Server :: Disabling MD5 Passwords In Centos NIS Master?
Apr 2, 2010
I have a Centos NIS server that is working fine with other linux clients. i need to have a Solaris 8 client bind to the NIS domain and found out that Sol8 does not support MD5 format passwords that the NIS master is generating. so i am trying to disable the MD5 encryption on the nis master and it does not seem to work. i run this command
authconfig --disablemd5 --enablenis --nisdomain=lab --updateall
and it restarts portmap and nis services ok. on the master server i then do a yppasswd username and a make passwd and it still uses the 34 char password format. what do i need to do to disable MD5 passwords in a centos nis server?
View 2 Replies
ADVERTISEMENT
Nov 13, 2009
I'm managing a residential network. Each flat is its own subnet, and can only communicate with the other flats through a router (i.e. no broadcast). 95% of these 300 subnets only contains windows computers (from lambda users).
My final goal is to be able to browse the entire network from any computer.
I set up a samba server acting as a wins server, and every computer is aware of it because it is registered in the dhcp. So name resolution is working fine for everyone.
The same samba server is set to be the "Domain master browser":
workgroup = WORKGROUP
wins support = yes
prefered master = yes
local master = yes
domain master = yes
os level = 65
When I browse the network (using "net view" or "browstat view"), I can only see the servers which are in the same subnet as the domain master browser.
Now, when in a subnet the computers arrange themselves to find a "local master browser", the only visible computers are the one in that subnet.
What I don't understand is why all the local masters don't synchronize their lists with the domain master.
So, to sum up, every subnet get the following behaviour:
-if a local master is elected, the only visible computers are the one in the same subnet.
-if no local master is elected, the only visible computers are the one in the subnet of the domain master.
-if I add another samba, configured as a local master winning all elections, then the magic is working and the lists are synchronized.
What is expected:
-every computer can see all the computer from all the subnets.
View 1 Replies
View Related
Jan 27, 2010
I have set up a master BIND DNS server with 2 slaves. All the services start up fine on all 3 servers, but zones and named.conf info is not being replicated. The 3 servers are tentatively installed on a Xen virtual server for testing purposes. All 3 servers are 64bit and installed with: -> CentOS release 5.4 (Final) - 2.6.18-164.10.1.el5xen -> BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
All 3 servers are fully updated. All 3 servers have static IP addresses. The services on all 3 servers start up without any apparent issues. Master server: # /etc/init.d/named restart ; tail -f /var/log/messages
[Code]...
View 10 Replies
View Related
Aug 26, 2011
I have setup two BIND9 servers as slaves for an internal Windows domain. I receive messages in my logs about a Windows server not being the master for the slave domain on BIND. I have placed the allow-notify statement in the global options section of named.conf, as well as setting the IP address in the masters section of the zone. I'm confused as to why I'm still getting this error message.
View 3 Replies
View Related
Mar 23, 2009
I got my FTP up and working but I want to make it secure.
If I leave anynomus users turned on it works just fine but I want to have some security over it and don't want anynomus users.
No matter How I try and connect to it if I turn off anynomus users it will not let me connect.
View 1 Replies
View Related
Mar 31, 2010
I have a load balancer with 2 web servers behind it. The web servers rsync with cloud storage to update their apache directories 1 time every hour. Apache is just running php pages that pull/push data to a DB so they dont need to be updated that often. However I need to figure out how to implement a Master/Master MySQL setup to have my web servers point to for the PHP stuff. I need to implement it without having a single point of failure. The Load balancers are useless for failover as they only detect availability based on Ping request. So putting a master/master setup behind a Load Balancer is out. what is the best way to setup the master/master mysql in a HA setup without the use of a load balancer provided by the host?
View 2 Replies
View Related
Jan 7, 2010
I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies
View Related
Apr 8, 2011
I've run into this problem this week. The other night a power supply failed on a different system and appears to have surged the UPS which it and some other computers were plugged in to. One computer was fine, but the RAID server that is used for backups ended up with a bad disk and this "Disabling IRQ #169" message now shows up during boot, right after starting udev and setting the hostname. The system then sits there for 3-5 minutes before repeating a scroll of "/etc/rc.d/rc.sysinit: line 966: /bin/usleep: Input/output error"
I have booted with linux recovery from the CentOS DVD in order to replace the drive that was damaged. I rebuilt the raid array and all the data seems to be fine. There is another message though after "Red Hat nash version 5.1....." no raid disks and with names: "isw_bf jihdchhi_Hostname" failed to stat() /dev/mapper/isw_bf jihdchhi_Hostname
I was considering doing a complete reinstall of CentOS but if there is another solution I would much appreciate it, is it perhaps an issue with Grub not being able to find the updated array? As it is, it is impossible to boot the system except for using a live CD to do it.
View 12 Replies
View Related
Oct 26, 2009
I'd like to allow my laptop to be disconnected from the network and login with a user stored on LDAP. I know nscd can cache usernames and groups but not shadows, but is there a solution that will cache passwords?
View 1 Replies
View Related
Feb 12, 2010
How can I disable the interactive boot up process? Also what is the pros and cons to doing this? Will this affect my being able to get to runlevel 1?
I have been googling it but not really clear on the pros/cons etc.
I am talking about a server class machine that is in a locked room, not a desktop.
I know it can be turned off in /etc/sysconfig/init # Set to anything other than 'no' to allow hotkey interactive startup... PROMPT=yes
View 4 Replies
View Related
Nov 4, 2009
I'm looking to find out exactly how to go about changing the encryption method of shadow passwords from MD5 to something a bit stronger, like SHA. I've been looking around for a bit now and haven't found out how to do it. I've gathered that I'll most likely need to change the /etc/pam.d/system-auth file. Right now, there is a line that looks like this:
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok.I'm guessing the md5 should be changed to something else, like sha256. What else? I know I'll need to reset all passwords once the change is made, but I thought there was someplace else that controls how the passwd command encrypts passwords.
View 1 Replies
View Related
Mar 30, 2010
I ran into this today accidentally turned on networkmanager and it took it upon itself to rewrite some things and proceeded to make any DNS lookups on my server Especially those reverse DNS for SSH and SFTP take so long they would just time out instead of completing.. Disabling networkmanager did not undo the damage either. Short fix, Erase your resolv.conf file and add 2 lines to it as so, your nameservers!
nameserver xxx.xxx.xxx.xxx
nameserver yyy.yyy.yyy.yyy
save, and run the following commands
service network restart
service httpd restart
service sshd restart
Mine had a search line added by networkmanager and some others, when i reverted it back to as above, almost instantly after restarting the services the systems lookups were once again, lightning fast. DNS lookups were taking upwards of 20 seconds for unknown reasons after this happenned
View 1 Replies
View Related
Mar 17, 2011
I have set up a nis slave server on Fedora 14. It was set up on a laptop so that the user can log in when he is at home (no NFS, local home dir). However, whenever the eth0 is disconnected, ypbind fails.
I have tried the same setup on a RHEL 4 (configured it as a slave server) against the same master nis as on the Fedora 14. Disabling eth0 on it however does not fail ypbind.
View 4 Replies
View Related
Mar 25, 2010
Problem: This morning, our NIS master server down (due to ram prob), and what happen is all the sun servers able to bind to NIS Slave, able to communicate to other sun and windows servers but not Linux servers.
Detailed Problem: sun_server[sab]% rsh linux01 o_ypcall: clnt_call: RPC: Unable to receive; errno = No route to host sun_server[sab]% telnet linux01
Trying 10.x.x.x...
Connected to linux01.
Escape character is '^]'.
[Code]...
View 1 Replies
View Related
Nov 29, 2010
I configured a master DNS server 192.168.2.10 working OK. After that I configure a DNS Slave Server (92.168.2.11)the initial replication worked fine. This is test environment for my certification. I see how the zones from my master are transferred
zones in Master
training.com.db
transferred zone to my slave when I started named service
sec.training.com.db
That's Ok but I added some IPs to resolve to my master zone
webserver IN A 192.168.2.30
fileserver IN A 192.168.2.31
I restart/reload named on master and after that I go to slave and restart/reload but zones wuth the new values are not replicated. How long does it take for slave to take the changes from master? how is the procedure manual or automatic? I see If I go to slave and delete sec.training.com and restart named the zone with the changes is transferred but that is very manual... I am including my DNS Configuration so you can take a look.
View 4 Replies
View Related
Apr 12, 2011
I have bind configured with Internal and External views, but the slave server is transferring only the Internal zone files for both Internal and External - a diff shows no difference, and the log shows the same serial number.What am I missing in the config so the slave server properly receives updates from the master for both views?
View 2 Replies
View Related
Jan 25, 2011
I have a large environment with many VLANs and NIS slaves serving the VLANs. Previously we have not used a securenets file (don't worry; we don't use NIS for passwords, just NFS maps), but I'd like to start. The number of NIS slaves makes it annoying to update a securenets file on each when we add a new VLAN. Is there a way to propagate the securenets file to each slave when I update it on the master?If not, I guess I can live with propagating the file once and only visiting new slaves when I build them, because in 99% of cases a NIS slave only serves its own subnet.
View 1 Replies
View Related
Mar 2, 2010
So, I wanted a master ftp user that could access all the folders for all the users. I did this by creating a second root user. I'm aware of all the security considerations, and if there's a better way to do this than creating a root user I'd really like to know it. That said, my issue is that my new root user is still unable in FTP to access folders owned by other users that aren't world readable. Note that this is ONLY when logging in via ftp. If I login through SSH I can access all folders without problem and without the need to sudo. So this is a true root user. Does anyone have an idea how I can fix the proftpd configuration to allow my root user access to ALL folders no matter the owner?
View 3 Replies
View Related
Feb 19, 2011
I have configured master and slave Bind servers. Everything works fine. But whenever I add a new zone entry at master server it is not getting updated at slave server in logs I see this error:
client 192.168.1.1#43428: view external: received notify for zone 'yourdomainname.com': not authoritative
At master server I do not see any error or warning message. This error clearly indicates that named.conf file does not have zone entry in it or domain name is wrong. While checking the named.conf file I see that the zone entry has not been updated at slave server. If I update it manually and reload named on slave then zone files (db files) are getting created without any issue and any modification at master server for the zone records are also getting updated. My concern is why zone record is not getting appended at slave server in named.conf file.
Is there anything I am missing in the configuration. I am pasting the steps which I have followed to configure my master and slave server:
Configure Bind as master and slave server
Install Bind on your server
yum install bind
OR
sudu apt-get install bind9
Generate RNDC Key using the command
rndc-confgen -a -k rndc-key
it will stored in /etc/rndc-key file
Master Server IP 192.168.0.1
Slave Server IP 192.168.1.1
Master Server Configuration
options .....
View 8 Replies
View Related
Oct 24, 2010
I have set up a master DNS server at 192.168.50.9 and a slave DNS at 192.168.50.6. Both servers are BIND9.Machines are for testing/experimenting, hence the IP addresses. Initially, the zone transfer was blocked by the firewall on the master, as the slave uses randomly selected non-privileged ports for zone-transfer query. So, as far as I understand, there are two possible approaches:
1. Allow connections based on source, which should be
Code:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW,ESTABLISHED -s 192.168.50.6 --sport 1024:65535 --dport 53 -j ACCEPT
(and it works for me fine)
2. Allow ESTABLISHED and RELATED connections, which would be something like
Code:
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
which was my initial idea but didn't work, but has inspired me to dig deeper into firewall configuration topics :).
Question: Does zone change notification message count for opening a dialog, or notification from master and slave zone update request are two absolutely separate actions? If the latter is true, that, of course, explains why option #2 didn't work.
View 2 Replies
View Related
May 4, 2010
i've 2 namesevrers running bind 9 and i restricted the transfer between the master and salve through the TSIG, The transfer goes well with no problem for all zones but when i make dig axfr domain.tld @master i got transfer failed and on the other hand master logs said that transfered denied?
View 4 Replies
View Related
Jun 6, 2011
I can't figure out how to prevent Zend Server starting at boot up. My temporary solution is to issue the following after boot-up:
Code:
sudo /usr/local/zend/bin/zendctl.sh stop
I'd like to:
1. Prevent it from starting during boot
2. Create two launcher icons to Start and Stop Zend Server
View 1 Replies
View Related
Jul 19, 2011
There are over a dozen of servers that I need to monitor for services running on them. Hence, I have created a separate VM on which I am hosting scripts for various purposes. I have written a script (bash) that checks the status of the services running on those servers. Since my script has this line of command (for example):
Code: /sbin/service vsftpd status I have created a user (let's name it user_monitor) and added it to /etc/sudoers file by issuing "visudo" on all the servers. Since I need to execute the command remotely from the VM so I have generated a Public RSA Key (ssh-heygen) and added it to "authorized_keys" file on all the servers. But on some servers when issue a command such as the following:
[Code]....
View 4 Replies
View Related
Dec 3, 2010
I�m installing fail2ban to improve the security of a home asterisk server which from time to time becomes the target of some sip account cracker and/or ssh brute force attack.For those not familiar with fail2ban, this utility monitors log files to find matches with user specified expressions to identify the presence of a brute force attack. Then configures iptables rules to block the offending IP.Here�s an example:
Code:
NOTICE[1734] chan_sip.c: Registration from '"613"<sip:613@xx.xxxx.xxx.xxx>' failed for 'yyy.yyy.yyyy.yyy' - No matching peer found
[code].....
View 1 Replies
View Related
Feb 21, 2011
I'm trying to set up the server to at least ask for a password. I can connect to it without any trouble, but so can everyone else.How can I make samba ask for a password?
View 2 Replies
View Related
Jun 27, 2011
To Protect Web Page Directories With Passwords i have done the below configuration but the problem is when i click the linux it is not asking username and password,
Created new account for logging into web interface:
htpasswd -c /etc/httpd/conf/.htpasswd travelkarega
Created a file name .htaccess in /opt/apps/deploy/websites/travelkarega/html/
vi .htaccess
AuthUserFile /etc/httpd/conf/.htpasswd
AuthName "Please enter password"
AuthType Basic
<Limit GET POST>
require user travelkarega
</Limit>
Added these above entries in the file .htaccess
View 1 Replies
View Related
Jan 24, 2011
I have recently installed openldap on a server to use for authentication but I'm unable to get SHA/SSHA password hashes to work. I'm able to authenticate against it when the user have a CRYPT password. We had an old badly maintained openldap server that SHA worked on so I ran slapcat on that one and built that database on the new openldap server and was able to authenticate with SHA hashed passwords. So I'm quite confident that my slapd.conf works.
I suppose it's something in the ldif file I use to setup the database that is missing but I can't figure out what. It's quite large and I don't really know what parts of it would be relevant.
View 5 Replies
View Related
Dec 8, 2010
So a while back I decided I wanted to get to know Linux a little bit and I figured the most immediately useful thing for me would be a small home server. About this time I discovered plug computers and I eventually bought myself a Guruplug for this purpose - a small, cheap, power-efficient ARM architecture thing running Debian 5.0.6. Since then I've kind of ambled along with the project as and when time permitted (installing, tweaking, scouring manpages and tutorials is fun, but takes a lot of time), and have now finally got a nice big external harddrive formatted as ext3 and hooked up to it. The time seemed right to go for the samba install. I installed from the Debian repository, configured using SWAT and immediately hit problems.
Since the only user is me and the only access to the computer is over SSH, I have few accounts - there's root which I've disabled from access altogether, there's my sudoer account magnus, and there's my new test account magnus-smb. This one is a standard user, and has identical Unix password and samba password (added with smbpasswd). I intend to keep this up with a separate samba-access account - I'm a little paranoid about allowing any kind of access to sudoer accounts and won't even let SSHD accept password based logins.
Setting up samba, I basically tried to make it do as little as I needed to get a local file server going. The only share is homes, and its path goes to my external drive. The drive itself is mounted as rw,noexec,user from fstab.
Now, with all of that set up I'd hoped I'd be able to mount my homes shares and go. This proved not to be the case - if I set encrypted passwords = yes, my Windows 7 clients behave differently. The magnus account connects but can't authenticate - all passwords are rejected. The magnus-smb account is apparently accepted but then receives a "network path not found" error. If I set it to no, both accounts are prevented from even attempting to authenticate, and I get an error message about "this account is not approved for logging on from this station" (translation from Norwegian). I've been searching around but not finding much. I did find one article claiming this was easier after samba 3.3 and discovered that my manpages said samba 3.2. Yesterday I therefore decided to reinstall samba from source, only to find that the current stable release (3.5) also claims to be version 3.2 in it's manpages, so I probably might as well not have bothered. Oh well, at least I've installed something from source now.
My smb.conf:
Code:
# Samba config file created using SWAT
# from UNKNOWN (Q@)
# Date: 2010/12/08 12:59:41
[Code]....
View 3 Replies
View Related
Apr 15, 2011
Google finds several suggestions on how to sync passwords between samba and /etc/shadow (it can't use /etc/sahdow directly). However in my case, there is an existing samba server where users have already set their passwords. Now comes a new samba server on another machine to serve the same set of users. Is there a way to just import the passwords from one samba to another, in "stay encrypted" form (the /etc/shadow can be separately imported). I looked at /var/lib/samba/passdb.tdb but it has the hostname (share name?) coded in it and that might be a confusion to just copy the file in whole.
View 2 Replies
View Related
May 3, 2010
Have someone used Linux heartbeat to send email when the Slave server becomes the Master? I've read I can configure the MailTo under.
But I really don't know how to do it. I basically need my primary server to send an email when it becomes inactive and all the activities are manage by the secondary node.
View 7 Replies
View Related
