Recent Questions - Server Fault

---

• Migrating libvirt guest vm to a new storage directory on the same host
• Terraform apply fails on a template that has worked previously
• Rewrite rules for all but one directory (recursive)
• Kernel log - regular "Attempting task abort - Power-on or device reset occurred" errors
• Moving from Centrify to Samba, dealing with UID and GID
• Why does a scheduled task access the database as anonymous (vs configured acct)?
• Apache - Blocking direct access to image
• Why apache server go faster after reboot?
• Azure Devops -- Link files in one organization to work item (task) in a different organization
• rsyslog: suppress duplicate messages
• How to find contents of Windows updates that were applied?
• Nginx reverse proxy issue in redirection without trailing slash
• Is this powershell script appropriately using the Get-ADUser command to filter with a txt file?
• Why do our network does not have internet when adding a route?
• Redis failed every few hours
• How do I make a certificate request in windows 11 from the command line?
• Trouble filtering DNS responses with tcpdump
• Why and how would I transmit emails via several Mail Transfer Agents?
• Subcommand in dockerised app exits with `exit code 1`
• Cannot configure MFA even after acquiring Azure AD Premium P1 license
• Getting CORS error while accessing audio files on same server in chrome
• sssd credential chaching does not work
• AADSTS650052: The app needs access to a service (\"http://rts.powerapps.com\")
• Java Flight Recorder Docker Container
• How to Add Wireless PEAP Profile Username and Password for during MDT Deployment
• Configuring a custom HTTPS certificate on a Netgear Switch (e.g. GS724T)
• What process is causing unexpected nslcd syslog entries?
• Enforce loading of php.ini files from current folder
• Can't request computer certificate

Migrating libvirt guest vm to a new storage directory on the same host Posted: 06 Jul 2022 04:01 PM PDT I have found a few related questions/articles but nothing about just simply moving an existing VM to a new directory on the same machine. That's what this question entails. For this scenario, I need to move an existing virtual machine storage from /var/lib/libvirt/images/ to /var/lib/libvirt/new-dir/ Here is my theorized work plan: virsh shutdown my-vm-name rsync -a /var/lib/libvirt/images/my-vm-name /var/lib/libvirt/new-dir/ virsh edit my-vm-name (within edit window)--> :s/\/var\/lib\/libvirt\/images/\/var\/lib\/libvirt\/new-dir/g virsh start my-vm-name Will this work? Is there a cleaner/better way to do it?

Terraform apply fails on a template that has worked previously Posted: 06 Jul 2022 03:46 PM PDT I'm new to Terraform (and to a lesser extent, GCP) and I'm trying to deploy a small Ubuntu VM so we can spin up Jupyter development environments for our Data team. I have a fairly simple template (It's mostly based on the Terraform tutorial) and it has succesfully provisioned resources as desired on previous runs. The template creates a VPC, adds a rule allowing TCP traffic on port 22 for SSH based on a tag and creates an Ubuntu VM with said tag. After running terraform destroy, subsequent executions of terraform apply will fail with the following error: Error: Error waiting for instance to create: The zone 'projects/project-name/zones/us-central1-c' does not have enough resources available to fulfill the request. Try a different zone, or try again later. │ │ │ with google_compute_instance.vm_instance, │ on main.tf line 33, in resource "google_compute_instance" "vm_instance": │ 33: resource "google_compute_instance" "vm_instance" { │ I have a suspicion that it may have to do with service quotas, but so far searching the web has led me to dead ends and I can't quite grasp how it may (or may not) be the cause of the problem. I tried deploying this template in us-west1-a and it worked just fine, so I'm not sure if there's some resource that's being deployed implicitly (that is to say, I didn't specify it myself inside the template but it was deployed as part of the VPC and VM) Any help would be greatly appreciated, I'm new to IaC and I'd like to have this up and running soon(ish) so I can decrease my team's technical debt. Here's the template in question (with some names changed): terraform { required_providers { google = { source = "hashicorp/google" version = "3.5.0" } } } provider "google" { credentials = file(var.credentials_file) project = var.project region = var.region zone = var.zone } resource "google_compute_network" "vpc_network" { name = "terraform-network" } resource "google_compute_firewall" "ssh_rule" { name = "allow-ssh" network = google_compute_network.vpc_network.name allow { protocol = "tcp" ports = ["22"] } target_tags = ["jupyter"] source_ranges = ["0.0.0.0/0"] } resource "google_compute_instance" "vm_instance" { name = "jupyter-sandbox" description = "This is a description for Server Fault" machine_type = "f1-micro" tags = ["jupyter", "sandbox"] boot_disk{ initialize_params{ image = "ubuntu-2204-jammy-v20220622" } } network_interface{ network = google_compute_network.vpc_network.name access_config { } } }

Rewrite rules for all but one directory (recursive) Posted: 06 Jul 2022 03:41 PM PDT We need to do a rewrite for a subdirectory of a site to its own host, with the exception of one directory. We also need to be sure that the original subdirectory is dropped in the rewrite. (using hppts instead of https because otherwise the site pitches a fit at the number of links.) Also, I am whatever rank is lower than Novice when it comes to rewrite rules and Apache in general, so please treat me accordingly. Scenario: We have a main site with a subdir that needs to be rewritten to its own host. hppts://www.site.com/product needs to be rewritten to hppts://www.product.com However, there is one directory we want to remain intact recursively. So: hppts://www.site.com/product/dir1/dir2/dir3 needs to continue to work without being rewritten to www.product.com. I'm having a hell of a time figuring out how to do this. So basically I'm looking for a way to do some kind of exclusion. Also, how do I do a rewrite so that it writes the original query, but drops the subdirectory the condition is based on. That is, when I do what I think is a proper rewrite for this: hppts://www.site.com/product/dir5 it gets rewritten to hppts://www.product.com/product/dir5 instead of hppts://www.product.com/dir5. The rule the guy is trying is: RewriteEngine on RewriteCond %{REQUEST_URI}!^/dir1/ RewriteRule (.*) hppts://www.product.com/$1 [R=301,L] But anything we try returns hppts://www.product.com/product/%whatever the query was%/. Any help is appreciated.

Kernel log - regular "Attempting task abort - Power-on or device reset occurred" errors Posted: 06 Jul 2022 02:48 PM PDT About once every two weeks, I get this kind of error in my kernel log: [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: attempting task abort! scmd(000000006f6a751f) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: [sde] tag#3471 CDB: Synchronize Cache(10) 35 00 00 00 00 00 00 00 00 00 [Wed Jul 6 16:11:14 2022] scsi target0:0:4: handle(0x001d), sas_address(0x443322110b000000), phy(11) [Wed Jul 6 16:11:14 2022] scsi target0:0:4: enclosure logical id(0x500062b206412140), slot(17) [Wed Jul 6 16:11:14 2022] scsi target0:0:4: enclosure level(0x0000), connector name( ) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: task abort: SUCCESS scmd(000000006f6a751f) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: attempting task abort! scmd(000000005203b095) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: [sde] tag#3012 CDB: Read(16) 88 00 00 00 00 02 a5 27 a8 48 00 00 01 00 00 00 [Wed Jul 6 16:11:14 2022] scsi target0:0:4: handle(0x001d), sas_address(0x443322110b000000), phy(11) [Wed Jul 6 16:11:14 2022] scsi target0:0:4: enclosure logical id(0x500062b206412140), slot(17) [Wed Jul 6 16:11:14 2022] scsi target0:0:4: enclosure level(0x0000), connector name( ) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: task abort: SUCCESS scmd(000000005203b095) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: [sde] tag#3012 FAILED Result: hostbyte=DID_TIME_OUT driverbyte=DRIVER_OK [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: [sde] tag#3012 CDB: Read(16) 88 00 00 00 00 02 a5 27 a8 48 00 00 01 00 00 00 [Wed Jul 6 16:11:14 2022] print_req_error: I/O error, dev sde, sector 11360774216 [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: attempting task abort! scmd(00000000baf88a87) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: [sde] tag#3011 CDB: Read(16) 88 00 00 00 00 02 a5 27 a3 48 00 00 01 00 00 00 [Wed Jul 6 16:11:14 2022] scsi target0:0:4: handle(0x001d), sas_address(0x443322110b000000), phy(11) [Wed Jul 6 16:11:14 2022] scsi target0:0:4: enclosure logical id(0x500062b206412140), slot(17) [Wed Jul 6 16:11:14 2022] scsi target0:0:4: enclosure level(0x0000), connector name( ) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: task abort: SUCCESS scmd(00000000baf88a87) [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: [sde] tag#3011 FAILED Result: hostbyte=DID_TIME_OUT driverbyte=DRIVER_OK [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: [sde] tag#3011 CDB: Read(16) 88 00 00 00 00 02 a5 27 a3 48 00 00 01 00 00 00 [Wed Jul 6 16:11:14 2022] print_req_error: I/O error, dev sde, sector 11360772936 [Wed Jul 6 16:11:14 2022] sd 0:0:4:0: Power-on or device reset occurred [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2451 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#3453 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#3200 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#3453 CDB: Read(16) 88 00 00 00 00 05 74 ff fd 20 00 00 00 08 00 00 [Wed Jul 6 16:11:15 2022] print_req_error: I/O error, dev sde, sector 23437770016 [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2451 CDB: Read(16) 88 00 00 00 00 01 fd 8e 63 38 00 00 01 00 00 00 [Wed Jul 6 16:11:15 2022] print_req_error: I/O error, dev sde, sector 8548934456 [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#3200 CDB: Read(16) 88 00 00 00 00 01 fd 8e 64 38 00 00 01 00 00 00 [Wed Jul 6 16:11:15 2022] print_req_error: I/O error, dev sde, sector 8548934712 [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: Power-on or device reset occurred [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2050 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2504 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2050 CDB: Write(16) 8a 00 00 00 00 05 26 99 8f 68 00 00 00 08 00 00 [Wed Jul 6 16:11:15 2022] print_req_error: I/O error, dev sde, sector 22122434408 [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2504 CDB: Read(16) 88 00 00 00 00 00 00 00 20 00 00 00 00 08 00 00 [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#3203 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#3203 CDB: Read(16) 88 00 00 00 00 02 a5 27 ad 48 00 00 01 00 00 00 [Wed Jul 6 16:11:15 2022] print_req_error: I/O error, dev sde, sector 11360775496 [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2505 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:15 2022] sd 0:0:4:0: [sde] tag#2505 CDB: Read(16) 88 00 00 00 00 02 a5 27 ac 48 00 00 01 00 00 00 [Wed Jul 6 16:11:15 2022] print_req_error: I/O error, dev sde, sector 11360775240 [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:15 2022] print_req_error: I/O error, dev sde, sector 8192 [Wed Jul 6 16:11:15 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] sd 0:0:4:0: Power-on or device reset occurred [Wed Jul 6 16:11:16 2022] sd 0:0:4:0: [sde] tag#2615 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 16:11:16 2022] print_req_error: I/O error, dev sde, sector 22122434448 [Wed Jul 6 16:11:16 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] sd 0:0:4:0: [sde] tag#2615 CDB: Write(16) 8a 00 00 00 00 05 26 99 8f a0 00 00 00 08 00 00 [Wed Jul 6 16:11:16 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 16:11:16 2022] sd 0:0:4:0: Power-on or device reset occurred [Wed Jul 6 16:11:17 2022] sd 0:0:4:0: Power-on or device reset occurred [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: attempting task abort! scmd(00000000685dac60) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: [sdi] tag#371 CDB: Read(16) 88 00 00 00 00 05 23 d4 00 e0 00 00 01 00 00 00 [Wed Jul 6 17:31:04 2022] scsi target0:0:8: handle(0x0021), sas_address(0x4433221113000000), phy(19) [Wed Jul 6 17:31:04 2022] scsi target0:0:8: enclosure logical id(0x500062b206412140), slot(9) [Wed Jul 6 17:31:04 2022] scsi target0:0:8: enclosure level(0x0000), connector name( ) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: task abort: SUCCESS scmd(00000000685dac60) [Wed Jul 6 17:31:04 2022] scsi_io_completion_action: 6 callbacks suppressed [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: [sdi] tag#371 FAILED Result: hostbyte=DID_TIME_OUT driverbyte=DRIVER_OK [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: [sdi] tag#371 CDB: Read(16) 88 00 00 00 00 05 23 d4 00 e0 00 00 01 00 00 00 [Wed Jul 6 17:31:04 2022] print_req_error: 6 callbacks suppressed [Wed Jul 6 17:31:04 2022] print_req_error: I/O error, dev sdi, sector 22075932896 [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: attempting task abort! scmd(00000000c7dc4ce2) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: [sdi] tag#370 CDB: Read(16) 88 00 00 00 00 05 23 d3 ea e0 00 00 01 00 00 00 [Wed Jul 6 17:31:04 2022] scsi target0:0:8: handle(0x0021), sas_address(0x4433221113000000), phy(19) [Wed Jul 6 17:31:04 2022] scsi target0:0:8: enclosure logical id(0x500062b206412140), slot(9) [Wed Jul 6 17:31:04 2022] scsi target0:0:8: enclosure level(0x0000), connector name( ) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: task abort: SUCCESS scmd(00000000c7dc4ce2) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: [sdi] tag#370 FAILED Result: hostbyte=DID_TIME_OUT driverbyte=DRIVER_OK [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: [sdi] tag#370 CDB: Read(16) 88 00 00 00 00 05 23 d3 ea e0 00 00 01 00 00 00 [Wed Jul 6 17:31:04 2022] print_req_error: I/O error, dev sdi, sector 22075927264 [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: attempting task abort! scmd(00000000d5697c0a) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: [sdi] tag#16 CDB: Synchronize Cache(10) 35 00 00 00 00 00 00 00 00 00 [Wed Jul 6 17:31:04 2022] scsi target0:0:8: handle(0x0021), sas_address(0x4433221113000000), phy(19) [Wed Jul 6 17:31:04 2022] scsi target0:0:8: enclosure logical id(0x500062b206412140), slot(9) [Wed Jul 6 17:31:04 2022] scsi target0:0:8: enclosure level(0x0000), connector name( ) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: task abort: SUCCESS scmd(00000000d5697c0a) [Wed Jul 6 17:31:04 2022] sd 0:0:8:0: Power-on or device reset occurred [Wed Jul 6 17:31:05 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:05 2022] sd 0:0:8:0: [sdi] tag#4 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:05 2022] sd 0:0:8:0: [sdi] tag#4 CDB: Read(16) 88 00 00 00 00 00 00 00 00 08 00 00 00 08 00 00 [Wed Jul 6 17:31:05 2022] print_req_error: I/O error, dev sdi, sector 8 [Wed Jul 6 17:31:05 2022] sd 0:0:8:0: [sdi] tag#736 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:05 2022] sd 0:0:8:0: [sdi] tag#736 CDB: Read(16) 88 00 00 00 00 04 c8 4d fc 38 00 00 00 08 00 00 [Wed Jul 6 17:31:05 2022] print_req_error: I/O error, dev sdi, sector 20540423224 [Wed Jul 6 17:31:05 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:05 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:05 2022] sd 0:0:8:0: [sdi] tag#735 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:05 2022] sd 0:0:8:0: [sdi] tag#735 CDB: Read(16) 88 00 00 00 00 04 70 9a 87 30 00 00 01 00 00 00 [Wed Jul 6 17:31:05 2022] print_req_error: I/O error, dev sdi, sector 19069044528 [Wed Jul 6 17:31:05 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:05 2022] sd 0:0:8:0: Power-on or device reset occurred [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5726 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5723 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5726 CDB: Read(16) 88 00 00 00 00 01 53 df 28 00 00 00 01 00 00 00 [Wed Jul 6 17:31:06 2022] print_req_error: I/O error, dev sdi, sector 5702100992 [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#939 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5723 CDB: Read(16) 88 00 00 00 00 05 74 ff fc 20 00 00 00 08 00 00 [Wed Jul 6 17:31:06 2022] print_req_error: I/O error, dev sdi, sector 23437769760 [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#939 CDB: Read(16) 88 00 00 00 00 05 23 d3 fc e0 00 00 01 00 00 00 [Wed Jul 6 17:31:06 2022] print_req_error: I/O error, dev sdi, sector 22075931872 [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: Power-on or device reset occurred [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5738 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5693 FAILED Result: hostbyte=DID_SOFT_ERROR driverbyte=DRIVER_OK [Wed Jul 6 17:31:06 2022] print_req_error: I/O error, dev sdi, sector 22238540184 [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5693 CDB: Write(16) 8a 00 00 00 00 00 b9 9c 77 18 00 00 01 00 00 00 [Wed Jul 6 17:31:06 2022] print_req_error: I/O error, dev sdi, sector 3114039064 [Wed Jul 6 17:31:06 2022] sd 0:0:8:0: [sdi] tag#5738 CDB: Read(16) 88 00 00 00 00 05 74 ff ff 88 00 00 00 38 00 00 [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:06 2022] mpt3sas_cm0: log_info(0x31110e03): originator(PL), code(0x11), sub_code(0x0e03) [Wed Jul 6 17:31:07 2022] sd 0:0:8:0: Power-on or device reset occurred [Wed Jul 6 17:31:07 2022] sd 0:0:8:0: Power-on or device reset occurred I have about 20 SATA drives attached to the SATA/SAS controller on this server, and the error occurs with many (though not all) drives, with some drives being causing errors more often than others. The issue seems to be related to filesystem load (heavier load => errors are more likely). Until today, the issue only ever affected one drive at a time, and all my drives are mirrored, so I've been able to resilver the faulted mirror whenever a fault occurred. I've been Googling this problem and searching various support forums without any success from time to time over the 2 year period while this problem has been plaguing me. However, today, both mirrors in a 2-drive mirror experienced the same fault in the space of 1 hour, making the need to solve this problem more urgent. I guess it could be a hardware/controller problem, but I don't know how to check if that's the case or not, or how to fix it if it is. Any help would be appreciated. Thank you.

Moving from Centrify to Samba, dealing with UID and GID Posted: 06 Jul 2022 02:40 PM PDT The network I run has used Centrify as its Linux/Mac to Active Directory intermediary since I started. The Macs are now gone leaving just the Linux servers. Now Centrify is on the chopping block and a free alternative must be found. I have looked into realmd, samba, sssd, and winbind and have come up with a working system, for the most part, using a combination of realmd to join the domain with samba and winbind as the backends. As said this is working however one major problem became apparent. The UID and GID numbers used by Centrify were not the same numbers being created for the accounts and groups with the new systems. Shifting the idmap directives to mirror the range used by Centrify, based on what Centrify gives out and not on its configuration, did not help. So I grabbed all the UID and GID numbers, inserted a select few into the uidNumber and gidNumber attributes in the proper user accounts and groups within Active Directory, and after changing the samba config tried again. This time both the UID and GID came up properly except for one error: /usr/bin/id: cannot find name for group ID #####. Checking the id output shows that the numbers are there and correct however the gidNumber attribute in the user account is confusing the system. Under Centrify the GID numbers within the user account are used to "create" the users primary group. Said primary group has the same name as the user. So user greg has a primary group of greg with the UID of the user matching the GID of the group. This is behavior I want as it keeps from pushing the Domain Users group on the users home directory, and any other private directories as well. Does anyone know of a good way to allow samba/winbind/realmd to properly name these groups without them existing in AD? I would think that it would pull the samaccountname as the group name just like with the user but instead it is looking for an existing group.

Why does a scheduled task access the database as anonymous (vs configured acct)? Posted: 06 Jul 2022 02:26 PM PDT I have a PowerShell script that runs a SQL query against a MSSQL server (different server). The script runs as expected when run interactively. When run as a scheduled task with the same credentials, I don't get query results. The task runs the script and report success, but no data is retrieved. From what we see in the logs, the connection to the SQL server is made as NT AUTHORITY\ANONYMOUS LOGIN. Details: Task server Win 2019 SQL server Win 2019 SQL v.2019 Credentials are an AD account with password stored at task creation Account has local admin rights AD func. level 2016 Script uses Get-SQL module for query Connect string uses Integrated Security=true Task is set to run with highest priv.

Apache - Blocking direct access to image Posted: 06 Jul 2022 02:05 PM PDT I use apache 2.4.41 and I would like to deny direct access to image files on my server. I've implemented the following code in my apache configuration file : SetEnvIf Referer "(www\.)?mywebsite\.net" localreferer <FilesMatch "\.(jpg|png|gif)$"> Require env localreferer </FilesMatch> However I have a strange behavior. In a web browser, when a try to access an image file directly with its url, I don't get a 403 error code (as expected) and the image is displayed. But, when reloading the page (F5 or cmd+R on a mac), the ressource is blocked and a 403 error status is displayed. When trying a curl -I, I have the following result : HTTP/1.1 302 Found Date: Wed, 06 Jul 2022 14:31:35 GMT Server: Apache/2.4.41 (Ubuntu) Location: http://www.mywebsite.net/error/403.php But I should get HTTP/1.1 403 Forbidden... Could someone help me with this issue ? Many thanks in advance.

Why apache server go faster after reboot? Posted: 06 Jul 2022 01:59 PM PDT I notice a significant performance gain after a reboot of the server (Apache Debian / PHP / MariaDB Mysql). For several weeks, the page loading time gradually increased from 50 ms to 150 ms and immediately after the reboot the server regained its performance of 50 ms. I saw on some forums that it could come from the mysql server? Maybe things that get cached? (The server makes a very large number of always different mysql requests)

Azure Devops -- Link files in one organization to work item (task) in a different organization Posted: 06 Jul 2022 01:21 PM PDT We have an on-premises Azure Devops Server running Azure Devops 2020. We would like to link files in one organization (A) to work item (Agile task) in a different organization (B). For example, I may need to check in a .html file in organization A, and link it to fulfilling a User Story kept under organization B. Both organizations (A and B) would reside on the same Azure-Devops on premises server. This server is compatible with Azure Devops 2020. The goal would be to link the task from B while using Visual Studio interface to check in code for A. Is this possible, and if so, could an outline of a procedure on how to do this be given, please?

rsyslog: suppress duplicate messages Posted: 06 Jul 2022 01:29 PM PDT Background A stateless application starts, runs, and stops every 1 second. If the application encounters an error, that error is logged. rsyslogd 8.1901.0 (aka 2019.01) Problem When the error occurs, the log is spammed every 1 second until the error is resolved. We only need to see the error once. The application, being stateless, does not "remember" that it had already logged the error. The $RepeatedMsgReduction on option is not a recommended solution, for various reasons. Code Here's what I've tried: if $msg contains "app error" then set $/app!error!count = $/app!error!count + 1; if $/app!error!count == 10 then set $/app!error!count = 1; if not $/app!error!count == 1 then ~; Then: logger "app error" logger "app error" sudo tail -f /var/log/syslog This shows: 2022-07-06T13:24:42.697247-07:00 host username: app error 2022-07-06T13:24:42.880985-07:00 host username: app error I was expecting to see a single line. Question How would you codify something like the following logic in rsyslog's scripting language: IF NOT DEFINED error_count THEN error_count = 0 IF message CONTAINS "{{error message}}" THEN error_count = error_count + 1 IF error_count > 10 THEN error_count = 1 IF error_count != 1 THEN stop Essentially, the first time the error is encountered, log the message; otherwise, when the error message has occurred 10 times, log the error again. In effect, this will log the error once every 10 seconds. A more rigorous solution would also take into consideration the timestamp to reset the count. Possibly: IF NOT DEFINED error_count THEN error_count = 0 IF NOT DEFINED error_timestamp THEN error_timestamp = current_timestamp IF message CONTAINS "{{error message}}" THEN {error_count = error_count + 1; error_timestamp = current_timestamp} IF current_timestamp - error_timestamp > 10 seconds THEN {error_count = 1; error_timestamp = current_timestamp} IF error_count > 10 THEN error_count = 1 IF error_count != 1 THEN stop

How to find contents of Windows updates that were applied? Posted: 06 Jul 2022 12:45 PM PDT I have an application that depends on the .NET 5 runtime being on the server. One day it started failing with strange messages. Turns out the .NET runtime was no longer there. Ok, thats strange. So I started looking through windows updates etc. Not sure where to look. What Ive done so far is look through the Windows app log with the filter on MSIInstaller and I found a few hits on or before the problems started. Given a specific KB# how can one find the contents of what was being done for this update?

Nginx reverse proxy issue in redirection without trailing slash Posted: 06 Jul 2022 12:17 PM PDT I am running an nginx reverse proxy with apache as a backend server. I have multiple applications running without any problems, but some php-js websites fails to redirect properly. when I sent a request to example.com/admin it should redirects to example.com/admin/ but instead I get a redirection to example.com:internal_port/admin/. here is some useful information: Nginx configuration: server { server_name example.com; root /var/www/html/; index index.php index.html index.htm; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://localhost:8080; proxy_read_timeout 600s; } location ~ /\.ht { deny all; } listen 80; } apache configuration: <VirtualHost localhost:8080> DocumentRoot /var/www/html/example.com/ ServerName localhost:8080 LogLevel debug ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> Http headers when requesting from localhost: $ curl localhost:8080/admin -v GET /admin HTTP/1.1 Host: localhost:8080 User-Agent: curl/7.58.0 Accept: */* HTTP/1.1 301 Moved Permanently Date: Wed, 06 Jul 2022 17:59:37 GMT Location: http://localhost:8080/admin/ Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://localhost:8080/admin/">here</a>.</p> <hr> </body></html>

Is this powershell script appropriately using the Get-ADUser command to filter with a txt file? Posted: 06 Jul 2022 01:46 PM PDT Here is the command I have so far. $List = Get-Content c:\userlist.txt $Users = @() foreach ($Item in $List) { $Users += Get-ADUser -Filter {samAccountName -like "*$Item*"} } $Users | Select-Object samAccountName,Surname What I want to do is use PowerShell and take a list of users to pull information such as login IPs, client host names, and login successes/failures from AD. Is this a good command to start with? The script isn't how I would like it just yet as I haven't configured it to my liking so it's just a base idea I have yet to edit.

Why do our network does not have internet when adding a route? Posted: 06 Jul 2022 03:49 PM PDT We have 2 Networks. The first is an OpenVPN server with the Network 10.170 The second is a Gateway-Server for our laptops, printers etc. on Network 10.133.10.1 It haves the OpenVPN-IP 10.170.0.19 The Connection between them is stable, but as soon as i add an routing, all clients within the 2nd network do not have internet. The connection between the 2 servers is still stable and i also can reach the devices in network 2 from the 1st netwerk, but there, windows shows "No Internet Connection" and we cant open any website. The routing command i used on 10.133.10.1 is: ip route add 10.133.10.0/24 via 10.170.0.19 dev tun0. I do it manually since i found out, this causes the error. Before, we had route 10.133.10.0 255.255.255.0 in the clients config. What can cause this error and how could this be fixed? edit:

Redis failed every few hours Posted: 06 Jul 2022 12:15 PM PDT I have a problem in redis, Each 18-30 hour it failed and I should restart it manually to run it again. Our server have 1 wordpress website. Redis version: 5.0.3 OS: CentOS Linux release 8.3.2011 regards Check Erro Message From Here

How do I make a certificate request in windows 11 from the command line? Posted: 06 Jul 2022 03:06 PM PDT We have a working internal certificate process and instructions on how to use it involving certreq; however on Windows 11 it stopped generating SAN correctly. Internal certreq template: [Version] Signature="$Windows NT§" [NewRequest] Subject = "CN=<machine-name>.Dexter2.Cedaron,O=Cedaron,OU=<machine-name>,ST=California,L=Davis,C=US" KeyLength = 2048 KeySpec = 1 Exportable = True ProviderName = "Microsoft RSA SChannel Cryptographic Provider" HashAlgorithm = SHA256 MachineKeySet = True SMIME = False UseExistingKeySet = False RequestType = PKCS10 KeyUsage = 0xA0 Silent = True FriendlyName = "Certificate SHA-256" [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=<machine-name>.Dexter2.Cedaron&dns=<machine-name>&dns=localhost" New template to try to fix the problem: [Version] Signature="$Windows NT§" [NewRequest] Subject = "CN=<machine-name>.Dexter2.Cedaron,O=Cedaron,OU=<machine-name>,ST=California,L=Davis,C=US" KeyLength = 2048 KeySpec = 1 Exportable = True ProviderName = "Microsoft RSA SChannel Cryptographic Provider" HashAlgorithm = SHA256 MachineKeySet = True SMIME = False UseExistingKeySet = False RequestType = PKCS10 KeyUsage = 0xA0 Silent = True FriendlyName = "Certificate SHA-256" [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 [RequestAttributes] SAN="dns=<machine-name>&dns=<machine-name>&" I can see the request attribute for SAN in the file either way, but it's corrupted. I'm currently getting undefined: 0: hostname.domainnamemyusernamecertreq Web searches find the same broken instructions still. For example: https://saketupadhyay.medium.com/how-to-create-a-certificate-signing-request-csr-in-2021-windows-11-10-156202d1bf97 This generates the necessary except for SAN is no longer filled. Please specify if the command needs powershell. I don't mind using powershell but if you don't specify I'm going to key it into cmd.exe and wonder why it doesn't work.

Trouble filtering DNS responses with tcpdump Posted: 06 Jul 2022 02:52 PM PDT I'm having troubles with tcpdump. I want to only capture DNS packets that are responses containing authoritative responses with a single RR that is 0.0.0.0. For example I want to only capture packets like this: root@OpenWrt:~# tcpdump -XKvvv 'udp src port 53' tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes 22:40:19.929483 IP (tos 0x0, ttl 64, id 60020, offset 0, flags [DF], proto UDP (17), length 74) OpenWrt.lan.53 > 192.168.0.231.12244: 730* q: A? test.2o7.net. 1/0/0 test.2o7.net. [0s] A 0.0.0.0 (46) 0x0000: 4500 004a ea74 4000 4011 cdf5 c0a8 0001 E..J.t@.@....... 0x0010: c0a8 00e7 0035 2fd4 0036 8280 02da 8580 .....5/..6...... 0x0020: 0001 0001 0000 0000 0474 6573 7403 326f .........test.2o 0x0030: 3703 6e65 7400 0001 0001 c00c 0001 0001 7.net........... 0x0040: 0000 0000 0004 0000 0000 .......... ^C 1 packet captured 1 packet received by filter 0 packets dropped by kernel The UDP header is always 8 bytes so the start of the UDP data should be at udp[7] in the filter syntax. The DNS packet starts with 2 bytes of ID then a two byte flag word so the flag word should start at offset 9, and the AA bit is bit 5 of flag. But when I test that out with filter udp port 53 and (udp[9:2]&0xfbff) != 0 it doesn't print only authoritative answers. This is what happens: root@OpenWrt:~# tcpdump -XKvvv 'udp src port 53 and (udp[9:2]&0xfbff) != 0' tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes 22:42:42.233028 IP (tos 0x0, ttl 64, id 16920, offset 0, flags [DF], proto UDP (17), length 76) OpenWrt.lan.53 > 192.168.0.231.50259: 55688 q: A? duckduckgo.com. 1/0/0 duckduckgo.com. [1m26s] A 52.250.42.157 (48) 0x0000: 4500 004c 4218 4000 4011 7650 c0a8 0001 E..LB.@.@.vP.... 0x0010: c0a8 00e7 0035 c453 0038 8282 d988 8180 .....5.S.8...... 0x0020: 0001 0001 0000 0000 0a64 7563 6b64 7563 .........duckduc 0x0030: 6b67 6f03 636f 6d00 0001 0001 c00c 0001 kgo.com......... 0x0040: 0001 0000 0056 0004 34fa 2a9d .....V..4.*. ^C 1 packet captured 1 packet received by filter 0 packets dropped by kernel But that's not an AA. What is wrong?

Why and how would I transmit emails via several Mail Transfer Agents? Posted: 06 Jul 2022 12:19 PM PDT I read in some Mail-Relay explanation that emails can be delivered from the sender's MTA to the recipient's MTA via more MTAs. How does it work (I thought, the sender's MTA simply determines the recipient's MTA's IP address by using DNS and directly sends the email to it, so no other MTA is involved) and what is the benefit of doing so?

Subcommand in dockerised app exits with `exit code 1` Posted: 06 Jul 2022 01:12 PM PDT I have an application. The application is working on Linux, but I plan to migrate it to the docker container. I developed some modules that can use embedded PostgreSQL instead of a regular Postgres database. It is working perfectly on my Host, but in the Docker, the process exits with code 1. In the application, I want to start a subprocess with the following command: cmd := exec.Command("embeded-postgres") err := cmd.Run() error is: exit status 1 no other information in stderr or stdin I think there is some mechanism that checks if only one process is working in the container, but I cannot find any documentation. Could anyone point me in to correct direction, please? I would like to read and understand more about this. Could anyone point

Cannot configure MFA even after acquiring Azure AD Premium P1 license Posted: 06 Jul 2022 02:36 PM PDT I am trying to configure two-factor authentication for a specific set of users from a particular location. For that, I recently purchased Azure AD Premium P1 license and I'm the global admin of my azure account. But the issue is, even after doing all these, I am unable to configure conditional policy and it is showing as disabled for me. I am not understanding what setting is really needed here. Is there any other way to configure MFA to users other than conditional access? Or do I need any specific permission to make it possible?

Getting CORS error while accessing audio files on same server in chrome Posted: 06 Jul 2022 02:01 PM PDT Access to video at '/path/to/mp3/file' from origin 'https://example.com' has been blocked by CORS policy: Request had a target IP address space of unknown yet the resource is in address space public.

sssd credential chaching does not work Posted: 06 Jul 2022 12:22 PM PDT I set up an Centos7 using sssd as authentication system. The user identies are provided by files (passwd/group, managed by ansible), auth is done via krb5 (provided by active directory). The sssd.conf looks like this: [sssd] domains = OURADDOMAIN services = nss, pam [domain/OURADDOMAIN] id_provider = files auth_provider = krb5 krb5_server = our_domain_controller krb5_realm = OURADDOMAIN cache_credentials = true [pam] offline_credentials_expiration = 2 offline_failed_login_attempts = 3 offline_failed_login_delay = 5 This works fine online without problems, but when I disconnect the network, login fails. If login is ok, in /var/log/secure I see the following: Apr 21 10:18:17 authtestel7 unix_chkpwd[11986]: password check failed for user (testuser) Apr 21 10:18:17 authtestel7 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=testuser Apr 21 10:18:17 authtestel7 login: pam_sss(login:auth): authentication success; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=testuser Apr 21 10:18:17 authtestel7 login: pam_unix(login:session): session opened for user testuser by LOGIN(uid=0) Apr 21 10:18:17 authtestel7 login: LOGIN ON tty1 BY testuser If login fails, it looks like this: Apr 21 10:18:52 authtestel7 login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=testuser Apr 21 10:18:52 authtestel7 login: pam_sss(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=testuser Apr 21 10:18:52 authtestel7 login: pam_sss(login:auth): received for user testuser: 6 (Permission denied) Apr 21 10:18:54 authtestel7 login: FAILED LOGIN 1 FROM tty1 FOR testuser, Authentication failure When I set debug level to 4 in sssd.conf, I see the following line in sssd_pam.log: (2021-04-21 10:18:52): [pam] [sysdb_cache_auth] (0x0100): Cached user entry is too old. But the chache files are updated every time testuser logs in: [root@authtestel7 ~]# ls -lrt /var/lib/sss/db/ insgesamt 8800 -rw-------. 1 root root 1286144 6. Apr 16:56 sssd.ldb -rw-------. 1 root root 1609728 6. Apr 16:57 timestamps_files.ldb -rw-------. 1 root root 1609728 6. Apr 16:57 cache_files.ldb -rw-------. 1 root root 1286144 21. Apr 10:17 config.ldb -rw-------. 1 root root 1609728 21. Apr 10:17 timestamps_OURDOMAIN.ldb -rw-------. 1 root root 1609728 21. Apr 10:18 cache_OURDOMAIN.ldb Any ideas whats wrong here?

AADSTS650052: The app needs access to a service (\"http://rts.powerapps.com\") Posted: 06 Jul 2022 12:07 PM PDT I'm trying to debug a RapidCMS site locally. I use AAD to authenticate the user against my domain. For no apparent reason I am now receiving this error when launching my app: Microsoft Sign in Sorry, but we're having trouble signing you in. AADSTS650052: The app needs access to a service (\"http://rts.powerapps.com\") that your organization \"REDACTED\" has not subscribed to or enabled. Contact your IT Admin to review the configuration of your service subscriptions. I've never done anything with PowerApps and cannot find any reference to it in the code or on my Azure AD applications.

Java Flight Recorder Docker Container Posted: 06 Jul 2022 01:02 PM PDT I want to profile a Java app inside a Docker container with JFR. How do I do so? The application I want to profile is not mine, so I can't alter the Dockerfile or any of the source code. Docker run cmd: docker run -itd --privileged --memory="_g" --cpuset-cpus x-y -p p1:p1 -p p2:p2 -p p3:p3 -p p4:p4 -p p5:p5 --net=host -v <hostDirectory>:<containerDirectory> --name=<containerName> <image>

How to Add Wireless PEAP Profile Username and Password for during MDT Deployment Posted: 06 Jul 2022 02:01 PM PDT I have a windows 7 pro 64-bit reference image running in a Hyper-V client for MDT 2013 deployment on server 2012. The computers are standalone with no AD and I have no control over the network configuration. I want to provision laptops to automatically connect to our wireless ap. These laptops are shared by a large number of young students who do not have single sign-on credentials and are sharing finite number of laptops. I had successfully used netsh to create and deploy a wireless profile in the past during deployment, but now our school district has upgraded the wireless to a WPA2-enterprise profile with PEAP and I can only add username and password interactively. I tried to export the PEAP profile, and while the profile works, it doesn't contain the username and password even if I use key=clear command in netsh (apparently that doesn't work for PEAP). I tried to suspend the reference image and add the username and password to the image during deployment, but hyper-v doesn't allow binding a wireless adapter to a hyper-v client, so I can't set up the wireless profile in the reference image interactively. Is there a way to edit the exported PEAP xml wireless profile file to add the username and password? I was thinking of pulling a copy of the suspended reference image during a reboot (while image is "off") and transferring that image to a physical computer like the hyper-v server, but with a wireless adapter and then booting and hoping I could bind the adapter to the username and then reboot and transfer image back to server and continue. I can't give wireless password to users, so I would have to physically enter it on every laptop. Any suggestions?

Configuring a custom HTTPS certificate on a Netgear Switch (e.g. GS724T) Posted: 06 Jul 2022 12:57 PM PDT Since it's quite annoying to get the invalid certificate warning every time I connect to my switch, I want to install a custom HTTPS certificate signed by a Certificate Authority my machines trust. But I can't figure out Netgear's ridiculous certificate configuration UI. It only gives the option to upload the following: SSL Trusted Root Certificate PEM File SSL Server Certificate PEM File SSL DH Weak Encryption Parameter PEM File SSL DH Strong Encryption Parameter PEM File There's no option to upload a key, or to generate a CSR on the switch (like any sane security system would). The Netgear forums indicate there's some magic combination of how to do this, but most posts are either incomplete or don't advise how to get a CA-signed cert to work (only a lone, self-signed key). The official manual is even less helpful, saying nothing more than "[ensure] the file is in the correct format". What's the right way to configure this?

What process is causing unexpected nslcd syslog entries? Posted: 06 Jul 2022 03:09 PM PDT We're using LDAP for authenticating users our devices using nslcd and we're seeing messages in syslog like this: /var/log/syslog.1:Dec 20 06:25:11 T53-1014-014 nslcd[1496]: [398c89] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:11 T53-1014-014 nslcd[1496]: [4fe9f9] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:14 T53-1014-014 nslcd[1496]: [b5af5c] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:15 T53-1014-014 nslcd[1496]: [1226bb] <passwd=-1> ldap_search_ext() failed: Can't contact LDAP server /var/log/syslog.1:Dec 20 06:25:15 T53-1014-014 nslcd[1496]: [1226bb] <passwd=-1> no available LDAP server found, sleeping 1 seconds /var/log/syslog.1:Dec 20 06:25:16 T53-1014-014 nslcd[1496]: [34b6a8] <passwd="*"> "*": name denied by validnames option /var/log/syslog.1:Dec 20 06:25:16 T53-1014-014 nslcd[1496]: [233c99] <passwd=-1> ldap_search_ext() failed: Can't contact LDAP server /var/log/syslog.1:Dec 20 06:25:16 T53-1014-014 nslcd[1496]: [233c99] <passwd=-1> no available LDAP server found, sleeping 1 seconds /var/log/syslog.1:Dec 20 09:01:04 T53-1014-014 nslcd[1496]: [0c57b1] <passwd=-1> ldap_search_ext() failed: Can't contact LDAP server /var/log/syslog.1:Dec 20 09:01:04 T53-1014-014 nslcd[1496]: [0c57b1] <passwd=-1> no available LDAP server found, sleeping 1 seconds We want to get rid of these messages without simply reconfiguring what is logged. So preferably we learn what is going on and reconfigure the system such that these messages are no longer generated in the first place. But how to analyse this? The problem is that any process can do something that triggers the system to perform an authentication action and in the log you cannot see which process is triggering the authentication action. Any thoughts on how to analyse this? I'm fine with adding extra diagnostic code to the source of nslcd if that helps and deploying that instrumented executable. We're using an old Ubuntu distro: 12.04, nss-pam-ldapd-0.8.4 Update: I've created a modified version of nslcd which logs the command line of the applications that connect to it. This helps a lot, obviously.

Enforce loading of php.ini files from current folder Posted: 06 Jul 2022 01:02 PM PDT My goal is to increase the maximum file size for uploads in WordPress. I have followed the steps on this SE answer and this tutorial (except the .htaccess part, because it's runnning nginx and AFAIK nginx ignores .htaccess files), to no avail. Looks like it is ignoring php.ini files from the current folder. On an unrelated WP install I run on a shared host I rent, if I place a php.ini file on the WordPress folder (or any folder), the parameters on that file will take precedence over the original php.ini folder, and the unspecified parameters will be inherited. I assume this is default PHP behaviour. The beginning of /etc/php.ini seems to corroborate that: [PHP] ;;;;;;;;;;;;;;;;;;; ; About php.ini ; ;;;;;;;;;;;;;;;;;;; ; PHP's initialization file, generally called php.ini, is responsible for ; configuring many of the aspects of PHP's behavior. ; PHP attempts to find and load this configuration from a number of locations. ; The following is a summary of its search order: ; 1. SAPI module specific location. ; 2. The PHPRC environment variable. (As of PHP 5.2.0) ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) ; 4. Current working directory (except CLI) ; 5. The web server's directory (for SAPI modules), or directory of PHP ; (otherwise in Windows) ; 6. The directory from the --with-config-file-path compile time option, or the ; Windows directory (C:\windows or C:\winnt) ; See the PHP docs for more specific information. ; http://php.net/configuration.file The official documentation also seems to agree: In addition to the main php.ini file, PHP scans for INI files in each directory, starting with the directory of the requested PHP file, and working its way up to the current document root (as set in $_SERVER['DOCUMENT_ROOT']). In case the PHP file is outside the document root, only its directory is scanned. In my instance, looks like it is not working; adding a php.ini or php5.ini file with upload_max_filesize, etc, won't have the desired effect. Adding @ini_set( 'upload_max_size' , '64M' ); to the end of WP's functions.php file, as advised elsewhere, won't work as well. Output of php --ini: Configuration File (php.ini) Path: /etc Loaded Configuration File: /etc/php.ini Scan for additional .ini files in: /etc/php.d Additional .ini files parsed: /etc/php.d/curl.ini, /etc/php.d/dom.ini, /etc/php.d/fileinfo.ini, /etc/php.d/json.ini, /etc/php.d/mbstring.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/phar.ini, /etc/php.d/posix.ini, /etc/php.d/sqlite3.ini, /etc/php.d/sysvmsg.ini, /etc/php.d/sysvsem.ini, /etc/php.d/sysvshm.ini, /etc/php.d/wddx.ini, /etc/php.d/xmlreader.ini, /etc/php.d/xmlwriter.ini, /etc/php.d/xsl.ini, /etc/php.d/zip.ini From phpinfo(): Configuration File (php.ini) Path /etc Loaded Configuration File /etc/php.ini Scan this dir for additional .ini files /etc/php.d Additional .ini files parsed /etc/php.d/curl.ini, /etc/php.d/dom.ini, /etc/php.d/fileinfo.ini, /etc/php.d/json.ini, /etc/php.d/mbstring.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/phar.ini, /etc/php.d/posix.ini, /etc/php.d/sqlite3.ini, /etc/php.d/sysvmsg.ini, /etc/php.d/sysvsem.ini, /etc/php.d/sysvshm.ini, /etc/php.d/wddx.ini, /etc/php.d/xmlreader.ini, /etc/php.d/xmlwriter.ini, /etc/php.d/xsl.ini, /etc/php.d/zip.ini OS: CentOS release 6.5 (Final) 2.6.32-431.17.1.el6.x86_64 PHP version: 5.4.30 Web Server: nginx-1.6.0-2.el6.ngx.x86_64

Can't request computer certificate Posted: 06 Jul 2022 03:09 PM PDT I am using MMC with the snaping of certificates. I am requesting certificates from a brand new installation of a CA. Requesting User certificates works perfectly. Requesting Computer certificates fails and says the RPC service is unavailable. What should I check?

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States