Search Results

Search found 57481 results on 2300 pages for 'robert s smith@oracle com'.

Page 129/2300 | < Previous Page | 125 126 127 128 129 130 131 132 133 134 135 136  | Next Page >

  • Why does httpd handle requests for wrong hostnames in SSL mode?

    - by Manuel
    I have an SSL-enabled virtual host for my sites at example.com:10443 Listen 10443 <VirtualHost _default_:10443> ServerName example.com:10443 ServerAdmin admin@example.com ErrorLog "/var/log/httpd/error_log" TransferLog "/var/log/httpd/access_log" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile "/etc/ssl/private/example.com.crt" SSLCertificateKeyFile "/etc/ssl/private/example.com.key" SSLCertificateChainFile "/etc/ssl/private/sub.class1.server.ca.pem" SSLCACertificateFile "/etc/ssl/private/StartCom.pem" </VirtualHost> Browsing to https://example.com:10443/ works as expected. However, also browsing to https://subdomain.example.com:10443/ (with DNS set) shows me the same pages (after SSL certificate warning). I would have expected the directive ServerName example.com:10443 to reject all connection attempts to other server names. How can I tell the virtual host not to serve requests for URLs other than the top-level one?

    Read the article

  • Help me set up ssl.conf for multiple domains (name-based vhosts in ssl.conf?)

    - by mmattax
    In my httpd.conf: If I have my virtual host configured as: NameVirtualHost *:80 <VirtualHost *:80 ServerName foo.com ServerAlias www.foo.com Include conf.d/foo.conf </VirtualHost <VirtualHost *:80 ServerName bar.com ServerAlias www.bar.com Include conf.d/bar.conf </VirtualHost Can I get by with a single domain SSL certificate or must I purchase a wildcard SSL certificate to handle the www subdomain? I am now trying to configure the ssl.conf file, can I use name-based vhosts in my ssl.conf file like this: NameVirtualHost *:443 <VirtualHost *:443 ServerName foo.com ServerAlias www.foo.com ... Include conf.d/foo.conf </VirtualHost <VirtualHost *:443 ServerName bar.com ServerAlias www.bar.com ... Include conf.d/bar.conf </VirtualHost or do I need IP based vhosts? If this is possible, what kind of cert would I need in order to do this?

    Read the article

  • Email can't be sent to my domain

    - by Jack W-H
    Hi Folks, Basically I have my domain howcode.com bought at DomainMonster.com. I have set it all up to point to MediaTemple nameservers and everything works - mostly - fine. I have registered an email address mail@howcode.com. The setup is, I presume, working correctly. I can successfully send emails with the account. And I presume I can receive them - but the problem is, nobody can send them to me. Emailing from a regular, non-Googlemail account appears to work fine but it never arrives in the inbox. But when you email from a GoogleMail address, an error message is instantly returned saying this: Delivery to the following recipient failed permanently: mail@howcode.com Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14). ----- Original message ----- Received: by 10.216.91.12 with SMTP id g12mr3673969wef.77.1271503997091; Sat, 17 Apr 2010 04:33:17 -0700 (PDT) Return-Path: Received: from [192.168.0.3] (client-81-98-94-79.cht-bng-014.adsl.virginmedia.net [81.98.94.79]) by mx.google.com with ESMTPS id x1sm29451927wbx.19.2010.04.17.04.33.15 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 17 Apr 2010 04:33:16 -0700 (PDT) From: Jack Webb-Heller Mime-Version: 1.0 (Apple Message framework v1078) Content-Type: multipart/alternative; boundary=Apple-Mail-7--1008464685 Subject: Re: Hi Date: Sat, 17 Apr 2010 12:33:14 +0100 In-Reply-To: <273957B1-5AA9-425B-89B1-B0C810094D7A@howcode.com To: Jack Webb-Heller References: <273957B1-5AA9-425B-89B1-B0C810094D7A@howcode.com Message-Id: <621C4BC9-DF06-4073-BC0F-7AA1189D6A0D@googlemail.com X-Mailer: Apple Mail (2.1078) Does this work? On 17 Apr 2010, at 12:32, Jack Webb-Heller wrote: Hi I thought this may be something to do with my MX DNS settings. They are setup like so: MX name: howcode.com TTL: 43200 Type: MX Data: 10 mail.howcode.com. The A-Record for mail.howcode.com is setup like this: Name: mail.howcode.com TTL: 43200 Type: A Data: 205.186.187.129 Is this what's going wrong with the issue? Thanks very much Jack

    Read the article

  • restricting access only through domains on nginx on virtual hosts

    - by Mo J. Mughrabi
    I have finished setting up nginx for virtual hosting, this is how my config files look like server { listen 80; server_name domain.com; access_log /home/domain.com/prod_webapp/logs/access.domain.com.log; error_log /home/domain.com/prod_webapp/logs/error.domain.com.log; location /static { root /home/domain.com/prod_webapp/mocorner/ph/; } location / { try_files $uri @uwsgi; } location @uwsgi { include uwsgi_params; uwsgi_pass unix:/tmp/domain_uwsgi.sock; }} on the same machine, I have domain1.com and domain2.com, each when i access I get its content which is great. My problem is that when i try to access the user using the IP address i get one of the sites in the virtual hosts too.. Although i disabled the default (removed the symbolic link) from sites-enabled folder but still not solved it for me. any suggestions?

    Read the article

  • FTP could not connect after applying local DNS(private DNS)

    - by Rahul
    I made a software router in CentOS linux and in that made a DNS server. I am using centOS 6..4 for making DNS i applied following steps: changed the host name = abc.zoom.com and domain name = zoom.com. then did changes in the named.rfc.1912 file as per rename named.localhost = forward and named.loopback = reverse in forward lookups i changed zone "zoom.com" IN { type master; file "forward"; allow-update { none; }; and in reverse lookups i changed zone "x.168.192.in-addr.arpa" IN { type master; file "reverse"; allow-update { none; }; and then did changes in the named.conf file options { listen-on port 53 {192.168.x.x;}; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query {any;}; recursion yes; 192.168.x.x is my local DNS address. then i copied lookups file in /var/named and edited the file "forward" $TTL 1D @ IN SOA abc.zoom.com. rahul.abc.zoom.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS abc.zoom.com. abc A 192.168.x.x and for " reverse" $TTL 1D @ IN SOA abc.zoom.com. rahul.abc.zoom.com.( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS abc.zoom.com. x PTR abc.zoom.com. when i put the public ip details in the Eth0 it was automatically redirect in to the resolve.conf when i checked through dig command the answer, query all were 1. my system is itself a Software router.In gateway of my all local machine i give my system ip address. however my DNS and Gateway IP is same. Now the problem is that. i gave the static ips to all my local machines when i give the DNS which i made i.e 192.168.x.x that time my ftp is not connect in filezilla software E.g: host : pqr.zoom.com ("zoom.com" is my local domain name) username : pqr password : pqr gives an error: Error: Connection timed out Error: Could not connect to server but if i give the public DNS address it get connected. i want to solve this problem please give solution on this.

    Read the article

  • ubuntu apache subdomains pointing to main domain

    - by Suhail Thakur
    I have a ubuntu server with apache setup, the main domain on the server is a subdomain app.example.com, which is working fine. Now if I setup john.app.example.com, then that also is displaying the web page of app.example.com, the DocumentRoot for john.app.example.com is different, still it shows the web page of app.example.com. how can I resolve this, so john.app.example.com displays the pages that are there in its DocumentRoot.

    Read the article

  • Apache disabled virtual host domains resolve an enabled virtual host

    - by littleK
    I have three virtual hosts defined on apache on my Ubuntu server for three different domains. If I disable two of the virtual hosts (a2dissite) and try to resolve those two URL's in the browser, then the one remaining enabled site will resolve. How can I configure apache so that the domains for the disabled virtual hosts do not resolve? This is how all 3 virtual hosts are configured (info is masked): # domain: myfirstdomain.com # public: /home/me/public/myfirstdomain.com/ <VirtualHost *:80> # Admin email, Server Name (domain name), and any aliases ServerAdmin webmaster@myfirstdomain.com ServerName www.myfirstdomain.com ServerAlias myfirstdomain.com # Index file and Document Root (where the public files are located) DirectoryIndex index.html index.php DocumentRoot /home/me/public/myfirstdomain.com/public # Log file locations LogLevel warn ErrorLog /home/me/public/myfirstdomain.com/log/error.log CustomLog /home/me/public/myfirstdomain.com/log/access.log combined </VirtualHost>

    Read the article

  • DNS entries for OCS 2007 R2 basic deploy

    - by Anero
    I'm doing a test deploy on a Lab with 3 VMs: TEST-DC: DC / DHCP / DNS / Root CA (Joined to TEST.AD Domain) TEST-CS: OCS Front End (Joined to TEST.AD Domain - IP: 10.0.128.1) TEST-EDGES: OCS Edge Server (Joined to Workgroup: EDGE-WKG - Internal IP: 10.0.128.3, External IPs: 192.168.129.12 - Access Edge Server, 192.168.129.13 - Web Conferencing, 192.168.129.14 - A/V) I can login with the Communicator Client from within computers in the domain (using [email protected]) and even the Automatic Sign-In works as expected. Nevertheless, I cannot login neither from within machines in the domain nor from outside the domain using user@test.com. I'm pretty sure it is a DNS related issue, so I'm including below a list of the entries. DNS Entries on TEST-DC: Forward Lookup Zones TEST.AD sip.test.ad (Host A). IP Address: 10.0.128.1 sipinternal.test.ad (Host A). IP Address: 10.0.128.1 sipexternal.test.ad (Host A). IP Address: 10.0.128.3 _sipinternaltls._tcp.test.ad (Service Location SRV). Port: 5061. Host: sipinternal.test.ad _sipinternal._tcp.test.ad (Service Location SRV). Port: 5061. Host: sipinternal.test.ad _sip._tcp.test.ad (Service Location SRV). Port: 5061. Host: sipexternal.test.ad _sipfederationtls._tcp.test.ad (Service Location SRV). Port: 5061. Host: sipexternal.test.ad _sip._tls.test.ad (Service Location SRV). Port: 443. Host: sipexternal.test.ad TEST.COM sip.test.com (Host A). IP Address: 10.0.128.1 sipinternal.test.com (Host A). IP Address: 10.0.128.1 sipexternal.test.com (Host A). IP Address: 10.0.128.3 _sipinternaltls._tcp.test.com (Service Location SRV). Port: 5061. Host: sipinternal.test.com _sipinternal._tcp.test.com (Service Location SRV). Port: 5061. Host: sipinternal.test.com _sip._tcp.test.com (Service Location SRV). Port: 5061. Host: sipexternal.test.com _sip._tls.test.ad (Service Location SRV). Port: 443. Host: sipexternal.test.ad Validation Errors OCS Front End Edge Server I ran the OCS 2007 Automatic Sign-In Troubleshooting and all DNS entries for both TEST.AD and TEST.COM are reported to be OK. What am I missing?

    Read the article

  • Help setting up NSD daemon (DNS server)

    - by Catalin
    While searching for a secure dns server I came across the NSD project. I was really impressed by what seemed to me the best option out there that's open source. One problem thought their 'tutorial' is really not beginner friendly. I have basic DNS knoledge but what's in there is out of my league. I need to have multiple sites on this CentOS server I've recently got my hands on. They also need to receive email. Details: I have a master host and would love to set this in the way described in the rows that follow: masterhost.com -> ns1.masterhost.com mail.masterhost.com www.masterhost.com addonhost.com -> ns1.masterhost.com mail.masterhost.com www.addonhost.com And so on. Any help in setting up this DNS server please? All answers and suggestions are welcomed. Thank you in advance.

    Read the article

  • OpenLDAP Authentication UID vs CN issues

    - by user145457
    I'm having trouble authenticating services using uid for authentication, which I thought was the standard method for authentication on the user. So basically, my users are added in ldap like this: # jsmith, Users, example.com dn: uid=jsmith,ou=Users,dc=example,dc=com uidNumber: 10003 loginShell: /bin/bash sn: Smith mail: jsmith@example.com homeDirectory: /home/jsmith displayName: John Smith givenName: John uid: jsmith gecos: John Smith gidNumber: 10000 cn: John Smith title: System Administrator But when I try to authenticate using typical webapps or services like this: jsmith password I get: ldapsearch -x -h ldap.example.com -D "cn=jsmith,ou=Users,dc=example,dc=com" -W -b "dc=example,dc=com" Enter LDAP Password: ldap_bind: Invalid credentials (49) But if I use: ldapsearch -x -h ldap.example.com -D "uid=jsmith,ou=Users,dc=example,dc=com" -W -b "dc=example,dc=com" It works. HOWEVER...most webapps and authentication methods seem to use another method. So on a webapp I'm using, unless I specify the user as: uid=smith,ou=users,dc=example,dc=com Nothing works. In the webapp I just need users to put: jsmith in the user field. Keep in mind my ldap is using the "new" cn=config method of storing settings. So if someone has an obvious ldif I'm missing please provide. Let me know if you need further info. This is openldap on ubuntu 12.04. Thanks, Dave

    Read the article

  • apache 2.4 redirect within virtualhost

    - by user129545
    I have a couple http (port 80) vhosts that I want to redirect to http if an https request is made to them. Apparently some things have changed with Apache 2.4 (NameVirtualHost not used like it was in the past, etc). Apache 2.4 on centos 5.5, This is all using a single ip for all vhosts below, I don't have multiple ip's on this box, my /usr/local/apache2/conf/extra/httpd-vhosts.conf : # <VirtualHost www.dom1.com:80> ServerName www.dom1.com ServerAlias dom1.com DocumentRoot /usr/local/apache2/htdocs/dom1/wordpress </VirtualHost> <VirtualHost webmail.dom2.com:443> ServerName webmail.dom2.com DocumentRoot /usr/local/apache2/htdocs/webmail SSLEngine On SSLCertificateFile /usr/local/apache2/webmail.crt SSLCertificateKeyFile /usr/local/apache2/webmail.key </VirtualHost> # my /usr/local/apache2/conf/extra/httpd-ssl.conf, # Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 Mutex default SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLCryptoDevice builtin # webmail.dom2.com works fine. Problem is I can connect to https://www.dom1.com, and it serves up the content from webmail.dom2.com. I want any https requests for www.dom1.com on port 443 to simply redirect to http://www.dom1.com on port 80. Thanks

    Read the article

  • Dovecot, Postfix, Postfixadmin - can't send/receive mail

    - by Jack
    I am setting up a mail server: Dovecot and Postfix with MySQL support and Postfixadmin. Spend literally all day trying to figure it out, but I'm still unable to neither send nor receive any emails. To my knowledge, I have configured everything correctly, so either there is another problem, or my knowledge isn't good enough. Here is what I get when I use "echo test | mail [email protected]:" Jul 11 00:41:07 server postfix/pickup[17999]: 5B0D32AE1B: uid=0 from= Jul 11 00:41:07 server postfix/cleanup[19444]: 5B0D32AE1B: message-id=<[email protected].com Jul 11 00:41:07 server postfix/qmgr[18513]: 5B0D32AE1B: from=, size=329, nrcpt=1 (queue active) Jul 11 00:41:12 server postfix/smtp[19448]: 5B0D32AE1B: to=, relay=none, delay=5.3, delays=0.1/0.01/5.2/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=dsa.com type=MX: Host not found, try again) *@mail.asd.com is changed for privacy reasons, same goes for dsa@asd.com. *The bold text is where it, for some reason, prints out dsa.com - even though I haven't found it anywhere in the files which I've edited during the installation, nor my DNS is .com in the first place. Here is what I get when I try to send out an email from Postfix Admin interface: Jul 11 00:49:08 server postfix/smtpd[19479]: connect from localhost[127.0.0.1] Jul 11 00:49:08 server postfix/trivial-rewrite[19484]: warning: do not list domain asd.com in BOTH mydestination and virtual_mailbox_domains Jul 11 00:49:08 server postfix/smtpd[19479]: 4F7892AE1E: client=localhost[127.0.0.1] Jul 11 00:49:08 server postfix/cleanup[19487]: 4F7892AE1E: message-id=<[email protected].com Jul 11 00:49:08 server postfix/qmgr[18513]: 4F7892AE1E: from=, size=317, nrcpt=1 (queue active) Jul 11 00:49:08 server postfix/smtpd[19479]: disconnect from localhost[127.0.0.1] Jul 11 00:49:10 server postfix/smtpd[19492]: connect from localhost[127.0.0.1] Jul 11 00:49:10 server postfix/trivial-rewrite[19484]: warning: do not list domain asd.com in BOTH mydestination and virtual_mailbox_domains Jul 11 00:49:10 server postfix/smtpd[19492]: 743AE2AE1F: client=localhost[127.0.0.1] Jul 11 00:49:10 server postfix/cleanup[19487]: 743AE2AE1F: message-id=<[email protected].com Jul 11 00:49:10 server postfix/qmgr[18513]: 743AE2AE1F: from=, size=772, nrcpt=1 (queue active) Jul 11 00:49:10 server postfix/smtpd[19492]: disconnect from localhost[127.0.0.1] Jul 11 00:49:10 server amavis[13437]: (13437-11) Passed CLEAN, LOCAL [127.0.0.1] - , Message-ID: <[email protected].com, mail_id: 86+KQY93ANel, Hits: -0.002, size: 317, queued_as: 743AE2AE1F, 2145 ms Jul 11 00:49:10 server postfix/smtp[19489]: 4F7892AE1E: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=0.17/0.01/0/2.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 743AE2AE1F) Jul 11 00:49:10 server postfix/qmgr[18513]: 4F7892AE1E: removed I really don't know what might be the problem... If you need to know something, feel free to ask and I'll clarify something.

    Read the article

  • SSH login very slow on OS X Leopard

    - by acjohnson55
    My SSH sessions take a very long time to initiate. This applies for logins with and without passwords, interactive and non-interactive. I have tried setting 'GSSAPIAuthentication no' and 'IPQoS 0x00' on the client side, and 'UseDNS no' on the server side, but no dice. I'm really stumped and frustrated. The worst part is that it SFTP takes forever to establish connections too, making file transfer much longer than it would be otherwise. I thought the problem might be something with PAM, because of where the hang is in the sshd log below, so I tried commenting out each line one-by-one in the /etc/pam.d/sshd file. Some caused login to be impossible, some had no apparent effect. I can't really tell if PAM is stalling for other services, but I can say that su'ing into my account from another account with 'su -l' has no apparent delay. I tried creating a new user account, just to see if there was something wrong with my existing account, and the same problem persisted. Any ideas of what's going on? On the client side, the most verbose mode outputs (redacted where reasonable): OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data ... debug1: ... line 1: Applying options for ... debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 53: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to ... [x.x.x.x] port 22. debug1: Connection established. debug1: identity file /.../.ssh/id_rsa type -1 debug1: identity file /.../.ssh/id_rsa-cert type -1 debug3: Incorrect RSA1 identifier debug3: Could not load "/.../.ssh/id_dsa" as a RSA1 public key debug1: identity file /.../.ssh/id_dsa type 2 debug1: identity file /.../.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2 debug1: match: OpenSSH_5.2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "..." from file "/.../.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /.../.ssh/known_hosts:9 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 136/256 debug2: bits set: 523/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA ... debug3: load_hostkeys: loading entries for host "..." from file "/.../.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /.../.ssh/known_hosts:9 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "x.x.x.x" from file "/.../.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /.../.ssh/known_hosts:9 debug3: load_hostkeys: loaded 1 keys debug1: Host '...' is known and matches the RSA host key. debug1: Found key in /.../.ssh/known_hosts:9 debug2: bits set: 492/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /.../.ssh/id_dsa (0x7f8b7b41d6c0) debug2: key: /.../.ssh/id_rsa (0x0) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering DSA public key: /.../.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-dss blen 434 debug2: input_userauth_pk_ok: fp ... debug3: sign_and_send_pubkey: DSA ... debug1: Authentication succeeded (publickey). Authenticated to ... ([x.x.x.x]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. ****** Hangs here ****** debug2: callback start debug2: client_session2_setup: id 0 debug2: fd 3 setting TCP_NODELAY debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env TERM_PROGRAM debug3: Ignored env SHELL debug3: Ignored env TERM debug3: Ignored env TMPDIR debug3: Ignored env Apple_PubSub_Socket_Render debug3: Ignored env TERM_PROGRAM_VERSION debug3: Ignored env TERM_SESSION_ID debug3: Ignored env USER debug3: Ignored env COMMAND_MODE debug3: Ignored env SSH_AUTH_SOCK debug3: Ignored env Apple_Ubiquity_Message debug3: Ignored env __CF_USER_TEXT_ENCODING debug3: Ignored env PATH debug3: Ignored env MKL_NUM_THREADS debug3: Ignored env PWD debug1: Sending env LANG = en_US.UTF-8 debug2: channel 0: request env confirm 0 debug3: Ignored env HOME debug3: Ignored env SHLVL debug3: Ignored env DYLD_LIBRARY_PATH debug3: Ignored env PYTHONPATH debug3: Ignored env LOGNAME debug3: Ignored env DISPLAY debug3: Ignored env SECURITYSESSIONID debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 On the server side, the debug output looks like: Sep 16 18:46:40 ... sshd[31435]: debug1: inetd sockets after dupping: 3, 4 Sep 16 18:46:40 ... sshd[31435]: Connection from x.x.x.x port 52758 Sep 16 18:46:40 ... sshd[31435]: debug1: Current Session ID is 56AC0FB0 / Session Attributes are 00008000 Sep 16 18:46:40 ... sshd[31435]: debug1: Running in inetd mode in a non-root session... assuming inetd created the session for us. Sep 16 18:46:40 ... sshd[31435]: debug1: Client protocol version 2.0; client software version OpenSSH_5.9 Sep 16 18:46:40 ... sshd[31435]: debug1: match: OpenSSH_5.9 pat OpenSSH* Sep 16 18:46:40 ... sshd[31435]: debug1: Enabling compatibility mode for protocol 2.0 Sep 16 18:46:40 ... sshd[31435]: debug1: Local version string SSH-2.0-OpenSSH_5.2 Sep 16 18:46:40 ... sshd[31435]: debug1: Checking with Service ACLs for ssh login restrictions Sep 16 18:46:40 ... sshd[31435]: debug1: call to mbr_user_name_to_uuid with <...> suceeded to retrieve user_uuid Sep 16 18:46:40 ... sshd[31435]: debug1: Call to mbr_check_service_membership failed with status <0> Sep 16 18:46:40 ... sshd[31435]: debug1: PAM: initializing for "..." Sep 16 18:46:40 ... sshd[31435]: debug1: PAM: setting PAM_RHOST to "x.x.x.x" Sep 16 18:46:40 ... sshd[31435]: Failed none for ... from x.x.x.x port 52758 ssh2 Sep 16 18:46:40 ... sshd[31435]: debug1: temporarily_use_uid: 509/20 (e=0/0) Sep 16 18:46:40 ... sshd[31435]: debug1: trying public key file /.../.ssh/authorized_keys Sep 16 18:46:40 ... sshd[31435]: debug1: restore_uid: 0/0 Sep 16 18:46:40 ... sshd[31435]: debug1: temporarily_use_uid: 509/20 (e=0/0) Sep 16 18:46:40 ... sshd[31435]: debug1: trying public key file /.../.ssh/authorized_keys2 Sep 16 18:46:40 ... sshd[31435]: debug1: fd 5 clearing O_NONBLOCK Sep 16 18:46:40 ... sshd[31435]: debug1: matching key found: file /.../.ssh/authorized_keys2, line 1 Sep 16 18:46:40 ... sshd[31435]: Found matching DSA key: ... Sep 16 18:46:40 ... sshd[31435]: debug1: restore_uid: 0/0 Sep 16 18:46:40 ... sshd[31435]: debug1: temporarily_use_uid: 509/20 (e=0/0) Sep 16 18:46:40 ... sshd[31435]: debug1: trying public key file /.../.ssh/authorized_keys Sep 16 18:46:40 ... sshd[31435]: debug1: restore_uid: 0/0 Sep 16 18:46:40 ... sshd[31435]: debug1: temporarily_use_uid: 509/20 (e=0/0) Sep 16 18:46:40 ... sshd[31435]: debug1: trying public key file /.../.ssh/authorized_keys2 Sep 16 18:46:40 ... sshd[31435]: debug1: fd 5 clearing O_NONBLOCK Sep 16 18:46:40 ... sshd[31435]: debug1: matching key found: file /.../.ssh/authorized_keys2, line 1 Sep 16 18:46:40 ... sshd[31435]: Found matching DSA key: ... Sep 16 18:46:40 ... sshd[31435]: debug1: restore_uid: 0/0 Sep 16 18:46:40 ... sshd[31435]: debug1: ssh_dss_verify: signature correct Sep 16 18:46:40 ... sshd[31435]: debug1: do_pam_account: called Sep 16 18:46:40 ... sshd[31435]: Accepted publickey for ... from x.x.x.x port 52758 ssh2 Sep 16 18:46:40 ... sshd[31435]: debug1: monitor_child_preauth: ... has been authenticated by privileged process Sep 16 18:46:40 ... sshd[31435]: debug1: PAM: establishing credentials ***** Hangs here ***** Sep 16 18:46:54 ... sshd[31435]: User child is on pid 31654 Sep 16 18:46:54 ... sshd[31654]: debug1: PAM: establishing credentials Sep 16 18:46:54 ... sshd[31654]: debug1: permanently_set_uid: 509/20 Sep 16 18:46:54 ... sshd[31654]: debug1: Entering interactive session for SSH2. Sep 16 18:46:54 ... sshd[31654]: debug1: server_init_dispatch_20 Sep 16 18:46:54 ... sshd[31654]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 Sep 16 18:46:54 ... sshd[31654]: debug1: input_session_request Sep 16 18:46:54 ... sshd[31654]: debug1: channel 0: new [server-session] Sep 16 18:46:54 ... sshd[31654]: debug1: session_new: session 0 Sep 16 18:46:54 ... sshd[31654]: debug1: session_open: channel 0 Sep 16 18:46:54 ... sshd[31654]: debug1: session_open: session 0: link with channel 0 Sep 16 18:46:54 ... sshd[31654]: debug1: server_input_channel_open: confirm session Sep 16 18:46:54 ... sshd[31654]: debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0 Sep 16 18:46:54 ... sshd[31654]: debug1: server_input_channel_req: channel 0 request pty-req reply 1 Sep 16 18:46:54 ... sshd[31654]: debug1: session_by_channel: session 0 channel 0 Sep 16 18:46:54 ... sshd[31654]: debug1: session_input_channel_req: session 0 req pty-req Sep 16 18:46:54 ... sshd[31654]: debug1: Allocating pty. Sep 16 18:46:54 ... sshd[31435]: debug1: session_new: session 0 Sep 16 18:46:54 ... sshd[31654]: debug1: session_pty_req: session 0 alloc /dev/ttys008 Sep 16 18:46:54 ... sshd[31654]: debug1: server_input_channel_req: channel 0 request env reply 0 Sep 16 18:46:54 ... sshd[31654]: debug1: session_by_channel: session 0 channel 0 Sep 16 18:46:54 ... sshd[31654]: debug1: session_input_channel_req: session 0 req env Sep 16 18:46:54 ... sshd[31654]: debug1: server_input_channel_req: channel 0 request shell reply 1 Sep 16 18:46:54 ... sshd[31654]: debug1: session_by_channel: session 0 channel 0 Sep 16 18:46:54 ... sshd[31654]: debug1: session_input_channel_req: session 0 req shell Sep 16 18:46:54 ... sshd[31655]: debug1: Setting controlling tty using TIOCSCTTY.

    Read the article

  • BIND9 DNS Problems - Not resolving

    - by clone1018
    I host a BIND9 DNS server for my VirtualMin users to use. And It only resolves for 75% of the people. It has been WELL over 1 week now. Here is a sample. $ttl 38400 @ IN SOA axxim.net. root.axxim.net. ( 1274031391 10800 3600 604800 38400 ) @ IN NS axxim.net. day7tech.com. IN A 96.226.216.37 www.day7tech.com. IN A 96.226.216.37 ftp.day7tech.com. IN A 96.226.216.37 m.day7tech.com. IN A 96.226.216.37 localhost.day7tech.com. IN A 127.0.0.1 webmail.day7tech.com. IN A 96.226.216.37 admin.day7tech.com. IN A 96.226.216.37 mail.day7tech.com. IN A 96.226.216.37 day7tech.com. IN MX 5 mail.day7tech.com.

    Read the article

  • MX Record for SubDomains

    - by Steve Sloka
    I want to be able to send email to any subdomain I like and not have to configure A records and MX records for each subdomain. Ideally I could send an email to [email protected].com and [email protected].com and not have to configure anything other than my original domain.com. My current setup: I have a domain (domain.com) and want to have multiple subdomains. (a.domain.com, b.domain.com, c.domain.com, etc). I have an MX record setup to point to domain.com and all email works fine for that domain. I have NOT setup A records for all the subdomains (and really don't want to).

    Read the article

  • why my dns always give wrong ip?

    - by xjdrew
    My dns always resolve learnxue.com with wrong IP, even when I change dns server and execute ipconfig /flushdns. answer from 8.8.8.8: > learnxue.com Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: Name: learnxue.com Addresses: 97.74.42.79 97.74.42.79 answer from 61.147.37.1: > learnxue.com Server: d.center-dns.jsinfo.net Address: 61.147.37.1 Non-authoritative answer: Name: learnxue.com Addresses: 97.74.42.79 97.74.42.79 My friends living in other city, using dns 61.147.37.1, can get right result, as below: > learnxue.com Server: d.center-dns.jsinfo.net Address: 61.147.37.1 Non-authoritative answer: Name: learnxue.com *Addresses: 222.73.173.188* Is my dns hijacked?

    Read the article

  • Active Directory Partition Error

    - by BLAKE
    Right now my active directory is failing a dcdiag test. I can find no info online about this error. When I run dcdiag /test:crossrefvalidation, I get the output: .... Doing primary tests Testing server: Default-First-Site-Name\ad01 Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : mydomain Starting test: CrossRefValidation ......................... mydomain passed test CrossRefValidation Running partition tests on : t Starting test: CrossRefValidation This cross-ref has a non-standard dNSRoot attribute. Cross-ref DN: CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configuration, DC=mydomain,DC=com nCName attribute (Partition name): DC=t Bad dNSRoot attribute: dc01.mydomain.com Check with your network administrator to make sure this dNSRoot attribute is correct, and if not please change the attribute to the value below. dNSRoot should be: t It appears this partition (DC=t) failed to get completely created. This cross-ref (CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configurat ion,DC=mydomain,DC=com) is dead and should be removed from the Active Directory. ......................... t failed test CrossRefValidation .... I used LDP from the windows support tools. I searched for the dnsRoot attribute in "cn=partitions,cn=configuration,dc=mydomain,dc=com", with the filter "(&(objectcategory=crossref)(systemFlags:1.2.840.113556.1.4.803:=5))" I got the result: ***Searching... ldap_search_s(ld, "cn=partitions,CN=Configuration,DC=mydomain,DC=com", 1, "(& (objectcategory=crossref)(systemFlags:1.2.840.113556.1.4.803:=5))", attrList, 0, &msg) Result <0>: (null) Matched DNs: Getting 3 entries: >> Dn: CN=65502be3-fc90-442a-83d8-4b3b91e82439,CN=Partitions,CN=Configuration,DC=mydomain,DC=com 1> dnsRoot: ForestDnsZones.mydomain.com; >> Dn: CN=a3a24d3a-4782-460b-9148-86ac2d86b9ae,CN=Partitions,CN=Configuration,DC=mydomain,DC=com 1> dnsRoot: ad01.mydomain.com; >> Dn: CN=f0ef5771-6225-4984-acd9-c08f582eb4e2,CN=Partitions,CN=Configuration,DC=mydomain,DC=com 1> dnsRoot: DomainDnsZones.mydomain.com; It looks like the bad partition has the name of my first domain controller 'ad01.mydomain.com'. I have googled for a while and have not been able to find any help or documentation about application partitions in Active Directory. Does anyone have any advice on how to cleanup this partition (or what the partition is for)? Does anyone know the repercussions for deleting this partition?

    Read the article

  • Hosting multiple sites on a single webapp in tomcat

    - by satish
    Scenario: I have a website - www.mydomain.com. Registered users will be given the choice of getting a permanent url to their account on mydomain.com as a subdomain like (username.mydomain.com) or they can opt to have their own domain like www.userdomain.com. So the user can access his/her account through the subdomain URL or their own hostname and the request should be forwarded to a specific url on mydomain.com. For example: xyz.mydomain.com or www.xyz.com should give the user account from www.mydomain.com/webapp/account?id=xyz. The user should be completely unaware about where the content is coming from. Setup: My website is running as a webapp in tomcat 5.5.28 with apache as the web server. I am using a VPS which means I have control over all the configuration files (apache, tomcat and dns server). Can you tell me what are the configurations needed to achieve the above scenario??

    Read the article

  • Postfix smtp test occured "Relay access denied"

    - by liuxingruo
    I was following the tutorial http://wiki.centos.org/zh/HowTos/postfix_restrictions but, when I tried to send a mail with smtp, it returns: Connected to XXX.XXX.33.22 (XXX.XXX.33.22). Escape character is '^]'. 220 mail.xxxx.com ESMTP Postfix HELO mail.xxxx.com 250 mail.xxxx.com MAIL FROM:<[email protected]> 250 2.1.0 Ok RCPT TO:<[email protected]> 554 5.7.1 <[email protected]>: Relay access denied And, the postfix main.cf setting is relay_domains =

    Read the article

  • Confused about SPF Record setup

    - by Ramon A.
    Hello, I'm confused on how I should set up SPF records for my multiple domains. Here is my configuration: the setup is: (a) domain1.com points to server1 (b) mail.domain1.com points to server2 (c) domain2.com is a vhost in server1 (d) domain3.com is a vhost in server1 (e) and so on.. I want the SPF record to be set up so that domain1.com, domain2.com, domain3.com are authorized to send emails using mail.domain1.com. I'm confused on wether to put the SPF record on each domain, or on the main server only.

    Read the article

  • I have a mail server that hosts several client emails but 1 in particular is being blocked because of its SBRS score

    - by Vince Saavedra
    If I was hosting emails for 3 clients and my reverse DNS is mail.allclients.com and I am hosting for client2.com, client3.com etc. What would be the rDNS for client3.com? Would it reflect the rDNS of mail.allclients.com? If so, I do I prevent mails from client3.com from being blocked because the PTR does not match rDNS? Finally on your advice to have my email service publish an SPF record. Is this something I need to submit to the company I registered my mail.allclients.com to? So I for example registered with GoDaddy.com then I will need to submit a request to them to publish an SPF record on their DNS right? Thank you for your advice and kind assistance. Vince Saavedra

    Read the article

  • I got these strange messages on my websites feedback form?

    - by Ali
    Hi guys - I got all of a sudden a number of strange feedback messages from my sites feedback form its where normally users would come and enter feedback and then I would review it on an admin panel. However these messages make little to no sense like for an example: here are two 'messages': 2GyOim <a href=\"http://vdjzpnoyzfji.com/\">vdjzpnoyzfji</a>, [url=http://gixlpbtswcdh.com/]gixlpbtswcdh[/url], [link=http://zudauexgjgot.com/]zudauexgjgot[/link], http://vqhafprwogyf.com/ jF2wdU <a href=\"http://aprjkscbhnxf.com/\">aprjkscbhnxf</a>, [url=http://dhfeoqufoqvu.com/]dhfeoqufoqvu[/url], [link=http://whmzpbqrsume.com/]whmzpbqrsume[/link], http://xxfntqzhhbza.com/ I got about over a dozen of these - and they are all from very different ips is someone playing around and is it a cause for me to get vigilant?

    Read the article

  • Using IIS7 as a reverse proxy

    - by Jon
    Hi All, My question is pretty much identical to the question listed but they did not get an answer as they ended up using Linux as the reverse proxy. http://serverfault.com/questions/55309/using-iis7-as-a-reverse-proxy I need to have IIS the main site and linux (Apache) being the proxied site(s). so I have site1.com (IIS7) site2.com (Linux Apache) they have subdomains of sub1.site1.com sub2.site1.com sub3.site2.com I want all traffic to go to site1.com and to say anything that is site2.com should be proxied to linux box on internal network, (believe ARR can do this but not sure how). I can not have it running as Apache doing the proxying as I need IIS exposed directly. any and all advice would be great. Thanks

    Read the article

  • How can I resolve this one application coming up with an "You don't have permission to use the application" error?

    - by morgant
    I've got a Mac OS X 10.6 Snow Leopard Server Open Directory Master with a user who's getting Mobility & Application managed preferences from a group (the only group they're a member of). The workstation is also running Mac OS X 10.6 Snow Leopard, when the user logs in and tries to run our primary application which they're explicitly allowed to run (via the group's preferences), it says "You don't have permission to use the application 'Blah'". Now, the application is added to the group's list of always allowed applications, unsigned (so a minor difference in application version or file contents shouldn't disallow it). It even lives in a subdirectory of /Applications which is in the list of folders to allow applications. I've run into this when logging this user into new workstations and the following usually works: Log them out Remove the following files from their mobile home folder on the workstation: /Library/Managed\ Preferences/, ~/.FileSync, ~/Library/Preferences/com.apple.finder.plist, and ~/Library/Preferences/com.apple.MCX.plist. Remove the following files from their network home folder on the server: ~/.FileSync, ~/Library/Preferences/com.apple.finder.plist, and ~/Library/Preferences/com.apple.MCX.plist. Log them back in on the workstation. However, this no longer resolves the issue. Their Home Sync preferences are set (on the group) to sync ~, but not the following files (manually, at login, and at logout... no background sync here): ~/.SymAVQSFile ~/NAVMac800QSFile ~/Library ~/.FileSync ~/.account Their Preferences Sync preferences are set (also on the group) to sync ~/Library & ~/Documents/Microsoft User Data, but not the following files (also manually, at login, and at logout... no background sync): ~/.SymAVQSFile ~/.Trash ~/.Trashes ~/Documents/Microsoft User Data/Entourage Temp ~/Library/Application Support/SyncServices ~/Library/Application Support/MobileSync ~/Library/Caches ~/Library/Calendars/Calendar Cache ~/Library/Logs ~/Library/Mail/AvailableFeeds ~/Library/Mail/Envelope Index ~/Library/Preferences/Macromedia/ ~/Library/Printers ~/Library/PubSub/Database ~/Library/PubSub/Downloads ~/Library/PubSub/Feeds ~/Library/Safari/Icons.db ~/Library/Safari/HistoryIndex.sk ~/Library/iTunes/iPhone Software Updates IMAP-* Exchange-* EWS-* Mac-* ~/Library/Preferences/ByHost ~/Library/Preferences/com.apple.dock.plist ~/Library/Preferences/com.apple.sitebarlists.plist ~/Library/Application Support/4D ~/Library/Preferences/com.apple.MCX.plist ~/.FileSync ~/.account Even with ~/Library/Preferences/com.apple.MCX.plist prevented from syncing during a Preferences Sync, it still seems to show up in the network home on the server frequently. Are there any other files other than ~/Library/Preferences/com.apple.MCX.plist that contain application Managed Preferences that might be causing this one app to be showing up as not allowed? Any ideas on how ~/Library/Preferences/com.apple.MCX.plist keeps getting sync'd back up the network home folder on the server? Update: I thought I had found a workaround this morning, but it also seemed to be extremely temporary. Basically, loking at /Library/Managed\ Preferences/[shortname]/com.apple.applicationaccess.new.plist I discovered that it didn't have an entry for the application in question, but /Library/Managed\ Preferences/[shortname]/complete.plist did. Naturally, I deleted com.apple.applicationaccess.new.plist, logged in again, and it worked... on one workstation. It failed on others, and after logging out & back in a couple more times it started failing on all of them again, even after further deletions of com.apple.applicationaccess.new.plist. Oddly, com.apple.applicationaccess.new.plist & complete.plist do both contain an entry for the application in question now, but it still says it's not allowed. Further Update: Okay, so I now have a reproducible workaround which seems to be required after every reboot of the workstation: Log in as the user (you'll discover you cannot launch the application in question). Fast User Switch to the local admin account on the workstation (we always have one on every machine). From that local admin account, run sudo mcxrefresh -n 'shortname' (logging out and back in as the user in question will not work). Fast User Switch back to the user (you'll still not be allowed to run the application). Log the user out and back in (you'll now be able to run the application in question.) Fast User Switch back to the local admin account, log it out, and log back in as the user in question. If you do all that exactly as described it'll keep working through log out & log back in, but NOT through a reboot. If, after a reboot, you try something like logging in as the local admin account, running sudo mcxrefresh -n 'shortname', logging out, then logging in as the user in question, it will NOT work. Yet Another Update We don't have any computer groups in our Open Directory, so it shouldn't be getting any conflicting settings from there. I ran sudo mcxquery -format xml -user shortname -group groupname before & after performing the aforementioned process to allow the application in question to be run and the results were identical (saved the result to files & diff'd... I'm not just guessing here). One Step Forward, Half a Step Back: When the Mac OS X 10.6.5 Server update was released, we upgraded our Open Directory Master to it as the changes included the following managed preferences fixes which I hoped might address this issue: Addresses an issue that could prevent managed preferences from being applied when a user logs in on a workstation that has been idle. Fixes an issue that could prevent administrators from bypassing client management settings on a workstation. This seemed to improve the situation slightly. The application in question now usually launches without error. If, and when it does launch with the "You don't have permission to use the application" error, logging the user out and back in seems to correct it. That said, we've since had to add a couple of applications to the user's ~/Applications/ directory and those are still prevented from launching. The workstations are running Mac OS X 10.6.4, the OD Master (which the workstations are bound to) is running Mac OS 10.6.5 Server (although there are two OD Replicas still running 10.6.4 Server), and we're using Workgroup Manager 10.6.3 (which is included with the Server Admin Tools 10.6.5 upgrade) to add the applications (unsigned, as always). This time, I've caught the following in /var/log/system.log when attempting to launch one of the allowed applications from ~/Applications: Dec 22 17:36:24 hostname parentalcontrolsd[43221]: -[ActivityTracker checkApp:csFlags:] [954:username] -- *** Incoming app appears to be masquerading as white listed app and failed signature validation: /Users/username/Applications/FileMaker Pro 5.5/FileMaker Pro.app/Contents/MacOS/FileMaker Pro. Note: This may be a valid app of a different version than what was whitelisted (on a different volume?) Dec 22 17:36:24 hostname [0x0-0xa42a42].com.filemaker.filemakerpro[43304]: launch of /Users/username/Applications/FileMaker Pro 5.5/FileMaker Pro.app/Contents/MacOS/FileMaker Pro was blocked Dec 22 17:36:24 hostname com.apple.launchd.peruser.1340[6375] ([0x0-0xa42a42].com.filemaker.filemakerpro[43304]): Exited with exit code: 255 Dec 22 17:36:24 hostname parentalcontrolsd[43221]: -[ActivityTracker(Private) _removeAppFromWhiteList:] [1362:username] -- *** Couldn't find local user record Running sudo mcxquery -format xml -user username -group groupname includes the following entry for FileMaker Pro 5.5 (and appears to include a full integration of the user's application whitelist & group's application whitelist): <dict> <key>bundleID</key> <string>com.filemaker.filemakerpro</string> <key>displayName</key> <string>FileMaker Pro</string> </dict> Note the lack of <key>appID</key><data> ... </data> which seems to specify a signed application. While whitelisted directories also appear to be correctly listed in the results, they too do not actually allow the applications to be run either. What is going on here?! Where else should I be looking?

    Read the article

  • BIND - why duplicate nameserver entries (@ and *)?

    - by user27465
    I had to manually tweak my DNS service providers BIND file. BIND file, created by professional hosting company, before: $ORIGIN mycoolsite.com. $TTL 300 @ SOA ns1.cheapreg.com. registry.cheapreg.com. ( ... ) @ IN 3600 NS ns1.cheapreg.com. @ IN 3600 NS ns2.cheapreg.com. @ IN 3600 A 199.9.99.85 @ IN 3600 A 199.9.99.86 * IN 3600 A 199.9.99.85 * IN 3600 A 199.9.99.86 www IN 3600 A 199.9.99.85 www IN 3600 A 199.9.99.86 BIND file, created by layman, after: $ORIGIN mycoolsite.com. $TTL 300 @ SOA ns1.cheapreg.com. registry.cheapreg.com. ( ... ) @ IN 3600 NS ns1.cheapreg.com. @ IN 3600 NS ns2.cheapreg.com. * IN 3600 A 219.94.116.50 * IN 3600 A 219.94.116.51 * IN 3600 A 219.94.116.52 The difference is that the "pro"-file has duplicated the nameserver entries, once for @, and once for *, and I haven't. Any reason I should also duplicate nameserver entries (@ and *) ?

    Read the article

< Previous Page | 125 126 127 128 129 130 131 132 133 134 135 136  | Next Page >