Quantcast
Channel: Software Communities : Popular Discussions - All Things Unix
Viewing all 1046 articles
Browse latest View live

IBM DB2 LDAP Plugin and Vintela DB2 Security Plugin

June 29, 2009, 11:38 am
$
0
0

What is the difference between the DB2  LDAP Plug in provided by IBM and DB2 Security Plug in for LDAP from Vintela?  Are they the same product?  We just converted our IBM SP MPP server from NIS to VAS and have been experiencing randomADM13001E errors during heavy usage on AIX 5.3 with UDB 9.5 (see DB2 log below).


2009-06-23-00.04.31.104862-240 I1220A477          LEVEL: ErrorPID     : 4776414              TID  : 4884        PROC : db2sysc 3INSTANCE: udbcdwp              NODE : 003         DB   : CDWPDBAPPHDL  : 3-2246EDUID   : 4884                 EDUNAME: db2agent (CDWP) 3FUNCTION: DB2 Common, Security, Users and Groups, secValidatePasswordPlugin, probe:20DATA #1 : String, 94 bytesdb2ldapGetUserDN:LDAP search failed with ldap rc=81 (Can't contact LDAP server)user='cdwmgr' and 2009-06-23-00.50.36.538464-240 E155194A727        LEVEL: SeverePID     : 4309120              TID  : 772         PROC : db2acd 8INSTANCE: udbcdwp              NODE : 008EDUID   : 772                  EDUNAME: db2acd 8FUNCTION: DB2 UDB, bsu security, sqlexGetDefaultLoginContext, probe:150MESSAGE : ADM13001E  Plug-in "IBMLDAPauthclient" received error code "-1" from          the DB2 security plug-in API "db2secGetDefaultLoginContext" with the          error message "LDAP WhoAmI: can't determine LDAP user associated with          OS user 'udbcdwp': LDAP error while searching for AuthID. Userid          attribute='cn'  AuthID attribute='cn' user objectClass='user'  user          base DN='dc=fhlmc,dc=com'". 

Message was edited by: kgathmann
Search

Not seeing correct AD group membership using vastool

May 22, 2013, 8:55 am
$
0
0

We have an AD group 'foo'.  User Abe is added to it using AD tools.

 

I cannot see this user in the group using vastool on Solaris.  And of course the user cannot login.

 

$ vastool list groups | grep foo

foo:VAS:2010:john.doe@na.company.com,harry.who@na.company.com

$

 

I've executed vastool flush to no affect.

 

What am I doing wrong?

Putty 0.62 session menu with Windows 7

June 17, 2013, 8:18 am
$
0
0

I've recently upgraded to Windows 7, and am enjoying the menu of open putty sessions displayed when I hover my mouse over the putty icon in my toolbar.  HOWEVER, one aspect which bothers me is how the menu displays.  Initially it displays a horizontal list of icons for each session, expanding the list up to 10 sessions, after which it tranforms that list to a vertical list of lines in a single window, one line for each session.  My issue is that once the horizontal list exceeds 6 sessions, the session names contained in the icons get truncated from the right to the point that they are no longer unique, rendering them useless.  Consequently, once I open a 7th session, I proceed to open another 4 simply to maintain the usability of my session menu.  Does anyone know a way to customize either the point at which the menu transfers to a horizontal list, or the session name truncation so that it truncates from the left instead of the right?

Segmentation fault when mod_auth_vas finds no matches

June 1, 2012, 6:51 am
$
0
0
Hello,

We are using mod_auth_vas.so 3.6.7 with Oracle HTTP Server which is effectively Apache 2.0. Recently, we have noticed that an Apache process is terminated with a segmentation fault in case of mod_auth_vas trying to match the requestor's name to the list of allowed user names and but not finding it there. The client's browser receives 401 in this case. Could you please help with it?

Please find an excerpt from the error log

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1581:  [mod_auth_vas] authenticated user: 'Dmitry_Donetskov@EMEA.DELL.COM'

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1037:  [mod_auth_vas] auth_vas_auth_checker: user=Dmitry_Donetskov@EMEA.DELL.COM authtype=VAS

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1055:  [mod_auth_vas] requires->nelts = 3

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:541:  [mod_auth_vas] match_user: name=ServiceSFDCWPSIT@emea.dell.com RUSER=Dmitry_Donetskov@EMEA.DELL.COM

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1422:  [mod_auth_vas] rnote_get: reusing existing rnote

[2012-06-01T14:14:38.8683+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:490:  [mod_auth_vas] set_user_obj

[2012-06-01T14:14:38.8708+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:574:  [mod_auth_vas] match_user: user does not match

[2012-06-01T14:14:38.8708+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:584:  [mod_auth_vas] match_user: <CN=ServiceSFDCWPSIT,OU=Service Accounts,DC=emea,DC=dell,DC=com> <CN=dmitry_donetskov,OU=Users,OU=Moscow,DC=emea,DC=dell,DC=com> no-match

[2012-06-01T14:14:38.8709+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1100:  [mod_auth_vas] require user "ServiceSFDCWPSIT@emea.dell.com" -> FAIL

...........

[2012-06-01T14:14:38.9545+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:584:  [mod_auth_vas] match_user: <CN=Alexey_Lysak,OU=Users,OU=Non Dell,DC=emea,DC=dell,DC=com> <CN=dmitry_donetskov,OU=Users,OU=Moscow,DC=emea,DC=dell,DC=com> no-match

[2012-06-01T14:14:38.9545+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1100:  [mod_auth_vas] require user "Alexey_Lysak@emea.dell.com" -> FAIL

[2012-06-01T14:14:38.9545+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_auth_vas.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [tid: 1144846656] [user: oracle] [ecid: 004kMZrRnhR6uHC_NDG7ye0003a7000007] [rid: 0] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_auth_vas.c:1422:  [mod_auth_vas] rnote_get: reusing existing rnote

[2012-06-01T14:14:39.4014+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [mod_ssl.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] mod_ssl.c:633:  Connection to child 0 established (server ausvmqtcdevap19.us.dell.com:8044)

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:720:  inside shmcb_retrieve_session

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:732:  id[0]=4, masked index=4

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1197:  entering shmcb_lookup_session_id

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:983:  entering shmcb_expire_division

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1207:  loop=0, count=1, curr_pos=0

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1211:  idx->s_id2=47, id[1]=47, offset=0

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1228:  at index 0, found possible session match

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:1247:  a match!

[2012-06-01T14:14:39.4016+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:748:  leaving shmcb_retrieve_session

[2012-06-01T14:14:39.4017+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_scache_shmcb.c:435:  shmcb_retrieve had a hit

[2012-06-01T14:14:39.4017+01:00] [OHS] [INCIDENT_ERROR:32] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 27201] [tid: 1099520320] [user: oracle] [VirtualHost: ausvmqtcdevap19.us.dell.com:8044] ssl_engine_kernel.c:2304:  Inter-Process Session Cache: request=GET status=FOUND id=042F8428065947E3DA8D7A7B77690889 (session reuse)

[2012-06-01T14:14:39.6975+01:00] [OHS] [NOTIFICATION:16] [OHS-9999] [core.c] [host_id: ausvmqtcdevap19.us.dell.com] [host_addr: 10.166.44.87] [pid: 14727] [tid: 47292192636960] [user: oracle] [VirtualHost: main] mpm_common.c:475:  child pid 27200 exit signal Segmentation fault (11), possible coredump in /u01/app/oracle/fusion/mw_1/Oracle_WT1/instances/instance1/config/OHS/ohs1


Message was edited by: dmitry_donetskov_265

WinSSPI not supported on this platform

May 24, 2013, 2:58 pm
$
0
0

I am new to Kerberos.  When attempting to build a Kerberos credential, I call:

 

com.dstc.security.kerberos.winSSPI.WinSSPIGSSManager.getInstance();

 

For some people this causes:

 

Caused by: GSSException: Failure unspecified at GSS-API level

at com.dstc.security.kerberos.winSSPI.WinSSPIGSSManager.<init>(WinSSPIGSSManager.java:86)

at com.dstc.security.kerberos.winSSPI.WinSSPIGSSManager.getInstance(WinSSPIGSSManager.java:109)

... 33 more

Caused by: com.dstc.security.kerberos.winSSPI.SSPIException: WinSSPI not supported on this platform (Windows XP)

at com.dstc.security.kerberos.winSSPI.SSPI.initialize(SSPI.java:304)

at com.dstc.security.kerberos.winSSPI.WinSSPIGSSManager.<init>(WinSSPIGSSManager.java:84)

... 34 more

 

For others, it works fine.  I have also seen "WinSSPI not supported on this platform (Windows 7)" on Windows 7 machines.

 

What does that error indicate?  Where can I begin debugging?

Single Sign-On for Java 7 Not working

August 26, 2013, 5:36 am
$
0
0

Hi,

 

We have been using winSSPI.dll on client side from 3.2 package. This dll is not working anymore in JDK 7.

 

The exception trace as follows :

 

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: [init]: OS name = 'Windows 7', version = '6.1'

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: [init]: isKerberosOS = true, isSessionKeySupported = true

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: initialize: calling native method ...

[winSSPI.dll] initialize

[winSSPI.dll] initialize: done

[INFO] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: initialize: Successfully initialized Windows SSPI

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: acquireCredentialsHandle: calling native method ...

[winSSPI.dll] acquireCredentialsHandle

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: loadCredential: result = 0

Attempting initContext with principal: HTTP/appsec001.gaia.net.intra

initContext failed with principal: HTTP/appsec001.gaia.net.intra error: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

Attempting initContext with principal: HOST/appsec001.gaia.net.intra

initContext failed with principal: HOST/appsec001.gaia.net.intra error: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

initContext failed with all attempted principals

java.security.PrivilegedActionException: javax.security.auth.login.LoginException: LoginException: java.security.PrivilegedActionException: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:373)

          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)

          at weblogic.security.Security.runAs(Security.java:61)

          at security.role.TestKerberosEJBCall.main(TestKerberosEJBCall.java:32)

Caused by: javax.security.auth.login.LoginException: LoginException: java.security.PrivilegedActionException: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

          at com.quest.vsj.weblogic.login.EjbClientKerberosLoginModule.login(EjbClientKerberosLoginModule.java:107)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.lang.reflect.Method.invoke(Method.java:606)

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)

          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)

          at java.security.AccessController.doPrivileged(Native Method)

          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)

          at javax.security.auth.login.LoginContext.login(LoginContext.java:594)

          at security.role.TestKerberosEJBCall$1.run(TestKerberosEJBCall.java:35)

          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)

          ... 3 more

 

Any ideas if any newer version or patch is supporting both JDK 7 64 & 32 bit ?

 

Thanks in advance.

Sudo issue with NIS (QAS) groups in Ubuntu 12.04

April 17, 2012, 12:20 am
$
0
0
Hi,

We're running QAS 3.5.2.80 on the Ubuntu 12.04 beta and we're running into an issue with sudo. Our setup is a full NIS proxy setup where each host is its own proxy. Everything else works just fine, logging in, name resolution, group resolution, etc, etc.
But, in sudo we get an issue with accesses tied to normal groups. If we use netgroups or regular usernames it works fine, but normal gruops... just don't work.
id -a shows all the right memberships, "groups" shows all the right stuff, "ypcat" on the NIS maps works perfect. sudo works fine too, as long as you are using rules based on netgroups or usernames.

Has anyone seen this before? Or even have any clue as to how to debug this issue?

Stuck with kerberos authentication to Sharepoint

October 10, 2012, 3:03 pm
$
0
0
I have to connect to MS IIS server using SPNEGO token with Kerberos ticket inside, exactly as Internet Explorer does it.

If I use java GSSManager.initiateContext() it does request tickets with incorrect KDCOptions, dates and some other params I cannot control.

I tried com.dstc.security lib, and was able to get tickets axactly as Internet Explorer with couple of lines:

prepare required KDCOptions;
Credential tgt = kerberos.requestTicketGrantingTicket(new KerberosPassword(password.getBytes()), kdo, new Date(), d, new InetAddress[] {InetAddress.getByName("somename")}, null);
Credential srvt = kerberos.requestServiceTicket(TGT, new PrincipalName(2, "HTTP/server.domain.net"), REALM, kdo);

But how can I use these credentials or tickets inside to create SPNEGO token same as I can get with GSSManager.initiateContext()?
Search

Problems Compiling MAV on AIX 6.1/XLC/IBMIHS 7.0.0.23

October 12, 2012, 5:22 am
$
0
0
Greetings all.

I am trying to compile MAV 3.6.7 on AIX 6.1/XLC/IBMIHS 7.0.0.23.  I tried using the precompiled 3.6.4 module, but Apache doesn't like that.  Here is the output from the configure script:

checking vas_gss.h usability... no
checking vas_gss.h presence... yes
configure: WARNING: vas_gss.h: present but cannot be compiled
configure: WARNING: vas_gss.h:     check for missing prerequisite headers?
configure: WARNING: vas_gss.h: see the Autoconf documentation
configure: WARNING: vas_gss.h:     section "Present But Cannot Be Compiled"
configure: WARNING: vas_gss.h: proceeding with the compiler's result
configure: WARNING:     ## -------------------------------------- ##
configure: WARNING:     ## Report this to David.Leonard@xxxyy.abc ##
configure: WARNING:     ## -------------------------------------- ##
checking for vas_gss.h... no
checking gssapi.h usability... no
checking gssapi.h presence... yes
configure: WARNING: gssapi.h: present but cannot be compiled
configure: WARNING: gssapi.h:     check for missing prerequisite headers?
configure: WARNING: gssapi.h: see the Autoconf documentation
configure: WARNING: gssapi.h:     section "Present But Cannot Be Compiled"
configure: WARNING: gssapi.h: proceeding with the compiler's result
configure: WARNING:     ## -------------------------------------- ##
configure: WARNING:     ## Report this to David.Leonard@xxxyy.abc ##
configure: WARNING:     ## -------------------------------------- ##
checking for gssapi.h... no
checking gssapi_krb5.h usability... no
checking gssapi_krb5.h presence... yes
configure: WARNING: gssapi_krb5.h: present but cannot be compiled
configure: WARNING: gssapi_krb5.h:     check for missing prerequisite headers?
configure: WARNING: gssapi_krb5.h: see the Autoconf documentation
configure: WARNING: gssapi_krb5.h:     section "Present But Cannot Be Compiled"
configure: WARNING: gssapi_krb5.h: proceeding with the compiler's result
configure: WARNING:     ## -------------------------------------- ##
configure: WARNING:     ## Report this to David.Leonard@xxxyy.abc ##
configure: WARNING:     ## -------------------------------------- ##
checking for gssapi_krb5.h... no

The configure script finishes, without error, but the compile fails with this:

/usr/include/unistd.h:924: error: expected ')' before '[' token
/usr/include/unistd.h:925: error: expected declaration specifiers or '...' before 'rid_t'
get.c: In function 'err_gss':
get.c:626: error: expected declaration specifiers before 'OM_uint32'
get.c:629: error: 'OM_uint32' undeclared (first use in this function)
get.c:629: error: (Each undeclared identifier is reported only once
get.c:629: error: for each function it appears in.)
get.c:629: error: expected ';' before 'ctx'
get.c:630: error: 'gss_buffer_desc' undeclared (first use in this function)
get.c:630: error: expected ';' before 'buf'
get.c:631: error: expected ';' before 'emajor'
get.c:635: error: 'emajor' undeclared (first use in this function)
get.c:635: error: 'eminor' undeclared (first use in this function)
get.c:635: error: 'GSS_C_GSS_CODE' undeclared (first use in this function)
get.c:636: error: 'GSS_C_NO_OID' undeclared (first use in this function)
get.c:636: error: 'ctx' undeclared (first use in this function)
get.c:636: error: 'buf' undeclared (first use in this function)
get.c:643: error: 'GSS_C_MECH_CODE' undeclared (first use in this function)
get.c: In function 'get_nego':
get.c:670: error: 'gss_name_t' undeclared (first use in this function)
get.c:670: error: expected ';' before 'target_name'
get.c:671: error: 'OM_uint32' undeclared (first use in this function)
get.c:671: error: expected ';' before 'major'
get.c:672: error: 'gss_ctx_id_t' undeclared (first use in this function)
get.c:672: error: expected ';' before 'gssctx'
get.c:716: error: 'gssctx' undeclared (first use in this function)
get.c:716: error: 'GSS_C_NO_CONTEXT' undeclared (first use in this function)
get.c:745: error: expected ';' before 'ret'
get.c:764: error: 'gss_buffer_desc' undeclared (first use in this function)
get.c:764: error: expected ';' before 'inbuf'
get.c:767: error: 'namebuf' undeclared (first use in this function)
get.c:769: error: 'major' undeclared (first use in this function)
get.c:769: error: 'minor' undeclared (first use in this function)
get.c:770: error: 'GSS_KRB5_NT_PRINCIPAL_NAME' undeclared (first use in this function)
get.c:770: error: 'target_name' undeclared (first use in this function)
get.c:779: error: 'inbuf' undeclared (first use in this function)
get.c:783: error: 'outbuf' undeclared (first use in this function)
get.c:786: error: 'GSS_C_NO_CREDENTIAL' undeclared (first use in this function)
get.c:789: error: 'GSS_C_NO_OID' undeclared (first use in this function)
get.c:791: error: 'GSS_C_INDEFINITE' undeclared (first use in this function)
get.c:792: error: 'GSS_C_NO_CHANNEL_BINDINGS' undeclared (first use in this function)
get.c:813: error: expected ';' before 'inbuf'
get.c:819: error: 'ret' undeclared (first use in this function)
get.c:823: error: 'VAS_GSS_SPNEGO_ENCODING_BASE64' undeclared (first use in this function)
get.c:824: error: 'GSS_C_NO_BUFFER' undeclared (first use in this function)
make[4]: *** [get.o] Error 1
make[4]: Leaving directory `/mnt/mod_auth_vas-3.6.7/test/http-get'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/mnt/mod_auth_vas-3.6.7/test/http-get'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/mnt/mod_auth_vas-3.6.7/test'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/mnt/mod_auth_vas-3.6.7'
make: *** [all] Error 2

I am using QAS 3.5.2.89.

My last round of compiling MAV was on AIX 5.3/XLC/IBMIHS 6.x, when I had to put a patch in for timeout problems.

Message was edited by: phscott

Problems with Samba after changing Root Password - Please Help

March 21, 2007, 7:04 am
$
0
0
I have an installation of VAS that is running on RedHat EL 4.0. The vas portion is working ok, and with out any problems so far.

I also have the Vintela version of Samba running on the system (Version 3.0.23c-Quest-154). The root password on the server was changed in February, and since the change I have been receiving the following error from Winbind.

[2007/03/21 09:31:30, 0] /data/rc/u/davidl/samba/samba/source/libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password STORM$@CAMPUS.MCGILL.CA failed: Preauthentication failed
[2007/03/21 09:31:30, 0] /data/rc/u/davidl/samba/samba/source/libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password STORM$@CAMPUS.MCGILL.CA failed: Preauthentication failed
[2007/03/21 09:31:30, 0] /data/rc/u/davidl/samba/samba/source/utils/net_ads.c:ads_startup(281)
ads_connect: Preauthentication failed

I have run the following commands trying to trouble shoot this trying to figure out why this stopped working after I changed the password:

/opt/quest/bin/net ads testjoin --> Produces the above results

/opt/quest/bin/net rpc testjoin --> Unable to find a suitable server
Join to domain 'CAMPUS' is not valid

I ran this command to make sure that the passwords were in sync vastool -u host/ passwd -r | net -f -i changesecretpw

I am not seeing any errors in my smb.conf file, so I am at a lost what to do.

VAS / SAMBA how to

March 26, 2009, 7:17 pm
$
0
0
Hi,

If I am using a stock samba version (3.0.20b-3.21-1370-SUSE) and trying to get VAS working with it, do I have to join the system twice in the domain? One for VAS (vastool join...) and other for samba (net ads join...)?

I was trying to setup my samba server without joining the system for samba (net ads join...) and "vas-samba-config" failed on me with the following error:

Testing Samba is joined to Active Directory...
+ /usr/bin/net -s /etc/samba/smb.conf ads testjoin
[2009/03/26 18:43:58, 0] libads/kerberos.c:ads_kinit_password(147)
kerberos_kinit_password host1$@xx.xx.xx.COM failed: Preauthentication failed
[2009/03/26 18:43:59, 0] libads/kerberos.c:ads_kinit_password(147)
kerberos_kinit_password host1$@xx.xx.xx.COM failed: Preauthentication failed
[2009/03/26 18:43:59, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Preauthentication failed
Join to domain is not valid
ERROR: Samba not joined: 'net ads testjoin' failed

this kind of indicates that VAS and samba both need to be joined separately. is that correct?

Thanks!

RPC failure when using vasidmap

November 15, 2011, 12:46 pm
$
0
0
I'm following the instructions for setting up samba to work with quest (http://rc.quest.com/topics/samba/guide.php) and having some trouble. We already use quest to authenticate login, and commands like id and getent work perfectly. At this point, net ads testjoin works fine, but sudo net rpc testjoin yields:

Unable to find a suitable server
Join to domain 'DMN1' is not valid

using -d3 yields more info:

[2011/11/15 13:47:18, 3] param/loadparm.c:lp_load(5069)
lp_load: refreshing parameters
[2011/11/15 13:47:18, 3] param/loadparm.c:init_globals(1440)
Initialising global parameters
[2011/11/15 13:47:18, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2011/11/15 13:47:18, 3] param/loadparm.c:do_section(3808)
Processing section "[global]"
[2011/11/15 13:47:18, 2] lib/interface.c:add_interface(81)
added interface ip=10.83.127.20 bcast=10.83.127.31 nmask=255.255.255.240
[2011/11/15 13:47:18, 3] libsmb/namequery.c:resolve_lmhosts(966)
resolve_lmhosts: Attempting lmhosts lookup for name DMN1<0x1b>
[2011/11/15 13:47:18, 3] libsmb/namequery.c:resolve_wins(863)
resolve_wins: Attempting wins lookup for name DMN1<0x1b>
[2011/11/15 13:47:18, 3] libsmb/namequery.c:name_resolve_bcast(805)
name_resolve_bcast: Attempting broadcast lookup for name DMN1<0x1b>
[2011/11/15 13:47:18, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:18, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:18, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:19, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:19, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:19, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:19, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:19, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:19, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb: No such file or directory
[2011/11/15 13:47:19, 1] utils/net.c:net_find_server(453)
no server to connect to
Unable to find a suitable server
Join to domain 'DMN1' is not valid
[2011/11/15 13:47:19, 2] utils/net.c:main(1075)
return code = -1

Upon the recommendation of the guide, I added the line
wins server = label-DC01.dmn1.net
to smb.conf and tried again, to no avail. label-DC01.DMN1.net is the primary windows AD server, also serving kerberos tickets. My smb.conf has the following relevant lines (added by vas-samba-config):
workgroup = DMN1
realm = DMN1.NET

label-DC01.dmn1.net has open tcp ports on 139, and 445, among others.

Any ideas on how to get rpc to join correctly?

Quest OpenSSH on Solaris 10 (SMF mode).

March 4, 2008, 9:33 am
$
0
0

We have a customer, who wants to run VAS+Quest OpenSSH on Solaris 10. However, our OpenSSH runs in legacy (rc*.*) mode and does not support the new Solaris 10 service management mode (SMF). Can we provide the manifest for the services for our OpenSSH on Solaris 10, so that it can be run in the new mode?

2 Apache instances running with different Service Account

September 19, 2013, 2:28 pm
$
0
0

Hi all,

 

I;m having trouble with on of 2 Apache instances. The VHOST seems to take well the HTTP.keytab and Server Principal configuration at the startup of the Apache Service.

But when the first web request, it seems like it's not accepting the HTTP.keytab location defined at the beginning and it's trying to look on default location.

 

I'm using the AuthVasKeytabFile directive for defining the location of the file.

 

[Thu Sep 19 11:05:17 2013] [debug] mod_auth_vas.c(2312): [client 1.1.1.1] [mod_auth_vas] auth_vas_check_user_id: auth_type=VAS

[Thu Sep 19 11:05:17 2013] [debug] mod_auth_vas.c(2342): [client 1.1.1.1] [mod_auth_vas] sending initial negotiate headers

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(2312): [client 1.1.1.1] [mod_auth_vas] auth_vas_check_user_id: auth_type=VAS

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(2359): [client 1.1.1.1] [mod_auth_vas] Got: 'Authorization: Negotiate [...]'

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1457): [client 1.1.1.1] [mod_auth_vas] do_gss_spnego_accept: line='YIIIUQYGKwYBBQUCoIIIRTCCCEGgMDAu...'

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1469): [client 1.1.1.1] [mod_auth_vas] do_gss_spnego_accept: server keytab: /nfs/path/HTTP.keytab

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1470): [client 1.1.1.1] [mod_auth_vas] do_gss_spnego_accept: server principal: HTTP/myhost.com

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1416): [client 1.1.1.1] [mod_auth_vas] rnote_get: creating rnote

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1498): [client 1.1.1.1] [mod_auth_vas] calling vas_gss_spnego_accept, base64 token_size=2844

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1513): [client 1.1.1.1] [mod_auth_vas] do_gss_spnego_accept: server keytab /nfs/path/HTTP.keytab

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1367): [client 1.1.1.1] [mod_auth_vas] initialize_user

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1395): [client 1.1.1.1] [mod_auth_vas] initialize_user: Remote user principal name is user@mydomain.com

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(2922): [client 1.1.1.1] [mod_auth_vas] set_remote_user: setting REMOTE_USER for user@mydomain.com

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(2936): [client 1.1.1.1] [mod_auth_vas] set_remote_user: setting REMOTE_USER variable using ldap-attr sAMAccountName name mapping

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(492): [client 1.1.1.1] [mod_auth_vas] set_user_obj

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(2655): [client 1.1.1.1] [mod_auth_vas] set_remote_user_attr: Using VAS cache for lookup of sAMAccountName attribute

[Thu Sep 19 11:05:18 2013] [info] [client 1.1.1.1] [mod_auth_vas] Remote user set from user@mydomain.com to user (attribute sAMAccountName)

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(2944): [client 1.1.1.1] [mod_auth_vas] set_remote_user: Mapped user to juancgox using ldap-attr sAMAccountName name mapping

[Thu Sep 19 11:05:18 2013] [error] [client 1.1.1.1] [mod_auth_vas] do_gss_spnego_accept: auth_vas_user_use_gss_result failed: VAS_ERR_CRED_NEEDED: Unable to find a keytab entry in /etc/opt/quest/vas/HTTP.keytabfor HTTP/myhost.com

[Thu Sep 19 11:05:18 2013] [error] [client 1.1.1.1] [mod_auth_vas] auth_vas_user_use_gss_result: unknown routine error

[Thu Sep 19 11:05:18 2013] [error] [client 1.1.1.1] [mod_auth_vas] auth_vas_user_use_gss_result: Success

[Thu Sep 19 11:05:18 2013] [debug] mod_auth_vas.c(1339): [client 1.1.1.1] [mod_auth_vas] auth_vas_cleanup_request

 

Thanks in advance for your help,

 

Regards,

Obed N Munoz

AIX sudo version 1.7.2.6 Issue

June 11, 2010, 3:58 pm
$
0
0

I checked AIX platform sudo
Below is my sudo entry
%:HST_UEGENG    njwashud9=(root) /bin/ksh

Getting below error when run sudo

njwashud9[270]: sudo -H -u root ksh
sudo: Non-unix group checking unavailable: dlopen() failed: Could not load module .
System error: No such file or directory

Search

SSO Quest Putty to CentOS 5.5 with ADS 2003R1

April 15, 2011, 6:17 am
$
0
0
Hallo:

  I've 3 Linux CentOS 5.5 joined to Active Directory (ADS) Win2003 SR1.

  No problem to logon to this computers using user/pass from ADS (from Windows with Quest Putty and ssh in Linux).

  I can connect from one CentOS sever to another using users from ADS and no password is requested, as SSO is enabled (to the end, I put the information displayed doing a ssh in debug mode).

  For connecting from Windows to CentOS, I try to use Quest Putty. But unable do do a SSO. I'm always requested for a password.
  This is the error is displayed:

C:\Program Files\Quest Software\PuTTY>plink -v -f server0102.company.com
Looking up host "server0102.company.com"
Connecting to 10.13.117.124 port 22
Server version: SSH-2.0-OpenSSH_4.3
We claim version: SSH-2.0-PuTTY_Release_0.60_q1.129
SSPI: acquired credentials for: user1@COMPANY.COM
Constructed service principal name 'host/server0102.company.com'
Enabling GSSKEX for this target
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-1
Host key fingerprint is:
ssh-rsa 2048 61:b1:42:44:34:b0:37:b9:00:44:93:46:0d:ea:59:00
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "user1".
SSPI: trying user_name='user1' service=''
SSPI: acquired credentials for: user1@COMPANY.COM
Constructed service principal name 'host/server0102.company.com'
Using GSSAPI service principal name "host/server0102.company.com".
GSSAPI authentication aborted
user1@server0102.company.com's password:

Can any help me with this problem:


Also tried another solution installing
quest-openssh-5.2p1_q13-1.i386.rpm

but an error is displayed when I try to install:
rpm -Uvhi  ../software/paquetes/quest-openssh-5.2p1_q13-1.i386.rpm
error: Dependency error:
        libvas.so.4 se needed for quest-openssh-5.2p1_q13-1.i386

and I can't find that file.


Any suggestion?

   Thanks



SS from CentOS to CentOS
=========================

[user1@server0101 ~]$ ssh server0102.company.com -vv
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server0102.company.com [10.13.117.124] port 22.
debug1: Connection established.
debug1: identity file /home/COMPANY/user1/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/COMPANY/user1/.ssh/id_rsa type 1
debug1: identity file /home/COMPANY/user1/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 144/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server0102.company.com' is known and matches the RSA host key.
debug1: Found key in /home/COMPANY/user1/.ssh/known_hosts:11
debug2: bits set: 500/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/COMPANY/user1/.ssh/identity ((nil))
debug2: key: /home/COMPANY/user1/.ssh/id_rsa (0x9c2f538)
debug2: key: /home/COMPANY/user1/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Delegating ccomentials
debug1: Delegating ccomentials
debug1: Authentication succeeded (gssapi-with-mic).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug1: Sending environment.
debug1: Sending env LANG = es_ES.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
Last login: Fri Apr 15 14:45:41 2011 from server0101.company.com
[user1@server0102 ~]$





 

VAS User Group Membership Issues

October 25, 2013, 11:06 am
$
0
0

Hello everybody,

 

I have been working on this issue for awhile now, and I am having no luck.

I am having an issue with Quest (VAS) authentication as user groups.

 

I am having an issue where a user can log into a RedHat server with no issues, but they cannot access a specific directory owned by a group (Permission Denied).

As root, I do a vastool flush on the server, and then I "su -" to the user. At that point I can access the directory with no issues.

I do an "ID" command, and I see the user is a member of about 11 groups.

 

Now for the fun part.......

 

I tell the user it is fixed, and then they LOGIN.

Of course, they can't access the directory. I log into the server and "su -" to the user and sure enough, the user can't access the directory.

I run the "ID" command again, and this time the user is showing as a member of a much larger number of groups.

I assume the directory access could be due to the user being a member of too many groups (even though one of the groups is the group they need).

 

I have tried to flush several times. I have even unjoined/rejoined the server. Still the same behavior ----- I do a flush as root and access is okay until the user logs in.

Then the number of groups the user is a member of increases and access is denied.

I assume that VAS calls the AD information differently durning the login process versus root doing a "su -" to the user.

 

Has anyone seen this issue before?

I've tried about everything, so any help would be appreciated.

 

Thanks,

Chuck

FATAL ERROR: Server unexpectedly closed network connection in using Plink

November 14, 2008, 4:41 am
$
0
0
Hi,

Could any one please let me know why this error is occuring randomly while using Plink? Some days it works fine and suddenly it stops to work with this error message.

FATAL ERROR: Server unexpectedly closed network connection

I am using below command

"C:\Program Files\PuTTY\plink.exe" -load MyProfile -ssh -x -a -t -l userID HostName Command

Thanks,
Megha





Samba errors with Win2008 R2

December 11, 2009, 2:00 pm
$
0
0
Hi,

Using RHEL 5.2 64-bit, VAS 3.3.2-142+Samba 3.0.33-3.7.el5; Win 2008 R2. Can you help me?

# vastool status

VAS is currently joined to:                      localdom.com
Join command found in:                           /etc/opt/quest/vas/lastjoin
Verifying timesync with domain controller:       YES
  Time delta: 0 seconds
Are valid VAS licenses installed?                YES
Checking to see if VAS daemon is running:        YES
Checking for valid computer account (SAMNAME)
  PODCAST1$@LOCALDOM.COM                     YES
Checking for valid computer account (SPN)
  host/podcast1.localdom.com@LOCALDOM.COM       YES
Checking to see if VAS is in connected state:    YES
Verifying VAS is configured for name service:    YES
Verifying VAS is configured for auth service:    YES
Verifying VAS configuration file is correct:     YES
Verifying sanity of users allow file:            YES
Verifying sanity of users deny file:             YES
Verifying sanity of group-override file:         YES
Verifying sanity of user-override file:          YES

Samba log:

[2009/12/08 11:33:53, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC fault 0x00000721 received from remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001!
[2009/12/08 11:37:57, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/08 11:42:57, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/08 11:52:57, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0x4001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[...]
[2009/12/11 14:09:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:19:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:29:54, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:40:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 14:50:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:00:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:10:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:20:23, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:25:26, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC01.localdom.com pipe \NETLOGON fnum 0xc00freturned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:28:41, 0] rpc_client/cli_pipe.c:cli_pipe_verify_schannel(354)
  cli_pipe_verify_schannel: auth_len 56.
[2009/12/11 15:38:42, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC fault 0x00000721 received from remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001!
[2009/12/11 15:48:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 15:58:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 16:08:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 16:18:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
[2009/12/11 16:28:42, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
  rpc_api_pipe: Remote machine DC03.localdom.com pipe \NETLOGON fnum 0xc001returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED


Thank you.

4.0.3 bug fixed in 4.1?

November 14, 2013, 9:25 am
$
0
0

Was the bug defect 25868 resolved in QAS 4.1?   error: vasd: Fixed sefgault in LDAP handler on certain group updates

Viewing all 1046 articles
Browse latest View live
Search