[Fedora-directory-users] Switching off host filter in admin server - how?
by Graham Leggett
Hi all,
Having got my brand new DS v1.0.2 up and running, and the admin server
started up, I discover that the admin server has arbitrarily placed a
host check of *.domain.com onto the server, effectively locking me out
of the admin server (my client machine is not in *.domain.com).
No worries, grep finds this setting in admin-serv/config/local.conf, so
I change it there - no effect.
Ok, maybe this setting is in the directory itself. I do a subsearch of
cn=config on the directory, and I cannot find this setting anywhere there.
So I start on the docs - and am faced with an encyclopaedia of information.
Any ideas where the setting is to handle host settings?
Regards,
Graham
--
18 years, 3 months
[Fedora-directory-users] rpm upgrade fails
by Jo De Troy
Hi Rich,
I totally removed the old rpm and the /opt/fedora-ds directory then I
installed the rpm without processing the pre-scripts
root%rpm --nopre -ivh /tmp/fedora-ds-1.0.2-1.RHEL4.i386.opt.rpm
Preparing... ###########################################
[100%]
1:fedora-ds ###########################################
[100%]
error: %post(fedora-ds-1.0.2-1.RHEL4.i386) scriptlet failed, exit status 255
[root@tux opt]# rpm -q fedora-ds
fedora-ds-1.0.2-1.RHEL4
So it seems installed but I do get an error in the %post section
Can I see what exactly is in the different sections? Is there a spec file I
can download somewhere?
Could it be my rpm db is corrupt? I already tried rebuilding this, but it
didn't help.
Jo
18 years, 3 months
[Fedora-directory-users] Can't login to console
by Mont Rothstein
I am trying to setup Fedora Directory Server 1.0.1 on an x86 box running
RedHat ES4 in a VMWare session.
I've run setup. I've created a user and group dsuser which is set as the
server user. I set the admin to be dsadmin. I set the admin server to be
run as root.
setup completes and appears to start correctly.
I use the following line to launch the console:
./startconsole –x nologo –u dsadmin –a
http://rheles4rs1.forayadams.foray.com:45303
In the login window I enter the dsadmin password. I then get a panel with
the following message:
Cannot logon because of incorrect User ID,
incorrect password or Directory problem.
HttpException:
Response: HTTP/1.1 401 Authorization Required
Status: 401
URL: http://rheles4rs1.forayadams.foray.com:45303/admin-serv/authenticate
I'm sure I've done something stupid and basic somewhere, but I have no idea
what and I can't find anything about this via search.
Does anyone have any ideas as to what I've done wrong?
Thanks,
-Mont
18 years, 3 months
Re: [Fedora-directory-users] rpm upgrade fails
by Jo De Troy
Hi Rich,
that didn't work either.
I removed the rpm without executing scripts (rpm -e --noscripts ) and tried
to install the latest version.
Now I get an error in the %pre scriptlet
error: %pre(fedora-ds-1.0.2-1.RHEL4.i386 ) scriptlet failed, exit status 255
error: install: %pre scriptlet failed (2), skipping
fedora-ds-1.0.2-1.RHEL4
Best Regards,
Jo
18 years, 3 months
[Fedora-directory-users] rpm upgrade fails
by Jo De Troy
Hello,
I wanted to upgrade from fedora-ds-1.0.1 on CentOS4 to the latest release
1.0.2 and I got:
root# rpm -Uvh fedora-ds-1.0.2-1.RHEL4.i386.opt.rpm
error: %pre(fedora-ds-1.0.2-1.RHEL4.i386) scriptlet failed, exit status 255
error: install: %pre scriptlet failed (2), skipping
fedora-ds-1.0.2-1.RHEL4
Any ideas?
Best Regards,
Jo
18 years, 3 months
[Fedora-directory-users] Slapd error 153 installing FDS 1.0.2 on FC4
by Jeremy Bender
Hello,
Pardon me if this has been covered before, I've googled for the answer,
searched bugzilla, RTFM, etc, to no avail. I am trying to install FDS
1.0.2 on a Dell Precision 330 running a freshly installed and updated
copy of FC4 following the instructions here:
http://directory.fedora.redhat.com/wiki/Setup
After answering the setup questions I get the following message:
[03/Mar/2006:14:13:29 -0600] - Fedora-Directory/1.0.2 B2006.060.1951
starting up
[slapd-fds]: [03/Mar/2006:14:13:30 -0600] - slapd started. Listening on
All Interfaces port 389 for LDAP requests
Your new directory server has been started.
Created new Directory Server
Start Slapd Starting Slapd server configuration.
Fatal Slapd ERROR: Ldap authentication failed for url
ldap://mail.b-ainc.com:389/o=NetscapeRoot user id admin (153:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration
Server.
Configuring Administration Server...
Setting up Administration Server Instance...
ERROR: Administration Server configuration failed.
You can now use the console. Here is the command to use to start the
console:
cd /opt/fedora-ds
./startconsole -u admin -a http://mail.b-ainc.com:1500/
INFO Finished with setup, logfile is setup/setup.log
Running startconsole as specified does not work.
I'd really appreciate it if someone could point me in the right
direction, as I'm stumped. Firewall and SELinux are completely disabled
on this system, DNS resolution works forward and reverse. I'll paste the
contents of setup.log and install.inf at the end of this email, and will
be happy to provide any other info requested.
Thanks in advance!
Jeremy Bender
jbender(a)b-ainc.com
setup.log contents:
[root@mail bin]# cat /opt/fedora-ds/setup/setup.log
[06/03/01:11:58:58] - [Setup] Info Start...
[06/03/01:11:58:58] - [Setup] Info Start binary installation...
[06/03/01:11:58:58] - [Setup] Info PreInstall phrase...
[06/03/01:11:58:58] - [Setup] Info Unzip component binaries...
[06/03/01:11:58:58] - [Setup] Info Extracting Fedora core components ...
[06/03/01:11:59:03] - [Setup] Info PostInstall phrase...
[06/03/01:11:59:03] - [Setup] Info DONE
INFO Begin Setup . . .
[slapd-fds]: starting up server ...
[slapd-fds]: Fedora-Directory/1.0.2 B2006.060.1951
[slapd-fds]: mail.b-ainc.com:389 (/opt/fedora-ds/slapd-fds)
[slapd-fds]:
[slapd-fds]: [03/Mar/2006:14:29:52 -0600] - Fedora-Directory/1.0.2
B2006.060.1951 starting up
[slapd-fds]: [03/Mar/2006:14:29:53 -0600] - slapd started. Listening on
All Interfaces port 389 for LDAP requests
Your new directory server has been started.
Created new Directory Server
Start Slapd Starting Slapd server configuration.
Fatal Slapd ERROR: Ldap authentication failed for url
ldap://mail.b-ainc.com:389/o=NetscapeRoot user id admin (153:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration
Server.
Configuring Administration Server...
Your parameters are now entered into the Administration Server
database, and the Administration Server will be started.
Changing ownership to admin user root...
Setting up Administration Server Instance...
ERROR: Ldap authentication failed (153:Unknown error.)
You can now use the console. Here is the command to use to start the
console:
cd /opt/fedora-ds
./startconsole -u admin -a http://mail.b-ainc.com:1500/
INFO Finished with setup, logfile is setup/setup.log
install.inf contents:
[root@mail bin]# cat /root/install.inf
[General]
FullMachineName= mail.b-ainc.com
SuiteSpotUserID= nobody
SuiteSpotGroup= nobody
ServerRoot= /opt/fedora-ds
AdminDomain= b-ainc.com
ConfigDirectoryAdminID= admin
ConfigDirectoryAdminPwd= password
ConfigDirectoryLdapURL= ldap://mail.b-ainc.com:389/o=NetscapeRoot
UserDirectoryAdminID= admin
UserDirectoryAdminPwd= password
UserDirectoryLdapURL= ldap://mail.b-ainc.com:389/dc=b-ainc,dc=com
[slapd]
SlapdConfigForMC= Yes
SecurityOn= No
UseExistingMC= No
UseExistingUG= No
ServerPort= 389
ServerIdentifier= fds
Suffix= dc=b-ainc, dc=com
RootDN= cn=Directory Manager
AddSampleEntries= No
InstallLdifFile= suggest
AddOrgEntries= Yes
DisableSchemaChecking= No
RootDNPwd= password
[admin]
SysUser= root
Port= 1500
ServerIpAddress=
ServerAdminID= admin
ServerAdminPwd= password
ApacheDir= /usr/sbin/
ApacheRoot= /etc/httpd
[root@mail bin]#
18 years, 3 months
[Fedora-directory-users] Admin console and reverse DNS
by Kimmo Koivisto
Hello
I installed FDS 1.0.2 to the FC4 and tried to connect it with Admin console.
I have set Host filter to * and Address filter to *. When I try to use admin
console from client workstation which has working reverse DNS address,
connection works.
But when I try to connect from workstation without working reverse DNS, login
fails:
<error log>
[Fri Mar 03 16:41:57 2006] [notice] Access Host filter is: *
[Fri Mar 03 16:41:57 2006] [notice] Access Address filter is: *
[Fri Mar 03 16:41:58 2006] [notice] Access Host filter is: *
[Fri Mar 03 16:41:58 2006] [notice] Access Address filter is: *
[Fri Mar 03 16:41:58 2006] [notice] Apache/2.0 configured -- resuming normal
operations
[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.19.12
[Fri Mar 03 16:44:06 2006] [warn] [client 192.168.19.12]
admserv_host_ip_check: failed to get host by ip addr [192.168.19.12] - check
your host and DNS configuration
[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
admserv_host_ip_check: Unauthorized host ip=192.168.19.12, connection
rejected
</error log>
How to allow admin console connections to admin server from addresses that do
not have working reverse DNS?
Best Regards
Kimmo Koivisto
18 years, 3 months
RE: [Fedora-directory-users] Fedora DS v1.0.2 src RPMs?
by Jason Hane
He's using 2.0 beta or something. It's the newest one.
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Dennis
Gilmore
Sent: Thursday, March 02, 2006 6:09 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Fedora DS v1.0.2 src RPMs?
On Thursday 02 March 2006 17:02, Jason Hane wrote:
> Red Hat doesn't support SPARC. My co-worker just installed Aurora
> today on his SPARC box. It is similar, but I do see some differences.
> Hopefully it'll work for you.
>
> Jason Hane
>
Which version of Aurora did he install. 2.0 is based on fc3 and 1.0
is based on RH 7.3 I use It of my 4 sparcs
--
Regards
Dennis Gilmore, RHCE
Proud Australian
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
18 years, 3 months
Re: [Fedora-directory-users] Admin console and reverse DNS
by Thierry Lanfranchi
I think you have to set the filter to NULL or empty if you don't need dns
host checking at all.
----- Original Message -----
From: Kimmo Koivisto <kimmo.koivisto(a)surfeu.fi>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Date: Fri, 3 Mar 2006 16:50:25 +0200
Subject: [Fedora-directory-users] Admin console and reverse DNS
> Hello
>
> I installed FDS 1.0.2 to the FC4 and tried to connect it with Admin console.
>
> I have set Host filter to * and Address filter to *. When I try to use
> admin
> console from client workstation which has working reverse DNS address,
> connection works.
>
> But when I try to connect from workstation without working reverse DNS,
> login
> fails:
> <error log>
> [Fri Mar 03 16:41:57 2006] [notice] Access Host filter is: *
> [Fri Mar 03 16:41:57 2006] [notice] Access Address filter is: *
> [Fri Mar 03 16:41:58 2006] [notice] Access Host filter is: *
> [Fri Mar 03 16:41:58 2006] [notice] Access Address filter is: *
> [Fri Mar 03 16:41:58 2006] [notice] Apache/2.0 configured -- resuming
> normal
> operations
> [Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
> admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.19.12
> [Fri Mar 03 16:44:06 2006] [warn] [client 192.168.19.12]
> admserv_host_ip_check: failed to get host by ip addr [192.168.19.12] -
> check
> your host and DNS configuration
> [Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
> admserv_host_ip_check: Unauthorized host ip=192.168.19.12, connection
> rejected
> </error log>
>
> How to allow admin console connections to admin server from addresses that
> do
> not have working reverse DNS?
>
> Best Regards
> Kimmo Koivisto
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
18 years, 3 months
Re: [Fedora-directory-users] blocking
by Mike Jackson
> We have just migrated from openldap to fedora, and have realized with
> horror that some authentication clients (for example CAS) are giving the
> OK to users who submit un empty password string.
>
> We have been going slowly mad trying to find how to block this in the
> configuration.
FDS only cares about the bind method when evaluating access control to
data. When only using the external bind interface, AFAIK there is
currently no way to disable anonymous binds from succeeding with FDS.
One could write a pre authentication plugin which, when enabled, would
prevent anonymous binds from succeeding and send the unwilling to
perform back to the client.
BR,
--
mike
18 years, 3 months