10.6.3 breaks my server: LDAP borked!
I just upgraded a mac mini server from 10.6.2 to 10.6.3, and LDAP is broken. I haven't figured out WHY yet, but it's very annoying. I'm able to SSH in as a local, non-DS user, so I should be able to figure out what's going on.
But I doubt I'm the only one who has this problem.
I just got my Mini Server with 10.6 on it. Went to set it up, got two users configured. Decided to install upgrades/updates. I found 10.6.3 update and did install. I was not able to log in to desktop again. Remote admin Tools got me into the Server, but that's it. It looked like LDAP was busted. Since it was brand new install I decided to format the drives and reinstall, now I'm sitting on 10.6 and looking for update that works. All SW updates are installed and working - except OS. Does 10.6.3 v1.1 fix that problem?
Similar Messages
-
Access read-only LDAP for username/password, Directory Server LDAP for rest
Hello! I keep trying to find documentation on the above, but thus far I have been unable to find something that explains this well (and my attempts at figuring out thus far have failed).
I have a read-only LDAP that is used University wide, and I am not allowed to change how it currently operates. It uses double-bind authentication in that you search for a user to get their DN, then bind to that DN with the users password to see if it was correct.
I'd like to use the above setup to verify a user's credential as well as return some basic information about them (name, email, etc). After this, I'd like to use another freshly installed Directory Server LDAP to manage the roles that seem to be needed for Portal Server (as I cannot write to the original LDAP).
Any help or advice on the above would be appreciated! Thank you.The authentication you described is the default way LDAP authentication works.
AM Ldap auth-module allows you to 'pull' attributes from the LDAP server you're using for authentication and store it in it's 'amSDK' Directory Server - which is leveraged by Portal Server (if you're talking about Sun's Portal Server).
However this is only done if the profile is created (set 'dynamic profile generation' in auth - service).
As Portal Server does not support the new 'identity repsoistory API' of AM you have to stick to AM's legacy mode when using Portal Server.
To keep the the data in sync (if needed) you have to write a post-auth class.
-Bernhard -
Hello, it would want to know, if I have airport extreme or Time capsule, in the option of internet/DHCP/Server LDAP he is right to put the IP of my machine? my domain or my localhost?
Each DHCP server typically has its own pool of IP addresses, and the network manager is responsible for coordinating the allocation of IP addresses; these pools must not overlap with other DHCP server, nor with any static IP addresses in use on the network.
Time Capsule, Airport Extreme, firewalls and other devices with embedded DHCP servers do not usually notify a server as IP addresses are allocated and freed.
It is feasible to operate a WiFi network with DHCP issued from a server, typically by configuring the WiFi device as an Access Point (AP). That's a setting both on the WiFi device, and configuration of DHCP on the server.
Some WiFi and DHCP devices can coordinate IP address allocations, or DNS assignments, or can implement distributed authentication for controlled access onto the LAN.
Network access authentication typically involves communications with an LDAP server as part of the network environment, and various devices can coordinate with Mac OS X Server Open Directory LDAP server.
If I've not addressed your intended question, can you post some additional details around your current environment and requirements? -
Suggestions on serving LDAP from a desktop Mac (not server)
I'd like to use a desktop machine to serve LDAP to a handful of Mac's- a mix of intel & powerpc desktops.
Does anyone have suggestions as to how to accomplish this, or has anyone tried this?
Thanks for any input.I'd install darwinports[1] and use theirport toolset to set that up.
-Ralph
[1] www.darwinports.org -
Monitor time of name server ldap@domain?
our domain is 2003. fsmo roles on 2003 server. I have a san device reporting the error shown below. it looks like the time of the windows domain (computers and dcs) are in sync with the local time of the san. I had the support team for the san
manually sync the time with our domain. However, I still get these messages. I'm wondering how could I monitor this time?
Name server ldap@domain found a difference between its time (GMT: Fri Jan
2 07:48:53 2015) and local system time (GMT: Fri Jan 2 07:39:06 2015). The maximum allowed time difference is set to 300 seconds.
Name server CIFS@domain found a difference between its time (GMT: Fri Jan
2 05:35:13 2015) and local system time (GMT: Fri Jan 2 05:25:27 2015). The maximum allowed time difference is set to 300 seconds.
Name server krbtgt@domain found a difference between its time (GMT: Wed Dec 31 01:47:15 2014) and local system time (GMT: Wed Dec 31 01:38:11 2014). The maximum allowed time difference is set to 300 seconds.I'm assuming it resyncs automatically. I read the help file on ntp sync but it doesn't say how often it resyncs.
After support manually synced the time, the error reoccurred less than 24 hours later.
Every time I check the time in the web interface and my workstation, they are the same. Hmm, I guess it could be syncing shortly before I come in. One thing i'm noticing is that these errors are not happening during business hours. The times
from day to day don't match up exactly but it seems 7p-11p would be a good time to look for errors.
I assume Mr X's explanation of time source is correct. However, I confused where they are getting these name server addresses from. I didn't enter them into the system. I don't see them in dns. I'm not 100 % sure which server the
san is contacting for this info.
I would recommend contacting your support to share the details about how your SAN time sync work and support you to solve the time sync issue on the SAN.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
How to configure shared addressbook on Mac OS X Server + LDAP
I have tried to study this issue but haven´t find any clear answer.
We need to set up a shared addressbook on our organisation, apparently this is best to implement with LDAP(?).
Users should be able to add new contacts with their email clients and use the shared db with Entourage/Thunderbird.
We aren´t using OpenDirectory so the LDAP would serve only for the contacts.
Is this possible to achieve with OS X Server?
If so, how do I start? by enabling OpenDirectory and configuring LDAP? I didn´t find any way to add addresses or handling address db:n on Server Admin.Have you looked at Addressbook4LDAP...
http://j2anywhere.com
I think it gets installed elsewhere from the server, particularly if the server is already running ldap. Some favourable comment on other sites although I've not tried it myself yet. It's on my list for next week...
-david -
Newbie: IBM Directory Server LDAP Java Implementation
Good day friends,
I'm new in developing LDAP applications. I'm using IBM Directory Server v4.1 & need to develop a application (a web application - JSP/Servlet/EJB). I'm doing this as part of a Web project where i need to store the User Info of the registering user to LDAP server with proper Organisational Hierarchy & Privileges. I'm using Java for this application. I have the proper JNDI environment set for LDAP interaction. Can anyone provide me with a best practice/right procedure for implementing this, like searching for an entry, inserting/updating an entry & how to make use of Attributes provided in IBM DS 4.1.
I searched IBM redbook & others for this but without any success. All Prog references are pertaining to C & very minimal info for Java implementation. I found some info in other LDAP like Netscape & Novell, but there structuring is different from IBM DS. I would appreciate if anyone can throw some light on this regard. I would appreciate a complete Java Programmers Reference Guide for IBM Directory Server v4.1.
Thanking u in anticipation.
cheers,
J2EEDev.I'm coping with the same question as you had.
Did you get any valuable information or a Java programmers reference guide for IBM directory server ?
If so, could you send me an url where I can obtain the required information ?
Thanks for your reply !
Dirk -
Someone's trying to break into server
Hello,
According to my directory service log, someone is trying to break into our server by trying to log in as 'root' and 'admin'. DirectoryServices senses this and delays the failed authentication return.
Okay, how do we backtrace this fellow's IP and where do I get a detailed log of this apparent hacker's attempts?
Thanks!In my strongly felt opinion, using denyhosts is mostly a bandaid to a problem, rather than properly addressing it.
The one and only time I have used it was when I was battling a situation not entirely under my control. No need to go into those specifics, but it was indeed a bandaid to a situation in which I could not properly secure the server. That has since changed.
I can't state this with enough emphasis: the proper maintenance of server security should totally negate the need for DenyHosts.
1) Shut off ssh access ("remote login") completely if that is an option
1) Shut off root access via ssh entirely
Said quickly: edit /etc/sshd_config and change the section to appear as follows:
# Authentication:
PermitRootLogin no
AllowUsers myserveradmin
where "myserveradmin" is the shortname of a desired user, and should categorically not be "admin" "administrator" "test" or anything else painfully obvious.
Restart ssh.
Furthermore !
3) Shut off password access via ssh completely. Use access by ssh keys only.
See the tutorial by Mike Bombich (of Apple) here:
http://www.bombich.com/mactips/rsync.html
starting with "Before you start: Security Briefing"
Or this article at another excellent resource:
http://www.afp548.com/article.php?story=20040816224717742
note the further information about how to limit commands available via ssh.
Having done this, edit /etc/sshd_config and add:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
and restart ssh.
4) Set the shell ("login shell") for every and any account that does not need shell access to your server, to: None
5) Limit ssh access at your firewall, to known-viable IP ranges or even specific static IPs.
Better yet, (while still observing the other steps above) don't allow ssh traffic across your firewall, and setup VPN, and then use ssh access via VPN only.
Do all of this at your own "risk" meaning understand the consequences, the first of which will be a server that is more secure in terms of ssh access. This does little to prevent problematic php (phpBB) or other mismanaged or poor 3rd-party packages and their impact on your server. -
Newbie in need assistance configuring iChat server (LDAP).
I needs some assistance in setting up iChat server for our office. I running LDAP and I have the iChat server basics setup and it is working, however my boss wants to set up different domains in iChat for the various departments (i. e. Accounting, Sales, production, etc.). These will not be accessed outside of the building. He states I need to configure additional search bases. It is at this point I am drawing a blank.
Hi Paul,
An intersetng one.
James Weston may be able to post more on this.
iChat can Chat to other Macs using the Bonjour option
(Click the Apple/Command key + 2 together)
Bonjour has to be enabled in the Account section of iChat Preferences.
All computers have to be in the same subnet
This is going to be the sticking point.
Lets say you have one routing device for your local net and it issues all computers and devices with IP Addresses in the range 192.168.1.xxx then all the computers on on the same Subnet as there is only one LAN.
If you have subsequent routers that change the IP addresses to somethng like 192.168.1.xxx for sales and 192.168.2.xxx fo accounts etc, then you will have subnets. Computers in 192.168.1.xxx will only see other Bonjour/iChat computers in that group and the same for 192.168.2.xxx but not from group to group.
To show up in the Bonjour window iChat takes the Address Book Me card entry of the MAc user account and broadcasts it to the other computers.
This would give you an option of using this method to pass out information where people were. The revelant "Sales" or "Accuounts" could be added to their Real Names.
(Bonjour would have problems if several computers were changed to read just Sales as the Address Book name).
An alternative would be to set up a VPN and have all computers on the same network for Bonjour independent of any of network they were on.
James knows more about networks than I do and may have other information that may help.
Ralph -
EM Plug-In for Peoplesoft 8.50 Breaking Application Server When Discovering
During the Discover process, even though, the Application Server, web Server, and schedulers are down; the Plug-In for EM PeopleSoft breaks the PeopleSoft environment. We have to rebuild the Applications Server and Scheduler to get this to work. There is a value the must reside in the ubx file and that was changed, but the discovery always breaks the environments..
My question is this: If we have to stop and start the PeopleSoft Architecture through EM, no problem. We just need to be able to explain why the environments keep breaking and we have to keep rebuilding the domains.
8.50.08, Windows 2003, Oracle 64-bit, 11.1.0.7 (Everything is on Windows).
Any insight will be helpful to our situation.
ThanksI experienced similar thing. The EM plugin for PS break the PS env down. I did not take time yet to investigate, and so far did not use it at all.
Nicolas. -
Email server LDAP authentication
I have a Sun One Directory Server 5.2 and want to set up the sun mail server. I understand that the install lets you set it up with a directory server. But I want to know exactly how the mail server is using the ldap for authentication. Is there differences between OS's? Is it using a pam module on solaris? Is it application based or host based authentication? Thanks!
Messaging Server uses a Directory Server very exstensively, not the PAM model at all. It's NOT host-based authentication.
For additional information, you may want to examine some of the 5.2 documentation, including the Schema Guide and the Provisioning Guide:
http://docs.sun.com/db/doc/816-6021-10
http://docs.sun.com/db/doc/816-6018-10 -
LDAPRealm and Microsoft Site Server (LDAP)
I have problem setting up the LDAPRealm in Weblogic Commerce 2.0.1 and
Personalisation Server connecting to a Microsoft Site Server.
The ldaprealm.properties file is as below:
weblogic.security.ldaprealm.url=ldap://localhost:389
weblogic.security.ldaprealm.principal=cn=Administrator
weblogic.security.ldaprealm.credential=password
weblogic.security.ldaprealm.ssl=false
weblogic.security.ldaprealm.authentication=none
weblogic.security.ldaprealm.userAuthentication=local
weblogic.security.ldaprealm.version=2
weblogic.security.ldaprealm.userDN=o=test, ou=Members
weblogic.security.ldaprealm.userNameAttribute=cn
weblogic.security.ldaprealm.userPasswordAttribute=userpassword
weblogic.security.ldaprealm.userCommonNameAttribute=cn
weblogic.security.ldaprealm.groupDN=o=test, ou=Groups
weblogic.security.ldaprealm.groupNameAttribute=cn
weblogic.security.ldaprealm.groupIsContext=true
weblogic.security.ldaprealm.groupUsernameAttribute=cn
The server runs and halts at the last line of log:
Fri Jul 28 11:58:21 GMT 2000:<I> <WebLogicServer> Server loading from
weblogic.class.path. EJB redeployment enabled.
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> acl size = 211, pos ttl =60,
neg ttl = 10
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> auth size = 211, pos ttl =
60, neg ttl = 10
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> group size = 17, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm size = 10000, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> user size = 10000, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getAclOwner("weblogic")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> rewriting ACL
"weblogic.jdbc.connectionPool.commercePool"
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPermission("reserve")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm: backup HAS reserve
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPrincipal("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getGroup("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> getGroup("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> search("o=telewest, ou=Groups,
cn=everyone", "cn", "*")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> lookup("o=telewest, ou=Groups,
cn=everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> new JNDI context
The server halted at that line. Can anyone explain that situation?
We are sure that we could connect to the LDAP server since we have a JSP
page connecting to the LDAP using the SUN's jndi-ldap driver. Would that be
a LDAP version problem, if that is so, how could we set the
"java.naming.ldap.version=2" environment variable as I have said in my JSP
page.
Thanks for answering.Yes, sorry by the mistake.
"ramesh" <[email protected]> wrote:
I think Johnny is trying to say : "If you change to SP9" or above...
Try to get a copy of the ldaprealm.properties file from the unzipped
SP8 and
above. It is self explanatory from there. The current ldaprealm.properties
which comes with WLS 5.1 and upto sp7 has been changed in SP8 and above.
Yes my configuration is also same as his.
Hope this helps.
Ramesh
"Johnny Valdez" <[email protected]> wrote in message
news:3b44ebb3$[email protected]..
I recommend you change your service pack to 9, because the 6 has someproblems
with LDAP...
if you change to sp6 you could use this
### Server type
server.alias=microsoft
### Microsoft Site Server
# This follows the default Microsoft Site Server (MSS) schema.
microsoft.server.host=ldapserver.example.com
microsoft.server.principal=cn=Administrator, ou=Members,o=ExampleMembershipDir
# microsoft.server.credential=*secret*
microsoft.user.dn=ou=Members, o=ExampleMembershipDir
microsoft.user.filter=(&(cn=%u)(objectclass=member))
microsoft.group.dn=ou=Groups, o=ExampleMembershipDir
microsoft.group.filter=(&(cn=%g)(objectclass=mgroup))
create a file ldaprealm.properties with this configuration and saveit
into the
Weblogic root directory.
greetings..
"Satya Ghattu" <[email protected]> wrote:
Hello,
I am trying to use an Microsoft site server as my LDAPRealm with weblogic
5.1 sp6, but in vain. Is there anybody out there who configured microsoft
site server with WLS sp6 and lesser? If yes, could you please post
your
configuaration properties?
Thank you,
-satya -
BI Publisher login using Domain - does not recognize from BI Server LDAP
We are using BI Server security for BI Publisher. I have specified 3 LDAP servers within the repository, with domains PUBLIC, AGENT, CORPORATE. I can login to Presentation Services just fine with these domains. ex: AGENT/<user>. However, when I try to login to BI Publisher directly with a domain, it will not work. I can login without the domain just fine. My problem is we have logic we want to run in BI Server based on the domain that a user logs into.
How can I get BI Publisher to recognize a login domain?No it does not. I believe these are two different issues, so I assumed I should create a new thread. This question is simply, how to have BI Publisher recognize that I am using a domain identifier during logon. My other thread was how to default a domain if the user did not specify one. So, I'm going to assume I can't default one. Assume I'm doing nothing in the init blocks but straight LDAP authentication against 3 LDAP servers. BI Publisher is using BI Server security model. Shouldn't BI Publisher accept the entry of a domain during login? ex: CORPORATE/<user>. That is my question. Any help is much appreciated.
-
Basic auth in proxy server breaks managed server form auth
Hi,
I have a proxy server configured in front of 2 managed servers.
The managed servers have secure pages and are using form auth and the
proxy server is working properly. In other words, I point my browser
at the proxy and I end up being services by one of the managed servers.
If I attempt to access a secure page via the proxy I am sent to the form
login page via the proxy.
Now for the problem:
If I configure the proxy server to use basic auth, and secure all
pages in the proxy, I must provide my userid/password to the proxy
server (this is working fine) before I can get to one of the managed
servers. I can get to the welcome page of the managed server (which is
not secure) There is a link to a secure page on the welcome page. When
I click on the link to the secure page, I am sent to the form auth by
the managed server. I authenticate, but I can never see the secure
page. I end up being redirected to the form login page endlessly.
Both the proxy server and the managed server are usign the default
JSESSIONID.
Here is a section of the web.xml for the proxy server:
<servlet>
<servlet-name>HttpClusterServlet</servlet-name>
<servlet-class>weblogic.servlet.proxy.HttpClusterServlet</servlet-class>
<init-param>
<param-name>WebLogicCluster</param-name>
<param-value>${ProxyConfig}</param-value>
</init-param>
<init-param>
<param-name>SecureProxy</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>Debug</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>DebugConfigInfo</param-name>
<param-value>ON</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>JSESSIONID</param-value>
</init-param>
<init-param>
<param-name>CookieName</param-name>
<param-value>wlauthcookie_</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gcmgui/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>applauncher/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>ssoadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>default/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>domainadmin/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>gsc/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>psr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>broadcastclient/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HttpClusterServlet</servlet-name>
<url-pattern>nra/*</url-pattern>
</servlet-mapping>
Here is the proxy debug:
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/jsp/AppLaunche
r.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Remove idle for '30' secs:
ProxyConnection(isSec
ureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Create connection:
ProxyConnection(isSecureProxy
=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:07 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:07 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:07 EDT 2003>: Cookie:
JSESSIONID=1PEosMJQ9ZJrewjj1t5nZfNtYe1e5
pWYbjyBGvZ1ExEY8YoueKTG!-213061352!NONE;
wlauthcookie_=Sf4VoFtpQwG]dTNEh9Yq
<Fri Jul 11 14:40:07 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:07 EDT 2003>: HTTP/1.1 302 Moved Temporarily
<Fri Jul 11 14:40:07 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:07 GMT
<Fri Jul 11 14:40:07 EDT 2003>: Location:
https://localhost:18002/applauncher/un
restricted/jsp/FormLogin.jsp
<Fri Jul 11 14:40:07 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:07 EDT 2003>: Transfer-Encoding: Chunked
<Fri Jul 11 14:40:07 EDT 2003>: ===New Request===GET
/applauncher/unrestricted/j
sp/FormLogin.jsp HTTP/1.1
<Fri Jul 11 14:40:07 EDT 2003>: Found cookie: UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: #### Trying to connect with server
-213061352!10
.68.10.87!1080!10443
<Fri Jul 11 14:40:07 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Recycle connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:07 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:07 EDT 2003>: In-bound headers:
<Fri Jul 11 14:40:07 EDT 2003>: Accept: image/gif, image/x-xbitmap,
image/jpeg,
image/pjpeg, application/vnd.ms-excel, application/msword,
application/vnd.ms-po
werpoint, */*
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Language: en-us
<Fri Jul 11 14:40:07 EDT 2003>: Accept-Encoding: gzip, deflate
<Fri Jul 11 14:40:07 EDT 2003>: User-Agent: Mozilla/4.0 (compatible;
MSIE 6.0; W
indows NT 4.0; H010818)
<Fri Jul 11 14:40:08 EDT 2003>: Host: localhost:18002
<Fri Jul 11 14:40:08 EDT 2003>: Connection: Keep-Alive
<Fri Jul 11 14:40:08 EDT 2003>: Authorization: Basic
cmFwcGVsYmE6b3V0Mmx1bmNo
<Fri Jul 11 14:40:08 EDT 2003>: Cookie:
JSESSIONID=1PEHvo1gQIbwOMuVsU9pJnnvlGBSP
74ZUcSHwazE7domCL8UlVA2!-937872307; wlauthcookie_=UZ]OrXsBP6uEEa[0veSz
<Fri Jul 11 14:40:08 EDT 2003>: HTTP/1.1 200 OK
<Fri Jul 11 14:40:08 EDT 2003>: Out-bound headers:
<Fri Jul 11 14:40:08 EDT 2003>: Date: Fri, 11 Jul 2003 18:40:08 GMT
<Fri Jul 11 14:40:08 EDT 2003>: Server: WebLogic WebLogic Server 8.1
Thu Mar 20
23:06:05 PST 2003 246620
<Fri Jul 11 14:40:08 EDT 2003>: Content-Length: 4238
<Fri Jul 11 14:40:08 EDT 2003>: Set-Cookie:
JSESSIONID=1PEIxJ21oT5H3Z2ilQjPqpq1V
kdOhEnNbbz9wviTtTTZj6IBp29b!-213061352!NONE; path=/
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:08 EDT 2003>: Requeue connection:
ProxyConnection(isSecureProx
y=true): 10.68.10.87:10443, keep-alive='30'secs
<Fri Jul 11 14:40:08 EDT 2003>: Request successfully processed
<Fri Jul 11 14:40:44 EDT 2003>: Trigger remove idle for '35' secs:
ProxyConnecti
on(isSecureProxy=true): 10.68.10.87:10443, keep-alive='30'secs
Thanks,
RobI typically have used Apache Commons HttpClient for anything but trivial URL connections, and especially when combining both basic auth and proxy auth. When you use it, be aware of the "preemptive authentication" flag. One server I worked with didn't send the correct parameters back on particular requests, so I had to turn on this flag to get it to work.
-
Freenx-0.7.3-3 completely breaks freenx server (solved)
Hi.
After happily running freenx for sometime (including installing various updates to it) the latest upgrade stops freenx working - freenx-0.7.3-3-i686.pkg.tar.gz
After going to back to the previous version - freenx-0.7.3-2-i686.pkg.tar.gz it is o.k again.
When trying to connect to the freenx server after the upgrade the client I get this message :-
NX> 203 NXSSH running with pid: 3946
NX> 285 Enabling check on switch command
NX> 285 Enabling skip of SSH config files
NX> 285 Setting the preferred NX options
NX> 200 Connected to address: 194.216.112.15 on port: 3000
NX> 202 Authenticating user: nx
NX> 208 Using auth method: publickey
NX> 204 Authentication failed.
Also I notice that the command nxservice gives (not sure what it did before)
# nxservice
nxservice: error while loading shared libraries: libXcomp.so.3: cannot open shared object file: No such file or directory
Also:-
root@winwinwinwin ~]# /opt/NX/bin/nxsetup --test
----> Testing your nxserver configuration ...
Warning: Could not find nxdesktop in /opt/NX/bin. RDP sessions won't work.
Warning: Could not find nxviewer in /opt/NX/bin. VNC sessions won't work.
Warning: Invalid value "APPLICATION_LIBRARY_PRELOAD=/opt/NX/lib/libX11.so.6.2:/opt/NX/lib/libXext.so.6.4:/opt/NX/lib/libXcomp.so:/opt/NX/lib/libXcompext.so:/opt/NX/lib/libXrender.so.1.2". /opt/NX/lib/libXrender.so.1.2 could not be found. Users will not be able to run a single application in non-rootless mode.
Warning: Invalid value "COMMAND_FOOMATIC=/usr/bin/foomatic-ppdfile"
Users will not be able to use foomatic.
Warning: Invalid value "DEFAULT_X_SESSION=/etc/X11/xdm/Xsession"
Users might not be able to request a default X session.
Warning: Invalid value "COMMAND_START_GNOME=gnome-session"
Users will not be able to request a Gnome session.
Warning: Invalid value "COMMAND_START_CDE=cdwm"
Users will not be able to request a CDE session.
Warning: Invalid value "COMMAND_SMBMOUNT=smbmount". You'll not be able to use SAMBA.
Warning: Invalid value "COMMAND_SMBUMOUNT=smbumount". You'll not be able to use SAMBA.
Warning: Invalid cupsd version of "/usr/sbin/cupsd". Need version 1.2.
Users will not be able to enable printing.
Error: Could not find 1.5.0 or 2.[01].0 or 3.[01].0 version string in nxagent. NX 1.5.0 or 2.[01].0 or 3.[012].0 backend is needed for this version of FreeNX.
Warnings occured during config check.
To enable these features please correct the configuration file.
<---- done
----> Testing your nxserver connection ...
Permission denied (publickey,password).
Fatal error: Could not connect to NX Server.
Please check your ssh setup:
The following are _examples_ of what you might need to check.
- Make sure "nx" is one of the AllowUsers in sshd_config.
(or that the line is outcommented/not there)
- Make sure "nx" is one of the AllowGroups in sshd_config.
(or that the line is outcommented/not there)
- Make sure your sshd allows public key authentication.
- Make sure your sshd is really running on port 3000.
- Make sure your sshd_config AuthorizedKeysFile in sshd_config is set to authorized_keys.
(this should be a filename not a pathname+filename)
- Make sure you allow ssh on localhost, this could come from some
restriction of:
-the tcp wrapper. Then add in /etc/hosts.allow: ALL:localhost
-the iptables. add to it:
$ iptables -A INPUT -i lo -j ACCEPT
$ iptables -A OUTPUT -o lo -j ACCEPT
Anyone know how to fix this ?
cheers
Last edited by yossarianuk (2009-03-31 09:11:29)got it working.....
um, again........
basically -Rcs openssh and freenx (for the 3rd time hehehe) do nothing... copy the key to client and voila......
funny how this happens nicely when a person gets a bettter understanding through studying......
Still interested in tips and that new version..... should be great!
18.08.2008 FreeNX 0.7.3 "Priscilla One Year Edition"
Maybe you are looking for
-
Is 10.2.8 the furthest I can go on G3 MT w/Sonnet G4?
Ironically, I've been a proud Mac user for 14 years, but this is my first post to the Mac discussion forum. Forgive me if this question is one that has been answered elsewhere, but I couldn't find it. Over the last year or so I've been upgrading my G
-
HT1338 Mac pro wont go into sleep mode
My mac pro has to physically be restarted everytime it should go to sleep. I run it through a flat screen TV and when I go to sit down and use my computer the screen is black and the indicater light on the front of my computer is solid, not flashing
-
To avoid Duplicate material entry while making sales order by VA01
Sir / Madam, While making sales order by VA01 , duplicate material also accepted by system .There should be no duplicate material in sales order list. please suggest solution. Thanks.
-
I have viber installed on my iPhone. But whenever I receive a call from Viber, it would not ring. How do I fix this problem? How do I make it ring with incoming call?
-
I'm having problems activating Adobe CS 3?
I don't use it very often so don't need the latest version. The serial number is accepted but it can't seem to get online to activate. Has anyone encountered this problem before or know what I can do? Thank you.