Users refused SSH connection of home directory server.
I have an odd situation when using SSH connections for secure FTP file
access on my NW6.5 servers.
I've got two main data servers. Both are identical in setup: NW6.5SP8/eDir
8.8SP5 VM's running on identical Dell PE1950's attached to a Hitachi SAN
array.
One server hosts the users' home folders, the other holds data shared across
the enterprise.
I have a third data server at a remote campus.
With the server that hosts the user's home folders, I've several accounts
that are not able to connect. The server logs indicate a failed password.
That same user, however, can log in successfully to either the server that
holds shared data or the server at the remote site.
Due to the nature of how Novell implements SSH, once they've logged in,
they're attached to their home folder on the server that will not allow them
direct connection.
Since this issue does not affect all users, I don't understand where the
issue lies.
The sshd_config file on both servers are identical.
Not sure if it's applicable to this issue, but SDIDIAG reports no problems
on either server.
The entries from the respective log files:
Home directory server:
30 Mar - 19:02:36[0080892840] (4983b0e0)SSHD Session 1 <118429> : Failed
password for xxxxx from xxx.xxx.xxx.xxx port 1525 ssh2
30 Mar - 19:02:36[0080892840] (4983b0e0)SSHD Session 1 <118429> fatal: Read
from socket failed: Error 0
Shared data server:
30 Mar - 19:03:19[0080892523] (40e601c0)SSHD Shell 109 <109376> :
[email protected]:1526 - SFTP connection(109376) accepted.
30 Mar - 19:03:19[0080892522] (40d074e0)SSHD Session 1 <109376> : subsystem
request for sftp
30 Mar - 19:03:18[0080892522] (40d074e0)SSHD Session 1 <109376> : Accepted
password for xxxxx from xxx.xxx.xxx.xxx port 1526 ssh2
In the past I've collected iMonitor traces, but could find anything concrete
that points to a system issue.
That said, I can't remember what all I set up in the trace configuration
beyond NMAS and LDAP, so I may have been looking for the wrong thing.
Any ideas of where to look for problems are welcome.
Grant,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/
Similar Messages
-
I want to be able to setup a user mobile account, with the home directory stored locally and not synced to the server. What is the best way to do this? I am running Server 10.6 with 10.6 clients. Open Directory will be used to authenticate and manage preferences. Also, this one account will be used simultaneosly in a computer lab setting, so files will be stored locally in the client, hence the need to NOT sync to the server. Any Ideas?
currofelix wrote:
So what does WGM Look like in the Home Tab? afp://servername.domainname/Users? or afp://Users?
The attached screen shots should help you:
You will only have to do this step once. Obviously you want to use the user's shortname here.
Then, you will see this as an option in WGM: -
WS-6509 refusing SSH connections via TACACS+ 5.5
Hello everyone, we have our Core 6509's using AAA with TACACS+ version 5.5 appliance.
We have 4 appliances 2 each in 2 locations.
We have an issue where 6509's refuse to authorize/authenticate valid users for ssh connections.
When you ssh to the device you can enter your password but ssh tectia just closes or you see the login banner and "Authorization denied" and ssh closes.
The switches have there tacacs-server settings pointing to all four TACACS+ devices.
Occasionally one or both will attempt to use one of the 2 non local TACACS+ servers to authenticate/athorize connections.
You can login from the console if you interrupt it's connection to TACACS by disconnecting the fiber connections momentarily.
Has anyone seen something like this before?
This happens once or twice a year.
ejThat's the funny part, TACACS shows green stating that I'm passing all the checks.
When I select the magnifying glass I see "passed" in green at the top.
when I check "Evaluating Identity Policy" it says.
Matched Default Rule
Selected Identity Store - Internal Users
Authenticating user against Active Directory
Could not establish connection with ACS Active Directory agent
Looking up User in Internal Users IDStore - "My username"
Found User in Internal Users IDStore
Wrong password or invalid shared secret
The advanced option that is configured for a failed authentication request is used.
The 'Continue' advanced option is configured in case of a failed authentication request.
But I'm able to access all other switches so my AD username/password are correct.
At first I was unable to access it's pair. After we did a hard reset on one of the ACS's that was resolved.
But I still can't get into the other pair.
ej -
How to stop the removing a user account and saving the home directory to a disk image?
I tried to delete one of two administers on my iMac (10.10.1). After more than 12 hours it will not let me quit System Preferences for it "is removing a user account and saving the home directory to a disk image". How do I finish deleting the administer and quit System Preferences?
I would recommend asking them in C# forums: https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=csharpgeneral&filter=alltypes&sort=lastpostdesc
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Chagne Home Directory Server's Host Name
I've tried to change the server's host name, and re-shared the home directory location so that in Workgroup manager, it will show up as a choice for the home folder location.
After I selected the new location (with all the folders still in the same place), and tried loggin in as any user, it gives me an error saying there's a problem logging in.
What should I do?
(if I change everything back, everything works fine, but I'll need to change the host name eventually)Found a solution to avoid changing the Directory Server's name.
-
Network user can't see local home directory
Hi there,
I have a Mac Mini running Lion Server with Directory Services turned on. I've been using this to allow network users to log into Lion clients, as well as set up mobile accounts. This has been working fine.
Now I've just created a new network user for use with a Mountain Lion client and have experienced some strangeness with this new user's home directory. The binding to the directory was fine, and the credentials for the network user were fine. However, when logged in, this new user has his home drive mapped to /Network/Servers/<servername>/Users/<username> rather than the expected /Users/<username>. This has bad side-effects. For instance, Chrome tries to save downloads to the server instead of locally.
What I can't work out is why the home directory isn't pointing to a local location. The other users (on Lion) have the same home directories defined in their Open Directory profiles. The only difference is the new user is on Mountain Lion, but I don't think this has any bearing to the problem.
Can anyone offer some advice?
BenjaminSo I took my Mac Mini running OS X 10.8 Server, along with two client laptops: one exhibiting the problem I described, and the other where network logins and home directories worked as intended.
Long story short, the guys at the Bar couldn't figure it out. The user definitions in Open Directory seemed ok, but they still couldn't work out why no local home directories were being created. Not sure if this helps, but in trouble-shooting, we also discovered that trying to login with a network user on the problematic laptop didn't work when the server wasn't on the network. It's as if the server is required to be present.
Anyway, the case has been referred to the business team, which is supposed to have more expertise with OS X Server. -
How to create users with i18n characters in SunONE directory server?
Was trying to create users and groups with i18n characters in SunONE directory server
1. Started LDAP console using -l option
2. Chaged the Locale to Japanese
3. Entered few japanese character as username (meaning internationalization user name)
4. However, I could not able to type the password using the "soft keyboard" that comes with Japanese Locale
5. to overcome with #4, for now, I typed english chars as the password
6. Click OK to save the above username/pwd
7. It says "netscape.ldap.LDAPException: error result (19); value of attribute "uid" contains extended (8-bit) characters"
Has anyone ever created i18n user names in SunONE Directory Provider? Please help...Hi LostLad,
Soryy for my ignorance...Could you please be elaborate on how to remove "uid attribute from 7-bit ASCII plugin?
Thanks in advance.. -
JES connected to existing directory server
Dear all,
We have a mail system which uses sun ldap server
but other components, like MTA, are not from sun.
Recently we want to transform this system to JES,
but we have such a problem.
We dont want to change the current ldap server
because we have hundreds of millions of users
stored in it. If we install the JES, how can we let
the JES recognize the current ldap schema? Is
there any configurations which enables JES to
recognize the existing directory schema?
Thanks for any suggestions you give.
alexAles, JES does require several object classes and attributes. It's pretty flexible about where in the DIT those lie, but unless you can add what it's looking for, you're not likely to be successful.
There's a tool, provided with JES, "comms_dssetup.pl" that prepares a Directory Server for use with JES. -
Directory Utility wont connect to Open Directory Server on Xserv 10.5.1
I am trying to set up the ical service on the xserve, I have the server set up as the OD master when I went into the directory utility app it would not located the server until I changed the search policy to custom which included LDAPv3. Once I did that the server popped up in the directory utility list but it says "server is not responding"
Any one else having this issue or know what might be the solution?Have you tried adding the server to the client using 'servername.local' instead of its DNS name? I have had flaky problems adding clients to the directory server using the DNS name and found using 'servername.local' to be much more reliable.
-
Mail refuses to connect to my Exchange Server
I have an Exchange Server which also functions as an IMAP server. I cannot get mail to connect this server using the IMAP protocol. Thunderbird on the same machine connects to this exchange server just fine using IMAP. And Mail does not have problem connecting to other IMAP servers. Any idea on where I can look to troubleshoot?
I'm in the same boat and have been banging my head against this all day. Have you found an answer yet?
-
Standby GSSM refuse ssh connection
I have 2 GSS-4492R just setup one as primary gssm and the other as standby-gssm. Both are setup with the setup script. The standby refuse both ssh and telnet connections. What have I forgotten?
GSS#show run
interface ethernet 0
ip address #.#.#.# 255.255.255.0
gss-communications
hostname GSS
ip default-gateway #.#.#.#
ip name-server 10.16.0.10
ip name-server 10.16.0.20
ssh enable
no ssh keys
no ssh protocol version 1
telnet enable
ftp enable
snmp-server trap-source ethernet 0
no cnr enable
drp
no enable
terminal-length 23
exec-timeout 150
logging disk enable
logging disk priority Notifications
no logging host enable
logging host priority Warnings
logging facility local5
tacacs-server timeout 5
tacacs-server callerId-info-type hostname
tacacs-server keepalive-enable
GSS #
GSS#
GSS#show ssh
ssh is enabled
no ssh keys
no ssh protocol version 1
GSS#show ssh
ssh is enabled
no ssh keys
no ssh protocol version 1
GSS#show ssh
ssh is enabled
no ssh keys
no ssh protocol version 1
GSS#show enable-passwd-status
GSS enable password is set.
admin password is the same on both boxes.Issue resolved. Somone had used the ip adress allocated for the standby GSS for something else.
-
Wifi refuses to connect to home network
Hello,
I have upgraded to Mountain Lion. Wifi is working well except at home.
- The wifi connects to my home network. However fails to make connection to ISP and Internet.
- Other laptops, iPhones and Macbook (not running on Mountain Lion) connect.
- I can connect to any other wifi network without a problem.
- No issues on via LAN connection
Tried:
- deleting home network from wifi locations
- clean install mountain lion (2x)
- change router settings (channel, MTU, n+g+ b, etc)
- resetting PRAM / SMC ...
Open for suggestions.
Thanks,Dear all,
After contacting the helpdesk they have provided me with the following work around:
Please note that I am a KPN user and have the KPN Experia box. This solution works for me.
http://kpn-customer.custhelp.com/app/answers/detail/a_id/15911
Thanks for all you're help. -
Exteral Users can't connect to the EDGE server
HI All for about a week and half now I've been seeing this error a lot on my event logs. All my external users are no longer able to connect to the DMZ EDGE server with 3 external IP's. They can only use LYNC if they access out VPN. Any suggestions on what
may be the issue???
Log Name: Lync Server
Source: LS Protocol Stack
Date: 4/24/2014 9:07:14 AM
Event ID: 14428
Task Category: (1001)
Level: Error
Keywords: Classic
User: N/A
Computer: LyncEdge.*********.net
Description:
TLS outgoing connection failures.
Over the past 16 minutes, Lync Server has experienced TLS outgoing connection failures 176 time(s). The error code of the last failure is 0x80090330(SEC_E_DECRYPT_FAILURE) while trying to connect to the server "**********.osis.is.local" at address
[10.111.111.8:5061], and the display name in the peer certificate is "Unavailable".
Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate
root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.
Resolution:
Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by DNS refer to
a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.
Thanks Dave WolfVerify root certs exist in the Trusted Root Certification Store.
Also you can refer below links
http://www.shudnow.net/2011/02/01/lync-2010-edge-utilizing-windows-server-2008-r2-federation-tls-issues/
http://theucguru.blogspot.com/2012/03/lync-edge-ls-protocol-stack-14428.html
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical -
System preference crashes when add user for ssh connection...
Hi all, I've enable ssh to all user and it works perfectly. When I try to restrict the access trying to add an user ( clicking on + ) on the share the system preference crash... I have a new mac pro with all update ! Anyone have the same problem ? Thank you, regards.
Message was edited by: egariMHi egariM. Can you post the contents of the crash report?
-
Lumia 620 suddenly refuses to connect to home Wi-F...
My phone has been working great for three months now, but just as of two days ago it will not connect to my WiFi.
It just sits there, connecting, connecting, connecting and never ever actually connecting. Occasionally it says connection unsucessful.
My computers, as well as my family members' phones all connect with no issue.
Yes I have tried restarting router and phone, and trying to connect while phone is charging. Yes I took off the case then again with the back cover over. As well I removed the battery for two minutes then rebooted. Nothing.
No I did not change router settings, no I did not change phone settings regarding wifi.
Absolutely 0 of existing forum threads on this topic anywhere on the internet have been of use; your hep is greatly welcomed!
Solved!
Go to Solution.Somethings to consider would be that some (cheaper) home WiFi enabled routers/modems can accommodate a limited amount of connections. Also if you are connecting at 802.11n it is well possible some other device also connecting on this speeds uses a slightly different protocol as 802.11n is not as standard as we would hope.
Especially Cisco routers are notorious at not allowing connections at some point and needing a reset. You can also try disabling 802.11n in the router and make sure you have the latest firmware for the router installed.
Lastly, try removing the connection details from the phone in Settings > WiFi > advanced settings where you tap and hold the connection, then select delete. Set the connection up again when done.
Click on the blue Star Icon below if my advice has helped you or press the 'Accept As Solution' link if I solved your problem..
Maybe you are looking for
-
How can I use iScroll script on iPad ?
Hi, I'm trying to use this iScroll script to a simple horizontal scroll to the Stage, to be used on iPad, and I cant manage to make it scroll smoothly like it should here. Am I having something wrong ? I've added this script to CompositionReady : $.g
-
Wireless media transfer in Z3 Compact, NOT CONNECTING
Need Help! Using Z compact. Pairing OK but wireless media transfer says NOT CONNECTED. How to solve this? Thanks
-
How to make my CNiGraph to be SingleThread Support?
How to make my CNiGraph to be SingleThread Support? I generate the member varialbe of my CNiGraph using class wizard. In that case, I have CNiGraph m_graph; in a header file of a dialog. If I just make it, CNiGraph m_graph(CNiInterface:ingleThread);
-
How do i post content to Facebook?
Need help!
-
CC Won´t Work, When i open Premiere PRO It Works until i open a project and it closes with no advice
Well i am REALLY dissapointed so far, i just purchased the CC full for one year and i have not been able to use it. First it asks for ******* serials, already did all the steps in the guides you provide. Now i try to open Premiere Pro CC and it close