I'm trying to find out where the logs from slapd.conf (loglevel -1) go? I know in RH is /var/log/ldap.log cant find it on Debian. Its probably too late
Btw. does Debian have something like /etc/syslog.conf. If yes where?
Please let me know:1. What LDAP logs are typically available2. How to find them3. How to Parse them
View 3 Replies View Relatedwhy i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
I've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
My pam SSHD configuration is:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
[code]....
My LDAP users are ok: i can do "su - " remote LDAP (so that nss_ldap is OK), also getent passwd and getent group is ok.
I would like to ask:How do I setup LDAP auth of users/groups on Debian 5.0?Is it using LDAP Migration tools? Can be done differently? Using different tool? Some nice tootorial?Some up to date book for LDAP or I need to dig in openldap.org?I'm learning by book which is a lil bit older so Im bit confused.
View 1 Replies View RelatedI have problem with loging, actually iptables logs a data but it seems that for some reasons does not writes in a log file:
Code:
iptables -L -v
Chain INPUT (policy ACCEPT 406 packets, 124K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any xxxxxxxxxxx anywhere tcp dpt:xxxx
[Code]....
i checked /var/log/message and /var/log/syslog nothing is here related to iptables. then i create separate file for Iptables by adding this: kern.warning /var/log/iptables.log in my rsyslog.conf it does create iptables.log file inside /var/ but its still empty
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I have received the following log messages on my Debian Squeeze webserver:Apr 13 15:16:37 vps suhosin[4699]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'controller' (attacker '75.126.235.115', file '/var/www/xxxxxxxxxxxxx.com
75.126.235.115 - - [13/Apr/2011:15:16:37 +0100] "GET /index.php?option=com_product&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 8018 "-" "libwww-perl/6.01"
[code]....
I just got a USB bluetooth adapter for my Laptop. I'm running Lenny with all the lateset updates, on and Ispiron 8600. I went through and made sure I installed all the Bluez stuff (as far as I can tell anyway). I'm trying to use it with my Droid Eris and while I have been able to successfully recieve files from the phone in Linux, I noticed it seems a little buggy and I think it ma have something to do with the logs. Below is a sample. As you can see, one line keeps repeating continuously. Given enough time, it will fill the entire /var partition. When I remove the Blutooth, it stops.
Code:
hal9000:/var/log# tail -F syslog
Jul 27 03:59:00 hal9000 hcid[32187]: Stopping security manager 0
Jul 27 03:59:00 hal9000 hcid[32187]: Device hci0 has been disabled
Jul 27 03:59:00 hal9000 NetworkManager: <debug> [1280217540.460076] nm_hal_device_removed(): Device removed (hal udi is '/org/freedesktop/Hal/devices/usb_device_a12_1_noserial_if0_bluetooth_hci_158315a310').
[Code]....
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
So 1 year ago I installed Lenny, but in the process of installation during the splitting of the drive I have mistakenly set a seperate parition for "/var/logs" instead of "/var/log". Is there any way to redirect all the logs to this seperate partition (var/logs) or it's better to go through the whole trouble* of installing Lenny again? *the trouble because it was hell of a problem to fix grub that didn't recognize SmartArray RAID (cciss driver), the problem is that I don't really remember how I fixed it. Symbolic link won't help since physically it will still be on the other partition. Do I have any other option?
View 3 Replies View RelatedWell it turns out my system has logged out more then once on its own. I had the system updated and upgraded from 7-3-11 and it did this about once a week. On 7-18-11 I did a full update and upgrade and it logged out a few times in a couple of hours. It does it while I am away and the system is in screen saver mode. I used my partition clone and restored the system back to 7-3-11. Has any one else ever had such an issue?
View 2 Replies View RelatedI used to know a command to turn off various logs that run in the background of Debian. I using lenny on CF on an embedded board, that why I need the logs off, to stop writes.
View 1 Replies View RelatedI've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following: sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db
[Code]...
When I try to login as me - it gets pretty far but then something happens and automatically logs out. This happens in Gnome, Kde too. Now - I have no problem logging in a Root. Is there a way I can try to stop the login process before it kicks me out, or is there a way to look at some files to tell me what's going on?
View 3 Replies View RelatedFor some time now I've been unable to see changelogs for packages to be upgraded in Wheezy,even trying with different mirrors in sources.list all I'm getting is this:
Code: Select allaptitude changelog iceweasel
Err Changelog of iceweasel
E: Changelog download failed: 404 Not Found [IP: 185.31.16.185 80]
Err Changelog of iceweasel
E: Changelog download failed: 404 Not Found [IP: 185.31.16.185 80]
E: Couldn't find a changelog for iceweasel
[Code] ....
Is there maybe some specific reasons why I can't get changelogs before applying the updates? I know I can review them afterwards,it's just that I would find convenient to have a look before updating.
I want to install Debian but I'd like to keep my Skype chat history.
I don't know if it's possible to just copy from %appdata% the skype folder and put it into the Debian's one.
How could I do? I read one post but it's quite old, so maybe there's something new now.
How to enable persistent logging with systemd? I find it really weird that all this machinery that is systemd doesn't store persistent logs, what if I'm trying to retrieve some information regarding previous boots?
For instance: I have random suspend issues, after rebooting the computer there's no trace left in the logs of what happened, and furthermore (at least in Jessie) I can no longer see a pm-suspend log.
So, at first it sounds like all you have to do is edit journald.conf setting #Storage=auto to "persistent" and create the /var/log/journal directory, but then reading here /usr/share/doc/systemd/README.Debian
Code: Select allEnabling persistent logging in journald
=======================================
To enable persistent logging, create /var/log/journal and set up proper permissions:
install -d -g systemd-journal /var/log/journal
setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal
and here [URL] ....
There are two main reasons why I decided to not enable persistent logging just yet ....
We did get corrupt journal files in the past where the journal then no longer worked at all [1]. With volatile you can just reboot and have a clean state again. Admittedly, the journal has seen a lot of improvements in the mean time and hopefully is more robust, so this point is no longer true.
We still install rsyslog by default. That means we get store them twice. This is something we don't want to do atm.
In a squeeze box, I installed awstats and it's working like a charm. Its cron job update the awstats database every 10 minutes (as it runs as root). But I would like to be able to update the statistics from the browser as well. So I setup everything as required and I gave "read" access to "others" to every apache log file. Now, a couple of questions came to my mind:
1. Am I compromising server's security giving "read" access to "others" to apache log files?
2. Instead of giving "read" access to "others", I could add www-data user to adm group (as apache log files are owned by root:adm and permissions are rw-r----). Is this more secure than giving "read" access to "others"? 3. If the option would be giving "read" access to "others" at the end, a log file would be owned by root:adm and its permissions be rw-r--r--. As apache rotates its log files, when Apache create a new log file, does it preserve the permissions (rw-r--r--) or create it with the default permissions (rw-r-----)?
When i open some video on the net, the system logs out (especially when i open ..... video). I suspect its flash (current version is 10.02). Is there any way how to fix this? Or how to downgrade to minor version.
Another thing as well. By default i have GNOME version. Just installed the KDE full package from synpatic. when i try to log in with kde manager same like the flash, it logs me out to welcome screen.
I noticed i have quite a few logs that end with .[number] for example "syslog.1" "mail.info.1" etc, why is this and why are they there since almost nothing is logged in them ??
Question 2: on my server im running a script like imagebam and imageshack with hosts images so i have quite a few apache requests to my server. I am wonder why apache takes up so much CPU for some of the requests? in Htop some requests take up 1.2% CPU while other take up 3-5% etc, so the total load is about 1.50 0.58 0.84 to 2.61 1.08 1.14 with about 128-150 apache requests all the time while sometimes the CPU load can be almost 0 with the same ammount of requests. is this normal? what could cause this in apache ?? the server is just running apache2. MYSQL is running on another server.
I have LDAP authentication working via SSSD using authconfig-tui and a few minor modifications to sssd.conf (ie: max_id etc). The problem I am having is it would appear /etc/ldap.conf is being ignored and/or setups that work perfectly on RHEL5, F11 and F12 no longer work on F13. Specifically Im referring to "pam_check_host_attr" and "nss_map_attribute". It refuses to honor either of these options and I can only assume a number of the other options in our ldap.conf. For instance, "nss_map_attribute" is defaulting to the standard "homeDirectory" rather than "homeDirectoryLinux". This is related to a bunch of OSX clients we have and its not optional to use another setup. The host restriction is also a major issue.
Relevant sssd.conf:
[domain/default]
auth_provider = ldap
cache_credentials = True
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
i get file system errors on boot up. found logs in /var/logs but cant access them. second best thing i can do is to re-install debian but no one seems to want to say how thats done. my disk wont run in wine (some error i dont remember) so i cant use my CD /flashdrive to re-install.
1) i need to read the log files and try to fix the install
2) if i cant fix i need to know how to wipe the OS and do a fresh install
So the question is simple what I need is to run file.sh after user logs into desktop LXDE.
Ive been trying whole day tried to put my file.sh into /etc/init.d and ever created symbolic link to /etc/rc4.d etc..
BUT after I log into desktop nothing happens?
I am coming from ubntu there it was easy just add that script into startup applications.