Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 696/886 | < Previous Page | 692 693 694 695 696 697 698 699 700 701 702 703  | Next Page >

  • Confusion about Kerberos, delegation and SPNs.

    - by Vilx-
    I already posted this question on SO, but the nature of it is between programming and server configuration, so I'll re-post it here as well. I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating fine), but the resulting security context doesn't have the ISC_REQ_DELEGATE flag set. So I'm thinking that maybe one of the endpoints (client or server) is forbidden to delegate. However I'm not authenticating against an SPN. Just one domain user against another domain user. As the SPN for InitializeSecurityContext() I'm passing "[email protected]" (which is the user account under which the server application is running). As I understand, domain users have delegation enabled by default. Anyway, I asked the admin to check, and the "account is sensitive and cannot be delegated" checkbox is off. I know that if my server was running as a NETWORK SERVICE and I used an SPN to connect to it, then I'd need the computer account in AD to have the "Trust computer for delegation" checkbox checked (off by default), but... this is not the case, right? Or is it? Also - when the checkbox in the computer account is set, do the changes take place immediately, or must I reboot the server PC or wait for a while?

    Read the article

  • How to troubleshoot web server lock-up (Debian Squeeze)

    - by Ryan
    Every once in a while, my web server slows so significantly, it seems locked up. Can't SSH in, no sites being served. It's a VPS that started out as Debian 5 which I upgraded to testing (squeeze). It's a typical LAMP set-up with the sole purpose of running a couple of wordpress sites. One time when it locked up, I got to one of the sites, but it was wordpress complaining it couldn't establish a database connection. So it seemed as if something was really chewing up the CPU and mysqld either timed out, or possibly failed and couldn't restart. But since I couldn't SSH in I feel more inclined to attribute it to CPU. But the only processes running now, aside from OS and kernel stuff: apache mysqld python (for fail2ban) sshd exim4 It has 512M of RAM and 1.5 GB of swap. Every time I check on it, it has plenty of free memory and is using virtually no swap (usually 2-3M). And since I am running fail2ban I don't think I'm getting ddosed. I did find this in my logwatch email this morning (it locked up late last night, when there would have been very little traffic): 6 Time(s): [<ffffffff810a0ebc>] ? oom_kill_process+0x7e/0x23d 6 Time(s): [<ffffffff810a1505>] ? __out_of_memory+0x12a/0x141 6 Time(s): [<ffffffff810a1586>] ? out_of_memory+0x6a/0x94 I didn't find anything else suspicious. It can't be my provider's host because I can SSH in and restart the VM, and everything seems fine. Anybody know which logs I should start poring through to find the core of my problem? Thanks guys.

    Read the article

  • TS (RD) Gateway Authentication Problem "The logon attempt failed"

    - by user2059
    I've been using TS Gateway to permit remote access for our staff for a few months now, and all has been well. Users either connect to a traditional terminal server desktop or hit our website and start an TS RemoteApp application- in both cases the connection is routed through a TS Gateway. However I came into work this morning to find that has stopped authenticating users through TS Gateway, each time returning "The logon attempt failed" as seen in the image even though the credentials are correct. It should be noted that everything works fine if the Gateway is taken out of the equation, it's the TS Gateway component that is causing these problems. Users experience this problem whether they connect through XP SP3, Vista or 7. On the server a total of 4 entries appear in the Windows security log at exactly the same time for each failed logon attempt: two 4624 "An account was successfully logged on" messages for the user, immediately followed by two 4634 "An account was logged off"s. This suggests that the server is accepting the credentials as correct, then booting the user off. Nothing at all is recorded in the NPS and Terminal Server logs. A reboot doesn't change things. Neither does completely removing and reinstalling the NPS and Terminal Server roles. I'm baffled as to how this can happen suddenly without warning. Any suggestions would be greatly appreciated.

    Read the article

  • Web based KVM management for Ubuntu

    - by Tim
    Hey all, We've got a single Ubuntu 9.10 root server on which we want to run multiple KVM virtual machines. To administer these virtual machines I'd like a web based KVM management tool, but I don't know which one to choose from the list of tools mentioned on linux-kvm.org. I've used virsh & virt-manager on my desktop, but would like a web interface for the server. I tested ConVirt on my desktop, but it failed to pickup KVM machines from virsh / virt-manager, and I could not get KVM virtual machine import to work (only Xen). oVirt looks good, but I can't find out if and how I can install it on Ubuntu 9.10.. (And I'd really rather not waste another few days on testing stuff that might not work in the end.) Can anyone recommend any good web based KVM management tools that are easy to install on Ubuntu 9.10? I'm looking for something that will also allow me to run other services like apache and postgresql besides hosting virtual machines, so preferably fairly lightweight & no dedicated OS installs. We don't need any professional clustering / migration or anything, just something that will let us create, start, inspect, administer & stop virtual machines from a web page. Best regards, Tim

    Read the article

  • Set JENKINS_HOME in Tomcat7?

    - by C. Ross
    I'm trying to set up Jenkins in Tomcat7 on Ubuntu. I installed Tomcat7 and deployed jenkins.war, and I now see the Jenkins home page at http://myhost:8080/jenkins, but it's attempting to create the Jenkins directory at /usr/share/tomcat7/.jenkins, which it can't for security reasons. I've already created /srv/jenkins and given the tomcat7 group permissions, and want to set JENKINS_HOME to that path. I've tried adding it to the tomcat configuration in /etc/tomcat7/server.xml: <GlobalNamingResources> <Environment name="JENKINS_HOME" value="/srv/jenkins" type="java.lang.String" override="false"/> <!-- Default settings --> And I've also tried adding it to the automatically created context file in ROOT/META-INF/context.xml (there is no $CATALINA_HOME/conf as far as I can tell). <Context path="/" antiResourceLocking="false" > <Environment name="JENKINS_HOME" value="/srv/jenkins/" type="java.lang.String"/> </Context> But even after restarting tomcat7 I still get the same result (trying to use /usr/share/tomcat7/.jenkins). Where do I need to set the environment variable for JENKINS_HOME in Tomcat7?

    Read the article

  • Authentication on Exchange using EWS managed API

    - by Jacob Proffitt
    I'm having a weird issue with the Exchange Web Services. The operation I'm attempting is pretty simple—pull a user's calendar items for the current week on our internal website. When testing locally, the ews managed API pulls the calendar information just fine. When deployed to the web server (using integrated windows authentication), it chokes. My trace is telling me that access is denied in the Exchange call. Initially, I thought this was a double-hop NTLM permissions issue, but it turns out that the service actually works for some internal users, but not for most. The only thing I can find that the functioning users have in common is that they are blackberry users and I surmise that their exchange permissions are setup differently. Or are their active directory accounts setup differently? I don't know and it's driving me crazy. I surmise that the blackberry app runs some scripts when a user is added to the application, but I'm completely unfamiliar with what may be going on behind the scenes there. So. Is there a way to duplicate the permissions those users enjoy (either AD or Exchange permissions)? And/or how exactly does one fix the double-hop credentials situation?

    Read the article

  • Ipsec config problem // openswan

    - by user90696
    I try to configure Ipsec on server with openswan as client. But receive error - possible, it's auth error. What I wrote wrong in config ? Thank you for answers. #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "f-net" #1: received Vendor ID payload [Cisco-Unity] 003 "f-net" #1: received Vendor ID payload [Dead Peer Detection] 003 "f-net" #1: ignoring unknown Vendor ID payload [ca917959574c7d5aed4222a9df367018] 003 "f-net" #1: received Vendor ID payload [XAUTH] 108 "f-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 010 "f-net" #1: STATE_MAIN_I3: retransmission; will wait 20s for response 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 010 "f-net" #1: STATE_MAIN_I3: retransmission; will wait 40s for response 031 "f-net" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message 000 "f-net" #1: starting keying attempt 2 of at most 3, but releasing whack other side - Cisco ASA. parameters for my connection on our Linux server : VPN Gateway 8.*.*.* (Cisco ) Phase 1 Exchange Type Main Mode Identification Type IP Address Local ID 4.*.*.* (our Linux server IP) Remote ID 8.*.*.* (VPN server IP) Authentication PSK Pre Shared Key Diffie-Hellman Key Group DH 5 (1536 bit) or DH 2 (1024 bit) Encryption Algorithm AES 256 HMAC Function SHA-1 Lifetime 86.400 seconds / no volume limit Phase 2 Security Protocol ESP Connection Mode Tunnel Encryption Algorithm AES 256 HMAC Function SHA-1 Lifetime 3600 seconds / 4.608.000 kilobytes DPD / IKE Keepalive 15 seconds PFS off Remote Network 192.168.100.0/24 Local Network 1 10.0.0.0/16 ............... Local Network 5 current openswan config : # config setup klipsdebug=all plutodebug="control parsing" protostack=netkey nat_traversal=no virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off nhelpers=0 conn f-net type=tunnel keyexchange=ike authby=secret auth=esp esp=aes256-sha1 keyingtries=3 pfs=no aggrmode=no keylife=3600s ike=aes256-sha1-modp1024 # left=4.*.*.* leftsubnet=10.0.0.0/16 leftid=4.*.*.* leftnexthop=%defaultroute right=8.*.*.* rightsubnet=192.168.100.0/24 rightid=8.*.*.* rightnexthop=%defaultroute auto=add

    Read the article

  • Ubuntu Server running VNC

    - by xwapilot
    I have access to four computers: 1 Ubuntu Server desktop (Version 10.04) 1 Mac Mini (Snow Leopard) 1 Windows desktop (Windows 7) 1 Windows laptop (Windows Vista) The first three will always be on the home network. My goal is to SSH from the laptop into the server and be able, through VNC (or another remote desktop software), to control the windows and mac computers. The goal of this would be a slightly heightened network security over using VNC to directly access the mac or windows desktop. I have successfully used SSH to connect to the server, but have not been able to successfully implement the remote desktop connection. I would appreciate help doing so. Here's what I've done so far: As per instructions here: http://www.stuartellis.eu/articles/vnc-on-linux/ I installed the following: vnc4server – the main VNC server software vnc-java – enables access from Web browsers with Java support xvnc4viewer – a basic VNC viewer I then set up a password using the vncpasswd command. To attempt to connect to the mac, I followed directions I found in a thread at superuser. com and went to "System PreferencesSharing" and enabled "Screen Sharing". Subsequently, I tried entering the following commands into Ubuntu: vncviewer mac_ip_address::5904 vncviewer mac_ip_address:0 vncviewer mac_ip_address:1 They all returned the following: VNC Viewer Free Edition 4.1.1 for X - built Apr 9 2010 18:41:55 Copyright (C) 2002-2005 RealVNC Ltd. See http ://www .realvnc. com for information on VNC. vncviewer: unable to open display "" I'm sure I'm missing something important, but I'm not sure what it is. Do I need to have a GUI installed, or did that come with the vnc packages I installed?

    Read the article

  • Moving from WDS to MDT + WDS - Prestaged Computer Name

    - by MSCF
    We previously used just WDS to deploy our images. WDS was setup to request approval for new machines. We used the "Name and Approve" option to name the machines as we added them. If it was pre-existing, it would just use the existing computer name from AD. Then in our unattend.xml file we had Computername=%MACHINENAME%. This picked up the name we gave it during approval and set the computer name accordingly. We are now implementing MDT to manage our images and drivers. But upon testing, we noticed it would assign random computer names. I went into the Unattend.xml for the deploy task sequence and added that value under Specialize amd64_Microsoft-Windows-Shell-Setup_neutral Computername=%MACHINENAME%. But when we try applying the image, it errors out at that point of the install. How can an MDT deployment be configured to leverage the pre-staged name? Some additional info: Error message during the imaging process: Windows could not parse or process the unattend answer file for pass [specialize]. The settings specified in the answer file cannot be applied. The error was detected while processing settings for component [Microsoft-Windows-Shell-Setup].? setuperr.log: 2014-07-22 14:02:13, Error [setup.exe] [Action Queue] : Unattend action failed with exit code 4 2014-07-22 14:02:13, Error [setup.exe] Execution of unattend GCs failed; hr = 0x0; pResults-hrResult = 0x8030000b

    Read the article

  • SATA drives or chipset throwing DRDY ERR and ICRC ABRT

    - by Matt
    I have an SD-VIA-1A2S PCI card with 2 sata ports (and one ATA-133 that isn't used). Two new Western Digital Caviar Green drives (WD10EARS 1TB) throw repeated errors in kern.log (removed date/time/host info for brevity): [ 7.376475] ata2.00: exception Emask 0x12 SAct 0x0 SErr 0x1000500 action 0x6 [ 7.376480] ata2.00: BMDMA stat 0x5 [ 7.376483] ata2: SError: { UnrecovData Proto TrStaTrns } [ 7.376489] ata2.00: cmd c8/00:40:20:00:00/00:00:00:00:00/e0 tag 0 dma 32768 in [ 7.376490] res 51/84:2f:20:00:00/00:00:00:00:00/e0 Emask 0x12 (ATA bus error) [ 7.376493] ata2.00: status: { DRDY ERR } [ 7.376495] ata2.00: error: { ICRC ABRT } [ 7.376504] ata2: hard resetting link I'm using Ubuntu 9.04 - 2.6.28-18-generic, though I have tried live cds of Ubuntu 9.10, Fedora 12 and OpenSUSE 11.2 - all running various 2.6.31 kernels - and all received the same error. Based on testing these drives and this card in two other machines and combos of connecting the drives directly to the motherboard or the add-in card, I'm relatively convinced that it's the VIA chipset that is the problem. Another computer that also has an onboard VIA SATA chipset (like the add-in card) produces the same errors when the drives are directly on that motherboard. I have been able to verify that the drives are perfectly good, and I tried everything I can think of in terms of swapping cables, psu isn't overloaded, etc. The error happens on boot once or twice, after using fdisk on the drive once or twice, and constantly when attempting to sync a new mdadm raid 1 array created on the two drives. Any thoughts on where to go from here - driver/kernel wise? I'm completely open to buying a new PCI add-in card if someone can recommend one with 2 internal sata ports that works well in Debian/Ubuntu. Thanks!

    Read the article

  • Antivirus Configuration for dedicated SQL and dedicated IIS Servers

    - by Wayne Arthurton
    Our corporate standard is McAfee Enterprise, unfortunately this is non-negotiable. On two types of servers I'm responsible for, SQL & Web, we have noticed major performance issues with the corporate standard setup. Max scan time 45sec One policy for all processes Scan ALL files on write, read and open for backup Heuristics: Find unknown programs, trojans and macros Detect unwanted programs Exclude: EVT, LDF, LOG, MDF, VMD, , windows file protection) This of course still causes major slowdowns. IIS .NET recompiles are slow especially with SharePoint, SQL backups and restores, SQL Analysis Services, Integration Services and temp data from them as well. I have looked from time to time, for some best practices on setting up McAfee of SQL & SQL Analysis Service, SQL Integration Service, Visual Studio, Sharepoint, and .NET web servers in general. How do people setup McAfee enterprise on their corporate serves keeping security intact, but affecting performance as minimally as possible? Has anyone run across white papers on these setups? Obviously some are case by case, but there must be some best practices out there somewhere.

    Read the article

  • How to get remote firewall administration working with Windows Server Core 2008 R2?

    - by Daniel15
    I'm setting up a Windows Server Core 2008 R2 installation in a VMware virtual machine before setting it up on a live VPS. I've gotten remote administration via MMC working on my computer (a PC running Windows 7) for things like event logs, but I can't seem to get the firewall administration working. No matter what I do, I get the following error mesage: You do not have the correct permissions to open the Windows Firewall with Advanced Security console. You must be a member of the Administrators group or the Network Operators group to perform this task. For more information, contact you system administrator. Error code: 0x5. I've used cmdkey to add valid server credentials on my computer, and enabled remote management with the following commands: netsh advfirewall firewall set rule group="remote administration" new enable=yes netsh advfirewall firewall set rule group="windows firewall remote management" new enable=yes netsh advfirewall set currentprofile settings remotemanagement enable I am not running on a domain (just a workgroup), this is the only Windows Server 2008 computer I have. I've tried turning off the firewall completely, but remote administration is still failing How do I debug this issue? Does anyone know how to fix it? I found a few forum topics about it (eg. Remotely managing Windows Firewall on Server Core gives access denied (error 0x5) on Windows Server TechCenter) but they didn't help (I've already tried most of the fixes listed).

    Read the article

  • APC + FPM memory fragmentation without a reason

    - by palmic
    My setup @ debian 6-testing is: nginx 1.1.8 + php 5.3.8 + php-fpm + APC 3.1.9 Because i use automatic deployment with apc_clear_cache() after deploy, my target is to set up APC to cache all my project (up to 612 php files smaller than 1MB) without files changes checking. My confs: FPM: pm.max_children = 25 pm.start_servers = 4 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 APC: pc.enabled="1" apc.shm_segments = 1 apc.shm_size="64M" apc.num_files_hint = 640 apc.user_entries_hint = 0 apc.ttl="7200" apc.user_ttl="7200" apc.gc_ttl="600" apc.cache_by_default="1" apc.filters = "apc\.php$,apc_clear.php$" apc.canonicalize="0" apc.slam_defense="1" apc.localcache="1" apc.localcache.size="512M" apc.mmap_file_mask="/tmp/apc-php5.XXXXXX" apc.enable_cli="0" apc.max_file_size = 2M apc.write_lock="1" apc.localcache = 1 apc.localcache.size = 512 apc.report_autofilter="0" apc.include_once_override="0" apc.coredump_unmap="0" apc.stat="0" apc.stat_ctime="0" The problem is i have my APC memory fragmented into 5 pieces at 14,5MB loaded into memory which capacity is 64M. My system memory is 640MB, used about 270MB at most. The http responses lasts about 300ms - 5s. When i switch on apc.stat="1", the responses are about 50ms - 80ms which is quite good, but i cannot understand why is apc.stat="0" so much whorse. The APC diagnostic tool shows "1 Segment(s) with 64.0 MBytes (mmap memory, pthread mutex Locks locking)" in general cache information window so i hope i am right that it's mmap setup which allows tweaking APC shm onto upper values than shows system limit in /proc/sys/kernel/shmmax (my shows 33MB).

    Read the article

  • Can ping IP address and nslookup hostname but cannot ping hostname

    - by Puddingfox
    I have a DNS server set up on one of my machines using BIND 9.7 Everything works fine with it. On my Windows 7 desktop, I have statically-assigned all network values. I have one DNS server set -- my DNS server. On my desktop, I can ping a third machine by IP fine. I can nslookup the hostname of the third machine fine. When I ping the hostname, it says it cannot find the host. / C:\Users\James>nslookup icecream Server: cake.my.domain Address: xxx.xxx.6.3 Name: icecream.my.domain Address: xxx.xxx.6.9 C:\Users\James>ping xxx.xxx.6.9 Pinging xxx.xxx.6.9 with 32 bytes of data: Reply from xxx.xxx.6.9: bytes=32 time<1ms TTL=255 Reply from xxx.xxx.6.9: bytes=32 time<1ms TTL=255 Reply from xxx.xxx.6.9: bytes=32 time<1ms TTL=255 Reply from xxx.xxx.6.9: bytes=32 time<1ms TTL=255 Ping statistics for xxx.xxx.6.9: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\James>ping icecream Ping request could not find host icecream. Please check the name and try again. I have also specified the search domain as my.domain xxx.xxx and my.domain substituted for security Why can I not ping by hostname? I also can not ping using the FQDN. The problem is that this problem is shared by all applications that resolve hostnames. I cannot use PuTTY to SSH to my machines by hostname; only by IP

    Read the article

  • Issue configuring Oracle database for SSL

    - by Santhosha Kaldambe
    Hello, I want to setup Oracle for SSL communication. I am not using SSL authentication for database user. As first requirement, generated self signed certificate using OpenSSL and added certificate to wallet. The wallet location is specified in server configuration. Created listener and it is starting however it does not provide any service. The default listener (non SSL) is working fine. When I execute LSNRCTL.EXE status SSLLISTENER it gives below output. STATUS of the LISTENER Alias SSLLISTENER Version TNSLSNR for 32-bit Windows: Version 11.1.0.6.0 - Production Start Date 14-NOV-2009 01:47:08 Uptime 16 days 22 hr. 14 min. 3 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File C:\app\Administrator\product\11.1.0\db_1\network\admin\listener.ora Listener Log File c:\app\administrator\diag\tnslsnr\\ssllistener\alert\log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=)(PORT =2484))) The listener supports no services The command completed successfully Here is exact content of various files after configuration. 1) File Name: tnsnames.ora ORCL = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT 1521)) ) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl) ) ) 2) File Name: sqlnet.ora SSL_VERSION = 0 NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT) sqlnet.authentication_services= (NONE) tcp.validnode_checking = no tcp.invited_nodes=(PS0803.oraebs.com,PS2948,PS5098) SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\app\Administrator\admin\orcl\Server_Wallet) ) ) 3) File Name: listener.ora SSL_CLIENT_AUTHENTICATION = FALSE WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:\app\Administrator\admin\orcl\Server_Wallet) ) ) LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT 1521)) ) ) SSLLISTENER = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = )(PORT = 2484)) ) Thanks Santhosh

    Read the article

  • What is causing random hard freezes on my system? Kaspersky?

    - by Christian Ivicevic
    The last few weeks I experienced a new strange behavior of my computer. Sometimes Windows 7 just freezes with no real reason at all. While listening to music for example the playback hangs and you can hear a very nasty sound. Neither mouse nor keyboard input is handled and everything is just stuck. Using Ubuntu this does not happen, so I think it is just a matter of driver issues or a Windows 7 bug. Furthermore I am really suspicious about Kaspersky (Internet Security 11) and so I let it perform a complete virus scan while no other app is running. At about 50% it happened again and I needed to restart the computer by holding the power button the bad way... A really weird thing is that playing Skyrim this happened once, however music playback did not stop. Only the framerate dropped to 0 and sometimes for a few seconds I am able to move. Therefore I am really confused as furthermore no bluescreen pops up. Memtest told me that everything seems to be alright... Can anyone explain me which data you need about my hardware and software (and which tools tools to use to gather the informatik) to be able to provide any help on my problem?

    Read the article

  • How do I provide dpkg configuration parameters to aptitude or apt-get?

    - by troutwine
    When installing gitolite I find that: # aptitude install gitolite The following NEW packages will be installed: gitolite 0 packages upgraded, 1 newly installed, 0 to remove and 29 not upgraded. Need to get 114 kB of archives. After unpacking 348 kB will be used. Get:1 http://security.debian.org/ squeeze/updates/main gitolite all 1.5.4-2+squeeze1 [114 kB] Fetched 114 kB in 0s (202 kB/s) Preconfiguring packages ... Selecting previously deselected package gitolite. (Reading database ... 30593 files and directories currently installed.) Unpacking gitolite (from .../gitolite_1.5.4-2+squeeze1_all.deb) ... Setting up gitolite (1.5.4-2+squeeze1) ... No adminkey given - not initializing gitolite in /var/lib/gitolite. The last line is of interest to me. If I run dpkg-reconfigure -plow gitolite I am presented with a dialog and can modify: the system user name for gitolite, the location of the gitolite repositories and provide the admin pubkey. I'd prefer to use the git system user and provide the admin pubkey on installation, say something of the sort: # aptitude install gitolite --user git --admin-pubkey 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAc7kCAi2WkvqpAL1fK1sIw6xjpatJ+Ms2nrwLJPhdovEY3MPZF7mtH+rv1CHFDn66fLGiWevOFp...' That, of course, doesn't work. Can something similar be done? How do I determine the configuration parameters ahead of time? This would be remarkably useful, for instance, when installing gitolite automatically, via puppet or chef.

    Read the article

  • NSclient++ NRPE issues

    - by Kyle
    I have had NSclient++ working with Nagios for a while now. Recently I started testing Nagwin just to see how it would work, out of pure curiosity. I stopped checking a test server with my main Nagios config, set NSclient++ to NRPE mode, and pointed Nagwin at it. It worked great for a few hours then suddenly I started seeing "UNKNOWN: No Handler for that command." I figured it has to be Nagwin's fault since it's so new, I'll just unload NRPElistner.dll and return my server to being monitored by check_NT. However now check_NT doesn't work my main Nagios server returns timeout errors and is unable to connect at all. My Nagwin server can connect to it, the server just doesn't know how to handle the check_NRPE commands even though it did with no changes a few hours earlier. I have been working on this for a day now and am fairly certain it is NSclient++ who is to blame here. My nagwin box has successfully stayed connected to a similar server throughout the night, without any issues. And my main Nagios config is not having any problems at all. I have been able to successfully switch another server between being monitored by nagios and nagwin without any problems by simply loading and unloading the NRPE.dll. I have tried uninstalling NSclient++ and reinstalling with fresh configuration but still receive the errors. As of now the firewall is off on the server, NSclient++ is setup to accept connection from any server, there is no password, I have also turned ssl off, and the NRPE module is loaded. Any Ideas would be appreciated, I am not an advanced Nagios user but I do know my way around it and can easily break it down and set it up again. I also want to add that while in test mode NSclient++ is unable to handle check_NRPE commands there either.

    Read the article

  • AsteriskNow Migration / Shared Extension Space

    - by Aaron C. de Bruyn
    I am testing the possibility of migrating from an old Avaya phone system to AsteriskNow. The migration would cover several hundred phones--but spread out over several years. (Management wants to move buildings to the new phone system one by one as cables get cut or time permits.) Two other directive is that extensions must not change and they want a GUI that other admins (non-Linux geeks) can manage. They currently use 9XXX for all extensions. We linked the Avaya and Asterisk box via PRI card and they both are communicating. From the Avaya side, if we move (for example) extension 9001 to Asterisk, we forward the call over the PRI to the AsteriskNow box and the SIP phone rings. In AsteriskNow we have an outgoing rule '_9XXX' that routes all 4-digit extensions starting with 9 back to Avaya. Here's the trouble. Dialing 9001 (the extension moved over to AsteriskNow) causes the call to be routed out the PRI to the Avaya box, then the Avaya box routes the call back to Asterisk, and Asterisk routes it to the SIP phone. As we get more and more users switched over, it will use up more and more channels over the PRI card. Is there a way I can ask Asterisk to check it's local extensions first--then forward off to the Avaya system if it starts with '_9XXX'? (I know how I can do it when editing the raw config files, I'm just looking for a way to do it in the GUI so other admins can manage it if necessary.) As a last-ditch plan, I know I can specifically add '_9001' as an outgoing call rule and sent it directly to extension 9001--but I'd really hate to do that for several hundred phones

    Read the article

  • Giving Select Windows Domain Users Symbolic Link Privilege

    - by fp0n
    I would like to setup select users on our domain to have the ability to create symbolic links on local NTFS drives and network shares without needing to run as Administrator, as part of an application with will call the CreateSymbolicLink() API directly. The default configuration for our users is to be Administrator of their computer and I think I am fighting UAC to make the privileges work the way that I want because of that. I found this link on MSDN: http://social.msdn.microsoft.com/Forums/en-SG/windowssdk/thread/fa504848-a5ea-4e84-99b7-0eb4e469cbef which describes the interaction between the SeCreateSymbolicLinkPrivilege, UAC and a domain but really does not have a solution. Here's the three options I've come up with: 1) Create a new group, give the SeCreateSymbolicLinkPrivilege to the group and assign users to the group 2) Give each individual user (2 now, more later) the privilege 3) Give the privilege to the default User group which opens it up to all Users 4) Change config so Users are not Admins by default (probably would work but not likely) Based on my testing, only 3 works for me and that is the least desirable but I've only got a local server to test with, not a domain. I need to recommend to the admin how to set this up and also have something that we can easily explain to other users of our application that are on their own domain or not on a domain. The other option seems to be to create a Service that runs with a SYSTEM account that creates the links for the application but I'd rather not go that route. Thanks.

    Read the article

  • LDAP change user pass on client

    - by Sean
    I am trying to allow ldap users to change their password on client machines. I have tried pam every which way I can think of /etc/ldap.conf & /etc/pam_ldap.conf, as well. At this point I'm stuck. Client: Ubuntu 11.04 Server: Debian 6.0 The current output is this: sobrien4@T-E700F-1:~$ passwd passwd: Authentication service cannot retrieve authentication info passwd: password unchanged /var/log/auth.log gives this during the command: May 9 10:49:06 T-E700F-1 passwd[18515]: pam_unix(passwd:chauthtok): user "sobrien4" does not exist in /etc/passwd May 9 10:49:06 T-E700F-1 passwd[18515]: pam_ldap: ldap_simple_bind Can't contact LDAP server May 9 10:49:06 T-E700F-1 passwd[18515]: pam_ldap: reconnecting to LDAP server... May 9 10:49:06 T-E700F-1 passwd[18515]: pam_ldap: ldap_simple_bind Can't contact LDAP server getent passwd |grep sobrien4 (note keeping short since testing with that account, however it outputs all ldap users): sobrien4:Ffm1oHzwnLz0U:10000:12001:Sean O'Brien:/home/sobrien4:/bin/bash getent group shows all ldap groups. /etc/pam.d/common-password (Note this is just the most current, I have tried a lot of different options): password required pam_cracklib.so retry=3 minlen=8 difok=3 password [success=1 default=ignore] pam_unix.so use_authtok md5 password required pam_ldap.so use_authtok password required pam_permit.so Popped open wireshark as well, the server & client are talking. I have the password changing working on the server. I.E. the server that runs slapd, I can log in with the ldap user and change the passwords. I tried copying the working configs from the server initially and no dice. I also tried cloning it, and just changing ip & host, and no go. My guess is that the client is not authorized by ip or hostname to change a pass. Pertaining to the slapd conf, I saw this in a guide and tried it: access to attrs=loginShell,gecos by dn="cn=admin,dc=cengineering,dc=etb" write by self write by * read access to * by dn="cn=admin,dc=cengineering,dc=etb" write by self write by * read So ldap seems to be working okay, just can't change the password.

    Read the article

  • MS SQL - Problem running SQL Server Agent Job via service account credentials

    - by molecule
    There are 5 steps in this job. First job is an SSIS Package store, second to fifth are file system jobs. We configured all jobs to use Windows Authentication. Under Run As, we specified a user account which was created under SecurityCredentials and SQL Server AgentProxiesSSIS Package execution. The job runs without any problems with this user account. We then proceeded to configure the job to use a service account instead. Service account was specified under SecurityCredentials and SQL Server AgentProxiesSSIS Package Execution. The job fails with this error. Executed as user: domain\serviceaccount. ....00 for 32-bit Copyright (C) Microsoft Corp 1984-2005. All rights reserved. Started: 3:37:57 PM Error: 2010-03-09 15:37:57.95 Code: 0xC0016016 Source: Description: Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available. End Error Error: 2010-03-09 15:38:01.19 Code: 0xC0047062 Source: Get CONT_VIEW_LADDER in latest 45days OracleFMDatabase [1] Description: System.Data.OracleClient.OracleException: ORA-01005: null password given; logon denied at System.Data.OracleClient.OracleException.Check(OciErrorHandle errorHandle, Int32 rc) at System.Data.OracleClient.OracleInternalConnection.OpenOnLocalTransaction(String userName, String password, String serverName, Boo... The package execution fa... The step failed. Based on some research, I then go into MS Visual Studio and Open the project. I change the property of the package security from "EncryptSensitiveWithUserKey" to "DontSaveSensitive" but i still get the above error. I am new to this so any help will be very much appreciated. Thanks in advance

    Read the article

  • Mapping printers using Group Policy Preferences; works on Windows XP, not on Windows 7 x64

    - by Graeme Donaldson
    I'm trying to use Group Policy Preferences to manage user connections to shared printers. The print server is Windows Server 2003 R2 Std edition. Several printers are installed, and I've added x64 editions of all the drivers to the print server as well. I've created a new GPO containing the printer preference settings. Printer mappings are targeted based on AD security group membership. I log on to a Windows XP PC with the Group Policy CSEs installed and the printer maps perfectly. I log on to a Windows 7 x64 PC and it doesn't map. If I manually connect to the shared printer, I get a prompt which asks me to confirm if I trust the server before installing the driver, and then it works perfectly. I have domain admin rights and my UAC settings have not been changed from the default, i.e. UAC is enabled and the default level is selected. Is the printer mapping failing because it's unable to prompt me to install the driver, or is there something else afoot?

    Read the article

  • Debian - "WARNING: untrusted versions of the following packages will be installed!"

    - by user1794469
    When i try to install or update any packages I get: Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. I strongly suspect this is related to the error i get on update: $ sudo aptitude update Get: 1 http://ftp.us.debian.org wheezy InRelease [208 kB] Get: 2 http://debian.lcs.mit.edu wheezy InRelease [208 kB] Ign http://ftp.us.debian.org wheezy InRelease Hit http://ftp.us.debian.org wheezy/main amd64 Packages/DiffIndex Hit http://ftp.us.debian.org wheezy/contrib amd64 Packages/DiffIndex Hit http://ftp.us.debian.org wheezy/non-free amd64 Packages/DiffIndex Hit http://ftp.us.debian.org wheezy/contrib Translation-en Hit http://ftp.us.debian.org wheezy/main Translation-en Hit http://ftp.us.debian.org wheezy/non-free Translation-en Get: 3 http://debian.lcs.mit.edu wheezy-updates InRelease [116 kB] Ign http://debian.lcs.mit.edu wheezy InRelease Ign http://debian.lcs.mit.edu wheezy-updates InRelease Hit http://debian.lcs.mit.edu wheezy/main Sources/DiffIndex Hit http://debian.lcs.mit.edu wheezy/main amd64 Packages/DiffIndex Hit http://debian.lcs.mit.edu wheezy/main Translation-en Ign http://ftp.us.debian.org wheezy/contrib Translation-en_US Ign http://debian.lcs.mit.edu wheezy-updates/main Sources/DiffIndex Ign http://debian.lcs.mit.edu wheezy-updates/main amd64 Packages/DiffIndex Ign http://ftp.us.debian.org wheezy/main Translation-en_US Ign http://ftp.us.debian.org wheezy/non-free Translation-en_US Hit http://debian.lcs.mit.edu wheezy-updates/main Sources Hit http://debian.lcs.mit.edu wheezy-updates/main amd64 Packages Ign http://debian.lcs.mit.edu wheezy/main Translation-en_US Ign http://debian.lcs.mit.edu wheezy-updates/main Translation-en_US Ign http://debian.lcs.mit.edu wheezy-updates/main Translation-en Fetched 531 kB in 1s (304 kB/s) W: GPG error: http://ftp.us.debian.org wheezy InRelease: Unknown error executing gpgv W: GPG error: http://debian.lcs.mit.edu wheezy InRelease: Unknown error executing gpgv W: GPG error: http://debian.lcs.mit.edu wheezy-updates InRelease: Unknown error executing gpgv I have tried reinstalling the key ring: sudo aptitude reinstall debian-archive-keyring (which surprisingly doesn't cause a warning).

    Read the article

  • VMWare Converter - Remote Linux Install P2V

    - by Zed Said
    I am trying to get what I thought was an easy process working. Here is my situation. I have a remote linux server (running Debian) that I would like to turn into a VM so that I can do testing on it rather than the production server. I downloaded VMWare Converter. I went to the "convert machine" wizard, chose Powered-on machine, entered my remote machine details. Clicking next shows that it correctly connects to my remote linux box. Now, on the next screen, for Destination type, it enters "WMWare Infrastructure virtual machine", and I can't change this. This is where I am stuck. Why do I need another sever to convert with? Is this where my VM gets sent to? And why can't I just convert the VM and save it on the computer that I am running the converter program on? If I do have to use a vmware infrastructure destination, I am confused at what ESX is, why and how I use it. Any help with this process would be more than appreciated!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 692 693 694 695 696 697 698 699 700 701 702 703  | Next Page >