Search Results

Search found 951 results on 39 pages for 'restricted'.

Page 29/39 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

  • Configuring port forwarding for SSH - no response outside LAN [migrated]

    - by WinnieNicklaus
    I recently moved, and at the same time purchased a new router (Linksys E1200). Prior to the move, I had my old router set up to forward a port for SSH to servers on my LAN, and I was using DynDNS to manage the external IP address. Everything worked great. I moved and set up the new router (unfortunately, the old one is busted so I can't try things out with it), updated the DynDNS address, and attempted to restore my port forwarding settings. No joy. SSH connections time out, and pings go unanswered. But here's the weird part (i.e., key to the whole thing?): I can ping and SSH just fine from within this LAN. I'm not talking about the local 192.168.1.* addresses. I can actually SSH from a computer on my LAN to the DynDNS external address. It's only when the client is outside the LAN that connections are dropped. This surely suggests a particular point of failure, but I don't know enough to figure out what it is. I can't figure out why it would make a difference where the connections originate, unless there's a filter for "trusted" IP addresses, which is perhaps just restricted to my own. No settings have been touched on the servers, and I can't find any settings suggesting this on the router admin interface. I disabled the router's SPI firewall and "Filter anonymous traffic" setting to no avail. Has anyone heard of this behavior, and what can I do to get past it?

    Read the article

  • JMS MQ Connection closed in JSF 2 SessionBean

    - by veote
    I use Websphere Application Server 8 with MQ Series as Messaging Queue. When I open close the connection in sessionbean in a "postConstruct" method and I use it in another method then its closed. My Code is: import java.io.Serializable; import javax.annotation.PostConstruct; import javax.annotation.PreDestroy; import javax.annotation.Resource; import javax.faces.application.FacesMessage; import javax.faces.bean.ManagedBean; import javax.faces.bean.SessionScoped; import javax.faces.context.FacesContext; import javax.jms.JMSException; import javax.jms.Queue; import javax.jms.QueueConnection; import javax.jms.QueueConnectionFactory; import javax.jms.QueueSender; import javax.jms.QueueSession; import javax.jms.Session; import javax.jms.TextMessage; @ManagedBean @SessionScoped public class MQRequest implements Serializable { private static final long serialVersionUID = 1L; @Resource(name = "jms/wasmqtest/wasmqtest_QCF") private QueueConnectionFactory connectionFactory; @Resource(name = "jms/wasmqtest/Request_Q") private Queue requestQueue; private QueueConnection connection; private String text = ""; public void sendMessage() { System.out.println("Connection in sendMessage: \n" + connection); TextMessage msg; try { QueueSession queueSession = connection.createQueueSession(false, Session.AUTO_ACKNOWLEDGE); QueueSender sender = queueSession.createSender(requestQueue); msg = queueSession.createTextMessage(text); sender.send(msg); queueSession.close(); sender.close(); } catch (JMSException e) { // TODO Auto-generated catch block e.printStackTrace(); } text = ""; } @PostConstruct public void openConenction() { System.out.println("Open Connection"); try { connection = connectionFactory.createQueueConnection(); connection.start(); System.out.println("Connection in OpenConnectioN: \n" + connection); } catch (JMSException e) { e.printStackTrace(); } } @PreDestroy public void closeConnection() { try { System.out.println("Closing Connection"); connection.close(); } catch (JMSException e) { e.printStackTrace(); } } public void setText(String text) { this.text = text; } public String getText() { return text; } } In PostConstruct method the connection is initialized: [21.10.13 07:36:05:574 CEST] 00000025 SystemOut O Connection in OpenConnectioN: com.ibm.ejs.jms.JMSQueueConnectionHandle@36c9b1a managed connection = com.ibm.ejs.jms.JMSManagedQueueConnection@3657e8b physical connection = com.ibm.mq.jms.MQXAQueueConnection@36618b6 closed = false invalid = false restricted methods enabled = false open session handles = [] temporary queues = [] But in sendMessage() method it isnt and I get a ConnectionClosed Problem: [21.10.13 07:36:12:493 CEST] 00000025 SystemOut O Connection in sendMessage: com.ibm.ejs.jms.JMSQueueConnectionHandle@36c9b1a managed connection = null physical connection = null closed = true invalid = false restricted methods enabled = false open session handles = [] temporary queues = [] 21.10.13 07:36:12:461 CEST] 00000025 SystemErr R 15 [WebContainer : 3] INFO org.apache.bval.jsr303.ConfigurationImpl - ignoreXmlConfiguration == true [21.10.13 07:36:12:601 CEST] 00000025 SystemErr R javax.jms.IllegalStateException: Connection closed [21.10.13 07:36:12:601 CEST] 00000025 SystemErr R at com.ibm.ejs.jms.JMSConnectionHandle.checkOpen(JMSConnectionHandle.java:821) [21.10.13 07:36:12:601 CEST] 00000025 SystemErr R at com.ibm.ejs.jms.JMSQueueConnectionHandle.createQueueSession(JMSQueueConnectionHandle.java:206) [21.10.13 07:36:12:601 CEST] 00000025 SystemErr R at de.volkswagen.wasmqtest.queue.MQRequest.sendMessage(MQRequest.java:51) [21.10.13 07:36:12:601 CEST] 00000025 SystemErr R at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [21.10.13 07:36:12:601 CEST] 00000025 SystemErr R at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) [21.10.13 07:36:12:601 CEST] 00000025 SystemErr R at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at java.lang.reflect.Method.invoke(Method.java:611) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at org.apache.el.parser.AstValue.invoke(AstValue.java:262) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:278) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at org.apache.myfaces.view.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:83) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at javax.faces.component._MethodExpressionToMethodBinding.invoke(_MethodExpressionToMethodBinding.java:88) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:100) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at javax.faces.component.UICommand.broadcast(UICommand.java:120) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at javax.faces.component.UIViewRoot._broadcastAll(UIViewRoot.java:973) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:275) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at javax.faces.component.UIViewRoot._process(UIViewRoot.java:1285) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:711) [21.10.13 07:36:12:602 CEST] 00000025 SystemErr R at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:34) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:171) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at javax.faces.webapp.FacesServlet.service(FacesServlet.java:189) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1147) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:722) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:449) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1020) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3703) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:953) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1655) [21.10.13 07:36:12:603 CEST] 00000025 SystemErr R at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) [21.10.13 07:36:12:604 CEST] 00000025 SystemErr R at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) [21.10.13 07:36:12:605 CEST] 00000025 SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1650) Do you have an idea why the connection is closed?

    Read the article

  • Configuring port forwarding for SSH - no response outside LAN

    - by WinnieNicklaus
    I recently moved, and at the same time purchased a new router (Linksys E1200). Prior to the move, I had my old router set up to forward a port for SSH to servers on my LAN, and I was using DynDNS to manage the external IP address. Everything worked great. I moved and set up the new router (unfortunately, the old one is busted so I can't try things out with it), updated the DynDNS address, and attempted to restore my port forwarding settings. No joy. SSH connections time out, and pings go unanswered. But here's the weird part (i.e., key to the whole thing?): I can ping and SSH just fine from within this LAN. I'm not talking about the local 192.168.1.* addresses. I can actually SSH from a computer on my LAN to the DynDNS external address. It's only when the client is outside the LAN that connections are dropped. This surely suggests a particular point of failure, but I don't know enough to figure out what it is. I can't figure out why it would make a difference where the connections originate, unless there's a filter for "trusted" IP addresses, which is perhaps just restricted to my own. No settings have been touched on the servers, and I can't find any settings suggesting this on the router admin interface. I disabled the router's SPI firewall and "Filter anonymous traffic" setting to no avail. Has anyone heard of this behavior, and what can I do to get past it?

    Read the article

  • DIR $file "File Not Found" vs DIR $filedir shows it....not permissions, not USB

    - by Kev
    I was having this problem before on a USB drive, but now it's happening on my main RAID5-backed hard disk: 2013-10-17 9:37 C:\>dir "C:\Shares\Shared\Reference\Safety Management System\Vid eo CD\AutoPlay\Docs\Manuel*" Volume in drive C has no label. Volume Serial Number is 3C18-E114 Directory of C:\Shares\Shared\Reference\Safety Management System\Video CD\AutoP lay\Docs 2003-09-09 11:29 PM 1,056,768 Manuel d'intervention d'urgence MFC.doc 2004-06-20 10:36 PM 139,849 Manuel d'intervention d'urgence MFC.pdf 2 File(s) 1,196,617 bytes 0 Dir(s) 196,068,691,968 bytes free 2013-10-17 9:38 C:\>dir "C:\Shares\Shared\Reference\Safety Management System\Vid eo CD\AutoPlay\Docs\Manuel d'intervention d'urgence MFC.doc" Volume in drive C has no label. Volume Serial Number is 3C18-E114 Directory of C:\Shares\Shared\Reference\Safety Management System\Video CD\AutoP lay\Docs File Not Found 2013-10-17 9:38 C:\> This is from a Command Prompt window where I went to Properties and told it I wanted to modify who it ran as. I opened it, had it run as me with the "restricted access" unchecked, then ran the above. The file in question has the following ACLs: Administrators, SYSTEM, and OurCompanyUsers. All three have full control of everything. Nobody has any Deny bits set. I am a member of Administrators. So I don't believe it's a permissions issue. It's not a USB drive, so this time there is no question of USB hardware. Windows Server 2003 Standard Edition SP2. What does this mean? Is this more likely a hardware or software problem?

    Read the article

  • Apache directive for authenticated users?

    - by Alex Leach
    Using Apache 2.2, I would like to use mod_rewrite to redirect un-authenticated users to use https, if they are on http.. Is there a directive or condition one can test for whether a user is (not) authenticated? For example, I could have set up the restricted /foo location on my server:- <Location "/foo/"> Order deny,allow # Deny everyone, until authenticated... Deny from all # Authentication mechanism AuthType Basic AuthName "Members only" # AuthBasicProvider ... # ... Other authentication stuff here. # Users must be valid. Require valid-user # Logged-in users authorised to view child URLs: Satisfy any # If not SSL, respond with HTTP-redirect RewriteCond ${HTTPS} off RewriteRule /foo/?(.*)$ https://${SERVER_NAME}/foo/$2 [R=301,L] # SSL enforcement. SSLOptions FakeBasicAuth StrictRequire SSLRequireSSL SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 </Location> The problem here is that every file, in every subfolder, will be encrypted. This is quite unnecessary, but I see no reason to disallow it. What I would like is the RewriteRule to only be triggered during authentication. If a user is already authorised to view a folder, then I don't want the RewriteRule to be triggered. Is this possible? EDIT: I am not using any front-end HTML here. This is only using Apache's built-in directory browsing interface and its in-built authentication mechanisms. My <Directory> config is: <Directory ~ "/foo/"> Order allow,deny Allow from all AllowOverride None Options +Indexes +FollowSymLinks +Includes +MultiViews IndexOptions +FancyIndexing IndexOptions +XHTML IndexOptions NameWidth=* IndexOptions +TrackModified IndexOptions +SuppressHTMLPreamble IndexOptions +FoldersFirst IndexOptions +IgnoreCase IndexOptions Type=text/html </Directory>

    Read the article

  • Security for university research lab systems

    - by ank
    Being responsible for security in a university computer science department is no fun at all. And I explain: It is often the case that I get a request for installation of new hw systems or software systems that are really so experimental that I would not dare put them even in the DMZ. If I can avoid it and force an installation in a restricted inside VLAN that is fine but occasionally I get requests that need access to the outside world. And actually it makes sense to have such systems have access to the world for testing purposes. Here is the latest request: A newly developed system that uses SIP is in the final stages of development. This system will enable communication with outside users (that is its purpose and the research proposal), actually hospital patients not so well aware of technology. So it makes sense to open it to the rest of the world. What I am looking for is anyone who has experience with dealing with such highly experimental systems that need wide outside network access. How do you secure the rest of the network and systems from this security nightmare without hindering research? Is placement in the DMZ enough? Any extra precautions? Any other options, methodologies?

    Read the article

  • Compiling Gearman PHP Library for CentOS 5.8

    - by Andrew Ellis
    I've been trying to get Gearman compiled on CentOS 5.8 all afternoon. Unfortunately I am restricted to this version of CentOS by my CTO and how he has our entire network configured. I think it's simply because we don't have enough resources to upgrade our network... But anyways, the problem at hand. I have searched through Server Fault, Stack Overflow, Google, and am unable to locate a working solution. What I have below is stuff I have pieced together from my searching. Searches have told said to install the following via yum: yum -y install --enablerepo=remi boost141-devel libgearman-devel e2fsprogs-devel e2fsprogs gcc44 gcc-c++ To get the Boost headers working correctly I did this: cp -f /usr/lib/boost141/* /usr/lib/ cp -f /usr/lib64/boost141/* /usr/lib64/ rm -f /usr/include/boost ln -s /usr/include/boost141/boost /usr/include/boost With all of the dependancies installed and paths setup I then download and compile gearmand-1.1.2 just fine. wget -O /tmp/gearmand-1.1.2.tar.gz https://launchpad.net/gearmand/1.2/1.1.2/+download/gearmand-1.1.2.tar.gz cd /tmp && tar zxvf gearmand-1.1.2.tar.gz ./configure && make -j8 && make install That works correctly. So now I need to install the Gearman library for PHP. I have attempted through PECL and downloading the source directly, both result in the same error: checking whether to enable gearman support... yes, shared not found configure: error: Please install libgearman What I don't understand is I installed the libgearman-devel package which also installed the core libgearman. The installation installs libgearman-devel-0.14-3.el5.x86_64, libgearman-devel-0.14-3.el5.i386, libgearman-0.14-3.el5.x86_64, and libgearman-0.14-3.el5.i386. Is it possible the package version is lower than what is required? I'm still poking around with this, but figured I'd throw this up to see if anyone has a solution while I continue to research a fix. Thanks!

    Read the article

  • Passing PATH through sudo

    - by whitequark
    In short: how to make sudo not to flush PATH everytime? I have some websites deployed on my server (Debian testing) written with Ruby on Rails. I use Mongrel+Nginx to host them, but there is one problem that comes when I need to restart Mongrel (e.g. after making some changes). All sites are checked in VCS (git, but it is not important) and have owner and group set to my user, whereas Mongrel runs under the, huh, mongrel user that is severely restricted in it's rights. So Mongrel must be started under root (it can automatically change UID) or mongrel. To manage mongrel I use mongrel_cluster gem because it allows starting or stopping any amount of Mongrel servers with just one command. But it needs the directory /var/lib/gems/1.8/bin to be in PATH: this is not enough to start it with absolute path. Modifying PATH in root .bashrc changed nothing, tweaking sudo's env_reset and keepenv didn't either. So the question: how to add a directory to PATH or keep user's PATH in sudo?

    Read the article

  • Spots appear in a rectangle area on screen, ubuntu gnome 13.04, nvidia driver

    - by frozen-flame
    I am using Ubuntu Gnome 13.04 with nvidia-310 driver installed. My GPU is GeForce GTX650. Strange spots freqently appear on screen, with following traits: Spots are restricted in one or two rectangle areas at any instant. When typing, the pattern of spots change. Possibly increase, or all disappear when one key pressed. Mouse movement also influences. This problem last within one boot. The only way can I get rid of this problem is to reboot. It can be detected as soon as entering desktop if it appears. Simultaneously, the "power off" option is lost in the top-right menu of Gnome3. Never such problem when using windows 7 on the same computer, neither ubuntu with Nouveou driver. Seldomly, half of the screen become black. I googled a lot. Similar conditions are described, but no confirmed solution. Uninstall-r einstall strategy does not work. Any clue solving this will be appeciated.

    Read the article

  • Concerns about Apache per-Vhost logging setup

    - by etienne
    I'm both senior developer and sysadmin in my company, so i'm trying to deal with the needs of both activities. I've set up our apache box, wich deals with 30-50 domains atm (and hopefully will grow larger) and hosts both production and development sites, with this directory structure: domains/ domains/domain.ext/ #FTPS chroot for user domain.ext domains/domain.ext/public #the DocumentRoot of http://domain.ext domains/domain.ext/logs domains/domain.ext/subdomains/sub.domain.ext domains/domain.ext/subdomains/sub.domain.ext/public #DocumentRoot of http://sub.domain.ext Each domain.ext Vhost runs with his dedicated user and group via mpm-itk, umask being 027, and the logs are stored via a piped sudo command, like this: ErrorLog "| /usr/bin/sudo -u nobody -g domain.ext tee -a domains/domain.ext/logs/sub.domain.ext_error.log" CustomLog "| /usr/bin/sudo -u nobody -g domain.ext tee -a domains/domain.ext/logs/sub.domain.ext_access.log" combined Now, i've read a lot about not letting the logs out of a very restricted directory, but the developers often need to give a quick look to a particular subdomain error log, and i don't really want to give them admin rights to look into /var/logs. Having them available into the ftp account is REALLY handy during development stages. Do you think this setup is viable and safe enough? To me it is apparently looking good, but i'm concerned about 3 security issues: -is the sudo pipe enough to deal with symlink exploits? Any catches i'm missing? -log dos: logs are in the same partition of all domains. got hundreds of gigs, but still, if one get disk-space dos'd, everything will break. Any workaround? Will a short timed logrotate suffice? -file descriptors limits: AFAIK the default limit for Apache on Ubuntu Server is currently 8192, which should be plenty enough to handle 2 log files per subdomain. Is it? Am i missing something? I hope to read some thoughts on the matter!

    Read the article

  • Configuration Help for Sendmail Required

    - by Vinayak Mahadevan
    Hi I need some help with respect to sendmail configuration. The basic problem is that I have some employees working from other places and they need access to their mail. So what I have done right now is whatever mails which are meant for them which are generated from within the company and collected by my internal mail server is bounced to an external mail server from where the employees access it. This is done through a email id on a different domain. This was working fine till I restricted the external mailing access for certain users using rulesets in sendmail.cf. Once I had put that in place only people who had external mailing rights could send mails to people outside the office. What I would like to know is that is there anyway where I can expose sendmail on two different ips and thereby configure everybody's email id to point to the same internal mail server using 2 different ips. one ip when inside the company and one ip outside the company. Is it possible that I have one static ip configured for both internal access and external access or is there any otherway it can be done with sendmail. Can anybody help me Sorry for the long post Regards Vinayak

    Read the article

  • Changing default openVPN IP in linux server

    - by Lamboo
    The problem is that we have a public OpenVPN service. Pay €9.95 and you get an OpenVPN account at currently half a dozen of servers for a month. This means there are always and will always be some people who create a certain amount of abuse or trouble. On the long run, the external IP every OpenVPN user gets assigned is prohibited from editing Wikipedia, it might be banned by e-gold and on some popular webforums, one-click-hosters, etc. Not a pleasant experience for the 97% of our customers who use our service responsibly and legitimately to regain their privacy. So even if I could change the assigned external IP every few months; e. g. from 216.xx.xx.164 to 216.xx.xx.170, it would help us a lot to combat this abuse and to provide our paying clients with "fresh" IP addresses that aren't banned or restricted on some popular Internet sites and services, yet. Does anybody know how to change the first IP address assigned to the public interface in CentOS? So that e.g. OpenVPN in future doesn't give our OpenVPN clients the external IP 123.xx.xx.164 but rather 123.xx.xx.170?

    Read the article

  • SFTP ChRoot result in broken pipe

    - by Patrick Pruneau
    I have a website that I want to add some restricted access to a sub-folder. For this, I've decided to use CHROOT with SFTP (I mostly followed this link : http://shapeshed.com/chroot_sftp_users_on_ubuntu_intrepid/) For now, I've created a user (sio2104) and a group (magento).After following the guide, my folder list look like this : -rw-r--r-- 1 root root 27 2012-02-01 14:23 index.html -rw-r--r-- 1 root root 21 2012-02-01 14:24 info.php drwx------ 15 root root 4096 2012-02-25 00:31 magento As you can see, i've chown root:root the folder magento I wanted to jail-in the user and ...everything else by the way. Also in the magento folder, I chown sio2104:magento everything so they can access what they want. Finally, I've added this to sshd_config file : #Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp Match Group magento ChrootDirectory /usr/share/nginx/www/magento ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no PasswordAuthentication yes #UsePAM yes And the result is...well, I can enter my login, password and it's all finished with a "broken pipe" error. $ sftp [email protected] [....some debug....] [email protected]'s password: debug1: Authentication succeeded (password). Authenticated to 10.20.0.50 ([10.20.0.50]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. Write failed: Broken pipe Connection closed Verbose mode gives nothing to help. Anyone have an idea of what I've done wrong? If I try to login with ssh or sftp with my personnal user, everything works fine.

    Read the article

  • Linux And NTFS Permissions

    - by VGE IT
    Trying to restrict a folder within a directory created in linux filesystem. I have changed the permissions to: root rwx, a special active directory group rwx and all others r. Upon doing so, people that are not in the special AD group can access the directory and modify files. Upon doing so the group changes to "Domain Users" when the user modifies documents within the directory. I have to manualy change the documents default group back to my AD group. I have tried to create another AD group and modify permissons to deny write access. When doing so through windows explorer, the settings seem to take affect until I go back in a look at permissions for the restricted group. No permissions show when I view for the second time. Please assist. Samba share properties [MyShare] comment = "blah blah blah" browseable = yes guest ok = no read only = no path = /xxx/xxxxx/ create mask = 0640 directory mask = 0750 admin users = @"domain\Domain Admins", @"domain\group A", @"domain\group B" valid users = @"domain\Domain Admins", @"domain\group A", @"domain\group B" nt acl support = Yes inherit acls = yes inherit owner = yes inherit permissions = yes

    Read the article

  • installing Conkeror on Ubuntu 12.04

    - by Menelaos Perdikeas
    I am reading the instructions on conkeror site (and elsewhere) on how to install conkeror on Ubuntu (I am using Ubuntu 12_04 LTS) and it seems that the correct sequence is: sudo apt-add-repository ppa:xtaran/conkeror sudo apt-get update sudo apt-get install conkeror conkeror-spawn-process-helper The first step (apt-add-repository) seems to execute without a problem, giving the following output: You are about to add the following PPA to your system: Conkeror Debian packages for Ubuntu releases without xulrunner (i.e. for 11.04 Natty and later) More info: https://launchpad.net/~xtaran/+archive/conkeror Press [ENTER] to continue or ctrl-c to cancel adding it Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret- keyring /tmp/tmp.Re7pWaDEQF --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver hkp://keyserver.ubuntu.com:80/ --recv CB29CBE050EB1F371BAB6FE83BE0F86A6D689050 gpg: requesting key 6D689050 from hkp server keyserver.ubuntu.com gpg: key 6D689050: "Launchpad PPA for Axel Beckert" not changed gpg: Total number processed: 1 gpg: unchanged: 1 However, the apt-get update seems unable to fetch packages from the newly added PPA, with its output ending in: Hit http://security.ubuntu.com precise-security/restricted Translation-en Hit http://security.ubuntu.com precise-security/universe Translation-en Err http://ppa.launchpad.net precise/main Sources 404 Not Found Ign http://extras.ubuntu.com precise/main Translation-en_US Err http://ppa.launchpad.net precise/main i386 Packages 404 Not Found Ign http://extras.ubuntu.com precise/main Translation-en Ign http://ppa.launchpad.net precise/main Translation-en_US Ign http://ppa.launchpad.net precise/main Translation-en W: Failed to fetch http://ppa.launchpad.net/xtaran/conkeror/ubuntu/dists/precise /main/source/Sources 404 Not Found W: Failed to fetch http://ppa.launchpad.net/xtaran/conkeror/ubuntu/dists/precise/main/binary-i386/Packages 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead. Accordingly, apt-get-install conkeror fails with: mperdikeas@mperdikeas:~$ sudo apt-get install conkeror Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package conkeror Any ideas what might be wrong ?

    Read the article

  • Problems with "Read Only" on a Samba share from Windows machines

    - by fistameeny
    Hi, We have a Ubuntu 10.04 Server that has a bunch of Samba shares on it that Windows workstations connect to. Each Windows workstation has a valid username/password to access the shares, which have restricted access governed by Samba. The problem we are experiencing is that Samba doesn't seem to be able to mimic the Windows way of handling "Read Only" attributes. Say I have two users, UserA and UserB, both a group called Staff - UserA creates a file that is readable/writeable by the group (ie. chmod rwxrwx---). If UserA then sets the "Read Only" flag, this changes the permissions to r-xr-x--- (i.e. no write for anyone). As UserB is in the same group as UserA, they should be able to remove the "Read Only" permission - however, they can't as Samba won't allow it. Is there a way to force Samba to allow users within the same group to remove the "Read Only" from a file not created by them? Edit: The Samba smb.conf is as follows: The share is defined in the smb.conf as: [global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . obey pam restrictions = yes map to guest = bad user encrypt passwords = true passwd program = /usr/bin/passwd %u passdb backend = tdbsam dns proxy = no netbios name = ubsrv server string = ubsrv unix password sync = yes os level = 20 syslog = 0 usershare allow guests = yes panic action = /usr/share/samba/panic-action %d max log size = 1000 pam password change = yes workgroup = workgroup [Projects] valid users = @Staff writeable = yes user = @Staff create mode = 0777 path = /srv/samba/Projects directory mode = 0777 store dos attributes = Yes The folder itself looks like this: ls -l /srv/samba/ drwxrwxrwx 2 nobody Staff 4096 2010-11-04 10:09 Projects Thanks in advance, Matt

    Read the article

  • Issues with VPN functionality

    - by Xorandor
    I've been working on setting up VPN connectivity to our office location. We bought a Cisco WRV210 which have a builtin VPN server. Cisco has some software QuickVPN, which is not as quick and easy as I had thought. I've had mixed experiences on different machines with connecting. Instead I configured an IPSec VPN tunnel following a guide from TheGreenBow here http://www.thegreenbow.com/doc/tgbvpn_cg_linksys_wrv200_en.pdf I followed their instructions and tried out an evaluation of their software, and VPN connection should be working ok. I'm able to do RDP to a machine on the network (using IP address, not machine name) and ping the router etc. What I'm trying to solve are two things: It's not like I'm "really" on the network. Or at least I'm restricted to some degree when going through the VPN. I can't access a machine on the network using machine name, only IP. I can't ping a machine, but the router just fine. Could this be that something is not set up properly? If so, I can ofcourse supply additional information. Second, when I log onto the VPN, I would really like my outgoing connection to go through the internet connection of the remote location. Basically if I connect to the VPN I want my outgoing IP to be that of the remote location's (needed for some IP resctrictions on some of our servers). At a previous work location it worked like this when we connected to our office VPN over PPTP and the builtin windows VPN client. I'm not a huge expert on the topic, so any hints will be appreciated.

    Read the article

  • Terminal Server 2008 Login: Access Denied

    - by user1236435
    When I try to RDP into a Server 2008 Terminal Server, I get a message that says "Access Denied" and an OK button. I setup the licensing mode correctly (per user) and also have setup to allow all remote connections. I get the following in the security event log: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 28/06/2012 12:01:16 Event ID: 4656 Task Category: File System Level: Information Keywords: Audit Failure User: N/A Computer: 0BraApps1.brenntagLA.hou Description: A handle to an object was requested. Subject: Security ID: BRENNTAGLA\jaadmin Account Name: jaadmin Account Domain: BRENNTAGLA Logon ID: 0xbbe3f Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\ServerManager.msc Handle ID: 0x0 Process Information: Process ID: 0x60c Process Name: C:\Windows\System32\mmc.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by D:(A;;0x1200a9;;;BA) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;BA) WriteData (or AddFile): Not granted AppendData (or AddSubdirectory or CreatePipeInstance): Not granted WriteEA: Not granted ReadAttributes: Granted by ACE on parent folder D:(A;;0x1301bf;;;BA) WriteAttributes: Not granted Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 Event Xml: 4656 1 0 12800 0 0x8010000000000000 1535565 Security 0BraApps1.brenntagLA.hou S-1-5-21-205301047-3902605089-2438454170-21511219 jaadmin BRENNTAGLA 0xbbe3f Security File C:\Windows\System32\ServerManager.msc 0x0 {00000000-0000-0000-0000-000000000000} %%1538 %%1541 %%4417 %%4418 %%4420 %%4423 %%4424 %%1538: %%1801 D:(A;;0x1200a9;;;BA) %%1541: %%1801 D:(A;;0x1200a9;;;BA) %%4417: %%1805 %%4418: %%1805 %%4420: %%1805 %%4423: %%1811 D:(A;;0x1301bf;;;BA) %%4424: %%1805 0x120196 - 0 0x60c C:\Windows\System32\mmc.exe Any ideas?

    Read the article

  • Problems with "Read Only" on a Samba share from Windows machines

    - by fistameeny
    We have a Ubuntu 10.04 Server that has a bunch of Samba shares on it that Windows workstations connect to. Each Windows workstation has a valid username/password to access the shares, which have restricted access governed by Samba. The problem we are experiencing is that Samba doesn't seem to be able to mimic the Windows way of handling "Read Only" attributes. Say I have two users, UserA and UserB, both a group called Staff - UserA creates a file that is readable/writeable by the group (ie. chmod rwxrwx---). If UserA then sets the "Read Only" flag, this changes the permissions to r-xr-x--- (i.e. no write for anyone). As UserB is in the same group as UserA, they should be able to remove the "Read Only" permission - however, they can't as Samba won't allow it. Is there a way to force Samba to allow users within the same group to remove the "Read Only" from a file not created by them? Edit: The Samba smb.conf is as follows: The share is defined in the smb.conf as: [global] log file = /var/log/samba/log.%m passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . obey pam restrictions = yes map to guest = bad user encrypt passwords = true passwd program = /usr/bin/passwd %u passdb backend = tdbsam dns proxy = no netbios name = ubsrv server string = ubsrv unix password sync = yes os level = 20 syslog = 0 usershare allow guests = yes panic action = /usr/share/samba/panic-action %d max log size = 1000 pam password change = yes workgroup = workgroup [Projects] valid users = @Staff writeable = yes user = @Staff create mode = 0777 path = /srv/samba/Projects directory mode = 0777 store dos attributes = Yes The folder itself looks like this: ls -l /srv/samba/ drwxrwxrwx 2 nobody Staff 4096 2010-11-04 10:09 Projects Thanks in advance, Matt

    Read the article

  • Good visuals supporting adopting Macintosh in a Windows company

    - by jdmuys
    I work in a Windows only software service company, which just put up an internal contest for innovative ideas for the company. The idea I submitted is to let employees use a Mac instead of the mandatory PC if they wished to. My idea has been selected (among a few others) to reach the next stage of the contest. One of the items requested for the next stage is ONE visual that best illustrates the idea. While my pitch is rather good (I think), I have a hard time coming up with ONE visual that would be suggestive enough and not too fanboy-ish, or too restricted. That's why I am requesting suggestions. For reference, some of the points I intend to develop are (not in order): de facto safety (little or no malware) Apple as a company reached its leading position through innovation (bio)diversity is a source of value for a service company, that expands its reach. it makes financial sense the Mac is the most compatible machine, making it a lot easier to test our software (especially web sites). Some OS X technologies can be valuable to a software service company (eg Applescript) Some Apple tools can help us improve (eg Keynote) It's good citizenship for our company as Apple is now best in class according to Greenpeace. I realize this question may be out of topic here. I'd be happy to have suggestions on where to post this question. Please do not argue why OS X might be better or worse than Windows. My question is very narrow. Thanks.

    Read the article

  • Restricting Access to Application(s) on Point of Sale system

    - by BSchlinker
    I have a customer with two point of sale systems, a few workstations and a Windows 2003 SBS Server. The point of sale systems are typically running QuickBooks Point of Sale and are logged in with a user who has restricted permissions / access (via Group Policy). Occasionally, one of the managers needs to be able to run a few additional applications -- including some accounting software. I have created an additional user for this manager, allowing them to login and access the accounting software. The problem is, it can be problematic to switch users on the system, as QuickBooks takes a few minutes to close (on POSUser) and then reopen (on ManagerUser). If customers are waiting, this slows things down drastically. Since the accounting software is stored on a network drive, it would be easiest if the manager could simply double click something, authenticate against the network drive / domain controller and then the program would launch. When they close the program, the session to the network drive would be lost and the program would no longer be accessible. Is there any easy way to do this? Both users are on a domain and the system is Windows 7. I just don't want to require the user to switch back and forth. In a worst case scenario, they forget to switch back and leave the accounting software wide open.

    Read the article

  • EngineX ignores Auth Basic?

    - by Miko
    I have configured nginx to password protect a directory using auth_basic. The password prompt comes up and the login works fine. However... if I refuse to type in my credentials, and instead hit escape multiple times in a row, the page will eventually load w/o CSS and images. In other words, continuously telling the login prompt to go away will at some point allow the page to load anyway. Is this an issue with nginx, or my configuration? Here is my virtual host: 31 server { 32 server_name sub.domain.com; 33 root /www/sub.domain.com/; 34 35 location / { 36 index index.php index.html; 37 root /www/sub.domain.com; 38 auth_basic "Restricted"; 39 auth_basic_user_file /www/auth/sub.domain.com; 40 error_page 404 = /www/404.php; 41 } 42 43 location ~ \.php$ { 44 include /usr/local/nginx/conf/fastcgi_params; 45 } 46 } My server runs CentOS + nginx + php-fpm + xcache + mysql

    Read the article

  • What is the ideal way to set up multiple FTP enabled web accounts on Fedora?

    - by Nicholas Flynt
    I'm setting up a test server for use as a web development platform, and I'd like to mimic as closely as I can a typical shared hosting setup. That is, I'd like my server to have multple user FTP accounts, each of which links to a directory containing the webroot of the site, and I'd like apache to be able to easily see and manupulate these files. I'll admit: I'm not as familiar with Fedora as I'd like, I run Ubuntu on my home box and SElinux is giving me some grief. My initial plan was to have each user FTP into their home directory, and put the web directory there as well, but SElinux throws a hissy fit when apache tries to access anything outside of its web directory, so that plan was a no go. Would it be wise to continue this route, and perhaps mount web directories in user home folders so that FTP could still be used to access them, even though apache saw them in var/www like it expects? Would it make more sense to set up custom FTP accounts and use a single FTP user on the server box? What's the general course of action on something like this? I'm using vsftpd right now to host web directories, which is why I'm liking the home directory approach (it's simple and secure) but of course there's bound to be a better way to go about it. Thanks. (I'll leave other things, like restricted DB access and such, to another post. I'm interested right now with just getting FTP and apache to play nice in a multi-user environment.) PS: For the record, an issue I ran into when doing all of this was that if apache isn't running as the same user as the FTP account is saving as, there are permissions errors when FTP creates files, requiring the remote user to chmod the files to fix it. A logical fix would be to run apache in a special group, put all web users in this group, and have FTP access default to giving this group read/write access to everything like apache would expect, but I never could figure out how to accomplish this. Bonus points and cake if you know a solution.

    Read the article

  • Has anyone had luck running 802.1x over ethernet using the stock Windows or other free supplicant?

    - by maxxpower
    I just wanted to see if anyone else has had luck implementing 802.1x over ethernet. So here's my basic setup. Switch sends out 3 eapol messages spaced out 5 seconds apart. if there's no response the machine gets put on a guest vlan with restricted access. If the machine is properly configured it will authenticate and be placed into a secure vlan. About 10% of my windows xp users are getting self assigned 169 addresses. I've used the Odyssey Access Client and it worked without a hitch. I'm using the setting to automatically use the users windows login to authenticate, but it's workign on 90% of the machines so I don't think that's the issue. Checking the logs on the dc it seems that the machines are trying to authenticate with computer credentials even though they are configured not to. I'm running Juniper switches with IAS for radius. I have radius configured for PEAP and MSvhapv2. Macs and linux boxes seem to have no issues authenticating. One last thing to add If I unplugging the ethernet cable and plug it back in usually resolves the issue, but I'd hardly call that acceptable for production. Kinda long winded and specific for a discussion, but just want to see if anyone else has had similar issues or experiences, or if anyone knows of a free XP supplicant that actually works with 802.1x over ethernet.

    Read the article

  • SharePoint web services not protected?

    - by Philipp Schmid
    Using WSS 3.0, we have noticed that while users can be restricted to access only certain sub-sites of a site collection through permission settings, the same doesn't seem to be true for web services, such as /_vti_bin/Lists.asmx! Here's our experimental setup: http://formal/test : 'test' site collection - site1 : first site in test site collection, user1 is member - site2 : second site in test site collection, user2 is member With this setup, using a web browser user2 can: - access http://formal/test/site2/Default.aspx - cannot access http://formal/test/site1/Default.aspx That's what is expected. To our surprise however, using the code below, user2 can retrieve the names of the lists in site1, something he should not have access to! Is that by (unfortunate) design, or is there a configuration setting we've missed that would prevent user2 from retrieving the names of lists in site1? Is this going to be different in SharePoint 2010? Here's the web service code used in the experiment: class Program { static readonly string _url ="http://formal/sites/research/site2/_vti_bin/Lists.asmx"; static readonly string _user = "user2"; static readonly string _password = "password"; static readonly string _domain = "DOMAIN"; static void Main(string[] args) { try { ListsSoapClient service = GetServiceClient(_url, _user, _password, _domain); var result = service.GetListCollection(); Console.WriteLine(result.Value); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } } private static ListsSoapClient GetServiceClient(string url, string userName, string password, string domain) { BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportCredentialOnly); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm; ListsSoapClient service = new ListsSoapClient(binding, new System.ServiceModel.EndpointAddress(url)); service.ClientCredentials.UserName.Password = password; service.ClientCredentials.UserName.UserName = (!string.IsNullOrEmpty(domain)) ? domain + "\\" + userName : userName; return service; } }

    Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >