similar to: Problems with login_log_format (possible bug?)

https://bugzilla.netfilter.org/show_bug.cgi?id=1303 Bug ID: 1303 Summary: nft improperly merges intervals Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi Trever, things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: root at ubuntu1:~# kinit user09999 user09999 at S4DOM.TEST's Password: root at ubuntu1:~# klist -v Credentials cache: FILE:/tmp/krb5cc_0 Principal: user09999 at S4DOM.TEST Cache version: 4 Server: krbtgt/S4DOM.TEST at

2015-07-04 1:04 GMT+02:00 Trever L. Adams < trever at middleearth.sapphiresunday.org>: > Hello, > > I have a DC that sits on a different subnet from the CUPS server that I > would like to use. I would rather not install CUPS on the DC. > > Is it possible to change the server name away from localhost for the > CUPS backend and have it connect to that other server to get

Citeren "Trever L. Adams" <trever at middleearth.sapphiresunday.org>: > With a recent update, I started seeing this: > > doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can't open file > /etc/letsencrypt/live/SERVER/fullchain.pem: Permission denied > > 1 4 * * * vmail /usr/bin/doveadm expunge -A

I am not sure how to get the symbols necessary, however the following is the backtrace (this is Fedora 19 latest everything): Jul 8 03:23:02 MX dovecot: auth: Fatal: block_alloc(2147483648): Out of memory Jul 8 03:23:02 MX dovecot: auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0x5f437) [0x7f97a952f437] -> /usr/lib64/dovecot/libdovecot.so.0(+0x5f4fe) [0x7f97a952f4fe] ->

With a recent update, I started seeing this: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can't open file /etc/letsencrypt/live/SERVER/fullchain.pem: Permission denied 1 4 * * * vmail /usr/bin/doveadm expunge -A mailbox MAILBOXINQUESTION savedbefore 1w is one of the crontab entries I am seeing this for. Is there an option to keep doveadm

I am using 2.0.8. Anonymous binds are no longer supported in the environment I am using. I need to change my userdb ldap setup to bind. I believe the ldap server does Kerberos (or can) authentication. My users are authenticating using Kerberos or Kerberos/PAM. This needs to stay in place. Can anyone suggest how I might go about changing my setup to work? My current ldap setup is as follows (the

https://bugzilla.netfilter.org/show_bug.cgi?id=1302 Bug ID: 1302 Summary: iptables v1.8.0 (nf_tables) has a problem inverting in-interface and maybe out Product: iptables Version: CVS (please indicate timestamp) Hardware: x86_64 OS: All Status: NEW Severity: major Priority:

Hi; There is likely a supported way around this problem, but it wasn't immediately apparent to me. So, I created the enclosed patch to fix my problem. What I would like to do is the following: - run samba in "security = domain" - not use trusted domains, but allow people to connect from other domains - not maintain a local encrypted password file for samba, but instead use our

Hello, I have a DC that sits on a different subnet from the CUPS server that I would like to use. I would rather not install CUPS on the DC. Is it possible to change the server name away from localhost for the CUPS backend and have it connect to that other server to get the printers (load printers = yes) and print to that server? Must I have a CUPS installation on the DC? Thank you, Trever

Hi, > > Why don't you create a Member server with cups installed?. I suppose > that you have a gateway between both subnets, right? > > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > https://wiki.samba.org/index.php/Samba_as_a_print_server > > With that, the cups server can authenticate the users using the DC > server and you just need to print

Hi everybody, I'm using SSL client certificates or checkpassword scripts to authenticate our users. If a user sent a client certificate from his smartcard my checkpasswort will ignore the password, if he does not sent a client certificate but uses his OTP-token then my checkwassword script will check wether the password is a correct one time password. My problem is: the AUTH_USER variable

Dear dovecot maintainers: I'm using SSL client certificates together with a checkpassword scripts to authenticate our users. My problem is: In the checkpassword script the AUTH_USER environment variable will either contain the username that was configured in the mailclient (if auth_ssl_username_from_cert=false) or the username from the certificate (if auth_ssl_username_from_cert=true). I

Hi, I'm attempting to proxy lmtp using director to hash to the same backend as pop3/imap. My pop3/imap users are of the form: username and my lmtp users are of the form: <username at domain> Where domain is fairly redundant but does carry some useful information. Now, I can proxy lmtp using user=%{username} and destuser=%{orig_user}, and this all appears to work correctly.

So, one of the problems I am seeing is that people are trying to fake users into revealing information by sending from an outside domain but with an internal reply to address and claiming to be administration, IT or what not. I can set up something that will reject if from is outside the domain by reply to is internal. The problem is in some setups, there are fetchmail setups. I do not want to

for nomal operations * login_log_format_elements = %r %m %k * login_log_format = %$: %s would be perfect because "proxy(h.reindl at thelounge.net)" contains the username *but* in case of auth errors "Disconnected (auth failed, 1 attempts in 2 secs)" does not show the username - hence currently there exists no way to avoid username double-logging in normal

I tried setting the "destuser" setting on the LMTP director as follows, to preserve the original envelope rcpt: protocol lmtp { auth_socket_path = director-userdb passdb { driver = ... override_fields = destuser=%{orig_user} } } The passdb driver would return the appropriate "user" for each alias. Suppose, for example, user1 has emails user1 at domain.tld,

http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig I didn't have time to look into the latest reported dsync replication bugs, but this release should have been done a long time ago already and I'm busy for next few days, so no more waiting. Things seem to be working quite well in general though. * acl: If public/shared

http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.6.tar.gz.sig I didn't have time to look into the latest reported dsync replication bugs, but this release should have been done a long time ago already and I'm busy for next few days, so no more waiting. Things seem to be working quite well in general though. * acl: If public/shared

Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing