Search Results

Search found 11785 results on 472 pages for 'password protection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 212/472 | < Previous Page | 208 209 210 211 212 213 214 215 216 217 218 219  | Next Page >

  • VSFTPD 530 Login incorrect

    - by sc.
    I'm trying to get a vsftpd server set up on CentOS 5.3 x64. I'm not able to get any local user login's to work. Here is my vsftpd.conf: local_enable=YES write_enable=YES pam_service_name=vsftpd connect_from_port_20=YES listen=YES pam_service_name=vsftpd xferlog_std_format=NO log_ftp_protocol=YES chroot_local_user=YES Here is the output of vsftp.log: Mon Sep 13 23:34:44 2010 [pid 19243] CONNECT: Client "10.0.1.138" Mon Sep 13 23:34:44 2010 [pid 19243] FTP response: Client "10.0.1.138", "220 (vsFTPd 2.0.5)" Mon Sep 13 23:34:44 2010 [pid 19243] FTP command: Client "10.0.1.138", "USER dwelch" Mon Sep 13 23:34:44 2010 [pid 19243] [dwelch] FTP response: Client "10.0.1.138", "331 Please specify the password." Mon Sep 13 23:34:44 2010 [pid 19243] [dwelch] FTP command: Client "10.0.1.138", "PASS <password>" Mon Sep 13 23:34:44 2010 [pid 19242] [dwelch] FAIL LOGIN: Client "10.0.1.138" Mon Sep 13 23:34:45 2010 [pid 19243] [dwelch] FTP response: Client "10.0.1.138", "530 Login incorrect." And the output of the secure log: Sep 13 17:40:50 intra vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=dwelch rhost=10.0.1.138 user=dwelch It looks like pam is not authenticating the user. Here is my /etc/pam.d/vsftp file: #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include system-auth account include system-auth session include system-auth session required pam_loginuid.so Can anyone see what I'm missing? Thanks.

    Read the article

  • Should windows services be created with custom users, or should I use one of LocalSystem/LocalServic

    - by Justin Dearing
    I'm asking the question in general for the average custom developed NT service or unix OSS daemon ported to windows with SCM support. However, at the moment my immediate concern is for mongodb. From my experience with UNIX I like all my services to run as different unprivileged users. The way this has translated to windows is as follows: Create a local (or domain if it has to talk to SQL server) windows user with a long random password (lately an ASCII85 encoded guid generated from a different machine). Set it to next expire and forbid it from changing its password. Remove that user from the "Users Group". Grant that user "Login as a Service" permission. Give it read permission to the folder where the app resides, and write permission to the logs and data files the applications use. Assign the user to the service. Troubleshoot until the service starts. My feeling is that the unprivileged users are less powerful than the 3 special service users. I also feel that by isolating which users run which services, I would limit collateral damage if a way to compromise one service was found.

    Read the article

  • how to automatically mount ~/Private using ecryptfs when logging in via ssh pubkey

    - by andreash
    Raionale: I want to be able to automatically make backups to a remote machine, which will be encrypted with ecryptfs. The title says it all: I set up ecryptfs-utils on my Debian Squeeze box, and set up one user to use it via ecryptfs-setup-private. When I log in via SSH using password authentication, the ~/Private directory automatically gets mounted. How can I achieve that ~/Private also automatically gets mounted when logging in via SSH using public key authentication? Obviously, the best solution would be if ecryptfs could somehow 'use' the SSH public key to en/decrypt the data (I know that then using the user's password would not be able to en/decrypt the data any more; this would be acceptable). Probably, this will not work. So perhaps somehow call ecryptfs-mount-private via ssh before logging in via public key? Probably, then I would need to somehow pipe the passphrase through the SSH connection, right? So I would need to store it on the source machine's file system. Not nice either. Any other ideas?

    Read the article

  • Router to WIFI Client to Router (New solution for distance when repeater doesnt help)

    - by Kangarooo
    Ethernet to TL-WR340G with WIFI enabled Using TL-WA500 tried repeater mode which was not good enough and had password problems (could not connect if using either ASCII or Normal password in one way then in repeater worked other way) and also could not forward (repeat) WPA/WPA2 security. So since this repeater can also be as client, I made it as client and used another router (TL-WR740N) to get from wire connection from that client and all was working for a little bit. Every machine is set up to be auto DHCP. 1st when setting up client mode I found it working after doing reset. Then after some tens of minutes internet stopped working. When I removed WiFi client then all went back to normal. Where is the problem and how to make this work? Ethernet- TL-WR340G(AutoDHCP) ==> wifi ==> TL-WA500 TL-WA500 wifi client mode(AutoDHCP) ==> wire ==> TL-WR740N TL-WR740N router mode (AutoDHCP) ==> My Computer In other words: TL-WR340G ) ) ) ) TL-WA500 ===== TL-WR740N ==== PC1 ) ) WiFi === Wire

    Read the article

  • How to give wife emergency access to logins, passwords, etc.?

    - by Torben Gundtofte-Bruun
    I'm the digital guru in my household. My wife is good with email and forum websites but she trusts me with all our important digital stuff -- such as online banking and other things that require passwords, but also family photos and the plethora of other digital things in a modern home. We discuss relevant actions but it's always me that executes the actions. If I should get "hit by a bus" then my wife would be thoroughly stranded -- she would have no idea what digital stuff is where on our computer, how to access it, what online accounts we have, and their login credentials are. It would also leave my many public appearances (personal websites, email accounts, social networks, etc.) unresolved. To complicate things, I'm one of those people who don't use password as my password everywhere; I use a mix of SuperGenPass and LastPass, and also two-factor authentication whenever possible. I don't have much hope that she would find her way through a written explanation of all that in a stressful situation. I could just tell her that she should ask my tech-savvy twin brother and then entrust him with my LastPass master passphrase. I feel that would have a high chance of success, but it's inelegant and leaves my wife without control of the information. How can I ensure that my wife has access to my digital remains?

    Read the article

  • Passive FTP Server Port Configuration Troubles Win2003

    - by Chris
    Win2003 Ports 20 & 21 are open IIS6 - Direct Metabase Edit enabled Configured FTP service passive range to 5500-5550 5500-5550 added to windows firewall iisreset and double checked by restarting ftp service nothing has changed, when I connect and enter passive, it still hangs when ever I try to LIST or transfer files. Active is just as useless. Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\user>ftp ftp> open x.x.x.x Connected to x.x.x.x. 220-Microsoft FTP Service xxxxxxxxxxxxxxxxxx 220 xxxxxxxxxxxxxxxxxx User (x.x.x.x:(none)): user 331 Password required for user. Password: 230-YOUR ACTIVITY IS BEING RECORDED TO THE FULLEST EXTENT 230 User user logged in. ftp> QUOTE PASV 227 Entering Passive Mode (82,19,25,134,21,124) ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. and it hangs.. Now I can see from microsooft documentation that on newer windows releases, additional steps such as these are suggested, but they dont work on 2003... netsh advfirewall firewall add rule name=”FTP Service” action=allow service=ftpsvc protocol=TCP dir=in netsh advfirewall set global StatefulFTP disable is there anything I am missing, what is this StatefulFTP malarkey at the end EDIT I can connect and transfer binary files using WinSCP client - Therefore the problem must be with my ftp commands no? Can anyone see anything wrong with my windows ftp client example? why would it hang on ls, i tried QUOTE LIST as well, and that just hangs, and the windows ftp client doesnt work in active, it hangs if I try to go "binary" then put - This worked before I added 5500-5550 on the router. I have since added this range to the router but no difference to the windows ftp client.

    Read the article

  • Snow Leopard takes a long time to connect to Windows/Samba server

    - by hood
    We run a very heterogeneous network here: There is some XP, Vista, 7, Leopard, Snow Leopard clients, and Windows 2003 (one remaining legacy app), 2008, and Linux servers. The main file server runs Ubuntu Linux and has been added to the Windows Domain and has been used for many years; SBS 2008 is the PDC (the 2003 and 2008 are on the domain also). In Leopard there were no problems at all authenticating to the file servers. We've upgraded one of the Leopard iMacs to Snow Leopard, though the same problem occurs in a new MBP which came with the newer OS as well as a clean install on another iMac. It does not matter whether connected through wired or wireless. In the Finder when clicking on the server - whether on first boot or after it is connected - it will display "Connecting..." for up to a few minutes before either generally working (if username/password in keychain) or displaying "Connection Failed" - at which time clicking "Connect As" and typing in the username/password will take some more time and eventually work. Sometimes it will display "Connecting..." indefinitely. (I've left it as long as 15 minutes before trying something else) Accessing shares on the the 2003 and SBS servers have the problem (so I don't think it's a Samba server issue). The Server 2008 Standard is connecting instantly at the moment. Accessing the share through an alias/stacks doesn't have this problem. Leopard and Windows clients still have no problem. I've searched Google but hasn't yielded any working result. How do I get rid of this delay?

    Read the article

  • apache2 mysql authentication module and SHA1 encryption

    - by Luca Rossi
    I found myself in a setup on where I need to enable some authentication method using mysql. I already have an user scheme. That user scheme is working like a charm with MD5 password and CRYPT, but when I turn to SHA1sum it says: [Fri Oct 26 00:03:20 2012] [error] Unsupported encryption type: Sha1sum No useful debug informations on log files. This is my setup and some info: debian6 apache and ssl installed packages: root@sistemichiocciola:/etc/apache2/mods-available# dpkg --list | grep apache ii apache2 2.2.16-6+squeeze8 Apache HTTP Server metapackage ii apache2-mpm-prefork 2.2.16-6+squeeze8 Apache HTTP Server - traditional non-threaded model ii apache2-utils 2.2.16-6+squeeze8 utility programs for webservers ii apache2.2-bin 2.2.16-6+squeeze8 Apache HTTP Server common binary files ii apache2.2-common 2.2.16-6+squeeze8 Apache HTTP Server common files ii libapache2-mod-auth-mysql 4.3.9-13+b1 Apache 2 module for MySQL authentication ii libapache2-mod-php5 5.3.3-7+squeeze14 server-side, HTML-embedded scripting language (Apache 2 module) root@sistemichiocciola:/etc/apache2/sites-enabled# dpkg --list | grep ssl ii libssl-dev 0.9.8o-4squeeze13 SSL development libraries, header files and documentation ii libssl0.9.8 0.9.8o-4squeeze13 SSL shared libraries ii openssl 0.9.8o-4squeeze13 Secure Socket Layer (SSL) binary and related cryptographic tools ii openssl-blacklist 0.5-2 list of blacklisted OpenSSL RSA keys ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL my vhost setup: AuthMySQL On Auth_MySQL_Host localhost Auth_MySQL_User XXX Auth_MySQL_Password YYY Auth_MySQL_DB users AuthName "Sistemi Chiocciola Sezione Informatica" AuthType Basic # require valid-user require group informatica Auth_MySQL_Encryption_Types Crypt Sha1sum AuthBasicAuthoritative Off AuthUserFile /dev/null Auth_MySQL_Password_Table users Auth_MYSQL_username_field email Auth_MYSQL_password_field password AuthMySQL_Empty_Passwords Off AuthMySQL_Group_Table http_groups Auth_MySQL_Group_Field user_group Have I missed a package/configuration or something?

    Read the article

  • Nagios command not transmitting all arguments

    - by markus
    I'm using the following service to monitor our postgres db from nagios: define service{ use test-service ; Name of servi$ host_name DEMOCGN002 service_description Postgres State check_command check_nrpe!check_pgsql!192.168.1.135!test!test!test notifications_enabled 1 } On the remote machine I've configured the command: command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H $ARG1$ -d $ARG2$ -l $ARG3$ -p $ARG4$ In the syslog I can see that command is executed, but there is only one argument transmitted: Oct 20 13:18:43 DEMOSRV01 nrpe[1033]: Running command: /usr/lib/nagios/plugins/check_pgsql -H 192.168.1.134 -d -l -p Oct 20 13:18:43 DEMOSRV01 nrpe[1033]: Command completed with return code 3 and output: check_pgsql: Database name is not valid - -l#012Usage:#012check_pgsql [-H <host>] [-P <port>] [-c <critical time>] [-w <warning time>]#012 [-t <timeout>] [-d <database>] [-l <logname>] [-p <password>] Oct 20 13:18:43 DEMOSRV01 nrpe[1033]: Return Code: 3, Output: check_pgsql: Database name is not valid - -l#012Usage:#012check_pgsql [-H <host>] [-P <port>] [-c <critical time>] [-w <warning time>]#012 [-t <timeout>] [-d <database>] [-l <logname>] [-p <password>] Why are arguments 2,3 and 4 missing?

    Read the article

  • Binding to LDAPS using PHP failing

    - by Sean
    We've finally set-up our server to accept ldap SSL connections thanks to another question answered by a helpful member. Our problem now is that when attempting to bind to ldap using the below simple PHP script, we constantly fail. Binding using ldap instead of ldaps works just fine using the script so I know the ldap is enabled. The catcher is that while using LDP.exe, we can successfully connect and bind to ldap on port 636 using a secure connection. The script we are failing with is below: <?php $ldap = ldap_connect("ldaps://localhost"); $username="user"; $password="pass"; if($bind = ldap_bind($ldap, $username,$password )) echo "logged in"; else echo "fail"; echo "<br/>done"; ?> We've also attempted inputting the username as "user@domain" or "domain/user" with no success. It seems I'm forever having LDAP/Cert questions. Our environment is Server 2008.

    Read the article

  • How to Setup Sharepoint Extranet to authenticate against a dmz AD

    - by Satish
    I have a web app which is extended to extranet for our clients to access. We have setup a different AD server and domain for dmz and clients have to be authenticated against that domain. I'm little confused about the setup especially what all web.config files I have to update. Do I have to update the web.config file for Central admin site and the extended web app. According to this blog I need to do update both, but as soon as I make the changes in the web.config for central admin, central admin site stops working. Here is what I added to the central admin web.config file between /Sharepoint and system.web I have this <connectionStrings> <add name="DMZConnectionString" connectionString= "LDAP://dmz.xxx.com:389/OU=Clients,DC=dmz,DC=xxx,DC=com "/> Between system.web and securityPolicy <membership defaultProvider=”DMZADProvider“> <providers> <add name="DMZADProvider" connectionStringName="DMZConnectionString" connectionUsername="DMZ\ldapUser" connectionPassword="Password" enableSearchMethods="true" attributeMapUsername="userPrincipalName" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> I know the connectionusername and password works becuase I use the same in SSP for importing profiles. Any idea what might be causing the error?

    Read the article

  • Setup git repository on gentoo server using gitosis & ssh

    - by ikso
    I installed git and gitosis as described here in this guide Here are the steps I took: Server: Gentoo Client: MAC OS X 1) git install emerge dev-util/git 2) gitosis install cd ~/src git clone git://eagain.net/gitosis.git cd gitosis python setup.py install 3) added git user adduser --system --shell /bin/sh --comment 'git version control' --no-user-group --home-dir /home/git git In /etc/shadow now: git:!:14665:::::: 4) On local computer (Mac OS X) (local login is ipx, server login is expert) ssh-keygen -t dsa got 2 files: ~/.ssh/id_dsa.pub ~/.ssh/id_dsa 5) Copied id_dsa.pub onto server ~/.ssh/id_dsa.pub Added content from file ~/.ssh/id_dsa.pub into file ~/.ssh/authorized_keys cp ~/.ssh/id_dsa.pub /tmp/id_dsa.pub sudo -H -u git gitosis-init < /tmp/id_rsa.pub sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update 6) Added 2 params to /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes Full sshd_config: Protocol 2 RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no UsePAM yes PrintMotd no PrintLastLog no Subsystem sftp /usr/lib64/misc/sftp-server 7) Local settings in file ~/.ssh/config: Host myserver.com.ua User expert Port 22 IdentityFile ~/.ssh/id_dsa 8) Tested: ssh [email protected] Done! 9) Next step. There I have problem git clone [email protected]:gitosis-admin.git cd gitosis-admin SSH asked password for user git. Why ssh should allow me to login as user git? The git user doesn't have a password. The ssh key I created is for the user expert. How this should work? Do I have to add some params to sshd_config?

    Read the article

  • administrator user unable to login, suspicious user accounts "sky$", "admin$"

    - by mks
    I have a Windows 2008 R2 Standard (64 bit) running in a virtual machine. Suddenly from yesterday onwards I am not able to login as administrator. Nobody changed the password. Both in the console as well as using remote desktop I am unable to login. Whenever I login as Administrator I am getting this error: "The user name or password is incorrect" Nothing has changed in the machine and I have logged in the past successfully both through console and via remote desktop several time on the same machine. One strange behaviour I noticed is, I am seeing some additional user accounts if I try to login as other user. The suspicious user account are: sky$ admin$ SUPPORT_388945a0 Is it created by some malware/virus? Or is it some windows hidden account? Microsoft site says that SUPPORT_388945a0 is: The Support_388945a0 account enables Help and Support Service interoperability with signed scripts. This account is primarily used to control access to signed scripts that are accessible from within Help and Support Services. Administrators can use this account to delegate the ability for an ordinary user, who does not have administrative access over a computer, to run signed scripts from links embedded within Help and Support Services. These scripts can be programmed to use the Support_388945a0 account credentials instead of the user’s credentials to perform specific administrative operations on the local computer that otherwise would not be supported by the ordinary user’s account. When the delegated user clicks on a link in Help and Support Services, the script executes under the security context of the Support_388945a0 account. This account has limited access to the computer and is disabled by default. However I am not sure from where this "admin$" and "sky$" came. Anyone has similar experience?

    Read the article

  • Can not access SQLServer database

    - by btrey
    I'm trying to convert an Access database to use a SQLServer backend. I've upsized the database and everything works on the server, but I'm unable to access it remotely. I'm running SQLServer Express 2005 on Windows Server 2003. The server is not configured as a domain controller, nor connected to a domain. The computers I'm trying to access the server from are part of a domain, but there are no local domain controllers. I'm at a remote location and the computers are configured and connected to the domain at the home office, then shipped to us. We normally log in with cached credentials and VPN into the home office when we need to access the domain. I can use Remote Desktop Connection to access the 2k3 server which is running SQLServer. If I log into the server with my username, I can bring up the database, access it via the Trusted Connection, and the database works. If I try to run the database locally, however, I get the Server Login dialog box. I can not use a Trusted Connection because my local login is to the home office domain and is not recognized by the SQLServer machine. If I try to use the username/password that is local to the SQLServer, I get a login failed error. I've tried entering the username as "username", "workgroup/username" (where "workgroup" is the name of the workgroup on the SQLServer), "sqlservername/username" and "[email protected]" where "1.2.3.4" is the IP of the SQLServer. In all cases, I get a login failed error. As I said, I can login to the server via Remote Desktop Connection with the same username and password and use the database, so permissions for the username appear to be correct for both a remote connection and for database access. Not sure where to go from here and any assistance would be appreciated.

    Read the article

  • Problems with connecting Thunderbird client to dovecot installed on Ubuntu

    - by Michael Omer
    I am trying to connect a Thunderbird client to my dovecot server. The dovecot is installed on Ubuntu. I know that my server works (at least partially), since when I send a mail to a user in the server ([email protected]), I see the new file created in /home/feedback/Maildir/new. However, when I try to connect with my Thunderbird to the server, It recognizes the server, but informs me that my user/password is wrong (they are not wrong). The exact message is: Configuration could not be verified - is the username or password wrong? The server configuration it tries to connect to is: incoming - IMAP 143, outgoing - SMTP 587 The dovecot configuration file is located here: dovecot.conf My PAM configuration is: @include common-auth @include common-account @include common-session In the log, I see: May 23 06: 07: 20 misfortune dovecot: imap-login: Disconnected (no auth attempts): ? rip=77.126.236.118, lip=184.106.69.153 Dovecot -n gives me: Log_timestamp: %Y-%m-%d %H: %M: %S Protocols: pop3 pop3s imap imaps Ssl: no Login_dir: /var/run/dovecot/login Login_executable(default): /usr/lib/dovecot/imap-login Login_executable(imap): /usr/lib/dovecot/imap-login Login_executable(pop3): /usr/lib/dovecot/pop3-login Mail_privileged_group: mail Mail_location: maildir: ~/Maildir Mbox_write_locks: fcntl dotlock Mail_executable(default): /usr/lib/dovecot/imap Mail_executable(imap): /usr/lib/dovecot/imap Mail_executable(pop3): /usr/lib/dovecot/pop3 Mail_plugin_dir(default): /usr/lib/dovecot/modules/imap Mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap Mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 Imap_client_workarounds(default): tb-extra-mailbox-sep Imap_client_workarounds(imap): tb-extra-mailbox-sep Imap_client_workarounds(pop3): Auth default: passdb: driver: pam userdb: driver: passwd

    Read the article

  • How to have SSL on Amazon Elastic Load Balancer with a Gunicorn EC2 server?

    - by Riegie Godwin
    I'm a self taught back end engineer so I'm learning all of this stuff as I go along. For the longest time, I've been using basic authentication for my users. Many developers are advising against this approach since each request will contain the username & password in clear text. Anyone with the right skills can sniff on the connection between my iOS application and my Django/Gunicorn Server and obtain their password. I wouldn't want to put my user's credentials at risk so I would like to implement a more secure way of authentication. SSL seems to be the most viable option. My server doesn't serve any static content or anything crazy of that sort. All the server does is send and receive "json" responses from and to my iOS application. Here is my current topology. iOS application ------ Amazon Elastic Load Balancer ------- EC2 Instances running HTTP Gunicorn. Gunicorn runs on port 8000. I have a CNAME record from GoDaddy for the Amazon Elastic Load Balancer DNS. So instead of using the long DNS to make requests, I just use server.example.com. To interact with my servers I send and receive requests to server.example.com:8000/ This setup works and has been solid. However I need to have a more secure way. I would like to setup SSL between my iOS application and my Elastic Load Balancer. How can I go about doing this? Since I am only sending json responses to my application, do I really need to buy a certificate from a CA or can I create my own? (since browsers will not be interacting with my servers. My servers are only designed to send json responses to my iOS application).

    Read the article

  • Setup Version Control on Dreamweaver

    - by John Isaacks
    I have a win computer on the Network called WIN2K8FS1 I have TortoiseSVN on a win computer and when I go to checkout a repository with Tortoise it asks me for the URL of the repository. I put in: file://WIN2K8FS1/Media/SVN_repo And it creates the working copy. I am trying to setup Dreamweaver CS5 to work with subversion. I create a new site and I go to the Version Control tab and it asks for a lot if info. First is Access. I choose Subversion since that is the only option Second is Protocol. Not sure which I need so I go with HTTP? Third is Server Address. I am assuming this is the name of the computer with the repository so I put in \\WIN2K8FS1\ Fourth is Repository Path. I put in /Media/SVN_repo Fifth is Port which I leave default to 80 Then it asks for user name and password. I never set one up for anything so I put in my domain username and password. I click test and it tells me: Server and project are not accessible! I am not sure what I am doing wrong. I am not the server admin but I did create the repository and have access to it via Tortoise. So I am not sure what I am doing wrong in Dreamweaver.

    Read the article

  • The Server Fault Wiki of recommended practices [migrated]

    - by Avery Payne
    So I've noticed that there are several recommendations on basic practices on Server Fault, but there doesn't seem to be a cohesive view as to how those recommendations would all fit together. So I thought I would lump these together as a kind of mental exercise to see what the "ServerFault Community IT Department" would look like if it were implemented. This would give a few things: it would make a reasonable wiki (in the true wiki spirit of many contributions), it would provide several links to well-vetted practices, and it would be kind of fun to see what the amalgamation would look like. And who knows, it may even point out some interesting issues between different forms of "best practices", although I would be stunned if there was a conflict hidden in there someplace... Add your favorites from Server Fault as answers, and I'll re-edit this section with the results. Here's a few catagories to collect different ideas together. Hardware Configuration(s) Server room configuration. Server room temperature Firmware Updates and Scheduling Storage Configuration(s) Selecting a NAS box Linux: Dealing with /tmp Linux: Install apps in /var or /opt? Network Configuration(s) checking DNS health and compliance Security Practice(s) Password (General) Best Practices Password sharing methods Windows Update Updating Windows Servers that are hosts for VMs Network Service(s) User Service(s) User Naming & Deletion Upgrade Process(es) Disaster Recovery Checking Backups Documenting an outage for a post-mortem review Last Edit: 2010-02-17

    Read the article

  • Using NX with no PasswordAuthentication SSH setup

    - by benmccann
    I'm trying to setup passwordless SSH access. My username is bmccann, so in /etc/ssh/sshd_config I added: PermitRootLogin no PasswordAuthentication no AllowUsers bmccann nx I ran ssh-keygen on the client and put ~/.ssh/id_rsa.pub from the client into ~/.ssh/authorized_keys on the server. I can now login with no password using the ssh command. However, I can no longer access the machine via NX as long as /etc/ssh/sshd_config has "PasswordAuthentication no". Server error logs: $ grep NX /var/log/messages Feb 11 01:25:51 bmccann-htpc NXSERVER-3.4.0-12[23552]: ERROR: Failed authentication. NXSsh exit status is:255 'NXNssUserManager::auth' Feb 11 01:25:51 bmccann-htpc NXSERVER-3.4.0-12[23552]: Failed SSHd authentication for user 'bmccann', to '127.0.0.1', port '22': 'NX> 204 Authentication failed.\n ' 'NXNssUserManager::auth' Feb 11 01:25:51 bmccann-htpc NXSERVER-3.4.0-12[23552]: ERROR: Error while trying to authenticate user:bmccann. NXNssUserManager::auth returned 255 'NXShell::handler_login' Feb 11 01:25:51 bmccann-htpc NXSERVER-3.4.0-12[23552]: ERROR: failed 'sshd authentication' for user 'bmccann' from '108.29.137.64'. NXShell::handler_login NXShell 373 What do I need to do to restore my NX access? Is there something I need to setup in the NX client so that it no longer asks me for a password?

    Read the article

  • Mysql master-master not replicating

    - by frankil
    I'm setting up a master-master mysql replication on two servers (db1 and db2). I started with setting up db2 as a slave to db1 and that works fine. But when I set up db1 as a slave to db2 it isn't replicating. On the face of it everything looks fine but the data isn't replicating. There are no errors in either of the error logs. The slave status is updating the bin log position. I have used mysqlbinlog to examine both the binlog on the db2 and the relay log on db1 and all of the queries are going in there, but not being executed to db1. "show slave status" on both servers shows that both the slave io and sql threads are "Yes" and that the relay log position is updated by the sql thread. Also on both servers: >echo "show processlist" | mysql | grep "system user" 166819 system user NULL Connect 3655 Waiting for master to send event NULL 166820 system user NULL Connect 3507 Has read all relay log; waiting for the slave I/O thread to update it NULL Relevant config for db1: server-id = 1 log-slave-updates replicate-same-server-id = 0 auto_increment_increment = 4 auto_increment_offset = 1 master-host = db2 master-port = 3306 master-user = slaveuser master-password = *** skip-slave-start sync_binlog = 1 binlog-ignore-db=mysql Config for db2 server-id = 2 log-slave-updates replicate-same-server-id = 0 auto_increment_increment = 4 auto_increment_offset = 2 master-host = db1 master-port = 3306 master-user = slaveuser master-password = *** sync_binlog = 1 relay-log=mysql-relay-bin binlog-ignore-db=mysql What else can I look for to make sure db1 executes the queries from db2?

    Read the article

  • Cisco ASA user authentication options - OpenID, public RSA sig, others?

    - by Ryan
    My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT, one primary outside interface with some secondary public IPs in the PAT pool for public-facing services, a couple site-to-site IPSec links to other branches, etc. - and I'm working now on VPN. I have the WebVPN (clientless SSL VPN) working and even traversing the site-to-site links. At the moment I'm leaving a legacy OpenVPN AS in place for thick client VPN. What I would like to do is standardize on an authentication method for all VPN then switch to the Cisco's IPSec thick VPN server. I'm trying to figure out what's really possible for authentication for these VPN users (thick client and clientless). My organization uses Google Apps and we already use dotnetopenauth to authenticate users for a couple internal services. I'd like to be able to do the same thing for thin and thick VPN. Alternatively a signature-based solution using RSA public keypairs (ssh-keygen type) would be useful to identify user@hardware. I'm trying to get away from legacy username/password auth especially if it's internal to the Cisco (just another password set to manage and for users to forget). I know I can map against an existing LDAP server but we have LDAP accounts created for only about 10% of the user base (mostly developers for Linux shell access). I guess what I'm looking for is a piece of middleware which appears to the Cisco as an LDAP server but will interface with the user's existing OpenID identity. Nothing I've seen in the Cisco suggests it can do this natively. But RSA public keys would be a runner-up, and much much better than standalone or even LDAP auth. What's really practical here?

    Read the article

  • Dovecot unable to perform mysql query

    - by NathanJ2012
    I have been following the ISPMail tutorials on workaround.org (the 2.9 Wheezy version) and thus far everything has been working fine. When I reached the step to "Testing email delivery" step I noticed a error about the query in the output log from /var/log/mail.log. May 14 06:48:59 mail postfix/pickup[17704]: EA4AD240A98: uid=0 from=<root> May 14 06:48:59 mail postfix/cleanup[17776]: EA4AD240A98: message-id=<[email protected]> May 14 06:48:59 mail postfix/qmgr[17706]: EA4AD240A98: from=<[email protected]>, size=429, nrcpt=1 (queue active) May 14 06:49:00 mail dovecot: auth-worker(17782): mysql(127.0.0.1): Connected to database mailserver May 14 06:49:00 mail dovecot: auth-worker(17782): Warning: mysql: Query failed, retrying: Table 'mailserver.users' doesn't exist May 14 06:49:00 mail dovecot: auth-worker(17782): Error: sql([email protected]): User query failed: Table 'mailserver.users' doesn't exist (using built-in default user_query: SELECT home, uid, gid FROM users WHERE username = '%n' AND domain = '%d') May 14 06:49:00 mail dovecot: lda([email protected]): msgid=<[email protected]>: saved mail to INBOX May 14 06:49:00 mail postfix/pipe[17780]: EA4AD240A98: to=<[email protected]>, relay=dovecot, delay=0.09, delays=0.03/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service) May 14 06:49:00 mail postfix/qmgr[17706]: EA4AD240A98: removed I found this rather interesting that it isn't finding the DB so I went back through and checked EVERY file that I touched that involved the DB (including the postfix cf files) and everything is correct so I am baffled at this point, but oddly enough it would seem the email still made it to the correct destination in /var/vmail/domain.com/. Should I be worried about this or am I missing something here? Since it is a message from dovecot it would be the query from dovecot-sql.conf.ext which I am including here driver = mysql connect = host=127.0.0.1 dbname=mailserver user=blocked password=***REMOVED*** default_pass_scheme = PLAIN-MD5 password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';

    Read the article

  • SSO "Portal"

    - by Clinton Blackmore
    Pursuant to my question on alleviating the password explosion, I've contacted some of the services to whom we are paying money to access their websites to ask if we could authenticate our own users, and some of them said yes and send me specs on how to do so. (One of the sites called such a system a page a "portal"; I've never heard the term used in quite that way.) It is simple enough that I am tempted to roll my own. The largest complication is that one site wants us to store a key for every user in our database (and I think the LDAP database makes sense) after their initial login. So, non-trivial, but doable. The nature of these sorts of tasks, I expect, is that if they start out small and simple, they don't end that way. There must be some software that addresses this that is readily extended, surely. In my searching, I've come across: SimpleSAMLphp JOSSO RubyCAS-Server Shibboleth Pubcookie OpenID [Wow, gee. I'd missed some of those in my previous searches! The wikipedia page on Central Authentication Services is useful, and the section on Alternatives to OpenID makes it look like there is a lot of choice.] Can anyone recommend any of these, or suggest ones to avoid? Internally, we are authenticating using Apple's Open Directory [ == OpenLDAP + Kerberos + Password Server (which, I believe, == SAML) ]. As far as extending/tweaking/advanced configuration of a system, I am able to program in Python, C++, can do some basic PHP, and may be able to remember some Java. Looks like I need to pick up Ruby at some point. Addendum: I would also like users to be able to change their passwords over the web (and for certain users to change passwords of other users).

    Read the article

  • Ubuntu Server attack? how to solve?

    - by saky
    Hello, Something (Someone) is sending out UDP packets sent from our whole ip range. This seems to be multicast DNS. Our server host provided this (Our IP Address is masked with XX): Jun 3 11:02:13 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 Jun 3 11:02:23 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 Jun 3 11:02:32 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 Jun 3 11:02:35 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 I checked my /var/log/auth.log file and found out that someone from China (Using ip-locator) was trying to get in to the server using ssh. ... Jun 3 11:32:00 server2 sshd[28511]: Failed password for root from 202.100.108.25 port 39047 ssh2 Jun 3 11:32:08 server2 sshd[28514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.100.108.25 user=root Jun 3 11:32:09 server2 sshd[28514]: Failed password for root from 202.100.108.25 port 39756 ssh2 Jun 3 11:32:16 server2 sshd[28516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.100.108.25 user=root ... I have blocked that IP address using this command: sudo iptables -A INPUT -s 202.100.108.25 -j DROP However, I have no clue about the UDP multicasting, what is doing this? who is doing it? and how I can stop it? Anyone know?

    Read the article

  • php_ibm_db2.dll on IIS 7.5 using PHP 5.3 error message

    - by grmbl
    I'm trying to use ibm_db2 extension to access iSeries DB2 database. This is the testcode (taken from here) <?php $database = 'ALI452BFAL'; //library $user = 'STN452'; $password = '**********'; $hostname = 'myserverip'; $port = 50000; $conn_string = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=$database;" . "HOSTNAME=$hostname;PORT=$port;PROTOCOL=TCPIP;UID=$user;PWD=$password;"; $conn = db2_connect($conn_string, '', ''); if ($conn) { print "ok"; db2_close($conn); } else { echo db2_conn_error() . '<br>' . db2_conn_errormsg(); } ?> I have installed a very basic package containing the db2 driver and added this as an extension. (IBM Data Server Driver for ODBC, CLI, and .NET.msi) This is my result: 08001 [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "TCP/IP". Communication API being used: "SOCKETS". Location where the error was detected: "10.10.0.120". Communication function detecting the error: "connect". Protocol specific error code(s): "10061", "", "". SQLSTATE=08001 SQLCODE=-30081 Anybody tried this before??

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 208 209 210 211 212 213 214 215 216 217 218 219  | Next Page >