Search Results

Search found 33247 results on 1330 pages for 'anonymous access'.

Page 122/1330 | < Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129 | Next Page >

MSDTC - Communication with the underlying transaction manager has failed (Firewall open, MSDTC network access on)

- by SocialAddict

I'm having problems with my ASP.NET web forms system. It worked on our test server but now we are putting it live one of the servers is within a DMZ and the SQL server is outside of that (on our network still though - although a different subnet) I have open up the firewall completely between these two boxes to see if that was the issue and it still gives the error message "Communication with the underlying transaction manager has failed" whenever we try and use the "TransactionScope". We can access the data for retrieval it's just transactions that break it. We have also used msdtc ping to test the connection and with the amendments on the firewall that pings successfully, but the same error occurs! How do i resolve this error? Any help would be great as we have a system to go live today. Panic :) Edit: I have created a more straightforward test page with a transaction as below and this works fine. Could a nested transaction cause this kind of error and if so why would this only cause an issue when using a live box in a dmz with a firewall? AuditRepository auditRepository = new AuditRepository(); try { using (TransactionScope scope = new TransactionScope()) { auditRepository.Add(DateTime.Now, 1, "TEST-TRANSACTIONS#1", 1); auditRepository.Save(); auditRepository.Add(DateTime.Now, 1, "TEST-TRANSACTIONS#2", 1); auditRepository.Save(); scope.Complete(); } } catch (Exception ex) { Response.Write("Test Error For Transaction: " + ex.Message + "<br />" + ex.StackTrace); }

Read the article
Postfix 554 <[email protected]>: Relay access denied

- by Matt

So i am trying to set postfix up and I am running into some problems.....here is my files vim /etc/postfix/main.cf relayhost = [smtp.gmail.com]:587 smtp_connection_cache_destinations = smtp.gmail.com smtp_sasl_auth_enable=yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_tls_security_options = noanonymous tls_random_source = dev:/dev/urandom smtp_tls_CAfile= /etc/pki/CA/cacert.pem smtp_tls_security_level = may smtp_tls_scert_verifydepth = 9 append_dot_mydomain = no readme_directory = no myhostname = maggie.deliverypath.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = maggie.deliverypath.com, localhost.deliverypath.com, , localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all I also have the gmail password info vim /etc/postfix/sasl_passwd gmail-smtp.l.google.com [email protected]:somepass smtp.gmail.com [email protected]:somepass then I try to follow this article and i get this output telnet mail.demoslice.com 25 Trying 67.207.128.80... Connected to www.slicehost.com. Escape character is '^]'. 220 www.slicehost.com ESMTP Postfix (Ubuntu) HELO test.demoslice.com 250 www.slicehost.com MAIL FROM:<[email protected]> 250 Ok RCPT TO:<[email protected]> 554 <[email protected]>: Relay access denied its started service postfix start * Starting Postfix Mail Transport Agent postfix ...done. then the screen gets frozen and i cant do anything....any ideas

Read the article
Unable to Access Certain Websites

- by codejoust

Through a local network, all computers except one ubuntu machine can access 1. Adobe.com 2. Icann.org 3. Apache.org 4. Example.com. The ubuntu machine returns (in firefox): "Though the site seems valid, the browser was unable to establish a connection." Furthermore, when I traceroute those websites using the ubuntu machine, they all return ubuntu.local, and it ends there: (traceroute to icann.org (192.0.32.7), 30 hops max, 40 byte packets 1 ubuntu.local (192.168.1.105) 3000.791 ms !H 3000.808 ms !H 3000.814 ms !H I've checked the hosts file, and there isn't anything in there, and I have an apache server there so if it was redirected to localhost, I'd probably see the localhost webroot page. Thanks in advance! user@ubuntu:~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 192.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 The Ubuntu Machine is one of six on the network. I'm using opendns for dns, so I do think that should be a problem.

Read the article
Mac: window manager frozen, have ssh access

- by Bernd

I have a Mac which regularly runs into a problem. The user interface stops reponding, showing a "frozen" user interface. The mouse is still moving but clicking does not trigger anything. This happens about once a week. Solution so far is to force switch-off the Mac and reboot it. I have ssh root access to the Mac. Killing (kill -9) the active application has no visible impact on what is shown on the screen. Any ideas on how to diagnose this? Is there a way to restart the window manager from the ssh shell? Killing /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphics.framework/Resources/WindowServer seems not to be possible. The Mac is an early 2008 iMac and runs Lion with latest updates. /Library/Logs/DiagnosticReports is empty. Update: Problem stays after update to Mountain Lion. The WindowServer process is in "uninterruptible wait" state ("U" flag in ps output set): imac:~ root# ps ax|awk "NR==1|| /WindowServer/"|grep -v awk PID TT STAT TIME COMMAND 86 ?? Us 50:51.69 /System/Library/Frameworks/ApplicationServices.framework/Frameworks/CoreGraphics.framework/Resources/WindowServer -daemon Any idea for diagnosing what blocks the process? Any idea for "waking up" the process?

Read the article
Windows Vista - Can Boot into Safe Mode Command Prompt, Cannot Access Flash Drive

- by Adam

Hey there, Got a laptop dropped into my lap. Has Vista installed. Normal boot never gets past the login screen. Safe mode will get past, but just barely. I can try and start the task manager at that point, but it never opens. Only reliable way to do anything I've got is the safe mode command prompt... Boots up and logs in fine. I can't see anything noticably wrong via regedit, but it's been a long time since I've had to fix up a Windows box... not sure that I would. Problem I'm having, is that I want to run ComboFix/etc, but have no way to get them on there... When I pop a flash drive in, it seems to mount it (flash drive flickers as normal) but it never seems to be mounted... I cannot access it through any drive letter on the command line. I managed to start the device manager (devmgmt.msc) and the flash drive was recognized and listed... Any ideas on how to get this thing going again? (Short of a reinstall.) (It has no CD drive, either, so burning files to CD would not be easy...) Thanks! Adam

Read the article
Long access time for static web page on virtual machine

- by Karol

My setup Windows 7 on workstation that I use at work (with domain) and home (no domain) Virtual machine (VMWare) that runs Arch Linux (I will call it just "Linux") with network interface in bridged mode. Linux serves web pages with Nginx. IP address of Linux machine is 192.168.0.16 and is added to C:\windows\system32\drivers\etc\hosts: 192.168.0.16 bridged bri IP address of Windows workstation is added to /etc/hosts: 192.168.0.10 workstation I can add more details to my setup description (I am not sure what is relevant). The question Often (but not always) it takes long time for a web browser (Firefox) to open static web page served by Linux. I am sure it is not a performance issue. To be more specific: it takes about ~20 seconds to resolve(?) the address http://bridged for a web browser. Additionally I have just installed samba service and noticed similar problem, so it is not specific to browser & http. Initial access for samba shares also takes long time.

Read the article
Western Digitial My Book: Can't access the data on the drive

- by Bryan Denny

My girlfriend has this external hard drive by Western Digital called a My Book. When the external drive is connected, it does not show it as an accessible disk drive on the computer. However, it shows up fine in Device Manager: I can also see it in Disk Management, but the volume is not mapped to a drive letter, nor can I change the drive letter: It only gives me access to Delete Volume: I would rather not lose the data on the drive if possible. What can I do from here to get to the data? Things I've tried/know: Uninstall drivers and re-install them Device does the same thing when attach to either her Win7 laptop or my Win8 laptop I don't think there's an issue with the HDD itself. No clicking noises, etc. I ran Western Digital Data LifeGuard Diangostics (DLGDIAG) and the SMART Status was a "PASS", all of the SMART Disk Information looked fine. I haven't had the time to run the diag tests yet but I do not believe it's a mechanical issue. The hard drive is inside of an enclosure, I have not attempted to pry the drive out yet. How can I get Windows to properly detect this drive?

Read the article
No internet access when using static IP

- by Endy Tjahjono

I have just upgraded to Windows 8.1, and after the upgrade process is finished, I can't connect to internet. I tried running the "Troubleshoot problems": It concluded that DHCP needs to be activated: I let it activate DHCP, and I got internet connection back. The problem is I want to set this PC to a certain IP address (the IP address that it has been using all this time). I am also using Hyper-V, which I suspect has something to do with this problem. After I regained internet connection, I tried running one of my Hyper-V VM. From inside the VM I can connect to internet. That VM has static IP address. I also noticed that in "Control Panel\Network and Internet\Network Connections", I usually have a network connection called vEthernet (Realtek PCIe GBE Family Controller Virtual Switch). I didn't find it there after upgrade. How do I set my PC to a static IP while retaining internet access in Windows 8.1? EDIT I have managed to recreate vEthernet (Realtek PCIe GBE Family Controller Virtual Switch) by unchecking Allow management operating system to share this network adapter in Hyper-V's Virtual Switch Manager and then checking it again. But when I changed the adapter to use static IP, it still can't connect to internet. Result of Get-NetAdapter -Name * | fl (with MAC address removed): Name : vEthernet (Realtek PCIe GBE Family Controller Virtual Switch) InterfaceDescription : Hyper-V Virtual Ethernet Adapter #2 InterfaceIndex : 5 MacAddress : 55-55-55-55-55-55 MediaType : 802.3 PhysicalMediaType : Unspecified InterfaceOperationalStatus : Up AdminStatus : Up LinkSpeed(Mbps) : 100 MediaConnectionState : Connected ConnectorPresent : False DriverInformation : Driver Date 2006-06-21 Version 6.3.9600.16384 NDIS 6.40 Name : Ethernet 3 InterfaceDescription : Hyper-V Virtual Ethernet Adapter #3 InterfaceIndex : 6 MacAddress : 55-55-55-55-55-56 MediaType : 802.3 PhysicalMediaType : Unspecified InterfaceOperationalStatus : Up AdminStatus : Up LinkSpeed(Gbps) : 10 MediaConnectionState : Connected ConnectorPresent : False DriverInformation : Driver Date 2006-06-21 Version 6.3.9600.16384 NDIS 6.40 Name : Ethernet InterfaceDescription : Realtek PCIe GBE Family Controller InterfaceIndex : 2 MacAddress : 55-55-55-55-55-57 MediaType : 802.3 PhysicalMediaType : 802.3 InterfaceOperationalStatus : Up AdminStatus : Up LinkSpeed(Mbps) : 100 MediaConnectionState : Connected ConnectorPresent : True DriverInformation : Driver Date 2013-05-10 Version 8.1.510.2013 NDIS 6.30

Read the article
Need for explanation: NetBIOS over TCP/IP on VMware network adapter disturbs access to network share

- by gyrolf

(Moved here from StackOverflow) Some time ago nearly all workstations in our team (Windows XP SP2) exhibited intermittend but frequent delays when accessing shares on the network. Typically the first access to a share which hadn't been accessed for some time resulted in a nearly frozen workstation for up to 30 seconds. Then everything started working fine again. Using TCPView from Sysinternals I saw that during this delays there was a connection to the netbios-ssn port on the file server which was in state SYN_SENT. First try: Disable NetBIOS over TCP/IP for the intranet network adapter. Problem solved, but I didn't like to manipulate our centrally managed network configuration for the intranet. Second try: Disable NetBIOS over TCP/IP only for the VMWare network adapter (VMNet1 used for host only communications). Problem solved again! My questions: Why does NetBIOS over TCP/IP on one network adapter disturb NetBIOS over TCP/IP on another network adapter? Is this problem specific to VMWare network adapters? Has anybody else seen this phenomen? Additional information: VMWare Workstation version 6.0.3 At the time I started seriously analysing the problem it was no more possible to find out what had been changed to our systems at the time the problems started.

Read the article
Send Apache Access Logs to syslog

- by Seer

We have IBM HTTP Servers (Based on Apache 2.0) and want to send the access logs to syslog. (in addition to error logs which does work) The config we are using is as follows: ErrorLog "|/HTTPServer/bin/rotatelogs /archive/http/error_log.%Y%m%d 86400 | /usr/bin/logger -t httpd -plocal6.err" LogLevel warn LogFormat "%h %{True-Client-IP}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D \"%{Host}i\" %v" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog "|exec /usr/bin/logger -t ptseelm-ax3004 -i -p local6.notice" combined But the logs entries don't even appear in the local syslog.out here is what the processes look like: ps -ef | grep httpd apache 6226000 8388618 0 09:04:01 - 0:00 /HTTPServer/bin/httpd -d /HTTPServer -k start apache 6750220 8388618 0 09:04:01 - 0:00 /HTTPServer/bin/httpd -d /HTTPServer -k start apache 7602390 8388618 0 09:04:01 - 0:00 /HTTPServer/bin/httpd -d /HTTPServer -k start root 8388618 1 0 09:04:01 - 0:00 /HTTPServer/bin/httpd -d /HTTPServer -k start root 9044038 8388618 0 09:04:01 - 0:00 /usr/bin/logger -t httpd -plocal6.err So there is no logger attached to the child processes... is that the problem? Can someone help me out? :) We have the following in syslog.conf: local6.* @somerealipaddress

Read the article
Google Chrome doesn't want to access Facebook

- by Pieter van Niekerk

I have been experiencing a bit of a problem with Chrome over the last couple of days where it doesn't want to access Facebook. When I open Chrome it works fine for a while and then if I were to refresh the page it would give me the Chrome 'This webpage is not available' message. This webpage is not available Google Chrome could not load the webpage because www.facebook.com took too long to respond. The website may be down, or you may be experiencing issues with your Internet connection. Here are some suggestions: Reload this webpage later. Check your Internet connection. Restart any router, modem, or other network devices you may be using. Add Google Chrome as a permitted program in your firewall's or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again. If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working. If you don't believe you should be using a proxy server, adjust your proxy settings: Go to the wrench menu Options Under the Hood Change proxy settings... LAN Settings and deselect the "Use a proxy server for your LAN" checkbox. This problem only persists when using the proxy and doesn't occur at all when not on the proxy. I have also tried different browsers (IE9 and Firefox 9.01) but it doesn't occur in any of them. This problem goes away for a while when I restart Chrome, only to happen again a couple of minutes later. I have tried deleting the cookies for Facebook without restarting Chrome, but to no avail. I am using Windows7 with Chrome 17

Read the article
Configuring https access on HP A5120 Switch

- by GerryEgan

I am trying to configure HTTPS management on a HP a5120 switch running Version 5.20.99, Release 2215 and not having much luck. I have followed the manual by creating an SSL policy first and then enabling the HTTPS server with the SSL policy: ssl server-policy sslpol ip https ssl-server-policy sslpol ip https enable When I try and log onto the switch with Google Chrome I get the following error: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. When I look this up I have found references to errors due to TLS being used in SSL. I can find no way to specify the SSL version in the server policy. The manual has a configuration example that uses MSCEP to retrieve a certificate but in Windows 2008 R2 that feature is only available in Enterprise and Datacentre editions which I don't have. I have SSH configured and it is using a locally generated certificate so I'm not sure if I can use that but I'd like to if possible. Has anybody been able to setup HTTPS management on HP A series switches without MSCEP? Any and all help appreciated! here is a copy of my config with the interfaces removed: version 5.20.99, Release 2215 # sysname MYSYSNAME # irf domain 10 irf mac-address persistent timer irf auto-update enable undo irf link-delay # domain default enable system # telnet server enable # vlan 1 # vlan 100 description Management # radius scheme system primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain # domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system group-attribute allow-guest # local-user admin password cipher authorization-attribute level 3 service-type ssh telnet terminal service-type web # stp enable # ssl server-policy sslpol pki-domain MYDOMAIN # interface NULL0 # interface Vlan-interface199 ip address 192.168.199.140 255.255.255.0 # interface GigabitEthernet1/0/1 poe enable stp edged-port enable # interface Ten-GigabitEthernet2/1/2 # dhcp-snooping # ntp-service unicast-server 192.168.1.71 # ssh server enable # ip https ssl-server-policy sslpol ip https enable # load xml-configuration # user-interface aux 0 1 user-interface vty 0 15 authentication-mode scheme

Read the article
Correct MySQL username/password, but getting Access Denied error when run from script

- by Nick

I'm currently trying to run the following command from within a shell script. /usr/bin/mysql -u username -ppassword -h localhost database It works perfectly fine when executed manually, and not from within a script. When I try to execute a script that contains that command, I get the following error: ERROR 1045 (28000) at line 3: Access denied for user 'username'@'localhost' (using password: YES) I literally copied and pasted the working command into the script. Why the error? As a sidenote: the ultimate intent is to run the script with cron. EDIT: Here is a stripped down version of my script that I'm trying to run. You can ignore most of it up until the point where it connects to MySQL around line 19. #!/bin/sh #Run download script to download product data cd /home/dir/Scripts/Linux /bin/sh script1.sh #Run import script to import product data to MySQL cd /home/dir/Mysql /bin/sh script2.sh #Download inventory stats spreadsheet and rename it cd /home/dir /usr/bin/wget http://www.url.com/file1.txt mv file1.txt sheet1.csv #Remove existing export spreadsheet rm /tmp/sheet2.csv #Run MySQL queries in "here document" format /usr/bin/mysql -u username -ppassword -h localhost database << EOF --Drop old inventory stats table truncate table table_name1; --Load new inventory stats into table Load data local infile '/home/dir/sheet1.csv' into table table_name1 fields terminated by ',' optionally enclosed by '"' lines terminated by '\r\n'; --MySQL queries to combine product data and inventory stats here --Export combined data in spreadsheet format group by p.value into outfile '/tmp/sheet2.csv' fields terminated by ',' optionally enclosed by '"' lines terminated by '\r\n'; EOF EDIT 2: After some more testing, the issue is with the << EOF that is at the end of the command. This is there for the "here document". When removed, the command works fine. The problem is that I need << EOF there so that the MySQL queries will run.

Read the article
SNMP Access on Ubuntu

- by javano

I am trying to use SNMP to monitor a machine locally on its self and remotely. This is the snmpd.conf (Ubuntu 8.04.1): # sec.name source comunity com2sec readonly 1.2.3.4 nicenandtight com2sec readonly 5.6.7.8 reallysafe group MyROGroup v1 readonly group MyROGroup v2c readonly group MyROGroup usm readonly view all included .1 view system included .iso.org.dod.internet.mgmt.mib-2.system access MyROGroup "" any noauth exact all none none syslocation my house syscontact me <[email protected]> exec .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro smuxpeer .1.3.6.1.4.1.674.10892.1 includeAllDisks 95% 1.2.3.4 is the local machines IP and everything is working locally. 5.6.7.8 is the remote machine and initially I am just trying to touch SNMPD with snmpwalk from the remote machine; snmpwalk -v 2c -c reallysafe 1.2.3.4 Timeout: No Response from 1.2.3.4 I have added to iptables as the very first rule; -A INPUT -p udp -m udp --dport 161 -j ACCEPT With such a loose iptables rule I can't see why I can't even touch the SNMPD on that Uubuntu Machine. There are more specific rules further down the table but as I couldn't connect I added the above. TCPDump shows the UDP packets coming in. What could be going wrong here?

Read the article
Authority Information Access local path being ignored

- by Kevin

I have a CA set up in Server 2008 R2, and generally it is working, but I can't control the local path/filename it writes its own certificate to for the Authority Information Access publishing. Here's a screen shot of the dialog I'm trying to set this on: From these settings I would expect to get the file: C:\Windows\system32\CertSrv\CertEnroll\DAMNIT.crt But instead I get: C:\Windows\system32\CertSrv\CertEnroll\SERVER.domain.com_My Issuing Authority(1).crt Of course, the actual change shown wouldn't be very useful, but it's illustrative; no matter what path/filename I use, it always lands up in the same place and with the same name. I actually wanted to change the name from <ServerDNSName>_<CaName><CertificateName>.crt to <CaName><CertificateName>.crt, since the latter corresponds to the HTTP URL whereas the former does not. Admittedly, I haven't set up many CAs so perhaps I'm just deluded as to what this dialog is supposed to be setting, but if so this is notoriously bad UI design. (Incidentally, I have a couple other complaints with the same dialog.) What's going on here and is there some way to get the filename pattern I want?

Read the article
OHS 11g R2 - How to restrict access only to Intranet users

- by Pavan

For one of the sub-paths, I am trying to restrict access only to Intranet originated requests. I tried following configuration, but it's not working as expected. <VirtualHost *:7777> Debug ON RewriteEngine On RewriteOptions inherit RewriteRule ^/$ /test1 [R,L] RewriteRule ^/test2$ - [R=404] [L] RewriteRule ^/stage$ /stage/test1 [R,L] RewriteRule ^/stage/test2$ - [R=404] [L] <IfModule weblogic_module> WebLogicCluster localhost:7003,localhost:7005 </IfModule> <Location /test1> SetHandler weblogic-handler </Location> <Location /test2> SetHandler weblogic-handler </Location> <Location /api> SetHandler weblogic-handler PathPrepend /test1 </Location> <Directory /stage/test1> Order deny,allow deny from all Allow from 192.168 Allow from 127 </Directory> <Directory /stage/test2> Order deny,allow deny from all Allow from 192.168 Allow from 127 </Directory> <Directory /stage/api> Order deny,allow deny from all Allow from 192.168 Allow from 127 </Directory> <Location /stage/test1> SetHandler weblogic-handler WebLogicCluster localhost:7203,localhost:7205 PathTrim /stage </Location> <Location /stage/test2> SetHandler weblogic-handler WebLogicCluster localhost:7203,localhost:7205 PathTrim /stage </Location> <Location /stage/api> SetHandler weblogic-handler WebLogicCluster localhost:7203,localhost:7205 PathTrim /stage PathPrepend /test1 </Location> </VirtualHost> Can someone please help me resolving this?

Read the article
IP tables blocking access to most hosts but some accesses being logged

- by epo

What am I getting wrong? A while back I locked down my web hosting service while hardening it or at least trying to. Apache listens on port 80 only and I set up iptables using the following: IPS="list of IPs" iptables --new-chain webtest # Accept all established connections iptables -A INPUT --protocol tcp --dport 80 --jump webtest iptables -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT iptables -A webtest --match state --state ESTABLISHED,RELATED --jump ACCEPT for ip in $IPS; do iptables -A webtest --match state --state NEW --source $ip --jump ACCEPT done iptables -A webtest --jump DROP However looking at my apache logs I notice various log entries in access_log, e.g. 221.192.199.35 - - [16/May/2010:13:04:31 +0100] "GET http://www.wantsfly.com/prx2.php?hash=926DE27C156B40E55E4CFC8F005053E2D81E6D688AF0 HTTP/1.0" 404 206 "-" "Mozilla/ 4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 201.228.144.124 - - [16/May/2010:11:54:16 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-" 207.46.195.224 - - [16/May/2010:04:06:48 +0100] "GET /robots.txt HTTP/1.1" 200 311 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" How are these slipping through? I don't mind the indexing bots (though I am a little surprised to see them get through). I suppose they must be getting through using the ESTABLISHED,RELATED rules. And no, I can't for the life of me remember why the first match state rule is there So 2 questions: is there a better way to set up iptables to restrict access to specified hosts? How exactly are these 3 examples slipping through?

Read the article
Unable to access site over HTTPS using self signed certificate

- by James

I am developing a REST API which I want to secure with SSL/TLS. I have implemented a large part of the API which I have tested over HTTP, however, I am now at the stage where I want to switch it over to use HTTPS. At the moment the API is hosted on a Windows XP professional SP2 box running IIS 5.1 (development environment only) and I used the SelfSSL.exe tool from the IIS 6.0 Resource Kit Tools to generate a server certificate. I then configured my API to use this certificate which all appeared to work fine as I attempted to connect to my API using HTTP and I get a 403 response saying "... must be accessed over a secure channel...". However, the problem is when I attempt to access the same the API over HTTPS it just appears to hang! As this is a development environment at the moment I don't have a domain name (just a static IP address) and the API is running on port 81. Also (incase it matters) the API is the default site (I replaced it). Any ideas why I can't connect using HTTPS?

Read the article
samba access from win98

- by SimonSalman

Hello, the admin installed a new file server in our institute: OpenSuse 11.1 with Samba 3.2.7-11.3.2-2154-SUSE-CODE11. They copied the smb.conf from the old machine (hosting Samba 3.0.0) to the new one. Everything works as before, but one Windows 98 machine can see but not access the file server. It prompts for user authentication, but will not accept any user-password combination. There exists a lot of discussion about the problem on the net, but none provided a clear answer to the problem. EDIT: 1. I changed Win98 registry enable plain-text passwords, and alternatively changed server's smb.conf and /etc/smbpasswd to accept encrypted passwords 2. Further I provide a profile with a user-password combination on Win98 machine similar to one of the samba users-password combinations. 3. I changed smb.conf such that the samba server is the Local Master Browser all these changes are not necessary when using the older samba server. So, I conclude that a configuration problem on the server side is likely. If you need any further information, I will post them here. Best regards, Simon

Read the article
OS X can connect to Windows machine, but can't access shared folders

- by Bonnie

I can create new folders on my Windows XP machine, set them to "shared". On my Mac, I pick Finder → Go → Connect to Server → smb://192.168.1.4 → Connect → Name / Password. It even shows me all the names of the newly created shared-folders on my PC, but when I try to actually connect to any of them I get connection failed, there was an error connecting Any idea on what would cause that? The fact that it successfully gets so far—to actually showing me my PC share-names—must mean I have 99% of this working correctly, i.e. the physical connection, the IP address, the user name, the password, etc. Still, I can't seem to access the folders themselves. I've tried this with my Windows XP firewall on/off, and Norton AntiVirus on/off. Same problem. Everything did work fine, 4 months ago. Were there any odd OS X or Windows updates released recently? I always apply them all. smbclient on the Mac does correctly find the XP machine, my XP user name, and accepts my XP password. I get the following from that smbclient command: Doing spnego session setup (blob length=16) server didn't supply a full spnego negprot Got challenge flags: ... Got NTLMSSP flags: ... Got NTLMSP flags: ... Domain=[XPMACHINE] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] tree connect failed: NT_STATUS_INSUFF_SERVER_RESOURCES I'm not sure why a standard XP box can't "supply a full spnego negprot". Whatever that means. Using XP's RegEdit to change my IRPStackSize from 11... to 13, 15, 20, 22... still gives that "NT_STATUS_INSUFF_SERVER_RESOURCES" error on the Mac.

Read the article
NFS: Server says "authenticated mount request", but client sees "access denied"

- by zigdon

I have two machine, an NFS server (RHEL) and a client (Debian). The server has NFS set up, exporting a particular directory: server:~$ sudo /usr/sbin/rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 910 status 100024 1 tcp 913 status 100021 1 udp 53391 nlockmgr 100021 3 udp 53391 nlockmgr 100021 4 udp 53391 nlockmgr 100021 1 tcp 32774 nlockmgr 100021 3 tcp 32774 nlockmgr 100021 4 tcp 32774 nlockmgr 100007 2 udp 830 ypbind 100007 1 udp 830 ypbind 100007 2 tcp 833 ypbind 100007 1 tcp 833 ypbind 100011 1 udp 999 rquotad 100011 2 udp 999 rquotad 100011 1 tcp 1002 rquotad 100011 2 tcp 1002 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 1013 mountd 100005 1 tcp 1016 mountd 100005 2 udp 1013 mountd 100005 2 tcp 1016 mountd 100005 3 udp 1013 mountd 100005 3 tcp 1016 mountd server$ cat /etc/exports /dir *.my.domain.com(ro) client$ grep dir /etc/fstab server.my.domain.com:/dir /dir nfs tcp,soft,bg,noauto,ro 0 0 All seems well, but when I try to mount, I see the following: client$ sudo mount /dir mount.nfs: access denied by server while mounting server.my.domain.com:/dir And on the server I see: server$ tail /var/log/messages Mar 15 13:46:23 server mountd[413]: authenticated mount request from client.my.domain.com:723 for /dir (/dir) What am I missing here? How should I be debugging this?

Read the article
apache adress based access control

- by stijn

I have an apache instance serving different locations, eg https://host.com/jira https://host.com/svn https://host.com/websvn https://host.com/phpmyadmin Each of these has access control rules based on ip adres/hostname. Some of them use the same configuration though, so I have to repeat the same rules each time: Order Deny,Allow Deny from All Allow from 10.35 myhome.com mycollegueshome.com Is there a way to make these reusable so that I don't have to change each instance everytime something changes? Ie, can I write this once, then use it for a couple of locations? Using SetEnvIf maybe? It would be nice if I could do something like this pseudo-config: <myaccessrule> Order Deny,Allow Deny from All Allow from 10.35 myhome.com mycollegueshome.com </myaccessrule> <Proxy /jira*> AccessRule = myaccessrule </Proxy> <Location /svn> AccessRule = myaccessrule </Location> <Directory /websvn> AccessRule = myaccessrule </Directory>

Read the article
Denying access to website via htaccess based on http header

- by neekster

I've been trying for ages to get this to work and I can't put my finger on it. What I'm trying to do is block access to a site from a number of countries, based on the CF-IPCountry header added by CloudFlare. I figured htaccess was a suitable way to do this. We are running LiteSpeed 4.2.4 on top of DirectAdmin for a control panel. The problem we having is the htaccess rule doesn't seem to do anything. Here's the rule we tried: SetEnvIf CF-IPCountry AU UnwantedCountry=1 Order allow,deny Deny from env=UnwantedCountry Allow from all That makes no difference at all, connections are still accepted. Just to check that the rule was at least being processed, I changed Allow from all to Deny from all, and connections were refused. So it appears to be a problem wit the variable. Here's the relevant headers that come in with the request. Connection: Keep-Alive Accept-Encoding: gzip CF-Connecting-IP: xx.xx.xx.xx CF-IPCountry: AU X-Forwarded-For: xx.xx.xx.xx.xx CF-RAY: c9062956e2d04b6 X-Forwarded-Proto: http CF-Visitor: {"scheme":"http"} Zone-Name: xx.com.au Hopefully someone can help me out, this has been driving me nuts for too long. Thanks

Read the article
IP tables blocking access to most hosts but some accesses being logged

- by epo

What am I getting wrong? A while back I locked down my web hosting service while hardening it or at least trying to. Apache listens on port 80 only and I set up iptables using the following: IPS="list of IPs" iptables --new-chain webtest # Accept all established connections iptables -A INPUT --protocol tcp --dport 80 --jump webtest iptables -A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT iptables -A webtest --match state --state ESTABLISHED,RELATED --jump ACCEPT for ip in $IPS; do iptables -A webtest --match state --state NEW --source $ip --jump ACCEPT done iptables -A webtest --jump DROP However looking at my apache logs I notice various log entries in access_log, e.g. 221.192.199.35 - - [16/May/2010:13:04:31 +0100] "GET http://www.wantsfly.com/prx2.php?hash=926DE27C156B40E55E4CFC8F005053E2D81E6D688AF0 HTTP/1.0" 404 206 "-" "Mozilla/ 4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 201.228.144.124 - - [16/May/2010:11:54:16 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 226 "-" "-" 207.46.195.224 - - [16/May/2010:04:06:48 +0100] "GET /robots.txt HTTP/1.1" 200 311 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" How are these slipping through? I don't mind the indexing bots (though I am a little surprised to see them get through). I suppose they must be getting through using the ESTABLISHED,RELATED rules. And no, I can't for the life of me remember why the first match state rule is there So 2 questions: is there a better way to set up iptables to restrict access to specified hosts? How exactly are these 3 examples slipping through?

Read the article
Access server using IP on another interface

- by Markos

I am using Windows Server 2012 instead of a router for my home network. Currently I am using RRAS and computers from local network can access Internet correctly. Here is a map of the current setup: [PC1] ---| |---- (lan ip)[Server](wan ip)--> internet [PC2] ---| I have applications running on Server, such as IIS and others. All can be accessed from internet using wan ip and from lan using lan ip. I have a domain, lets say its my-domain.com, which is resolved to my wan ip. What I want is to enable my LAN computers to be able to connect to services on my server using the very same address as internet users: eg http://my-domain.com/. However this does not work for my lan computers. What I understand is that I need to set up some kind of loopback route in a way that packets comming to LAN interface get routed to WAN interface. But I haven't found how to achieve this (in fact, I don't know WHAT to search for). Feel free to ask for additional informations and I will try to update the question.

Read the article

< Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129 | Next Page >