I am trying to get OpenLDAP to authenticate user logins, but running around in circles. Are there any logs produced by either client and/or server that would indicate possible reasons why it was unable to login as a user?Below is an explanation, any ideas would be appreciated, as I think everything is setup as per the various articles on using LDAP.
I have a CentOS 5.5 OpenLDAP server, and several others, some host services, some are file shares (samba).So far I have been able to successfully configure OpenLDAP to carry out all the ldap* commands from both the local server and from any of the remote servers, either via non-ssl or ssl connections. However, as soon as I try connecting any services up to it, it doesn't play ball.Back to basics, having cleared off all previous attempts at this from all machines, I have gone through the following:
Installed OpenLDAP server/client on host (plus nss_ldap). Configured /etc/openldap/slapd.conf (see below) Configured /etc/openldap/ldap.conf (see below)
OK, I'm not really a newbie, but I definitely no expert either.I've been surfing the web trying to find a good tutorial on locking out users after three failed logon attempts.At present I've reset everything in the /etc/pam.d directory back to the default state. This sets up all my password requirements and this works. Now I need to crack getting the account to lockout after three failed attempts. Let me know what files you need to see in the pam.d directory and I'll paste them in.
I have tried and tried to get Ubuntu up and running again after a fatal crash. Unknown reason. I have burned several copies of Karmic and Jaunty, but the only one that will come up is an old copy of Jaunty Live CD. Chksum have matched on the disks and the disk integrity (the last time came up with 1 error, but it did not say where. I have used SystemRescue64, Rescue-remix for Karmic, MHDD, Ultimate boot disk, and have reformated and partitioned my 640GB drive. One partition is formated to EXT3 and the other is unallocated. Both testdisk and memtest show positive. No disk will complete a permanent install. At least one error shuts it down even after fixing broken packages and sometimes there are 3or 4 errors msgs. Last night the error was something in Open Office, I don't recall more than that. Here are the errors I picked out of todays logfiles. They are prety much in order as posted in the various logs:
Why is it that the darn printer keeps breaking on this thing (Ubuntu) ??? It's either every damn update that keeps messing this up. One computer is bad enough, I can't imagine having to take care of even five with this thing always screwing something up. What the hell is going on??? Yeah I'm tired of this thing always messing up the printer. Please fix this thing, separate the browsers if you have to, do whatever it takes, but please STOP messing up the printers...and I don't even print that often.Oh yeah, when you first start the OS up, the drive seems to go on for a while longer now. I only put the regular updates and don't tweak anything.
I am looking for a way to automatically block an ip address and add it to /etc/hosts.deny when they have 3 consecutive password failures or try connecting to a name that doesn't exist more than like twice to help limit the brute force attacks I am experiencing.Is there an easy way to do this already implemented in Ubuntu?
I googled this, to no avail. I've restarted cups, to no avail.This is a Networked Printer, but i have little doubt that can be ruled out as an issue.If i want to print an Image or Plain Text file, i get this error; if i print with OpenOffice, i do NOT get this error and it prints fine.I have also gotten a similar error, like "permission denied" or something, but i cannot recall exactly what it said, and cannot seem to recreate it at the moment.I have been getting this for quite some time now (months), but never found out why. Any ideas?
I installed Lucid (clean install after several attempts at upgrading from Karmic failed), and I have an Intel 8xx video card. I was able to get Lucid installed by adding "xforcevesa" into the command line at startup. Now I would like to try changing my computer away from Vesa and seeing if I can try to get the i915 driver working.
That being said, I cannot figure out where to go to change my kernel boot configurations. Every tutorial I've found refers me to /boot/grub/menu.lst which I cannot find. Ever since I moved from Karmic to Lucid, I've regretted it as it seems like all the How-To documentation is no longer valid, everything has been changed and moved around.
I don't know why it is dumping me onto Vesa, or why my stupid driver was blacklisted; everything was working fine under Hardy, Jaunty, and Karmic. Why problems now? Does anyone know how I can get into my boot setings and replace "xforcevesa" with something that will make the intel driver work?
I know this is probably easy and if I only took a while to figure it out maybe I could but I have some stuff that needs to happen soon and I can't figure this out. I was wondering how I could have a log monitor that would email me whenever someone tries to login over ssh to my system. I'm open to everything daemons/scripts or cron itl works as I am not running a production server (but I might be starting that soon). Oh and just a side how do I get sent an email when I get port scanned
I'm running the firestarter firewall and its been showing the odd ssh attempt quite often. e.g. I've had 4 attempts today, 3 in the last 40mins. I realize that this may be nothing to serious but it's got me curious, aside from having a secure password (which I have) is there anything that else that I can do to ensure that my system is as secure as possible from ssh? I do use ssh within my home network so I don't want to disable it completely.
I have an SSH server on my laptop, and I'm using the default configuration file, but I added "AllowUsers <myUserName>". I get lots of login attempts like the ones below in my /var/log/auth.log.From Google, I find that pam_winbind allows some kind of Windows authentication. This leaves me with 2 questions. What does winbind do when I have not configured any Windows/Samba accounts? How can I turn it off?
Code: Oct 23 20:01:49 muon sshd: User root from 126.96.36.199 not allowed because not listed in AllowUsers
I am running a ubuntu server 10.10 with SSH, and OpenVPN. I use it mainly for the VPN, but I have seen log in attempts such as:
Mar 22 14:52:53 UbuntuSvr sshd: Invalid user support from 188.8.131.52 Mar 22 14:52:55 UbuntuSvr sshd: Invalid user student from 184.108.40.206 Mar 22 14:52:57 UbuntuSvr sshd: Invalid user transfer from 220.127.116.11 Mar 22 14:52:59 UbuntuSvr sshd: Invalid user user from 18.104.22.168
Is it possible to make it so when some one has tried logging in 5 times with an invalid user/pass that the ip is banned for 10 minutes? I have password auth set to no and am using keys.
My server (CentOS 5.4) is being bombarded 24x7 with IP addresses from China trying to exploit phpMyAdmin. For every one I block on the firewall, half a dozen come to the funeral! It's a pity these morons don't have something better to occupy their time. I'm getting page after page of this (see below) every day and it's been going on for weeks. I don't even have phpMyAdmin on the server. I don't use it and I deleted it.
I've read that you can use .htaccess and / or mod_rewrite to redirect / block them based on any query for phpMyAdmin (they try all letters in upper and lower case, leading to page after page). Unfortunately, I have no idea of how to do this. I already have an .htaccess file. Maybe someone can suggest what to add to stop these pests from wasting my bandwidth and suggest somewhere I could redirect them to to cause them maximum problems. I don't want to block the entire country, seems a bit like overkill, not all Chinese are morons. we aren't even in the USA, so why they are doing this is beyond me.
A TINY sample! [Sun Aug 08 13:29:08 2010] [error] [client 22.214.171.124] File does not exist: /var/www/corp/phpMyAdmin-2.7.2
currently I'm fiddling around with mod_security for apache2 configurations on CentOS boxes, right now in a test environment first (i.e. separate non production box).CentOS includes the mod_security "Core Rule Set" by Breach Security Inc, the devs behind that module.So far all's running mostly, logs/auditlogs etc.For simple testing, I made a small php form as following:
Code: <?php $link = mysql_connect("localhost",$user,$pass); //un/pw obfuscated for forum post
On my server I some times login from my home where I have an internet connection which does not have a static IP each time I switch on my modem a dynamic IP isgenerated.I see in auth.log logs of following lines Quote:reverse mapping checking getaddrinfo forkkts-kk-dynamic-01.1.168.192.some_broadband.in [192.168.1.2] failed - POSSIBLE BREAK-IN ATTEMPT Accepted publickey for root from 192.168.1.2 port 22852 ssh2when ever I login to my server from home.In this case I do know that it was me who logged in but still why do I see such a log.What is this complaining about?
I am getting some error when i compile cross compile "dbus-1.2.20". error Code: checking for XML_ParserCreate_MM in -lexpat... no configure: error: Could not find expat.h, check config.log for failed attempts so i downloaded te expat library sources i cross compiled. But again i am getting same error. I think i have to add "-lexpat" in LDFLAG. But i dont know how to do that.
went through the tutorial on FedoraSolved for securing ssh. I installed denyhosts with yum and then tried to run it with the command line command"sudo /etc/init.d/denyhosts start" but I got the message"Job Failed. See system logs and 'systemctl status' for details [FAILED]"and in the application "services" in the applications menu,t shows an exclamation warning and says that "This unit has failed"
I would like to join SLES server to Microsoft Server 2008 Active Directory to enable domain authentication when accessing samba shares. When I run
net ads join -U administrator
I get the following error
"Failed to join domain: Improperly formed account name."
I tried the same samba configuration on another server (OpenSuse 11.2) without any problem, so I think it is somehow connected with the Samba version, but I'm not sure. Has anybody experienced this behaviour?
the package versions on SLES 10 SP2 (x86_64) are following
Is it possible to have two passwords associated with one account, one that is the actual one, and another one, a duress password, that upon entering gives a similar (desktop) environment with "decoy data"?
The idea is to have the bogus password go to an encrypted home drive that looks as if it were the real deal, but it is wiping particular sensitive (encrypted) data that is visible only with the real password in the background, so that the actual data that need to be protected are not compromised. While the person who unlocked the computer tries to find the information on it between all the rubbish files, the real files are securely wiped. The files are very sensitive in nature, so it's better to have then destroyed than have unauthorized people access them, in the event of that happening.
I happen to know that TrueCrypt has a similar option but that requires an entire decoy operating system (and I think that might be a bit conspicuous), but is there a native linux way to do it?