similar to: Connected client unaffected by group/user/share change

A Samba server I've configured uses the VFS acl_xattr module to support Windows ACLs. I'd like to view the ACL data, in as raw a state as possible, but also in a human readable format. Is there an existing utility that does that? If not, and I need to write an application to accomplish it, which APIs would you recommend (and on which attributes)? Thanks,Steve Tice

Can anybody provide the expected response to an SMB2 CREATE request that includes ACCESS_SYSTEM_SECURITY in the DesiredAccess mask? I?m particularly interested in cases where the SMB client is connected as an authenticated user with administrative (superuser) privileges on the share, and has made the request on a directory. Should such a client expect full (read/change) access to the SACL (under

Hi Daminan! Hmmm... thought about a little... when i use -vvv with ssh-keygen -Qf i see "debug1:..." So i think, debug is compiled in. ssh-keygen --help gives me ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... so... option -z is not the serial of the certificate, it is the version-number of the KRL-File... My openssh-Verision from Debian is

Ok, so I think I have a complete explanation for the difference between the *BSD behaviour and the Linux/Solaris behaviour. Well, almost complete :) Pull out your trusty copies of "The Design and Implementation of the 4.4BSD Operating System" as well as "Unix Internals: The New Frontiers". Specifically, pages 111-112 and 344 of the former and page 108 of the latter. It comes

First of all, I am french. My english is not very good and i am sorry for this ;). One month ago, I have upgrade my server in debian Etch (it was in debian sarge). So now, samba is in 3.0.24 version. My server use samba and ldap. Since this upgrade, i have some problems with cpu loading when the users log on the samba domain (smbd and slapd services). I have take a look at samba log but i

https://bugzilla.mindrot.org/show_bug.cgi?id=3659 Bug ID: 3659 Summary: Certificates are ignored when listing revoked items in a (binary) revocation list Product: Portable OpenSSH Version: 9.2p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5

Good time of the day! My English is not very good, excuse me if I said something wrong. I use dovecot-2.1.16 on Gentoo Linux amd64. I need to setup dovecot (imap and pop3) for SSL and non-SSL connection simultaneously. For SSL connections client must submit a valid SSL certificate. Now SSL part of dovecot.conf looks like this: ----------------- ssl = yes ssl_cert =

This is the first time is happening... and It happens consecutively with all the hosts. Fresh kickstarted host (never set up before the name so its not on the revocation list), I just run puppetd -tv (we have autosign on), I just get the output below: [root@server182 puppet]# puppetd -tv info: Creating a new SSL key for server182.domain.com warning: peer certificate won''t be verified in

Hi, I am trying to bootstrap a new agent from my master node as below. puppet node_aws bootstrap \ --region us-east-1 \ --image ami-cc5af9a5 \ --login root \ --keyfile /root/.ssh/private.pem \ --install-script=puppet-enterprise \ --installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \ --installer-answers=/usr/local/puppet/agent.txt \ --keyname icos-client \ --type t1.micro Node is created

I have a problem I can''t figure out. I was having cert problems with a host - it seemed to have multiple host names (mot likely from dns changes in the past) and all the certs were valid. Although it was giving an error about a cert I could not identify. So I tried: puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up -

Hi there! What am I doing wrong? I created a ssh-certificate id_user_rsa-cert.pub with this dump: id_user_rsa-cert.pub: root at host # ssh-keygen -Lf id_user_rsa-cert.pub ??????? Type: ssh-rsa-cert-v01 at openssh.com user certificate ??????? Public key: RSA-CERT SHA256:kPitwgxblaUH4viBoFoozSPq9Pblubbedk ??????? Signing CA: ED25519 SHA256:8p2foobarQo3Tfcblubb5+I5cboeckvpnktiHdUs ??????? Key ID:

Hello, I''m having trouble between the client and the master. Please help! *root@r3:~# puppet agent --test* Info: Caching certificate for r3.pb Info: Caching certificate_revocation_list for ca Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed:

Hi, I have this problem: when I make a new request and sign the client''s certificate, then i get a "revoked certificate" error: err: Could not retrieve catalog from remote server: sslv3 alert certificate revoked I am using same version of puppet on master and clients, tried many times, dates are the same, and cleaned the "ssl" directory. Can someone help me?

Unfortunately this does not work. Example: Yes, when i give it a few Days, the client will retrieve the actual crl faster. But the auth still works. I have tried it. I revoked an cert. Installed a new win10 client and joined the domain. After login with the revoked p12 cert on a yubikey, i can see he queries the CDP and still allows the login. With certutil and a cert in DER format, i tried

Folks -- I am attempting to retrieve a new certificate on a Puppet client whose certificate was revoked on the Puppet master. The original certificate was revoked using the command: # puppet cert --revoke el5-puptest-2.localdomain I have deleted the /var/lib/puppet/ssl directory on the client, and issued the following command: # puppet agent --test --waitforcert=20 This produces the

Hi. Is it possible to make a virtual disk unaffected by snapshots just like writethrough disks in VBox? I tried raw with shareable flag, but snapshot creation fails with: "internal snapshot for disk vdb unsupported for storage type raw".

Hi Rowland, I get below error while running the script again. bash samba-collect-debug-info.sh > samba-output kinit: Client's credentials have been revoked while getting initial credentials cat samba-output Please wait, collecting debug info. Wrong password or kerberos REALM problems, exiting now. Below is my /etc/krb5.conf [libdefaults] default_realm = EMEA.MEDIA.GLOBAL.LOC

hello dovecot community, question; if my user database and dovecot installation is currently setup to use plain login passwords, and i want to convert to cram-md5, after i configure dovecot accordingly and reset passwords into cram-md5, if anyone uses plain login method again in the future, will it still work? or must they always from this point on use encrypted passwords? Thanks. -- Thanks,

Hi, I have a puppet master and agent installed. I want to generate and configure master-agent certificate and followed the steps: Master: ========== 1. Cleaned up all certificate on Master: [root@puppet-server manifests]# puppet cert sign --all No waiting certificate requests to sign [root@puppet-server manifests]# puppet cert clean --all notice: Revoked

I have sssd configured and working with my domain member server and I now wish to grant the SeDiskOperatorPrivilege to the "MYDOMAIN\Domain Admins" group. When I execute the command it appears to disregard the domain name and grant the privileges to the group "Unix Group\domain admins" net rpc rights list accounts -U'MYDOMAIN\administrator' Enter