search for: sapphiresunday

...ls Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: trever at middleearth.sapphiresunday.org Please consider the following rules: oifname "ppp0" ip saddr { 10.0.0.0/23, 10.1.1.0/24 } counter packets 76 bytes 4704 masquerade oifname "ppp0" ip saddr 10.1.1.0/25 counter packets 0 bytes 0 masquerade oifname "ppp0" ip saddr 10.0.1.0/24...

...oss-checked this with our windows AD (same client) and I get an AES only ticket/key: <...> Ticket etype: aes256-cts-hmac-sha1-96, kvno 2 Ticket length: 2278 <...> Any other ideas? Bye, Marcel -----Ursprüngliche Nachricht----- Von: Trever L. Adams [mailto:trever at middleearth.sapphiresunday.org] Gesendet: Mittwoch, 19. August 2015 05:55 An: Ritter, Marcel (RRZE) <marcel.ritter at fau.de>; samba at lists.samba.org Betreff: Re: [Samba] Samba 4 DC - no AES kerberos tickets - only arcfour On 08/18/2015 02:28 PM, Ritter, Marcel (RRZE) wrote: > Hi, > > I’ve been running a s...

With a recent update, I started seeing this: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can't open file /etc/letsencrypt/live/SERVER/fullchain.pem: Permission denied 1 4 * * * vmail /usr/bin/doveadm expunge -A mailbox MAILBOXINQUESTION savedbefore 1w is one of the crontab entries I am seeing this for. Is there an option to keep doveadm

Citeren "Trever L. Adams" <trever at middleearth.sapphiresunday.org>: > With a recent update, I started seeing this: > > doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can't open file > /etc/letsencrypt/live/SERVER/fullchain.pem: Permission denied > > 1 4 * * * vmail /usr/bin/...

2015-07-04 1:04 GMT+02:00 Trever L. Adams < trever at middleearth.sapphiresunday.org>: > Hello, > > I have a DC that sits on a different subnet from the CUPS server that I > would like to use. I would rather not install CUPS on the DC. > > Is it possible to change the server name away from localhost for the > CUPS backend and have it connect to that oth...

...ng Kerberos or Kerberos/PAM. This needs to stay in place. Can anyone suggest how I might go about changing my setup to work? My current ldap setup is as follows (the directories, user id, etc are set statically in the configuration elsewhere): tls = yes hosts = MAILSERVER base = dc=middleearth,dc=sapphiresunday,dc=org ldap_version = 3 user_attrs = userPrincipalName=user user_filter = (&(objectClass=person)(|(mail=%u)(sAMAccountName=%u)(userPrincipalName=%u))) # For using doveadm -A: iterate_attrs = userPrincipalName=user iterate_filter = (objectClass=person) Thank you, Trever Adams -- "Seize t...

I am not sure how to get the symbols necessary, however the following is the backtrace (this is Fedora 19 latest everything): Jul 8 03:23:02 MX dovecot: auth: Fatal: block_alloc(2147483648): Out of memory Jul 8 03:23:02 MX dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5f437) [0x7f97a952f437] -> /usr/lib64/dovecot/libdovecot.so.0(+0x5f4fe) [0x7f97a952f4fe] ->

...Version: CVS (please indicate timestamp) Hardware: x86_64 OS: All Status: NEW Severity: major Priority: P5 Component: iptables Assignee: netfilter-buglog at lists.netfilter.org Reporter: trever at middleearth.sapphiresunday.org >From a script that works with plain iptables: iptables -A INPUT -i \!ppp0 -p udp --destination-port 53 -j ACCEPT # iptables-nft -A INPUT -i \!ppp0 -p tcp --destination-port 53 -j ACCEPT does not work! In part it yields: iifname "!ppp0" ip protocol tcp counter packets 0 bytes...

Hello, I have a DC that sits on a different subnet from the CUPS server that I would like to use. I would rather not install CUPS on the DC. Is it possible to change the server name away from localhost for the CUPS backend and have it connect to that other server to get the printers (load printers = yes) and print to that server? Must I have a CUPS installation on the DC? Thank you, Trever

Hi, > > Why don't you create a Member server with cups installed?. I suppose > that you have a gateway between both subnets, right? > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > https://wiki.samba.org/index.php/Samba_as_a_print_server > > With that, the cups server can authenticate the users using the DC > server and you just need to print

Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing

...from outside our system to give Reply-To into our system!"; ??? ?? ??? ??? ? ?? stop; ??? ??? } ??? } } Please, not the <% =@name -%> is just that this is from a puppet module I use to maintain these systems. It is the domain name for the mail system. An example would be .*@middleearth.sapphiresunday.org here. Thank you for any help in figuring this out. The reason I want a reject in the case of non-fetchmail email is to let users know if they try to do it (as many have multiple email accounts) and may try it. But in fetchmail cases, no need to leak to the outside world that users are doing f...

On 10/02/2017 07:00 PM, Anvar Kuchkartaev wrote: > Hello I just finished setting up FreeIPA with Dovecot + Postfix + Saslauthd. I can easily access to mails using imap via dovecot with gssapi authentication and postfix also delivering mails very well. But I cannot send email from postfix using gssapi authentication (plain and login authentication working fine) because saslauthd is not

On 1/24/19 10:07 AM, Per Jessen wrote: > > Sorry, I misunderstood. > > I rely on spamassasssin to deal with spam. > > > /Per > > You still led me to the correct solution. I use dspam. Occassionally some odd spams get through. Usually they are using this date trick (not that it fools dspam). The problem is the content is novel. So, I am using this to catch what cannot be

I have found source4/scripting/devel/chgtdcpass for adding the aes types to machines. I know you have to change the password of normal users. How do you fix this for krbtgt? Can you just change the password? Is there a recommended method? Thank you for any help, Trever -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type:

On 08/18/2015 02:28 PM, Ritter, Marcel (RRZE) wrote: > Hi, > > I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: > > # kinit testuser1 > testuser1 at S4DOM.TEST's Password: > > # klist -v > Credentials cache:

On 08/19/2015 12:02 AM, Ritter, Marcel (RRZE) wrote: > Hi Trever, > > things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: > > root at ubuntu1:~# kinit user09999 > user09999 at S4DOM.TEST's Password: > root at ubuntu1:~# klist -v > Credentials cache: FILE:/tmp/krb5cc_0 >

I had a completely working setup before. I upgraded, now I get: Error: 7LUaNYqHklG6EAAApwKjnA: sieve: execution of script (null) failed, but implicit keep was successful sieve = /home/vmail/%Ld/%Ln/.dovecot.sieve sieve_dir = /home/vmail/%Ld/%Ln/sieve (this was ~/sieve) I am not quite sure what is going on. Is anyone else seeing this? Any idea on what has changed? (I am not readily seeing it in

login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> These are the defaults, at least on a Fedora system. According to http://wiki2.dovecot.org/Variables, this should record for user at REALM when seeing the following Apr 30 18:08:40 TeaSet dovecot: auth: Debug: auth(user,...,<JhKid0v4bAAKAQG6>): username

> On 15 Jul 2019, at 18:11, Trever L. Adams via dovecot <dovecot at dovecot.org <https://dovecot.org/mailman/listinfo/dovecot>> wrote: > >/So, one of the problems I am seeing is that people are trying to fake />/users into revealing information by sending from an outside domain but />/with an internal reply to address and claiming to be administration, IT />/or what