check it (it unchecks itself). If I do this: touch a ; chflags uchg a on one of the mounts, I get: chflags: a: Operation not supported Interestingly, chflags nouchg a works, but still doesn't allow chflags uchg a afterwards. Note that it also doesn't work as root from one of the computer given root access. The accounts are all from an OS X El Capitan Open Directory server. Yes, it is set up correctly (I can absolutely access/write/edit/etc everything, with the exception what what's apparently an OS X bug w.r.t deleting directories from the Finder). This is cross-posted because there are two main groups who may have come across this: SysAdmins who have integrated OS X into directory groups (hence ServerFault) and OS-X enthusiasts who have tried to do the same thing personally or for a small business and had issues (hence Think Different). More information, provided by "Heinrich": This is not really an auto mount problem. Is seems that the mount(8), or mount_nfs(8) program simply ignores most options: > mount_nfs -o lock,rsize=65535 newserver:/Volumes/Newdata/kits /mnt > mount|grep /mnt newserver:/Volumes/Newdata/kits on /mnt (nfs) > umount /mnt > mount_nfs -o lock,nodev newserver:/Volumes/Newdata/kits /mnt > mount|grep /mnt newserver:/Volumes/Newdata/kits on /mnt (nfs, nodev) "nodev" is honored, but everything else seems to be ignored.

What process is causing unexpected nslcd syslog entries? Posted: 05 Mar 2022 10:02 PM PST We're using LDAP for authenticating users our devices using nslcd and we're seeing messages in syslog like this: /var/log/syslog.1:Dec 20 06:25:11 T53-1014-014 nslcd[1496]: [398c89] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:11 T53-1014-014 nslcd[1496]: [4fe9f9] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:14 T53-1014-014 nslcd[1496]: [b5af5c] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:15 T53-1014-014 nslcd[1496]: [1226bb] <passwd=-1> ldap_search_ext() failed: Can't contact LDAP server /var/log/syslog.1:Dec 20 06:25:15 T53-1014-014 nslcd[1496]: [1226bb] <passwd=-1> no available LDAP server found, sleeping 1 seconds /var/log/syslog.1:Dec 20 06:25:16 T53-1014-014 nslcd[1496]: [34b6a8] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:16 T53-1014-014 nslcd[1496]: [233c99] <passwd=-1> ldap_search_ext() failed: Can't contact LDAP server /var/log/syslog.1:Dec 20 06:25:16 T53-1014-014 nslcd[1496]: [233c99] <passwd=-1> no available LDAP server found, sleeping 1 seconds /var/log/syslog.1:Dec 20 09:01:04 T53-1014-014 nslcd[1496]: [0c57b1] <passwd=-1> ldap_search_ext() failed: Can't contact LDAP server /var/log/syslog.1:Dec 20 09:01:04 T53-1014-014 nslcd[1496]: [0c57b1] <passwd=-1> no available LDAP server found, sleeping 1 seconds We want to get rid of these messages without simply reconfiguring what is logged. So preferably we learn what is going on and reconfigure the system such that these messages are no longer generated in the first place. But how to analyse this? The problem is that any process can do something that triggers the system to perform an authentication action and in the log you cannot see which process is triggering the authentication action. Any thoughts on how to analyse this? I'm fine with adding extra diagnostic code to the source of nslcd if that helps and deploying that instrumented executable. We're using an old Ubuntu distro: 12.04, nss-pam-ldapd-0.8.4 Update: I've created a modified version of nslcd which logs the command line of the applications that connect to it. This helps a lot, obviously.

Exchange 2010 - Auto-forwarded email not arriving at destination (20/40% missing) Posted: 05 Mar 2022 08:02 PM PST Good morning, we have a weird issue with Auto Forwarding emails from Exchange 2010. Little background information first, I work for a daughter-company, lets say @bla-daughter.com. Our head office is @bla.com When customers send a purchase order, they send it to: info@bla.com, which is a distribution list. That sends it to user1@bla.com and user2@bla.com. Those then auto forward to user1@bla-daughter.com and user2@bla-daughter.com. Everyone still with me :) Ok, now the emails arrive at user2@bla.com and user1@bla.com mailboxes, but between 20% and 40% doesnt arrive at user1@bla-daughter.com and user2@bla-daughter.com. Example, I send 5 emails from my google account, 3 arrived. Boss send 5 from outlook.com, 4 arrived. Other guy send 5 from some Russian web based email, also 3 arrived. To summarise the flow Info@bla.com -(works)-> user1/user2@bla.com -(20/40% missing)-> user1/user2@bla-daughter.com Now, we have confirmed the following 1. We get no error messages or refusal messages from the servers, not from Bla nor bla-daughter.com 2. Send 50+ test messages to info@bla.com, they all arrive in users mailboxes 3. Checked the junk mail for users at bla-daughter.com (also did Tracking Log Explorer, emails didnt arrive at @bla-daughter.com) My supision, due to lack of error messages/bounce back messages, that not all emails are being forwarded. Is there a way to see if the exchange-server @bla.com actually forwarded the email? Second, can anyone think of another point of failure that I have overlook. I know, most ppl with go TL;DR, but let me know if you can think of something, or if you have additional questions, as I am stuck atm.

Make: Permission Denied (until I `cd .`) Posted: 05 Mar 2022 10:02 PM PST I have an account on a shared host running FreeBSD 5.5-STABLE. I was compiling my own version of Ruby today, and encountered this anomaly: If I tried to execute 'make', I get a "permission denied" error. However, if I execute: cd . And then make Everything work just fine. Any clue why this happens? It obviously isn't causing me problems as I am eventually able to execute make just fine, but I am very curious what is going on here.

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States