I have Problem as write in the subject. i have problem to initilize the kerborose. [URL] kinit: KDC reply did not match expectations while getting initial credentials my Config File is as follow
[libdefaults]
default_realm = PBC.COM.PK
ticket_lifetime = 24000
default_tkt-enctypes = des3-hmac-shal des-cbc-md5 aes256-cts arcfour-hmac-md5
[code]....
I am new in linux,I installed apache-tomcat on fedora.I can view all web pages on localhost:8080 but when I try to view them by server's url address from another computer, I don't get respond.Can it be a firewall problem or something else?
View 4 Replies View RelatedI host a number of sites and recently migrated to a new server (both old and new are running Ubuntu 10.04 [I only upgrade my web server when there is a new LTS release]). After the migration, Wordpress is asking for ftp credentials to update plugins, which it never used to do. I'm certain this is user/group/permissions related, but because of the new setup, I'm not sure what these should be set to.
On the previous server, each site was a subdirectory of /var/www/ and everything was owned by www-data. This wasn't the best setup, since it meant my users didn't have direct access to their own sites. In the new setup, each page I host is in /home/username/www/. Consequently, all the files are owned by 'username'.
My guess is that Wordpress' request for ftp credentials stems from a conflict between the apache2 user and the usernames that own the sites. Is this accurate? If so, how do I rectify this?
anyone can explain me why whois sometime does not reply for some ip only ?
View 4 Replies View RelatedI have a CentOS release 5.5 (Final) box and can't find the kinit command.
I installed the krb5-workstation package which lists the program as one of its contents, but it does't come with it.
Here is the output for yum info krb5-workstation
Name : krb5-workstation
Arch : x86_64
Version : 1.6.1
Release : 36.el5_5.4
Size : 1.7 M
Repo : installed
Summary : Kerberos 5 programs for use on workstations.
URL : http://web.mit.edu/kerberos/www/
License : MIT, freely distributable.
Description: Kerberos is a network authentication system. The krb5-workstation
: package contains the basic Kerberos programs (kinit, klist, kdestroy,
: kpasswd). If your network uses Kerberos, this package should be
: installed on every workstation.
I have installed a Samba Server (Ubuntu 10.10 Server) detailed config below. The server is up and running but clients running windows 7 cannot connect as their credentials are not accepted. The pop window for credentials keep coming back up on the clients and no connection is issued. I have tried to change the policies on windows 7 as such:
Network security: LAN Manager authentication level Send LM & NTLM responses
Minimum session security for NTLM SSP
Disable Require 128-bit encryption
But to no avail. I am in doubt as far as where the issue is coming from. Meaning is it coming from my Samba conf or something in Windows I am not doing right.
[global]
server string = %h server (Samba, Ubuntu)
interfaces = 192.168.178.0/24, eth0
bind interfaces only = Yes
[code]....
i have a mail server that uses Postfix as a mail server, it runs ok, but i need to add some features to a specific users only.what i need to add is Auto-reply message for some users only.
View 5 Replies View RelatedM trying to install sendmail server on rhel6.i am having problem in setting up openldap.
following is slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include/etc/openldap/schema/corba.schema
include/etc/openldap/schema/core.schema
code....
but if i try to change ldap password it gives
ldap_bind: Invalid credentials (49) error
i was successfully able to restore my ldif file from old rhel 5.3 server on to rhel 6
I want to create a shell script that generates a file and then sends it via email from my Ubuntu desktop by using my Exchange 2003 Server which is on a separate windows machine on my network. I do not have an smtp server set-up so that is one of the reasons I want to go this route. The other is because I will be able to sync the emails sent from the exchange server.
View 1 Replies View RelatedI just tried to build my own samba/ldap server on opensuse 11.3 and i am continuously getting an invalid credentials error when doing the smbpasswd -a command. Below are my smb and ldap files.
smb.conf
# Primary Domain Controller smb.conf
# Global parameters
[global]
unix charset = utf8
workgroup = MERCDOMAIN
netbios name = mercserver
passdb backend =ldapsam:"ldap://mercserver.mercdomain.com"
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
#name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon script = logon.bat
logon path = \mercserverprofiles\%u
logon drive = H:
domain logons = Yes
domain master = Yes
wins support = Yes
# peformance optimization all users stored in ldap
ldapsam:trusted = yes
ldap suffix = dc=mercdomain,dc=com
ldap machine suffix = ou=Computers,ou=Users
ldap user suffix = ou=People,ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=mercserver,dc=com
ldap ssl = off
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = root
printing = cups
# = Share Definitions =
[homes]
comment = Home Directories
valid users = %S
browseable = yes
writable = yes
create mask = 0600
directory mask = 0700
[sysvol]
path = /home/data/samba/sysvol
read only = no
[netlogon]
comment = Network Logon Service
path = /home/data/samba/sysvol/vavai.net/scripts
writeable = yes
browseable = yes
read only = no
[profiles]
path = /home/data/samba/profiles
writeable = yes
browseable = no
read only = no
create mode = 0777
directory mode = 0777
[Documents]
comment = share to test samba
path = /home/data/documents
writeable = yes
browseable = yes
read only = no
valid users = "@Domain Users"
slapd.conf
UW PICO 5.04 File: /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
modulepath /usr/lib/openldap/modules/
# moduleload back_bdb.la
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Samba Primary Database mercdomain.com
database bdb
suffix "dc=mercdomain,dc=com"
directory /var/lib/ldap
rootdn "cn=Manager,dc=mercdomain,dc=com"
rootpw merc84
index entryCSN eq
index entryUUID eq
#access to attrs=userPassword,sambaLMPassword,sambaNTPassword
# by self write
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * auth
#access to *
# by dn="cn=Manager,dc=mercdomain,dc=com" write
# by * read
# Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
ldap.conf
UW PICO 5.04 File: ldap.conf # LDAP Master
host mercserver.mercdomain.com
base dc=mercdomain,dc=com
binddn cn=Manager,dc=mercdomain,dc=com
bindpw merc84
bind_policy soft
pam_password exop
nss_base_passwd ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=People,ou=Users,dc=mercdomain,dc=com?one
nss_base_passwd ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_shadow ou=Computers,ou=Users,dc=mercdomain,dc=com?one
nss_base_group ou=Groups,dc=mercdomain,dc=com?one
ssl no
I am setting up a cluster of servers which use Centos Directory Server for control of logins, etc and kerberos for authentication. The basic setup is working fine, I have been able to manually create accounts using the directory console and these accounts seem to work. Now what I want to do is automate the process of creating new accounts. I am writing a perl script which can be run by one of the server administrators, they supply a small number of arguments and it should create a new user in the directory server, and also create a principal in the kerberos.
I want them to be able to do this using their logged-in kerberos credentials, i.e., without having to enter and re-enter their passwords. My first attempt was to use perl modules Net::LDAP and Authen::SASL. I could not get this working so fell back to using ldap command line tools, but even these I cannot seem to get working! When using mozldap tools, as specified in the admin manual, I get the following:
$ /usr/lib64/mozldap/ldapmodify -h ldaphost.mycompany.com -D uid=eharmic,ou=mydept,dc=mycompany -o mech=GSSAPI -o authid=eharmic < ../ldapmod.txt
Bind Error: Invalid credentials
Bind Error: additional info: SASL(-14): authorization failure:
Using openldap tools I strike exactly the same problem:
$ ldapmodify -Y GSSAPI -H LDAP://ldaphost.mycompany.com -D uid=eharmic,ou=mydept,dc=mycompany -U eharmic < ../ldapmod.txt
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-14): authorization failure:
I believe I have set up the mapping correctly:
dn: cn=MyMapping,cn=mapping,cn=sasl,cn=config
objectClass: top
objectClass: nsSaslMapping
cn: MyMapping
nsSaslMapRegexString: ^(.+)@MYCOMPANY.COM
nsSaslMapBaseDNTemplate: ou=mydept,dc=mycompany
nsSaslMapFilterTemplate: (uid=1)
It must be getting reasonably far because after doing the above I can see the LDAP service ticket in my "klist" output.
When i enter ip or address nslookup does not reply any answer. It shows no server found. "servfail". This is my named.conf file:
[Code]....
am getting an error "java.net.SocketException: Malformed reply from SOCKS server" when trying to create a socket to an ip.but when i use localhost,its working fine
Error
Socket skt=new Socket("192.168.1.18",4000);
working
Socket skt=new Socket("localhost",4000);
I recently moved my site to a new server (Apache 2, PHP5, MySQL5). The site is an Invision based forum. Every few posts / topics it just hangs. The data has been written because if you stop and reload, the post / thread is there. I thought it was a write issue initially, but nope. So, the data is written but the page load never completes. It doesn't leave the page where the data has been input.
Whats the best way to trouble shoot this issue? The only thing I have done recently is reduce my MySQL timeouts, but I can't see that being an issue as the values are still big enough and there are no mentions of timeouts in the MySQL log. (For the record there is nothing in PHP's error log either)
I have checked my server-status. It all looked ok, but I have a suspicion I was hitting my ServerLimit, so I doubled that. Also enabled my Keepalives. Will keep an eye on it.
Some additional info;
1. Apache is throwing seg faults, but enabling core dumps does not produce them.
2. I have tried disabling the modules in apache but it just stops things from working.
3. I fear it may actually be DNS related. If I watch Live Headers in Firefox, absolutely nothing happens during this 'hanging' period. After that, the responses come back fairly promptly.
trying to configure a Centos 5.5 server (simple file server with DHCP and DNS relay). I configured and tested the config (by 'service dnsmasq configtest') of dnsmasq and I got the message 'dnsdomain:host unknown (translation of the real message : hte inconnu) and I didn't find where I could define this host ! The hostname of the server is well defined and I can see it from all Windows PC's on the LAN. dnsmasq starts (with hte same message as in configtest) but when querying DNS from PC's te.g. trying to surf the Internet), I don't get replies (3 DNS servers are also well defined and operational).
View 2 Replies View RelatedI would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
I have the following query:
Code:
$sql="SELECT table1.datetime, table1.user_id, table2.ip, FROM table1,table2 WHERE id='$id' AND (table1.id = table2.id AND table1.datetime = table2.datetime)";
In table2 the datetime fields are about 1 to 2 seconds off due to the source of the data, which I cannot change.
Is it possible via a query match table1.datetime & table2.datetime by HH:MM (ie. to the minute instead of to the second)?
I have setup a Postfix system under Ubuntu server and everything works fine but I have seen 2 mails that stayed queued deferred in my mailqueue.
They can't be send because I received this :
Other mails are going out but these two stay there. Maybe someone could guide me where to change or look for solving this problem. I have a FQDN but do not have a static IP from where I run this mailserver.
In my httpd log I always get this recurring error
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[warn] RSA server certificate CommonName (CN) `srvspam' does NOT match server name!?
This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
xx@xx.com
SMTP error from remote mail server after initial connection: host [URL] [ip address]: 550 Access denied...
I followed the instructions here:
[URL]
This is on CentOS 5.5 with all the latest updates.
I changed rootdn and rootpw in /etc/openldap/slapd.conf with the info for my domain and with an encrypted password using slapcat.
Now when I try to use slapadd like so:
ldapadd -x -D "cn=admin,dc=domain,dc=com" -w passwd -f /tmp/base.ldif
I get the error: ldap_bind: Invalid credentials (49)
I feel like this is a pretty basic/default setup, I haven't changed anything else in /etc/openldap/slapd.conf but for some reason it's not authenticating using the rootpw and rootdn information that I've provided in the config file.
I am setting a ldap server by reffering [URL] and getting following error in step #12
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W -f /etc/openldap/adminmart.com.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I am using RHEL 5.5.
I install debian, I when I restart apache2, I got this error
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Feb 26 11:53:45 2015] [warn] RSA server certificate CommonName (CN) `Ismo' does NOT match server name!?
How can I modify the commonName of the RSA server certificate?
I've been tasked with setting up a RHEL FTP server to mirror one we currently have. From what I've read, I need to install and configure VSFTPD and then configure IPTables. From what I've been able to come up with, I need to follow the steps in this article to install and setup VSFTPD. Is this a good complete article to follow you think?Also, how do I copy the iptables config from that server to my new one? I think that iptables on our current server only allows certain IPs or blocks certain IPs (not sure which), so I need to have it do that on my new server as well
View 14 Replies View RelatedI messed up the first installation of Fedora on my server. My setup is as follows: Fedora and Gnome - NFS system, No dual boot (Windows or anything) Fedora ISO DVD downloaded No kickstart or other tools. how to set this up, from the time I insert the disk and have it boot up (configged already to boot from it). I know how to wipe it clean at intall time. Is that the root directory? And, is /boot the actual boot directory? I'm just having a hard time uderstanding that. As I said, I just want a quick itemized list, step 1, step 2, etc, from partitioning, creating file system, mounting, etc. in the right order.
View 4 Replies View RelatedSo I am creating a LDAP server for my school's Linux lab, so users on our school network can log into the Linux machines.
I found a guide here url...Authentication
But during the install, I get the following error.
update-rc.d: warning: libnss-ldap start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (none)
This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: xx@xx.com SMTP error from remote mail server after initial connection: host [URL] [ip address]: 50 Access denied...
View 4 Replies View RelatedI have a SSH server "SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2" running at IP 1.1.1.1When I try to access it from another machine on the internet which is at 2.2.2.2 every thing goes fine. However when I try to do the same thing from 3.3.3.3 it does not work and Putty throws me this error "Server's host key did not match the signature supplied". I went inside HKEY_Current_userSoftwareSimonTathamPuttySshHostKeys and tried to remove all the known host and still the issue is existing, I am literally scratching my head as to what is going wrong.I Googled about this error and I saw many were having problem similar to mine however none were able to give some conclusive results so far.
View 15 Replies View RelatedI have install ubuntu 9.04 on my machine. When I am trying to ping google.com, I do not get ping reply but I am able to browse Internet. Also, I am able to ping any of the local machine on LAN.
View 9 Replies View RelatedFirst of all I'd like to let you know that I'm not very experienced with Linux,and I am using Ubuntu 10.04.1 LTSI'm also not really sure if this is the proper section in which I should post.I'm running a Minecraft server,and I'm trying to make a PHP script grab the reply from a screen.Is there any way to do this?Is there any way to grab the names "name1", "name2" and "name3"?The amount of names can go up to 35 on my server
View 2 Replies View Related