WNA fallback not working

Hi All,
I am working on OAM 11gR2 using OVD 11gR1(ADs on backend) to provide kerberos single sign on.
Following below chapter:
http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/wna.htm#CHDJGJGJ
I have configured kerberos authentication module, kerb auth scheme,custom auth module etc..
Kerberos single sing on is working properly(i.e. when user login to AD domain he is not asked for credentials)
but when i try accessing the application from non-AD domain basic authentication pop-up comes, on submitting the credentials I get following error:
Authentication Failure for user : Testuser, for idstore OVD_DEV_KRB with exception invalid username/password with primary error message javax.naming.AuthenticationException: [LDAP: error code 49 - LDAP Error 49 : Cannot get kdc for realm XXX.YYY.COM]
Do I need to conifgure soething extra which is not given in above doc.
Imp Confg I did:
-in OVD AD Adapter
User Name Attribute: userprincipalname
checked : "use kerberos"
Pass through mode : "Always"
- in OVD datasource
User Name Attribute: sAMAccountName
This is Default Store
Edited by: 974765 on Jan 21, 2013 8:31 PM

Hi All,
Fallback is working now..required changes are-
-in OVD AD Adapter
User Name Attribute: userprincipalname
Do not check : "use kerberos"
Pass through mode : *"Bind Only"*
-Deepika

Similar Messages

Websockets flash fallback not working when secure is true

I am running Coldfusion 11 on a 2008 win server box (IIS7). I have configured websockets in coldfusion using the built in server with all the defaults with the addition of my keystore for the SSL setup.
I am using the the secure="true" on the cfwebsocket tag.
<cfwebsocket name="mySocket" onMessage="defaultmsgHandler" onOpen="openHandler" onError="errorHandler" secure="true"/>
The rest of the websocket code is from the adobe dev connection - http://www.adobe.com/devnet/coldfusion/articles/html5-websockets-coldfusion-pt1.html
My addition is simply the secure attribute.
All works fine, over both SSL and Non SSL (ws / wss) exactly how I expected. The problem came when I was testing it in older browsers < IE 10 etc. The flash fallback is loading up as I can see the element in the html but there is no connection to the websocket server and no data is moved around.
As soon as I remove the secure = true attribute everything is fine. Flash fallback works exactly how I was expecting.
I have all the relevant ports open on the firewall. Flash fallback uses 1243 and it seems to connect when I trace it via wireshark but the connection from flash back to websockets doesnt initiate.
Is it intended to work this way? Am I missing a trick somewhere? Do I need to change something in the crossdomain.xml policies?

It's interesting that it works for you and not me, I'm even more confused now. I did finally think to open up the java console and found the following error:
java.lang.NullPointerException
at oracle.forms.demos.TimeoutPJC._addMouseListeners(TimeoutPJC.java:208)
     at oracle.forms.demos.TimeoutPJC.init(TimeoutPJC.java:180)
     at oracle.forms.handler.UICommon.instantiate(Unknown Source)
     at oracle.forms.handler.UICommon.onCreate(Unknown Source)
     at oracle.forms.handler.JavaContainer.onCreate(Unknown Source)
     at oracle.forms.engine.Runform.onCreateHandler(Unknown Source)
     at oracle.forms.engine.Runform.processMessage(Unknown Source)
     at oracle.forms.engine.Runform.processSet(Unknown Source)
     at oracle.forms.engine.Runform.onMessageReal(Unknown Source)
     at oracle.forms.engine.Runform.onMessage(Unknown Source)
     at oracle.forms.engine.Runform.sendInitialMessage(Unknown Source)
     at oracle.forms.engine.Runform.startRunform(Unknown Source)
     at oracle.forms.engine.Main.createRunform(Unknown Source)
     at oracle.forms.engine.Main.start(Unknown Source)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
I have no clue what that means or how to approach fixing it. I have very little java knowledge!

HA SKU AP fallback is not working

According to the N+1 deployment guide, when the primary controller comes back up/online, the APs on the secundary (HA SKU) controllers should fallback to the primary. During my tests, this did not work. I enabled "AP Fallback" on both primary and secundary (HA SKU) controllers, but the APs remain on the secundary (while the primary was back online). Only after a boot of the secundary, did the APs go back to the primary. Is this normal ?
How long can it take for an AP to fallback ? I waited 10 minutes.
NOTE: the HA SKU is going to server multiple controllers, so he is not configured with the IP or name of any primary controller. I guess it is the AP itself that needs to remember what his primary controller was....
regards,
Geert

see below
- make sure AP SSO is disabled.
>> checked and true
- configure backup controller on the primary. WLC GUI>Wireless>Access points>Global Config
>> is done
- configure high availablity tab on the AP's
- made sure that the names of the WLC on the AP high availablity tab are identical "case sensitive"
>> ha, this is interesting. Are you saying that i need to configure this tab on each and every AP for AP fallback to work ??
>> I thought configuring the global redundancy Wireless -> Global Config would be enough (backup primary controller)
regards,
Geert

ITunes 12.1.1 does NOT work with Windows - Fix??

Hi everyone,
I had issue after issue with the latest iTunes update (12.1.1) not working on my windows 7. It simply would not lunch when clicking on the shortcut to open.
After a fair bit of searching I found this alternative version which seemed to do the trick and now it works:
iTunes 12.1.1.4 for Windows (64-bit - for older video cards) - iTunes64Setup.exe(2015-02-18)

The "for older video cards" installer - which, like most prior "64 bit" versions of iTunes, is actually a 32 bit application with a 64 bit installer - may be a useful fallback if the full 64 bit version does not install or run correctly. Although 12.1.1.4 is a major improvement over 12.1.0.71, there are clearly still some lurking incompatibilities with some 64 bit Windows systems/components. It is, however, a little misleading to say that "iTunes 12.1.1 does NOT work with Windows" - in many cases it works fine without switching to the alternative version. I have the full 64-bit version of 12.1.1.4 running on three systems - two Windows 7 and one Windows 8.1 - no issues with either installation or operation on any of them.

Issue with spamassassin, now mail not working

Hi ! I installed spamtrainer almost two months ago. Been feeding the [email protected] for several weeks now , 700 emails each day at least .
There was very little improvement if none at all. Tried to add "@local_domains_maps = (1)" to amavisd.conf last night thinking it might be the problem , though no virtual domain exist. This was one of the issue on the default Amavisd config. The other one is adding the symbolic link which I already done.
Computer froze while adding the parameter "@local_domains_maps = (1)", so I manually turn off the Power Mac, then mail stopped altogether. The mails are filing up but the clients couldn't send or receive since this incidence .
FF is the maincf. and amavis.conf
All help are greatly appreciated.
mail:/Users/sysadmin root# postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 31457280
mydestination = $myhostname,localhost.$mydomain,localhost,mail.cpplaw.com,cpplaw.com
mydomain = cpplaw.com
mydomain_fallback = localhost
myhostname = mail.cpplaw.com
mynetworks = 127.0.0.1/32,192.168.1.0/24,127.0.0.1
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks permit
smtpd_tls_key_file =
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains =
virtual_transport = virtual
mail:/Users/sysadmin root# postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 31457280
mydestination = $myhostname,localhost.$mydomain,localhost,mail.cpplaw.com,cpplaw.com
mydomain = cpplaw.com
mydomain_fallback = localhost
myhostname = mail.cpplaw.com
mynetworks = 127.0.0.1/32,192.168.1.0/24,127.0.0.1
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks permit
smtpd_tls_key_file =
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains =
virtual_transport = virtual
mail:/Users/sysadmin root#
_______________________Amavisd.cof_________________________
use strict;
# Configuration file for amavisd-new
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.
#Sections:
# Section I - Essential daemon and MTA settings
# Section II - MTA specific
# Section III - Logging
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI - Resource limits
# Section VII - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging
#GENERAL NOTES:
# This file is a normal Perl code, interpreted by Perl itself.
# - make sure this file (or directory where it resides) is NOT WRITABLE
# by mere mortals, otherwise it represents a severe security risk!
# - for values which are interpreted as booleans, it is recommended
# to use 1 for true, and 0 or undef or '' for false.
# THIS IS DIFFERENT FROM OLDER AMAVIS VERSIONS where "no" also meant false,
# now it means true, like any nonempty string does!
# - Perl syntax applies. Most notably: strings in "" may include variables
# (which start with $ or @); to include characters @ and $ in double
# quoted strings, precede them by a backslash; in single-quoted strings
# the $ and @ lose their special meaning, so it is usually easier to use
# single quoted strings. Still, in both cases a backslash need to be doubled
# - variables with names starting with a '@' are lists, the values assigned
# to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
# note the comma-separation and parenthesis. If strings in the list
# do not contain spaces nor variables, a Perl operator qw() may be used
# as a shorthand to split its argument on whitespace and produce a list
# of strings, e.g. qw( one@foo example.com three ); Note that the argument
# to qw is quoted implicitly and no variable interpretation is done within
# (no '$' variable evaluations). The #-initiated comments can not be used
# within the string. In other words, $ and # lose their special meaning
# withing a qw argument, just like within '...' strings.
# - all e-mail addresses in this file and as used internally by the daemon
# are in their raw (rfc2821-unquoted and nonbracketed) form, i.e.
# Bob "Funny" [email protected], not: "Bob \"Funny\" Dude"@example.com
# and not <"@example.com>; also: '' and not ''.
# Section I - Essential daemon and MTA settings
# $MYHOME serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $MYHOME is not used directly by the program. No trailing slash!
#$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
# : $mydomain serves as a quick default for some other configuration settings.
# : More refined control is available with each individual setting further down.
# : $mydomain is never used directly by the program.
$mydomain = 'cpplaw.com'; aol.com'; # (no useful default)
# Set the user and group to which the daemon will change if started as root
# (otherwise just keep the UID unchanged, and these settings have no effect):
$daemon_user = 'clamav'; # (no default; customary: vscan or amavis)
$daemon_group = 'clamav'; # (no default; customary: vscan or amavis)
# Runtime working directory (cwd), and a place where
# temporary directories for unpacking mail are created.
# (no trailing slash, may be a scratch file system)
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
# $helpers_home sets environment variable HOME, and is passed as option
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
# on a normal persistent file system, not a scratch or temporary file system
#$helpers_home = $MYHOME; # (defaults to $MYHOME)
#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)
#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
# set environment variables if you want (no defaults):
$ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary
# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
# both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'
# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
#$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
#$notify_method = $forward_method; # where to submit notifications
# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
# uncomment the approprate settings below if using other setups!
# SENDMAIL MILTER, using amavis-milter.c helper program:
#$forward_method = undef; # no explicit forwarding, sendmail does it by itself
# milter; option -odd is needed to avoid deadlocks
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
# just a thought: can we use use -Am instead of -odd ?
# SENDMAIL (old non-milter setup, as relay):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# prefer to collect mail for forwarding as BSMTP files?
#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
#$notify_method = $forward_method;
# Net::Server pre-forking settings
# You may want $max_servers to match the width of your MTA pipe
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
# Check also the settings of @av_scanners at the end if you want to use
# virus scanners. If not, you may want to delete the whole long assignment
# to the variable @av_scanners, which will also remove the virus checking
# code (e.g. if you only want to do spam scanning).
# Here is a QUICK WAY to completely DISABLE some sections of code
# that WE DO NOT WANT (it won't even be compiled-in).
# For more refined controls leave the following two lines commented out,
# and see further down what these two lookup lists really mean.
#@bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code
#@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
# Lookup list of local domains (see README.lookups for syntax details)
# NOTE:
# For backwards compatibility the variable names @local_domains (old) and
# @local_domains_acl (new) are synonyms. For consistency with other lookups
# the name @local_domains_acl is now preferred. It also makes it more
# obviously distinct from the new %local_domains hash lookup table.
# local_domains* lookup tables are used in deciding whether a recipient
# is local or not, or in other words, if the message is outgoing or not.
# This affects inserting spam-related headers for local recipients,
# limiting recipient virus notifications (if enabled) to local recipients,
# in deciding if address extension may be appended, and in SQL lookups
# for non-fqdn addresses. Set it up correctly if you need features
# that rely on this setting (or just leave empty otherwise).
# With Postfix (2.0) a quick reminder on what local domains normally are:
# a union of domains spacified in: $mydestination, $virtual_alias_domains,
# $virtual_mailbox_domains, and $relay_domains.
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# @local_domains_acl = qw(); # default is empty, no recipient treated as local
# @local_domains_acl = qw( .example.com );
# @local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net );
# @local_domains_acl = ( ".$mydomain", '.example.com', 'sub.example.net' );
# or alternatively(A), using a Perl hash lookup table, which may be assigned
# directly, or read from a file, one domain per line; comments and empty lines
# are ignored, a dot before a domain name implies its subdomains:
#read_hash(\%local_domains, '/var/amavis/local_domains');
#or alternatively(B), using a list of regular expressions:
# $local_domains_re = new_RE( qr'[@.]example\.com$'i );
# see README.lookups for syntax and semantics
# Section II - MTA specific (defaults should be ok)
# if $relayhost_is_client is true, IP address in $notify_method and
# $forward_method is dynamically overridden with SMTP client peer address
# if available, which makes possible for several hosts to share one daemon
#$relayhost_is_client = 1; # (defaults to false)
#$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true)
# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
# (used with amavis helper clients like amavis-milter.c and amavis.c,
# NOT needed for Postfix and Exim)
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
#$unix_socketname = undef; # disable listening on a unix socket
# (default is undef, i.e. disabled)
# (usual setting is $MYHOME/amavisd.sock)
# Do we receive quoted or raw addresses from the helper program?
# (does not apply to SMTP; defaults to true)
#$gets_addr_in_quoted_form = 1; # "Bob \"Funny\" Dude"@example.com
#$gets_addr_in_quoted_form = 0; # Bob "Funny" [email protected]
# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
# when MTA is at the same host, use the following (one or the other or both):
#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )
# when MTA (one or more) is on a different host, use the following:
#@inet_acl = qw(127/8 10.1.0.1 10.1.0.2); # adjust the list as appropriate
#$inet_socket_bind = undef; # bind to all IP interfaces
# Example1:
# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
# permit only SMTP access from loopback and rfc1918 private address space
# Example2:
# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
# 127.0.0.1 10/8 172.16/12 192.168/16 );
# matches loopback and rfc1918 private address space except host 192.168.1.12
# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
# Example3:
# @inet_acl = qw( 127/8
# !172.16.3.0 !172.16.3.127 172.16.3.0/25
# !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
# matches loopback and both halves of the 172.16.3/24 C-class,
# split into two subnets, except all four broadcast addresses
# for these subnets
# See README.lookups for details on specifying access control lists.
# Section III - Logging
# true (e.g. 1) => syslog; false (e.g. 0) => logging to file
$DO_SYSLOG = 0; # (defaults to false)
#$SYSLOG_LEVEL = 'user.info'; # (defaults to 'mail.info')
# Log file (if not using syslog)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 4; # (defaults to 0)
# Customizeable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')
# For a list of available macros see README.customize .
# only log infected messages (useful with log level 0):
# $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])]#
# [? %#V |[? %#F ||, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]#
# |, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]';
# log both infected and noninfected messages (default):
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Select notifications text encoding when Unicode-aware Perl is converting
# text from internal character representation to external encoding (charset
# in MIME terminology)
# to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
#$hdr_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# to be used in notification body text: its encoding and Content-type.charset
#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# Default template texts for notifications may be overruled by directly
# assigning new text to template variables, or by reading template text
# from files. A second argument may be specified in a call to read_text(),
# specifying character encoding layer to be used when reading from the
# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
# Text will be converted to internal character representation by Perl 5.8.0
# or later; second argument is ignored otherwise. See PerlIO::encoding,
# Encode::PerlIO and perluniintro man pages.
# $notify_sender_templ = read_text('/var/amavis/notify_sender.txt');
# $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
# $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
# $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
# $notify_spam_admin_templ = read_text('/var/amavis/notify_spam_admin.txt');
# If notification template files are collectively available in some directory,
# use read_l10n_templates which calls read_text for each known template.
# read_l10n_templates('/etc/amavis/en_US');
# Here is an overall picture (sequence of events) of how pieces fit together
# (only virus controls are shown, spam controls work the same way):
# bypass_virus_checks set for all recipients? ==> PASS
# no viruses? ==> PASS
# log virus if $log_templ is nonempty
# quarantine if $virus_quarantine_to is nonempty
# notify admin if $virus_admin (lookup) nonempty
# notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
# add address extensions for local recipients (when enabled)
# send (non-)delivery notifications
# to sender if DSN needed (BOUNCE) or ($warnvirussender and D_PASS)
# virus_lovers or final_destiny==D_PASS ==> PASS
# DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
# Equivalent flow diagram applies for spam checks.
# If a virus is detected, spam checking is skipped entirely.
# The following symbolic constants can be used in *destiny settings:
# D_PASS mail will pass to recipients, regardless of bad contents;
# D_DISCARD mail will not be delivered to its recipients, sender will NOT be
# notified. Effectively we lose mail (but will be quarantined
# unless disabled). Not a decent thing to do for a mailer.
# D_BOUNCE mail will not be delivered to its recipients, a non-delivery
# notification (bounce) will be sent to the sender by amavisd-new;
# Exception: bounce (DSN) will not be sent if a virus name matches
# $viruses_that_fake_sender_re, or to messages from mailing lists
# (Precedence: bulk|list|junk);
# D_REJECT mail will not be delivered to its recipients, sender should
# preferably get a reject, e.g. SMTP permanent reject response
# (e.g. with milter), or non-delivery notification from MTA
# (e.g. Postfix). If this is not possible (e.g. different recipients
# have different tolerances to bad mail contents and not using LMTP)
# amavisd-new sends a bounce by itself (same as D_BOUNCE).
# Notes:
# D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
# for informing the sender about non-delivery, and how informative
# the notification can be (amavisd-new knows more than MTA);
# With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
# notification, colloquially called 'bounce') - depending on MTA;
# Best suited for sendmail milter, especially for spam.
# With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
# reason for mail non-delivery, but unable to reject the original
# SMTP session). Best suited to reporting viruses, and for Postfix
# and other dual-MTA setups, which can't reject original client SMTP
# session, as the mail has already been enqueued.
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
# Alternatives to consider for spam:
# - use D_PASS if clients will do filtering based on inserted mail headers;
# - use D_DISCARD, if kill_level is set safely high;
# - use D_BOUNCE instead of D_REJECT if not using milter;
# There are no sensible alternatives to D_BOUNCE for viruses, but consider:
# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
# virus storm;
# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
# to D_BOUNCE.
# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
# and D_PASS made settings $warnvirussender and $warnspamsender only still
# useful with D_PASS.
# The following $warn*sender settings are ONLY used when mail is
# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
# Bounces or rejects produce non-delivery status notification anyway.
# Notify virus sender?
#$warnvirussender = 1; # (defaults to false (undef))
# Notify spam sender?
#$warnspamsender = 1; # (defaults to false (undef))
# Notify sender of banned files?
#$warnbannedsender = 1; # (defaults to false (undef))
# Notify sender of syntactically invalid header containing non-ASCII characters?
#$warnbadhsender = 1; # (defaults to false (undef))
# Notify virus (or banned files) RECIPIENT?
# (not very useful, but some policies demand it)
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))
# Notify also non-local virus/banned recipients if $warn*recip is true?
# (including those not matching local_domains*)
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax.
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i );
# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
# - the administrator address may be a simple fixed e-mail address (a scalar),
# or may depend on the SENDER address (e.g. its domain), in which case
# a ref to a hash table can be specified (specify lower-cased keys,
# dot is a catchall, see README.lookups).
# Empty or undef lookup disables virus admin notifications.
$virus_admin = '[email protected]';
# $virus_admin = undef; # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => '', '.' => '[email protected]'};
# $virus_admin = '[email protected]';
# equivalent to $virus_admin, but for spam admin notifications:
#$spam_admin = '[email protected]';# $spam_admin = undef; # do not send spam admin notifications (default)
# $spam_admin = {'not.example.com' => '', '.' => '[email protected]'};
#advanced example, using a hash lookup table:
# - $virus_admin = {
# '[email protected]' => '[email protected]',
# '.sub1.example.com' => '[email protected]',
# '.sub2.example.com' => '', # don't send admin notifications
# 'a.sub3.example.com' => '[email protected]',
# '.sub3.example.com' => '[email protected]',
# '.example.com' => '[email protected]', # catchall for our virus senders
# '.' => '[email protected]', # catchall for the rest
# whom notification reports are sent from (ENVELOPE SENDER);
# may be a null reverse path, or a fully qualified address:
# (admin and recip sender addresses default to $mailfrom
# for compatibility, which in turn defaults to undef (empty) )
# If using strings in double quotes, don't forget to quote @, i.e. \@
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
# 'From' HEADER FIELD for sender and admin notifications.
# This should be a replyable address, see rfc1894. Not to be confused
# with $mailfrom_notify_sender, which is the envelope address and
# should be empty (null reverse path) according to rfc2821.
# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
# $hdrfrom_notify_sender = 'amavisd-new <[email protected]>';
# (defaults to: "amavisd-new <postmaster\@$myhostname>")
# $hdrfrom_notify_admin = $mailfrom_notify_admin;
# (defaults to: $mailfrom_notify_admin)
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
# (defaults to: $mailfrom_notify_spamadmin)
# whom quarantined messages appear to be sent from (envelope sender)
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
# (default is undef)
# Location to put infected mail into: (applies to 'local:' quarantine method)
# empty for not quarantining, may be a file (mailbox),
# or a directory (no trailing slash)
# (the default value is undef, meaning no quarantine)
$QUARANTINEDIR = '/var/virusmails';
#$virus_quarantine_method = "local:virus-%i-%n"; # default
#$spam_quarantine_method = "local:spam-%b-%i-%n"; # default
#use the new 'bsmtp:' method as an alternative to the default 'local:'
#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";
# When using the 'local:' quarantine method (default), the following applies:
# A finer control of quarantining is available through variable
# $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string,
# or a ref to a hash lookup table, or a regexp lookup table object,
# which makes possible to set up per-recipient quarantine addresses.
# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
# per-recipient lookup result from the hash table %$virus_quarantine_to)
# is/are interpreted as follows:
# VARIANT 1:
# empty or undef disables quarantine;
# VARIANT 2:
# a string NOT containg an '@';
# amavisd will behave as a local delivery agent (LDA) and will quarantine
# viruses to local files according to hash %local_delivery_aliases (pseudo
# aliases map) - see subroutine mail_to_local_mailbox() for details.
# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
# * if $QUARANTINEDIR is a directory, each quarantined virus will go
# to a separate file in the $QUARANTINEDIR directory (traditional
# amavis style, similar to maildir mailbox format);
# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
# mailbox. All quarantined messages will be appended to this file.
# Amavisd child process must obtain an exclusive lock on the file during
# delivery, so this may be less efficient than using individual files
# or forwarding to MTA, and it may not work across NFS or other non-local
# file systems (but may be handy for pickup of quarantined files via IMAP
# for example);
# VARIANT 3:
# any email address (must contain '@').
# The e-mail messages to be quarantined will be handed to MTA
# for delivery to the specified address. If a recipient address local to MTA
# is desired, you may leave the domain part empty, e.g. 'infected@', but the
# '@' character must nevertheless be included to distinguish it from variant 2.
# This method enables more refined delivery control made available by MTA
# (e.g. its aliases file, other local delivery agents, dealing with
# privileges and file locking when delivering to user's mailbox, nonlocal
# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
# will not be handed back to amavisd for checking, as this will cause a loop
# (hopefully broken at some stage)! If this can be assured, notifications
# will benefit too from not being unecessarily virus-scanned.
# By default this is safe to do with Postfix and Exim v4 and dual-sendmail
# setup, but probably not safe with sendmail milter interface without
# precaution.
# (the default value is undef, meaning no quarantine)
#$virus_quarantine_to = '[email protected]'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
#$virus_quarantine_to = '[email protected]'; # similar
#$virus_quarantine_to = undef; # no quarantine
#$virus_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^user@example\.com$'i => 'infected@'],
# [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
# [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'],
# [qr/.*/ => 'virus-quarantine'] );
# similar for spam
# (the default value is undef, meaning no quarantine)
#$spam_quarantine_to = '[email protected]';
#$spam_quarantine_to = "spam-quarantine\@$mydomain";
#$spam_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
# [qr/.*/ => 'spam-quarantine'] );
# In addition to per-recip quarantine, a by-sender lookup is possible. It is
# similar to $spam_quarantine_to, but the lookup key is the sender address:
#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam quarantine
# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
# Leave empty to add no header field # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
# (defaults to false)
$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone
#$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
# set $bypass_decode_parts to true if you only do spam scanning, or if you
# have a good virus scanner that can deal with compression and recursively
# unpacking archives by itself, and save amavisd the trouble.
# Disabling decoding also causes banned_files checking to only see
# MIME names and MIME content types, not the content classification types
# as provided by the file(1) utility.
# It is a double-edged sword, make sure you know what you are doing!
#$bypass_decode_parts = 1; # (defaults to false)
# don't trust this file type or corresponding unpacker for this file type,
# keep both the original and the unpacked file
# (lookup key is what file(1) utility returned):
$keep_decoded_original_re = new_RE(
qr'^(ASCII|text|uuencoded|xxencoded|binhex)'i,
# Checking for banned MIME types and names. If any mail part matches,
# the whole mail is rejected, much like the way viruses are handled.
# A list in object $banned_filename_re can be defined to provide a list
# of Perl regular expressions to be matched against each part's:
# * Content-Type value (both declared and effective mime-type),
# including the possible security risk content types
# message/partial and message/external-body, as specified by rfc2046;
# * declared (recommended) file names as specified by MIME subfields
# Content-Disposition.filename and Content-Type.name, both in their
# raw (encoded) form and in rfc2047-decoded form if applicable;
# * file content type as guessed by 'file(1)' utility, both the raw result
# from file(1), as well as short type name, classified into names such as
# .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe, ..., which is always
# beginning with a dot - see subroutine determine_file_types().
# This step is done only if $bypass_decode_parts is not true.
# * leave $banned_filename_re undefined to disable these checks
# (giving an empty list to new_RE() will also always return false)
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension
# qr'.\.(exe|vbs|pif|scr|bat|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
# jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
# vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long
# qr'^\.(exe|zip|lha|tnef)$'i, # banned file(1) types
# qr'^application/x-msdownload$'i, # banned MIME types
# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
# as well as any file name which happens to end with .exe. If only matching
# a file name is desired, but not the short name, a pattern qr'.\.exe$'i
# or similar may be used, which requires that at least one character preceeds
# the '.exe', and so it will never match short file types, which always start
# with a dot.
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# %virus_lovers, @virus_lovers_acl and $virus_lovers_re lookup tables:
# (these should be considered policy options, they do not disable checks,
# see bypas*checks for that!)
# Exclude certain RECIPIENTS from virus filtering by adding their lower-cased
# envelope e-mail address (or domain only) to the hash %virus_lovers, or to
# the access list @virus_lovers_acl - see README.lookups and examples.
# Make sure the appropriate form (e.g. external/internal) of address
# is used in case of virtual domains, or when mapping external to internal
# addresses, etc. - this is MTA-specific.
# Notifications would still be generated however (see the overall
# picture above), and infected mail (if passed) gets additional header:
# X-AMaViS-Alert: INFECTED, message contains virus: ...
# (header not inserted with milter interface!)
# NOTE (milter interface only): in case of multiple recipients,
# it is only possible to drop or accept the message in its entirety - for all
# recipients. If all of them are virus lovers, we'll accept mail, but if
# at least one recipient is not a virus lover, we'll discard the message.
# %bypass_virus_checks, @bypass_virus_checks_acl and $bypass_virus_checks_re
# lookup tables:
# (this is mainly a time-saving option, unlike virus_lovers* !)
# Similar in concept to %virus_lovers, a hash %bypass_virus_checks,
# access list @bypass_virus_checks_acl and regexp list $bypass_virus_checks_re
# are used to skip entirely the decoding, unpacking and virus checking,
# but only if ALL recipients match the lookup.
# %bypass_virus_checks/@bypass_virus_checks_acl/$bypass_virus_checks_re
# do NOT GUARANTEE the message will NOT be checked for viruses - this may
# still happen when there is more than one recipient for a message, and
# not all of them match these lookup tables. To guarantee virus delivery,
# a recipient must also match %virus_lovers/@virus_lovers_acl lookups
# (but see milter limitations above),
# NOTE: it would not be clever to base virus checks on SENDER address,
# since there are no guarantees that it is genuine. Many viruses
# and spam messages fake sender address. To achieve selective filtering
# based on the source of the mail (e.g. IP address, MTA port number, ...),
# use mechanisms provided by MTA if available.
# Similar to lookup tables controlling virus checking, there exist
# spam scanning, banned names/types, and headers_checks control counterparts:
# %spam_lovers, @spam_lovers_acl, $spam_lovers_re
# %banned_files_lovers, @banned_files_lovers_acl, $banned_files_lovers_re
# %bad_header_lovers, @bad_header_lovers_acl, $bad_header_lovers_re
# and:
# %bypass_spam_checks/@bypass_spam_checks_acl/$bypass_spam_checks_re
# %bypass_banned_checks/@bypass_banned_checks_acl/$bypass_banned_checks_re
# %bypass_header_checks/@bypass_header_checks_acl/$bypass_header_checks_re
# See README.lookups for details about the syntax.
# The following example disables spam checking altogether,
# since it matches any recipient e-mail address (any address
# is a subdomain of the top-level root DNS domain):
# @bypass_spam_checks_acl = qw( . );
# @bypass_header_checks_acl = qw( [email protected] );
# @bad_header_lovers_acl = qw( [email protected] );
# See README.lookups for further detail, and examples below.
# $virus_lovers{lc("postmaster\@$mydomain")} = 1;
# $virus_lovers{lc('[email protected]')} = 1;
# $virus_lovers{lc('[email protected]')} = 1;
# $virus_lovers{lc('some.user@')} = 1; # this recipient, regardless of domain
# $virus_lovers{lc('[email protected]')} = 0; # never, even if domain matches
# $virus_lovers{lc('example.com')} = 1; # this domain, but not its subdomains
# $virus_lovers{lc('.example.com')}= 1; # this domain, including its subdomains
#or:
# @virus_lovers_acl = qw( [email protected] !lab.xxx.com .xxx.com yyy.org );
# $bypass_virus_checks{lc('[email protected]')} = 1;
# @bypass_virus_checks_acl = qw( some.ddd !butnot.example.com .example.com );
# @virus_lovers_acl = qw( [email protected] );
# $virus_lovers_re = new_RE( qr'(helpdesk|postmaster)@example\.com$'i );
# $spam_lovers{lc("postmaster\@$mydomain")} = 1;
# $spam_lovers{lc('[email protected]')} = 1;
# $spam_lovers{lc('[email protected]')} = 1;
# @spam_lovers_acl = qw( !.example.com );
# $spam_lovers_re = new_RE( qr'^user@example\.com$'i );
# don't run spam check for these RECIPIENT domains:
# @bypass_spam_checks_acl = qw( d1.com .d2.com a.d3.com );
# or the other way around (bypass check for all BUT these):
# @bypass_spam_checks_acl = qw( !d1.com !.d2.com !a.d3.com . );
# a practical application: don't check outgoing mail for spam:
# @bypass_spam_checks_acl = ( "!.$mydomain", "." );
# (a downside of which is that such mail will not count as ham in SA bayes db)
# Where to find SQL server(s) and database to support SQL lookups?
# A list of triples: (dsn,user,passw). (dsn = data source name)
# Specify more than one for multiple (backup) SQL servers.
# See 'man DBI', 'man DBD::mysql', 'DBD::Pg', ... for details.
# @lookup_sql_dsn =
# ( ['DBI:mysql:mail:host1', 'some-username1', 'some-password1'],
# ['DBI:mysql:mail:host2', 'some-username2', 'some-password2'] );
# ('mail' in the example is the database name, choose what you like)
# With PostgreSQL the dsn (first element of the triple) may look like:
# 'DBI:Pg:host=host1;dbname=mail'
# The SQL select clause to fetch per-recipient policy settings.
# The %k will be replaced by a comma-separated list of query addresses
# (e.g. full address, domain only, catchall). Use ORDER, if there
# is a chance that multiple records will match - the first match wins.
# If field names are not unique (e.g. 'id'), the later field overwrites the
# earlier in a hash returned by lookup, which is why we use '*,users.id'.
# No need to uncomment the following assignment if the default is ok.
# $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
# ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
# ' ORDER BY users.priority DESC';
# The SQL select clause to check sender in per-recipient whitelist/blacklist
# The first SELECT argument '?' will be users.id from recipient SQL lookup,
# the %k will be sender addresses (e.g. full address, domain only, catchall).
# The default value is:
# $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
# ' WHERE (rid=?) AND (sid=mailaddr.id) AND (mailaddr.email IN (%k))'.
# ' ORDER BY mailaddr.priority DESC';
# To disable SQL white/black list, set to undef (otherwise comment-out
# the following statement, leaving it at the default value):
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
# If you decide to pass viruses (or spam) to certain recipients using the
# above lookup tables or using $final_virus_destiny=1, you can set
# the variable $addr_extension_virus ($addr_extension_spam) to some
# string, and the recipient address will have this string appended
# as an address extension to the local-part of the address. This extension
# can be used by final local delivery agent to place such mail in different
# folders. Leave these two variables undefined or empty strings to prevent
# appending address extensions. Setting has no effect on recipient which will
# not be receiving viruses/spam. Recipients who do not match lookup tables
# local_domains* are not affected.
# LDAs usually default to stripping away address extension if no special
# handling is specified, so having this option enabled normally does no harm,
# provided the $recipients_delimiter matches the setting on the final
# MTA's LDA.
# $addr_extension_virus = 'virus'; # (default is undef, same as empty)
# $addr_extension_spam = 'spam'; # (default is undef, same as empty)
# $addr_extension_banned = 'banned'; # (default is undef, same as empty)
# Delimiter between local part of the recipient address and address extension
# (which can optionally be added, see variables $addr_extension_virus and
# $addr_extension_spam). E.g. recipient address <[email protected]> gets changed
# to <[email protected]>.
# Delimiter should match equivalent (final) MTA delimiter setting.
# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
# Setting it to an empty string or to undef disables this feature
# regardless of $addr_extension_virus and $addr_extension_spam settings.
$recipient_delimiter = '+'; # (default is '+')
# true: replace extension; false: append extension
# $replace_existing_extension = 1; # (default is false)
# Affects matching of localpart of e-mail addresses (left of '@')
# in lookups: true = case sensitive, false = case insensitive
$localpart_is_case_sensitive = 0; # (default is false)
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL (RECIPIENT-INDEPENDENT)
# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted
# senders even if the message is recognized as spam. Effectively, for the
# specified senders, message RECIPIENTS temporarily become 'spam_lovers', with
# further processing being the same as otherwise specified for spam lovers.
# It does not turn off inserting spam-related headers, if they are enabled.
# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
# Effectively, for messages from blacklisted senders, spam level
# is artificially pushed high, and the normal spam processing applies,
# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
# reactions to spam, including possible rejection. If the message nevertheless
# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED
# in the 'X-Spam-Status' header field, but the reported spam value and
# set of tests in this report header field (if available from SpamAssassin,
# which may have not been called) is not adjusted.
# A sender may be both white- and blacklisted at the same time,
# settings are independent. For example, being both white- and blacklisted,
# message is delivered to recipients, but is tagged as spam.
# If ALL recipients of the message either white- or blacklist the sender,
# spam scanning (calling the SpamAssassin) is bypassed, saving on time.
# The following variables (lookup tables) are available, with the semantics
# and syntax as specified in README.lookups:
# %whitelist_sender, @whitelist_sender_acl, $whitelist_sender_re
# %blacklist_sender, @blacklist_sender_acl, $blacklist_sender_re
# SOME EXAMPLES:
#ACL:
# @whitelist_sender_acl = qw( .example.com );
# @whitelist_sender_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# NOTE: This is not a reliable way of turning off spam checks for
# locally-originating mail, as sender address can easily be faked.
# To reliably avoid spam-scanning outgoing mail,
# use @bypass_spam_checks_acl .
#RE:
# $whitelist_sender_re = new_RE(
# qr'^postmaster@.*\bexample\.com$'i,
# qr'^owner-[^@]*@'i, qr'-request@'i,
# qr'\.example\.com$'i );
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
#HASH lookup variant:
# NOTE: Perl operator qw splits its argument string by whitespace
# and produces a list. This means that addresses can not contain
# whitespace, and there is no provision for comments within the string.
# You can use the normal Perl list syntax if you have special requirements,
# e.g. map {...} ('one user@bla', '.second.com'), or use read_hash to read
# addresses from a file.
# a hash lookup table can be read from a file,
# one address per line, comments and empty lines are permitted:
# read_hash(\%whitelist_sender, '/var/amavis/whitelist_sender');
# ... or set directly:
# $whitelist_sender{''} = 1; # don't spam-check MTA bounces
map { $whitelist_sender{lc($_)}=1 } (qw(
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
returns.groups.yahoo.com
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
# The same semantics as for global white/blacklisting applies, but this
# time each recipient (or its domain, or subdomain, ...) can be given
# an individual lookup table for matching senders. The per-recipient lookups
# override the global lookups, which serve as a fallback default.
# Specify a two-level lookup table: the key for the outer table is recipient,
# and the result should be an inner lookup table (hash or ACL or RE),
# where the key used will be the sender.
#$per_recip_blacklist_sender_lookup_tables = {
# '[email protected]'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
# '[email protected]'=>[qw( [email protected],org .d2.example,org )],
#$per_recip_whitelist_sender_lookup_tables = {
# '[email protected]' => [qw( [email protected] .other.example.org )],
# '.my1.example.com' => [qw( !foe.other.example,org .other.example,org )],
# '.my2.example.com' => read_hash('/var/amavis/my2-wl.dat'),
# 'abuse@' => { 'postmaster@'=>1,
# '[email protected]'=>1, '[email protected]'=>1 },
# Section VI - Resource limits
# Sanity limit to the number of allowed recipients per SMTP transaction
# $smtpd_recipient_limit = 1000; # (default is 1000)
# Resource limitations to protect against mail bombs (e.g. 42.zip)
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14; # (default is undef, no limit)
# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 1500; # (default is undef, no limit)
# For the cumulative total of all decoded mail parts we set max storage size
# to defend against mail bombs. Even though parts may be deleted (replaced
# by decoded text) during decoding, the size they occupied is _not_ returned
# to the quota pool.
# Parameters to storage quota formula for unpacking/decoding/decompressing
# Formula:
# quota = max($MIN_EXPANSION_QUOTA,
# $mail_size*$MIN_EXPANSION_FACTOR,
# min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
# In plain words (later condition overrules previous ones):
# allow MAX_EXPANSION_FACTOR times initial mail size,
# but not more than MAX_EXPANSION_QUOTA,
# but not less than MIN_EXPANSION_FACTOR times initial mail size,
# but never less than MIN_EXPANSION_QUOTA
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
# Section VII - External programs, virus scanners
# Specify a path string, which is a colon-separated string of directories
# (no trailing slashes!) to be assigned to the environment variable PATH
# and to serve for locating external programs below.
# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
# relative to the chroot directory specified;
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# Specify one string or a search list of strings (first match wins).
# The string (or: each string in a list) may be an absolute path,
# or just a program name, to be located via $path;
# Empty string or undef (=default) disables the use of that external program.
# Optionally command arguments may be specified - only the first substring
# up to the whitespace is used for file searching.
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio';
# SpamAssassin settings
# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
# of the option local_tests_only. See Mail::SpamAssassin man page.
# If set to 1, no tests that require internet access will be performed.
$sa_local_tests_only = 1; # (default: false)
#$sa_auto_whitelist = 1; # turn on AWL (default: false)
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 22.0;
#$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
# The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt
# may also be hashrefs to hash lookup tables, to make static per-recipient
# settings possible without having to resort to SQL or LDAP lookups.
# a quick reference:
# tag_level controls adding the X-Spam-Status and X-Spam-Level headers,
# tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
# kill_level controls 'evasive actions' (reject, quarantine, extensions);
# it only makes sense to maintain the relationship:
# tag_level <= tag2_level <= kill_level
# string to prepend to Subject header field when message exceeds tag2 level
$sa_spam_subject_tag = '*** JUNK MAIL ***'; # (defaults to undef, disables)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)
$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
# Example: modify Subject for all local recipients except [email protected]
#$sa_spam_modifies_subj = [qw( [email protected] . )];
# @av_scanners is a list of n-tuples, where fields semantics is:
# 1. av scanner plain name, to be used in log and reports;
# 2. scanner program name; this string will be submitted to subroutine
# find_external_programs(), which will try to find the full program
# path name; if program is not found, this scanner is disabled.
# Besides a simple string (full program path name or just the basename
# to be looked for in PATH), this may be an array ref of alternative
# program names or full paths - the first match in the list will be used;
# As a special case for more complex scanners, this field may be
# a subroutine reference, and the whole n-tuple is passed to it as args.
# 3. command arguments to be given to the scanner program;
# a substring {} will be replaced by the directory name to be scanned,
# i.e. "$tempdir/parts"
# 4. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating NO VIRUSES found;
# 5. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating VIRUSES WERE FOUND;
# Note: the virus match prevails over a 'not found' match, so it is safe
# even if 4. matches for viruses too;
# 6. a regexp (to be matched against scanner output), returning a list
# of virus names found.
# 7. and 8.: (optional) subroutines to be executed before and after scanner
# (e.g. to set environment or current directory);
# see examples for these at KasperskyLab AVP and Sophos sweep.
# NOTES:
# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
# whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
# (which can be handy if all you want to do is spam scanning);
# - the order matters: although _all_ available entries from the list are
# always tried regardless of their verdict, scanners are run in the order
# specified: the report from the first one detecting a virus will be used
# (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
# - it doesn't hurt to keep an unused command line scanner entry in the list
# if the program can not be found; the path search is only performed once
# during the program startup;
# CORROLARY: to disable a scanner that _does_ exist on your system,
# comment out its entry or use undef or '' as its program name/path
# (second parameter). An example where this is almost a must: disable
# Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
# (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
# program happens to have a name matching one of the entries ('sweep'
# again comes to mind);
# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
# for interfacing (where the second parameter starts with \&).
# Keeping such entry and not having a corresponding virus scanner daemon
# causes an unnecessary connection attempt (which eventually times out,
# but it wastes precious time). For this reason the daemonized entries
# are commented in the distribution - just remove the '#' where needed.
@av_scanners = (
# ### http://www.vanja.com/tools/sophie/
# ['Sophie',
# \&ask_daemon, ["{}/\n", '/var/run/sophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],
# ### http://clamav.elektrapro.com/
# ['Clam Antivirus-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", '/var/amavis/clamd'],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd,
# # match the socket name in clamav.conf to the socket name in this entry
# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
# \&ask_daemon, ["{}/\n", '/var/run/trophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
# ### http://www.f-prot.com/
# ['FRISK F-Prot Daemon',
# \&ask_daemon,
# ["GET {}/*?-dumb%20-archive HTTP/1.0\r\n\r\n",
# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
# '127.0.0.1:10203','127.0.0.1:10204'] ],
# qr/(?i)<summary[^>]*>clean<\/summary>/,
# qr/(?i)<summary[^>]*>infected<\/summary>/,
# qr/(?i)<name>(.+)<\/name>/ ],
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp','kavscanner'],
"-* -P -B -Y -O- {}", [0,3,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
'{}', [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-I0 -Y -* /var/amavis"
# adjusting /var/amavis above to match your $TEMPBASE.
# NOTE: cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
### http://www.hbedv.com/ or http://www.centralcommand.com/
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
# NOTE: remove the -z if you only have a demo version
### http://www.commandsoftware.com/
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],
### http://www.symantec.com/
['Symantec CarrierScan via Symantec CommandLineScanner',
['cscmdline','savsecls'],
'-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/Files Infected: 0/, qr/^Infected: /,
qr/Info:\s+(.+)/ ],
### http://drweb.imshop.de/
['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb',
'-al -ar -fm -go -ha -ml -ot -sd -up {}',
[0], [1], sub {('no-name')} ],
### http://www.f-secure.com/products/anti-virus/
['F-Secure Antivirus', 'fsav',
'--dumb --archive {}', [0], [3,8],
qr/(?:infection|Infected): (.+)/ ],
['CAI InoculateIT', 'inocucmd',
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],
['MkS_Vir daemon',
'mksscan', '-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],
### http://www.nod32.com/
['ESET Software NOD32', 'nod32',
'-all -subdir+ {}', [0], [1,2],
qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
### http://www.nod32.com/
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvccmd',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
### http://www.pandasoftware.com/
['Panda Antivirus for Linux', ['pavcl','pavc'],
'-aut -aex -heu -cmp -nor -nso -eng {}',
qr/Number of files infected\.*: 0(?!\d)/,
qr/Number of files infected\.*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],
# Check your RAV license terms before fiddling with the following two lines!
# ['GeCAD RAV AntiVirus 8', 'ravav',
# '--all --archive --mail {}', [1], [2,3,4,

You are welcome. I'm glad you got it back up.
(1) You say you did the symbolic link. I will assume this is set correctly; it's very important that it is.
(2) I don't know what you mean by "Been feeding the [email protected] for several weeks now, 700 emails each day at least." After the initial training period, SpamAssassin doesn't learn from mail it has already processed correctly. At this point, you only need to teach SpamAssassin when it is wrong. [email protected] should only be getting spam that is being passed as clean. Likewise, [email protected] should only be getting legitimate mail that is being flagged as junk. You are redirecting mail to both [email protected] and [email protected] ... right? SpamAssassin needs both.
(3) Next, as I said before, you need to implement those "Frontline spam defense for Mac OS X Server." Once you have that done and issue "postfix reload" you can look at your SMTP log in Server Admin and watch as Postfix blocks one piece of junk mail after another. It's kind of cool.
(4) Add some SARE rules:
Visit http://www.rulesemporium.com/rules.htm and download the following rules:
70sareadult.cf
70saregenlsubj0.cf
70sareheader0.cf
70sarehtml0.cf
70sareobfu0.cf
70sareoem.cf
70sarespoof.cf
70sarestocks.cf
70sareunsub.cf
72sare_redirectpost
Visit http://www.rulesemporium.com/other-rules.htm and download the following rules:
backhair.cf
bogus-virus-warnings.cf
chickenpox.cf
weeds.cf
Copy these rules to /etc/mail/spamassassin/
Then stop and restart mail services.
There are other things you can do, and you'll find differing opinions about such things. In general, I think implementing the "Frontline spam defense for Mac OS X Server" and adding the SARE rules will help a lot. Good luck!

Fax is not working on H323

Hello All,
I have an issue with fax, it is connected to an fxs port on my h323 gateway. When a call comes from PRI and get connected to fax after I hear the fax tone the fax drops. IOS is Version 15.0(1)M4, and DSP is PVDM3.
My analysis:
The external calls hit gateway and it matches the pots dialpeer where my fax connected to. From the "debug voip vtsp all", I see Primary Fax Protocol=CISCO_FAX_RELAY, which is not enabled and we are using T38 relay and modem passthrough method for faxing. I believe PVDM3 does not work with Cisco Relay and couldn't allocate any dsp resources for the call and it drops. But still I wonder how gateway takes cisco relay.
Config:
voice service voip
allow-connections h323 to h323
fax protocol t38 ls-redundancy 0 hs-redundancy 0 fallback none
h323
emptycapability
modem passthrough nse codec g711ulaw
dial-peer voice 1001 pots
tone ringback alert-no-PI
description PSTN Incoming, Pattern:.
translation-profile incoming PSTN-to-PhoneDN
incoming called-number .
direct-inward-dial
dial-peer voice 999030 pots
tone ringback alert-no-PI
destination-pattern 3027898
progress_ind setup enable 3
port 0/3/0
Output of vtsp debug
Oct 4 20:30:07: //6824/97F0D7BD8350/VTSP:(0/1/0:15):7:1:1/vtsp_dsm_save_fax_config:
   Fax Relay=ENABLED
   Primary Fax Protocol=CISCO_FAX_RELAY, Fallback Fax Protocol=NONE_FAX_RELAY
   Fax Relay CM Suppression :=ENABLED, Fax Relay ANS Suppression :=DISABLED
   Fax Parameters Set By=Dialpeer, Peer=999030 (this is the peer where my fax connected to)
I have converted the port to MGCP and found its working, while faxing I see vtsp outputs
Oct 4 23:57:29: //7181/8FE17FEF8379/VTSP:(0/3/0):-1:1:2/vtsp_dsm_save_fax_config:
   Fax Relay=DISABLED - MGCP Application
   Primary Fax Protocol=IGNORE_FAX_RELAY, Fallback Fax Protocol=IGNORE_FAX_RELAY
   Fax Relay CM Suppression :=ENABLED, Fax Relay ANS Suppression :=DISABLED
   Fax Parameters Set By=MGCP Call Type --> I believe MGCP disabled the cisco fax relay and switch over to T38.
Oct 4 23:57:40: //7181/8FE17FEF8379/VTSP:(0/3/0):-1:1:2/vtsp_dsm_save_fax_config:
   Fax Relay=ENABLED
   Primary Fax Protocol=T38_FAX_RELAY, Fallback Fax Protocol=NONE_FAX_RELAY
   Fax Relay CM Suppression :=ENABLED, Fax Relay ANS Suppression :=DISABLED
   Fax Parameters Set By=MGCP Call Type
Can some one kindly suggest how to make it work on H323, also how we can force disabling cisco fax relay?

As I mentioned earlier, we are using MGCP for that particular fax port and the gateway we use as H323.
Even I'm not pretty sure about using mixed protocol, I believe this gateway gonna used to support call center calls. SInce MGCP is easy for configs they might have confiugred only the port as MGCP endpoint.
Now its not working with both the cases, not in mgcp as well as fallback mode. Can you reveiw the debugs and see why I have to remove "modem passthrough" command from voice service voip section which of our standard config and works well with all other gateway of ours. Please help here.

Blazeds 4.0.0.7548 is not working on Websphere over HTTPS protocol

Hi All
Our application is on Blazeds 4.0.0.7548 deployed on websphere 7.0. While this application works fine on HTTP but it doesn't work consistently on HTTPS. It throws following exception
FaultEvent fault=[RPC Fault faultString="error" faultCode="Channel.Call.Failed" faultDetail="NetConnection.Call.Failed: HTTP: Failed"] messageId="C6ABB836-C505-CAFC-F114-0006E0E0305F" type="fault" bubbles=false cancelable=true eventPhase=2.
Following is the screeshot
I don't see any exception in the logs as well.
HTTP works fine, i only see this exception on HTTPS.
Regards
Ravi

As I mentioned earlier, we are using MGCP for that particular fax port and the gateway we use as H323.
Even I'm not pretty sure about using mixed protocol, I believe this gateway gonna used to support call center calls. SInce MGCP is easy for configs they might have confiugred only the port as MGCP endpoint.
Now its not working with both the cases, not in mgcp as well as fallback mode. Can you reveiw the debugs and see why I have to remove "modem passthrough" command from voice service voip section which of our standard config and works well with all other gateway of ours. Please help here.

(Pulse)Audio? not working (Intel HDMI)

Hi,
so I installed Arch Linux again and have problems with the sound. I think there is a problem with PulseAudio, as test sounds from settings (cinnamon) and using 'aplay -D plughw:0,7 /usr/share/sounds/alsa/Front_Center.wav' work. But when I open music/videos in VLC, Firefox or Clementine, there is no sound, nor are system sounds output.
I tried using headphones and everything works just fine.
I've been searching for a while now and found nothing that could help me. I can't figure out, what's wrong.
Previously I used an AMD graphics card and had no problems with sound and HDMI. Also I can't remember doing something special when I installed and used Arch back then. Now I use the HD3000 graphics included in my Intel Core i7-2600k. I need HDMI because I use an A/V-receiver.
Thank you in advance

There is already a default sink set under ~/.config/pulse, content: "alsa_output.pci-0000_00_1b.0.hdmi-surround-extra1". Don't know what to do with that. I thought it was set by pavucontrol and should be right?
speaker-test -c 2 -t wav -D plug:dmix:"{CARD 0 DEV 7}"
works (while pulseaudio is killed, right!?) in multiple instances, fuser gives
$ fuser -v /dev/snd/*
USER PID ACCESS COMMAND
/dev/snd/pcmC0D7p: iuno 3431 F...m speaker-test
iuno 3486 F...m speaker-test
iuno 3491 F...m speaker-test
/dev/snd/timer: iuno 3431 f.... speaker-test
iuno 3486 f.... speaker-test
iuno 3491 f.... speaker-test
I see no problem there?
I don't really know what you mean with the linked post. But I think a summary might be useful, as I really messed up writing in this thread.
When pulseaudio is killed:
Like mentioned above, speaker-test works with C0D7
VLC with Preferences - Audio - Output module set to 'Alsa audio output', Device set to 'HDA Intel PCH, HDMI 0 Audio Output' works
Clementine with GStreamer Audio Engine - Output plugin set to 'Audio sink (ALSA)' does not work
While trying with ALSA-only I found this out:
$ fuser -v /dev/snd/*
USER PID ACCESS COMMAND
/dev/snd/controlC0: iuno 652 F.... firefox
iuno 4167 F.... vlc
iuno 4259 F.... clementine
/dev/snd/pcmC0D0p: iuno 652 F...m firefox
iuno 4259 F...m clementine
/dev/snd/pcmC0D7p: iuno 4167 F...m vlc
/dev/snd/timer: iuno 652 f.... firefox
iuno 4259 f.... clementine
Concluding Clementine and Firefox use the wrong device. I guess c0d0 may be the default device for alsa? But for pulseaudio it shouldn't matter, right?
Choosing 'HDA Intel PCH, ALC893 Analog Output' as device in VLC results in no sound, obviously, and 'C0D0' in fuser.
However, trying to play back compressed audio with VLC, alsa-only, everything like above does not work. fuser shows the same (C0D7), vlc shows no error playing back .m4a or .mp3 files but it stays quiet.
.oga (vorbis) files I found in /usr/share/sounds/freedesktop do work, though. While VLC is playing, I can't run speaker-test (error: -16,Device or resource busy)
When PulseAudio comes in , some things change, obviously
I'd like to name two states. State 1 meanns sound is working, state 2 means sound is not working. State 1 is default.
First of all, no matter what I do, fuser always gives
$ fuser -v /dev/snd/*
USER PID ACCESS COMMAND
/dev/snd/controlC0: iuno 5552 F.... pulseaudio
/dev/snd/pcmC0D7p: iuno 5552 F...m pulseaudio
Forcing VLC to use 'Alsa audio output'-module, and 'HDA Intel PCH, HDMI 0 Audio Output' as device results in device or resource busy error.
Setting device to 'PulseAudio Sound Server' or 'Default ALSA Output (currently PulseAudio Sound Server)' both work. The 'Module' setting in preferences does not matter. I could either choose ALSA or Pulse with the same effect*. Long story short, audio output works, still not with compressed audio files. This means the state switches to state 2, as long as I keep the .wav file running! -> clementine and firefox also could play back sound, vlc can now also play back compressed audio - as long as I keep at least one of them running. When all sound output is paused, I fall back to state 1. Only playing back a .wav file in VLC or (p)aplay could save me back to state 2. I have to start other apps immediately, when in state 1 as pausing playback instantly causes a fallback to state 1. Opening pavucontrol, while in state 2 keeps me in state 2 as long as pavucontrol stays open. I used this as a dirty workaround for the last days.
State changes are also blocked the other way round. While in state 1, trying to play sound from clementine or opening pavucontrol results as staying in state 1, also when I play a .wav file with vlc.
Sorry that was much text, but I hope it's clearer now
*correction: This setting needs a restart of vlc to take effect. When the 'Module' is set to ALSA, pavucontrol lists 'ALSA plug-in [vlc]: ALSA Playback', when set to pulseaudio, the entry is called 'VLC media player: audio stream'. Same for clementine, when I change from ALSA to pulseaudio in the settings. Firefox always uses ALSA. However, it does not have effect on the state-thing. I still need to enter state 2 with the methods mentioned above
Last edited by iuno (2014-08-11 11:20:44)

Cisco CP-78XX SIP Phone Pickup Not Work on CME

Hi,
I configured some SIP phones (CP-7821, CP-7841) with pickup function. Is it the Pickup / GPickup soft keys not function as the SIP phone? If yes, then I can use the FAC to access that? And I tried the FAC std. / custom as the pickup / gpickup .. both not work ... I don't know how to use the FAC on CME? As the FAC std., if I pickup local, that I should press (**3) > call?
Ref.:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeadm/cmecover.html#45535
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeadm/cmefacs.html#30064
This is the configuration:
CME-SIP-Phone#sh run
Building configuration...
Current configuration : 5413 bytes
! Last configuration change at 11:06:12 UTC Fri Nov 28 2014 by mtlops
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname CME-SIP-Phone
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.154-2.T1.bin
boot-end-marker
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $XXXXXXXXXXXXXXXXXXXXXXXX
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
aaa session-id common
ip cef
no ipv6 cef
multilink bundle-name authenticated
stcapp feature access-code
voice-card 0
dspfarm
dsp services dspfarm
voice service pots
voice service voip
ip address trusted list
ipv4 10.118.0.0 255.255.255.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service h225-notify cid-update
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
no h225 timeout keepalive
call preserve
sip
bind control source-interface GigabitEthernet0/0
bind media source-interface GigabitEthernet0/0
registrar server expires max 600 min 60
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
voice class h323 1
h225 timeout tcp establish 3
call preserve
voice class custom-cptone ABC-Company
dualtone disconnect
frequency 425
cadence 500 500
voice register pool-type 7821
description Cisco IP Phone 7821
reference-pooltype 6921
voice register pool-type 7841
description Cisco IP Phone 7841
reference-pooltype 6941
voice register global
mode cme
source-address 10.118.0.10 port 5060
timeouts interdigit 2
max-dn 200
max-pool 100
authenticate register
authenticate realm all
timezone 42
time-format 24
date-format D/M/Y
mwi stutter
mwi reg-e164
voicemail 5000
call-feature-uri pickup http://10.118.0.10/pickup
call-feature-uri gpickup http://10.118.0.10/gpickup
tftp-path flash:
file text
create profile sync 0001170446349417
ntp-server 10.118.0.10 mode unicast
ip qos dscp af11 media
ip qos dscp cs2 signal
ip qos dscp af43 video
ip qos dscp 25 service
camera
video
voice register dn 2
number 1000
pickup-call any-group
pickup-group 1
name BB Leung
label BB Leung
voice register dn 3
number 1001
pickup-call any-group
pickup-group 1
name CC Chan
label CC Chan
voice register dn 4
number 1002
pickup-call any-group
pickup-group 1
name DD Leung
label DD Leung
voice register dn 50
mwi
voice register template 1
softkeys hold Newcall Resume
softkeys idle Newcall Redial Gpickup Pickup Cfwdall DND
softkeys seized Cfwdall Endcall Redial
softkeys connected Confrn Endcall Hold Trnsfer
voice register pool 1
busy-trigger-per-button 1
id mac A8XX.XXXX.XXXX
type 7841
number 1 dn 2
template 1
dtmf-relay sip-notify
username 1001 password 112233
codec g711ulaw
no vad
voice register pool 2
busy-trigger-per-button 1
id mac 50XX.XXXX.XXXX
type 7841
number 1 dn 3
template 1
dtmf-relay sip-notify
username 1002 password 112233
codec g711ulaw
no vad
voice register pool 3
busy-trigger-per-button 1
id mac 00XX.XXXX.XXXX
type 7821
number 1 dn 4
template 1
dtmf-relay sip-notify
username 1003 password 112233
codec g711ulaw
no vad
license udi pid CISCO2921/K9 sn FHK1407F25D
license accept end user agreement
license boot c2900 technology-package uck9
hw-module pvdm 0/0
hw-module sm 1
username mtlops privilege 15 secret 5 $1$0qqx$1WGdfRW.flJrwmY7k8eUy0
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 10.118.0.10 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface SM1/0
no ip address
shutdown
service-module fail-open
interface SM1/1
no ip address
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.118.0.1
control-plane
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
mgcp profile default
dspfarm profile 1 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 7
associate application SCCP
shutdown
gatekeeper
shutdown
telephony-service
max-conferences 8 gain -6
transfer-system full-consult
fac standard
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
transport input all
scheduler allocate 20000 1000
end
CME-SIP-Phone#sh telephony-service fac
telephony-service fac standard
callfwd all **1
callfwd cancel **2
pickup local **3
pickup group **4
pickup direct **5
park **6
dnd **7
redial **8
voicemail **9
ephone-hunt join *3
ephone-hunt cancel #3
ephone-hunt hlog *4
ephone-hunt hlog-phone *5
trnsfvm *6
dpark-retrieval *0
cancel call waiting *1

VPN is not Configured prints on all phones now with the built-in VPN client if VPN isn't configured. That's normal and is just cosmetic. That should not be causing your registration issues.

"Validation" enabled for the composite and my testsuites are not working

I have posted the below issue in Test suite in JDEV - Studio Edition Version 11.1.1.2.0 But I felt that this is the right forum, so posting this again here:
I have mediator calling bpel. Mediator is exposed as web service. Whenever I run the service using "Test" button on EM with validation turned on
then it works and the process will be completed.
But I have initiate xml in the test suites. I select "UnitTests" and select my test case xml that was associated to "Initiate Message for operation",
I see that the process is still in the "Running" state. I put in exactly the same values as I use for testing the service from EM.
Did anybody face this issue? This happens only when we turn the validation to "Enabled" in EM.
I have "Validation" enabled for the composite and my testsuites are not working. When I test using unit tests, I am only seeing "Running" status of the processes and these are not getting completed.

Hello there, RevDebMN.
The following Knowledge Base article is always a great fallback article for troubleshooting Mail issues:
OS X Mail: Troubleshooting sending and receiving email messages
http://support.apple.com/kb/ts3276
Particularly useful, in your case:
Mail Connection Doctor shows one or more red dots () in the account Status column
Check your Incoming IMAP or POP and Outgoing SMTP email account settings
Use Apple's online Mail Setup Assistant to discover what the correct settings should be for both your Incoming (IMAP or POP) and Outgoing SMTP email servers. If your email service provider is not listed in the Mail Setup Assistant, visit your email service provider's website or contact their support staff to get the correct settings. You can use this "cheat sheet" when asking your email service provider about the settings you need.
After you have the correct email service provider settings, make sure Mail is configured properly.
Click here if your Incoming and Outgoing email account settings are correct, but the issue persists
What alert message is shown in the Mail Connection Doctor "Details" column affected account?
Click here if a "Could not connect to this (server type) server…" message appears
Click here if a "Trying to log in to this (email server provider name) account failed…" message or any other error message appears
If the issue persists, then you'll want to remove the account and then add it again using this article:
Mail (Mountain Lion): Remove accounts
http://support.apple.com/kb/PH11794
Thanks for reaching out to Apple Support Communities.
Cheers,
Pedro.

Authentication Host-Mode Multi-Auth not working

hi
In my lab environment I configured 802.1x with "Multi-Auth" mode for multiple clients on a single protected port to be authenticated agains Microsoft NPS AAA server.
Switch ports configured with Single-Host or Mult-Host options are working fine but "Multi-Auth" mode its not working. My hardware details and configurations are as follows
Catalyst Model = WS-C2960S-24TSL running IOS 12.2(55)SE2
Current configuration : 10423 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
aaa new-model
aaa group server radius NPS
server-private x.x.x.x auth-port 1645 acct-port 1646 key <removed>
aaa authentication dot1x default group NPS
aaa authorization network default group NPS
aaa session-id common
switch 1 provision ws-c2960s-24ts-l
authentication mac-move permit
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface GigabitEthernet1/0/1
switchport access vlan 5
switchport mode access
authentication order dot1x webauth
authentication priority dot1x webauth
authentication port-control auto
authentication timer reauthenticate 7200
authentication violation protect
dot1x pae authenticator
spanning-tree portfast
interface GigabitEthernet1/0/5
switchport access vlan 5
switchport mode access
switchport voice vlan 98
authentication host-mode multi-auth
authentication order dot1x mab webauth
authentication priority dot1x
authentication port-control auto
dot1x pae authenticator
interface GigabitEthernet1/0/7
switchport access vlan 5
switchport mode access
authentication host-mode multi-host
authentication order dot1x webauth
authentication priority dot1x webauth
authentication port-control auto
authentication timer reauthenticate 7200
authentication violation protect
dot1x pae authenticator
spanning-tree portfast
interface Vlan5
ip address x.x.x.x x.x.x.x
interface Vlan98
no ip address
radius-server vsa send accounting
radius-server vsa send authentication
end
My debug log for Authentication, dot1x and AAA is as follows.
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) dot1x_pm_mda_port_link_linkcomingup: voice VLAN 98, data VLAN 5
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Authorized client count: 0
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Setting domain ALL to UNATHED
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Host access set to ask on unauthorized port since feature
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) host access set to 1 on GigabitEthernet1/0/5
*Mar 1 01:58:51.354: dot1x-ev(Gi1/0/5): Interface state changed to UP
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Enabling dot1x in switch shim
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Host access set to ask on unauthorized port since feature
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) host access set to 1 on GigabitEthernet1/0/5
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Host access set to ask on unauthorized port since feature
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) host access set to 1 on GigabitEthernet1/0/5
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Received clear security violation
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Received clear security violation
*Mar 1 01:58:51.354: AUTH-EVENT (Gi1/0/5) Link UP
*Mar 1 01:58:51.360: AAA/BIND(00000004): Bind i/f
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Assigned AAA ID 0x00000004
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Retrieved Accounting Session ID 0x00000004
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Allocated new Auth Manager context (handle 0x83000002)
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Initialising Method dot1x state to 'Not run'
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Adding method dot1x to runnable list for Auth Mgr context 0x
*Mar 1 01:58:51.360: AUTH-EVENT: auth_mgr_idc_add_record: Recv audit_sid=0000000000000002006CD0E0
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Sending START to dot1x (handle 0x83000002)
*Mar 1 01:58:51.360:     dot1x_auth Gi1/0/5: initial state auth_initialize has enter
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): 0x4100002D:auth_initialize_enter called
*Mar 1 01:58:51.360:     dot1x_auth Gi1/0/5: during state auth_initialize, got event 0(cfg_auto)
*Mar 1 01:58:51.360: @@@ dot1x_auth Gi1/0/5: auth_initialize -> auth_disconnected
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): 0x4100002D:auth_disconnected_enter called
*Mar 1 01:58:51.360:     dot1x_auth Gi1/0/5: idle during state auth_disconnected
*Mar 1 01:58:51.360: @@@ dot1x_auth Gi1/0/5: auth_disconnected -> auth_restart
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): 0x4100002D:auth_restart_enter called
*Mar 1 01:58:51.360: dot1x-ev(Gi1/0/5): Sending create new context event to EAP for 0x4100002D (0000.0000.0000)
*Mar 1 01:58:51.360:     dot1x_auth_bend Gi1/0/5: initial state auth_bend_initialize has enter
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_initialize_enter called
*Mar 1 01:58:51.360:     dot1x_auth_bend Gi1/0/5: initial state auth_bend_initialize has idle
*Mar 1 01:58:51.360:     dot1x_auth_bend Gi1/0/5: during state auth_bend_initialize, got event 16383(idle)
*Mar 1 01:58:51.360: @@@ dot1x_auth_bend Gi1/0/5: auth_bend_initialize -> auth_bend_idle
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_idle_enter called
*Mar 1 01:58:51.360: dot1x-ev(Gi1/0/5): Created a client entry (0x4100002D)
*Mar 1 01:58:51.360: dot1x-ev(Gi1/0/5): Dot1x authentication started for 0x4100002D (0000.0000.0000)
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Received handle 0x4100002D from method
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Context changing state from 'Idle' to 'Running'
*Mar 1 01:58:51.360: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Method dot1x changing state from 'Not run' to 'Running'
*Mar 1 01:58:51.360: dot1x-ev:DOT1X Supplicant not enabled on GigabitEthernet1/0/5
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): Posting !EAP_RESTART on Client 0x4100002D
*Mar 1 01:58:51.360:     dot1x_auth Gi1/0/5: during state auth_restart, got event 6(no_eapRestart)
*Mar 1 01:58:51.360: @@@ dot1x_auth Gi1/0/5: auth_restart -> auth_connecting
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): 0x4100002D:auth_connecting_enter called
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): 0x4100002D:auth_restart_connecting_action called
*Mar 1 01:58:51.360: dot1x-sm(Gi1/0/5): Posting RX_REQ on Client 0x4100002D
*Mar 1 01:58:51.365:     dot1x_auth Gi1/0/5: during state auth_connecting, got event 10(eapReq_no_reAuthMax)
*Mar 1 01:58:51.365: @@@ dot1x_auth Gi1/0/5: auth_connecting -> auth_authenticating
*Mar 1 01:58:51.365: dot1x-sm(Gi1/0/5): 0x4100002D:auth_authenticating_enter called
*Mar 1 01:58:51.365: dot1x-sm(Gi1/0/5): 0x4100002D:auth_connecting_authenticating_action called
*Mar 1 01:58:51.365: dot1x-sm(Gi1/0/5): Posting AUTH_START for 0x4100002D
*Mar 1 01:58:51.365:     dot1x_auth_bend Gi1/0/5: during state auth_bend_idle, got event 4(eapReq_authStart)
*Mar 1 01:58:51.365: @@@ dot1x_auth_bend Gi1/0/5: auth_bend_idle -> auth_bend_request
*Mar 1 01:58:51.365: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_request_enter called
*Mar 1 01:58:51.365: dot1x-ev(Gi1/0/5): Sending EAPOL packet to group PAE address
*Mar 1 01:58:51.365: dot1x-ev(Gi1/0/5): Role determination not required
*Mar 1 01:58:51.365: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:58:51.365: dot1x-ev(Gi1/0/5): Sending out EAPOL packet
*Mar 1 01:58:51.365: EAPOL pak dump Tx
*Mar 1 01:58:51.365: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 1 01:58:51.365: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 1 01:58:51.365: dot1x-packet(Gi1/0/5): EAPOL packet sent to client 0x4100002D (0000.0000.0000)
*Mar 1 01:58:51.365: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_idle_request_action called
*Mar 1 01:58:53.352: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/5, changed state to up
*Mar 1 01:58:54.353: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/5, changed state to up
*Mar 1 01:59:22.188: dot1x-sm(Gi1/0/5): Posting EAP_REQ for 0x4100002D
*Mar 1 01:59:22.188:     dot1x_auth_bend Gi1/0/5: during state auth_bend_request, got event 7(eapReq)
*Mar 1 01:59:22.188: @@@ dot1x_auth_bend Gi1/0/5: auth_bend_request -> auth_bend_request
*Mar 1 01:59:22.188: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_request_request_action called
*Mar 1 01:59:22.188: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_request_enter called
*Mar 1 01:59:22.188: dot1x-ev(Gi1/0/5): Sending EAPOL packet to group PAE address
*Mar 1 01:59:22.188: dot1x-ev(Gi1/0/5): Role determination not required
*Mar 1 01:59:22.188: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:59:22.188: dot1x-ev(Gi1/0/5): Sending out EAPOL packet
*Mar 1 01:59:22.188: EAPOL pak dump Tx
*Mar 1 01:59:22.188: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 1 01:59:22.188: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 1 01:59:22.188: dot1x-packet(Gi1/0/5): EAPOL packet sent to client 0x4100002D (0000.0000.0000)
*Mar 1 01:59:53.016: dot1x-sm(Gi1/0/5): Posting EAP_REQ for 0x4100002D
*Mar 1 01:59:53.016:     dot1x_auth_bend Gi1/0/5: during state auth_bend_request, got event 7(eapReq)
*Mar 1 01:59:53.016: @@@ dot1x_auth_bend Gi1/0/5: auth_bend_request -> auth_bend_request
*Mar 1 01:59:53.016: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_request_request_action called
*Mar 1 01:59:53.016: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_request_enter called
*Mar 1 01:59:53.016: dot1x-ev(Gi1/0/5): Sending EAPOL packet to group PAE address
*Mar 1 01:59:53.016: dot1x-ev(Gi1/0/5): Role determination not required
*Mar 1 01:59:53.016: dot1x-registry:registry:dot1x_ether_macaddr called
*Mar 1 01:59:53.016: dot1x-ev(Gi1/0/5): Sending out EAPOL packet
*Mar 1 01:59:53.016: EAPOL pak dump Tx
*Mar 1 01:59:53.016: EAPOL Version: 0x3 type: 0x0 length: 0x0005
*Mar 1 01:59:53.016: EAP code: 0x1 id: 0x1 length: 0x0005 type: 0x1
*Mar 1 01:59:53.016: dot1x-packet(Gi1/0/5): EAPOL packet sent to client 0x4100002D (0000.0000.0000)
*Mar 1 02:00:23.844: dot1x-ev(Gi1/0/5): Received an EAP Timeout
*Mar 1 02:00:23.844: dot1x-sm(Gi1/0/5): Posting EAP_TIMEOUT for 0x4100002D
*Mar 1 02:00:23.844:     dot1x_auth_bend Gi1/0/5: during state auth_bend_request, got event 12(eapTimeout)
*Mar 1 02:00:23.844: @@@ dot1x_auth_bend Gi1/0/5: auth_bend_request -> auth_bend_timeout
*Mar 1 02:00:23.844: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_timeout_enter called
*Mar 1 02:00:23.844: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_request_timeout_action called
*Mar 1 02:00:23.844:     dot1x_auth_bend Gi1/0/5: idle during state auth_bend_timeout
*Mar 1 02:00:23.844: @@@ dot1x_auth_bend Gi1/0/5: auth_bend_timeout -> auth_bend_idle
*Mar 1 02:00:23.844: dot1x-sm(Gi1/0/5): 0x4100002D:auth_bend_idle_enter called
*Mar 1 02:00:23.844: dot1x-sm(Gi1/0/5): Posting AUTH_TIMEOUT on Client 0x4100002D
*Mar 1 02:00:23.844:     dot1x_auth Gi1/0/5: during state auth_authenticating, got event 14(authTimeout)
*Mar 1 02:00:23.844: @@@ dot1x_auth Gi1/0/5: auth_authenticating -> auth_authc_result
*Mar 1 02:00:23.844: dot1x-sm(Gi1/0/5): 0x4100002D:auth_authenticating_exit called
*Mar 1 02:00:23.844: dot1x-sm(Gi1/0/5): 0x4100002D:auth_authc_result_enter called
*Mar 1 02:00:23.844: %DOT1X-5-FAIL: Authentication failed for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID
*Mar 1 02:00:23.844: dot1x-ev(Gi1/0/5): Sending event (2) to Auth Mgr for 0000.0000.0000
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Received AUTHC_RESULT from dot1x (handle 0x83000002)
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Authc Result: no-response
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Method dot1x changing state from 'Running' to 'Authc Failed'
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Context changing state from 'Running' to 'Authc Failed'
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Existing AAA ID: 0x00000004
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Received AAA ID 0x00000004 from method
*Mar 1 02:00:23.844: AUTH-EVENT: Enter auth_mgr_idc_modify_keys
*Mar 1 02:00:23.844: %AUTHMGR-7-RESULT: Authentication result 'no-response' from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID 0000000000000002006CD0E0
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Sending AUTHZ_FAIL to dot1x (handle 0x83000002)
*Mar 1 02:00:23.844: dot1x-ev(Gi1/0/5): Received Authz fail for the client 0x4100002D (0000.0000.0000)
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Method dot1x changing state from 'Authc Failed' to 'Failed over'
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Sending DELETE to dot1x (handle 0x83000002)
*Mar 1 02:00:23.844: dot1x-ev(Gi1/0/5): Deleting client 0x4100002D (0000.0000.0000)
*Mar 1 02:00:23.844: %AUTHMGR-7-FAILOVER: Failing over from 'dot1x' for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID 0000000000000002006CD0E0
*Mar 1 02:00:23.844: %AUTHMGR-7-NOMOREMETHODS: Exhausted all authentication methods for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID 0000000000000002006CD0E0
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) No more runnable methods
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Context changing state from 'Authc Failed' to 'No Methods'
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Building default attribute list for unresponsive client
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Signalling Authc fail for client 0000.0000.0000
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Authorized client count: 0
*Mar 1 02:00:23.844: %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on Interface Gi1/0/5 AuditSessionID 0000000000000002006CD0E0
*Mar 1 02:00:23.844: AUTH-EVENT (Gi1/0/5) Client 0000.0000.0000, Context changing state from 'No Methods' to 'Authz Failed'
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Signalling Authz fail for client 0000.0000.0000
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) dot1x_switch_authz_fail: Called for GigabitEthernet1/0/5 and 0000.0000.0000
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Authorized client count: 0
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Authorized client count: 0
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Authorized client count: 0
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Host access set to ask on unauthorized port since feature
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) host access set to 1 on GigabitEthernet1/0/5
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Setting domain DATA to UNATHED
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Authorized client count: 0
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Authorized client count: 0
*Mar 1 02:00:23.849: AUTH-SYNC (Gi1/0/5) Syncing update for context (0000.0000.0000)
*Mar 1 02:00:23.849: AUTH-EVENT: Started Auth Manager tick timer
*Mar 1 02:00:23.849: AUTH-EVENT (Gi1/0/5) Started 'restart' timer (60s) for client 0000.0000.0000
*Mar 1 02:00:23.849: dot1x-sm(Gi1/0/5): Posting_AUTHZ_FAIL on Client 0x4100002D
*Mar 1 02:00:23.849:     dot1x_auth Gi1/0/5: during state auth_authc_result, got event 22(authzFail)
*Mar 1 02:00:23.849: @@@ dot1x_auth Gi1/0/5: auth_authc_result -> auth_held
*Mar 1 02:00:23.849: dot1x-ev:Delete auth client (0x4100002D) message
*Mar 1 02:00:23.849: dot1x-ev:Auth client ctx destroyed
*Mar 1 02:00:23.849: dot1x-ev:Aborted posting message to authenticator state machine: Invalid client

Multiauthentication Mode
Available in Cisco IOS Release 12.2(33)SXI and later releases, multiauthentication (multiauth) mode allows one 802.1X/MAB client on the voice VLAN and multiple authenticated 802.1X/MAB/webauth clients on the data VLAN. When a hub or access point is connected to an 802.1X port (as shown in Figure 60-5), multiauth mode provides enhanced security over the multiple-hosts mode by requiring authentication of each connected client. For non-802.1X devices, MAB or web-based authentication can be used as the fallback method for individual host authentications, which allows different hosts to be authenticated through different methods on a single port.
Multiauth also supports MDA functionality on the voice VLAN by assigning authenticated devices to either a data or voice VLAN depending on the data that the VSAs received from the authentication server.
Release 12.2(33)SXJ and later releases support the assignment of a RADIUS server-supplied VLAN in multiauth mode, by using the existing commands and when these conditions occur:
•The host is the first host authorized on the port, and the RADIUS server supplies VLAN information.
•Subsequent hosts are authorized with a VLAN that matches the operational VLAN.
•A host is authorized on the port with no VLAN assignment, and subsequent hosts either have no VLAN assignment, or their VLAN information matches the operational VLAN.
•The first host authorized on the port has a group VLAN assignment, and subsequent hosts either have no VLAN assignment, or their group VLAN matches the group VLAN on the port. Subsequent hosts must use the same VLAN from the VLAN group as the first host. If a VLAN list is used, all hosts are subject to the conditions specified in the VLAN list.
•After a VLAN is assigned to a host on the port, subsequent hosts must have matching VLAN information or be denied access to the port.
•The behavior of the critical-auth VLAN is not changed for multiauth mode. When a host tries to authenticate and the server is not reachable, all authorized hosts are reinitialized in the configured VLAN.
NOTE :
•Only one voice VLAN is supported on a multiauth port.
•You cannot configure a guest VLAN or an auth-fail VLAN in multiauth mode.
for more information :
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/dot1x.html

Open-vm-tools 2012.03.13-2 not working on VMware Workstation 8.0.2

Hi,
I followed instructions on https://wiki.archlinux.org/index.php/In … _in_VMware.
Problem 1[Solved]:
vmware-user-suid-wrapper does not start automatically but i did add it to ~/.xinitrc.
.xinitrc File content:
exec ck-launch-session gnome-session
vmware-user-suid-wrapper
[Solution 1]
removed vmware-user-suid-wrapper from ~/.xinitrc and created this file:
/etc/xdg/autostart/vmware-user.desktop
[Desktop Entry]
Type=Application
Name=VMWare User Agent
Exec=/usr/bin/vmware-user-suid-wrapper
Icon=system-run
Comment=Enable Unity, DnD, etc.
Problem 2:
drag & drop is not working in GNOME standard mode (works in fallback mode), clipboard copy&paste is working. XFCE4 seems to be working OK.
Problem 3:
Unity is not working at all, I get the message that vmware tools are not installed.(Not working both in GNOME and XFCE4)
Installed Software:
Linux version 3.3.2-1-ARCH (tobias@T-POWA-LX) (gcc version 4.7.0 20120407 (prerelease) (GCC) ) #1 SMP PREEMPT Sat Apr 14 09:48:37 CEST 2012
open-vm-tools 2012.03.13-2
gnome-shell 3.4.1-1
Kind Regards,
Robert
Subject History:
<<First version of question>> I reverted to a minimal arch install snapshot and did a re-install of gnome,open-vm-tools. The glibmm-2.4 problems magically disappeared (somehow it was fucked up)
Hi,
I followed instructions on https://wiki.archlinux.org/index.php/In … _in_VMware.
3D Acceleration is working and GNOME does not start in fallback mode, however I can not get Unity, Drag&Drop and Clipboard to work.
open-vm-tools daemon is running. I have also added vmware-user-suid-wrapper to ~/.xinitrc.
I also tried to upgrade my whole system from the testing repositories, by doing this I get open-vm-tools 2012.03.13-2(release 2). With release 2 of the same tools clipboard is working but still no luck with drag&drop and Unity.
Im also trying to build my own version of open-vm-tools 2012.03.13-1(I would like to use it as a template to later build official open-vm-tools stable-8.8.2 package), but makepkg fails. I tried to add -fpermissive flag to CXXFLAGS in /etc/makepkg.conf but it doesnt help. Log trace at the end of this msg.
Installed packages and Software:
open-vm-tools 2012.03.13-1
GNOME 3.4.1-1
Linux version 3.3.2-1-ARCH (tobias@T-POWA-LX) (gcc version 4.7.0 20120407 (prerelease) (GCC) ) #1 SMP PREEMPT Sat Apr 14 09:48:37 CEST 2012
Thanks for you help. Sorry for the question but I'm a Widows n00b, trying to get a grip on Linux.I really like Arch, because I love control over my box.
Kind Regards,
Robert
libtool: compile: g++ -DPACKAGE_NAME=\"open-vm-tools\" -DPACKAGE_TARNAME=\"open-vm-tools\" -DPACKAGE_VERSION=\"2012.03.13\" "-DPACKAGE_STRING=\"open-vm-too$
In file included from /usr/include/glibmm-2.4/glibmm.h:89:0,
from /usr/include/gtkmm-2.4/gtkmm.h:87,
from copyPasteUIX11.h:49,
from copyPasteDnDX11.h:33,
from copyPasteDnDWrapper.cpp:30:
/usr/include/glibmm-2.4/glibmm/threads.h:209:10: error: field 'gobject_' has incomplete type
/usr/include/glibmm-2.4/glibmm/threads.h: In member function 'GMutex* Glib::Threads::Mutex::gobj()':
/usr/include/glibmm-2.4/glibmm/threads.h:206:28: error: 'gobject_' was not declared in this scope
/usr/include/glibmm-2.4/glibmm/threads.h: At global scope:
/usr/include/glibmm-2.4/glibmm/threads.h:264:3: error: 'GRecMutex' does not name a type
/usr/include/glibmm-2.4/glibmm/threads.h:273:3: error: 'GRecMutex' does not name a type
/usr/include/glibmm-2.4/glibmm/threads.h:320:3: error: 'GRWLock' does not name a type
/usr/include/glibmm-2.4/glibmm/threads.h:329:3: error: 'GRWLock' does not name a type
/usr/include/glibmm-2.4/glibmm/threads.h:464:9: error: field 'gobject_' has incomplete type
/usr/include/glibmm-2.4/glibmm/threads.h: In member function 'GCond* Glib::Threads::Cond::gobj()':
/usr/include/glibmm-2.4/glibmm/threads.h:461:27: error: 'gobject_' was not declared in this scope
/usr/include/glibmm-2.4/glibmm/threads.h: At global scope:
/usr/include/glibmm-2.4/glibmm/threads.h:517:12: error: field 'gobject_' has incomplete type
/usr/include/glibmm-2.4/glibmm/threads.h: In member function 'GPrivate* Glib::Threads::Private<T>::gobj()':
/usr/include/glibmm-2.4/glibmm/threads.h:514:29: error: 'gobject_' was not declared in this scope
/usr/include/glibmm-2.4/glibmm/threads.h: In constructor 'Glib::Threads::Private<T>::Private(Glib::Threads::Private<T>::DestructorFunc)':
/usr/include/glibmm-2.4/glibmm/threads.h:793:55: error: there are no arguments to 'G_PRIVATE_INIT' that depend on a template parameter, so a declaration of $
/usr/include/glibmm-2.4/glibmm/threads.h:793:55: note: (if you use '-fpermissive', G++ will accept your code, but allowing the use of an undeclared name is $
/usr/include/glibmm-2.4/glibmm/threads.h:794:3: error: 'gobject_' was not declared in this scope
/usr/include/glibmm-2.4/glibmm/threads.h: In member function 'T* Glib::Threads::Private<T>::get()':
/usr/include/glibmm-2.4/glibmm/threads.h:800:26: error: 'gobject_' was not declared in this scope
/usr/include/glibmm-2.4/glibmm/threads.h: In member function 'void Glib::Threads::Private<T>::set(T*)':
/usr/include/glibmm-2.4/glibmm/threads.h:806:3: error: 'gobject_' was not declared in this scope
/usr/include/glibmm-2.4/glibmm/threads.h: In member function 'void Glib::Threads::Private<T>::replace(T*)':
/usr/include/glibmm-2.4/glibmm/threads.h:812:22: error: 'gobject_' was not declared in this scope
make[4]: *** [libdndcp_la-copyPasteDnDWrapper.lo] Error 1
make[4]: Leaving directory `/home/robertsi/buildpkg/open-vm-tools/src/open-vm-tools-2012.03.13-651368/services/plugins/dndcp'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/home/robertsi/buildpkg/open-vm-tools/src/open-vm-tools-2012.03.13-651368/services/plugins/dndcp'
make[2]: *** [all-recursive] Error 1
Last edited by robertsi (2012-04-25 05:59:25)

So far there isn't a good systemd script for vmware-workstation-server yet, but it can be started manually with:
# /etc/init.d/vmware-workstation-server start
Though this doesn't check the box in the GUI, you can interact with the Shared VM's tab in the VMWorkstation library just fine.
Last edited by turnipcannon (2012-11-08 20:25:46)

BLENDING is not working in Air 2.6!

I am using the 'Hard Light' blend mode and it's not working with 2.6. With previous packager it was working fine. Can anyone has solution for this? Thanks!

Only certain blending modes are supported in air 2.6, not sure if hard light is one of them.
This is because PFI could do CPU rendering where it would support pretty much everything - but slowly.
Air 2.6 is different- it does everything in hardware (hardware rasterizer), so it's fast but can't do certain things. That doesn't mean to say Air 2.6 is worse, it actually supports a lot of things in hardware which PFI didn't (masks, color tinting etc), it just doesnt have that fallback mode where EVERYTHING works.

Teamspeak 3 and PulseAudio with ALSA, not working

Hello!
When I run Teamspeak 3 and connect to a server, alternatively try "Play Test Sound" in Playback section of settings, it automatically stops sound output from both MPD and MPV.
However, when I run only MPD and MPV I can lower/higher volume & mute without it effecting eachother, this brings me to a (maybe false?) conclusion that PulseAudio is working. Only not with Ts3.
In Teamspeak I've adjusted the Playback Mode to PulseAudio and have Playback Device put to Default.
#/etc/asound.conf
# Use PulseAudio by default
pcm.!default {
type pulse
fallback "sysdefault"
hint {
show on
description "Default ALSA Output (currently PulseAudio Sound Server)"
ctl.!default {
type pulse
fallback "sysdefault"
#.config/mpd/mpd.conf
# Required files
db_file "~/.config/mpd/database"
log_file "~/.config/mpd/log"
# Optional
music_directory "~/music"
playlist_directory "~/.config/mpd/playlists"
pid_file "~/.config/mpd/pid"
state_file "~/.config/mpd/state"
sticker_file "~/.config/mpd/sticker.sql"
restore_paused "yes"
audio_output {
type "pulse"
name "MPD PulseAudio Output"
# sink "your-sink-name-here"
#.mpv/mpv.conf
# Write your default config options here!
# default configuration that applies to every file
[default]
# try to use high quality opengl output, with standard opengl, classic xv, and wayland as fallbacks
# note: opengl has numerous quality/performance trade-off options.
# as per the mpv(1), "opengl-hq" is just an alias for "opengl:lscale=lanczos2:dither-depth=auto:fbo-format=rgb16"
vo=opengl-hq,opengl,xv,wayland
# use alsa for audio output, choose pulse, or oss4 as fallback
ao=pulse
# prefer using 5.1 channels audio (defaults to 2 - see mpv --channels=help)
# mixing is handled by libavcodec unless using "--af-add=pan" (see below)
channels=5.1
# scale the subtitles to the 3% of the screen size
sub-scale=3
# set the window title using the media filename (see Property Expansion section of mpv(1))
title="${filename}"
# add black borders so the movies have the same aspect ratio of the monitor
# for wide screen monitors
vf=expand=::::1:16/9:16
# for non wide screen traditional monitors, alternative to the above item
#vf=expand=::::1:4/3:16
# disable screensaver
stop-screensaver="yes"
# execute a command every 30 seconds
# useful to disable a non-standard-compliant screensavers and to work around buggy behaviours
# BE WARNED: to avoid dangerous commands is your responsibility
#heartbeat-cmd="xscreensaver-command -deactivate &" # stop xscreensaver
# custom heartbeat frequency in seconds
#heartbeat-interval=600
# correct pitch when speed is faster or slower than 1.0
af=scaletempo
# allow to seek in a file which is still downloading whilst watching it
# from manpage:"this switch has no effect in the typical case" (usually done automatically by demuxers)
# idx=yes
# allow to increase the maximal volume to 600%
#softvol-max=600
# skip displaying some frames to maintain A/V sync on slow systems
framedrop=yes
# profile for up-mixing two channels audio to six channels
# use --profile 2chto6ch to activate
[2chto6ch]
af-add=pan=6:1:0:.4:0:.6:2:0:1:0:.4:.6:2
# profile to down-mixing six channels audio to two channels
# use --profile 6chto2ch to activate
[6chto2ch]
af-add=pan=2:0.7:0:0:0.7:0.5:0:0:0.5:0.6:0.6:0:0
Sooo, someone has a clue to whats up?
Last edited by redot (2014-02-12 16:37:21)

Hi,
Did you use Group Policy to map drive or map drive manually? Can you access the network share? Please check if the user have share permission on the network share.
Best practices for basic NTFS permissions on a share
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c6242159-d15d-417e-91f8-eb19c0da3a35/best-practices-for-basic-ntfs-permissions-on-a-share
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

TableView setEditable is not working

Hello, the method setEditable(boolean value) in TabeView is not working.
I read the documentation and I'm supposed to use de enter key, but it does not work. I also read in this forum, and I found that a bug was reported, but that forum thread was issued almost a year ago. So I was wondering if it is my javafx version that is giving me the problem.
Thanks in advance.

Hello James, thanks for your answer.
I have used that same code, and it does not work for me. I even tried invoking setEditable on the TableColumns references.
And also I have updated JDK to the last version. 1.7.0_21.
Look:
* To change this template, choose Tools | Templates
* and open the template in the editor.
package tableviewsample;
import javafx.application.Application;
import javafx.collections.FXCollections;
import javafx.collections.ObservableList;
import javafx.event.ActionEvent;
import javafx.event.EventHandler;
import javafx.geometry.Insets;
import javafx.scene.Group;
import javafx.scene.Scene;
import javafx.scene.control.Button;
import javafx.scene.control.Label;
import javafx.scene.control.TableColumn;
import javafx.scene.control.TableView;
import javafx.scene.control.TextField;
import javafx.scene.control.cell.PropertyValueFactory;
import javafx.scene.layout.HBox;
import javafx.scene.layout.VBox;
import javafx.scene.text.Font;
import javafx.stage.Stage;
* @author Eugenio
public class TableViewSample extends Application {
    private TableView table = new TableView();
    @Override
    public void start(Stage stage) {
        Scene scene = new Scene(new Group());
        stage.setTitle("Table View Sample");
        stage.setWidth(400);
        stage.setHeight(500);
        final Label label = new Label("Address Book");
        label.setFont(new Font("Arial", 20));
        TableColumn firstNameCol = new TableColumn("First Name");
        TableColumn lastNameCol = new TableColumn("Last Name");
        TableColumn emailCol = new TableColumn("Email");
        emailCol.setMinWidth(200);
        firstNameCol.setEditable(true);
        lastNameCol.setEditable(true);
        emailCol.setEditable(true);
        table.setEditable(true);
        table.getColumns().addAll(firstNameCol, lastNameCol, emailCol);
        final ObservableList<Person> data = FXCollections.observableArrayList(
                new Person("Jacob", "Smith", "[email protected]"),
                new Person("Isabella", "Johnson", "[email protected]"),
                new Person("Ethan", "Williams", "[email protected]"),
                new Person("Emma", "Jones", "[email protected]"),
                new Person("Michael", "Brown", "[email protected]"));
        firstNameCol.setCellValueFactory(new PropertyValueFactory<Person, String>("firstName"));
        lastNameCol.setCellValueFactory(new PropertyValueFactory<Person, String>("lastName"));
        emailCol.setCellValueFactory(new PropertyValueFactory<Person, String>("email"));
        table.setItems(data);
        final TextField addFirstName = new TextField();
        addFirstName.setPromptText("First Name");
        addFirstName.setMaxWidth(firstNameCol.getPrefWidth());
        final TextField addLastName = new TextField();
        addLastName.setMaxWidth(lastNameCol.getPrefWidth());
        addLastName.setPromptText("Last Name");
        final TextField addEmail = new TextField();
        addEmail.setMaxWidth(emailCol.getPrefWidth());
        addEmail.setPromptText("Email");
        final Button addButton = new Button("Add");
        addButton.setOnAction(new EventHandler<ActionEvent>() {
            @Override
            public void handle(ActionEvent e) {
                data.add(new Person(
                        addFirstName.getText(),
                        addLastName.getText(),
                        addEmail.getText()));
                addFirstName.clear();
                addLastName.clear();
                addEmail.clear();
        final HBox hb = new HBox();
        hb.getChildren().addAll(addFirstName, addLastName, addEmail, addButton);
        hb.setSpacing(3);
        final VBox vbox = new VBox();
        vbox.setSpacing(5);
        vbox.setPadding(new Insets(10, 0, 0, 10));
        vbox.getChildren().addAll(label, table, hb);
        ((Group) scene.getRoot()).getChildren().addAll(vbox);
        stage.setScene(scene);
        stage.show();
     * The main() method is ignored in correctly deployed JavaFX application.
     * main() serves only as fallback in case the application can not be
     * launched through deployment artifacts, e.g., in IDEs with limited FX
     * support. NetBeans ignores main().
     * @param args the command line arguments
    public static void main(String[] args) {
        launch(args);
}

WNA fallback not working

Similar Messages

Maybe you are looking for