4500-Sup7; SSH and admin VRF only
Hello all.
I may be blind but I've not seen this topic in the documentation; I refer to "Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.3.0SG and IOS 15.1(1)SG"
The Sup7 has a dedicated FastEthernet port which is automatically put into a vrf named "mgmtvrf".
What I want to do is to permit inbound ssh only on this interface (vrf) and not on any other IP owned by the switch...
How can I do that ? By default any feature enabled on the switch is bound to all IP addresses defined in the switch belonging to all vrf...
Technically I want the ssh process to listen only in the admin vrf.
Finally; I couldn't find the way to implement Management Plane Protection in the parser; the following commands doesn't do the job :
control-plane hostmanagement-interface Fa0/1 allow ssh telnet
the "control plane host" doesn't work and there is no "management-interface" subcommand into the "control plane" section.
Has anybody succeeded to implement MPP for the admin port of a SUP7-E in a 4500 ?
I'm running the last version : IOS 15.1 / IOS XE 3.3.0 SG
It seems that it's not documented in the configuration guide.
And the feature navigator seems to be clear : only supported in IOS XR and standard IOS for routers but not switches ??? Even with IOS XE / 15.1 train ?
Similar Messages
-
Old IMAC with 10.5.6 OSX. Forgot Administrator password (which I had already changed.) Followed instructions as per http://support.apple.com/kb/HT1274
Started up from the original OSX install disc 1 and selected "Password reset" from "utilies" in Installer. But HD icon doesn't show up. (Only install disc and admin root available:no good as the support website underscores: Important: Do not select "System Administrator (root)". This is actually the root user. You should not confuse it with a normal administrator account.).
What can I do?
Thanks for your suggestions. AntonioNot familiar with that version of OS X but try using Terminal and type in resetpassword. If that brings up a password reset screen is your original username shown?
-
Menu tabs disappear completely after login and appears if only i press on item node at hire level
I'm using a Menu Model to Create a Page Hierarchy in my adf application on Jdeveloper 11.1.2.3.0
it is in three levels level 1 have 2 item nods (home - Help) displayed as buttons
level 2 contains 5 item nods about the managements displayed as tabs
level 3 is about reports displayed as list
the point I have apply security in the application using Adf security wizard and i assign roles and users and grants
all works fine but level 2 tabs disappear completely after login and appears if only i press on Home item node at run time
I create 2 users (admin) has all roles and can view all tabs in level 2 of my navigation and another user (emp) which can view one Tab page in level 2
Point 1 --the item nod are rendered according the #{securityContext.regionViewable['oracle.view.pageDefs.RentManagPageDef']} (EL ) expression language
and other item nod render property are set as the same but in the page name definition
it works fine
_ Point 2 in my page template I set #{menuInfo.rendered} for renderd property of the command navigation item
it works fine
- point 3 I add a go link in my template to explicit perform log in log out from the app and redirect the user to the required page
Destination is
#{securityContext.authenticated ? "/adfAuthentication?logout=true&end_url=/faces/wearhouse.jsf" : "/adfAuthentication?success_url=/faces/company.jsf"}
and its also works fine
the problem is in the level 2 navigation tabs which is diaper after explicit log in the app directs the user to the correct page successfully
But the tabs are not rendered till I press on home button on Level 1 navigation it appears and it appears correctly cording the logged in user validation
in another words i log in as user (admin) i get directed to the successful log in page in the link go but level 2 tabs are invisible or not rendered at all I click on Home button in level1 navigation the tabs
become rendered or viewable and i navigate normally
I log out as admin the level 2 tabs becomes invisible again
then I log in as (emp) i get directed to the successful log in page and level 2 tabs are still invisible or not rendered
I click on Home button in level1 navigation the only one tab the user emp authorized to it gets rendered (appears)
and its semi correct behavior because this is what I want him to see only
my tries to find solution
I tride to use
#{securityContext.userInRole['division']}
on the menu node item I found same behavior level 2 tabs gets hidden till i click on home link at run time
I tride to use #{securityContext.authenticated} to control item nods rending
all tabs remains visible and i dont want that ain adition if user clicks on a tab of page he has no authority on it i recive server error
I read 30.7 Creating a Login Page in the Fusion Developer's Guide for Oracle Application Development Framework to finde about redirecting user
and it is using the same as i did from adf tutorials
I tried to make new navigation app on fast
maybe i made incorrect change in any stage of my original app
but I found same behavior
I tried to set disabled property instead of rendered property the tabs are always rendered but I got server error when I click on a tab which a user does not authorized
So I doubt maybe problem in the El or the way I use to control rendering item node
or there additional step to stop all the tabs disappear after login
I hope please some one Help or tell me what i have to read about in the developer guide or interface developer guide or article on the web
I'll be gratfule
I know maybe it is small issue but help me pleaseHi,
have a look at the sample that comes with this article: Oracle ADF: Security for Everyone It uses resource remissions to authorize panel tabs.
One test to run is to print the outcome of the security evaluation (e.g. output text) to see what it returns.
Frank -
Is there any way to create admin role only for one resource.
Hi all,
I am trying to create an admin role with 'update user' capability. But I want to restrict the user(with the admin role) to be able to update a user's attribute only for one resource, The user(with the admin role) should not be able to update the attributes of the other resources which a user have.
Is there any way to create admin role only for one resource?
I customized the tabbed user form to show only one resource attribute (deleting the missing fields and adding my tab for the resource) and then assigned this new User Form to the user(with the admin role) in security tab.
It works fine. But the problem is that if any user(with the admin role) is also admin of some other resource then he/she will not be able to view the other resource attributes.
Please suggest,
thanksThe loop function always repeats the same region so of course the fade is also copied. So option+drag the original region to make a (non clone) copy, fade the first region and loop the second one (which you just copied).
-
Lion server on Mac mini server stop responding to ssh and VNC (other services like mail, ical works well)
Version is Lion server 10.7.4
When I attach a monitor to it, I saw all the buttons and menus stopped responding too. I can only push and hold the power button on the box to shutdown.
It only started happening recently.
Anyone has any clue?
Thanks for the help in advance!!!Found that the second hard drive is broken. I have to go to the apple store to have it replaced.
I had to press the power button to turn the server off for several times, then the broken hard drive went disappeared. After that, I had to disable the Spotlight. Then the server went back to work normally.
Now I made a CCC copy of the primary hard drive, and would like to have the server run on the external raid disk (connected through thunderbolt). Does anyone have previous experience with it? Any expectable drawback or issue with this setup? -
Stop managed server without node manager and admin server
What are the commonly used ways to stop managed Weblogic server without node manager running and without administration server running?
(I have only one solution: on the managed server startup dump process ID to a file, and then when I want to stop it, send a signal to this process ID and kill JVM. But it seems not very clean way.)
(The managed server is started when both node manager and admin server are down, and I provide boot.properties of admin server to the managed server to start.)
UPDATED: And I don't want to start neither admin server, nor node manager even temporarily.
Edited by: user12163080 on Jun 24, 2010 4:40 AMHai,
I read the Oracle weblogic wlst script document without Admin server you cannot connect the managed server through the WLST script. see the below lines
"The start command starts Managed Servers or clusters in a domain using Node Manager.
To use the start command, WLST must be connected to a running Administration Server.
To start Managed Servers without requiring a running Administration Server, use the
nmStart command with WLST connected to Node Manager."
"You shut down a server to which WLST is connected by entering the shutdown command
without any arguments.
When connected to a Managed Server instance, you only use the shutdown command to shut
down the Managed Server instance to which WLST is connected; you cannot shut down another
server while connected to a Managed Server instance.
WLST uses Node Manager to shut down a Managed Server. When shutting down a Managed
Server, Node Manager must be running.
In the event of an error, the command returns"
They are two option if you are using adminserver then we can stop the any Managed server.
The option is if you are using the nodemanager without admin server we can stop the any Managed server.
The last final solution to kill the particular Managed server pid.
Regards,
S.vinoth babu -
Sgd + ldap auth + ssh and numeric usernames
Hi there, sorry if there is a well known answer to my problem, bu tI have not found it.
anyway, We have a problem where our customer wants to use purelly numeric usernames to logg in to secure global desktop
From the point of secure global desktop we don't have any problems with this, the problem happens later on with the ssh to solaris (which is set up with ldap authentication) in that I have not been able to get purely numerical logins to work with solaris pam_ldap. Now some of you think that this is not an SGD problem, and that is true, but I was wondering if SGD could help me solve this.
My question is simple, can SGD use a "different" username taken from ldap after it has logged in the user instead of the username tha tthe user provided.
ex.
the user loggs in to SGD with the username 173651
when starting the application , instead of logging in to the application server (via ssh) with username 173651 it should take an other field from ldap that holds the solaris username.
thanks for any answers and hints.Sorry, but you missunderstood my question a bit :-)
What you suggest is a way for the users to type in an other username after logged in to Secure Global desktop, tha tis now what we want
We want this to be done automaticly for us.
First we have changed a bit how the login procedure works, when the user surfs to the SGD server they will not be presented with any choices, they wil be presented with a single login screen, when they have logged in SGD will automaticly start our application.
the problem we have is that we want to use only digits as the login name in SGD, but unforutunally Solaris have some problems with using digits alone in usernames (and especially usernames longer then 8 characters)
so I was hoping that SGD could read from LDAP (we are using LDAP user store, not UNIX) another value that it would use to login to the app server thorugh SSH
for example, when logging in to SGD it loggs in towards the LDAP uid field, but when it starts the application SGD reads some other property from LDAP and sends that to ssh. Solaris is then also authenticating towards SSH and uses the second property to authenticate.
If this cannot be done in Secure global Desktop, I think we will look at using a third party authenticator that can do what we want (hopefully OpenSSO can do this) -
Hello.
in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
I set settings:
in file syslog.conf:
*.info;mail.none;cron.none;audit.notice @IP-Remote-syslog-server-SIEM
in file /etc/security/audit_control:
dir:/var/audit
flags:lo,ad,ex,cc,am,no,fc,fd
minfree:20
naflags:lo
plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
in file /etc/security/audit_user:
root:lo,ad:no
Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
Where is the mistake?You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
And the fix is only available in S11.2.
-- Renaud -
ISE 1.3 -- ASA ssh and anyconnect attribute
Hi,
I've created a compound condition to match the anyconnect client and authorize them as required but the problem is , if the user does not match the anyconnect group and match the ssh group (user group only to ssh the ASA) he get authenticated to anyconnect and get access to the default tunnel group.
anyconnect condition : device type , NAS-PORT-Type=Virtual and Cisco-VPN3000:CVPN3000/ASA/PIX7x-Client-Type=Anyconnect-client
SSH condition : Device type, NAS-PORT-Type=Virtual
basically , if user does not match the anyconnect condition he still can vpn through the SSH condition .
Thanks,
KhaledHi Neno,
I will try to break the problem down. I use AND all the time .
User, NOT part of the VPN group BUT part of the SSH group , if he try to vpn he will be authenticated (default authentication rule, which is not a problem) and will be authorized, but because the VPN authorization does NOT found it will not give access (normal), but as you now the request jump to the next rule to find a match, in this case the next rule is the SSH.
In the SSH rule, the user is configured but not for VPN only for SSH ,he will be granted access to the VPN, he will hit the DEFAULT Tunnel group and by default the DefaultGrupPolicy.
Is there any Unique attribute to lock down the SSH rule to only ssh?
Thanks for your help -
Technical content activation for BI STAT and Admin cockpit
Hi friends,
I am going to setup the IMG call for BI STAT and Admin cockpit. If i run the technical content activation will i need a precaution for other data loading. If i run them in background does it affects other data loads. did i need to take down time for the whole system?
After the implemntation did i need to load data for all infoproviders in quality system.Hello Suresh,
I am not clear on all your questions.
In general, technical content process chains load data similiar to other BI process chains.
if your system is productive for a longer period already ( > 6 months ), there may be a lot of
BI statistics data generated and this will take a longer time to load the technical content cubes during the initial load.
Otherwise, it should not affect system performance.
It is better to schedule them daily to avoid huge data loads.
But these are only guidelines. It depends on your need.
You would need to do separately for quality and production system, if you want the BI stats in those systems. This is similiar to any other Data load and cube and content in BI.
Thanks,
Bilal -
Port forwarding, NAT, SSH and Transmission.
A couple of days ago I decided to setup the Transmission daemon, along with automatization for my downloads. Recently, however, to put a layer of security around my laptop, I set up a wireless router I had lying around that is now connected with a wire to my laptop. The reason for this is that I have no idea how iptables work yet, and until then I decided this will suffice for the moment. One of the problems though (yes, problems seems to come in twenty-fold where my luck is concerned), is that when I rewire my laptop directly to the internet, without the router, NetworkManager or Archlinux doesn't reset the ip address, which for some reason jumps to 192.168.1.122, which it never uses otherwise. I haven't yet tried reinstalling networkmanager, but when I did turn it off, dhcpdcd assigned the same address... The problem here being that it shouldn't assign a LAN-address, I'm directly connected to the internet. Sidenote here though; my internet connection is just a plug in the wall, the operators here (I live on a kind of campus), probably only use a network-switch to relay the traffic to the socket.
That's that, my wired network doesn't work directly, only via the wireless router, wired or wireless. Because of this, I have to use port-forwarding for SSH (to test if the port forwarding works), and the Transmission daemon with an rcmp port of 9091., which was my intention in the first place. I have no idea if logging into my.ip.address.here:9091 in a browser would work, I just used localhost:9091.
Now for the results:
$ nmap -sT xx.xxx.xx.xx
Starting Nmap 5.21 ( http://nmap.org ) at 2010-06-14 19:42 CEST
Nmap scan report for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Host is up (0.038s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
53/tcp open domain
80/tcp open http
9091/tcp filtered unknown
Here it shows that the ports are actually not closed, but they're not exactly opened either, from what I gathered from the internet.
SSH shows the true problem:
$ ssh neal@xxxxxxxx
ssh: connect to host xxxxxxxx port 22: Connection timed out
SSH-ing to 192.168.0.102 (my internal ip) works, as does to localhost, same for Transmission webGUI. Before I used port-forwarding ssh would correctly say that it couldn't get traffic from the router.
My router is a cheap solution to another problem I had, but it should work like any router. It's a Sitecom WL-607. I disabled login authentication for the moment. Also, there is no filtering going on in the firewall. Like I said earlier, I don't get iptables, so that's not being used. The hosts file allows all and denies nothing.
TLDR version; I'm using port-forwarding on my Sitecom WL-607, but all ports except http and the 53 port are being blocked.
Is there something I'm missing here?
Thanks in advance,
Neal van Veen.by default, all routers assign there clients an ip address from there internal pool of addresses, your wireless router is assigning you that address and then NAT's the connection with the WAN side, but even after directly plugging in to the wall socket you still dont get a new ip address, use dhcpcd <mydev> in terminal to reresh dhcp lease. if not then your campus/location/etc may also be using NAT on there own side.
as for the ports, iptables doesnt block any traffic by default, it allows everything. if there is filtering, it is from your wireless router.
on the above ssh and nmap scans, did u use your lan ip, or your public ip. -
Native essbase and admin services
My users are only using Essbase, the AAS Console, and the Excel Add in. It dosn't make much sense to install any additional Hyperion components if they are not used. As a result, I'm considering installing a native version of Essbase 9.3.1. and Admin Services without Shared Services or any other Hyperion components. Is this a viable option considering the lack of use of the other Hyperion products?
If I do this, would I be able to use the Configuration Utility to configure relational storage and start the application server deployment for Admin Services without registering it to Shared Services?
Thanks,
TomHi,
It is certainly possible to use essbase and eas in native mode, I take it you are not going to be using planning or business rules.
You can use the configuration wizard to deploy the application server and configure the database. You could also install and configure shared services but not use it and then if you did ever want to use it you can just convert from native to shared services security mode.
Cheers
John
http://john-goodwin.blogspot.com/ -
Tcp_smallest_anon_port and admin server
DS 5.1sp1+solaris 8
if:
ldap on port 389
admin-serv on port 9345
tcp_smallest_anon_port=8192
there is no problem.
When I change it to:
ldap on port 389
admin-serv on port 9345
tcp_smallest_anon_port=16384
Prolems occurs...., at first I saw directory was up, admin-server starting process was stuck there and after a while, admin-server is up and directory server is down. Here is the log file ( The whole thing happens when the system reboot and I have some script to start DS and admin-server)
[12/Sep/2002:15:33:15 -0400] - iPlanet-Directory/5.1 B2001.326.2041 starting up
[12/Sep/2002:15:33:17 -0400] - Detected Disorderly Shutdown last time Directory Server was running, recovering d
atabase.
[12/Sep/2002:15:33:24 -0400] - slapd started. Listening on all interfaces port 389 for LDAP requests
[12/Sep/2002:15:33:33 -0400] - cos_cache_getref: no cos cache created
[12/Sep/2002:16:35:55 -0400] - Unable to start slapd because it is already running as process 259
[12/Sep/2002:16:35:55 -0400] - Shutting down due to possible conflicts with other slapd processes
Interesting thing is that if I change admin server to 19345 and keep tcp_smaillest_anon_port to 16384, everything goes back normal, not startup problem at all.
I am confused...
Frank
513-52996099It all depends on the protocols being used
548 is Apple File Sharing protocol (afp://server.name)
5900 is Screen Sharing (vnc://server.name)
These ports need to be opened at the destination router, not the local router. You should also be away that this may not be secure.
TimeMachine will want the distant server to be a Mac OS X system with an HFS+ file system.
You could also consider something like Hamachi (VPN)
<http://www.macupdate.com/app/mac/36286/logmein-hamachi>
For a small number of computers and for personal use, it is free to use.
There are other secure remote connection approaches, such as setting up a VPN server on the remote server, or using ssh tunnels to the remote server. -
How do I configure Kwallet to manage SSH and GPG keys? [SOLVED]
I'm using a select few KDE programs (not the DE) such as Kontact (and with that KMail, Korganizer, Kaddressbook...) and Kwallet. I've got a GPG and an SSH key which I need in Git to sign commits and push. I'd like to have Kwallet manage ALL of these passwords/passphrases, (e-mail, SSH, GPG) and only be prompted for a password to unlock my wallet once per session - or better yet, have the wallet unlocked by logging in (like the keychain in OS X). I'm currently using SLiM (systemd, slim.service) as the login manager. I had a glance at this tutorial for inspiration but to no success...
This is my ~/.xinitrc:
#!/bin/sh
if [ -d /etc/X11/xinit/xinitrc.d ]; then
for f in /etc/X11/xinit/xinitrc.d/*; do
[ -x "$f" ] && . "$f"
done
unset f
fi
# Hide mouse cursor when idle
unclutter -idle 4 &
# Background image
hsetroot -fill $HOME/img/08.jpg &
# Window manager
xmonad
This is my ~/.zprofile (failed attempt, fake GPG-key name)
#!/bin/sh
# Load keychain to handle ssh and gpg keys
export SSH_ASKPASS=/usr/bin/ksshaskpass
eval `keychain --eval id_rsa 1234ABCD`
$HOME/.keychain/`hostname`-sh
$HOME/.keychain/`hostname`-sh-gpg
This is my ~/.gnupg/gpg.conf (commented lines not included)
no-greeting
require-cross-certification
charset utf-8
keyserver hkp://keys.gnupg.net
Last edited by totte (2012-10-25 10:49:52)No success so far, really, need more ideas.
Neither of /etc/kde/env/{gpg,ssh}-agent-startup.sh seem to be run by anything automatically on my system upon boot and logging in. I tried going back to the beginning and I got GPG working alright, when signing a commit I was automatically authenticated. SSH however still prompts me by CLI to enter my passphrase when I try to git-push or ssh into a server. I set an empty password for the wallet to have it "unlocked by logging in". I thought setting "export SSH_ASKPASS='/usr/bin/ksshaskpass'" in ~/.zprofile would have it prompt for the password in some manner of Qt window related to Kwallet, but apparently it doesn't. In top both ssh-agent and gpg-agent are displayed as running - but if I run gpg-agent in Konsole I get the output "gpg-agent: no gpg-agent running in this session", ssh-agent on the other hand outputs "SSH_AUTH_SOCK=/tmp/ssh-noaDS3C4AP8M/agent.1830; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1831; export SSH_AGENT_PID;
echo Agent pid 1831;".
Here's my ~/.zprofile, ~/.xinitrc, ~/.gnupg/gpg.conf, ~/.gnupg/gpg-agent.conf and ~/.zshrc (probably irrelevant but included anyway):
~/.zprofile
export EDITOR='vim'
export GIT_EDITOR='vim -fg'
export GPG_TTY=$(tty)
export GREP_COLOR='1;34'
export GREP_OPTIONS='--color=auto'
export LANG='en_GB.UTF-8'
export PAGER='less'
export PINENTRY='/usr/bin/pinentry-kwallet'
export SSH_ASKPASS='/usr/bin/ksshaskpass'
export VISUAL='vim'
~/.xinitrc
#!/bin/sh
if [ -d /etc/X11/xinit/xinitrc.d ]; then
for f in /etc/X11/xinit/xinitrc.d/*; do
[ -x "$f" ] && . "$f"
done
unset f
fi
# Kwallet
kwalletd &
# Keychain (SSH & GPG)
eval `keychain --eval id_rsa 1234ABCD` &
# Hide mouse cursor when idle
unclutter -idle 4 &
# Background image
hsetroot -fill $HOME/img/08.jpg &
# Akonadi
akonadictl start &
# Music Player Daemon
mpd &
# Window manager
xmonad
~/.gnupg/gpg.conf
no-greeting
require-cross-certification
charset utf-8
keyserver hkp://keys.gnupg.net
use-agent
~/.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-kwallet
no-grab
~/.zshrc (probably irrelevant)
# PATH
# System executables
PATH0="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin"
# My executables
PATH1="$HOME/bin"
export PATH="$PATH0:$PATH1"
# COLOURS
autoload colors; colors;
eval "`dircolors -b ~/.dircolorsrc`"
# GENERAL
HISTFILE=$HOME/.zsh_history
HISTSIZE=10000
SAVEHIST=10000
setopt append_history
setopt extended_history
setopt hist_expire_dups_first
setopt hist_ignore_dups
setopt hist_ignore_space
setopt hist_verify
setopt inc_append_history
setopt share_history
setopt prompt_subst
setopt correctall
setopt auto_menu
setopt complete_in_word
setopt always_to_end
setopt extendedglob
# ALIASES
alias rezsh='. ~/.zshrc'
alias _='sudo '
alias l='ls -lh --color'
alias la='ls -lAh --color'
alias -- -='cd -'
alias ..='cd ..'
alias df='df -h'
alias g='git'
alias tmux='tmux attach'
alias cp='cp -v'
alias mv='mv -v'
alias rm='rm -v'
alias rmdir='rmdir -v'
alias d='dirs -v'
bu(){cp -v $1 ${1}.backup}
cmds(){history | awk '{print $2}' | sort | uniq -c | sort -rn | head}
md(){mkdir -p $1; cd $1}
# OS-specific aliases
if [[ $(uname) == "Darwin" ]]; then
# Mac OS X
alias pkgs='port search' # Search
alias pkgi='sudo port install' # Install
alias pkgu='sudo port selfupdate && sudo port upgrade outdated' # Update & Upgrade
alias pkgr='sudo port uninstall --follow-dependencies' # Remove package and unused dependencies
alias pkgl='port installed' # List installed packages
alias python='/usr/local/bin/python3'
alias pip='pip-3.2'
alias pips='pip-3.2 search'
alias pipi='pip-3.2 install'
alias pipu='pip-3.2 install -U'
alias pipr='pip-3.2 uninstall'
alias pipl='pip-3.2 freeze'
alias v='mvim'
elif [[ $(uname) == "Linux" ]]; then
alias pips='pip search'
alias pipi='pip install'
alias pipu='pip install -U'
alias pipr='pip uninstall'
alias pipl='pip freeze'
alias v='vim'
case $(lsb_release -d | cut -f2 | cut -d " " -f1) in
(Arch) # Arch Linux
alias equa='alsamixer -D equal'
alias pkgs='pacman -Ss' # Search
alias pkgi='sudo pacman -S' # Install
alias pkgu='sudo pacman -Syu' # Update & Upgrade
alias pkgr='sudo pacman -Rns' # Remove package, configuration backups and unused dependencies
alias pkgl='pacman -Q' # List installed packages
alias pkgd='whoneeds' # List packages depending on specified package
alias poweroff='sudo systemctl poweroff'
alias reboot='sudo systemctl reboot'
alias nw='wicd-curses'
(Debian|Ubuntu) # Debian and Ubuntu
alias pkgs='aptitude search' # Search
alias pkgi='sudo aptitude install' # Install
alias pkgu='sudo aptitude update && sudo aptitude upgrade' # Update & Upgrade
alias pkgr='sudo aptitude purge' # Remove package, configuration files and unused dependencies
alias pkgl='aptitude search -F "%p" "~i"' # List installed packages
alias reboot='sudo shutdown -r now'
alias shutdown='sudo shutdown -h now'
esac
fi
# Host-specific aliases
if [[ ${HOST:r} == "betre" ]]; then
alias poff='sudo /sbin/write-magic 0xdeadbeef && sudo /sbin/reboot'
fi
# TAB COMPLETION
autoload compinit
compinit
# Case-insensitive (all),partial-word and then substring completion
zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=*' 'l:|=* r:|=*'
zstyle ':completion:*:*:*:*:*' menu select
zstyle ':completion:*:cd:*' tag-order local-directories directory-stack path-directories
cdpath=(.)
# Use /etc/hosts and known_hosts for hostname completion
[ -r /etc/ssh/ssh_known_hosts ] && _global_ssh_hosts=(${${${${(f)"$(</etc/ssh/ssh_known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
[ -r ~/.ssh/known_hosts ] && _ssh_hosts=(${${${${(f)"$(<$HOME/.ssh/known_hosts)"}:#[\|]*}%%\ *}%%,*}) || _ssh_hosts=()
[ -r /etc/hosts ] && : ${(A)_etc_hosts:=${(s: :)${(ps:\t:)${${(f)~~"$(</etc/hosts)"}%%\#*}##[:blank:]#[^[:blank:]]#}}} || _etc_hosts=()
hosts=(
"$_global_ssh_hosts[@]"
"$_ssh_hosts[@]"
"$_etc_hosts[@]"
`hostname`
localhost
zstyle ':completion:*:hosts' hosts $hosts
# KEYBINDINGS
bindkey '^[[A' history-beginning-search-backward
bindkey '^[[B' history-beginning-search-forward
bindkey "^[[H" beginning-of-line
bindkey "^[[1~" beginning-of-line
bindkey "^[OH" beginning-of-line
bindkey "^[[F" end-of-line
bindkey "^[[4~" end-of-line
bindkey "^[OF" end-of-line
# Make the delete key (or Fn + Delete on the Mac) work instead of outputting a ~
bindkey '^?' backward-delete-char
bindkey "^[[3~" delete-char
bindkey "^[3;5~" delete-char
bindkey "\e[3~" delete-char
# TITLES
tmux_title="%16<..<%~%<<"
term_tab_title="%m"
term_title="Terminal"
function title(){
if [[ "$TERM" == screen* ]]; then
print -Pn "\ek$tmux_title:q\e\\"
elif [[ $TERM == rxvt* ]] || [[ "$TERM_PROGRAM" == "iTerm.app" ]]; then
print -Pn "\e]2;$term_title:q\a"
print -Pn "\e]1;$term_tab_title:q\a"
fi
function title_precmd(){
title $tmux_title $term_tab_title $term_title
function title_preexec(){
emulate -L zsh
setopt extended_glob
local tmux_title=${1[(wr)^(*=*|sudo|ssh|-*)]}
title $tmux_title $term_tab_title $term_title
# ZSH VCS_INFO MODULE
autoload -Uz vcs_info
#zstyle ':vcs_info:*+*:*' debug true
zstyle ':vcs_info:*' enable git
zstyle ':vcs_info:git*' formats '%fon $(rou)%b%f%c%u%m'
zstyle ':vcs_info:git*' actionformats '%fon $(rou)%b%f:$(rou)%a%f%c%u%m'
zstyle ':vcs_info:git*:*' stagedstr ' (staged)'
zstyle ':vcs_info:git*:*' unstagedstr ' (unstaged)'
zstyle ':vcs_info:git*:*' get-revision true
zstyle ':vcs_info:git*:*' check-for-changes true
zstyle ':vcs_info:git*+set-message:*' hooks git-stash git-untracked
# Display count of stashed changes
function +vi-git-stash(){
local -a stashes
if [[ -s ${hook_com[base]}/.git/refs/stash ]] ; then
stashes=$(git stash list 2>/dev/null | wc -l)
if [[ $stashes > 1 ]] ; then
hook_com[misc]+=" (${stashes} stashes)"
else
hook_com[misc]+=" (${stashes} stash)"
fi
fi
# Display message if untracked files are present
function +vi-git-untracked(){
if [[ $(git rev-parse --is-inside-work-tree 2> /dev/null) == 'true' ]] && \
git status --porcelain | grep '??' &> /dev/null ; then
hook_com[unstaged]+=" (untracked files present)"
fi
function prompt_precmd(){
vcs_info
# PROMPT
# Root or user?
function rou(){
if [[ $UID -eq 0 ]] ; then
echo "%{$fg[magenta]%}"
else
echo "%{$fg[blue]%}"
fi
# Display ± if we're in a git repository and » at all other times
function prompt_character(){
git branch >/dev/null 2>/dev/null && echo '%{$fg[white]%}±%{$reset_color%}' && return
echo '%{$fg[white]%}»%{$reset_color%}'
# Set the prompt
function set_prompt(){
PROMPT="$(rou)%n %{$reset_color%}at $(rou)%m %{$reset_color%}in $(rou)%~ ${vcs_info_msg_0_}
%{$reset_color%}$(prompt_character) "
# HOOKS
autoload -U add-zsh-hook
add-zsh-hook preexec title_preexec
add-zsh-hook precmd title_precmd
add-zsh-hook precmd prompt_precmd
add-zsh-hook precmd set_prompt -
FQDN of Tenant and Admin sites not "sticking"
I have one host running all of the services + admin site (two IPs, one for admin, one for everything else): wapservices.domain.local (everything else); wapadmin.domain.local (admin site)
I have another host running only the tenant stuff: wapportal.domain.local
I changed the Bindings of the Tenant site and Admin site to be on port 443 (of their respective IPs) and I can initially navigate to them. However, when it goes to the authentication it then redirects back to the non-existing original Ports (30071 and 30091
respectively). How do I get it to use 443 permanently?
I tried the following (for admin):
Import-Module -Name MgmtSvcConfig
$dbserver = "WAPSERVICES\WAPSQL"
Set-MgmtSvcFqdn -Namespace "AdminSite" -FullyQualifiedDomainName "wapadmin.domain.local" -Port 443 -Server "$dbserver"
Set-MgmtSvcRelyingPartySettings -DisableCertificateValidation –Target Admin –MetadataEndpoint 'https://wapservices.domain.local:30072/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString "Data Source=$dbserver;User ID=sa;Password=*******"
Set-MgmtSvcIdentityProviderSettings -DisableCertificateValidation –Target Windows –MetadataEndpoint 'https://wapadmin.domain.local/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString "Data Source=$dbserver;User ID=sa;Password=*******"
And the following (for tenant):
Import-Module -Name MgmtSvcConfig
$dbserver = "WAPSERVICES\WAPSQL"
Set-MgmtSvcFqdn -Namespace "TenantSite" -FullyQualifiedDomainName "wapportal.domain.local" -Port 443 -Server "$dbserver"
Set-MgmtSvcFqdn -Namespace "AuthSite" -FullyQualifiedDomainName "wapportal.domain.local" -Port 444 -Server "$dbserver"
Set-MgmtSvcRelyingPartySettings -DisableCertificateValidation –Target Tenant –MetadataEndpoint 'https://wapportal.domain.local:444/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString "Data Source=$dbserver;User ID=sa;Password=******"
Set-MgmtSvcIdentityProviderSettings -DisableCertificateValidation –Target Membership –MetadataEndpoint 'https://wapportal..domain.local/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString "Data Source=$dbserver;User ID=sa;Password=******"
Using Get-MgmtSvcFQDN returns the right FQDN / port combo.
Navigating to https://wapadmin.domain.local eventually results in https://wapservices.domain.local:30091/
https://wapportal.domain.local results in https://wapportal.domain.local:30071 in the end.Take a look at this blog post by my mate Flemming, where we are using SNI for port 443 on all our sites: http://flemmingriis.com/windows-azure-pack-publishing-using-sni/
Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )
Maybe you are looking for
-
ATI e-mail told me to come here about the G4 card
I helped a friend to get a computer and one of the things he got was a nice new shiny MSI G4 MX440 card with 64megs of DDR RAM and TV out!. It has been about 1 year and 3 months now and one day his computer started sounding funny. He called me up and
-
Also I got problems at Eye TV - export. If I choose the "iPod"-Export-Settings, the exportet file will not be played in quicktime. Maybe there are some Quicktime problems? I use the latest updates for all..... many thanks for your help in advance!!!!
-
How to create a floating header
I would like to have a sym as a header with all its elements float as the page is scrolled vertically.... Is there any way to achieve this? Thanks
-
Hello. i have a problem with my macbook pro, it happened last night. my computer was so logged in starting up,I decided to shut it down. this morning, when I opened my laptop,it was still so slow, moreover;I cant open folders,itunes.,system ref. hel
-
Intel 945GM display driver problem after installing Vista on A100 PSAA8
After upgrading to Vista on Satellite *A100-207 PSAA8E-180049EN*, display adaptor "*Mobile Intel(R) 945GM Express Chipset Family*" does not work. In Device Manager, it reports "*This device cannot find enough free resources that it can use. (Code 12)