Ben's questions

I'm trying to get some client OS X machine to automatically authenticate to a QNAP share using a separate LDAP Open Directory server.

(Note: I'm using example.com below to hide the real server name as it's currently exposed)

The networks has:

1. An OSX Server machine with Open Directory running (e.g. server is master.example.com)

2. Multiple OSX Client machines connecting and authentication to the Server using network accounts.

That part so far is working well.

I'm now adding a separate QNAP NAS as a file server (a TVS-871T for reference), e.g. called server.example.com

I've configured the QNAP Nas to use the OSX Server for LDAP authentication in the control panel under Domain Security.

Server: master.example.com
Base DN: dc=master,dc=example,dc=com
Root DN is the Open directory admin: uid=keymaster,dc=master,dc=example,dc=com
Users Base DN is: cn=users,dc=master,dc=example,dc=com
Groups Base DN is: cn=groups,dc=master,dc=example,dc=com

I can see the network users and groups in the QNAP interface and give them access to shares.

I can manually mount the share from an afp client (Cmd + K) and type in the username and password.

So far so good.

Now for the problem.. I'm attempting to get all the network accounts to automatically mount the share when they login.

Normally I would configure this in the OSX server profile manager as an authenticated network mount (which automatically uses the user's network account to authenticate during the mount operation). This is tested and works well if it's a share of the open directory master itself.

However, when I try to automatically mount a share on the QNAP drive, the client pops up the authentication window.

Which seems to say it's unable to login to it. Even if I re-enter the password, it still doesn't want to login.

The Console shows an error in NetAuthSysAgent AFP_OpenSession – Login failed with 80

Now, interestingly if I try to login with the user's short username – e.g. joesmith in this instance – then it does login to the share.

So basically, I can get partial authentication using username but can't get the automated mount to happen because – I'm guessing – the client tries using a slightly different method (with the full name displayed in the login box).

Is there a way that I can get this to work? Am I missing a setting on QNAP ldap configuration to get this to work?

Should I configure the LDAP connection different on the QNAP server to allow the authentication system from the osx clients?

Edit:

I did a bit of digging around using Wireshark on the OD server to see what the QNAP device sends through (I am clearly desperate), and I can see the QNAP device does a (&(objectClass=posixAccount)(uid=Joe Smith)) query to the OD master which confirms the assumption that it's sending the wrong credential.

Using ldapsearch I can replicate this too. If I change the query from uid to cn then it works on the command line. Not sure if I can change the way QNAP sends its search filter though.

Edit 2:

I can get the QNAP drive to use CN instead of uid by editing:

/mnt/HDA_ROOT/.config/nss_ldap.conf

and adding

nss_map_attribute uid cn

to it.

Then /etc/init.d/ldap.sh restart

This then allows me to login with the full name.

However, this breaks the groups ACL.

Looking at Wireshark again, the ldap authentication now uses CN for the group membership test too: (&(objectClass=posixGroup)(memberUid=Joe Smith))

Works if you give individual users share access, but I want to use group ACLs :(

Edit 3:

pam ldap seems to have an option called pam_login_attribute that would be exactly what I need, but nss ldap doesn't seem to use it or have a similar alternative.

I'm trying to setup a background job in a QNAP TVS-871T.

It doesn't come with nohup pre-installed.

I've found multiple references to install it on a QNAP device (e.g. https://stackoverflow.com/questions/28623838/qnap-nas-nohup-no-such-file-or-directory) but that doesn't seem to apply to this device; there is no such package available in the web interface.

Seems to be a variant of an Ubuntu distro but none of its package managers are available.

cat /proc/version
Linux version 3.12.6 (root@NasX86Builder) (gcc version 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2)) #1 SMP Wed Jun 1 06:14:19 CST 2016

It's running QTS 4.2 if that makes any difference.

Any idea?

I'm setting up a VPS with 4 vCPU that will be running a single website.

Most places recommend to set the nginx worker_processes config to the number of cpus, so in this case 4.

The server will also be running a few other services (mysql, memcached mainly) that will be used by the website.

In that current scenario, is it still recommended to have worker_processes set to 4 or would there be benefits to limiting it to 3 for instance?

Edit: Also running php, via php-fpm - don't know how I didn't think that was relevant

I've installed Cherokee on a CentOS 6.3 VM through EPEL repo.

If I open http://localhost in elinks (sorry no gui) I can see the "Powered by Cherokee" page fine.

I've then launched the cherokee-admin process and open http://localhost:9090 in elinks.

I'm being asked the login and passsword, which I enter, but then nothing happens. It gets stuck loading.

I've tried the ssh tunnel technique to load it in a fancier browser like chrome in case that was the problem but it's the same scenario, I get the popup asking me for the username and password but then the browser gets stuck loading.

On a few occasions, Chrome shows a "504 Gateway Timeout" message but not always. If I refresh when that happens then it gets stuck again.

What am I missing here?

If I let chrome run long enough I get this error message:

503 Service Unavailable

------------------------

Cherokee web server 1.2.101 (UNIX), Port 9090

I've got Python 2.6.6

This is the output when I start cherokee-admin -x -b

Cherokee Web Server 1.2.101 (Feb 21 2012): Listening on port ALL:9090, TLS
disabled, IPv6 enabled, using epoll, 4096 fds system limit, max. 2041
connections, single thread

Login:
  User:              admin
  One-time Password: 2nEKQfD3RqLbKJ5a

Web Interface:
  URL:               http://localhost:9090/

When I open up the admin in a browser the cherokee-admin displays this:

DEBUG: SIGUSR1 invokes the console..
       SIGUSR2 prints a backtrace..
Server 1.2.101 running.. PID=3570 Port=4000

Trying to configure a SharePoint on a Lion Server machine.

The directory is created by the local server admin (serveradmin) and has rwxr-x--- given to it.

The serveradmin user belongs to the local staff group so

serveradmin readwrite
staff group read
Others      none

We have an OD group for all the employees (Workers) . Using the Server tool we've given Full Control to the SharePoint:

Workers     Full Control
serveradmin readwrite
staff group read
Others      none

We would assume that Workers could then do what they want on the share but that doesn't seem to be the case. It appears the POSIX permissions take over the ACL permissions for Worker.

If I change the staff permission to readwrite then the Workers can create a file or folder in SharePoint.

I would think the ACL should take over but it doesn't, posix always win, rendering ACL useless.

Furthermore, if I leave the readwrite permission for staff and take Write permission away for the Workers group then the posix group still wins. Essentially the Workers ACL does absolutely nothing.

There are reports of similar problems in this Apple forum thread: https://discussions.apple.com/thread/3722901

The directory nesting fix suggested there doesn't work for us.

Has anyone had similar issues and know how to fix this?

Edit: in Workgroup Manager the employees user are set to primary group staff and given the additional OD group Workers. Changing their primary group doesn't help, it only shifts the problem onto Others taking over rights (logically)

Edit 2: Ok, this is interesting, adding OD Users to the share's ACL works totally fine

I'm just trying to login again as admin onto an old VPS that I haven't used for a while.

The password I had on file doesn't seem to work anymore.

The strange things are:

• I'm able to ssh onto the server as root with that same password.

• If I display the content of /etc/psa/.psa.shadow it's the password I thought it was.

• I can also login to mysql with mysql -uadmin -pthepassword fine

But I can't login to Plesk itself via the web interface as admin. It's not showing any error on the login box, i'm just presented with the box again.

There's no error log in /usr/local/psa/admin/logs either.

Plesk version is 9.3.0, on a CentOS 5 server.

Any idea what is going on here?

Or anything I could check that could help troubleshooting this?

EDIT: not sure if that helps but both select * from cp_access; and select * from misc where param='access_policy'; on the psa db return an empty set

EDIT 2: select * from lockout; is also empty

I'd like to be able to configure OTRS ticket system to send email through sendgrid but I also want to add some configuration parameters through the X-SMTPAPI sendgrid header.

There's no obvious config setting I can see that would allow me to add a header to sent email through smtp in OTRS.

Any idea how I could do this?

A couple of notes of importance:

• The server itself uses qmail, but I can't configure the entire local server to go through sendgrid because it runs some other services that shouldn't go through sendgrid

• I'd like to avoid as much as possible changing the OTRS source files if possible because a) i don't know perl that well and b) that's asking for trouble

I'm trying to migrate a client's hosting from a really bad host to a new one.

The current host provides no control panel (they're a bit control freaks, you have to lodge a ticket to do anything) so I can't back up the mail from the control panel.

I need a way to grab the mail from the mailboxes and transfer it onto the new host.

As far as I know, they only provide pop3 on their server either so I can't use imapsync.

The new host is a vps with cpanel, I can install whatever could help on it.

Is there any way that I can automate the transfer from the old host to the new one?

Am I doomed?

Struggling a bit trying to work this out. I'm on a Centos 5.5 VPS with multiple IP addresses.

I've setup the IP address alias for eth0 (eth0, eth0:1, eth0:2, eth0:3, eth0:4, eth0:5), each with a different static address, using the Red Hat Text Mode Setup Utility (setup).

I've saved the config and rebooted but only eth0 and eth0:5 show up with ifconfig.

The folder /etc/sysconfig/networking/devices shows all interfaces scripts

but /etc/sysconfig/network-scripts/ only has ifcfg-eth0 and ifcfg-eth0:5 (which is what ifconfig seems to find).

Do I need to do anything else to make those aliases show up?

Thanks

I'm trying to install ionCube loader on a CentOS 5 machine.

I've installed php 5.3 & ionCube loader through the atomic yum repo.

when i check on the command line, php says ionCube loads fine:

php -v
PHP 5.3.6 (cli) (built: Apr 19 2011 12:28:40) 
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
    with the ionCube PHP Loader v4.0.5, Copyright (c) 2002-2011, by ionCube Ltd.

but the loader isn't picked up when I run a php script via http (?)

phpinfo() shows in the "Additional .ini files parsed" that /etc/php.d/ioncube.ini is indeed loaded and parse but ionCube doesn't work; ionCube encrypted files are shown as is rather than parsed and the phpinfo page shows no mention of ionCube (apart from the parsed ini file).

I've restarted apache.

What's missing?

EDIT: The ioncube.ini file content is:

zend_extension=/usr/lib/php/ioncube/ioncube_loader_lin_5.3.so

EDIT 2: just tried zend gard loader and it worked right away. ionCube does not. Weird

For the last month or so I've noticed a shift in spam content.

Basically still getting a lot of it but there's a new focus on fake jobs offers.

They all look the same, all take to a fake Seek.com payment page.

The main difference though is SpamAssassin on the mail server is Not detecting those as spam (whereas all the usual manhood spam stuff does).

Why do these get not flagged as spam? any tweaks to the server that can help?

I'm trying to troubleshoot a problem with a new VPS i'm setting up.

The VPS is running Plesk 9 on a CentOS 5 system.

Everything works fine, except it doesn't serve dns requests.

If I try something like

nslookup [somedomain.com] the.ser.ver.ip

to test a DNS query, i get the following error

;; connection timed out; no servers could be reached

I can't telnet to it on port 42 either..

I'm guessing something is blocking the requests..

firewall maybe? the plesk firewall module is installed and the nameservers entry is green.

Any other way I can check what's blocking it on the server?

Any help/tip greatly appreciated.

Note: http works, i can telnet to the server on port 80 and i can also ping the server

Thanks