Search Results

Search found 4187 results on 168 pages for 'secure erase'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 166/168 | < Previous Page | 162 163 164 165 166 167 168  | Next Page >

  • ExpressionEngine Segment Variables Lost on Site Index Page

    - by Jesse Bunch
    Hey Everyone, I've been messing with this for days now and can't seem to figure it out. I am trying to pass a 2nd segment variable to my client's index page. The URL I'm trying is: http://www.compupay.com/site/CSCPA/. The problem is, rather than showing the site's index page with the segment variable of "CSCPA" still in the URL, it shows the index page with no segment variables. Initially, I thought it was a .htaccess problem but I couldn't find anything in it that seemed out of whack. Any ideas? I am posting the .htaccess file so another pair of eyes can see it. Thanks for the help! # -- LG .htaccess Generator Start -- # .htaccess generated by LG .htaccess Generator v1.0.0 # http://leevigraham.com/cms-customisation/expressionengine/addon/lg-htaccess-generator/ # secure .htaccess file <Files .htaccess> order allow,deny deny from all </Files> # Dont list files in index pages IndexIgnore * #URL Segment Support AcceptPathInfo On Options +FollowSymLinks #Redirect old incoming links Redirect 301 /contactus.cfm http://www.compupay.com/about_compupay/contact_us/ Redirect 301 /Internet_Payroll.cfm http://www.compupay.com/payroll_solutions/c/online_payroll/ Redirect 301 /Internet_Payroll_XpressPayroll.cfm http://www.compupay.com/payroll_solutions/xpresspayroll/ Redirect 301 /about_compupay.cfm http://www.compupay.com/about_compupay/news/ Redirect 301 /after_payroll.cfm http://www.compupay.com/after_payroll_solutions/ Redirect 301 /news101507.cfm http://www.compupay.com/about_compupay/news/ Redirect 301 /quote.cfm http://www.compupay.com/payroll_solutions/get_a_free_quote/ Redirect 301 /solution_finder_sm.cfm http://www.compupay.com/ Redirect 301 /state_payroll/mississippi_payroll.cfm http://www.compupay.com/resource_center/state_resources/ Redirect 301 /state_payroll/washington_payroll.cfm http://www.compupay.com/resource_center/state_resources/ #Redirect for old top linked to pages Redirect 301 /Payroll_Services.cfm http://www.compupay.com/payroll_solutions/ Redirect 301 /About_CompuPay.cfm http://www.compupay.com/about_compupay/ Redirect 301 /Partnerships.cfm http://www.compupay.com/business_partner_solutions/ Redirect 301 /about_compupay.cfm?subpage=393 http://www.compupay.com/about_compupay/ Redirect 301 /quote.cfm http://www.compupay.com/payroll_solutions/get_a_free_quote/ Redirect 301 /After_Payroll.cfm http://www.compupay.com/after_payroll_solutions/ Redirect 301 /Accountant_Services.cfm http://www.compupay.com/accountant_solutions/ Redirect 301 /careers/careers_payroll.cfm http://www.compupay.com/about_compupay/careers/ Redirect 301 /Industry_Resources.cfm http://www.compupay.com/resource_center/ Redirect 301 /Client_Resources.cfm http://www.compupay.com/resource_center/client_login/ Redirect 301 /client_resources.cfm?subpage=375 http://www.compupay.com/resource_center/client_login/ Redirect 301 /solution_finder_sm.cfm http://www.compupay.com/payroll_solutions/ Redirect 301 /Internet_Payroll_PowerPayroll.cfm http://www.compupay.com/payroll_solutions/powerpayroll/ Redirect 301 /Payroll_Outsourcing.cfm http://www.compupay.com/payroll_solutions/why_outsource/ Redirect 301 /Phone_Payroll_Fax_Payroll.cfm http://www.compupay.com/payroll_solutions/phone_fax_payroll/ Redirect 301 /contactus.cfm http://www.compupay.com/about_compupay/contact_us/ Redirect 301 /state_payroll/iowa_payroll.cfm http://www.compupay.com/resource_center/state_resources/ Redirect 301 /Construction_Payroll.cfm http://www.compupay.com/payroll_solutions/specialty_payroll/ Redirect 301 /PC_Payroll.cfm http://www.compupay.com/payroll_solutions/c/pc_payroll/ Redirect 301 /state_payroll/washington_payroll.cfm http://www.compupay.com/resource_center/state_resources/ Redirect 301 /Internet_Payroll_XpressPayroll.cfm http://www.compupay.com/payroll_solutions/xpresspayroll/ Redirect 301 /accountant_services.cfm?subpage=404 http://www.compupay.com/accountant_solutions/ Redirect 301 /after_payroll.cfm http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=361 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=362 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=363 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=364 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=365 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=366 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=367 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=368 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=369 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /after_payroll.cfm?subpage=416 http://www.compupay.com/after_payroll_solutions/ Redirect 301 /payload_payroll.cfm http://www.compupay.com/payroll_solutions/payload/ Redirect 301 /payroll_services.cfm?subpage=358 http://www.compupay.com/payroll_solutions/ Redirect 301 /payroll_services.cfm?subpage=399 http://www.compupay.com/payroll_solutions/ Redirect 301 /payroll_services.cfm?subpage=409 http://www.compupay.com/payroll_solutions/ Redirect 301 /payroll_services.cfm?subpage=413 http://www.compupay.com/payroll_solutions/ Redirect 301 /payroll_services.cfm?subpage=418 http://www.compupay.com/payroll_solutions/ Redirect 301 /state_payroll/mississippi_payroll.cfm http://www.compupay.com/resource_center/state_resources/ <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / # Remove the www # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] # RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Force www RewriteCond %{HTTP_HOST} !^www.compupay.com$ [NC] RewriteRule ^(.*)$ http://www.compupay.com/$1 [R=301,L] # Add a trailing slash to paths without an extension RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$ RewriteRule ^(.*)$ $1/ [L,R=301] #Legacy Partner Link Redirect RewriteCond %{QUERY_STRING} partnerCode=(.*) [NC] RewriteRule compupay_payroll.cfm site/%1? [R=301,L] # Catch any remaining requests for .cfm files RewriteCond %{REQUEST_URI} \.cfm RewriteRule ^.*$ http://www.compupay.com/ [R=301,L] #Expression Engine RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php?/$1 [L] AcceptPathInfo On </IfModule> # Remove IE image toolbar <FilesMatch "\.(html|htm|php)$"> Header set imagetoolbar "no" </FilesMatch> # enable gzip compression <FilesMatch "\.(js|css|php)$"> SetOutputFilter DEFLATE </FilesMatch> #Deal with ETag <IfModule mod_headers.c> <FilesMatch "\.(ico|flv|jpg|jpeg|png|gif)$"> Header unset Last-Modified </FilesMatch> <FilesMatch "\.(ico|flv|jpg|jpeg|png|gif|js|css|swf)$"> Header unset ETag FileETag None Header set Cache-Control "public" </FilesMatch> </IfModule> <IfModule mod_expires.c> <FilesMatch "\.(ico|flv|jpg|jpeg|png|gif|css|js)$"> ExpiresActive on ExpiresDefault "access plus 1 year" </FilesMatch> </IfModule> #Force Download PDFs <FilesMatch "\.(?i:pdf)$"> ForceType application/octet-stream Header set Content-Disposition attachment </FilesMatch> #Increase Upload Size php_value upload_max_filesize 5M php_value post_max_size 5M # -- LG .htaccess Generator End --

    Read the article

  • Trouble on setting SSL certificates for Virtual Hosts using Apache\Phusion Passenger in localhost

    - by user502052
    I am using Ruby on Rails 3 and I would like to make to work HTTPS connections on localhost. I am using: Apache v2 + Phusion Passenger Mac OS + Snow Leopard v10.6.6 My Ruby on Rails installation use the Typhoeus gem (it is possible to use the Ruby net\http library but the result doesn't change) to make HTTP requests over HTTPS. I created self-signed ca.key, pjtname.crt and pjtname.key as detailed on the Apple website. Notice: Following instruction from the Apple website, on running the openssl req -new -key server.key -out server.csr command (see the link) at this point Common Name (eg, YOUR name) []: (this is the important one) I entered *pjtname.com so that is valid for all sub_domain of that site. In my Apache httpd.conf I have two virtual hosts configured in this way: # Secure (SSL/TLS) connections #Include /private/etc/apache2/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> Include /private/etc/apache2/other/*.conf # Passenger configuration LoadModule passenger_module /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2/ext/apache2/mod_passenger.so PassengerRoot /Users/<my_user_name>/.rvm/gems/ruby-1.9.2-p136/gems/passenger-3.0.2 PassengerRuby /Users/<my_user_name>/.rvm/wrappers/ruby-1.9.2-p136/ruby # Go ahead and accept connections for these vhosts # from non-SNI clients SSLStrictSNIVHostCheck off # Ensure that Apache listens on port 443 Listen 443 # Listen for virtual host requests on all IP addresses NameVirtualHost *:80 NameVirtualHost *:443 # # PJTNAME.COM and subdomains SETTING # <VirtualHost *:443> # Because this virtual host is defined first, it will # be used as the default if the hostname is not received # in the SSL handshake, e.g. if the browser doesn't support # SNI. ServerName pjtname.com:443 DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public" ServerAdmin [email protected] ErrorLog "/private/var/log/apache2/error_log" TransferLog "/private/var/log/apache2/access_log" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on # Self Signed certificates # Server Certificate SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt # Server Private Key SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key # Server Intermediate Bundle SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt </VirtualHost> # HTTP Setting <VirtualHost *:80> ServerName pjtname.com DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/pjtname.com/public"> Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost *:443> ServerName users.pjtname.com:443 DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public" ServerAdmin [email protected] ErrorLog "/private/var/log/apache2/error_log" TransferLog "/private/var/log/apache2/access_log" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on # Self Signed certificates # Server Certificate SSLCertificateFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.crt # Server Private Key SSLCertificateKeyFile /private/etc/apache2/ssl/wildcard.certificate/pjtname.key # Server Intermediate Bundle SSLCertificateChainFile /private/etc/apache2/ssl/wildcard.certificate/ca.crt </VirtualHost> # HTTP Setting <VirtualHost *:80> ServerName users.pjtname.com DocumentRoot "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public" RackEnv development <Directory "/Users/<my_user_name>/Sites/pjtname.com/users.pjtname.com/public"> Order allow,deny Allow from all </Directory> </VirtualHost> In the host file I have: ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost # PJTNAME.COM SETTING 127.0.0.1 pjtname.com 127.0.0.1 users.pjtname.com All seems to work properly because I have already set everything (I think correctly): I generated a wildcard certificate for my domains and sub-domains (in this example: *.pjtname.com) I have set base-named virtualhosts in the http.conf file listening on port :433 and :80 My browser accept certificates also if it alerts me that those aren't safe (notice: I must accept certificates for each domain\sub-domain; that is, [only] at the first time I access a domain or sub-domain over HTTPS I must do the same procedure for acceptance) and I can have access to pages using HTTPS After all this work, when I make a request using Typhoeus (I can use also the Ruby Net::Http library and the result doesn't change) from the pjtname.com RoR application: # Typhoeus request Typhoeus::Request.get("https://users.pjtname.com/") I get something like a warning about the certificate: --- &id001 !ruby/object:Typhoeus::Response app_connect_time: 0.0 body: "" code: 0 connect_time: 0.000625 # Here is the warning curl_error_message: Peer certificate cannot be authenticated with known CA certificates curl_return_code: 60 effective_url: https://users.pjtname.com/ headers: "" http_version: mock: false name_lookup_time: 0.000513 pretransfer_time: 0.0 request: !ruby/object:Typhoeus::Request after_complete: auth_method: body: ... All this means that something is wrong. So, what I have to do to avoid the "Peer certificate cannot be authenticated with known CA certificates" warning and make the HTTPS request to work? Where is\are the error\errors (I think in the Apache configuration, but where?!)? P.S.: if you need some more info, let me know.

    Read the article

  • HttpPost works in Java project, not in Android

    - by dave.c
    I've written some code for my Android device to login to a web site over https and parse some data out of the resulting pages. An HttpGet happens first to get some info needed for login, then an HttpPost to do the actual login process. The code below works great in a Java project within Eclipse which has the following Jar files on the build path: httpcore-4.1-beta2.jar, httpclient-4.1-alpha2.jar, httpmime-4.1-alpha2.jar, commons-logging-1.1.1.jar. public static MyBean gatherData(String username, String password) { MyBean myBean = new MyBean(); try { HttpResponse response = doHttpGet(URL_PAGE_LOGIN, null, null); System.out.println("Got login page"); String content = EntityUtils.toString(response.getEntity()); String token = ContentParser.getToken(content); String cookie = getCookie(response); System.out.println("Performing login"); System.out.println("token = "+token +" || cookie = "+cookie); response = doLoginPost(username,password,cookie, token); int respCode = response.getStatusLine().getStatusCode(); if (respCode != 302) { System.out.println("ERROR: not a 302 redirect!: code is \""+ respCode+"\""); if (respCode == 200) { System.out.println(getHeaders(response)); System.out.println(EntityUtils.toString(response.getEntity()).substring(0, 500)); } } else { System.out.println("Logged in OK, loading account home"); // redirect handler and rest of parse removed } }catch (Exception e) { System.out.println("ERROR in gatherdata: "+e.toString()); e.printStackTrace(); } return myBean; } private static HttpResponse doHttpGet(String url, String cookie, String referrer) { try { HttpClient client = new DefaultHttpClient(); client.getParams().setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1); client.getParams().setParameter(CoreProtocolPNames.HTTP_CONTENT_CHARSET, "UTF-8"); HttpGet httpGet = new HttpGet(url); httpGet.getParams().setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1); httpGet.setHeader(HEADER_USER_AGENT,HEADER_USER_AGENT_VALUE); if (referrer != null && !referrer.equals("")) httpGet.setHeader(HEADER_REFERER,referrer); if (cookie != null && !cookie.equals("")) httpGet.setHeader(HEADER_COOKIE,cookie); return client.execute(httpGet); } catch (Exception e) { e.printStackTrace(); throw new ConnectException("Failed to read content from response"); } } private static HttpResponse doLoginPost(String username, String password, String cookie, String token) throws ClientProtocolException, IOException { try { HttpClient client = new DefaultHttpClient(); client.getParams().setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1); client.getParams().setParameter(CoreProtocolPNames.HTTP_CONTENT_CHARSET, "UTF-8"); HttpPost post = new HttpPost(URL_LOGIN_SUBMIT); post.getParams().setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1); post.setHeader(HEADER_USER_AGENT,HEADER_USER_AGENT_VALUE); post.setHeader(HEADER_REFERER, URL_PAGE_LOGIN); post.setHeader(HEADER_COOKIE, cookie); post.setHeader("Content-Type","application/x-www-form-urlencoded"); List<NameValuePair> formParams = new ArrayList<NameValuePair>(); formParams.add(new BasicNameValuePair("org.apache.struts.taglib.html.TOKEN", token)); formParams.add(new BasicNameValuePair("showLogin", "true")); formParams.add(new BasicNameValuePair("upgrade", "")); formParams.add(new BasicNameValuePair("username", username)); formParams.add(new BasicNameValuePair("password", password)); formParams.add(new BasicNameValuePair("submit", "Secure+Log+in")); UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formParams,HTTP.UTF_8); post.setEntity(entity); return client.execute(post); } catch (Exception e) { e.printStackTrace(); throw new ConnectException("ERROR in doLoginPost(): "+e.getMessage()); } } The server (which is not under my control) returns a 302 redirect when the login was successful, and 200 if it fails and re-loads the login page. When run with the above Jar files I get the 302 redirect, however if I run the exact same code from an Android project with the 1.6 Android Jar file on the build path I get the 200 response from the server. I get the same 200 response when running the code on my 2.2 device. My android application has internet permissions, and the HttpGet works fine. I'm assuming that the problem lies in the fact that HttpPost (or some other class) is different in some significant way between the Android Jar version and the newer Apache versions. I've tried adding the Apache libraries to the build path of the Android project, but due to the duplicate classes I get messages like: INFO/dalvikvm(390): DexOpt: not resolving ambiguous class 'Lorg/apache/http/impl/client/DefaultHttpClient;' in the log. I've also tried using a MultipartEntity instead of the UrlEncodedFormEntity but I get the same 200 result. So, I have a few questions: - Can I force the code running under android to use the newer Apache libraries in preference to the Android versions? - If not, does anyone have any ideas how can I alter my code so that it works with the Android Jar? - Are there any other, totally different approaches to doing an HttpPost in Android? - Any other ideas? I've read a lot of posts and code but I'm not getting anywhere. I've been stuck on this for a couple of days and I'm at a loss how to get the thing to work, so I'll try anything at this point. Thanks in advance.

    Read the article

  • Asp.net Google Charts SSL handler for GeoMap

    - by Ian
    Hi All, I am trying to view Google charts in a site using SSL. Google Charts do not support SSL so if we use the standard charts, we get warning messages. My plan is to create a ASHX handler that is co9ntained in the secure site that will retrieve the content from Google and serve this to the page the user is viewing. Using VS 2008 SP1 and the included web server, my idea works perfectly for both Firefox and IE 8 & 9(Preview) and I am able to see my geomap displayed on my page as it should be. But my problem is when I publish to IIS7 the page using my handler to generate the geomap works in Firefox but not IE(every version). There are no errors anywhere or in any log files, but when i right click in IE in the area where the map should be displayed, I see the message in the context menu saying "movie not loaded" Below is the code from my handler and the aspx page. I have disabled compression in my web.config. Even in IE I am hitting all my break points and when I use the IE9 Developer tools, the web page is correctly generated with all the correct code, url's and references. If you have any better ways to accomplish this or how i can fix my problem, I will appreciate it. Thanks Ian Handler(ASHX) public void ProcessRequest(HttpContext context) { String url = "http://charts.apis.google.com/jsapi"; string query = context.Request.QueryString.ToString(); if (!string.IsNullOrEmpty(query)) { url = query; } HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(new Uri(HttpUtility.UrlDecode(url))); request.UserAgent = context.Request.UserAgent; WebResponse response = request.GetResponse(); string PageContent = string.Empty; StreamReader Reader; Stream webStream = response.GetResponseStream(); string contentType = response.ContentType; context.Response.BufferOutput = true; context.Response.ContentType = contentType; context.Response.Cache.SetCacheability(HttpCacheability.NoCache); context.Response.Cache.SetNoServerCaching(); context.Response.Cache.SetMaxAge(System.TimeSpan.Zero); string newUrl = IanLearning.Properties.Settings.Default.HandlerURL; //"https://localhost:444/googlesecurecharts.ashx?"; if (response.ContentType.Contains("javascript")) { Reader = new StreamReader(webStream); PageContent = Reader.ReadToEnd(); PageContent = PageContent.Replace("http://", newUrl + "http://"); PageContent = PageContent.Replace("charts.apis.google.com", newUrl + "charts.apis.google.com"); PageContent = PageContent.Replace(newUrl + "http://maps.google.com/maps/api/", "http://maps.google.com/maps/api/"); context.Response.Write(PageContent); } else { { byte[] bytes = ReadFully(webStream); context.Response.BinaryWrite(bytes); } } context.Response.Flush(); response.Close(); webStream.Close(); context.Response.End(); context.ApplicationInstance.CompleteRequest(); } ASPX Page <%@ Page Title="" Language="C#" MasterPageFile="~/Site2.Master" AutoEventWireup="true" CodeBehind="googlechart.aspx.cs" Inherits="IanLearning.googlechart" %> <asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server"> <script type='text/javascript' src='~/googlesecurecharts.ashx?'></script> <script type='text/javascript'> google.load('visualization', '1', { 'packages': ['geomap'] }); google.setOnLoadCallback(drawMap); var geomap; function drawMap() { var data = new google.visualization.DataTable(); data.addRows(6); data.addColumn('string', 'City'); data.addColumn('number', 'Sales'); data.setValue(0, 0, 'ZA'); data.setValue(0, 1, 200); data.setValue(1, 0, 'US'); data.setValue(1, 1, 300); data.setValue(2, 0, 'BR'); data.setValue(2, 1, 400); data.setValue(3, 0, 'CN'); data.setValue(3, 1, 500); data.setValue(4, 0, 'IN'); data.setValue(4, 1, 600); data.setValue(5, 0, 'ZW'); data.setValue(5, 1, 700); var options = {}; options['region'] = 'world'; options['dataMode'] = 'regions'; options['showZoomOut'] = false; var container = document.getElementById('map_canvas'); geomap = new google.visualization.GeoMap(container); google.visualization.events.addListener( geomap, 'regionClick', function(e) { drillDown(e['region']); }); geomap.draw(data, options); }; function drillDown(regionData) { alert(regionData); } </script> </asp:Content> <asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server"> <div id='map_canvas'> </div> </asp:Content>

    Read the article

  • My PHP login no longer works

    - by Matt Clayton
    This page worked like a charm for years... enter the correspondng user id and password and you would be redirected to your directory. Now suddenly, all attempts to log in - valid or otherwise - result in the page remaining static... no message, no redirect, nothing. Nothing in the code has changed, it just plain doesn't work anymore. Could this be the result of some kind of change on the server side? Yeah, I know it's not super secure, but it was good enough for our purposes. I'm certainly open to better suggestions. I just need it to work... and keep working. Please be gentle! I know almost nothing of programming. Here is the page code: <meta http-equiv="Content-Type" content="text/html;charset=utf-8" > <link href="ilium.css" rel="stylesheet" media="screen"> <title>Ilium: Client Login</title> </head> <body bgcolor="#bfbfcc" background="img/loginbg.gif"> <?php /* init vars */ $userExists = false; $userIndex = -1; $authenicated = false; /*********************************************** * edit this to add new users/password * * - add user/pass/directory to the array * * below: must be in same array index to work * ***********************************************/ $user = array('foo', 'bar'); $pass = array('foo', 'bar'); $directory = array('foo', 'bar'); // run user/pass check if data passed if (isset($username) && isset($password)) { // check if user name exists for ($i = 0; $i < count($user); $i++) { if ($user[$i] == $username) { $userExists = true; $userIndex = $i; break; } } // so user exists, now test password if ($userExists) { $message = $message . "Username Valid<br>\n"; if ($pass[$userIndex] == $password) { $authenicated = true; $link = "/incoming/clients050203/" . $directory[$userIndex] . "/"; $message = $message . "Password Valid - Redirecting to your folder...<br>\n"; } else { $message = $message . "Incorrect Password<br>\n"; } } else { $message = $message . "Incorrect User Name<br>\n"; } } ?> <?php // user has been authenicated - move them to the correct directory if ($authenicated) { echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=" . $link . "\">"; } ?> <img src="img/spacer.gif" alt="" width="1" height="112" border="0"> <form action="login.php" method="post"> <table width="496"> <tr> <td width="100"></td> <td colspan="4" width="469"><img src="img/please.gif" alt="" width="469" height="19" border="0"></td> </tr> <tr> <td width="100"><img src="img/spacer.gif" alt="" width="100" height="1" border="0"></td> <td width="227"> <img src="img/spacer.gif" alt="" width="227" height="1" border="0"><br> </td> <td align="right" valign="top" width="84"><input type="text" name="username" size="12"><br></td> <td width="43"><img src="img/spacer.gif" alt="" width="43" height="1" border="0"><br> <br> </td> <td align="right" valign="top" width="109"><input type="password" name="password" size="16"> <p><br> </p> </td> </tr> <tr> <td width="100"></td> <td valign="top" width="227"><div class="messages"><?=$message?></div></td> <td width="84"><br> </td> <td width="43"><br> </td> <td align="right" width="109"><input type="image" src="img/enter.gif" ALT="enter"><br> <br> <br> <br> <br> </td> </tr> </table> </form> </body> </html>

    Read the article

  • WCF. BasicHttpBinding Certificates.

    - by Andrew Kalashnikov
    Hello colleagues. I've got some problems. I've created WCF service with basicHttpBinding and hosted by IIS 6.0. <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BindingConfiguration1" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"> <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/> <security mode="Transport"> <transport clientCredentialType="None" /> </security> </binding> </basicHttpBinding> </bindings> <services> <service name="RegistratorService.Registrator" behaviorConfiguration="RegistratorService.Service1Behavior"> <endpoint address="" binding="basicHttpBinding" contract="RegistratorService.IRegistrator" bindingConfiguration="BindingConfiguration1"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="RegistratorService.Service1Behavior"> <serviceCredentials> <clientCertificate> <authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/> </clientCertificate> <serviceCertificate storeLocation="LocalMachine" storeName="My" findValue="CN=Server" /> </serviceCredentials> <serviceMetadata httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> Also I have cert authority on this server and I issue certs for server and client. I server cert at server and client cert at client. When I try consume service from client I get famous: "Could not establish trust relationship for the SSL/TLS secure channel with authority" All sites recommend override ServicePointManager.ServerCertificateValidationCallback by set return value to true. Bu I want decide this issue other right way. My client config: <system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="ClientBehavior"> <clientCredentials> <serviceCertificate> <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/> </serviceCertificate> <clientCertificate findValue="CN=PharmPortal" storeLocation="LocalMachine" storeName="My"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_IRegistrator" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="Transport"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> </security> </binding> </basicHttpBinding> </bindings> <client > <endpoint address="https://aurit-server2/Registrator.svc" binding="basicHttpBinding" behaviorConfiguration="ClientBehavior" bindingConfiguration="BasicHttpBinding_IRegistrator" contract="ServiceReference1.IRegistrator" name="BasicHttpBinding_IRegistrator" > <identity> <dns value="Server" /> </identity> </endpoint> </client> </system.serviceModel> I set up client certificate. Why i get error?

    Read the article

  • SSL confirmation dialog popup auto closes in IE8 when re-accessing a JNLP file

    - by haylem
    I'm having this very annoying problem to troubleshoot and have been going at it for way too many days now, so have a go at it. The Environment We have 2 app-servers, which can be located on either the same machine or 2 different machines, and use the same signing certificate, and host 2 different web-apps. Though let's say, for the sake of our study case here, that they are on the same physical machine. So, we have: https://company.com/webapp1/ https://company.com/webapp2/ webapp1 is GWT-based rich-client which contains on one of its screens a menu with an item that is used to invoke a Java WebStart Client located on webapp2. It does so by performing a simple window.open call via this GWT call: Window.open("https://company.com/webapp2/app.jnlp", "_blank", null); Expected Behavior User merrilly goes to webapp1 User navigates to menu entry to start the WebStart app and clicks on it browser fires off a separate window/dialog which, depending on the browser and its security settings, will: request confirmation to navigate to this secure site, directly download the file, and possibly auto-execute a javaws process if there's a file association, otherwise the user can simply click on the file and start the app (or go about doing whatever it takes here). If you close the app, close the dialog, and re-click the menu entry, the same thing should happen again. Actual Behavior On Anything but God-forsaken IE 8 (Though I admit there's also all the god-forsaken pre-IE8 stuff, but the Requirements Lords being merciful we have already recently managed to make them drop these suckers. That was close. Let's hold hands and say a prayer of gratitude.) Stuff just works. JNLP gets downloaded, app executes just fine, you can close the app and re-do all the steps and it will restart happily. People rejoice. Puppies are safe and play on green hills in the sunshine. Developers can go grab a coffee and move on to more meaningful and rewarding tasks, like checking out on SO questions. Chrome doesn't want to execute the JNLP, but who cares? Customers won't get RSI from clicking a file every other week. On God-forsaken IE8 On the first visit, the dialog opens and requests confirmation for the user to continue to webapp2, though it could be unsafe (here be dragons, I tell you). The JNLP downloads and auto-opens, the app start. Your breathing is steady and slow. You close the app, close that SSL confirmation dialog, and re-click the menu entry. The dialog opens and auto-closes. Nothing starts, the file wasn't downloaded to any known location and Fiddler just reports the connection was closed. If you close IE and reach that menu item to click it again, it is now back to working correctly. Until you try again during the same session, of course. Your heart-rate goes up, you get some more coffee to make matters worse, and start looking for plain tickets online and a cheap but heavy golf-club on an online auction site to go clubbing baby polar seals to avenge your bloodthirst, as the gates to the IE team in Redmond are probably more secured than an ice block, as one would assume they get death threats often. Plus, the IE9 and IE10 teams are already hard at work fxing the crap left by their predecessors, so maybe you don't want to be too hard on them, and you don't have money to waste on a PI to track down the former devs responsible for this mess. Added Details I have come across many problems with IE8 not downloading files over SSL when it uses a no-cache header. This was indeed one of our problems, which seems to be worked out now. It downloads files fine, webapp2 uses the following headers to serve the JNLP file: response.setHeader("Cache-Control", "private, must-revalidate"); // IE8 happy response.setHeader("Pragma", "private"); // IE8 happy response.setHeader("Expires", "0"); // IE8 happy response.setHeader("Access-Control-Allow-Origin", "*"); // allow to request via cross-origin AJAX response.setContentType("application/x-java-jnlp-file"); // please exec me As you might have inferred, we get some confirmation dialog because there's something odd with the SSL certificate. Unfortunately I have no control over that. Assuming that's only temporary and for development purposes as we usually don't get our hands on the production certs. So the SSL cert is expired and doesn't specify the server. And the confirmation dialog. Wouldn't be that bad if it weren't for IE, as other browsers don't care, just ask for confirmation, and execute as expected and consistantly. Please, pretty please, help me, or I might consider sacrificial killings as an option. And I think I just found a decently prized stainless steel golf-club, so I'm right on the edge of gore. Side Notes Might actually be related to IE8 window.open SSL Certificate issue. Though it doesn't explain why the dialog would auto-close (that really is beyong me...), it could help to not have the confirmation dialog and not need the dialog at all. For instance, I was thinking that just having a simple URL in that menu instead of have it entirely managed by GWT code to invoke a Window.open would solve the problem. But I don't have control on that menu, and also I'm very curious how this could be fixed otherwise and why the hell it happens in the first place...

    Read the article

  • Creating a file upload template in Doctrine ORM

    - by balupton
    Hey all. I'm using Doctrine 1.2 as my ORM for a Zend Framework Project. I have defined the following Model for a File. File: columns: id: primary: true type: integer(4) unsigned: true code: type: string(255) unique: true notblank: true path: type: string(255) notblank: true size: type: integer(4) type: type: enum values: [file,document,image,video,audio,web,application,archive] default: unknown notnull: true mimetype: type: string(20) notnull: true width: type: integer(2) unsigned: true height: type: integer(2) unsigned: true Now here is the File Model php class (just skim through for now): <?php /** * File * * This class has been auto-generated by the Doctrine ORM Framework * * @package ##PACKAGE## * @subpackage ##SUBPACKAGE## * @author ##NAME## <##EMAIL##> * @version SVN: $Id: Builder.php 6365 2009-09-15 18:22:38Z jwage $ */ class File extends BaseFile { public function setUp ( ) { $this->hasMutator('file', 'setFile'); parent::setUp(); } public function setFile ( $file ) { global $Application; // Configuration $config = array(); $config['bal'] = $Application->getOption('bal'); // Check the file if ( !empty($file['error']) ) { $error = $file['error']; switch ( $file['error'] ) { case UPLOAD_ERR_INI_SIZE : $error = 'ini_size'; break; case UPLOAD_ERR_FORM_SIZE : $error = 'form_size'; break; case UPLOAD_ERR_PARTIAL : $error = 'partial'; break; case UPLOAD_ERR_NO_FILE : $error = 'no_file'; break; case UPLOAD_ERR_NO_TMP_DIR : $error = 'no_tmp_dir'; break; case UPLOAD_ERR_CANT_WRITE : $error = 'cant_write'; break; default : $error = 'unknown'; break; } throw new Doctrine_Exception('error-application-file-' . $error); return false; } if ( empty($file['tmp_name']) || !is_uploaded_file($file['tmp_name']) ) { throw new Doctrine_Exception('error-application-file-invalid'); return false; } // Prepare config $file_upload_path = realpath($config['bal']['files']['upload_path']) . DIRECTORY_SEPARATOR; // Prepare file $filename = $file['name']; $file_old_path = $file['tmp_name']; $file_new_path = $file_upload_path . $filename; $exist_attempt = 0; while ( file_exists($file_new_path) ) { // File already exists // Pump exist attempts ++$exist_attempt; // Add the attempt to the end of the file $file_new_path = $file_upload_path . get_filename($filename,false) . $exist_attempt . get_extension($filename); } // Move file $success = move_uploaded_file($file_old_path, $file_new_path); if ( !$success ) { throw new Doctrine_Exception('Unable to upload the file.'); return false; } // Secure $file_path = realpath($file_new_path); $file_size = filesize($file_path); $file_mimetype = get_mime_type($file_path); $file_type = get_filetype($file_path); // Apply $this->path = $file_path; $this->size = $file_size; $this->mimetype = $file_mimetype; $this->type = $file_type; // Apply: Image if ( $file_type === 'image' ) { $image_dimensions = image_dimensions($file_path); if ( !empty($image_dimensions) ) { // It is not a image we can modify $this->width = 0; $this->height = 0; } else { $this->width = $image_dimensions['width']; $this->height = $image_dimensions['height']; } } // Done return true; } /** * Download the File * @return */ public function download ( ) { global $Application; // File path $file_upload_path = realpath($config['bal']['files']['upload_path']) . DIRECTORY_SEPARATOR; $file_path = $file_upload_path . $this->file_path; // Output result and download become_file_download($file_path, null, null); die(); } public function postDelete ( $Event ) { global $Application; // Prepare $Invoker = $Event->getInvoker(); // Configuration $config = array(); $config['bal'] = $Application->getOption('bal'); // File path $file_upload_path = realpath($config['bal']['files']['upload_path']) . DIRECTORY_SEPARATOR; $file_path = $file_upload_path . $this->file_path; // Delete the file unlink($file_path); // Done return true; } } What I am hoping to accomplish is so that the above custom functionality within my model file can be turned into a validator, template, or something along the lines. So hopefully I can do something like: File: actAs: BalFile: columns: id: primary: true type: integer(4) unsigned: true code: type: string(255) unique: true notblank: true path: type: string(255) notblank: true size: type: integer(4) type: type: enum values: [file,document,image,video,audio,web,application,archive] default: unknown notnull: true mimetype: type: string(20) notnull: true width: type: integer(2) unsigned: true height: type: integer(2) unsigned: true I'm hoping for a validator so that say if I do $File->setFile($_FILE['uploaded_file']); It will provide a validation error, except in all the doctrine documentation it has little on custom validators, especially in the contect of "virtual" fields. So in summary, my question is: How earth can I go about making a template/extension to porting this functionality? I have tried before with templates but always gave up after a day :/ If you could take the time to port the above I would greatly appreciate it.

    Read the article

  • Only show items owned by the currently logged in user in category list view

    - by jalbasri
    I'd like to be able to provide a "Category List" view that only shows Articles that the currently logged in user owns. Is there somewhere I can edit the query used to populate the Category List view or an extension that provides this functionality. Thank you for any help you can provide. -J. Thank you for your answer. I've written the plugin. Instead of passing in an array of Articles the onContentBeforeDisplay function is called for every article and an ArrayObject of the single article gets passed in. I've been able to identify the articles I want not to be displayed but still cannot get them not to display. The $params variable has values such as "list_show_xxx" but I can't seem to change or access them. here is a var_dump($params): object(Joomla\Registry\Registry)#190 (1) { ["data":protected]=> object(stdClass)#250 (83) { ["article_layout"]=> string(9) "_:default" ["show_title"]=> string(1) "1" ["link_titles"]=> string(1) "1" ["show_intro"]=> string(1) "1" ["info_block_position"]=> string(1) "1" ["show_category"]=> string(1) "1" ["link_category"]=> string(1) "1" ["show_parent_category"]=> string(1) "0" ["link_parent_category"]=> string(1) "0" ["show_author"]=> string(1) "1" ["link_author"]=> string(1) "0" ["show_create_date"]=> string(1) "0" ["show_modify_date"]=> string(1) "0" ["show_publish_date"]=> string(1) "1" ["show_item_navigation"]=> string(1) "1" ["show_vote"]=> string(1) "0" ["show_readmore"]=> string(1) "1" ["show_readmore_title"]=> string(1) "1" ["readmore_limit"]=> string(3) "100" ["show_tags"]=> string(1) "1" ["show_icons"]=> string(1) "1" ["show_print_icon"]=> string(1) "1" ["show_email_icon"]=> string(1) "1" ["show_hits"]=> string(1) "1" ["show_noauth"]=> string(1) "0" ["urls_position"]=> string(1) "0" ["show_publishing_options"]=> string(1) "0" ["show_article_options"]=> string(1) "0" ["save_history"]=> string(1) "1" ["history_limit"]=> int(10) ["show_urls_images_frontend"]=> string(1) "0" ["show_urls_images_backend"]=> string(1) "1" ["targeta"]=> int(0) ["targetb"]=> int(0) ["targetc"]=> int(0) ["float_intro"]=> string(4) "left" ["float_fulltext"]=> string(4) "left" ["category_layout"]=> string(9) "_:default" ["show_category_heading_title_text"]=> string(1) "1" ["show_category_title"]=> string(1) "0" ["show_description"]=> string(1) "0" ["show_description_image"]=> string(1) "0" ["maxLevel"]=> string(1) "1" ["show_empty_categories"]=> string(1) "0" ["show_no_articles"]=> string(1) "1" ["show_subcat_desc"]=> string(1) "1" ["show_cat_num_articles"]=> string(1) "0" ["show_base_description"]=> string(1) "1" ["maxLevelcat"]=> string(2) "-1" ["show_empty_categories_cat"]=> string(1) "0" ["show_subcat_desc_cat"]=> string(1) "1" ["show_cat_num_articles_cat"]=> string(1) "1" ["num_leading_articles"]=> string(1) "1" ["num_intro_articles"]=> string(1) "4" ["num_columns"]=> string(1) "1" ["num_links"]=> string(1) "4" ["multi_column_order"]=> string(1) "0" ["show_subcategory_content"]=> string(1) "0" ["show_pagination_limit"]=> string(1) "1" ["filter_field"]=> string(5) "title" ["show_headings"]=> string(1) "1" ["list_show_date"]=> string(1) "0" ["date_format"]=> string(0) "" ["list_show_hits"]=> string(1) "1" ["list_show_author"]=> string(1) "1" ["orderby_pri"]=> string(5) "order" ["orderby_sec"]=> string(5) "rdate" ["order_date"]=> string(9) "published" ["show_pagination"]=> string(1) "2" ["show_pagination_results"]=> string(1) "1" ["show_feed_link"]=> string(1) "1" ["feed_summary"]=> string(1) "0" ["feed_show_readmore"]=> string(1) "0" ["display_num"]=> string(2) "10" ["menu_text"]=> int(1) ["show_page_heading"]=> int(0) ["secure"]=> int(0) ["page_title"]=> string(16) "Non-K2 News List" ["page_description"]=> string(33) "Bahrain Business Incubator Centre" ["page_rights"]=> NULL ["robots"]=> NULL ["access-edit"]=> bool(true) ["access-view"]=> bool(true) } } I've tried $params-data-list_show_author = "0" but then the page doesn't load, problem is accessing and changing the variables in $param. So the last step is to figure out how not to show the article. Any ideas?

    Read the article

  • Tomcat 6: Access Control Exception?

    - by iftrue
    I'm trying to setup a tomcat6 server, and I'm trying to match another setup someone else established. However, my deployment (default Ubuntu install) uses a policy.d/ directory structure, and the established server just uses a catalina.policy file. I've tried setting every entry in policy.d to match the given catalina.policy, but I still get the following stacktrace on boot (from localhost log). I have two questions, then. First, how do I get tomcat to use a single poilcy file, rather than the directory structure presented by policy.d/? Secondly, why, when I specify all files to use the same policy, do I still get the stack trace below? Stack trace: SEVERE: Servlet /myapp threw load() exception java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.org.apache.jasper) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:342) at java.security.AccessController.checkPermission(AccessController.java:553) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1529) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:291) at java.lang.ClassLoader.loadClass(ClassLoader.java:264) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1314) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1245) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:332) at org.apache.jasper.servlet.JspServlet.init(JspServlet.java:100) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:537) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:115) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1166) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:992) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4058) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4367) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:123) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:145) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:769) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:978) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:941) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:499) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1201) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:318) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177) Policy.d grant codeBase "file:${java.home}/lib/-" { permission java.security.AllPermission; }; // These permissions apply to all shared system extensions grant codeBase "file:${java.home}/jre/lib/ext/-" { permission java.security.AllPermission; }; // These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre grant codeBase "file:${java.home}/../lib/-" { permission java.security.AllPermission; }; // These permissions apply to all shared system extensions when // ${java.home} points at $JAVA_HOME/jre grant codeBase "file:${java.home}/lib/ext/-" { permission java.security.AllPermission; }; // ========== CATALINA CODE PERMISSIONS ======================================= // These permissions apply to the daemon code grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { permission java.security.AllPermission; }; // These permissions apply to the logging API grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { permission java.util.PropertyPermission "java.util.logging.config.class", "read"; permission java.util.PropertyPermission "java.util.logging.config.file", "read"; permission java.io.FilePermission "${java.home}${file.separator}lib${file.separator}logging.properties", "read"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read"; permission java.util.PropertyPermission "catalina.base", "read"; permission java.util.logging.LoggingPermission "control"; permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write"; permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write"; permission java.lang.RuntimePermission "getClassLoader"; // To enable per context logging configuration, permit read access to the appropriate file. // Be sure that the logging configuration is secure before enabling such access // eg for the examples web application: // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read"; }; // These permissions apply to the server startup code grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { permission java.security.AllPermission; }; // These permissions apply to the servlet API classes // and those that are shared across all class loaders // located in the "lib" directory grant codeBase "file:${catalina.home}/lib/-" { permission java.security.AllPermission; }; // ========== WEB APPLICATION PERMISSIONS ===================================== // These permissions are granted by default to all web applications // In addition, a web application will be given a read FilePermission // and JndiPermission for all files and directories in its document root. grant { // Required for JNDI lookup of named JDBC DataSource's and // javamail named MimePart DataSource used to send mail permission java.util.PropertyPermission "java.home", "read"; permission java.util.PropertyPermission "java.naming.*", "read"; permission java.util.PropertyPermission "javax.sql.*", "read"; // OS Specific properties to allow read access permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; // JVM properties to allow read access permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read"; // Required for OpenJMX permission java.lang.RuntimePermission "getAttribute"; // Allow read of JAXP compliant XML parser debug permission java.util.PropertyPermission "jaxp.debug", "read"; // Precompiled JSPs need access to this package. permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*"; // Precompiled JSPs need access to this system property. permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; };

    Read the article

  • mysql: Bind on unix socket: Permission denied

    - by Alex
    Can't start mysql with: sudo /usr/bin/mysqld_safe --datadir=/srv/mysql/myDB --log-error=/srv/mysql/logs/mysqld-myDB.log --pid-file=/srv/mysql/pids/mysqld-myDB.pid --user=mysql --socket=/srv/mysql/sockets/mysql-myDB.sock --port=3700 120222 13:40:48 mysqld_safe Starting mysqld daemon with databases from /srv/mysql/myDB 120222 13:40:54 mysqld_safe mysqld from pid file /srv/mysql/pids/mysqld-myDB.pid ended /srv/mysql/logs/mysqld-myDB.log: 120222 13:43:53 mysqld_safe Starting mysqld daemon with databases from /srv/mysql/myDB 120222 13:43:53 [Note] Plugin 'FEDERATED' is disabled. /usr/sbin/mysqld: Table 'plugin' is read only 120222 13:43:53 [ERROR] Can't open the mysql.plugin table. Please run mysql_upgrade to create it. 120222 13:43:53 InnoDB: Completed initialization of buffer pool 120222 13:43:53 InnoDB: Started; log sequence number 32 4232720908 120222 13:43:53 [ERROR] Can't start server : Bind on unix socket: Permission denied 120222 13:43:53 [ERROR] Do you already have another mysqld server running on socket: /srv/mysql/sockets/mysql-myDB.sock ? 120222 13:43:53 [ERROR] Aborting 120222 13:43:53 InnoDB: Starting shutdown... One instance mysqld is running: $ ps aux | grep mysql mysql 1093 0.0 0.2 169972 18700 ? Ssl 11:50 0:02 /usr/sbin/mysqld $ Port 3700 is available: $ netstat -a | grep 3700 $ Directory with sockets is empty: $ ls /srv/mysql/sockets/ $ There are all permissions: $ ls -l /srv/mysql/ total 20 drwxrwxrwx 2 mysql mysql 4096 2012-02-22 13:28 logs drwxrwxrwx 13 mysql mysql 4096 2012-02-22 13:44 myDB drwxrwxrwx 2 mysql mysql 4096 2012-02-22 12:55 pids drwxrwxrwx 2 mysql mysql 4096 2012-02-22 12:55 sockets drwxrwxrwx 2 mysql mysql 4096 2012-02-22 13:25 version Apparmor config: $cat /etc/apparmor.d/usr.sbin.mysqld # vim:syntax=apparmor # Last Modified: Tue Jun 19 17:37:30 2007 #include <tunables/global> /usr/sbin/mysqld flags=(complain) { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/user-tmp> #include <abstractions/mysql> #include <abstractions/winbind> capability dac_override, capability sys_resource, capability setgid, capability setuid, network tcp, /etc/hosts.allow r, /etc/hosts.deny r, /etc/mysql/*.pem r, /etc/mysql/conf.d/ r, /etc/mysql/conf.d/* r, /etc/mysql/*.cnf r, /usr/lib/mysql/plugin/ r, /usr/lib/mysql/plugin/*.so* mr, /usr/sbin/mysqld mr, /usr/share/mysql/** r, /var/log/mysql.log rw, /var/log/mysql.err rw, /var/lib/mysql/ r, /var/lib/mysql/** rwk, /var/log/mysql/ r, /var/log/mysql/* rw, /{,var/}run/mysqld/mysqld.pid w, /{,var/}run/mysqld/mysqld.sock w, /srv/mysql/ r, /srv/mysql/** rwk, /sys/devices/system/cpu/ r, # Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.mysqld> } Any suggestions? UPD1: $ touch /srv/mysql/sockets/mysql-myDB.sock $ sudo chown mysql:mysql /srv/mysql/sockets/mysql-myDB.sock $ ls -l /srv/mysql/sockets/mysql-myDB.sock -rw-rw-r-- 1 mysql mysql 0 2012-02-22 14:29 /srv/mysql/sockets/mysql-myDB.sock $ sudo /usr/bin/mysqld_safe --datadir=/srv/mysql/myDB --log-error=/srv/mysql/logs/mysqld-myDB.log --pid-file=/srv/mysql/pids/mysqld-myDB.pid --user=mysql --socket=/srv/mysql/sockets/mysql-myDB.sock --port=3700 120222 14:30:18 mysqld_safe Can't log to error log and syslog at the same time. Remove all --log-error configuration options for --syslog to take effect. 120222 14:30:18 mysqld_safe Logging to '/srv/mysql/logs/mysqld-myDB.log'. 120222 14:30:18 mysqld_safe Starting mysqld daemon with databases from /srv/mysqlmyDB 120222 14:30:24 mysqld_safe mysqld from pid file /srv/mysql/pids/mysqld-myDB.pid ended $ ls -l /srv/mysql/sockets/mysql-myDB.sock ls: cannot access /srv/mysql/sockets/mysql-myDB.sock: No such file or directory $ UPD2: $ sudo netstat -lnp | grep mysql tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1093/mysqld unix 2 [ ACC ] STREAM LISTENING 5912 1093/mysqld /var/run/mysqld/mysqld.sock $ sudo lsof | grep /srv/mysql/sockets/mysql-myDB.sock lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system /home/sears/.gvfs Output information may be incomplete. UPD3: $ cat /etc/mysql/my.cnf # # The MySQL database server configuration file. # # You can copy this to one of: # - "/etc/mysql/my.cnf" to set global options, # - "~/.my.cnf" to set user-specific options. # # One can use all long options that the program supports. # Run program with --help to get a list of available options and with # --print-defaults to see which it would actually understand and use. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html # This will be passed to all mysql clients # It has been reported that passwords should be enclosed with ticks/quotes # escpecially if they contain "#" chars... # Remember to edit /etc/mysql/debian.cnf when changing the socket location. [client] port = 3306 socket = /var/run/mysqld/mysqld.sock # Here is entries for some specific programs # The following values assume you have at least 32M ram # This was formally known as [safe_mysqld]. Both versions are currently parsed. [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] # # * Basic Settings # # # * IMPORTANT # If you make changes to these settings and your system uses apparmor, you may # also need to also adjust /etc/apparmor.d/usr.sbin.mysqld. # user = mysql socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 # # * Fine Tuning # key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover = BACKUP #max_connections = 100 #table_cache = 64 #thread_concurrency = 10 # # * Query Cache Configuration # query_cache_limit = 1M query_cache_size = 16M # # * Logging and Replication # # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. # As of 5.1 you can enable the log at runtime! #general_log_file = /var/log/mysql/mysql.log #general_log = 1 log_error = /var/log/mysql/error.log # Here you can see queries with especially long duration #log_slow_queries = /var/log/mysql/mysql-slow.log #long_query_time = 2 #log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. #server-id = 1 #log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M #binlog_do_db = include_database_name #binlog_ignore_db = include_database_name # # * InnoDB # # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! # # * Security Features # # Read the manual, too, if you want chroot! # chroot = /var/lib/mysql/ # # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". # # ssl-ca=/etc/mysql/cacert.pem # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem [mysqldump] quick quote-names max_allowed_packet = 16M [mysql] #no-auto-rehash # faster start of mysql but no tab completition [isamchk] key_buffer = 16M # # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/

    Read the article

  • How to find and fix issue with Pound and HAProxy

    - by javano
    Pound sits in front of HAProxy (on the same box) to perform SSL off-load. Requests are passed to 127.0.0.1:80 where HAProxy then balances the requests across backend servers for a hosted ASP .NET web app. A user is getting HTTP error 500 (Internal Server Error) returned to their browser this morning and I can see it is comming from Pound. They see no log entry in their web app (IIS) server logs, so its not hitting the back end servers. I think the problem is possibly with HAProxy. Lets review the logs: Initialy the users (1.2.3.4) hits Pound on the load balancer: Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:23 +0000] "POST /eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d HTTP/1.1" 200 155721 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:24 +0000] "GET /Controls/ReferringOrganisationLogoImageHandler.ashx HTTP/1.1" 200 142 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:24 +0000] "GET /eventmanagement/WebCoreModule.ashx?__ac=1&__ac_wcmid=RAWCIL&__ac_lib=Radactive.WebControls.ILoad&__ac_key=RAWVCO_11&__ac_sid=fnoz2hmvirfivb2btbubbw45&__ac_cn=&__ac_cp=BVDXDWFLDWFMHDFJBOEGBDFLFOD5EEFD&__ac_fr=634883113445054092&__ac_ssid= HTTP/1.1" 200 11206 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:24 lb1 pound: a-website.com 1.2.3.4 - - [12/Nov/2012:10:02:24 +0000] "GET /eventmanagement/WebCoreModule.ashx?__ac=1&__ac_wcmid=RAWCIL&__ac_lib=Radactive.WebControls.ILoad&__ac_key=RAWCCIL_11&__ac_sid=fnoz2hmvirfivb2btbubbw45&__ac_cn=&__ac_cp=BVDXDWFLDWFMHDFJBOEGBDFLFOD5EEFD&__ac_fr=634883113445054092 HTTP/1.1" 200 43496 "https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4" Nov 12 10:02:42 lb1 pound: (7f819fff8700) e500 for 1.2.3.4 response error read from 127.0.0.1:80/POST /eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d HTTP/1.1: Connection timed out (15.121 secs) Above we can see the request comming in from the user at IP address 1.2.3.4, eventually Pound returns error 500 with the message "Connection timed out (15.121 secs)". Running HAProxy in debug mode, we can see the request come in; user@box:/var/log$ sudo /etc/init.d/haproxy restart Restarting haproxy: haproxy[WARNING] 316/100042 (19218) : <debug> mode incompatible with <quiet> and <daemon>. Keeping <debug> only. Available polling systems : sepoll : pref=400, test result OK epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 4 (4 usable), will use sepoll. Using sepoll() as the polling mechanism. ....... 00000008:iis-servers.srvrep[0008:0009]: HTTP/1.1 200 OK 00000008:iis-servers.srvhdr[0008:0009]: Cache-Control: private 00000008:iis-servers.srvhdr[0008:0009]: Pragma: no-cache 00000008:iis-servers.srvhdr[0008:0009]: Content-Length: 22211 00000008:iis-servers.srvhdr[0008:0009]: Content-Type: text/plain; charset=utf-8 00000008:iis-servers.srvhdr[0008:0009]: Server: Microsoft-IIS/7.0 00000008:iis-servers.srvhdr[0008:0009]: X-AspNet-Version: 2.0.50727 00000008:iis-servers.srvhdr[0008:0009]: X-Powered-By: ASP.NET 00000008:iis-servers.srvhdr[0008:0009]: Date: Mon, 12 Nov 2012 10:01:25 GMT 00000009:iis-servers.accept(0004)=000a from [127.0.0.1:53556] 00000009:iis-servers.clireq[000a:ffff]: GET /Logoff.aspx HTTP/1.1 00000009:iis-servers.clihdr[000a:ffff]: Host: a-website.com 00000009:iis-servers.clihdr[000a:ffff]: Connection: keep-alive 00000009:iis-servers.clihdr[000a:ffff]: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4 00000009:iis-servers.clihdr[000a:ffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 00000009:iis-servers.clihdr[000a:ffff]: Referer: https://a-website.com/eventmanagement/eventmanagement.aspx 00000009:iis-servers.clihdr[000a:ffff]: Accept-Encoding: gzip,deflate,sdch 00000009:iis-servers.clihdr[000a:ffff]: Accept-Language: en-GB,en;q=0.8,it;q=0.6 00000009:iis-servers.clihdr[000a:ffff]: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 00000009:iis-servers.clihdr[000a:ffff]: Cookie: ASP.NET_SessionId=fnoz2hmvirfivb2btbubbw45; apps=apps2; AuthHint=true; __utma=190546871.552451749.1340295610.1352454675.1352711624.159; __utmb=190546871.2.10.1352711624; __utmc=190546871; __utmz=190546871.1349966519.143.3.utmcsr=en.wikipedia.org|utmccn=(referral)|utmcmd=referral|utmcct=/wiki/Single_transferable_vote; Sequence=162; SessionId=80e603f9-7e73-474b-8b7c-e198b2f11218; SecureSessionId=00000000-0000-0000-0000-000000000000; __utma=58336506.1016936529.1332752550.1352454680.1352711626.456; __utmb=58336506.28.10.1352711626; __utmc=58336506; __utmz=58336506.1352711626.456.155.utmcsr=a-website.com|utmccn=(referral)|utmcmd=referral|utmcct=/ 00000009:iis-servers.clihdr[000a:ffff]: X-SSL-cipher: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 00000009:iis-servers.clihdr[000a:ffff]: X-Forwarded-For: 1.2.3.4 00000008:iis-servers.srvcls[0008:0009] 00000008:iis-servers.clicls[0008:0009] 00000008:iis-servers.closed[0008:0009] ....... 0000000e:iis-servers.srvrep[0008:0009]: HTTP/1.1 200 OK 0000000e:iis-servers.srvhdr[0008:0009]: Cache-Control: no-cache 0000000e:iis-servers.srvhdr[0008:0009]: Pragma: no-cache 0000000e:iis-servers.srvhdr[0008:0009]: Content-Length: 12805 0000000e:iis-servers.srvhdr[0008:0009]: Content-Type: text/html; charset=utf-8 0000000e:iis-servers.srvhdr[0008:0009]: Server: Microsoft-IIS/7.0 0000000e:iis-servers.srvhdr[0008:0009]: X-AspNet-Version: 2.0.50727 0000000e:iis-servers.srvhdr[0008:0009]: X-Powered-By: ASP.NET 0000000e:iis-servers.srvhdr[0008:0009]: Date: Mon, 12 Nov 2012 10:02:22 GMT 0000000f:iis-servers.accept(0004)=000c from [127.0.0.1:53609] 0000000f:iis-servers.clireq[000c:ffff]: GET /Controls/ReferringOrganisationLogoImageHandler.ashx HTTP/1.1 0000000f:iis-servers.clihdr[000c:ffff]: Host: a-website.com 0000000f:iis-servers.clihdr[000c:ffff]: Connection: keep-alive 0000000f:iis-servers.clihdr[000c:ffff]: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.96 Safari/537.4 0000000f:iis-servers.clihdr[000c:ffff]: Accept: */* 0000000f:iis-servers.clihdr[000c:ffff]: Referer: https://a-website.com/eventmanagement/EditEvent.aspx?eventOid=623fc423-2329-4cab-8be5-72a97709570d 0000000f:iis-servers.clihdr[000c:ffff]: Accept-Encoding: gzip,deflate,sdch 0000000f:iis-servers.clihdr[000c:ffff]: Accept-Language: en-GB,en;q=0.8,it;q=0.6 0000000f:iis-servers.clihdr[000c:ffff]: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 0000000f:iis-servers.clihdr[000c:ffff]: Cookie: ASP.NET_SessionId=fnoz2hmvirfivb2btbubbw45; apps=apps2; __utma=190546871.552451749.1340295610.1352454675.1352711624.159; __utmb=190546871.2.10.1352711624; __utmc=190546871; __utmz=190546871.1349966519.143.3.utmcsr=en.wikipedia.org|utmccn=(referral)|utmcmd=referral|utmcct=/wiki/Single_transferable_vote; AuthHint=true; __utma=58336506.1016936529.1332752550.1352454680.1352711626.456; __utmb=58336506.33.10.1352711626; __utmc=58336506; __utmz=58336506.1352711626.456.155.utmcsr=a-website.com|utmccn=(referral)|utmcmd=referral|utmcct=/; SessionId=69cd415c-2f4e-4ace-b8f7-926d054f87c2; SecureSessionId=00000000-0000-0000-0000-000000000000; Sequence=170 0000000f:iis-servers.clihdr[000c:ffff]: X-SSL-cipher: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 0000000f:iis-servers.clihdr[000c:ffff]: X-Forwarded-For: 1.2.3.4 0000000f:iis-servers.srvrep[000c:000d]: HTTP/1.1 200 OK 0000000f:iis-servers.srvhdr[000c:000d]: Cache-Control: private 0000000f:iis-servers.srvhdr[000c:000d]: Content-Length: 142 0000000f:iis-servers.srvhdr[000c:000d]: Content-Type: image/png 0000000f:iis-servers.srvhdr[000c:000d]: Server: Microsoft-IIS/7.0 0000000f:iis-servers.srvhdr[000c:000d]: X-AspNet-Version: 2.0.50727 0000000f:iis-servers.srvhdr[000c:000d]: Set-Cookie: SessionId=69cd415c-2f4e-4ace-b8f7-926d054f87c2; path=/ 0000000f:iis-servers.srvhdr[000c:000d]: Set-Cookie: SecureSessionId=00000000-0000-0000-0000-000000000000; path=/; secure 0000000f:iis-servers.srvhdr[000c:000d]: X-Powered-By: ASP.NET 0000000f:iis-servers.srvhdr[000c:000d]: Date: Mon, 12 Nov 2012 10:02:25 GMT 0000000e:iis-servers.srvcls[0008:0009] 0000000e:iis-servers.clicls[0008:0009] 0000000e:iis-servers.closed[0008:0009] 0000000f:iis-servers.srvcls[000c:000d] 0000000f:iis-servers.clicls[000c:000d] 0000000f:iis-servers.closed[000c:000d] 00000009:iis-servers.srvcls[000a:000b] 00000009:iis-servers.clicls[000a:000b] 00000009:iis-servers.closed[000a:000b] Where in the chain is the issue here?

    Read the article

  • SSL in tomcat with apr and Centos 6

    - by Jonathan
    I'm facing a problem setting up my tomcat with apr native lib, I have the following: Tomcat: 7.0.42 Java: 1.7.0_40-b43 OS: Centos 6.4 (2.6.32-358.18.1.el6.i686) APR: 1.3.9 Native lib: 1.1.27 OpenSSL: openssl-1.0.0-27.el6_4.2.i686 My server.xml looks like: ... <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> ... <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLCertificateFile="/tmp/monitoringPortalCert.pem" SSLCertificateKeyFile="/tmp/monitoringPortalKey.pem" SSLPassword="hide" /> ... I compiled the native lib as follow: ./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes --prefix=$CATALINA_HOME make && make install The APR is loaded ok: Oct 06, 2013 7:55:14 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR version 1.3.9. But I'm still having this error: SEVERE: Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform ./configure outcome [root@localhost native]# ./configure --with-apr=/usr/bin/apr-1-config --with-ssl=yes -- prefix=$CATALINA_HOME && make && make install checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.27 checking for chosen layout... tcnative checking for APR... yes setting CC to "gcc" setting CPP to "gcc -E" checking for JDK location (please wait)... /usr/java/jdk1.7.0_40 from environment checking Java platform... checking Java platform... checking for sablevm... NONE adding "-I/usr/java/jdk1.7.0_40/include" to TCNATIVE_PRIV_INCLUDES checking os_type directory... linux adding "-I/usr/java/jdk1.7.0_40/include/linux" to TCNATIVE_PRIV_INCLUDES checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for OpenSSL library... using openssl from /usr/lib and /usr/include checking OpenSSL library version... ok checking for OpenSSL DSA support... yes setting TCNATIVE_LDFLAGS to "-lssl -lcrypto" adding "-DHAVE_OPENSSL" to CFLAGS setting TCNATIVE_LIBS to "" setting TCNATIVE_LIBS to " /usr/lib/libapr-1.la -lpthread" configure: creating ./config.status config.status: creating tcnative.pc config.status: creating Makefile config.status: executing default commands make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' /usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache- tomcat-7.0.42/lib/pkgconfig \ /usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin /usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative- 1.pc list=''; for i in $list; do \ ( cd $i ; make DESTDIR= install ); \ done /bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755 libtcnative-1.la /usr/apache-tomcat-7.0.42/lib libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache- tomcat-7.0.42/lib/libtcnative-1.so.0.1.27 libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative- 1.so.0.1.27 libtcnative-1.so.0; }; }) libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27 libtcnative-1.so; }; }) libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.la libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.a libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib' make && make install outcome: make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Entering directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/usr/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27- src/jni/native' /usr/lib/apr-1/build/mkdir.sh /usr/apache-tomcat-7.0.42/include/apr-1 /usr/apache- tomcat-7.0.42/lib/pkgconfig \ /usr/apache-tomcat-7.0.42/lib /usr/apache-tomcat-7.0.42/bin /usr/bin/install -c -m 644 tcnative.pc /usr/apache-tomcat-7.0.42/lib/pkgconfig/tcnative- 1.pc list=''; for i in $list; do \ ( cd $i ; make DESTDIR= install ); \ done /bin/sh /usr/lib/apr-1/build/libtool --mode=install /usr/bin/install -c -m 755 libtcnative-1.la /usr/apache-tomcat-7.0.42/lib libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.so.0.1.27 /usr/apache- tomcat-7.0.42/lib/libtcnative-1.so.0.1.27 libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so.0 || { rm -f libtcnative-1.so.0 && ln -s libtcnative- 1.so.0.1.27 libtcnative-1.so.0; }; }) libtool: install: (cd /usr/apache-tomcat-7.0.42/lib && { ln -s -f libtcnative- 1.so.0.1.27 libtcnative-1.so || { rm -f libtcnative-1.so && ln -s libtcnative-1.so.0.1.27 libtcnative-1.so; }; }) libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.lai /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.la libtool: install: /usr/bin/install -c -m 755 .libs/libtcnative-1.a /usr/apache-tomcat- 7.0.42/lib/libtcnative-1.a libtool: install: chmod 644 /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: ranlib /usr/apache-tomcat-7.0.42/lib/libtcnative-1.a libtool: install: warning: remember to run `libtool --finish /usr/local/apr/lib' It seems everything is fine, but the error is not self-explanatory Could you guys help to understand where my error is? What am I missing? Thanks in advance for your support.

    Read the article

  • Network Logon Issues with Group Policy and Network

    - by bobloki
    I am gravely in need of your help and assistance. We have a problem with our logon and startup to our Windows 7 Enterprise system. We have more than 3000 Windows Desktops situated in roughly 20+ buildings around campus. Almost every computer on campus has the problem that I will be describing. I have spent over one month peering over etl files from Windows Performance Analyzer (A great product) and hundreds of thousands of event logs. I come to you today humbled that I could not figure this out. The problem as simply put our logon times are extremely long. An average first time logon is roughly 2-10 minutes depending on the software installed. All computers are Windows 7, the oldest computers being 5 years old. Startup times on various computers range from good (1-2 minutes) to very bad (5-60). Our second time logons range from 30 seconds to 4 minutes. We have a gigabit connection between each computer on the network. We have 5 domain controllers which also double as our DNS servers. Initial testing led us to believe that this was a software problem. So I spent a few days testing machines only to find inconsistent results from the etl files from xperfview. Each subset of computers on campus had a different subset of software issues, none seeming to interfere with logon just startup. So I started looking at our group policy and located some very interesting event ID’s. Group Policy 1129: The processing of Group Policy failed because of lack of network connectivity to a domain controller. Group Policy 1055: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). NETLOGON 5719 : This computer was not able to set up a secure session with a domain controller in domain OURDOMAIN due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. E1kexpress 27: Intel®82567LM-3 Gigabit Network Connection – Network link is disconnected. NetBT 4300 – The driver could not be created. WMI 10 - Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. More or less with timestamps it becomes apparent that the network maybe the issue. 1:25:57 - Group Policy is trying to discover the domain controller information 1:25:57 - The network link has been disconnected 1:25:58 - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. 1:25:58 - Making LDAP calls to connect and bind to active directory. DC1.ourdomain.edu 1:25:58 - Call failed after 0 milliseconds. 1:25:58 - Forcing rediscovery of domain controller details. 1:25:58 - Group policy failed to discover the domain controller in 1030 milliseconds 1:25:58 - Periodic policy processing failed for computer OURDOMAIN\%name%$ in 1 seconds. 1:25:59 - A network link has been established at 1Gbps at full duplex 1:26:00 - The network link has been disconnected 1:26:02 - NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and DOUBLE THE REATTEMPT INTERVAL thereafter. 1:26:05 - A network link has been established at 1Gbps at full duplex 1:26:08 - Name resolution for the name %Name% timed out after none of the configured DNS servers responded. 1:26:10 – The TCP/IP NetBIOS Helper service entered the running state. 1:26:11 - The time provider NtpClient is currently receiving valid time data at dc4.ourdomain.edu 1:26:14 – User Logon Notification for Customer Experience Improvement Program 1:26:15 - Group Policy received the notification Logon from Winlogon for session 1. 1:26:15 - Making LDAP calls to connect and bind to Active Directory. dc4.ourdomain.edu 1:26:18 - The LDAP call to connect and bind to Active Directory completed. dc4. ourdomain.edu. The call completed in 2309 milliseconds. 1:26:18 - Group Policy successfully discovered the Domain Controller in 2918 milliseconds. 1:26:18 - Computer details: Computer role : 2 Network name : (Blank) 1:26:18 - The LDAP call to connect and bind to Active Directory completed. dc4.ourdomain.edu. The call completed in 2309 milliseconds. 1:26:18 - Group Policy successfully discovered the Domain Controller in 2918 milliseconds. 1:26:19 - The WinHTTP Web Proxy Auto-Discovery Service service entered the running state. 1:26:46 - The Network Connections service entered the running state. 1:27:10 – Retrieved account information 1:27:10 – The system call to get account information completed. 1:27:10 - Starting policy processing due to network state change for computer OURDOMAIN\%name%$ 1:27:10 – Network state change detected 1:27:10 - Making system call to get account information. 1:27:11 - Making LDAP calls to connect and bind to Active Directory. dc4.ourdomain.edu 1:27:13 - Computer details: Computer role : 2 Network name : ourdomain.edu (Now not blank) 1:27:13 - Group Policy successfully discovered the Domain Controller in 2886 milliseconds. 1:27:13 - The LDAP call to connect and bind to Active Directory completed. dc4.ourdomain.edu The call completed in 2371 milliseconds. 1:27:15 - Estimated network bandwidth on one of the connections: 0 kbps. 1:27:15 - Estimated network bandwidth on one of the connections: 8545 kbps. 1:27:15 - A fast link was detected. The Estimated bandwidth is 8545 kbps. The slow link threshold is 500 kbps. 1:27:17 – Powershell - Engine state is changed from Available to Stopped. 1:27:20 - Completed Group Policy Local Users and Groups Extension Processing in 4539 milliseconds. 1:27:25 - Completed Group Policy Scheduled Tasks Extension Processing in 5210 milliseconds. 1:27:27 - Completed Group Policy Registry Extension Processing in 1529 milliseconds. 1:27:27 - Completed policy processing due to network state change for computer OURDOMAIN\%name%$ in 16 seconds. 1:27:27 – The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. Any help would be appreciated. Please ask for any relevant information and it will be provided as soon as possible.

    Read the article

  • Why does Mac OS X Software Update not work when machine uses Active Directory?

    - by Lyndsey Ferguson
    My company's IT department is mostly a Windows run operation and in order to become more secure, they are altering the way that the Macintosh computers login to our internal network so that they use Active Directory like their Windows counterparts. I have been given Administrative permission on my Mac and I am able to do most of what I used to be able to do in terms of authentication of software installations. However, there is a problem: the "Software Update" feature doesn't work. What happens is that when I try to get the Mac to perform its Software Updates from the Apple menu, the normal window appears listing what has to be updated; I am able to select what to update and click the "Update" button, but then nothing happens. It doesn't ask for authentication like it used to, the computer doesn't perform any download or installation (it does sometimes ask me to agree to license agreements for iTunes). I can download the updates individually and install them without any issues, but the auto-update fails. I'd rather use the Software Update menu item like I used to: it is much more convenient. Any suggestions on how I can fix this? EDIT Nov 19th, 2009, 10:09 EST: I have posted this question to the Apple Mac OS X Snow Leopard support forum. EDIT Nov 19th, 2009, 12:39 EST:Yes, the Terminal command "sudo softwareupdate --install --all" does work flawlessly. I want to avoid that as my co-workers are generally not comfortable on the Mac. I also tried Chealion's suggestion to delete "~/Library/Preferences/com.apple.SoftwareUpdate.plist" and "/Library/Preferences/com.apple.SoftwareUpdate.plist", Software Update still fails. However, I did get diagnostic messages in the Console (below). I've deleted the MS Office Package Receipts and examined the suhelperd (Software Update Helper Daemon?); it appears that suhelperd is crashing and that explains why it doesn't work. I've submitted a bug report to Apple (radar://7408619). Here are the Console diagnostic messages: 11/19/09 12:36:44 PM com.apple.suhelperd[66829] terminate called after throwing an instance of 'NSException' 11/19/09 12:36:47 PM com.apple.launchd[1] (com.apple.suhelperd[66829]) Job appears to have crashed: Abort trap 11/19/09 12:36:48 PM com.apple.ReportCrash.Root[66830] 2009-11-19 12:36:48.275 ReportCrash[66830:2703] Saved crash report for suhelperd[66829] version ??? (???) to /Library/Logs/DiagnosticReports/suhelperd_2009-11-19-123648_localhost.crash 11/19/09 12:36:54 PM com.apple.launchd[1] (com.apple.suhelperd) Throttling respawn: Will start in 1 seconds 11/19/09 12:36:55 PM com.apple.suhelperd[66836] terminate called after throwing an instance of 'NSException' 11/19/09 12:36:55 PM com.apple.launchd[1] (com.apple.suhelperd[66836]) Job appears to have crashed: Abort trap 11/19/09 12:36:56 PM com.apple.ReportCrash.Root[66830] 2009-11-19 12:36:56.017 ReportCrash[66830:2f03] Saved crash report for suhelperd[66836] version ??? (???) to /Library/Logs/DiagnosticReports/suhelperd_2009-11-19-123655_localhost.crash 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_automator.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_automator_workflow.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_autoupdate.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_clipart.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_core.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_dock.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_entourage.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_entourage_help_std.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_equationeditor.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_errorreporting.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_excel.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_excel_help_std.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_fonts.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_graph.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_helpviewer.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_launch.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_ooxml.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_orgchart.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_powerpoint.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_powerpoint_help_std.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_brazilian.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_danish.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_dutch.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_english.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_finnish.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_french.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_german.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_italian.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_japanese.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_norwegian.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_portuguese.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_spanish.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_proofing_swedish.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_required.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_silverlight.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_sounds.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_word.pkg 11/19/09 12:36:58 PM Software Update[66826] PackageKit: *** Missing bundle identifier: /Library/Receipts/Office2008_en_word_help_std.pkg 11/19/09 12:37:26 PM com.apple.suhelperd[66839] terminate called after throwing an instance of 'NSException' 11/19/09 12:37:26 PM com.apple.launchd[1] (com.apple.suhelperd[66839]) Job appears to have crashed: Abort trap 11/19/09 12:37:26 PM com.apple.ReportCrash.Root[66830] 2009-11-19 12:37:26.929 ReportCrash[66830:2b07] Saved crash report for suhelperd[66839] version ??? (???) to /Library/Logs/DiagnosticReports/suhelperd_2009-11-19-123726_localhost.crash And here is the suhelperd crash report: Process: suhelperd [66839] Path: /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Versions/A/Resources/suhelperd Identifier: suhelperd Version: ??? (???) Code Type: X86-64 (Native) Parent Process: launchd [1] Date/Time: 2009-11-19 12:37:26.473 -0500 OS Version: Mac OS X 10.6.2 (10C540) Report Version: 6 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Application Specific Information: abort() called *** Terminating app due to uncaught exception 'NSRangeException', reason: '*** -[NSCFArray objectAtIndex:]: index (0) beyond bounds (0)' *** Call stack at first throw: ( 0 CoreFoundation 0x00007fff859a9444 __exceptionPreprocess + 180 1 libobjc.A.dylib 0x00007fff8787e0f3 objc_exception_throw + 45 2 CoreFoundation 0x00007fff859a9267 +[NSException raise:format:arguments:] + 103 3 CoreFoundation 0x00007fff859a91f4 +[NSException raise:format:] + 148 4 Foundation 0x00007fff855da080 _NSArrayRaiseBoundException + 122 5 Foundation 0x00007fff8553cb81 -[NSCFArray objectAtIndex:] + 75 6 Admin 0x00007fff8107920e +[User(UserPrivate) _userWithInfo:attributes:] + 71 7 Admin 0x00007fff81080d6b +[User findUserByID:searchParent:] + 404 8 suhelperd 0x0000000100001274 0x0 + 4294972020 9 suhelperd 0x0000000100002240 0x0 + 4294976064 10 suhelperd 0x00000001000053b1 0x0 + 4294988721 11 suhelperd 0x00000001000044b3 0x0 + 4294984883 12 suhelperd 0x0000000100004154 0x0 + 4294984020 13 libSystem.B.dylib 0x00007fff83eb60d8 mach_msg_server + 357 14 suhelperd 0x00000001000036eb 0x0 + 4294981355 15 suhelperd 0x0000000100002a1f 0x0 + 4294978079 16 suhelperd 0x0000000100001080 0x0 + 4294971520 ) Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 libSystem.B.dylib 0x00007fff83e86fe6 __kill + 10 1 libSystem.B.dylib 0x00007fff83f27e32 abort + 83 2 libstdc++.6.dylib 0x00007fff873cf5d2 __tcf_0 + 0 3 libobjc.A.dylib 0x00007fff87881d29 _objc_terminate + 100 4 libstdc++.6.dylib 0x00007fff873cdae1 __cxxabiv1::__terminate(void (*)()) + 11 5 libstdc++.6.dylib 0x00007fff873cdb16 __cxxabiv1::__unexpected(void (*)()) + 0 6 libstdc++.6.dylib 0x00007fff873cdbfc __gxx_exception_cleanup(_Unwind_Reason_Code, _Unwind_Exception*) + 0 7 libobjc.A.dylib 0x00007fff8787e192 object_getIvar + 0 8 com.apple.CoreFoundation 0x00007fff859a9267 +[NSException raise:format:arguments:] + 103 9 com.apple.CoreFoundation 0x00007fff859a91f4 +[NSException raise:format:] + 148 10 com.apple.Foundation 0x00007fff855da080 _NSArrayRaiseBoundException + 122 11 com.apple.Foundation 0x00007fff8553cb81 -[NSCFArray objectAtIndex:] + 75 12 com.apple.framework.Admin 0x00007fff8107920e +[User(UserPrivate) _userWithInfo:attributes:] + 71 13 com.apple.framework.Admin 0x00007fff81080d6b +[User findUserByID:searchParent:] + 404 14 suhelperd 0x0000000100001274 0x100000000 + 4724 15 suhelperd 0x0000000100002240 0x100000000 + 8768 16 suhelperd 0x00000001000053b1 0x100000000 + 21425 17 suhelperd 0x00000001000044b3 0x100000000 + 17587 18 suhelperd 0x0000000100004154 0x100000000 + 16724 19 libSystem.B.dylib 0x00007fff83eb60d8 mach_msg_server + 357 20 suhelperd 0x00000001000036eb 0x100000000 + 14059 21 suhelperd 0x0000000100002a1f 0x100000000 + 10783 22 suhelperd 0x0000000100001080 0x100000000 + 4224 Thread 1: Dispatch queue: com.apple.libdispatch-manager 0 libSystem.B.dylib 0x00007fff83e51bba kevent + 10 1 libSystem.B.dylib 0x00007fff83e53a85 _dispatch_mgr_invoke + 154 2 libSystem.B.dylib 0x00007fff83e5375c _dispatch_queue_invoke + 185 3 libSystem.B.dylib 0x00007fff83e53286 _dispatch_worker_thread2 + 244 4 libSystem.B.dylib 0x00007fff83e52bb8 _pthread_wqthread + 353 5 libSystem.B.dylib 0x00007fff83e52a55 start_wqthread + 13 Thread 2: 0 libSystem.B.dylib 0x00007fff83e529da __workq_kernreturn + 10 1 libSystem.B.dylib 0x00007fff83e52dec _pthread_wqthread + 917 2 libSystem.B.dylib 0x00007fff83e52a55 start_wqthread + 13 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x00007fff707d7298 rcx: 0x00007fff5fbff868 rdx: 0x0000000000000000 rdi: 0x0000000000010517 rsi: 0x0000000000000006 rbp: 0x00007fff5fbff880 rsp: 0x00007fff5fbff868 r8: 0x00007fff707da9e0 r9: 0x0000000000000063 r10: 0x00007fff83e83026 r11: 0x0000000000000202 r12: 0x00007fff85a2dca1 r13: 0x0000000000000000 r14: 0x00007fff70bea228 r15: 0x00007fff5fbffb10 rip: 0x00007fff83e86fe6 rfl: 0x0000000000000202 cr2: 0x00007fff70e3afd0

    Read the article

  • Cisco 800 series won't forward port

    - by sam
    Hello ServerFault, I am trying to forward port 444 from my cisco router to my Web Server (192.168.0.2). As far as I can tell, my port forwarding is configured correctly, yet no traffic will pass through on port 444. Here is my config: ! version 12.3 service config no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug uptime service timestamps log uptime service password-encryption no service dhcp ! hostname QUESTMOUNT ! logging buffered 16386 informational logging rate-limit 100 except warnings no logging console no logging monitor enable secret 5 -removed- ! username administrator secret 5 -removed- username manager secret 5 -removed- clock timezone NZST 12 clock summer-time NZDT recurring 1 Sun Oct 2:00 3 Sun Mar 3:00 aaa new-model ! ! aaa authentication login default local aaa authentication login userlist local aaa authentication ppp default local aaa authorization network grouplist local aaa session-id common ip subnet-zero no ip source-route no ip domain lookup ip domain name quest.local ! ! no ip bootp server ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall cuseeme ip inspect name firewall h323 ip inspect name firewall rcmd ip inspect name firewall realaudio ip inspect name firewall streamworks ip inspect name firewall vdolive ip inspect name firewall sqlnet ip inspect name firewall tftp ip inspect name firewall ftp ip inspect name firewall icmp ip inspect name firewall sip ip inspect name firewall fragment maximum 256 timeout 1 ip inspect name firewall netshow ip inspect name firewall rtsp ip inspect name firewall skinny ip inspect name firewall http ip audit notify log ip audit po max-events 100 ip audit name intrusion info list 3 action alarm ip audit name intrusion attack list 3 action alarm drop reset no ftp-server write-enable ! ! ! ! crypto isakmp policy 1 authentication pre-share ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group staff key 0 qS;,sc:q<skro1^, domain quest.local pool vpnclients acl 106 ! ! crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac ! crypto dynamic-map vpnusers 1 description Client to Site VPN Users set transform-set tr-des-md5 ! ! crypto map cm-cryptomap client authentication list userlist crypto map cm-cryptomap isakmp authorization list grouplist crypto map cm-cryptomap client configuration address respond crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers ! ! ! ! interface Ethernet0 ip address 192.168.0.254 255.255.255.0 ip access-group 102 in ip nat inside hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 0/100 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer0 bandwidth 640 ip address negotiated ip access-group 101 in no ip redirects no ip unreachables ip nat outside ip inspect firewall out ip audit intrusion in encapsulation ppp no ip route-cache no ip mroute-cache dialer pool 1 dialer-group 1 no cdp enable ppp pap sent-username -removed- password 7 -removed- ppp ipcp dns request crypto map cm-cryptomap ! ip local pool vpnclients 192.168.99.1 192.168.99.254 ip nat inside source list 105 interface Dialer0 overload ip nat inside source static tcp 192.168.0.2 444 interface Dialer0 444 ip nat inside source static tcp 192.168.0.51 9000 interface Dialer0 9000 ip nat inside source static udp 192.168.0.2 1433 interface Dialer0 1433 ip nat inside source static tcp 192.168.0.2 1433 interface Dialer0 1433 ip nat inside source static tcp 192.168.0.2 25 interface Dialer0 25 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server no ip http secure-server ! ip access-list logging interval 10 logging 192.168.0.2 access-list 1 remark The local LAN. access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.0.0 access-list 2 remark Where management can be done from. access-list 2 permit 192.168.0.0 0.0.0.255 access-list 3 remark Traffic not to check for intrustion detection. access-list 3 deny 192.168.99.0 0.0.0.255 access-list 3 permit any access-list 101 remark Traffic allowed to enter the router from the Internet access-list 101 permit ip 192.168.99.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 deny ip 0.0.0.0 0.255.255.255 any access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip 169.254.0.0 0.0.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.0.2.0 0.0.0.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 198.18.0.0 0.1.255.255 any access-list 101 deny ip 224.0.0.0 0.15.255.255 any access-list 101 deny ip any host 255.255.255.255 access-list 101 permit tcp 67.228.209.128 0.0.0.15 any eq 1433 access-list 101 permit tcp host 120.136.2.22 any eq 1433 access-list 101 permit tcp host 123.100.90.58 any eq 1433 access-list 101 permit udp 67.228.209.128 0.0.0.15 any eq 1433 access-list 101 permit udp host 120.136.2.22 any eq 1433 access-list 101 permit udp host 123.100.90.58 any eq 1433 access-list 101 permit tcp any any eq 444 access-list 101 permit tcp any any eq 9000 access-list 101 permit tcp any any eq smtp access-list 101 permit udp any any eq non500-isakmp access-list 101 permit udp any any eq isakmp access-list 101 permit esp any any access-list 101 permit tcp any any eq 1723 access-list 101 permit gre any any access-list 101 permit tcp any any eq 22 access-list 101 permit tcp any any eq telnet access-list 102 remark Traffic allowed to enter the router from the Ethernet access-list 102 permit ip any host 192.168.0.254 access-list 102 deny ip any host 192.168.0.255 access-list 102 deny udp any any eq tftp log access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255 access-list 102 deny ip any 0.0.0.0 0.255.255.255 log access-list 102 deny ip any 10.0.0.0 0.255.255.255 log access-list 102 deny ip any 127.0.0.0 0.255.255.255 log access-list 102 deny ip any 169.254.0.0 0.0.255.255 log access-list 102 deny ip any 172.16.0.0 0.15.255.255 log access-list 102 deny ip any 192.0.2.0 0.0.0.255 log access-list 102 deny ip any 192.168.0.0 0.0.255.255 log access-list 102 deny ip any 198.18.0.0 0.1.255.255 log access-list 102 deny udp any any eq 135 log access-list 102 deny tcp any any eq 135 log access-list 102 deny udp any any eq netbios-ns log access-list 102 deny udp any any eq netbios-dgm log access-list 102 deny tcp any any eq 445 log access-list 102 permit ip 192.168.0.0 0.0.0.255 any access-list 102 permit ip any host 255.255.255.255 access-list 102 deny ip any any log access-list 105 remark Traffic to NAT access-list 105 deny ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255 access-list 105 permit ip 192.168.0.0 0.0.0.255 any access-list 106 remark User to Site VPN Clients access-list 106 permit ip 192.168.0.0 0.0.0.255 any dialer-list 1 protocol ip permit ! line con 0 no modem enable line aux 0 line vty 0 4 access-class 2 in transport input telnet ssh transport output none ! scheduler max-task-time 5000 ! end any ideas? :)

    Read the article

  • Cisco 881 losing NAT NVI translation config after reload

    - by MasterRoot24
    This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not enabled after a reload of the router, regardless of the fact that they are present in the startup-config. In order to clarify this a little, here's the relevant section of my current running-config: Router1#show running-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.x 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.x 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.x 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.x 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.x 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.x 993 interface FastEthernet4 993 ...and here's the mappings 'in action': Router1#show ip nat nvi translations | include --- tcp <WAN IP>:25 192.168.1.x:25 --- --- tcp <WAN IP>:80 192.168.1.x:80 --- --- tcp <WAN IP>:143 192.168.1.x:143 --- --- tcp <WAN IP>:443 192.168.1.x:443 --- --- tcp <WAN IP>:587 192.168.1.x:587 --- --- tcp <WAN IP>:993 192.168.1.x:993 --- --- tcp <WAN IP>:1723 192.168.1.x:1723 --- --- ...and here's proof that the mappings are saved to startup-config: Router1#show startup-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.x 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.x 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.x 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.x 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.x 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.x 993 interface FastEthernet4 993 However, look what happens after a reload of the router: Router1#reload Proceed with reload? [confirm]Connection to router closed by remote host. Connection to router closed. $ ssh joe@router Password: Authorized Access only Router1>en Password: Router1#show ip nat nvi translations | include --- Router1# Router1#show ip nat translations | include --- tcp 188.222.181.173:25 192.168.1.2:25 --- --- tcp 188.222.181.173:80 192.168.1.2:80 --- --- tcp 188.222.181.173:143 192.168.1.2:143 --- --- tcp 188.222.181.173:443 192.168.1.2:443 --- --- tcp 188.222.181.173:587 192.168.1.2:587 --- --- tcp 188.222.181.173:993 192.168.1.2:993 --- --- tcp 188.222.181.173:1723 192.168.1.2:1723 --- --- Router1# Here's proof that the running config should have the mappings setup as NVI: Router1#show running-config | include nat source ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.2 1723 interface FastEthernet4 1723 ip nat source static tcp 192.168.1.2 80 interface FastEthernet4 80 ip nat source static tcp 192.168.1.2 443 interface FastEthernet4 443 ip nat source static tcp 192.168.1.2 25 interface FastEthernet4 25 ip nat source static tcp 192.168.1.2 587 interface FastEthernet4 587 ip nat source static tcp 192.168.1.2 143 interface FastEthernet4 143 ip nat source static tcp 192.168.1.2 993 interface FastEthernet4 993 At this point, the mappings are not working (inbound connections from WAN on the HTTP/IMAP fail). I presume that this is because my interfaces are using ip nat enable for use with NVI mappings, instead of ip nat inside/outside. So, I re-apply the mappings: Router1#configure ter Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip nat source static tcp 192.168.1.2 1723 interface FastEthernet4 1723 Router1(config)#ip nat source static tcp 192.168.1.2 80 interface FastEthernet4 80 Router1(config)#ip nat source static tcp 192.168.1.2 443 interface FastEthernet4 443 Router1(config)#ip nat source static tcp 192.168.1.2 25 interface FastEthernet4 25 Router1(config)#ip nat source static tcp 192.168.1.2 587 interface FastEthernet4 587 Router1(config)#ip nat source static tcp 192.168.1.2 143 interface FastEthernet4 143 Router1(config)#ip nat source static tcp 192.168.1.2 993 interface FastEthernet4 993 Router1(config)#end ... then they show up correctly: Router1#show ip nat nvi translations | include --- tcp 188.222.181.173:25 192.168.1.2:25 --- --- tcp 188.222.181.173:80 192.168.1.2:80 --- --- tcp 188.222.181.173:143 192.168.1.2:143 --- --- tcp 188.222.181.173:443 192.168.1.2:443 --- --- tcp 188.222.181.173:587 192.168.1.2:587 --- --- tcp 188.222.181.173:993 192.168.1.2:993 --- --- tcp 188.222.181.173:1723 192.168.1.2:1723 --- --- Router1# Router1#show ip nat translations | include --- Router1# ... furthermore, now from both WAN and LAN, the services mapped above now work until the next reload. All of the above is required every time I have to reload the router (which is all too often at the moment :-( ). Here's my full current config: ! ! Last configuration change at 20:20:15 UTC Tue Dec 11 2012 by xxx version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname xxx ! boot-start-marker boot-end-marker ! ! enable secret 4 xxxx ! aaa new-model ! ! aaa authentication login local_auth local ! ! ! ! ! aaa session-id common ! memory-size iomem 10 ! crypto pki trustpoint TP-self-signed-xxx enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-xxx revocation-check none rsakeypair TP-self-signed-xxx ! ! crypto pki certificate chain TP-self-signed-xxx certificate self-signed 01 xxx quit ip gratuitous-arps ip auth-proxy max-login-attempts 5 ip admission max-login-attempts 5 ! ! ! ! ! ip domain list dmz.xxx.local ip domain list xxx.local ip domain name dmz.xxx.local ip name-server 192.168.1.x ip cef login block-for 3 attempts 3 within 3 no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO881-SEC-K9 sn xxx ! ! username admin privilege 15 secret 4 xxx username joe secret 4 xxx ! ! ! ! ! ip ssh time-out 60 ! ! ! ! ! ! ! ! ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 switchport access vlan 2 no ip address ! interface FastEthernet4 ip address dhcp ip access-group 101 in ip nat enable duplex auto speed auto ! interface Vlan1 ip address 192.168.1.x 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat enable ! interface Vlan2 ip address 192.168.0.x 255.255.255.0 ! ip forward-protocol nd ip http server ip http access-class 1 ip http authentication local ip http secure-server ! ! ip nat source list 1 interface FastEthernet4 overload ip nat source list 2 interface FastEthernet4 overload ip nat source static tcp 192.168.1.x 1723 interface FastEthernet4 1723 ! ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 101 permit udp 193.x.x.0 0.0.0.255 any eq 5060 access-list 101 deny udp any any eq 5060 access-list 101 permit ip any any ! ! ! ! control-plane ! ! banner motd Authorized Access only ! line con 0 exec-timeout 15 0 login authentication local_auth line aux 0 exec-timeout 15 0 login authentication local_auth line vty 0 4 access-class 2 in login authentication local_auth length 0 transport input all ! ! end I'd appreciate it greatly if anyone can help me find out why these mappings are not setup correctly using the saved config after a reload.

    Read the article

  • Network Logon Issues with Group Policy and Network

    - by bobloki
    I am gravely in need of your help and assistance. We have a problem with our logon and startup to our Windows 7 Enterprise system. We have more than 3000 Windows Desktops situated in roughly 20+ buildings around campus. Almost every computer on campus has the problem that I will be describing. I have spent over one month peering over etl files from Windows Performance Analyzer (A great product) and hundreds of thousands of event logs. I come to you today humbled that I could not figure this out. The problem as simply put our logon times are extremely long. An average first time logon is roughly 2-10 minutes depending on the software installed. All computers are Windows 7, the oldest computers being 5 years old. Startup times on various computers range from good (1-2 minutes) to very bad (5-60). Our second time logons range from 30 seconds to 4 minutes. We have a gigabit connection between each computer on the network. We have 5 domain controllers which also double as our DNS servers. Initial testing led us to believe that this was a software problem. So I spent a few days testing machines only to find inconsistent results from the etl files from xperfview. Each subset of computers on campus had a different subset of software issues, none seeming to interfere with logon just startup. So I started looking at our group policy and located some very interesting event ID’s. Group Policy 1129: The processing of Group Policy failed because of lack of network connectivity to a domain controller. Group Policy 1055: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). NETLOGON 5719 : This computer was not able to set up a secure session with a domain controller in domain OURDOMAIN due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. E1kexpress 27: Intel®82567LM-3 Gigabit Network Connection – Network link is disconnected. NetBT 4300 – The driver could not be created. WMI 10 - Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. More or less with timestamps it becomes apparent that the network maybe the issue. 1:25:57 - Group Policy is trying to discover the domain controller information 1:25:57 - The network link has been disconnected 1:25:58 - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. 1:25:58 - Making LDAP calls to connect and bind to active directory. DC1.ourdomain.edu 1:25:58 - Call failed after 0 milliseconds. 1:25:58 - Forcing rediscovery of domain controller details. 1:25:58 - Group policy failed to discover the domain controller in 1030 milliseconds 1:25:58 - Periodic policy processing failed for computer OURDOMAIN\%name%$ in 1 seconds. 1:25:59 - A network link has been established at 1Gbps at full duplex 1:26:00 - The network link has been disconnected 1:26:02 - NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and DOUBLE THE REATTEMPT INTERVAL thereafter. 1:26:05 - A network link has been established at 1Gbps at full duplex 1:26:08 - Name resolution for the name %Name% timed out after none of the configured DNS servers responded. 1:26:10 – The TCP/IP NetBIOS Helper service entered the running state. 1:26:11 - The time provider NtpClient is currently receiving valid time data at dc4.ourdomain.edu 1:26:14 – User Logon Notification for Customer Experience Improvement Program 1:26:15 - Group Policy received the notification Logon from Winlogon for session 1. 1:26:15 - Making LDAP calls to connect and bind to Active Directory. dc4.ourdomain.edu 1:26:18 - The LDAP call to connect and bind to Active Directory completed. dc4. ourdomain.edu. The call completed in 2309 milliseconds. 1:26:18 - Group Policy successfully discovered the Domain Controller in 2918 milliseconds. 1:26:18 - Computer details: Computer role : 2 Network name : (Blank) 1:26:18 - The LDAP call to connect and bind to Active Directory completed. dc4.ourdomain.edu. The call completed in 2309 milliseconds. 1:26:18 - Group Policy successfully discovered the Domain Controller in 2918 milliseconds. 1:26:19 - The WinHTTP Web Proxy Auto-Discovery Service service entered the running state. 1:26:46 - The Network Connections service entered the running state. 1:27:10 – Retrieved account information 1:27:10 – The system call to get account information completed. 1:27:10 - Starting policy processing due to network state change for computer OURDOMAIN\%name%$ 1:27:10 – Network state change detected 1:27:10 - Making system call to get account information. 1:27:11 - Making LDAP calls to connect and bind to Active Directory. dc4.ourdomain.edu 1:27:13 - Computer details: Computer role : 2 Network name : ourdomain.edu (Now not blank) 1:27:13 - Group Policy successfully discovered the Domain Controller in 2886 milliseconds. 1:27:13 - The LDAP call to connect and bind to Active Directory completed. dc4.ourdomain.edu The call completed in 2371 milliseconds. 1:27:15 - Estimated network bandwidth on one of the connections: 0 kbps. 1:27:15 - Estimated network bandwidth on one of the connections: 8545 kbps. 1:27:15 - A fast link was detected. The Estimated bandwidth is 8545 kbps. The slow link threshold is 500 kbps. 1:27:17 – Powershell - Engine state is changed from Available to Stopped. 1:27:20 - Completed Group Policy Local Users and Groups Extension Processing in 4539 milliseconds. 1:27:25 - Completed Group Policy Scheduled Tasks Extension Processing in 5210 milliseconds. 1:27:27 - Completed Group Policy Registry Extension Processing in 1529 milliseconds. 1:27:27 - Completed policy processing due to network state change for computer OURDOMAIN\%name%$ in 16 seconds. 1:27:27 – The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. Any help would be appreciated. Please ask for any relevant information and it will be provided as soon as possible.

    Read the article

  • How to get httrack to work with SSL on mac os x? (libssl.so not found)

    - by cwd
    I'm trying to use httrack website copier but the program is running and reporting "no-ssl" (ie: it does not have the capability to copy secure sites). From looking over this thread, it seems that the problem is either when I make & configure the program, or when I run the program, it is not finding the lib-ssl / open-ssl that I have installed. I think it is looking for /var/root/lib/libssl.so.1.0 The user on that forum states that he created a symlink which allowed httrack to find the ssl library in the non-default location. Perhaps that's what I need to do - but where do I create the link from and to? I'm not seeing that I have any libssl.so files installed on my system. Do I need the development package? If so, how do I install that? I used macports to install the current version of openssl that I have. I'm running OS X 10.6. Reserch I have run this command to try and debug: dtruss httrack 2&1 | grep ssl and that outputs this: stat64("libssl.so.1.0\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.1.0\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.1.0\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.1.0\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.1\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.1\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.1\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.1\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.1.0.0\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.1.0.0\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.1.0.0\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.1.0.0\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8p\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8p\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8p\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8p\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8o\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8o\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8o\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8o\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8n\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8n\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8n\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8n\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8m\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8m\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8m\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8m\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8l\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8l\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8l\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8l\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8k\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8k\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8k\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8k\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8j\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8j\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8j\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8j\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8g\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8g\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8g\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8g\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8b\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8b\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8b\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8b\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.8\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.8\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.8\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.8\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.7\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.7\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.7\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.7\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so.0.9.6\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so.0.9.6\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so.0.9.6\0", 0x7FFF5FBFF210, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so.0.9.6\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("libssl.so\0", 0x7FFF5FBFEE30, 0x7FFF5FBFF470) = -1 Err#2 stat64("/var/root/lib/libssl.so\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/local/lib/libssl.so\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 stat64("/usr/lib/libssl.so\0", 0x7FFF5FBFF220, 0x7FFF5FBFF470) = -1 Err#2 I have already used mac ports to install open-ssl: port installed The following ports are currently installed: beecrypt @4.2.1_2 (active) cpio @2.10_0 (active) expat @2.0.1_1 (active) flex @2.5.35_0 (active) gettext @0.18.1.1_2 (active) gperf @3.0.4_0 (active) icu @4.6_0 (active) libiconv @1.13.1_0 (active) mysql5 @5.1.53_0 (active) ncurses @5.9_0 (active) ncursesw @5.8_0 (active) neon @0.29.5_0 (active) openssl @1.0.0c_0 (active) perl5.8 @5.8.9_3 (active) popt @1.16_0 (active) python24 @2.4.6_7 (active) readline @6.1.002_0 (active) rpm @4.4.9_10 (active) sqlite3 @3.7.3_0 (active) zlib @1.2.5_0 (active) Here are the install locations: locate libssl /opt/local/lib/libssl.1.0.0.dylib /opt/local/lib/libssl.a /opt/local/lib/libssl.dylib /opt/local/lib/pkgconfig/libssl.pc /opt/local/var/macports/software/openssl/1.0.0c_0/opt/local/lib/libssl.1.0.0.dylib /opt/local/var/macports/software/openssl/1.0.0c_0/opt/local/lib/libssl.a /opt/local/var/macports/software/openssl/1.0.0c_0/opt/local/lib/libssl.dylib /opt/local/var/macports/software/openssl/1.0.0c_0/opt/local/lib/pkgconfig/libssl.pc /usr/lib/libssl.0.9.7.dylib /usr/lib/libssl.0.9.8.dylib /usr/lib/libssl.0.9.dylib /usr/lib/libssl.dylib /usr/lib/pkgconfig/libssl.pc What should I do next? More Info I tried the solution below: $ DYLD_INSERT_LIBRARIES="/opt/local/lib/libssl.1.0.0.dylib" httrack Welcome to HTTrack Website Copier (Offline Browser) 3.44-1-nossl Copyright (C) Xavier Roche and other contributors To see the option list, enter a blank line or try httrack --help It is still not able to load the ssl lib: 3.44-1-nossl

    Read the article

  • Cisco VPN Client Behind ASA 5505

    - by fdf33
    I'm trying to get connected to another ASA via Cisco VPN Client. I am behind an ASA 5505 myself and I am tryihng to VPN to a 5510. I get the message: Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding. I can connect to the other ASA if I use a normal cheap Linksys. Here's the version of my ASA: Result of the command: "sh ver" Cisco Adaptive Security Appliance Software Version 8.4(1) Any help would be great. Thanks running-config : Saved : Written by enable_15 at 23:12:32.378 UTC Fri Jul 1 2011 ! ASA Version 8.4(1) ! hostname aaaasa domain-name aaa.local enable password xxxxxxxxxxxxxxx encrypted passwd xxxxxxxxxxxxxxxxxxxx encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.254 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address xxx.xxx.xxx.xxx 255.255.254.0 ! interface Vlan5 no nameif security-level 50 ip address 172.16.0.254 255.255.255.0 ! interface Vlan500 no nameif security-level 100 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa841-k8.bin ftp mode passive dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 4.2.2.2 domain-name aaa.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network A_93.97.168.1 host 93.97.168.1 object network rdp host 192.168.1.2 object network NETWORK_OBJ_192.168.1.0_24 subnet 192.168.1.0 255.255.255.0 access-list 101 extended permit tcp any host 192.168.1.2 eq 3389 access-list 101 extended permit icmp any any echo-reply access-list 101 extended permit icmp any any source-quench access-list 101 extended permit icmp any any time-exceeded access-list 101 extended permit icmp any any unreachable access-list 102 extended permit ip any any pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1492 ip local pool VPNPool 192.168.2.200-192.168.2.210 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-641.bin no asdm history enable arp timeout 14400 ! object network rdp nat (inside,outside) static interface service tcp 3389 3389 ! nat (inside,outside) after-auto source dynamic any interface access-group 101 in interface outside access-group 102 out interface outside ! router ospf 1 network 192.168.1.0 255.255.255.0 area 0 log-adj-changes ! route outside 0.0.0.0 0.0.0.0 93.97.168.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa proxy-ldc-issuer crl configure crypto ca certificate chain ASDM_TrustPoint0 certificate 8877d64d 30820248 308201b1 a0030201 02020488 77d64d30 0d06092a 864886f7 0d010105 05003036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c301e 170d3131 30353231 30383533 34325a17 0d323130 35313830 38353334 325a3036 3111300f 06035504 03130863 6973636f 61736131 21301f06 092a8648 86f70d01 09021612 63697363 6f617361 2e6e6a64 2e6c6f63 616c3081 9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100ea 1aa95141 480e616c efee6816 a96d6511 313b6776 cd3dd57b cd84b4d2 5e108aee 7c980086 4d92e2eb b6c7bf66 4585af0a ccbf153a db9270be c6f5c67b db9dd8d1 2f78d033 3348b056 df4be0da 70e08953 53adf294 9db6c020 597d250f bf448b43 b90179c8 ff0b15d8 744632d9 31c1945f 0b11e258 b4c1d224 692efff4 7b2f5102 03010001 a3633061 300f0603 551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014493c 19db183a ab1af9e9 b1e44ad4 2a408b3c 89d1301d 0603551d 0e041604 14493c19 db183aab 1af9e9b1 e44ad42a 408b3c89 d1300d06 092a8648 86f70d01 01050500 03818100 1dd1760a fdd15941 4803fb9a cd6f44a7 2e275854 a1c0fbe1 d19f2cc9 182d43ef a547f854 8df96d15 3ea79c62 cf3fcb1c 5820360b c607dbfc 4de8bb16 19f727e9 b928a085 665816d8 138e4a35 ed610950 7910dd4a 0b1a9dd9 0e26f1c8 b78bc0cc cbf19eb2 4c4c3931 45199ea5 249e3266 661e44fd 7a00d376 dcfc6e4e d43f10b8 quit crypto isakmp nat-traversal 30 crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 prf sha lifetime seconds 86400 crypto ikev2 enable outside client-services port 443 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0 telnet timeout 5 ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.5-192.168.1.36 inside dhcpd dns 4.2.2.2 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics host number-of-rate 3 threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 ntp server 82.219.4.31 source outside prefer ssl trust-point ASDM_TrustPoint0 outside webvpn enable outside anyconnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1 anyconnect profiles AnyConnectVPN_client_profile disk0:/AnyConnectVPN_client_profile.xml anyconnect profiles SSLAnyConnectVPN_client_profile disk0:/SSLAnyConnectVPN_client_profile.xml anyconnect enable tunnel-group-list enable group-policy GroupPolicy_AnyConnectVPN internal group-policy GroupPolicy_AnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client ssl-clientless default-domain value aaa.local webvpn url-list none anyconnect profiles value AnyConnectVPN_client_profile type user group-policy GroupPolicy_SSLAnyConnectVPN internal group-policy GroupPolicy_SSLAnyConnectVPN attributes wins-server none dns-server value 4.2.2.2 vpn-tunnel-protocol ikev2 ssl-client default-domain value aaa.local webvpn anyconnect profiles value SSLAnyConnectVPN_client_profile type user username testuser password xxxxxxxxxxxxxxxxx encrypted privilege 0 username testuser attributes vpn-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLPOL type remote-access tunnel-group SSLPOL general-attributes default-group-policy GroupPolicy_AnyConnectVPN tunnel-group SSLAnyConnectVPN type remote-access tunnel-group SSLAnyConnectVPN general-attributes address-pool VPNPool default-group-policy GroupPolicy_SSLAnyConnectVPN tunnel-group SSLAnyConnectVPN webvpn-attributes group-alias SSLAnyConnectVPN enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect esmtp inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect sip inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp ! service-policy global_policy global prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:94a65341aa27d3929d5e92a32ba22120 : end

    Read the article

  • Sendmail to local domain ignoring MX records (part 2)

    - by FractalizeR
    Hello. I have the exact problem, like in this post: http://serverfault.com/questions/25068/sendmail-to-local-domain-ignoring-mx-records I am also using email provider like GMail For Your Domain (which stores your mail and manages it). I am sending mail from my server directly, but receiving mail is done via Yandex (email provider). Since the server hosts forum, I prefer to send mail directly from it because using another mail provider can slow things. Also, when I send 300.000 emails to my subscribers, email provider will surely block me thinking I send spam. My DNS zone now is: ; ; GSMFORUM.RU ; $TTL 1H gsmforum.ru. SOA ns1.hc.ru. support.hc.ru. ( 2009122268 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 1H ) ; Minimum gsmforum.ru. NS ns1.hc.ru. gsmforum.ru. NS ns2.hc.ru. @ A 79.174.68.223 *.gsmforum.ru. CNAME @ ns1 A 79.174.68.223 ns2 A 79.174.68.224 @ MX 10 mx.yandex.ru. mail CNAME domain.mail.yandex.net. yamail-xxxxxxxxx CNAME mail.yandex.ru. Server hostname is server.gsmforum.ru. May be this is the cause? Can someone explain the reason of the matter (the rules that make sendmail consider domain to be local)? Can I easily change *.gsmforum.ru. CNAME @ into *.gsmforum.ru. A 79.174.68.224 to solve this problem? [root@server ~]# cat /etc/mail/local-host-names localhost localhost.localdomain This server hosts gsmforum.ru so I cannot put it into another domain like David Mackintosh suggests. Putting domain in mailertable doesn't solve the problem also. sendmail -bt still shows, that address is local. DontProbeInterfaces is also set to true at sendmail config. M4 file follows: divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl dnl # dnl # Do not advertize sendmail version. dnl # dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST', `smtp.your.provider')dnl dnl # define(`confDEF_USER_ID', ``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES',`True') define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # Please remember that saslauthd needs to be running for AUTH. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # cd /usr/share/ssl/certs; make sendmail.pem dnl # Complete usage: dnl # make -C /usr/share/ssl/certs usage dnl # dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The following limits the number of processes sendmail can fork to accept dnl # incoming messages or process its message queues to 20.) sendmail refuses dnl # to accept connections once it has reached its quota of child processes. dnl # dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl dnl # dnl # Limits the number of new connections per second. This caps the overhead dnl # incurred due to forking new sendmail processes. May be useful against dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address dnl # limit would be useful but is not available as an option at this writing.) dnl # dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment dnl # the following 2 definitions and activate below in the MAILER section the dnl # cyrusv2 mailer. dnl # dnl define(`confLOCAL_MAILER', `cyrusv2')dnl dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Name=MTA,Port=smtp') dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl FEATURE(`dnsbl',`zen.spamhaus.org',`Rejected - your IP is blacklisted by http://www.spamhaus.org')

    Read the article

  • Tomcat IIS 7 Integration gives 503 errors on all requests.

    - by Yvan JANSSENS
    Hi, After many attempts to install Tomcat on IIS 7, I finally managed to get it working. At least I think so :-S. I finally got the 500 errors away, by setting the correct permissions. The only thing that doesn't work is ... serving stuff: neither regular stuff (like ASP, HTML files, or directory browsing) or Tomcat things work. Here are my configs: Worker.properties # The workers that your plugins should create and work with # worker.list=worker1 #------ DEFAULT ajp13 WORKER DEFINITION ------------------------------ #--------------------------------------------------------------------- # Defining a worker named ajp13 and of type ajp13 # Note that the name and the type do not have to match. # worker.worker1.port=8009 worker.worker1.host=127.0.0.1 worker.worker1.type=ajp13 URIWorkerMap.properties /|/*=worker1 # Exclude the subdirectory static: !/static|/*=worker1 # Exclude some suffixes: !*.html=worker1 !*.asp=worker1 Server.xml <?xml version='1.0' encoding='utf-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --> <Server port="8005" shutdown="SHUTDOWN"> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html --> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/service.html --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> --> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie : <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> --> <Engine name="Catalina" defaultHost="localhost"> <!--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) --> <!-- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> --> <!-- The request dumper valve dumps useful debugging information about the request and response data received and sent by Tomcat. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.RequestDumperValve"/> --> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> <!-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. --> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> --> </Host> </Engine> </Service> </Server> http://localhost:8080 is working, I can view the apps and configure them there... I'm quite new to IIS 7, I used to work with IIS 6. Thanks in advance, Yvan

    Read the article

  • Trouble connecting to vsftpd on ubuntu server

    - by littleK
    I have installed Ubuntu Server 10.10 and I am using it to host a domain that I have. I am trying to set up FTP for the server, but I am running into some problems. I have successfully installed vsFTPd and I have opened up ports 20, 21 on my firewall. In my vsFTPd configuration, I have enabled SSL. Every time I try to connect to my server via FTP, I receive a "Connection Refused" error. I have had a little more success with SSL disabled, however the connection process will time out after the LIST command (but it does accept my authentication). Here is my vsFTPd configuration, the SSL stuff is at the bottom: # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=YES # # Run standalone with IPv6? # Like the listen parameter, except vsftpd will listen on an IPv6 socket # instead of an IPv4 one. This parameter and the listen parameter are mutually # exclusive. #listen_ipv6=YES # # Allow anonymous FTP? (Disabled by default) anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) #local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # If enabled, vsftpd will display directory listings with the time # in your local time zone. The default is to display GMT. The # times returned by the MDTM FTP command are also affected by this # option. use_localtime=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. #chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # Debian customization # # Some of vsftpd's settings don't fit the Debian filesystem layout by # default. These settings are more Debian-friendly. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd/empty # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/private/vsftpd.pem # SSL ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES Thanks!

    Read the article

  • Can't Get Virtual Users Setup in VSFTPD -Tried Everything

    - by N.T.
    Have Ubuntu 11.10 with vsftpd installed and working. Can not get virtual users setup at all? Vsftpd will allow main Ubuntu owner account to login, but nothing else? I've followed several tutorials on adding virtual users, but nothing works? I just need to add 2 virtual users and have them be able to upload files to vsftpd Ubuntu computer from other computers on my Lan network. Everywhere I've looked, people just point toward tutorials on adding virtual users, but that just is NOT working. I've been struggling with this for over a week now! PLEASE Help. Thanks. I'll even give a donation if someone can figure this out. here is the vsftpd.conf file I am using. I copied the original, and make a new one, every time I try a tutorial. So far, none have worked. Here is the vsftpd.conf file I'm using. (I hope this helps?) # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=YES # # Run standalone with IPv6? # Like the listen parameter, except vsftpd will listen on an IPv6 socket # instead of an IPv4 one. This parameter and the listen parameter are mutually # exclusive. #listen_ipv6=YES # # Allow anonymous FTP? (Disabled by default) anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # If enabled, vsftpd will display directory listings with the time # in your local time zone. The default is to display GMT. The # times returned by the MDTM FTP command are also affected by this # option. use_localtime=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: ftpd_banner=Welcome to Sage FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # Debian customization # # Some of vsftpd's settings don't fit the Debian filesystem layout by # default. These settings are more Debian-friendly. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd/empty # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd local_root=/media/FilesDrive # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/private/vsftpd.pem

    Read the article

  • What to filter when providing very limited open WiFi to a small conference or meeting?

    - by Tim Farley
    Executive Summary The basic question is: if you have a very limited bandwidth WiFi to provide Internet for a small meeting of only a day or two, how do you set the filters on the router to avoid one or two users monopolizing all the available bandwidth? For folks who don't have the time to read the details below, I am NOT looking for any of these answers: Secure the router and only let a few trusted people use it Tell everyone to turn off unused services & generally police themselves Monitor the traffic with a sniffer and add filters as needed I am aware of all of that. None are appropriate for reasons that will become clear. ALSO NOTE: There is already a question concerning providing adequate WiFi at large (500 attendees) conferences here. This question concerns SMALL meetings of less than 200 people, typically with less than half that using the WiFi. Something that can be handled with a single home or small office router. Background I've used a 3G/4G router device to provide WiFi to small meetings in the past with some success. By small I mean single-room conferences or meetings on the order of a barcamp or Skepticamp or user group meeting. These meetings sometimes have technical attendees there, but not exclusively. Usually less than half to a third of the attendees will actually use the WiFi. Maximum meeting size I'm talking about is 100 to 200 people. I typically use a Cradlepoint MBR-1000 but many other devices exist, especially all-in-one units supplied by 3G and/or 4G vendors like Verizon, Sprint and Clear. These devices take a 3G or 4G internet connection and fan it out to multiple users using WiFi. One key aspect of providing net access this way is the limited bandwidth available over 3G/4G. Even with something like the Cradlepoint which can load-balance multiple radios, you are only going to achieve a few megabits of download speed and maybe a megabit or so of upload speed. That's a best case scenario. Often it is considerably slower. The goal in most of these meeting situations is to allow folks access to services like email, web, social media, chat services and so on. This is so they can live-blog or live-tweet the proceedings, or simply chat online or otherwise stay in touch (with both attendees and non-attendees) while the meeting proceeds. I would like to limit the services provided by the router to just those services that meet those needs. Problems In particular I have noticed a couple of scenarios where particular users end up abusing most of the bandwidth on the router, to the detriment of everyone. These boil into two areas: Intentional use. Folks looking at YouTube videos, downloading podcasts to their iPod, and otherwise using the bandwidth for things that really aren't appropriate in a meeting room where you should be paying attention to the speaker and/or interacting.At one meeting that we were live-streaming (over a separate, dedicated connection) via UStream, I noticed several folks in the room that had the UStream page up so they could interact with the meeting chat - apparently oblivious that they were wasting bandwidth streaming back video of something that was taking place right in front of them. Unintentional use. There are a variety of software utilities that will make extensive use of bandwidth in the background, that folks often have installed on their laptops and smartphones, perhaps without realizing.Examples: Peer to peer downloading programs such as Bittorrent that run in the background Automatic software update services. These are legion, as every major software vendor has their own, so one can easily have Microsoft, Apple, Mozilla, Adobe, Google and others all trying to download updates in the background. Security software that downloads new signatures such as anti-virus, anti-malware, etc. Backup software and other software that "syncs" in the background to cloud services. For some numbers on how much network bandwidth gets sucked up by these non-web, non-email type services, check out this recent Wired article. Apparently web, email and chat all together are less than one quarter of the Internet traffic now. If the numbers in that article are correct, by filtering out all the other stuff I should be able to increase the usefulness of the WiFi four-fold. Now, in some situations I've been able to control access using security on the router to limit it to a very small group of people (typically the organizers of the meeting). But that's not always appropriate. At an upcoming meeting I would like to run the WiFi without security and let anyone use it, because it happens at the meeting location the 4G coverage in my town is particularly excellent. In a recent test I got 10 Megabits down at the meeting site. The "tell people to police themselves" solution mentioned at top is not appropriate because of (a) a largely non-technical audience and (b) the unintentional nature of much of the usage as described above. The "run a sniffer and filter as needed" solution is not useful because these meetings typically only last a couple of days, often only one day, and have a very small volunteer staff. I don't have a person to dedicate to network monitoring, and by the time we got the rules tweaked completely the meeting will be over. What I've Got First thing, I figured I would use OpenDNS's domain filtering rules to filter out whole classes of sites. A number of video and peer-to-peer sites can be wiped out using this. (Yes, I am aware that filtering via DNS technically leaves the services accessible - remember, these are largely non-technical users attending a 2 day meeting. It's enough). I figured I would start with these selections in OpenDNS's UI: I figure I will probably also block DNS (port 53) to anything other than the router itself, so that folks can't bypass my DNS configuration. A savvy user could get around this, because I'm not going to put a lot of elaborate filters on the firewall, but I don't care too much. Because these meetings don't last very long, its probably not going to be worth the trouble. This should cover the bulk of the non-web traffic, i.e. peer-to-peer and video if that Wired article is correct. Please advise if you think there are severe limitations to the OpenDNS approach. What I Need Note that OpenDNS focuses on things that are "objectionable" in some context or another. Video, music, radio and peer-to-peer all get covered. I still need to cover a number of perfectly reasonable things that we just want to block because they aren't needed in a meeting. Most of these are utilities that upload or download legit things in the background. Specifically, I'd like to know port numbers or DNS names to filter in order to effectively disable the following services: Microsoft automatic updates Apple automatic updates Adobe automatic updates Google automatic updates Other major software update services Major virus/malware/security signature updates Major background backup services Other services that run in the background and can eat lots of bandwidth I also would like any other suggestions you might have that would be applicable. Sorry to be so verbose, but I find it helps to be very, very clear on questions of this nature, and I already have half a solution with the OpenDNS thing.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 162 163 164 165 166 167 168  | Next Page >