Search Results

Search found 514 results on 21 pages for 'cipher suites'.

Page 16/21 | < Previous Page | 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • Resizing a LUKS encrypted volume

    - by mgorven
    I have a 500GiB ext4 filesystem on top of LUKS on top of an LVM LV. I want to resize the LV to 100GiB. I know how to resize ext4 on top of an LVM LV, but how do I deal with the LUKS volume? mgorven@moab:~% sudo lvdisplay /dev/moab/backup --- Logical volume --- LV Name /dev/moab/backup VG Name moab LV UUID nQ3z1J-Pemd-uTEB-fazN-yEux-nOxP-QQair5 LV Write Access read/write LV Status available # open 1 LV Size 500.00 GiB Current LE 128000 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 2048 Block device 252:3 mgorven@moab:~% sudo cryptsetup status backup /dev/mapper/backup is active and is in use. type: LUKS1 cipher: aes-cbc-essiv:sha256 keysize: 256 bits device: /dev/mapper/moab-backup offset: 3072 sectors size: 1048572928 sectors mode: read/write mgorven@moab:~% sudo tune2fs -l /dev/mapper/backup tune2fs 1.42 (29-Nov-2011) Filesystem volume name: backup Last mounted on: /srv/backup Filesystem UUID: 63877e0e-0549-4c73-8535-b7a81eb363ed Filesystem magic number: 0xEF53 Filesystem revision #: 1 (dynamic) Filesystem features: has_journal ext_attr resize_inode dir_index filetype extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize Filesystem flags: signed_directory_hash Default mount options: (none) Filesystem state: clean with errors Errors behavior: Continue Filesystem OS type: Linux Inode count: 32768000 Block count: 131071616 Reserved block count: 0 Free blocks: 112894078 Free inodes: 32044830 First block: 0 Block size: 4096 Fragment size: 4096 Reserved GDT blocks: 992 Blocks per group: 32768 Fragments per group: 32768 Inodes per group: 8192 Inode blocks per group: 512 RAID stride: 128 RAID stripe width: 128 Flex block group size: 16 Filesystem created: Sun Mar 11 19:24:53 2012 Last mount time: Sat May 19 13:29:27 2012 Last write time: Fri Jun 1 11:07:22 2012 Mount count: 0 Maximum mount count: 100 Last checked: Fri Jun 1 11:03:50 2012 Check interval: 31104000 (12 months) Next check after: Mon May 27 11:03:50 2013 Lifetime writes: 118 GB Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 256 Required extra isize: 28 Desired extra isize: 28 Journal inode: 8 Default directory hash: half_md4 Directory Hash Seed: 383bcbc5-fde9-4720-b98e-2d6224713ecf Journal backup: inode blocks

    Read the article

  • Why is mkfs overwriting the LUKS encryption header on LVM on RAID partitions on Ubuntu 12.04?

    - by Starchy
    I'm trying to setup a couple of LUKS-encrypted partitions to be mounted after boot-time on a new Ubuntu server which was installed with LVM on top of software RAID. After running cryptsetup luksFormat, the LUKS header is clearly visible on the volume. After running any flavor of mkfs, the header is overwritten (which does not happen on other systems that were setup without LVM), and cryptsetup will no longer recognize the device as a LUKS device. # cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/dm-1 WARNING! ======== This will overwrite data on /dev/dm-1 irrevocably. Are you sure? (Type uppercase yes): YES Enter LUKS passphrase: Verify passphrase: # hexdump -C /dev/dm-1|head -n5 00000000 4c 55 4b 53 ba be 00 01 61 65 73 00 00 00 00 00 |LUKS....aes.....| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000020 00 00 00 00 00 00 00 00 63 62 63 2d 65 73 73 69 |........cbc-essi| 00000030 76 3a 73 68 61 32 35 36 00 00 00 00 00 00 00 00 |v:sha256........| 00000040 00 00 00 00 00 00 00 00 73 68 61 31 00 00 00 00 |........sha1....| # cryptsetup luksOpen /dev/dm-1 web2-var # mkfs.ext4 /dev/mapper/web2-var [..snip..] Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done # hexdump -C /dev/dm-1|head -n5 # cryptsetup luksClose /dev/mapper/web2-var 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000400 00 40 5d 00 00 88 74 01 66 a0 12 00 17 f2 6d 01 |.@]...t.f.....m.| 00000410 f5 3f 5d 00 00 00 00 00 02 00 00 00 02 00 00 00 |.?].............| 00000420 00 80 00 00 00 80 00 00 00 20 00 00 00 00 00 00 |......... ......| # cryptsetup luksOpen /dev/dm-1 web2-var Device /dev/dm-1 is not a valid LUKS device. I have also tried mkfs.ext2 with the same result. Based on setups I've done successfully on Debian and Ubuntu (but not LVM or Ubuntu 12.04), it's hard to see why this is failing.

    Read the article

  • Why is uploading to S3 so slow?

    - by Tom Marthenal
    I am using s3cmd to upload to S3: # s3cmd put 1gb.bin s3://my-bucket/1gb.bin 1gb.bin -> s3://my-bucket/1gb.bin [1 of 1] 366706688 of 1073741824 34% in 371s 963.22 kB/s I am uploading from Linode, which has an outgoing bandwidth cap of 50 Mb/s according to support (roughly 6 MB/s). Why am I getting such slow upload speeds to S3, and how can I improve them? Update: Uploading the same file via SCP to an m1.medium EC2 instance (SCP from my Linode to the instance's EBS drive) gives about 44 Mb/s according to iftop (any compression done by the cipher is not a factor). Traceroute: Here's a traceroute to the server it's uploading to (according to tcpdump). # traceroute s3-1-w.amazonaws.com. traceroute to s3-1-w.amazonaws.com. (72.21.194.32), 30 hops max, 60 byte packets 1 207.99.1.13 (207.99.1.13) 0.635 ms 0.743 ms 0.723 ms 2 207.99.53.41 (207.99.53.41) 0.683 ms 0.865 ms 0.915 ms 3 vlan801.tbr1.mmu.nac.net (209.123.10.9) 0.397 ms 0.541 ms 0.527 ms 4 0.e1-1.tbr1.tl9.nac.net (209.123.10.102) 1.400 ms 1.481 ms 1.508 ms 5 0.gi-0-0-0.pr1.tl9.nac.net (209.123.11.62) 1.602 ms 1.677 ms 1.699 ms 6 equinix02-iad2.amazon.com (206.223.115.35) 9.393 ms 8.925 ms 8.900 ms 7 72.21.220.41 (72.21.220.41) 32.610 ms 9.812 ms 9.789 ms 8 72.21.222.141 (72.21.222.141) 9.519 ms 9.439 ms 9.443 ms 9 72.21.218.3 (72.21.218.3) 10.245 ms 10.202 ms 10.154 ms 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * The latency looks reasonable, at least until the server stopped responding to ping requests.

    Read the article

  • Sendmail configs and logs look correct, but I get no mail

    - by Christian Dechery
    I used this tutorial to config sendmail on Ubuntu. Followed every step and when I test it, it seems to have worked, but I get no mail (not even on the spam folder) Below is the log for a test message: 050 >>> MAIL From:<[email protected]> SIZE=345 AUTH=<> 050 250 2.1.0 OK ek1sm23505399vdc.28 - gsmtp 050 >>> RCPT To:<######@gmail.com> 050 250 2.1.5 OK ek1sm23505399vdc.28 - gsmtp 050 >>> DATA 050 354 Go ahead ek1sm23505399vdc.28 - gsmtp 050 >>> . 050 250 2.0.0 OK 1401150762 ek1sm23505399vdc.28 - gsmtp 050 <########@gmail.com>... Sent (OK 1401150762 ek1sm23505399vdc.28 - gsmtp) 250 2.0.0 s4R0WdYN007263 Message accepted for delivery ######@gmail.com... Sent (s4R0WdYN007263 Message accepted for delivery) And this is my /var/log/mail.log May 26 21:32:39 UX-BLUEROOM sendmail[7262]: s4R0Wdxq007262: from=christian, size=105, class=0, nrcpts=1, msgid=<[email protected]>, relay=christian@localhost May 26 21:32:40 UX-BLUEROOM sm-mta[7263]: s4R0WdYN007263: from=<[email protected]>, size=345, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1] May 26 21:32:41 UX-BLUEROOM sm-mta[7263]: STARTTLS=client, relay=gmail-smtp-msa.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-RC4-SHA, bits=128/128 May 26 21:32:42 UX-BLUEROOM sm-mta[7263]: s4R0WdYN007263: to=<######@gmail.com>, ctladdr=<[email protected]> (1000/1000), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=30345, relay=gmail-smtp-msa.l.google.com. [173.194.75.109], dsn=2.0.0, stat=Sent (OK 1401150762 ek1sm23505399vdc.28 - gsmtp) May 26 21:32:42 UX-BLUEROOM sendmail[7262]: s4R0Wdxq007262: to=#####@gmail.com, ctladdr=christian (1000/1000), delay=00:00:03, xdelay=00:00:03, mailer=relay, pri=30105, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s4R0WdYN007263 Message accepted for delivery)

    Read the article

  • I love google Chrome, but some non-static pages like Piwik render it unresponsive

    - by gogowitsch
    The web-stat software Piwik stops reacting on mouse clicks after 1-2 seconds. The same is true for Google Maps and Producteev (but GMail and most other pages work like a charm). These rely heavily on JS, and work without Flash. I can click for a very short time period and then the mouse cursor doesn't feel the UI anymore (it doesn't turn into a I over input fields, though it moves; if the freeze occured while the pointer was over an input field, the cursor keeps being a I) and all clicks on the DOM are being ignored by Chrome. No message appears, neither obvious nor in the Console (F12). There is no obstructing div or the like in the DOM (F12). Since I couldn't find any hints on the source of my problems, I suspected my plugins and extensions. Unfortunately, neither deactivating all plugins nor all extensions solved the problem. for the problematic pages, it always happens no Dropbox running several GB of free RAM the taskmanager doesn't show any high CPU or memory utilization (the offending tab uses 30 MB and uses 0-1 % CPU) all problematic pages work in other browsers (Chrome, Firefox, IE) the rest of the computer is very responsive the computers use different security suites (Kaspersky and Avira) The effect exists between several (synchronized) Chrome instances on different machines, all running Windows 7. Both the OS and Chrome are updated automatically. Other tabs and the Chrome chrome (tabs, menus, toolbar buttons of the browser itself) still work. I really don't like switching between browsers. Any ideas?

    Read the article

  • Forward all traffic through an ssh tunnel

    - by Eamorr
    I hope someone can follow this and I'll explain as best I can. I'm trying to forward all traffic from port 6999 on x.x.x.224, through an ssh tunnel, and onto port 7000 on x.x.x.218. Here is some ASCII art: |browser|-----|Squid on x.x.x.224|------|ssh tunnel|------<satellite link>-----|Squid on x.x.x.218|-----|www| 3128 6999 7000 80 When I remove the ssh tunnel, everything works fine. The idea is to turn off encryption on the ssh tunnel (to save bandwidth) and turn on maximum compression (to save more bandwidth). This is because it's a satellite link. Here's the ssh tunnel I've been using: ssh -C -f -C -o CompressionLevel=9 -o Cipher=none [email protected] -L 7000:172.16.1.224:6999 -N The trouble is, I don't know how to get data from Squid on x.x.x.224 into the ssh tunnel? Am I going about this the wrong way? Should I create an ssh tunnel on x.x.x.218? I use iptables to stop squid on x.x.x.224 from reading port 80, but to feed from port 6999 instead (i.e. via the ssh tunnel). Do I need another iptables rule? Any comments greatly appreciated. Many thanks in advance,

    Read the article

  • Way to speed up load-balanced ssl using nginx?

    - by paulnsorensen
    So the setup for our website is 4 nodes running rails 3 and nginx 1 that all use the same GoDaddy certificate. Because we are a paid site, we have to maintain PCI-DSS compliance and thus have to use the more expensive SSL ciphers -- also we force SSL using Rack. I've recently switched over to Linode's NodeBalancer (which I've read is an HACluster), and we're not getting the performance we'd ideally like. From what I've read, it looks like terminating the SSL on the nodes using the high cipher is what is causing the poor performance, but I'd like to be thorough. Is there anything I can do? I've read about other ways to terminate the SSL before the NodeBalancer (like using stud), but I don't know enough about these solutions. We certainly don't want to do anything experimental or anything that has a single point of failure. If there really isn't anything I can do to speed up the SSL handshake, my alternative would be to support certain pages on Rails using a secure and insecure subdomain. I've found a few guides that walk through that, but my resulting question is in this situation, would it be better to have nginx handle forcing ssl on the secure subdomain instead of rails? Thanks!

    Read the article

  • error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)

    - by ArunS
    We have online shopping site. When I am going to checkout page i am getting a error like this "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)" From the apache error log i can see some attempts to connect to api.paypal.com. Here is the part of my apache error log * About to connect() to api.paypal.com port 443 (#0) * Trying 66.211.168.123... * connected * Connected to api.paypal.com (66.211.168.123) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection #0 When i tried to connect to api.paypal.com using curl i am getting a error like this curl -iv https://api.paypal.com/ * About to connect() to api.paypal.com port 443 (#0) * Trying 66.211.168.91... connected * Connected to api.paypal.com (66.211.168.91) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS alert, Server hello (2): * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection #0 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Can anyone help me to figure out this. Thanks in Advance. Arun S

    Read the article

  • 8007064c(2011) and 80280007(2009) persistant after all known repairs

    - by tiu44
    I'm on Windows 7 Home x64, and have ran into a major issue with Live Messenger(which I use daily). I have full offline installers for both 2011 and the last Wave 3 2009(14.0.8117.0416) Suites. Both give the following errors: Live Essentials 2011 Offline installer(official): An unknown error occured. Error:0x8007064c Source WLXSuite WL 2009 offline installer(official): You already have a more recent version of Windows Live. Error: OnCatalogResult:0x80280007 Next steps: If you want to install this older version, first uninstall any later versions that are on your computer. Get help with this error The 2011 installer also says it is updating messenger, I don't select anything else. Then last 2009 installer says their is a newer version that needs uninstalled even after the following procedures. MS Help pages provided all basically lead to using uninstall from control panel. Which I've uninstalled all Live components including watcom safety scanner and portable SQL from. I've followed online instructions for manually deleting folders from Program Files(x86), Appdata, and some others under \User\All Users and the one for the one account on the machine. I've used CCcleaner 3.01, ASC 3.7.3 and Beta 4 with deep scan along with deleting folders, and checked their uninstallers for Live components too, and none were there. wlmuninstaller.exe tool reports nothing, but after a failed install it finds something, but failes to clean it under all user admin privilege. The same errors still occur after all of that. Google searching I see people on forums suggesting reinstalling the OS cause MS doesn't even know how to fix this, but I'm hoping someone here can help. NOTE: I don't have System Restore or any other state freeze utilities going, and I don't have any real time AV going(I sometime scan with defender, anti rootkits, and online scanners). NOTE2:I posted this on windowslivehelp.com, before looking to see if the place was active or not, hoping I can get help here. Thanks

    Read the article

  • Windows : Map-a-network-drive to a remote Shared-Folder (on QNAP NAS) using OpenVPN

    - by spelltox
    Provided my lack of networking knowledge, I've been struggling with this issue for quite a few days now : I have a QNAP-TS212 NAS on which i've created a shared-folder (mostly excel files). All the computers in the local network (windows) are able to access it without any problem. Now, i want to access that shared-folder remotely (windows client), so : I enabled OpenVPN (and PPTP) in QNAP admin. Installed OpenVPN on the remote client. Applied the configuration file that the QNAP generated - Configuration (openvpn.ovpn) : client dev tun script-security 3 proto udp remote ***MY_WAN_IP*** 1194 resolv-retry infinite nobind ca ca.crt auth-user-pass reneg-sec 0 cipher AES-128-CBC comp-lzo OpenVPN connect successfully from the remote client. Now, here's my problem : I can ping the NAS (got IP 10.8.0.1) from the remote client, But when i try to map-a-network-drive, i don't see the shared folder or the NAS or any of the other computers in the network... I checked - all computers are in "WORKGROUP" workgroup. I'm probably missing some basic knowledge, So - any help would be greatly appreciated ! Many thanks.

    Read the article

  • Configuring https access on HP A5120 Switch

    - by GerryEgan
    I am trying to configure HTTPS management on a HP a5120 switch running Version 5.20.99, Release 2215 and not having much luck. I have followed the manual by creating an SSL policy first and then enabling the HTTPS server with the SSL policy: ssl server-policy sslpol ip https ssl-server-policy sslpol ip https enable When I try and log onto the switch with Google Chrome I get the following error: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error. When I look this up I have found references to errors due to TLS being used in SSL. I can find no way to specify the SSL version in the server policy. The manual has a configuration example that uses MSCEP to retrieve a certificate but in Windows 2008 R2 that feature is only available in Enterprise and Datacentre editions which I don't have. I have SSH configured and it is using a locally generated certificate so I'm not sure if I can use that but I'd like to if possible. Has anybody been able to setup HTTPS management on HP A series switches without MSCEP? Any and all help appreciated! here is a copy of my config with the interfaces removed: version 5.20.99, Release 2215 # sysname MYSYSNAME # irf domain 10 irf mac-address persistent timer irf auto-update enable undo irf link-delay # domain default enable system # telnet server enable # vlan 1 # vlan 100 description Management # radius scheme system primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain # domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system group-attribute allow-guest # local-user admin password cipher authorization-attribute level 3 service-type ssh telnet terminal service-type web # stp enable # ssl server-policy sslpol pki-domain MYDOMAIN # interface NULL0 # interface Vlan-interface199 ip address 192.168.199.140 255.255.255.0 # interface GigabitEthernet1/0/1 poe enable stp edged-port enable # interface Ten-GigabitEthernet2/1/2 # dhcp-snooping # ntp-service unicast-server 192.168.1.71 # ssh server enable # ip https ssl-server-policy sslpol ip https enable # load xml-configuration # user-interface aux 0 1 user-interface vty 0 15 authentication-mode scheme

    Read the article

  • Juniper’s Network Connect ncsvc on Linux: “host checker failed, error 10”

    - by hfs
    I’m trying to log in to a Juniper VPN with Network Connect from a headless Linux client. I followed the instructions and used the script from http://mad-scientist.us/juniper.html. When running the script with --nogui switch the command that gets finally executed is $HOME/.juniper_networks/network_connect/ncsvc -h HOST -u USER -r REALM -f $HOME/.vpn.default.crt. I get asked for the password, a line “Connecting to…” is printed but then the programm silently stops. When adding -L 5 (most verbose logging) to the command line, these are the last messages printed to the log: dsclient.info state: kStateCacheCleaner (dsclient.cpp:280) dsclient.info --> POST /dana-na/cc/ccupdate.cgi (authenticate.cpp:162) http_connection.para Entering state_start_connection (http_connection.cpp:282) http_connection.para Entering state_continue_connection (http_connection.cpp:299) http_connection.para Entering state_ssl_connect (http_connection.cpp:468) dsssl.para SSL connect ssl=0x833e568/sd=4 connection using cipher RC4-MD5 (DSSSLSock.cpp:656) http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:476) DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:800) DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:833) dsclient.info <-- 200 (authenticate.cpp:194) dsclient.error state host checker failed, error 10 (dsclient.cpp:282) ncapp.error Failed to authenticate with IVE. Error 10 (ncsvc.cpp:197) dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:72) What does host checker failed mean? How can I find out what it tried to check and what failed? The HostChecker Configuration Guide mentions that a $HOME/.juniper_networks/tncc.jar gets installed on Linux, but my installation contains no such file. From that I concluded that HostChecker is disabled for my VPN on Linux? Are the POST to /dana-na/cc/ccupdate.cgi and “host checker failed” connected or independent? By running the connection over a SSL proxy I found out that the POST data is status=NOTOK (Funny side note: the client of the oh-so-secure VPN does not validate the server’s SSL certificate, so is wide open to MITM attacks…). So it seems that it’s the client that closes the connection and not the server.

    Read the article

  • How do I Forward root's email to an external email address?

    - by ErebusBat
    I have a small server (Ubuntu 10.04) at my house and I would like to forward root's email to my gmail hosted domain to get security notifications and what not. I ripped everything out and started from scratch and ran into some other issues. I now have sendmail working in the sense that I can mail [email protected] and get the mail. HOWEVER, adding an address to /root/.forward does not actually forward the message. I get the following in my logs: Dec 22 14:04:37 batcave sendmail[4695]: oBML4bAT004695: to=<root@batcave>, ctladdr=aburns (1000/1000), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30075, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (oBML4bJ9004696 Message accepted for delivery) Dec 22 14:04:39 batcave sm-mta[4698]: STARTTLS=client, relay=[69.145.248.18], version=TLSv1/SSLv3, verify=FAIL, cipher=DES-CBC3-SHA, bits=168/168 Dec 22 14:04:40 batcave sm-mta[4698]: oBML4bJ9004696: to=<[email protected]>, ctladdr=<[email protected]> (1000/1000), delay=00:00:03, xdelay=00:00:03, mailer=relay, pri=120336, relay=[69.145.248.18] [69.145.248.18], dsn=2.0.0, stat=Sent (OK 01/D4-00853-216621D4) You can see where my local sendmail instance accepts it then hands it off to my ISP, but with the wrong address ([email protected]).

    Read the article

  • Windows 7 Professional Cannot Connect to Share - Wrong password

    - by henryford
    I know that this question has actually been asked a few times before, but every solution I found didn't yield any results on my end, I can't get my head around it: When I am trying to connect to a share on the network, I always get the response "The specified network password is incorrect". However, the password is definetly correct and it works if I connect from another machine. I changed the LAN Manager authentication level to "Send LM & NTLM - use NTLMv2 session security if negiotated", I configured Kerberos encryption types to include all suites, rebooted (several times), but still - no luck. I can connect if I use my regular account with which I am logged in, but I need to connect with a different user since my log-in user has not enough privileges on the share. When I do that, the error above comes up. I'm really frustrated at the moment, this problem is driving me crazy. I'd be gladful for any possible solution to this. At the moment I'm using a workaround: I connect to a different machine via RDP, login with the user I have to use for the network-share connection and then I can map the drive and copy/paste from the RDP session to my local workstation. This is also working when I am connecting via RDP with my current login user and map the drive with the other user who has sufficent privileges. Tanks in advance, Thomas

    Read the article

  • Only tunnel certain applications via OpenVPN

    - by jinjin
    Hi, I've purchased a VPN solution, it works correctly when I have "redirect-gateway def1" in the configuration file (routing all traffic through the VPN). However when I remove that line from the configuration file, I am still able to ping-out of the machine (ping -I tap0), however I cannot ping the IP assigned to the machine (it's a public ip), i get the error: Destination Host Unreachable. I only want to have certain applications sending traffic through the VPN tunnel (eg: ZNC, irssi), all of which i can select which IP they use. However they can't recieve any data, making the tunnel essentially useless to me when disabling redirect-gateway. Any ideas on how to allow specific applications use the tunnel, without of forcing everything to go through it? My configuration file is as follows: dev tap remote #.#.#.# float #.#.#.# port 5129 comp-lzo ifconfig #.#.#.# 255.255.255.128 route-gateway #.#.#.# #redirect-gateway def1 secret key.txt cipher AES-128-CBC The output of ifconfig -a when the tunnel is connected: tap0 Link encap:Ethernet HWaddr 00:ff:47:d3:6d:f3 inet addr:#.#.#.# Bcast:#.#.#.# Mask:255.255.255.255 inet6 addr: <snip> Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:612 errors:0 dropped:0 overruns:0 frame:0 TX packets:35 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:25704 (25.1 KiB) TX bytes:6427 (6.2 KiB) EDIT: the Bcast:#.#.#.# (ifconfig) is different from route-gateway #.#.#.# (openvpn) if that makes any difference.

    Read the article

  • Windows + Django + mod_wsgi = "DLL load failed"

    - by Kyle MacFarlane
    For a long time I was using Python 2.5 to do all this fine but recently upgraded to 2.7 since building stuff for 2.5 is a real pain. I also updated mod_wsgi to 3.3 for Python 2.7. Everything is working fine with Apache + mod_wsgi on CentOS and also in the Django runserver on both Windows and CentOS, but not with Apache + mod_wsgi on Windows. Whenever I try to access a page in my Django app I get the following (note that Apache starts fine): ImportError at / DLL load failed: The specified module could not be found. Which is caused by things like: from Crypto.Cipher import AES Etree and others cause the exact same error and it is not limited to any specific packages. Anything with pyd files fails. Googling around suggests reinstalling Python "for all users", but the installer doesn't give you that option anymore anyway. For good measure I've tried reinstalling Python 2.7 as an administrator and also told it to register itself as the default version of Python but neither helped. I think the solution might have something to do with: The fact that I have 2.5, 2.6 and 2.7 installed on this machine and mod_wsgi might be loading the DLLs for 2.5 instead of 2.7. Something to do with WSGIPythonPath, which I usually don't need to set.

    Read the article

  • Wifi Works with Android and Windows 8 but not Linux and Win 7

    - by eramm
    Support has told me that our company wide wifi network is setup to support mobile phones only. However it doesn't make sense to me that they can identify a mobile device rather they have setup the Access Point to use a protocol that is only supported on Android and Windows phones. Because the Access Point supports Windows mobile this means that laptops running Windows 8 can also connect to the Access Point (proven). So it stands to reason that since Android is based on Linux there must be a way to connect using Linux as well. iwlist shows IEEE 802.11i/WPA2 Version 1 Group Cipher : TKIP Pairwise Ciphers (2) : TKIP CCMP Authentication Suites (1) : 802.1x WIreshark seems to show that a connection is being made to a website to get a certificate and use a Domain Controller for authentication. Questions: 1) what protocol could they be using that is supported on Win Mobile and Android but not on Win 7 and Linux (Debian) ? 2) what tools can I use to help me discover what protocol i need to support ? I have used iwlist and wireshark but I was not able to glean to much useful information from them. I can post the results if needed. 3) is there an app i can use on my Android phone to help me understand what kind of network it is connecting to ? I can provide more information if you tell me how to get it. I just don't know what I am looking for.

    Read the article

  • Postfix : outgoing mail in TLS for a specific domain

    - by vercetty92
    I am trying to configure postfix to send mail in TLS (starttls in fact), but only for a specific destination. I tried with "smtp_tls_policy_maps". This is the only line in my main.cf file regarding TLS configuration, but it seems not working. Here is my main.cf file: queue_directory = /opt/csw/var/spool/postfix command_directory = /opt/csw/sbin daemon_directory = /opt/csw/libexec/postfix html_directory = /opt/csw/share/doc/postfix/html manpage_directory = /opt/csw/share/man sample_directory = /opt/csw/share/doc/postfix/samples readme_directory = /opt/csw/share/doc/postfix/README_FILES mail_spool_directory = /var/spool/mail sendmail_path = /opt/csw/sbin/sendmail newaliases_path = /opt/csw/bin/newaliases mailq_path = /opt/csw/bin/mailq mail_owner = postfix setgid_group = postdrop mydomain = ullink.net myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost masquerade_domains = vercetty92.net alias_maps = dbm:/etc/opt/csw/postfix/aliases alias_database = dbm:/etc/opt/csw/postfix/aliases transport_maps = dbm:/etc/opt/csw/postfix/transport smtp_tls_policy_maps = dbm:/etc/opt/csw/postfix/tls_policy inet_interfaces = all unknown_local_recipient_reject_code = 550 relayhost = smtpd_banner = $myhostname ESMTP $mail_name debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 And here is my "tls_policy" file: gmail.com encrypt protocols=SSLv3:TLSv1 ciphers=high I also tried gmail.com encrypt My wish is to use TLS only for the gmail domain. With this configuration, I don't see any TLS line in the source of the mail. But if I tell postfix to use TLS if possible for all destination with this line, it works: smtp_tls_security_level = may Beause I can see this line in the source of my mail: (version=TLSv1/SSLv3 cipher=OTHER); But I don't want to try to use TLS for the others domains...only for gmail... Do I miss something in my conf? (I also try whith "hash:/etc/opt/csw/postfix/tls_policy", and it's the same) Thanks a lot in advance

    Read the article

  • OpenSSL force client to use specific protocol

    - by Ex Umbris
    When subversion attempts to connect to an https URL, the underlying protocol library (openssl) attempts to start the secure protocol negotiation at the most basic level, plain SSL. Unfortunately, I have to connect to a server that requires SSL3 or TLS1, and refuses to respond to SSL or SSL2. I’ve done some troubleshooting using s_client and confirmed that if I let s_client start with the default protocol the server never responds to the CLIENT HELLO: $ openssl s_client -connect server.domain.com:443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Watching this in Wireshark I see: Client Server -------syn----------> <------ack----------- ---CLIENT HELLO-----> <------ack----------- [60 second pause] <------rst----------- If I tell s_client to use ssl2 the server immediately closes the connection. Only ssl3 and tls1 work. Is there any way to configure openssl to skip SSL and SSL2, and start the negotiation with TLS or SSL3? I've found the OpenSSL config file, but that seems to control only certificate generation.

    Read the article

  • Glassfish and SSL [closed]

    - by Richard
    I'm struggling to get SSL working on Glassfish 3.1.1. I've been following tutorials like http://javadude.wordpress.com/2010/04/06/getting-started-with-glassfish-v3-and-ssl/ and SO posts like this Issues with setting up SSL on Glassfish v3 The above links are for information only. I've summarised what I've done below. As far as I can tell I'm doing everything correctly but I'm getting this error: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled Some background of what I have done: My cert is from GoDaddy. I generated the CSR from a new keystore (keystore.jks), then imported the resulting certs back into the same keystore and set the keystore password to the same pwd as the GF master password. Then created a new SSL listener in GF and pointed it at my keystore file (which I copied into domains/domain1/config). Set the Nickname to the alias of my cert (which is something liem 'mydomain.org' i.e. the name that I get when I run keytool -list. In my ciphers section in the network listeners page, I leave the defaults in place (empty, which means all ciphers are available I think). In domain.xml I've replaced all instances of s1as to 'mydomain.org'. This is the question: What exactly is causing the error highlighted? I'm guessing it's a mismatch between my listener config and aliases in my keystore, or something similar, but I'm not really sure what. Thanks

    Read the article

  • Hardware testing tool/suite

    - by Aviator
    Hi All, I just bought a new core i5 system (assembled) and started installing Windows 7. It was failing for many times and at some point got installed. After that, frequent crashes related to MEMORY. So checked the RAM using memtest86+ and found many errors.I got it replaced with the vendor and now if i install ANY OS, at some point in installation it either freezes completely with no response for hours, or restarts automatically. I tried installing Windows 7, Windows Vista and Ubuntu 9.10. I tested the new RAM again and found no problems in about 2 passes using memtest86+. I even updated the BIOS using bootable USB and even the problem persists. I am really not sure which hardware is causing trouble. I dont have any OS inside it, so i have to check using bootable CDs DVDs and USB only. Please advice on how to proceed. Are there any suites/ separate tools for checking integrity of each hardware parts and troubleshoot it? I wanted to confirm which part is problematic before going for replacement. Thanks a lot! This is the config: Core i5, MSI P55-GD65, GSKill 2x2GB, Seagate 500GB 7200rpm, CM Extreme 600W PSU, Saphhire Radeon 5770 1GB, LG DVD Writer

    Read the article

  • LDAPS being redirected to 389

    - by Ikkoras
    We're trying to perform an LDAPS bind to a server which blocks 389 with a firewall so all traffic must travel over 636. In our test lab we're connecting to a test ldap (located on the same server) which does not have this firewall so both ports are exposed. Running ldp.exe on the test server we generate the trace below which seems to suggest that it is successfully binding over 636. However if we monitor the traffic with wireshark all the traffic is being sent to 389 with no attempt to even contact 636. Other tools will bind only with SSL on 636 or without SSL on 389 whjich seems to suggest it is behaving correctly but Wireshark shows 389. Only the test server we are using RawCap to capture the local loopback traffic. Any ideas? 0x0 = ldap_unbind(ld); ld = ldap_sslinit("WIN-GF49504Q77T.test.com", 636, 1); Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3); Error 0 = ldap_connect(hLdap, NULL); Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv); Host supports SSL, SSL cipher strength = 128 bits Established connection to WIN-GF49504Q77T.test.com. Retrieving base DSA information... Getting 1 entries: Dn: (RootDSE)

    Read the article

  • Routing Traffic With OpenVPN

    - by user224277
    Few minutes ago i configured my VPN server, and actually I can connect to my VPN but all trafic is going through my normal home network. On my OpenVPN application I've got an information : Server IP: **.185.***.*10 Client IP: 10.8.0.6 Traffic: 7.3 KB in, 5.6 KB out Connected: 10 June 2014 19:21:59 So everything is connected but how I can setup on windows 7 that all trafic have to go through OpenVPN network card ?? Client setting : client dev tun proto udp # enter the server's hostname # or IP address here, and port number remote **.185.***.*10 1194 resolv-retry infinite nobind persist-key persist-tun # Use the full filepaths to your # certificates and keys ca ca.crt cert user1.crt key user1.key ns-cert-type server comp-lzo verb 6 Server setting : port 1194 proto udp dev tun # the full paths to your server keys and certs ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh2048.pem cipher BF-CBC # Set server mode, and define a virtual pool of IP # addresses for clients to use. Use any subnet # that does not collide with your existing subnets. # In this example, the server can be pinged at 10.8.0.1 server 10.8.0.0 255.255.255.0 # Set up route(s) to subnet(s) behind # OpenVPN server push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" ifconfig-pool-persist /etc/openvpn/ipp.txt keepalive 10 120 status openvpn-status.log verb 6 and sysctl : net.ipv4.ip_forward=1 Thank you for your time and help.

    Read the article

  • Oracle Internet Directory 11gR1 11.1.1.6 Certified with E-Business Suite

    - by Elke Phelps (Oracle Development)
    Oracle E-Business Suite comes with native user authentication and management capabilities out-of-the-box. If you need more-advanced features, it's also possible to integrate it with Oracle Internet Directory and Oracle Single Sign-On or Oracle Access Manager, which allows you to link the E-Business Suite with third-party tools like Microsoft Active Directory, Windows Kerberos, and CA Netegrity SiteMinder.  For details about third-party integration architectures, see either of these article for EBS 11i and 12: In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12 In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i Oracle Internet Directory 11.1.1.6 is now certified with Oracle E-Business Suite Release 11i, 12.0 and 12.1.  OID 11.1.1.6 is part of Oracle Fusion Middleware 11g Release 1 Version 11.1.1.6.0, also known as FMW 11g Patchset 5.  Certified E-Business Suite releases are: EBS Release 11i 11.5.10.2 + ATG PH.H RUP 7 and higher EBS Release 12.0.6 and higher EBS Release 12.1.1 and higher Supported Configurations Oracle Internet Directory 11.1.1.5.0 can be integrated with two single sign-on solutions for EBS environments: Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 10g (10.1.4.3) with an existing Oracle E-Business Suite system (Release 11i or 12.1.x). Oracle Internet Directory and Directory Integration Platform from Fusion Middleware 11gR1 Patchset 5 (11.1.1.6.0) with Oracle Access Manager 11gR1 (11.1.1.5) with an existing Oracle E-Business Suite system (Release 12.0.6 or higher or 12.1.x). Oracle Internet Directory (OID) and Directory Integration Platform (DIP) from Oracle Fusion Middleware 11gR1 Patchset 5  (11.1.1.6.0) with Oracle Single Sign-On Server and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) with an existing Oracle E-Business Suite system (Release 11i, 12.0.6 or 12.1.x) Oracle Access Manager strongly recommended Oracle has two single sign-on solutions: Oracle Single Sign-On Server (OSSO) and Oracle Access Manager (OAM). Oracle strongly recommends that all new single sign-on implementations use Oracle Access Manager. Oracle Access Manager is the preferred solution going forward, and forms the basis of Oracle Fusion Middleware 11g. OSSO is no longer being actively developed and will not be ported to Oracle WebLogic Server. Platform certifications Oracle Internet Directory is certified to run on any operating system for which Oracle WebLogic Server 11g is certified. Refer to the Oracle Fusion Middleware 11g System Requirements for more details.For information on operating systems supported by Oracle Internet Directory and its components, refer to the Oracle Identity and Access Management 11gR1 certification matrix.Integration with Oracle Internet Directory involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.References Overview of Single Sign-On Integration Options for Oracle E-Business Suite Note 1388152.1 Using the Latest Oracle Internet Directory 11gR1 Patchset with Oracle Single Sign-on and Oracle E-Business Suite (Note 876539.1) Integrating Oracle E-Business Suite with Oracle Access Manager 11g using Oracle E-Business Suite AccessGate (Note 1309013.1) Integrating Oracle E-Business Suite with Oracle Access Manager 10g using Oracle E-Business Suite AccessGate (Note 975182.1) Migrating Oracle Single Sign-On 10gR3 to Oracle Access Manager 11g with Oracle E-Business Suite (Note 1304550.1) Oracle Fusion Middleware Download, Installation & Configuration Readme Oracle Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) (Part Number E12002-09) Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management 11g Release 1 (11.1.1) (Part Number E10129-09) Oracle Fusion Middleware Upgrade Planning Guide 11g Release 1 (11.1.1) (Part Number E10125-06) Oracle Fusion Middleware Patching Guide 11g Release 1 (11.1.1) (Part Number E16793-12) Related Articles Understanding Options for Integrating Oracle Access Manager with E-Business Suite In-Depth: Using Third-Party Identity Managers with E-Business Suite Release 12 In-Depth: Using Third-Party Identity Managers with the E-Business Suite Release 11i Oracle Access Manager 10gR3 Certified with E-Business Suite Portal 11.1.1.4 Certified with E-Business Suite Discoverer 11.1.1.4 Certified with E-Business Suite

    Read the article

  • Unable to either locate any wireless networks nor even connect to wifi

    - by Leo Chan
    I'm new to Linux. I currently have installed ubuntu 12.10. I had a previous problem with my wireless card (see url to see previous problem : How to enable wireless in a Fujitsu LH532?). It now shows Connect to hidden network and create new wireless network but now unfortunately it simply cannot find any wireless connections. I did have a very thorough look around about this problem such as wait a little longer since sometimes it cannot load all the wireless connections available that quickly. My wifi is a hidden network and I have used the connect to hidden network feature but it keeps asking for my wep key which has been checked 4 times (I counted) and it still seems to not work; It keeps asking for the WEP key. I did try both WEP 40/128-bit key and WPA & WPA2 since previously on my windows it worked; My family later decided to use WEP. I only have a quick fix using a usb wireless stick and I wish to have a more solid fix. Thanks Results from sudo iwlist wlan0 scan wlan0 Scan completed : Cell 01 - Address: 00:1E:73:C8:62:BD Channel:6 Frequency:2.437 GHz (Channel 6) Quality=25/70 Signal level=-85 dBm Encryption key:on ESSID:"EnigmaHome" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=000000cb3bb10a5c Extra: Last beacon: 696ms ago IE: Unknown: 000A456E69676D61486F6D65 IE: Unknown: 010482848B96 IE: Unknown: 030106 IE: Unknown: 0706484B20010B1E IE: Unknown: 2A0107 IE: Unknown: 32080C1218243048606C IE: Unknown: DD180050F2020101000003A4000027A4000042435E0062322F00 Cell 02 - Address: C8:3A:35:34:C1:60 Channel:6 Frequency:2.437 GHz (Channel 6) Quality=22/70 Signal level=-88 dBm Encryption key:on ESSID:"Tenda" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 9 Mb/s 18 Mb/s; 36 Mb/s; 54 Mb/s Bit Rates:6 Mb/s; 12 Mb/s; 24 Mb/s; 48 Mb/s Mode:Master Extra:tsf=000001336e70ffdd Extra: Last beacon: 716ms ago IE: Unknown: 000554656E6461 IE: Unknown: 010882848B961224486C IE: Unknown: 030106 IE: Unknown: 32040C183060 IE: Unknown: 0706434E20010D10 IE: Unknown: 33082001020304050607 IE: Unknown: 33082105060708090A0B IE: Unknown: DD270050F204104A0001101044000101104700102880288028801880A880C83A3534C160103C000101 IE: Unknown: 050400010000 IE: Unknown: 2A0106 IE: Unknown: 2D1AEC0117FFFF0000000000000000000000000000000C0000000000 IE: Unknown: 3D1606000500000000000000000000000000000000000000 IE: Unknown: 7F0101 IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK Preauthentication Supported IE: Unknown: DD180050F2020101000003A4000027A4000042435E0062322F00 IE: Unknown: 0B05010089127A IE: Unknown: DD1E00904C33EC0117FFFF0000000000000000000000000000000C0000000000 IE: Unknown: DD1A00904C3406000500000000000000000000000000000000000000 IE: Unknown: DD07000C4304000000 Cell 03 - Address: 00:1E:73:C8:62:BF Channel:6 Frequency:2.437 GHz (Channel 6) Quality=47/70 Signal level=-63 dBm Encryption key:on ESSID:"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s 36 Mb/s; 48 Mb/s; 54 Mb/s Mode:Master Extra:tsf=000000cb3bac614e Extra: Last beacon: 1064ms ago IE: Unknown: 00110000000000000000000000000000000000 IE: Unknown: 010482848B96 IE: Unknown: 030106 IE: Unknown: 050C010200000000000000000000 IE: Unknown: 0706484B20010B1E IE: Unknown: 2A0107 IE: Unknown: 32080C1218243048606C IE: Unknown: DD070050F202000100

    Read the article

< Previous Page | 12 13 14 15 16 17 18 19 20 21  | Next Page >