Search Results

Search found 17 results on 1 pages for 'user64204'.

Page 1/1 | 1 

  • Real benefits of tcp TIME-WAIT and implications in production environment

    - by user64204
    SOME THEORY I've been doing some reading on tcp TIME-WAIT (here and there) and what I read is that it's a value set to 2 x MSL (maximum segment life) which keeps a connection in the "connection table" for a while to guarantee that, "before your allowed to create a connection with the same tuple, all the packets belonging to previous incarnations of that tuple will be dead". Since segments received (apart from SYN under specific circumstances) while a connection is either in TIME-WAIT or no longer existing would be discarded, why not close the connection right away? Q1: Is it because there is less processing involved in dealing with segments from old connections and less processing to create a new connection on the same tuple when in TIME-WAIT (i.e. are there performance benefits)? If the above explanation doesn't stand, the only reason I see the TIME-WAIT being useful would be if a client sends a SYN for a connection before it sends remaining segments for an old connection on the same tuple in which case the receiver would re-open the connection but then get bad segments and and would have to terminate it. Q2: Is this analysis correct? Q3: Are there other benefits to using TIME-WAIT? SOME PRACTICE I've been looking at the munin graphs on a production server that I administrate. Here is one: As you can see there are more connections in TIME-WAIT than ESTABLISHED, around twice as many most of the time, on some occasions four times as many. Q4: Does this have an impact on performance? Q5: If so, is it wise/recommended to reduce the TIME-WAIT value (and what to)? Q6: Is this ratio of TIME-WAIT / ESTABLISHED connections normal? Could this be related to malicious connection attempts?

    Read the article

  • HUDSON: how to manually encode the LDAP managerPassword?

    - by user64204
    I need to know how to manually encode the LDAP managerPassword which controls the authentication to hudson: <securityRealm class="hudson.security.LDAPSecurityRealm"> <server>ldap.example.org</server> <rootDN>dc=example,dc=org</rootDN> <userSearchBase>ou=People</userSearchBase> <userSearch>uid={0}</userSearch> <groupSearchBase>ou=Groups</groupSearchBase> <managerDN>cn=admin,dc=example,dc=org</managerDN> <managerPassword>{HOW DO I ENCODE THIS?}</managerPassword> </securityRealm> This question has already been raised here: http://jenkins.361315.n4.nabble.com/How-to-encode-the-LDAP-managerPassword-td2295570.html The answer was to configure the managerPassword field via the hudson web interface. The problem we have is that in order to configure LDAP one must be authenticated to hudson, which we cannot do because our LDAP authentication is currently broken (password mismatch between LDAP and the hudson configuration). Can someone explain how to manually encode the LDAP managerPassword? Thanks

    Read the article

  • Interpreting Munin graphs showing available entropy and MySQL slow queries in sync

    - by user64204
    We're experiencing performance issues on our website, and after reviewing our munin graphs, the only metrics we've found in sync are Available entropy and MySQL slow queries, with the latter influenced by our number of logged in users: Based on the wikipedia entropy page, my understanding is that entropy is the amount of randomness (here measured in bytes) that the system can use for various tasks, mainly cryptography and functions that require random input. Since the peaks in available entropy and MySQL slow queries are occurring in sync and at regular interval, that the number of MySQL slow queries is proportional to our number of Drupal users whereas the peaks in available entropy seem to be much more constant and less proportional to these 2 metrics, we're thinking available entropy is the reflect of a root cause which, combined with the traffic to our website, is causing those slow queries (and not the opposite, slow queries influencing the entropy). Accordingly: Q: What underlying problem do you think could cause regular peaks in available entropy that could have an influence on MySQL's ability to process queries?

    Read the article

  • hudson/jenkins: help needed to get started with customization work

    - by user64204
    I'm would to customize jenkins by adding links to the left hand side panel and use the pages associated with these links to serve some custom content in place of the jobs/views table displayed by default. I managed to add links to the side-bar using the sidebar-links plugin. Now I'm trying to see how to replace the content of the <td id="main-panel"> element with some custom content. The custom content is generated by some PHP scripts which ideally should be called by hudson every time the custom pages are requested, though if too complicated I can either create static content to be served by jenkins by calling my PHP scripts in a crontab or see if calls to the PHP scripts can be done by apache itself before the page requests are sent to jenkins. I'm not sure writing a plugin is the best way to proceed and I would like to have your thoughts as to how you think I should implement this.

    Read the article

  • stdout, stderr, and what else? (going insane parsing slapadd output)

    - by user64204
    I am using slapadd to restore a backup. That backup contains 45k entries which takes a while to restore so I need to get some progress update from slapadd. Luckily for me there is the -v switch which gives an output similar to this one: added: "[email protected],ou=People,dc=example,dc=org" (00003d53) added: "[email protected],ou=People,dc=example,dc=org" (00003d54) added: "[email protected],ou=People,dc=example,dc=org" (00003d55) .######## 44.22% eta 05m05s elapsed 04m spd 29.2 k/s added: "[email protected],ou=People,dc=example,dc=org" (00003d56) added: "[email protected],ou=People,dc=example,dc=org" (00003d57) added: "[email protected],ou=People,dc=example,dc=org" (00003d58) added: "[email protected],ou=People,dc=example,dc=org" (00003d59) Every N entries added, slapadd writes a progress update output line (.######## 44.22% eta 05m05s elapsed ...) which I want to keep and an output line for every entry created which I want to hide because it exposes people's email address but still want to count them to know how many users were imported The way I thought about hiding emails and showing the progress update is this: $ slapadd -v ... 2>&1 | tee log.txt | grep '########' # => would give me real-time progress update $ grep "added" log.txt | wc -l # => once backup has been restored I would know how many users were added I tried different variations of the above, and whatever I try I can't grep the progress update output line. I traced slapadd as follows: sudo strace slapadd -v ... And here is what I get: write(2, "added: \"[email protected]"..., 78added: "[email protected],ou=People,dc=example,dc=org" (00000009) ) = 78 gettimeofday({1322645227, 253338}, NULL) = 0 _######## 44.22% eta 05m05s elapsed 04m spd 29.2 k/s ) = 80 write(2, "\n", 1 ) As you can see, the percentage line isn't sent to either stdout or stderr (FYI I have validated with known working and failing commands that 2 is stderr and 1 is stdout) Q1: Where is the progress update output line going? Q2: How can I grep on it while sending stderr to a file? Additional info: I'm running Openldap 2.4.21 on ubuntu server 10.04

    Read the article

  • Authorization error when testing FTP to UNC

    - by user64204
    We have a Windows Server 2008 R2 with Active Directory (hereafter called DC) running as a domain controller on which we have IIS and an FTP site installed. We have a second Server 2008 (hereafter called SHARE) which is joined to that domain and has a disk shared as a network share (\\share\Office). That network share is used as the ftp's physical path on DC. We've tested the FTP from the IIS FTP configuration panel, by clicking on Basic Settings... then Test Settings.... When setting Administrator as a username with the Connect as... option, everything is fine: When no user is provided we can the below error: Q1: Could someone explain in more understandable terms what is written in the Details text area?

    Read the article

  • add_header directives in location overwriting add_header directives in server

    - by user64204
    Using nginx 1.2.1 I am able to add multiple headers using add_header as follows: server { listen 80; server_name localhost; root /var/www; add_header Name1 Value1; <=== HERE add_header Name2 Value2; <=== HERE location / { echo "Nginx localhost site"; } } GET / HTTP/1.1 200 OK Name1: Value1 Name2: Value2 However I soon as I use the add_header directive inside location, the other add_header directives under server are ignored server { listen 80; server_name localhost; root /var/www; add_header Name1 Value1; <=== HERE add_header Name2 Value2; <=== HERE location / { add_header Name3 Value3; <=== HERE add_header Name4 Value4; <=== HERE echo "Nginx localhost site"; } } GET / HTTP/1.1 200 OK Name3: Value3 Name4: Value4 The documentation says that both server and location are valid context and doesn't state that using add_header in one prevents using it in the other. Q1: Do you know if this is a bug or the intended behaviour and why? Q2: Do you see other options to get this fixed than using the HttpHeadersMoreModule module?

    Read the article

  • Allow from referer for HTTP-basic protected SSL apache site

    - by user64204
    I have an apache site protected by HTTP basic authentication. The authentication is working fine. Now I would like to bypass authentication for users that are coming from a particular website by relying on the HTTP Referer header. Here is the configuration: SetEnvIf Referer "^http://.*.example\.org" coming_from_example_org <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Deny from all Allow from env=coming_from_example_org AuthName "login required" AuthUserFile /opt/http_basic_usernames_and_passwords AuthType Basic Require valid-user Satisfy Any </Directory> This is working fine for HTTP, but failing for HTTPS. My understanding is that in order to inspect the HTTP headers, the SSL handshake must be completed, but apache wants to inspect the <Directory> directives before doing the SSL handshake, even if I place them at the bottom of the configuration file. Q: How could I workaround this issue? PS: I'm not obsessed with the HTTP referer header, I could use other options that would allow users from a known website to bypass authantication.

    Read the article

  • Users removing Administrator from files/folders permissions

    - by user64204
    We're running Windows Server 2003 R2 with Active Directory and are having an issue with network shares whereby users, in an attempt to secure their documents, remove everybody (including the Administrator account) from their files/folders permissions. Since the Administrator no longer has read permission to them, we can't even backup files manually as we get permission errors. One solution that we've found is to change the owner of the files and directories to the Administrator account. We can then change the permissions as we wish. The problem is that this has to be done manually so can't really be applied to an entire share. Another solution that we've tried is to use cacls as follows: cacls d:\path\to\share /C /T /E /G Administrator:F The problem with this is that we're still getting an ACCESS DENIED error on files/folders on which Administrator was removed. Q1: Is there a way to restore at least read access to all files/folders to the Administrator account in a recursive fashion? That would be for the short term. For the long term we're looking for a solution to prevent users from removing Administrator from files/folders permissions. Since we're going to migrate to Windows Server 2008 R2 soon we could wait until we've migrated to implement such solution if need be. Q2: Is there a way to prevent users from removing Administrator from files/folders permissions on Windows Server 2003/2008?

    Read the article

  • When to use Nginx PHP Fast CGI with a TCP socket instead of a UNIX socket?

    - by user64204
    I've followed this guide to setup PHP in FastCGI mode with Nginx. This guide describes 2 ways of doing it: TCP socket and UNIX socket. I've ran some Apache Benchmark on my locale machine and here are the results: Below tests ran multiple times to get better average statistics: $ ab -c 200 -n 100000 http://.... APACHE: 1800 req/sec NGINX (TCP socket): 2500 req/sec NGINX (UNIX socket): 15000 req/sec As far as I understand, there is overhead with using a TCP socket rather than a UNIX socket, hence the better performance with the latter. However I was not expecting such a performance difference given that the TCP socket is on the localhost, and therefore would like to ask the following question: Q: Given the huge performance gain with using a UNIX socket, what are the configuration scenarios where it would make sense to use a TCP socket instead?

    Read the article

  • Combining AD permissions with FTP

    - by user64204
    We're using Windows Server 2008 with Active Directory controlling access to a network share. We've setup FTP so that people can access that share from outside (we used to use the PPTP VPN but for various reasons we need to switch to FTP). So far here is what we've managed to implement on the FTP: -The network share is used as the FTP root (defined as a UNC) and that is working fine. -AD authentication is working fine (wrong password and you stay out, good password you're in, password management in AD correctly synched with the FTP). -AD permissions are failing: the AD permissions on the content of the FTP root are ignored: it's either a user only has read or write access, but this applies to the whole FTP root, which obviously isn't suitable since that FTP root is initially our network share and files/folders have different AD permissions depending on people's groups... Whether we set the permissions through the share OR the FTP management interface, AD permissions are never enforced. Q1: Is that normal? Q2: If so what solutions exist to combine AD permissions with FTP on MS server 2008? Q3: If not, where should I look to fix the configuration?

    Read the article

  • Need to move a debian server from i686 to x86_64 architecture

    - by user64204
    I have a debian server that I need to move from one hosting provider to another. I don't really know how the old server was setup, all I know is that it's running a Ruby on Rails application with a lot of custom libraries installed and that I should prepare myself for a painful migration. Old server: -os: debian 5.0.9 -used disk space: 3.2GB -architecture: i686 New server: -os: debian 5.0.9 -free disk space: 10GB -architecture: x86_64 As you can see the problem is that the servers are running different architectures. Q: Is there anyway I could somehow migrate the old to the new server in a few steps (or am I just dreaming I could) ? I was thinking maybe I could: -get list of packages and gems installed on old server and use for loop to install them all on the new -copy the disk content from old to new server while excluding what is architecture-specific (the problem is that I don't really know what to exclude).

    Read the article

  • Echo 404 directly from nginx to improve performance

    - by user64204
    I am in charge of production servers serving static content for a website. Those servers are constantly being crawled by bots looking for potential exploits (which isn't that much of a problem security-wise because no application can be reached behind the web server) but generates thousands of 404 per day, sometimes per hour. I am looking into ways of blocking those requests but it's tricky (you want to make sure you don't block legitimate traffic and these bots are becoming more and more clever at looking like they're legit) and is going to take me a while to find an acceptable solution. In the meantime I would like to reduce the performance impact of serving those 404 pages. Indeed we're using nginx which by default is configured to serve it's 404 page from the disk (This can be changed using the error_page directive but in the end the 404 will either have to be served from disk or from another external source (e.g. upstream application which would be worst)) which isn't ideal. I ran a test with ab on my local machine with a basic configuration: in one case I echo a message directly from nginx so the disk isn't touched at all, in the other case I hit a missing page and nginx serves its 404 from disk. server { # [...] the default nginx stuff location / { } location /this_page_exists { echo "this page was found"; } } Here are the test results (my laptop has Intel(R) Core(TM) i7-2670QM + SSD in case you're wondering why they are so high): $ ab -n 500000 -c 1000 http://localhost/this_page_exists Requests per second: 25609.16 [#/sec] (mean) $ ab -n 500000 -c 1000 http://localhost/this_page_doesnt_exists Requests per second: 22905.72 [#/sec] (mean) As you can see, returning a value with echo is 11% ((25609-22905)÷22905×100) faster than serving the 404 page from disk. Accordingly I would like to echo a simple 404 Page not Found string from nginx. I tried many things so far but they all failed, essentially the idea was this: location / { try_files $uri @not_found; } location @not_found { echo "404 - Page not found"; } The problem is that as soon as the echo directive is used, the http response code is set to 200. I tried changing that by doing error_page 200 = 400 but that breaks the configuration. How can I serve a 404 page directly from nginx? (without hacking the source which may be might next step)

    Read the article

  • File Transfer Protocol (FTP) Service won't install

    - by user64204
    Hi all, Problem description: -I'm running Windows Server 2003 and I'm trying to install the FTP service following this procedure: http://support.microsoft.com/kb/323384 -At step 7 of the above procedure I provide Windows Small Business Server 2003 disc1 and the installation completes successfully (note: the installer looks for 'ftpctrs2.dll' but the disk contains 'FTPCTRS2.DL_' and seems happy with it as per allowed file types). -However the installation silently fails because if I go back to the list of windows components, FTP is still unchecked, and if I open IIS, the FTP sites section is missing. Question: -How can I force the installation of FTP? Additional info: I don't think this is related but will mention it in case I'm wrong and it is: before I could attempt to install FTP I ran into, and fixed, the issue described in this solution: http://support.microsoft.com/kb/838860 Thanks.

    Read the article

  • Restoring exchange 2003 from a backup

    - by user64204
    Hi all, I'm restoring an Exchange server from a backup: [1] the backup was created on 19/12/2010 [2] the server kept running until 20/12/2010 [3] we're restoring the server today 21/12/2010 with the backup from [1] My understanding is that when the server comes back: [4] whatever is in users' inbox since [1] will be deleted. [5] whatever is in users' sent box since [2] should be re-sent. [6] As a safety measure we've moved all emails sent/received between [1] and [3] to .PST files. Questions: -are [4] & [5] statements correct? -is there any way to move back emails from the PST file [6] to the current inbox/sent folders so that Exchange takes these emails into account (instead of deleting them)? -what happens to the Calendar items that were added after [1], is there any way to back those up as well if needed? Many thanks

    Read the article

  • How to make sure clients update their browser cache when my website is updated?

    - by user64204
    I am using the HTTP 1.1 Cache-Control header to implement client-side caching. Since I update my website only once a month I would like the CSS and JS files to be cached for 30 days with Cache-Control: max-age=2592000. The problem is that the 30-day period defined by Cache-Control doesn't coincide with the website update cycle, it starts from the moment the users visit the site and ends 30 days later, which means an update could occur in the meantime and users would be running with outdated content for a while, which could break the rendering of the website if for instance the HTML and CSS no longer match. How can I perform client-side caching of content for periods of several days but somehow get users to refresh their CSS/JS files after the website has been updated? One solution I could think of is that if website updates can be schedule, the max-age returned by the server could be decreased every day accordingly so that no matter when people visit the website, the end of caching period would coincide with the update of the website, but changing the server configuration every day goes against one of my sysadmin principles (once it's running, don't touch it).

    Read the article

  • Innodb statistics

    - by user64204
    We're running InnoDB as a MySQL engine and using phpMyadmin to administer our database. Under Status - Query statistics, phpMyadmin gives us the following: We would like to know where these figures come from because we would like to create a Munin graph showing the evolution of these statistics over time. When we run the SHOW STATUS; query here is what we get: Innodb_rows_deleted 247555 Innodb_rows_inserted 822911 Innodb_rows_read 694934413 Innodb_rows_updated 15048 As you can see there is a substantial difference although both were taking almost at the same time. Q: Do you know where phpMyadmin gets its values from?

    Read the article

1