domain rename - Page 192

Taking Steps to Build Your First Website

Lots of people want to have their own website, unfortunately not a lot of them know anything about how to design one, if you are going to pay somebody to design a website for you, always make sure that the person or company that you use are trustworthy. It is always good picking your own domain name, you want something that is short but stands out, if you need to check what domain names are available to use you could look on whois.com.

Read the article

Why Can't I Find My Website on the Internet?

This question haunts many website owners. The reason may be that after registering your domain, it takes up to three days (standard propagation time) for your domain to fully propagate throughout the internet.

Read the article

?????????????????????????|WebLogic Channel|??????

- by ???02

Java EE????????·????????????????/??????????????????????·?????????????????????????WebLogic Server?????????????WebLogic Server???????????????????·??????????????????????????????????????????????????????????(???)???????WebLogic Server???????　????WebLogic Server 11g(10.3.5)??????????????????????????????????????????????????(1)WebLogic Server???????(2)????????????????(3)?????????????(4)JDBC????????????(5)?????????????　???????Windows?WebLogic Server??????10.3.5????????Oracle Database Express Edition????????????????????????????????????EXE???ZIP???2????????????????EXE???????　???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MIDDLEWARE_HOME(?????????????)(????????????????)C:\Oracle\MiddlewareWebLogic Server??????????????Oracle CoherenceOracle Enterprise Pack for Eclipse?????????·????????????????????????????????????????????????(Windows?????)??????????Windows????????(??????????????)?????Web????Oracle HTTP Server?????????????(????????????????????)Oracle ADF(Application Development Framework)??????????WebLogic Server????????????????(Oracle ADF??????????????????????????????)Fusion Middleware Control???????????(Oracle HTTP Server?????????????????????????????)???????????TokyoDomain???????ID/?????weblogic/welcome1??????????AdminServer:7001????????????Server1:7011Server2:7012???????????????Host1??????????????????????????Host1?Server1???Host2?Server2???????JVMJRockit????????????????????????(???????)C:\Oracle\Middleware\user_projects\domains???????????????????????????????????????　???WebLogic Server??????????GUI????CUI?????????????????????????????????????????????????·????3??????????????????????????????????GUI???????????????????????¦??????????Oracle WebLogic Server ???????·????????????WebLogic Server?????????????????????!(1)WebLogic Server???????　???????????????????????????????????????????????????????????????????????????????????·???·????????????????????????????????????????　????????????????????????????My Oracle Support???????????????????My Oracle Support?????????????????????·??????????????????????????????????????　?????????????·?????????WebLogic Server?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????　????????????JDK????????????????????????JDK??????????????????????????????????JDK??????????????????????????????????????·???????????????????????????????????????????????????????????　???????????Windows????????????????WebLogic Server?Windows?????????????Windows?????????????????????????????????????????????????????Windows?????????????????????????????????????????????????????????????????????　??????????????????????All Users???????·??????????????????????????????????????????????????????????????????　????????????????????????????????????????????????????(2)????????????????　???????????????????????????????????????????1??????JDBC??????????Oracle Database????????????Web????????HTTP??????????????????????????　??????????????????????????????????????????????????????????????????????????domain1??????????????JDKJRockit SDK 1.6????????1????????Server1?????????????7002???ID??????ID:weblogic?????:welcome1　????????????????????????????????????????2????????????????????????????????????????????????????????????(???????????????)?????????????????????????????????????????????????????????????????????????????Web????·????·???????·????????????????????/??????????????????????(???????·???)?????????????????????????????????????????????????????????????????????????????????????????????????????????????????Web????·???·???????·???????????????????????????????????　???????????????????WebLogic Server??????????????????　WebLogic Server???????????????Configuration Wizard?????????????????Windows???????????????????????-?Oracle WebLogic?-?WebLogic Server 11gR1?-?Tools?-?Configuration Wizard?????????(UNIX???????WLS_HOME/common/bin/config.sh??????)?????????????????WebLogic????????????????????????????　????????????????·???????????WebLogic Server???????????????Oracle SOA Suite?Oracle Business Process Management???Fusion Middleware??????????????????????????????????????????????????????????????????????????????????Basic WebLogic Server Domain?????????Basic WebLogic Server Domain??????????????????????????????????????????????????????????　????????????????JDK???????????????????????????(????????)???????????JDK???????????????????????JRockit????????????????????????JDK????????????????JDK????????????JDK?????????????????????　???????????????????????????????????????????????????????RDBMS???????·?????????????????????????????????????????????　?????????????????????????????????????????????????????????????????????????????????????????????????　??????????????????????????????????DOMAIN\startWebLogic.cmd?(UNIX??????startWebLogic.sh?))???????????????????????ID????????????????????????????????????????<??> ?????????????????????????????(3)?????????????　??????????????????????????????????????????????????7001?????????Web??????http://localhost:7001/?????????????????????????????????????????????ID????????????????????????　??????????????????????? ??????????????????????????????????????????????(domain1)??????????????????????????????????-??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????　??????????????????????????????DOMAIN\bin????????????????????????(??????Server1??????????????7001????)?startManagedWebLogic.cmd Server1 http://localhost:7001　????????????ID????????????????????????????<??> ??????????????????????????????????????????????????????DOMAIN_HOME\bin\stopManagedWebLogic.cmd?????????????????????????stopManagedWebLogic Server1¦??????????????Oracle???????????????????????·????!(4)JDBC????????????　????JDBC??????????????Java EE????????·????????JDBC?????????????????????????????????????????????????????????????????????????????????JNDI(Java Naming and Directory Interface)??????????/??????????????????????????????·???????????????????????????　?????????????????????????????????????????????JDBC???????????????JDBC??????????????????????????????????????????????????????????????????????????????????WebLogic Server????????JDBC???????????????????????????????????????????????????????????????????????????????　???WebLogic Server???????????????????????????????????????????1?????????????????????????????????????????????????????????????·?????????????????????????????????????????????????????????????????????????Oracle Database????????·?????????Oracle Real Application Clusters(RAC)?????????????????????　???WebLogic Server 11g????????JDBC?????????????MySQL??Oracle Database????????????????????????????????????Oracle Thin Driver 11gojdbc6.jarTYPE4MySQL5.0 JDBC????mysql-connector-java-commercial-5.0.x-bin.jar WebLogic Type4 JDBC????DB2?:wldb2.jarMS SQL Server?:wlsqlserver.jarInformix?:wlinformix.jarSybase?:wlsybase.jarDataDirect?OEM??　??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????(*?????)??Oracle Database????????????*WebLogic Server?????dsAJNDI?*JNDI??????????jdbc/dsA????????*Oracle?DB2???1Oracle???????*????????????????1Oracle Thin Instance-Connection????????·??????XA??????????1phase commit???????*???????IDORCL????*???????????Localhost???*?????????????1521??????·?????????????????SCOTT???????????·??????????TIGER????·????*JDBC??????????2oracle.jdbc.OracleDriverURL*JDBC URL?2jdbc:oracle:thin:@localhost:1521:ORCLJDBC????·?????JDBC???? ????????(or SQL)??????????????SQLSQL SELECT 1 FROM DUAL?????WLS?????????????????Server1?1　????????????BOX?????2　?????????????????　?????????·?????????????????????????????????????????1??????????????????????????????????????1?????1?????????????????15?????????????????????????1????????????????????????????????????????????(???????????????????)false?????(?)????????????????????????????????????????????????????(???????????????????)120?????????????????????????????????????????????????10????(?)?????????????????????900??????????????(?)?????????????????????????????????????????????????????0(??)???????????(?)????????????????????????????????10??????????(?)?????????????????????????????0???????JDBC????????????SQL????????????????JDBC?????Statement.setQueryTimeout????????????-1?1　???????????????????????????????????????????????????????????????　???????????·???(?????)???????????????????????????????????????????????????WebLogic Server?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????　JDBC?????????????????????????????????????????? ?????????????????????????????????????????-?JDBC?-?????????????????????????????JDBC???????????????-??????·?????????????　???JDBC????????????JNDI??????????????????·??????????????????Oracle Database Express Edition???????????????????????????????Oracle?????????·????????XA???????　???????????????????????????????·?????????????????????????1????·?????????????????????????????????????????????????????????????????????·????????????????????????????????????????????????????????????????????????????JDBC?????????????????????????????????????????? ???????????????????????????????????　????????????????????????????????????????-?JDBC?-????????????????????????????????????????????????????????????????????¦????????????Oracle WebLogic Server - JDBC??????(5)?????????????　???????????????????????????????????????????????????Java EE 5????????????????????Java EE??????????????????Eclipse?Oracle JDeveloper 11g?Oracle Enterprise Pack for Eclipse 11g????????????????·?????????????????????WebLogic Server?????????????????????????WebLogic Server??????????????????????Web?????????WAR?????EJB?????????JAR????????WAR?JAR????????EAR??????????????　?????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????　?????????????·??????·????????????????????????????????????????????????????????????????　????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????(????????)????????????????????????????????????　???????????? ??????????????????????????????????????　?????????????????????????????????????????????????????-????????????????????????????????????????????????????????　????????????????????????????????????????????????????????????????????????????????????????????????　???????WebLogic Server????????????????????????????????????????????????????????????WebLogic Server????????????????????????????????????????????·???????????????/????????????????????????????WebLogic Server????????????????????????????????????????????????????????????WebLogic Server?????????????????¦????????WebLogic Server???···????????????????????!

Read the article

The Mysterious ARR Server Farm to URL Rewrite link

- by OWScott

Application Request Routing (ARR) is a reverse proxy plug-in for IIS7+ that does many things, including functioning as a load balancer. For this post, I’m assuming that you already have an understanding of ARR. Today I wanted to find out how the mysterious link between ARR and URL Rewrite is maintained. Let me explain… ARR is unique in that it doesn’t work by itself. It sits on top of IIS7 and uses URL Rewrite. As a result, ARR depends on URL Rewrite to ‘catch’ the traffic and redirect it to an ARR Server Farm. As the last step of creating a new Server Farm, ARR will prompt you with the following: If you accept the prompt, it will create a URL Rewrite rule for you. If you say ‘No’, then you’re on your own to create a URL Rewrite rule. When you say ‘Yes’, the Server Farm’s checkbox for “Use URL Rewrite to inspect incoming requests” will be checked. See the following screenshot. However, I’m not a fan of this auto-rule. The problem is that if I make any changes to the URL Rewrite rule, which I always do, and then make the wrong change in ARR, it will blow away my settings. So, I prefer to create my own rule and manage it myself. Since I had some old rules that were managed by ARR, I wanted to update them so that they were no longer managed that way. I took a look at a config in applicationHost.config to try to find out what property would bind the two together. I assumed that there would be a property on the ServerFarm called something like urlRewriteRuleName that would serve as the link between ARR and URL Rewrite. I found no such property. After a bit of testing, I found that the name of the URL Rewrite rule is the only link between ARR and URL Rewrite. I wouldn’t have guessed. The URL Rewrite rule needs to be exactly ARR_{ServerFarm Name}_loadBalance, although it’s not case sensitive. Consider the following auto-created URL Rewrite rule: And, the link between ARR and URL Rewrite exists: Now, as soon as I rename that to anything else, for example, site.com ARR Binding, the link between ARR and URL Rewrite is broken. To be certain of the relationship, I renamed it back again and sure enough, the relationship was reestablished. Why is this important? It’s only important if you want to decouple the relationship between ARR the URL Rewrite rule, but if you want to do so, the best way to do that is to rename the URL Rewrite rule. If you uncheck the “Use URL Rewrite to inspect incoming requests” checkbox, it will delete your rule for you without prompting. Conclusion The mysterious link between ARR and URL Rewrite only exists through the ARR Rule name. If you want to break the link, simply rename the URL Rewrite rule. It’s completely safe to do so, and, in my opinion, this is a rule that you should manage yourself anyway.

Read the article

Configuring Fed Authentication Methods in OIF / IdP

- by Damien Carru

In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML 1.1 SSO OpenID 2.0 Enjoy the reading! Configuration As I mentioned in my previous article, mapping Federation Authentication Methods to OAM Authentication Schemes is protocol dependent, since the methods are defined in the various protocols (SAML 2.0, SAML 1.1, OpenID 2.0). As such, the WLST commands to set those mappings will involve: Either the SP Partner Profile and affect all Partners referencing that profile, which do not override the Federation Authentication Method to OAM Authentication Scheme mappings Or the SP Partner entry, which will only affect the SP Partner It is important to note that if an SP Partner is configured to define one or more Federation Authentication Method to OAM Authentication Scheme mappings, then all the mappings defined in the SP Partner Profile will be ignored. WLST Commands The two OIF WLST commands that can be used to define mapping Federation Authentication Methods to OAM Authentication Schemes are: addSPPartnerProfileAuthnMethod() to define a mapping on an SP Partner Profile, taking as parameters: The name of the SP Partner Profile The Federation Authentication Method The OAM Authentication Scheme name addSPPartnerAuthnMethod() to define a mapping on an SP Partner , taking as parameters: The name of the SP Partner The Federation Authentication Method The OAM Authentication Scheme name Note: I will discuss in a subsequent article the other parameters of those commands. In the next sections, I will show examples on how to use those methods: For SAML 2.0, I will configure the SP Partner Profile, that will apply all the mappings to SP Partners referencing this profile, unless they override mapping definition For SAML 1.1, I will configure the SP Partner. For OpenID 2.0, I will configure the SP/RP Partner SAML 2.0 Test Setup In this setup, OIF is acting as an IdP and is integrated with a remote SAML 2.0 SP partner identified by AcmeSP. In this test, I will perform Federation SSO with OIF/IdP configured to: Use LDAPScheme as the Authentication Scheme Use BasicScheme as the Authentication Scheme Map BasicSessionScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:Password Federation Authentication Method Use OAMLDAPPluginAuthnScheme as the Authentication Scheme Map OAMLDAPPluginAuthnScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method LDAPScheme as Authentication Scheme Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme. Also the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme. After authentication via FORM, OIF/IdP would issue an Assertion similar to: <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> BasicScheme as Authentication Scheme For this test, I will switch the default Authentication Scheme for the SP Partner Profile to BasicScheme instead of LDAPScheme. I will use the OIF WLST setSPPartnerProfileDefaultScheme() command and specify which scheme to be used as the default for the SP Partner Profile referenced by AcmeSP (which is saml20-sp-partner-profile in this case: getFedPartnerProfile("AcmeSP", "sp") ): Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerProfileDefaultScheme() command:setSPPartnerProfileDefaultScheme("saml20-sp-partner-profile", "BasicScheme") Exit the WLST environment:exit() The user will now be challenged via HTTP Basic Authentication defined in the BasicScheme for AcmeSP. Also, as noted earlier, the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme. After authentication via HTTP Basic Authentication, OIF/IdP would issue an Assertion similar to: <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> Mapping BasicScheme To change the Federation Authentication Method mapping for the BasicScheme to urn:oasis:names:tc:SAML:2.0:ac:classes:Password instead of urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport for the saml20-sp-partner-profile SAML 2.0 SP Partner Profile (the profile to which my AcmeSP Partner is bound to), I will execute the addSPPartnerProfileAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerProfileAuthnMethod() command:addSPPartnerProfileAuthnMethod("saml20-sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:Password", "BasicScheme") Exit the WLST environment:exit() After authentication via HTTP Basic Authentication, OIF/IdP would now issue an Assertion similar to (see that the AuthnContextClassRef was changed from PasswordProtectedTransport to Password): <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:Password </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> OAMLDAPPluginAuthnScheme as Authentication Scheme For this test, I will switch the default Authentication Scheme for the SP Partner Profile to OAMLDAPPluginAuthnScheme instead of BasicScheme. I will use the OIF WLST setSPPartnerProfileDefaultScheme() command and specify which scheme to be used as the default for the SP Partner Profile referenced by AcmeSP (which is saml20-sp-partner-profile in this case: getFedPartnerProfile("AcmeSP", "sp") ): Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerProfileDefaultScheme() command:setSPPartnerProfileDefaultScheme("saml20-sp-partner-profile", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() The user will now be challenged via FORM defined in the OAMLDAPPluginAuthnScheme for AcmeSP. Contrarily to LDAPScheme and BasicScheme, the OAMLDAPPluginAuthnScheme is not mapped by default to any Federation Authentication Methods. As such, OIF/IdP will not be able to find a Federation Authentication Method and will set the method in the SAML Assertion to the OAM Authentication Scheme name. After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthnContextClassRef set to OAMLDAPPluginAuthnScheme): <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> OAMLDAPPluginAuthnScheme </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> Mapping OAMLDAPPluginAuthnScheme To add the OAMLDAPPluginAuthnScheme to the Federation Authentication Method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport mapping, I will execute the addSPPartnerProfileAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerProfileAuthnMethod() command:addSPPartnerProfileAuthnMethod("saml20-sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from OAMLDAPPluginAuthnScheme to PasswordProtectedTransport): <samlp:Response ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion ...> <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer> <dsig:Signature> ... </dsig:Signature> <saml:Subject> <saml:NameID ...>[email protected]</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData .../> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z"> <saml:AuthnContext> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> </saml:Assertion></samlp:Response> SAML 1.1 Test Setup In this setup, OIF is acting as an IdP and is integrated with a remote SAML 1.1 SP partner identified by AcmeSP. In this test, I will perform Federation SSO with OIF/IdP configured to: Use LDAPScheme as the Authentication Scheme Use OAMLDAPPluginAuthnScheme as the Authentication Scheme Map OAMLDAPPluginAuthnScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method Use LDAPScheme as the Authentication Scheme Map LDAPScheme to the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method LDAPScheme as Authentication Scheme Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme. Also the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:1.0:am:password to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme. After authentication via FORM, OIF/IdP would issue an Assertion similar to: <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> OAMLDAPPluginAuthnScheme as Authentication Scheme For this test, I will switch the default Authentication Scheme for the SP Partner to OAMLDAPPluginAuthnScheme instead of LDAPScheme. I will use the OIF WLST setSPPartnerDefaultScheme() command and specify which scheme to be used as the default for the SP Partner: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerDefaultScheme() command:setSPPartnerDefaultScheme("AcmeSP", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() The user will be challenged via FORM defined in the OAMLDAPPluginAuthnScheme for AcmeSP. Contrarily to LDAPScheme, the OAMLDAPPluginAuthnScheme is not mapped by default to any Federation Authentication Methods (in the SP Partner Profile). As such, OIF/IdP will not be able to find a Federation Authentication Method and will set the method in the SAML Assertion to the OAM Authentication Scheme name. After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthenticationMethod set to OAMLDAPPluginAuthnScheme): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="OAMLDAPPluginAuthnScheme"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> Mapping OAMLDAPPluginAuthnScheme To map the OAMLDAPPluginAuthnScheme to the Federation Authentication Method urn:oasis:names:tc:SAML:1.0:am:password for this SP Partner only, I will execute the addSPPartnerAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerAuthnMethod() command:addSPPartnerAuthnMethod("AcmeSP", "urn:oasis:names:tc:SAML:1.0:am:password", "OAMLDAPPluginAuthnScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from OAMLDAPPluginAuthnScheme to password): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> LDAPScheme as Authentication Scheme I will now show that by defining a Federation Authentication Mapping at the Partner level, this now ignores all mappings defined at the SP Partner Profile level. For this test, I will switch the default Authentication Scheme for this SP Partner back to LDAPScheme, and the Assertion issued by OIF/IdP will not be able to map this LDAPScheme to a Federation Authentication Method anymore, since A Federation Authentication Method mapping is defined at the SP Partner level and thus the mappings defined at the SP Partner Profile are ignored The LDAPScheme is not listed in the mapping at the Partner level I will use the OIF WLST setSPPartnerDefaultScheme() command and specify which scheme to be used as the default for this SP Partner: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the setSPPartnerDefaultScheme() command:setSPPartnerDefaultScheme("AcmeSP", "LDAPScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthenticationMethod set to LDAPScheme): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="LDAPScheme"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> Mapping LDAPScheme at Partner Level To fix this issue, we will need to add the LDAPScheme to the Federation Authentication Method urn:oasis:names:tc:SAML:1.0:am:password mapping for this SP Partner only. I will execute the addSPPartnerAuthnMethod() method: Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerAuthnMethod() command:addSPPartnerAuthnMethod("AcmeSP", "urn:oasis:names:tc:SAML:1.0:am:password", "LDAPScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from LDAPScheme to password): <samlp:Response ...> <samlp:Status> <samlp:StatusCode Value="samlp:Success"/> </samlp:Status> <saml:Assertion Issuer="https://idp.com/oam/fed" ...> <saml:Conditions ...> <saml:AudienceRestriction> <saml:Audience>https://acme.com/sp/ssov11</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <saml:Subject> <saml:NameIdentifier ...>[email protected]</saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod> urn:oasis:names:tc:SAML:1.0:cm:bearer </saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> </saml:AuthnStatement> <dsig:Signature> ... </dsig:Signature> </saml:Assertion></samlp:Response> OpenID 2.0 In the OpenID 2.0 flows, the RP must request use of PAPE, in order for OIF/IdP/OP to include PAPE information. For OpenID 2.0, the configuration will involve mapping a list of OpenID 2.0 policies to a list of Authentication Schemes. The WLST command will take a list of policies, delimited by the ',' character, instead of SAML 2.0 or SAML 1.1 where a single Federation Authentication Method had to be specified. Test Setup In this setup, OIF is acting as an IdP/OP and is integrated with a remote OpenID 2.0 SP/RP partner identified by AcmeRP. In this test, I will perform Federation SSO with OIF/IdP configured to: Use LDAPScheme as the Authentication Scheme Map LDAPScheme to the http://schemas.openid.net/pape/policies/2007/06/phishing-resistant and http://openid-policies/password-protected policies Federation Authentication Methods (the second one is a custom for this use case) LDAPScheme as Authentication Scheme Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme. No Federation Authentication Method is defined OOTB for OpenID 2.0, so if the IdP/OP issue an SSO response with a PAPE Response element, it will specify the scheme name instead of Federation Authentication Methods After authentication via FORM, OIF/IdP would issue an SSO Response similar to: https://acme.com/openid?refid=id-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fidp.com%2Fopenid&openid.claimed_id=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.identity=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.return_to=https%3A%2F%2Facme.com%2Fopenid%3Frefid%3Did-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.response_nonce=2014-03-24T19%3A20%3A06Zid-YPa2kTNNFftZkgBb460jxJGblk2g--iNwPpDI7M1&openid.assoc_handle=id-6a5S6zhAKaRwQNUnjTKROREdAGSjWodG1el4xyz3&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.mode=fetch_response&openid.ax.type.attr0=http%3A%2F%2Fsession%2Fcount&openid.ax.value.attr0=1&openid.ax.type.attr1=http%3A%2F%2Fopenid.net%2Fschema%2FnamePerson%2Ffriendly&openid.ax.value.attr1=My+name+is+Bobby+Smith&openid.ax.type.attr2=http%3A%2F%2Fschemas.openid.net%2Fax%2Fapi%2Fuser_id&openid.ax.value.attr2=bob&openid.ax.type.attr3=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.value.attr3=bob%40oracle.com&openid.ax.type.attr4=http%3A%2F%2Fsession%2Fipaddress&openid.ax.value.attr4=10.145.120.253&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_time=2014-03-24T19%3A20%3A05Z&openid.pape.auth_policies=LDAPScheme&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ax%2Cax.mode%2Cax.type.attr0%2Cax.value.attr0%2Cax.type.attr1%2Cax.value.attr1%2Cax.type.attr2%2Cax.value.attr2%2Cax.type.attr3%2Cax.value.attr3%2Cax.type.attr4%2Cax.value.attr4%2Cns.pape%2Cpape.auth_time%2Cpape.auth_policies&openid.sig=mYMgbGYSs22l8e%2FDom9NRPw15u8%3D Mapping LDAPScheme To map the LDAP Scheme to the http://schemas.openid.net/pape/policies/2007/06/phishing-resistant and http://openid-policies/password-protected policies Federation Authentication Methods, I will execute the addSPPartnerAuthnMethod() method (the policies will be comma separated): Enter the WLST environment by executing:$IAM_ORACLE_HOME/common/bin/wlst.sh Connect to the WLS Admin server:connect() Navigate to the Domain Runtime branch:domainRuntime() Execute the addSPPartnerAuthnMethod() command:addSPPartnerAuthnMethod("AcmeRP", "http://schemas.openid.net/pape/policies/2007/06/phishing-resistant,http://openid-policies/password-protected", "LDAPScheme") Exit the WLST environment:exit() After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from LDAPScheme to the two policies): https://acme.com/openid?refid=id-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fidp.com%2Fopenid&openid.claimed_id=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.identity=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.return_to=https%3A%2F%2Facme.com%2Fopenid%3Frefid%3Did-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.response_nonce=2014-03-24T19%3A20%3A06Zid-YPa2kTNNFftZkgBb460jxJGblk2g--iNwPpDI7M1&openid.assoc_handle=id-6a5S6zhAKaRwQNUnjTKROREdAGSjWodG1el4xyz3&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.mode=fetch_response&openid.ax.type.attr0=http%3A%2F%2Fsession%2Fcount&openid.ax.value.attr0=1&openid.ax.type.attr1=http%3A%2F%2Fopenid.net%2Fschema%2FnamePerson%2Ffriendly&openid.ax.value.attr1=My+name+is+Bobby+Smith&openid.ax.type.attr2=http%3A%2F%2Fschemas.openid.net%2Fax%2Fapi%2Fuser_id&openid.ax.value.attr2=bob&openid.ax.type.attr3=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.value.attr3=bob%40oracle.com&openid.ax.type.attr4=http%3A%2F%2Fsession%2Fipaddress&openid.ax.value.attr4=10.145.120.253&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_time=2014-03-24T19%3A20%3A05Z&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fphishing-resistant+http%3A%2F%2Fopenid-policies%2Fpassword-protected&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ax%2Cax.mode%2Cax.type.attr0%2Cax.value.attr0%2Cax.type.attr1%2Cax.value.attr1%2Cax.type.attr2%2Cax.value.attr2%2Cax.type.attr3%2Cax.value.attr3%2Cax.type.attr4%2Cax.value.attr4%2Cns.pape%2Cpape.auth_time%2Cpape.auth_policies&openid.sig=mYMgbGYSs22l8e%2FDom9NRPw15u8%3D In the next article, I will cover how OIF/IdP can be configured so that an SP can request a specific Federation Authentication Method to challenge the user during Federation SSO.Cheers,Damien Carru

Read the article

SPARC T5-4 LDoms for RAC and WebLogic Clusters

- by Jeff Taylor-Oracle

I wanted to use two Oracle SPARC T5-4 servers to simultaneously host both Oracle RAC and a WebLogic Server Cluster. I chose to use Oracle VM Server for SPARC to create a cluster like this: There are plenty of trade offs and decisions that need to be made, for example: Rather than configuring the system by hand, you might want to use an Oracle SuperCluster T5-8 My configuration is similar to jsavit's: Availability Best Practices - Example configuring a T5-8 but I chose to ignore some of the advice. Maybe I should have included an alternate service domain, but I decided that I already had enough redundancy Both Oracle SPARC T5-4 servers were to be configured like this: Cntl 0.25 4 64GB App LDom 2.75 CPU's 44 cores 704 GB DB LDom One CPU 16 cores 256 GB The systems started with everything in the primary domain: # ldm list NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME primary active -n-c-- UART 512 1023G 0.0% 0.0% 11m # ldm list-spconfig factory-default [current] primary # ldm list -o core,memory,physio NAME primary CORE CID CPUSET 0 (0, 1, 2, 3, 4, 5, 6, 7) 1 (8, 9, 10, 11, 12, 13, 14, 15) 2 (16, 17, 18, 19, 20, 21, 22, 23) -- SNIP 62 (496, 497, 498, 499, 500, 501, 502, 503) 63 (504, 505, 506, 507, 508, 509, 510, 511) MEMORY RA PA SIZE 0x30000000 0x30000000 255G 0x80000000000 0x80000000000 256G 0x100000000000 0x100000000000 256G 0x180000000000 0x180000000000 256G # Give this memory block to the DB LDom IO DEVICE PSEUDONYM OPTIONS pci@300 pci_0 pci@340 pci_1 pci@380 pci_2 pci@3c0 pci_3 pci@400 pci_4 pci@440 pci_5 pci@480 pci_6 pci@4c0 pci_7 pci@300/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE1 pci@300/pci@1/pci@0/pci@c /SYS/RCSA/PCIE2 pci@300/pci@1/pci@0/pci@4/pci@0/pci@c /SYS/MB/SASHBA0 pci@300/pci@1/pci@0/pci@4/pci@0/pci@8 /SYS/RIO/NET0 pci@340/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE3 pci@340/pci@1/pci@0/pci@c /SYS/RCSA/PCIE4 pci@380/pci@1/pci@0/pci@a /SYS/RCSA/PCIE9 pci@380/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE10 pci@3c0/pci@1/pci@0/pci@e /SYS/RCSA/PCIE11 pci@3c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE12 pci@400/pci@1/pci@0/pci@e /SYS/RCSA/PCIE5 pci@400/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE6 pci@440/pci@1/pci@0/pci@e /SYS/RCSA/PCIE7 pci@440/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE8 pci@480/pci@1/pci@0/pci@a /SYS/RCSA/PCIE13 pci@480/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE14 pci@4c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE15 pci@4c0/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE16 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c /SYS/MB/SASHBA1 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4 /SYS/RIO/NET2 Added an additional service processor configuration: # ldm add-spconfig split # ldm list-spconfig factory-default primary split [current] And removed many of the resources from the primary domain: # ldm start-reconf primary # ldm set-core 4 primary # ldm set-memory 32G primary # ldm rm-io pci@340 primary # ldm rm-io pci@380 primary # ldm rm-io pci@3c0 primary # ldm rm-io pci@400 primary # ldm rm-io pci@440 primary # ldm rm-io pci@480 primary # ldm rm-io pci@4c0 primary # init 6 Needed to add resources to the guest domains: # ldm add-domain db # ldm set-core cid=`seq -s"," 48 63` db # ldm add-memory mblock=0x180000000000:256G db # ldm add-io pci@480 db # ldm add-io pci@4c0 db # ldm add-domain app # ldm set-core 44 app # ldm set-memory 704G app # ldm add-io pci@340 app # ldm add-io pci@380 app # ldm add-io pci@3c0 app # ldm add-io pci@400 app # ldm add-io pci@440 app Needed to set up services: # ldm add-vds primary-vds0 primary # ldm add-vcc port-range=5000-5100 primary-vcc0 primary Needed to add a virtual network port for the WebLogic application domain: # ipadm NAME CLASS/TYPE STATE UNDER ADDR lo0 loopback ok -- -- lo0/v4 static ok -- ... lo0/v6 static ok -- ... net0 ip ok -- ... net0/v4 static ok -- xxx.xxx.xxx.xxx/24 net0/v6 addrconf ok -- .... net0/v6 addrconf ok -- ... net8 ip ok -- -- net8/v4 static ok -- ... # dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net1 Ethernet unknown 0 unknown ixgbe1 net0 Ethernet up 1000 full ixgbe0 net8 Ethernet up 10 full usbecm2 # ldm add-vsw net-dev=net0 primary-vsw0 primary # ldm add-vnet vnet1 primary-vsw0 app Needed to add a virtual disk to the WebLogic application domain: # format Searching for disks...done AVAILABLE DISK SELECTIONS: 0. c0t5000CCA02505F874d0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca02505f874 /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD0/disk 1. c0t5000CCA02506C468d0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca02506c468 /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD1/disk 2. c0t5000CCA025067E5Cd0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca025067e5c /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD2/disk 3. c0t5000CCA02506C258d0 <HITACHI-H106060SDSUN600G-A2B0-558.91GB> /scsi_vhci/disk@g5000cca02506c258 /dev/chassis/SPARC_T5-4.AK00084038/SYS/SASBP0/HDD3/disk Specify disk (enter its number): ^C # ldm add-vdsdev /dev/dsk/c0t5000CCA02506C468d0s2 HDD1@primary-vds0 # ldm add-vdisk HDD1 HDD1@primary-vds0 app Add some additional spice to the pot: # ldm set-variable auto-boot\\?=false db # ldm set-variable auto-boot\\?=false app # ldm set-var boot-device=HDD1 app Bind the logical domains: # ldm bind db # ldm bind app At the end of the process, the system is set up like this: # ldm list -o core,memory,physio NAME primary CORE CID CPUSET 0 (0, 1, 2, 3, 4, 5, 6, 7) 1 (8, 9, 10, 11, 12, 13, 14, 15) 2 (16, 17, 18, 19, 20, 21, 22, 23) 3 (24, 25, 26, 27, 28, 29, 30, 31) MEMORY RA PA SIZE 0x30000000 0x30000000 32G IO DEVICE PSEUDONYM OPTIONS pci@300 pci_0 pci@300/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE1 pci@300/pci@1/pci@0/pci@c /SYS/RCSA/PCIE2 pci@300/pci@1/pci@0/pci@4/pci@0/pci@c /SYS/MB/SASHBA0 pci@300/pci@1/pci@0/pci@4/pci@0/pci@8 /SYS/RIO/NET0 ------------------------------------------------------------------------------ NAME app CORE CID CPUSET 4 (32, 33, 34, 35, 36, 37, 38, 39) 5 (40, 41, 42, 43, 44, 45, 46, 47) 6 (48, 49, 50, 51, 52, 53, 54, 55) 7 (56, 57, 58, 59, 60, 61, 62, 63) 8 (64, 65, 66, 67, 68, 69, 70, 71) 9 (72, 73, 74, 75, 76, 77, 78, 79) 10 (80, 81, 82, 83, 84, 85, 86, 87) 11 (88, 89, 90, 91, 92, 93, 94, 95) 12 (96, 97, 98, 99, 100, 101, 102, 103) 13 (104, 105, 106, 107, 108, 109, 110, 111) 14 (112, 113, 114, 115, 116, 117, 118, 119) 15 (120, 121, 122, 123, 124, 125, 126, 127) 16 (128, 129, 130, 131, 132, 133, 134, 135) 17 (136, 137, 138, 139, 140, 141, 142, 143) 18 (144, 145, 146, 147, 148, 149, 150, 151) 19 (152, 153, 154, 155, 156, 157, 158, 159) 20 (160, 161, 162, 163, 164, 165, 166, 167) 21 (168, 169, 170, 171, 172, 173, 174, 175) 22 (176, 177, 178, 179, 180, 181, 182, 183) 23 (184, 185, 186, 187, 188, 189, 190, 191) 24 (192, 193, 194, 195, 196, 197, 198, 199) 25 (200, 201, 202, 203, 204, 205, 206, 207) 26 (208, 209, 210, 211, 212, 213, 214, 215) 27 (216, 217, 218, 219, 220, 221, 222, 223) 28 (224, 225, 226, 227, 228, 229, 230, 231) 29 (232, 233, 234, 235, 236, 237, 238, 239) 30 (240, 241, 242, 243, 244, 245, 246, 247) 31 (248, 249, 250, 251, 252, 253, 254, 255) 32 (256, 257, 258, 259, 260, 261, 262, 263) 33 (264, 265, 266, 267, 268, 269, 270, 271) 34 (272, 273, 274, 275, 276, 277, 278, 279) 35 (280, 281, 282, 283, 284, 285, 286, 287) 36 (288, 289, 290, 291, 292, 293, 294, 295) 37 (296, 297, 298, 299, 300, 301, 302, 303) 38 (304, 305, 306, 307, 308, 309, 310, 311) 39 (312, 313, 314, 315, 316, 317, 318, 319) 40 (320, 321, 322, 323, 324, 325, 326, 327) 41 (328, 329, 330, 331, 332, 333, 334, 335) 42 (336, 337, 338, 339, 340, 341, 342, 343) 43 (344, 345, 346, 347, 348, 349, 350, 351) 44 (352, 353, 354, 355, 356, 357, 358, 359) 45 (360, 361, 362, 363, 364, 365, 366, 367) 46 (368, 369, 370, 371, 372, 373, 374, 375) 47 (376, 377, 378, 379, 380, 381, 382, 383) MEMORY RA PA SIZE 0x30000000 0x830000000 192G 0x4000000000 0x80000000000 256G 0x8080000000 0x100000000000 256G IO DEVICE PSEUDONYM OPTIONS pci@340 pci_1 pci@380 pci_2 pci@3c0 pci_3 pci@400 pci_4 pci@440 pci_5 pci@340/pci@1/pci@0/pci@6 /SYS/RCSA/PCIE3 pci@340/pci@1/pci@0/pci@c /SYS/RCSA/PCIE4 pci@380/pci@1/pci@0/pci@a /SYS/RCSA/PCIE9 pci@380/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE10 pci@3c0/pci@1/pci@0/pci@e /SYS/RCSA/PCIE11 pci@3c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE12 pci@400/pci@1/pci@0/pci@e /SYS/RCSA/PCIE5 pci@400/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE6 pci@440/pci@1/pci@0/pci@e /SYS/RCSA/PCIE7 pci@440/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE8 ------------------------------------------------------------------------------ NAME db CORE CID CPUSET 48 (384, 385, 386, 387, 388, 389, 390, 391) 49 (392, 393, 394, 395, 396, 397, 398, 399) 50 (400, 401, 402, 403, 404, 405, 406, 407) 51 (408, 409, 410, 411, 412, 413, 414, 415) 52 (416, 417, 418, 419, 420, 421, 422, 423) 53 (424, 425, 426, 427, 428, 429, 430, 431) 54 (432, 433, 434, 435, 436, 437, 438, 439) 55 (440, 441, 442, 443, 444, 445, 446, 447) 56 (448, 449, 450, 451, 452, 453, 454, 455) 57 (456, 457, 458, 459, 460, 461, 462, 463) 58 (464, 465, 466, 467, 468, 469, 470, 471) 59 (472, 473, 474, 475, 476, 477, 478, 479) 60 (480, 481, 482, 483, 484, 485, 486, 487) 61 (488, 489, 490, 491, 492, 493, 494, 495) 62 (496, 497, 498, 499, 500, 501, 502, 503) 63 (504, 505, 506, 507, 508, 509, 510, 511) MEMORY RA PA SIZE 0x80000000 0x180000000000 256G IO DEVICE PSEUDONYM OPTIONS pci@480 pci_6 pci@4c0 pci_7 pci@480/pci@1/pci@0/pci@a /SYS/RCSA/PCIE13 pci@480/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE14 pci@4c0/pci@1/pci@0/pci@8 /SYS/RCSA/PCIE15 pci@4c0/pci@1/pci@0/pci@4 /SYS/RCSA/PCIE16 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c /SYS/MB/SASHBA1 pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4 /SYS/RIO/NET2 Start the domains: # ldm start app LDom app started # ldm start db LDom db started Make sure to start the vntsd service that was created, above. # svcs -a | grep ldo disabled 8:38:38 svc:/ldoms/vntsd:default online 8:38:58 svc:/ldoms/agents:default online 8:39:25 svc:/ldoms/ldmd:default # svcadm enable vntsd Now use the MAC address to configure the Solaris 11 Automated Installation. Database Logical Domain # telnet localhost 5000 {0} ok devalias screen /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@7/display@0 disk7 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p3 disk6 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p2 disk5 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p1 disk4 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0/disk@p0 scsi1 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@c/scsi@0 net3 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4/network@0,1 net2 /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4/network@0 virtual-console /virtual-devices/console@1 name aliases {0} ok boot net2 Boot device: /pci@4c0/pci@1/pci@0/pci@c/pci@0/pci@4/network@0 File and args: 1000 Mbps full duplex Link up Requesting Internet Address for xx:xx:xx:xx:xx:xx Requesting Internet Address for xx:xx:xx:xx:xx:xx WLS Logical Domain # telnet localhost 5001 {0} ok devalias hdd1 /virtual-devices@100/channel-devices@200/disk@0 vnet1 /virtual-devices@100/channel-devices@200/network@0 net /virtual-devices@100/channel-devices@200/network@0 disk /virtual-devices@100/channel-devices@200/disk@0 virtual-console /virtual-devices/console@1 name aliases {0} ok boot net Boot device: /virtual-devices@100/channel-devices@200/network@0 File and args: Requesting Internet Address for xx:xx:xx:xx:xx:xx Requesting Internet Address for xx:xx:xx:xx:xx:xx Repeat the process for the second SPARC T5-4, install Solaris, RAC and WebLogic Cluster, and you are ready to go. Maybe buying a SuperCluster would have been easier.

Read the article

iptables issue on plesk

- by Fred Rufin

i don't know how to open a specific port (rtmp=1935) on my CentOS server using Plesk or itables. I created new rules for port 1935 i/o using Plesk/Modules/Firewall but this doesn't work. Nmap scanning tells me this : 1935/tcp filtered rtmp . So i decided to have look at my iptable using SSH (iptables -L), and iptables seems to contain my rules (tcp spt:macromedia-fcs): Chain INPUT (policy DROP) target prot opt source destination VZ_INPUT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination VZ_FORWARD all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination VZ_OUTPUT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere Chain VZ_FORWARD (1 references) target prot opt source destination Chain VZ_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpts:filenet-tms:65535 ACCEPT udp -- anywhere anywhere udp dpts:filenet-tms:65535 ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp-alt ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https ACCEPT tcp -- localhost.localdomain localhost.localdomain ACCEPT tcp -- anywhere anywhere tcp dpt:macromedia-fcs ACCEPT udp -- localhost.localdomain localhost.localdomain Chain VZ_OUTPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:http ACCEPT tcp -- anywhere anywhere tcp spt:ssh ACCEPT tcp -- anywhere anywhere tcp spt:smtp ACCEPT tcp -- anywhere anywhere tcp spt:pop3 ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT tcp -- anywhere anywhere ACCEPT udp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:cddbp-alt ACCEPT tcp -- anywhere anywhere tcp spt:pcsync-https ACCEPT tcp -- localhost.localdomain localhost.localdomain ACCEPT tcp -- anywhere anywhere tcp spt:macromedia-fcs ACCEPT udp -- localhost.localdomain localhost.localdomain My rules seems to be OK but there is no connection to 1935 port using a browser. I can connect to this port with SSH (typing "wget myServerIP:1935") but maybe this is because it is an SSH tunelling ? I don't know how to do.

Read the article

Can't successfully run Sharepoint Foundation 2010 first time configuration

- by Robert Koritnik

I'm trying to run the non-GUI version of configuration wizard using power shell because I would like to set config and admin database names. GUI wizard doesn't give you all possible options for configuration. I run this command: New-SPConfigurationDatabase -DatabaseName "Sharepoint2010Config" -DatabaseServer "developer.pleiado.pri" -AdministrationContentDatabaseName "Sharepoint2010Admin" -DatabaseCredentials (Get-Credential) -Passphrase (ConvertTo-SecureString "%h4r3p0int" -AsPlainText -Force) Of course all these are in the same line. I've broken them down into separate lines to make it easier to read. When I run this command I get this error: New-SPConfigurationDatabase : Cannot connect to database master at SQL server a t developer.pleiado.pri. The database might not exist, or the current user does not have permission to connect to it. At line:1 char:28 + New-SPConfigurationDatabase <<<< -DatabaseName "Sharepoint2010Config" -Datab aseServer "developer.pleiado.pri" -AdministrationContentDatabaseName "Sharepoint 2010Admin" -DatabaseCredentials (Get-Credential) -Passphrase (ConvertTo-SecureS tring "%h4r3p0int" -AsPlainText -Force) + CategoryInfo : InvalidData: (Microsoft.Share...urationDatabase: SPCmdletNewSPConfigurationDatabase) [New-SPConfigurationDatabase], SPExcep tion + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPCon figurationDatabase I created two domain accounts: SPF_DATABASE - database account SPF_ADMIN - farm account I'm running powershell console as domain administrator. I've tried to run SQL Management studio as domain admin and created a dummy database and it worked wothout a problem. I'm running: Windows 7 x64 on the machine where Sharepoint Foundation 2010 should be installed and also has preinstalled SQL Server 2008 R2 Windows Server 2008 R2 Server Core is my domain controller I've installed Sharepoint according to MS guides http://msdn.microsoft.com/en-us/library/ee554869%28office.14%29.aspx installing all additional patches that are related to my configuration. Any ideas what should I do to make it work?

Read the article

map subdomain to another subdomain via cname

- by Stephen

Question: I need to get DNS configured to point a subdomain from one domain (which I will generally not be controlling) to another subdomain on a different domain name. Testing this process using a simple CNAME entry keeps pointing to the primary domain and not the subdomain where it should be going. This is the scenario; (newdomain.com is in my control) cdn.xyz.com should display content from this subdomain subdomain.newdomain.com It is instead displaying content from newdomain.com (not the subdomain sub domain) cdn.xyz.com/page.htm displays content from newdomain.com/page.htm although what I need is it to display content from subdomain.newdomain.com/page.htm Other Background: setup is between two different servers with different IP ranges although DNS cluster is on between all servers the newdomain.com is set up with its own unique IP (which is on the A records for the subdomains, the subdomains work as expected/normal) the DNS entry is correct (cdn CNAME subdomain.newdomain.com.) ie the end period is included a DNS lookup on the CNAME externally reports back as subdomain.newdomain.com. as the record Does anyone know what DNS entries I am missing to get this working correctly ? Note: I do not want to just put a redirect between domains as I need the content of subdomain.newdomain.com/content.html to be visible via the URL of cdn.xyz.com/content.html also I can just use some redirects on newdomain.com to achieve what I am after but would prefer to just get the DNS correct. EDIT Current DNS cdn CNAME subdomain.newdomain.com. || CNAME entry for domain1 subdomain A XXX.XXX.XXX.XXX || A record entry for working subdomain pointing to unique IP What should happen is that cdn.domain1.com - subdomain.newdomain.com What is happening is cdn.domain1.com - newdomain.com (ie. the root not the subdomain) EDIT 2 Actually if its easier I am trying to emulate a simple cloud setup like Rackspace Containers (which I assume is similar to Buckets on AWS). although it is not for cloud storage Where a container has a url reference of hd62321678d323.rackspace.com (in truth they are much longer) so I can use a CNAME record of: cdn CNAME hd62321678d323.rackspace.com. so that http://cdn.mydomain.com/myfile.jpg displays content from http://hd62321678d323.rackspace.com/myfile.jpg

Read the article

NetApp FAS 2040 LDAP Win2k8R2

- by it_stuck

I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.minimum_bind_level anonymous ldap.name domain-admin-account ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount posixAccount ldap.nssmap.objectClass.posixGroup posixGroup ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.ssl.enable off ldap.timeout 20 ldap.usermap.attribute.unixaccount unixaccount ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base ldap.usermap.enable on output of nsswitch.conf: hosts: files dns passwd: ldap files netgroup: ldap files group: ldap files shadow: files nis Error Message(s): [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for dc1.colour.domain.LOCAL. [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (site). [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query. Could not get passwd entry for name = <random user> the filer can ping the FQDN of dc1 the filer can ping the IP of dc1 the filer cannot ping "dc1" I'm not sure where I'm going wrong, so any pointers would be great.

Read the article

Installing ikiwiki on nginx - fastcgi/fcgi wrapper

- by meder

My ultimate goal is to setup ikiwiki, my current goal is to get a fcgi wrapper working for nginx, so I can move on to the next step... The ikiwiki page points out this page as an example for a fcgi wrapper: http://technotes.1000lines.net/?p=23 So far I've installed the ikiwiki and libfcgi-perl modules through aptitude: aptitude install libfcgi-perl aptitude install ikiwiki It installed those packages as well as some minimal dependency packages. So the next step following the guide at technotes, I grabbed http://technotes.1000lines.net/fastcgi-wrapper.pl but I'm not sure where to actually place this file... do I run it as a service? The script makes a socket file in /var/run/nginx but that directory does not exist.. do I manually create it? So in addition to the .pl file for the cgi wrapper, I need to also define a separate cgi file for parameters. If my conf looks like this... server { listen 80; server_name notes.domain.org; access_log /www/notes/public_html/notes.domain.org/log/access.log; error_log /www/notes/public_html/notes.domain.org/log/error.log; location / { root /www/notes/public_html/notes.domain.org/public/; index index.html; } } And I don't have a cgi-bin directory, where exactly should I create it within my structure, and regarding that I'd obviously have to update the below before I include it in my conf, but I'm just not exactly sure how this would work out. # /cgi-bin configuration location ~ ^/cgi-bin/.*\.cgi$ { gzip off; fastcgi_pass unix:/var/run/nginx/perl_cgi-dispatch.sock; [1]* fastcgi_param SCRIPT_FILENAME /www/blah.com$fastcgi_script_name; [2]* include fastcgi_params; [3]* } Also since the user is www-data and /var/run is root owned, what's the proper way of giving it access? Any tips appreciated.

Read the article

LDAP authentication issue with Kerio Connect

- by djk

We have Kerio Connect (mail server) running on a Windows Server 2003 server on a domain. In the webmail client, users are able to change their domain password. This functionality used to work fine until a user tried to change their password a few days ago, when every password they'd try would result in the webmail client claiming their password was "invalid". I spoke to Kerio about this and they claim that this error is returned by the domain controller, which supports my initial investigations. The error that the DC is logging when an attempt is made to change the password is this: "80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece" The "data 52e" part indicates that this is an "invalid credentials" error. I don't see how this can be as I've tried (in the Kerio Connect configuration) various accounts that have privileges to modify accounts, including my own as I am a domain admin. I have ran 'dcdiag' (all tests) on the DC and it came back passing every single one of them. I've searched high and low for an answer to this and came up empty. Does anyone have any idea why this may have suddenly started happening? Thanks! Edit: I should mention that the passwords we are changing to do comply with the complexity policy.

Read the article

Disable local delivery in Sendmail

- by Luke P M

I am using Sendmail on a Centos server to send email for PHP scripts, but the problem is that mail is delivered to a local mailbox on the machine rather than what is specified in the MX records for the domain - which actually point to another machine I use for email. I would like sendmail to not try and locally deliver mail for the domain the machine is setup for, is there a simple way to disable local delivery? The domain is not in the local-host-names file. I've already done lots of googling and I have looked at: http://serverfault.com/questions/26934/sendmail-configuration-to-not-deliver-mail-to-local-machine http://serverfault.com/questions/65365/disable-local-delivery-in-sendmail But either there is no answer or it is not suitable. I don't want to relay to another server, i just want it to send mail regardless of domain. To provide an example: I have two servers, one is the mail server at mail.example.com and a web server which is example.com, when I use the smtp service on the web server it currently routes mail to a local mailbox on example.com, but it should be going to mailboxes on mail.example.com Output of sendmail -bt returns: ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter 3,0 [email protected] canonify input: info @ example . com Canonify2 input: info Canonify2 returns: info canonify returns: info parse input: info Parse0 input: info Parse0 returns: info ParseLocal input: info ParseLocal returns: info Parse1 input: info Parse1 returns: $# local $: info parse returns: $# local $: info

Read the article

NetApp FAS 2040 LDAP Win2k8R2

- by it_stuck

I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.minimum_bind_level anonymous ldap.name domain-admin-account ldap.nssmap.attribute.gecos gecos ldap.nssmap.attribute.gidNumber gidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory homeDirectory ldap.nssmap.attribute.loginShell loginShell ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup ldap.nssmap.attribute.memberUid memberUid ldap.nssmap.attribute.netgroupname cn ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple ldap.nssmap.attribute.uid uid ldap.nssmap.attribute.uidNumber uidNumber ldap.nssmap.attribute.userPassword userPassword ldap.nssmap.objectClass.nisNetgroup nisNetgroup ldap.nssmap.objectClass.posixAccount posixAccount ldap.nssmap.objectClass.posixGroup posixGroup ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ldap.ssl.enable off ldap.timeout 20 ldap.usermap.attribute.unixaccount unixaccount ldap.usermap.attribute.windowsaccount sAMAccountName ldap.usermap.base ldap.usermap.enable on output of nsswitch.conf: hosts: files dns passwd: ldap files netgroup: ldap files group: ldap files shadow: files nis Error Message(s): [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for dc1.colour.domain.LOCAL. [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using DNS site query (site). [filer: auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found no AD LDAP server addresses using generic DNS query. Could not get passwd entry for name = <random user> the filer can ping the FQDN of dc1 the filer can ping the IP of dc1 the filer cannot ping "dc1" I'm not sure where I'm going wrong, so any pointers would be great.

Read the article

.htaccess Permission denied. Unable to check htaccess file

- by Josh

I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check htaccess file, ensure it is readable I've searched Google and could only find solutions regarding file and folder permissions, that I have checked and the solution isn't solved. I also saw problems with Frontpage Extensions, but that's not installed on the server. Edit Forgot to say that there isn't a .htaccess file in the directory of the sub-domain Edit #2 Still not been able to find a solution on this. Only things I have been able to find out is: It doesn't seem to be a problem with any .htaccess files (I've tried creating blank ones, with correct user privileges). It doesn't seem to be a problem with any folder permissions as they are all set correct. There isn't a problem with the way the sub-domain has been set up, as I've tried pointing the DocumentRoot to another folder and it worked fine. I've also done sub-domains fine before with no problem. Edit #3 Find out more information. I don't think it can be a file permission problem now, because if I access it by going to the server ip and then the directory where the site is hosted it all works fine (minus the stylesheets & images, which is just down to how they are linked)

Read the article

Ubuntu 12.04 LDAP SSL self-signed cert not accepted

- by MaddHacker

I'm working with Ubuntu 12.04, using OpenLDAP server. I've followed the instructions on the Ubuntu help pages and can happily connect without security. To test my connection, I'm using ldapsearch the command looks like: ldapsearch -xv -H ldap://ldap.[my host].local -b dc=[my domain],dc=local -d8 -ZZ I've also used: ldapsearch -xv -H ldaps://ldap.[my host].local -b dc=[my domain],dc=local -d8 As far as I can tell, I've setup my certificate correctly, but no matter why I try, I can't seem to get ldapsearch to accept my self-signed certificate. So far, I've tried: Updating my /etc/ldap/ldap.conf file to look like: BASE dc=[my domain],dc=local URI ldaps://ldap.[my host].local TLS_CACERT /etc/ssl/certs/cacert.crt TLS_REQCERT allow Updating my /etc/ldap.conf file to look like: base dc=[my domain],dc=local uri ldapi:///ldap.[my host].local uri ldaps:///ldap.[my host].local ldap_version 3 ssl start_tls ssl on tls_checkpeer no TLS_REQCERT allow Updating my /etc/default/slapd to include: SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///" Several hours of Googling, most of which resulted in adding the TLS_REQCERT allow The exact error I'm seeing is: ldap_initialize( ldap://ldap.[my host].local ) request done: ld 0x20038710 msgid 1 TLS certificate verification: Error, self signed certificate in certificate chain TLS: can't connect. ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed After several hours of this, I was hoping someone else has seen this issue, and/or knows how to fix it. Please do let me know if I should add more information, or if you need further data.

Read the article

vhost.conf file in PLESK not working as intended

- by Saif Bechan

I have configured a vhost file for my domain but it does not seem to work. These are the steps I took, please correct me if I am wrong. First I made a file called vhost.conf in: /var/www/vhosts/*domain*/conf/vhost.conf The content of the vhost file looks like this: <Directory /var/www/vhosts/*domain*/httpdocs> php_admin_flag engine on php_admin_flag display_errors on </Directory> Now in my /etc/php.ini i set display_errors=Off After everything i rebuild with: /usr/local/psa/admin/sbin/websrvmng -a But I don't see the any errors in my page. When i turn on the display_errors in /etc/php.ini only then can I see the errors. I know for a fact that the vhost file is read, because when i type nonsense values i get an error when restarting apache saying there are errors in the vhost file. Anyone know what the problem can be. Should there be special settings in either the php.ini file or the httpd.conf file. The httpd.conf i edit is in /etc/httpd/conf/httpd.conf. Is this the file that PLESK uses or is there another, because the values i see there do not really reflect the http folders of my domain. The httpd file looks like this now. # The document root DocumentRoot "/var/www/html" # i guess this is the base directory <Directory /> Order Deny,Allow Deny from all Options None AllowOverride None </Directory> # And i guess here are all my domains located, but there aren't any here <Directory "/var/www/html"> Options None AllowOverride None Order allow,deny Allow from all </Directory> Only this directory /var/www/html is not used by me, I use the directory /var/www/vhosts. The only folder found in /var/www/html is a folder called awstats. Does plesk use other files, and where are they located. I hope this all makes sense to anyone, and i hope i can find a solution

Read the article

SPF hardfail and DKIM failure when recipient has e-mail forwarding

- by Beaming Mel-Bin

I configured hardfail SPF for my domain and DKIM message signing on my SMTP server. Since this is the only SMTP server that should be used for outgoing mail from my domain, I didn't foresee any complications. However, consider the following situation: I sent an e-mail message via my SMTP server to my colleague's university e-mail. The problem is that my colleague forwards his university e-mail to his GMail account. These are the headers of the message after it reaches his GMail mailbox: Received-SPF: fail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) client-ip=192.168.128.100; Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of [email protected] does not designate 192.168.128.100 as permitted sender) [email protected]; dkim=hardfail (test mode) [email protected] (Headers have been sanitized to protect the domains and IP addresses of the non-Google parties) GMail checks the last SMTP server in the delivery chain against my SPF and DKIM records (rightfully so). Since the last STMP server in the delivery chain was the university's server and not my server, the check results in an SPF hardfail and DKIM failure. Fortunately, GMail did not mark the message as spam but I'm concerned that this might cause a problem in the future. Is my implementation of SPF hardfail perhaps too strict? Any other recommendations or potential issues that I should be aware of? Or maybe there is a more ideal configuration for the university's e-mail forwarding procedure? I know that the forwarding server could possibly change the envelope sender but I see that getting messy.

Read the article

Destination host unreachable - Windows Server 2008

- by Doug

Hi There, I'm working with a windows 2008 domain controller, which I'm having issues connecting to internet resources. A small bit of background, this is a 2008 domain controller that has been added into an existing Win 2k domain, with a goal of replacing the older computers. Both of the older controllers can still access internet resources, and so can all the clients. When I ping Google.ca from the new server, it does resolve to an ip address, but then says "Reply from 192.168.123.20: Destination host unreachable." I'm really at a lost now, I've checked and rechecked my ip configuration, the default gateway is my router, the primary DNS server is the my DC, and the secondary DNS is also my router. The DNS server on the domain has a forwarder added for the router as well. Everything on my local network works just fine, all my internal resources can be resolved. For the time being, I've stopped the Firewall service. I'm not 100% used to Server 2008 yet, but it might be a case of just missing something simple. Thanks for your time.

Read the article

Destination host unreachable - Windows Server 2008

- by Doug

Hi There, I'm working with a windows 2008 domain controller, which I'm having issues connecting to internet resources. A small bit of background, this is a 2008 domain controller that has been added into an existing Win 2k domain, with a goal of replacing the older computers. Both of the older controllers can still access internet resources, and so can all the clients. When I ping Google.ca from the new server, it does resolve to an ip address, but then says "Reply from 192.168.123.20: Destination host unreachable." I'm really at a lost now, I've checked and rechecked my ip configuration, the default gateway is my router, the primary DNS server is the my DC, and the secondary DNS is also my router. The DNS server on the domain has a forwarder added for the router as well. Everything on my local network works just fine, all my internal resources can be resolved. For the time being, I've stopped the Firewall service. I'm not 100% used to Server 2008 yet, but it might be a case of just missing something simple. Thanks for your time.

Read the article

NFS: Server says "authenticated mount request", but client sees "access denied"

- by zigdon

I have two machine, an NFS server (RHEL) and a client (Debian). The server has NFS set up, exporting a particular directory: server:~$ sudo /usr/sbin/rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 910 status 100024 1 tcp 913 status 100021 1 udp 53391 nlockmgr 100021 3 udp 53391 nlockmgr 100021 4 udp 53391 nlockmgr 100021 1 tcp 32774 nlockmgr 100021 3 tcp 32774 nlockmgr 100021 4 tcp 32774 nlockmgr 100007 2 udp 830 ypbind 100007 1 udp 830 ypbind 100007 2 tcp 833 ypbind 100007 1 tcp 833 ypbind 100011 1 udp 999 rquotad 100011 2 udp 999 rquotad 100011 1 tcp 1002 rquotad 100011 2 tcp 1002 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 1013 mountd 100005 1 tcp 1016 mountd 100005 2 udp 1013 mountd 100005 2 tcp 1016 mountd 100005 3 udp 1013 mountd 100005 3 tcp 1016 mountd server$ cat /etc/exports /dir *.my.domain.com(ro) client$ grep dir /etc/fstab server.my.domain.com:/dir /dir nfs tcp,soft,bg,noauto,ro 0 0 All seems well, but when I try to mount, I see the following: client$ sudo mount /dir mount.nfs: access denied by server while mounting server.my.domain.com:/dir And on the server I see: server$ tail /var/log/messages Mar 15 13:46:23 server mountd[413]: authenticated mount request from client.my.domain.com:723 for /dir (/dir) What am I missing here? How should I be debugging this?

Read the article

Remote Desktop to Server 2008R2 fails from one particular Win7 client

- by Jesse McGrew

I have a VPS running Windows Web Server 2008 R2. I'm able to connect using Remote Desktop from my home PC (Windows 7), personal laptop (Windows 7), and work laptop (Windows XP). However, I cannot connect from my work PC (Windows 7). I receive the error "The logon attempt failed" in the RDP client, and the server event log shows "An account failed to log on" with this explanation: Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: username Account Domain: hostname Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: JESSE-PC Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 I can connect from the offending work PC if I start up Windows XP Mode and use the RDP client inside that. The server is part of a domain but my account is local, so I'm logging in using a username of the form hostname\username. None of the clients are part of a domain. The server uses a self-signed certificate, and connecting from home I get a warning about that, but connecting from work I just get the logon error.

Read the article

Windows Authentication behaves oddly when VPN'd

- by Dan F

Hi all We've got a few apps that rely on windows authentication - a couple of web apps with AD auth turned on and we usually connect to our SQL servers with windows auth. This normally runs without a hitch. It doesn't work so well if we're VPN'd to a client site though. SSMS Opening SSMS normally from the start menu, then picking a server that normally accepts windows auth, results in a message saying: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. (.Net SqlClient Data Provider) If I drop to a command prompt and use runas /user:domain\user to launch SSMS I can successfully windows auth to our SQL server instances with that ssms process. If I look in task manager, both copies of ssms.exe (start menu vs runas) have the same user, and I can see no discernible differences between the processes in procexp. AD Auth websites If I open IE and browse to any of our websites that require an authenticated windows user, I get the "who are you" prompt, and that dialog thinks I'm whoever the VPN user is. I can click "Use another account" and authenticate that way though. Outlook Even Outlook prompts for a username when we are VPN'd! It's affecting our Win7 and Vista machines. It's been a while since we had an XP box, but I don't recall having this issue on XP for what it's worth. The VPN connections are just using the built in windows VPN connections, they're not fancy cisco VPNs or anything of that nature. Does anyone know how to tell windows that I'd like to be my normal old primary domain user rather than the VPN user when authenticating to resources in our domain? Heck, I'd be happy with a solution that prompted me with the "who are you" if I was trying to access windows auth requiring resources on the client's VPN. Thanks! Apologies if this is more a superuser question, I wasn't sure which site it best suited. It's about networking and infrastructure and plagues all of our developers here, so I hope it's a serverfault Q.

Read the article

How to inspect remote SMTP server's TLS certificate?

- by Miles Erickson

We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently. Now, when Exchange tries to deliver mail to the client's server, it logs the following: A secure connection to domain-secured domain 'ourclient.com' on connector 'Default external mail' could not be established because the validation of the Transport Layer Security (TLS) certificate for ourclient.com failed with status 'UntrustedRoot. Contact the administrator of ourclient.com to resolve the problem, or remove the domain from the domain-secured list. Removing ourclient.com from the TLSSendDomainSecureList causes messages to be delivered successfully using opportunistic TLS, but this is a temporary workaround at best. The client is an extremely large, security-sensitive international corporation. Our IT contact there claims to be unaware of any changes to their TLS certificate. I have asked him repeatedly to please identify the authority that generated the certificate so that I can troubleshoot the validation error, but so far he has been unable to provide an answer. For all I know, our client could have replaced their valid TLS certificate with one from an in-house certificate authority. Does anyone know a way to manually inspect a remote SMTP server's TLS certificate, as one can do for a remote HTTPS server's certificate in a web browser? It could be very helpful to determine who issued the certificate and compare that information against the list of trusted root certificates on our Exchange server.

Read the article

Changing subnet-mask of class-c network host to 255.255.0.0

- by Prashant Mandhare

We have a existing class-c network with IP address range 11.22.33.44/24 (just for example). My domain controller has been configured within this subnet. So all servers within this subnet have subnet mask configured to 255.255.255.0. Now we have got a new subnet with IP address 11.22.88.99/24 (note that only last 2 octets have changed). I want all new hosts in this new subnet to join my existing DC. For this we have configured firewall properly so allow this. (so there is no issue with firewall). But initially I was not able to join hosts in new subnet in existing domain. Later I doubted on subnet mask used in domain controller (255.255.255.0) and for testing purpose I changed it to 255.255.0.0, it worked like charm, i was able to join subnet-2 hosts in subnet-1 domain. Now i am wondering whether it will be good practice to change subnet mask of a class-c network to 255.255.0.0? Can any issues arise due to this? Experts please provide your opinion.

Search Results

Search found 14339 results on 574 pages for 'domain rename'.

Page 192/574 | < Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >

- by ???02

- by OWScott

- by Damien Carru

- by Jeff Taylor-Oracle

- by Fred Rufin

- by Robert Koritnik

- by Stephen

- by it_stuck

- by meder

- by djk

- by Luke P M

- by it_stuck

- by Josh

- by MaddHacker

- by Saif Bechan

- by Beaming Mel-Bin

- by Doug

- by Doug

- by zigdon

- by Jesse McGrew

- by Dan F

- by Miles Erickson

- by Prashant Mandhare

< Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199 | Next Page >