Limit directory access in GWEB server
Hello all,
we are Using the gweb server to run our analysis web site, and found a security concern. Our web system needs access to the cgi-bin directory and all its sub directories (20+) in order for the system to operate properly, but we have found this also allows any user to be able to do a directory listing and download any files in these directories. Because our system is not using the gweb server for access control, we cannot just deny all access to all theses directories, as it prevents our system from access them as well. We have found a solution to this, but we are hoping to be able to tune it:
if we use the following commands in the access.cfg file we can prevent the list command but allow the system to work properly:
<Directory cgi-bin/*>
AllowOverride all
<Limit GET>
Order deny,allow
deny from all
allow from 127.0.0.1
Satisfy all
</Limit>
</Directory>
however the issue is this only prevent access to the cgi-bin directory and not the sub directories, so someone could still access say cgi-bin/system/
we can not seem to find any syntax in the above command to apply the limits to all the sub folders, and we really don't want to have to create a section for each sub folder, for all of the obvious reasons, including managing new directories in the future, as it seems an easy way of inadvertently opening up security holes if someone forgets/
Any help in simplifying the configuration so that all sub directories are covered by default would be greatly appreciated, please keep in mind that any solution must allow the localhost 127.0.0.1 address to have full access and prevent any other IP address from access.
As always, thank you in advance for any help!
Hello NPI_Chris,
I saw no one had posted a reply to your question- hopefully this will start some activity. I don't have a quick answer so I will need to do some research and get back to you!
Regards,
Claire Reid
National Instruments
Similar Messages
-
Can't login to local NON-admin accounts-Directory Access set to server
I have a strange problem on a set of laptops that I cannot resolve and am hoping someone can help me.
Here is the issue:
I have a set of building laptops (PowerPC, OSX.4.11) that seemingly will not "search locally" in the authentication process. The logins seem to work fine for NETWORK logins to our Open Directory Master xserve, but these machines will not login to any LOCAL non-admin accounts. The local root and local admin account logins do, however, work fine. ?? The remainder of the building computers (Intel iMacs OSX.4.11) appear to have the exact same settings and login fine both locally and via the network home directories.
I have tried the following:
Deleted DirectoryService preferences folder (MacintoshHD-->Library-->Preferences->DirectoryService)
Deleted the mcx cache in Directory Access
Tried adding a new non-admin user to test (still will not login)
Removed and re-created LDAP configuration (all set to custom)
Tried setting the LDAP to the automatic settings ("Add DHCP-supplied LDAP servers to automatic search policies")
Disabled all network connectivity (turned off Airport and disconnected the ethernet cable), still cannot login to local accounts
Tried to bind in LDAP configuration (when I did bind the machine, it would no longer authenticate to the network authentication server, so I did an "unbind" and restarted and it went back to performing the network logins, but still will not login to local non-admin accounts).
Reset passwords in System Prefs and also re-typed them in NetInfo Manager
Deleted login keychains
Deleted mcx.plist
Reinstalled the OS from disk and local logins worked TEMPORARILY--UNTIL I set the LDAP directory access to authenticate to our server (which I also need for the network logins to work),then, the issue started again.
*Same results with both ethernet and wireless connectivity enabled.
*Note: I also manage these local accounts via WGM (installed on the local machine) and even tried disabling that and still no luck.
Please help...I have spent hours and hours trying to find a solution and nothing seems to work! What am I missing??Mostly just a bump...
How about that .local extension, or trailing / ? -
How can we access the file/directory system in the server
Hi friends,
I have made a text editor attached with an audio player for my project.
Both text editor and audio player are implemented in applet and put in to a
jsp page using jsp:plugin. Text editor and player are separate applets running
in the same page and from same server.A client who is using this editor may
want to save the edited text files to the server as well as hear audio files from
directories in the server.
My question is how can we access the file/directory system in the server
like we do in the local machine.When the user cliks save or openfromserver button
in the editor, folder/files in the server must be displayed as we do with FileChooser.
I am using Apache Tomcat 5,wiindows 2000 server, jdk1.5.
manuYou can't access it directly. But your applet can make net connections to the server, and the server can provide that kind of functionality. Generally this is easiest by making HTTP connections and having the server provide the functionality via the web server. (So in your case, JSPs or servlets on the server would list/deliver/create/modify/delete files, and the applets would invoke those JSPs and servlets.
-
Asa 5505, the outside cant access to a server in the inside
hi, i have an Asa 5505, a pc in the outside with the ip 10.1.1.6 cant access to a server in the inside 192.168.1.4, pls help...
this is my conf:
ASA Version 8.0(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 0
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa804-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list 100 extended permit tcp any host 10.1.1.3 eq www
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
<--- More --->
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-613.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 10.1.1.3 192.168.1.4 netmask 255.255.255.255
access-group 100 in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
<--- More --->
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
<--- More --->
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:14e7b74fabc386613ae646b915f60e9e
: end
ciscoasa#Andres
The security level for your inside interface should be 100 ie.
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
After changing that can you
1) ping the outside interface of the ASA from the pc or ping the PC from the ASA
2) I'm assuming you are trying to connect to 10.1.1.3 when you attempt the connection ?
Jon -
Open Directory access from outside of network / internet
Hello all,
Got a question I'd love to get some help on, I have some users who are outside of my network and I'd like them to connect into the open directory on our leopard server so they can use the Shared iCal calendars, addresses, etc.
So my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
Hope that makes sense, I can't seem to find the answers I need in the manuals, if I knew how this was meant to work I could probably have a fair go at figuring out how to actually do it (firewall changes etc)
Thanks in advance for the help
MartinSo my questions are A) Is it possible to connect in from outside the network and get access to the directory without having to have a seperate user account and use our VPN every time you want to connect? - if not is this the only way to do it (would you have to connect via the Mac VPN and then connect to the directory?)
If your OD server is visible from the internet -- i.e., it has a public address -- then you can do this without the VPN. However, it's not advisable to have a server exposed in that fashion.
You would be better off doing this through the VPN:
- Remote user connects to internet at hotel, for example.
- Remote user initiates VPN connection.
- Remote user now has access to iCal server and directory information.
Explain to the users that this information is private to the company, and private company resources are only available through the VPN. Allowing access without the VPN would be similar to the company posting its Employee roster and meeting calendars on the face of the building where any person (or competitor) could see them.
B) is it possible to do this "seamlessly" so that you don't have to change any settings, login details each time you switch between your local user from outside the network and your directory access. (so basically if you are in iCal if you have internet access it will connect you to the directory, without you doing anything extra?)
It's just one extra step: Connect to VPN. You're still the same local user on the computer.
If you're talking about laptop users needing directory access to authenticate when logging into their computers, well...That sounds like a whole other situation.
Hopefully this helps.
Bryan Vines -
Accessing MS Sql Server with Java classes - problem connecting to socket
I found an example at this location which uses java classes to connected to MS Sql Server.
http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
--bummer - it is a login location - so I will include the article
Anyway, the example is using Websphere, but I am still on Jbuilder (will get wsad soon). So I planted the classes from the example in
C:\Borland\JBuilder\jkd1.4\jre\lib\ext\...the classes
Then I copied the code from the example to my jpx project and got an error that it could not connect to the socket. The only thing I changed in the code was the connection string:
--original string from example:
Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
I was getting an error with the 2 argument version of DriverManager - and the second argument here was empty (properties argument). Here was my connection string:
Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
I am only using the 1 argument version of DriverManager. Note that the password=" is blank because my RnD workstation is standalone - no one accesses the sql server except me - so no password. I also left out the last semicolon I noticed. Any suggestions appreciated how I could fix this.
Thanks
source of article:
http://search400.techtarget.com/tip/1,289483,sid3_gci1065992,00.html
iSeries 400 Tips:
TIPS & NEWSLETTERS TOPICS SUBMIT A TIP HALL OF FAME
Search for: in All Tips All search400 Full TargetSearch with Google
PROGRAMMER
Sample code: Accessing MS SQL Server database from the iSeries
Eitan Rosenberg
09 Mar 2005
Rating: --- (out of 5)
Nowadays with the help of Java the iSeries can be integrated with other databases quite easy. This tip shows you how. The code included here uses the free Microsoft driver that can be downloaded from here. (SQL Server 2000 Driver for JDBC Service Pack 3)
If your SQL server does not include the Northwind Sample Database you can find it here.
http://www.microsoft.com/downloads/details.aspx?familyid=07287b11-0502-461a-b138-2aa54bfdc03a&displaylang=en
The download contains the following files:
msbase.jar
mssqlserver.jar
msutil.jar
Those files needs to be copied to the iSeries directories (/home/r_eitan/ExternalJARs).
Here's the directory structure (on the iSeries) for this sample:
/home/r_eitan/ExternalJARs - Microsoft files (msbase.jar,mssqlserver.jar,msutil.jar)
/home/r_eitan/JdbcTest02 - My code (Main.java,Main.class)
The Java code
import java.sql.*;
import java.io.*;
class Main {
* Connect to Microsoft SQL server and download file northWind.products as tab
* seperated file. (products.txt)
public static void main(String args[]) {
try {
PrintStream outPut = new PrintStream(new BufferedOutputStream(new FileOutputStream("products.txt")));
Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver");
//Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://1433", "");
Connection connection = DriverManager.getConnection("jdbc:microsoft:sqlserver://Myserver:1433;User=sa;Password=");
System.out.println("Connection Done");
connection.setCatalog("northWind");
String sqlCmdString = "select * from products";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(sqlCmdString);
ResultSetMetaData resultSetMetaData = resultSet.getMetaData();
int columnCount = resultSetMetaData.getColumnCount();
// Iterate throught the rows in resultSet and
// output the columns for each row.
while (resultSet.next()) {
for (int index = 1; index <=columnCount; ++index)
String value;
switch(resultSetMetaData.getColumnType(index))
case 2 :
case 3 :
value = resultSet.getString(index);
break;
default :
value = """ + resultSet.getString(index) + """;
break;
outPut.print(value + (index < columnCount ? "t" : ""));
outPut.println();
outPut.close();
resultSet.close();
connection.close();
System.out.println("Done");
catch (SQLException exception)
exception.printStackTrace();
catch (Exception exception)
exception.printStackTrace();
--------------------------------------------------------------------------------------------------My guess is that the server's host name isn't right. It necessarily (or even usually) the "windows name" of the computer. Try with the numeric IP address instead (type "ipconfig" to see it).
First aid check list for "connection refused":
- Check host name in connect string.
- Check port number in connect string.
- Try numeric IP address of server host in connect string, in case name server is hosed.
- Are there any firewalls between client and server blocking the port.
- Check that the db server is running.
- Check that the db server is listening to the port. On the server, try: "telnet localhost the-port-number". Or "netstat -an", there should be a listening entry for the port.
- Try "telnet serverhost the-port-number" from the client, to see if firewalls are blocking it.
- If "telnet" fails: try it with the numeric ip address.
- If "telnet" fails: does it fail immediately or after an obvious timeout? How long is the timeout?
- Does the server respond to "ping serverhost" or "telnet serverhost" or "ssh serverhost"? -
LDAP support limited. How to configure Address Book / Directory Access?
I complained to a sysadmin that my LDAP searches were returning very limited information (just surname and e-mail). He replied,
"...[Address Book] can't be configured to query specific attributes, it can't be configured to show specific attributes except for the small set they have elected to permit, ... it doesn't even show cn/commonName which is a compulsory field in the inetOrgPerson schema or ou/organizationalUnitName which is the standard way of distinguishing components of an organization..."
Directory Access seems to offer facilities for requesting specific attributes. I tried mapping them to Address Book fields, but with no improvement in the search results. Any tips?Here is some info I found on manually configuring and mapping schemas.
Configuring LDAP Searches and Mappings
Using Directory Access, you can edit the mappings, search bases, and search scopes that specify how Mac OS X finds specific data items in an LDAP directory. You can edit these settings separately for each LDAP directory configuration listed in Directory Access. Each LDAP directory configuration specifies how Mac OS X accesses data in an LDAPv3 or LDAPv2 directory.
You can edit the mapping of each Mac OS X record type to one or more LDAP object classes.
For each record type, you can also edit the mapping of Mac OS X data types, or attributes, to LDAP attributes.
You can edit the LDAP search base and search scope that determine where Mac OS X looks for a particular Mac OS X record type in an LDAP directory.
IMPORTANT: When mapping Mac OS X user attributes to a read/write LDAP directory domain (an LDAP domain that is not read-only), the LDAP attribute mapped to RealName must not be the same as the first attribute in a list of LDAP attributes mapped to RecordName. For example, the cn attribute must not be the first attribute mapped to RecordName if cn is also mapped to RealName.
For detailed specifications of Mac OS X record types and attributes, refer to "Mac OS X Server Open Directory Administration for Version 10.4 or Later" (available at www.apple.com/server/documentation/).
In Directory Access, click Services.
If the lock icon is locked, click it and type the name and password of an administrator.
Select LDAPv3 in the list of services, then click Configure.
If the list of server configurations is hidden, click Show Options.
Select a server configuration in the list, then click Edit.
Click Search & Mappings.
Select the mappings that you want to use as a starting point, if any.
Click the "Access this LDAPv3 server using" pop-up menu and choose a mapping template to use its mappings as a starting point or choose Custom to begin with no predefined mappings.
Add record types and change their search bases as needed.
To add record types, click the Add button below the Record Types and Attributes list. In the sheet that appears, select Record Types, select one or more record types from the list, and then click OK.
To change the search base and search scope of a record type, select it in the Record Types and Attributes List. Then edit the "Search base" field. Select "all subtrees" to set the search scope to include the entire LDAP directory's hierarchy from the search base down. Select "first level only" to set the search scope to include only the search base and one level below it in the LDAP directory's hierarchy.
To remove a record type, select it in the Record Types and Attributes List and click Delete.
To add a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an object class from the LDAP directory. To add another LDAP object class, you can press Return and enter the name of the object class. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
To change a mapping for a record type, select the record type in the Record Types and Attributes List. Then double-click the LDAP object class that you want to change in the "Map to __ items in list" and edit it. Specify whether to use all or any of the listed LDAP object classes by using the pop-up menu above the list.
To remove a mapping for a record type, select the record type in the Record Types and Attributes List. Then click the LDAP object class that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
Add attributes and change their mappings as needed.
To add attributes to a record type, select the record type in the Record Types and Attributes List. Then click the Add button below the Record Types and Attributes list. In the sheet that appears, select Attribute Types, select one or more attribute types, and then click OK.
To add a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the Add button below "Map to __ items in list" and enter the name of an attribute from the LDAP directory. To add another LDAP attribute, you can press Return and enter the name of the attribute.
To change a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then double-click the item that you want to change in the "Map to __ items in list" and edit the item name.
To remove a mapping for an attribute, select the attribute in the Record Types and Attributes List. Then click the item that you want to remove from the "Map to __ items in list" and click the Delete button below "Map to __ items in list."
To change the order of attributes displayed in the list on the right, drag the attributes up or down in the list.
Click Save Template if you want to save your mappings as a template.
Templates saved in the default location are listed in pop-up menus of LDAP mapping templates the next time the current user opens Directory Access. The default location for saved templates is in the current user's home folder at this path:
~/Library/Application Support/Directory Access/LDAPv3/Templates
Click Write to Server if you want to store the mappings in the LDAP directory so that it can supply them automatically to its clients.
You must enter a search base to store the mappings, a distinguished name of an administrator (for example, uid=diradmin,cn=users,dc=ods,dc=example,dc=com), and a password. If you are writing mappings to an Open Directory LDAP server, the correct search base is "cn=config, suffix" (where suffix is the server's search base suffix, such as "dc=ods,dc=example,dc=com").
The LDAP directory supplies its mappings to Mac OS X clients whose custom search policy includes a connection that's configured to get mappings from the LDAP server. The LDAP directory also supplies its mappings to all Mac OS X clients that have an automatic search policy. For instructions, see Configuring Access to an LDAP Directory and Setting Up Search Policies. -
Directory Access and Permissions
Hi,
I work at a company that's having a problem setting up the new macs (Core 2 Duo iMac 24") our marketing department just ordered.
The rest of our network uses windows, so we have active directory logins for everyone. We've setup the Directory Access on the new iMacs so that marketing users log in using their AD username and pw. The local user account that 10.4 generates is set to be a local admin, but the users are just normal users in AD.
The problem we're having is with setting permissions for some Apps that require changes from the default settings. When I go to set permissions in the Info pane of a folder or app, I open the pull down menu for 'Owner' and go to 'Other...' at the bottom to grab the user from AD (because the user is not available in the top portion where local users can normally be selected). This is where the problem occurs. This opens up the "User Listing" box, which contains a long list of AD usernames, but does not have any AD usernames that were created less than 10 months ago. I checked with my Network Admin, and virtually no settings in terms of creating AD users have changed in the last two years.
I don't know if this is a problem with settings on the AD side or the Mac side, but here's the Mac settings in Directory Access:
+Services: AD is checked+
+Authentication: Custom path selected, our domain is in the list+
+Contacts: Same as Authentication+
+Under AD:+
+Forest and Domain are correct, computer is bound correctly.+
+User Experience:+
+Create mobile account is not selected.+
+Force local home directory on startup is selected.+
+Use UNC path from AD... is selected, smb: is selected as Network protocol.+
+Default user shell is selected as '/bin/bash'+
+Mappings: Nothing selected.+
Administrative:
+Prefer this domain server is checked and correct for our network+
+Allow administration by is checked, domain admins and enterprise admins+
+Allow authentication from any domain in the forest is selected+
Is there anything in these settings that might cause the problem described above, or is the problem something else entirely, maybe on the AD side?
I'm also wondering if anyone knows how to find out where Directory Access is grabbing this list of users from. Perhaps our Network Admin can find out what the problem is given that info.
Thanks,
Gabe
Message was edited by: Gabe SteinI have exactly the same problem and ProtectHome wasn't the solution. "sudo minidlnad" works fine -- TV shows root and /home/blah/blah is accessible. However, I'm not able to make the daemon run as root. Just for testing purposes, I've made all the settings as loose as possible, but TV stills shows minidlna as username and the folder is not available (systemctl status reveals permission denied).
minidlna.service:
[Unit]
Description=minidlna server
After=network.target
[Service]
Type=simple
User=root
Group=root
ExecStart=/usr/bin/minidlnad -S
ProtectSystem=off
ProtectHome=off
PrivateDevices=on
NoNewPrivileges=off
[Install]
WantedBy=multi-user.target
minidlna.conf:
user=root
media_dir=/home/blah/blah
What am I missing here? No possibility to run minidlna as root after the last update any more?
Edit:
Never mind. During all this testing I had forgotten "User=minidlna" to /etc/systemd/system/minidlna.service.d/override.conf. Daemon as root works after removing that line.
Last edited by riivo (2015-03-19 14:38:18) -
[SOLVED] mount.nfs4: access denied by server
Hi folks. I seem to be having a bit of a problem getting nfs4 to work. I am trying to mount a share from alpha (my fileserver) onto charlie (my workstation). Both of these are new Arch systems and I haven't had any nfs working yet, although I have with other distros on the same hardware.
Fileserver (alpha) config:
# /etc/exports
/files 192.164.1.0/24(rw,sync,fsid=0,no_subtree_check)
# /etc/hosts.allow
sshd: 192.168.1.0/255.255.255.0
nfsd: 192.168.1.0/255.255.255.0
rpcbind: 192.168.1.0/255.255.255.0
mountd: 192.168.1.0/255.255.255.0
idmapd: 192.168.1.0/255.255.255.0
statd: 192.168.1.0/255.255.255.0
[General]
Verbosity = 3
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
/dev/sda1 /boot ext3 defaults 0 1
/dev/sda2 swap swap defaults 0 0
/dev/sda5 / ext3 defaults 0 1
/dev/sda6 /var ext3 defaults 0 1
/dev/sda7 /home ext3 defaults 0 1
/dev/sda8 /files ext3 defaults 0 1
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
nfsd /proc/fs/nfsd nfsd rw,nodev,noexec,nosuid 0 0
DAEMONS=(syslog-ng network netfs rpcbind nfs-common nfs-server hal @alsa @crond @openntpd @sshd)
[root@alpha ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda5 19228276 879492 17372036 5% /
none 507792 140 507652 1% /dev
none 507792 0 507792 0% /dev/shm
/dev/sda1 93307 15887 72603 18% /boot
/dev/sda6 19228276 372632 17878896 3% /var
/dev/sda7 19228276 176224 18075304 1% /home
/dev/sda8 902688436 204872 856629640 1% /files
[root@alpha ~]#
Workstation (charlie) config:
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
none /dev/pts devpts defaults 0 0
none /dev/shm tmpfs defaults 0 0
#/dev/cdrom /media/cd auto ro,user,noauto,unhide 0 0
#/dev/dvd /media/dvd auto ro,user,noauto,unhide 0 0
#/dev/fd0 /media/fl auto user,noauto 0 0
UUID=437982b2-5c84-4f53-954d-cf43f8b4e707 / ext3 defaults 0 1
UUID=97d79d76-357a-4f4e-8513-f181bff6af62 /boot ext3 defaults 0 1
UUID=d8525095-9b97-4439-932f-8f4e0236cce1 /home ext3 defaults 0 1
UUID=ffba933b-af93-407c-b1b8-69d1cc5be146 swap swap defaults 0 0
rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
alpha:/ /files nfs4 defaults 0 0
[General]
Verbosity = 3
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
DAEMONS=(syslog-ng network crond alsa hal fam rpcbind nfs-common netfs)
[root@charlie ~]# mount -a
mount.nfs4: access denied by server while mounting alpha:/
[root@charlie ~]#
This happens even after both systems are rebooted. Can anyone spot what I am missing?
Thanks for looking.
Last edited by dgregory46 (2009-10-21 01:04:09)Now I really feel stupid. A little proofreading would have saved me a big headache. In /etc/exports I was exporting to 192.164.1.0/24 while my network is the more standard 192.168.1.0/24.
It works fine now, although I did take phaul's suggestion and added my main share "inside" the nfs4 root. -
Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
General:
Could not connect to the Active Directory.
Active Directory Certificate Services will retry when processing requires Active Directory access.
We have a Windows 2008 Server Enterprise with AD . I would like to enable the service "Certificate Services" that
allow me to enable radius to authenticate users wireless with the active directory.Hi,
Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
Everything for us is exactly the same as szucsati and Racom
NMNM,
Please give us an answer on this as the link provided is absolutely useless.
Thank you. -
Directory access solution - please recommend.
In regards to the site
http://www.myhappypeople.com
I need a simple directory access solution (that hopefully
doesn't let people bookmark an accessed page and go back to it
without logging in again). All I want is for a client to click one
link, which prompts a login/password screen, and based on their
input directs them to a directory/page they are allowed to view.
The DW 8 manual doesn't seem to really tell me how to do
anything but rather sends me in circles on the elements I need
(databases, page with forms, etc).
I've looked into some free CGI scripts, that don't seem to be
easy to update/maintain.
Can anyone offer a suggestion. It's the last thing I need to
figure out to complete this site.Well, there's two ways of doing this: server level and app
level.
You can setup users in IIS and Apache and this will cause the
server to automatically prompt for login. However, this requires
access to the user database on the server and usually admin access
to set file permissions.
The way I prefer to handle it (and I'm not a security expert,
btw) it with a session cookie and an authenication script. I make a
file that checks to see if the session cookie for auth is set. If
not, it sends the user to a login page. I then include this file at
the top of every page I want to protect.
The login is then just a form that posts to a page the
verifies the password and sets the cookie. Now, this technique
isn't foolproof. If you're not using HTTPS, then you are sending
the password in clear text and it could be grabbed by a hacker.
But, for light security, it works pretty well and is easy to
deploy.
<?php
#fire up the session and see if user is logged in.
session_start();
if(isset($_SESSION["LOGGED_IN"]) &&
$_SESSION["LOGGED_IN"] == "TRUE"){
# Do something if needed. I connect to databases here.
}else{
#Redirect non-logged in request
header("location: /admin/login.php");
} -
Get directory structure on CF Server
Hi,
Is there any possibility to view the directory structure of
the CF Server using CF Tags?
E.g. When you are creating a MS Access datasource, it allows
you to Browse to the required directory on the CF Server.
Would be grateful if you could please explain to me how this
can be done using CF.
Thanks and regards,
Yogesh MahadnacHi Prasanth,
Indeed I had used cfdirectory tag to list the directories
well before posting this thread.
The only thing is that I can't get the cftree to display a
windws-explorer tree-like structure where I will also give the
users the possibility to create a folder etc.
Any ideas?
Thanks and regards,
Yogesh -
OEL 6.3 - mount.nfs: access denied by server
Hi,
I am trying to mount an NFS directory on a server running OEL 6.3, pointing to another OEL 6.3 server. I get the following error:
[oracle@csdowmsdb503 etc]$ mount 192.x.x.x:/home/oracle/m501/m501_f /home/oracle/m501_f/
mount.nfs: access denied by server while mounting 192.x.x.x:/home/oracle/m501/m501_f
The UIDs and GIDs on each server match. If we use "nfsvers=3" it work, so it seems to be something specific to vers 4. We would like to not use the vers 3 workaround.
Thanks!Hi,
When I added "- v" I realized it is actually erroring out on vers=4 and defaulting to vers=3 instead. The error it shows is now "No such file or directory."
[oracle@xxx503 m501_g]$ sudo mount -v -t nfs xxx.xxx.xxx.35:/home/oracle/m501/m501_g /home/oracle/m501_g/
mount.nfs: timeout set for Fri Nov 9 10:46:27 2012
mount.nfs: trying text-based options 'vers=4,addr=xxx.xxx.xxx.35,clientaddr=xxx.xxx.xxx.37'
mount.nfs: mount(2): No such file or directory
mount.nfs: trying text-based options 'addr=xxx.xxx.xxx.35'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying xxx.xxx.xxx.35 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying xxx.xxx.xxx.35 prog 100005 vers 3 prot UDP port 37692
xxx.xxx.xxx.35:/home/oracle/m501/m501_g on /home/oracle/m501_g type nfs (rw) -
Error: "Cannot access the web server" with BlazeDS Turnkey
Help! I'm new to Flex and BlazeDS and Eclipse. I was trying to setup a Flex Project using a BlazeDS/Tomcat server running from Eclipse on Windows XP per the example in flexbandit.com/archives/55#comment-269 and in (www.infoq.com/articles/blazeds-intro). I am NOT using the Eclipse Flex plug-in. I'm using Flex Builder for the Flex code.
Here's what I've done:
I installed BlazeDS and tested http://localhost:8400 - That worked.
I setup Tomcat in Eclipse. - That seemed to work.
I created a Dynamic Web Project in Eclipse - That seemed to work.
I created the bare-bones BlazeDS Configuration under the Eclipse project and then created a basic HelloWorld java class.
I added the destination in the “remoting-config.xml” file found in the c:/projects/workspace/ReportGenTool/WebContent/WEB-INF/flex” directory:
<destination id="HelloWorld"> <properties> <source>HelloWorld</source> </properties> </destination>
When I started the application server by clicking on the server's green play button in Eclipse and then tried to open localhost:8400/ReportGenTool, I got the 404 error : The requested source (/ReportGenTool/) is not available which according to the instructions is fine.
Next I created a Flex Project, but when I try to validate the new Flex project configuration, it gives me an error "Cannot access the web server. The server may not be running, or the web root folder or root URL may be invalid."
When I validated the server was running after setting up the BlazeDs Turnkey, I saw the BlazeDS page.
Now when I bring up http://localhost:8400 I get:
Directory Listing for /
Apache Tomcat/6.0.14
My eclipse project is named ReportGenTool and I've overwritten the WebContent directory with the META-INF and WEB-INF directories from the BlazeDS installation (C:\blazeds\tomcat\webapps\blazeds). According to Eclipse the server is running.
My Flex project is named ReportGenTool and is located in another directory away from the Eclipse project directory.
My root folder is: C:\Projects\workspace\ReportGenTool\WebContent
Root URL: is http://localhost:8400/ReportGenTool/
Context root is: /ReportGenTool/
Any idea what might be wrong? What didn't I configure that needs to be configured?
Thanks in advance.This is not working because your router has a direct to your web server that is not through the outside interface which is needed for nat to occur, for this to work you need to setup a loopback interface as nat outside and policy route traffic to there for your server traffic
Bu if your server is internal why do you need nat at all? Can you not use bind with views that might be simpler
M
Sent from Cisco Technical Support iPad App -
Does anyone know if the amount of requests Access can handle at one time is 10 or not? Since Thurs., our web site has been crashing a lot and we think it might be from the amount of traffic we're getting and Access can't keep up, or that Access is limited to only 10 requests at a time. Is there a way to change this limit?
We have 3 Access databases we're using with Cold Fusion. We're thinking that all the requests are adding up and Access just can't handle everything at once. Everyone within our company uses 2 of the databases and the 3rd one is our web site. Search engines seem to keep making requests to our web site all day long. When you add up all these requests, it's probably over 10 for sure at a time.
Has anyone experienced this before? We've been told to switch over to SQL instead of Access. Hopefully this would solve everything and the server wouldn't crash anymore.
When I created my last database called, ECO Register, I remember creating it in Access 2007 and I saved it as .accdb extension, but I could not get connected to it in the Cold Fusion Administrator, so I made it .mdb instead. If our Access databases were the newer version, could that maybe handle more requests at one time? Or do we have to install a newer driver for Access on Cold Fusion to handle more requests? I did see in the Adminstrator page there is a Microsoft Access driver type and a Microsoft Access with Unicode driver type option. What are the differences? I see that we have an SQL driver type in the Administrator page. Do we have to do a lot of set up to make that work? Or do I just connect my Access database to that SQL driver and then update the pages to use SQL?
If anyone could help me out, that would be great. Thanks.
AndyWe've been told to switch over to SQL instead of Access.
You should. Microsoft itself says Access is not designed for server use. Web applications are multi threaded. So when you incorportate a desktop application (which is not designed to handle concurrent users) weird things can start to happen. You should upgrade to SQL Server which is designed for use on servers. Not to mention it is much more powerful.
Or do I just connect my Access database to that SQL driver and then update the pages to use SQL?
No, you need to migrate your Access database to SQL Server first. If you do a search there are plenty of Access to SQL Server migration guides.
Message was edited by: -==cfSearching==-
Maybe you are looking for
-
Installed todays security update, computer will not boot, down
I installed todays security update. now my G3 600mhz 14" iBook, running 10.3.9, will not boot. I have had several symptoms throughout the day. A couple of times it sat there for about an hour with a blank screen. It came up several times with the mes
-
Why does FlashPlayer take over the whole CPU capacity (98%) and slow my PC to a crawl? FP 16.0 r0 Firefox latest can't find version Windows 8.1 Intel i3 No games or vids running
-
Oracle9i AS (invalid user/password,During creating of database)
Hello! I have installed oracle 9i in Advance server 2000 (domain controller) and when i try to create a database (any type) via Database Configration Assistent then during creating of database it give me the message invalid username/password. The poi
-
Cant add music after synchronizing
Hi. After iTunes updated itself a few days ago, I have not been able to add anything to the iPod. I did not really understand why until I attached it to my stationary computer(thought it was iTunes - Windows Vista problems, and the other computer run
-
Website/software issues.....
I'm wondering if there is a reason why Canon has made every single step, from registering my daughter's camera, to accessing the Image Gateway so difficult. I have literally spent three different nights just trying to enable my daughter to use the P