similar to: Set a domain name instead of an ip address into tls certificate

Hello all, I am doing some tests with Windows 7 and a Samba Domain, but into a working SAMBA domain, where windows XP joins without problems, when i try with 7 i recieve an error like "The trust relationship between this workstation and the primary domain failed.". I use OpenSuSE 11.3 with samba 3.5.4-5.1.2 and openldap 2.4.21-9.1. My config of samba: [global] workgroup =

netstat -lptu gives me tcp6 0 0 [::]:16514 [::]:* LISTEN 1314/libvirtd so the server is correctly listening on interfaces. My /etc/libvirt/libvirtd settings are defaulted. My /etc/default/libvirt-bin has "-d -l" options so server is listening. If I do virsh -c qemu://143.225.229.190/system (that is my ip or an ip belonging to my network) I

Yes, you are right. Listen, as the documentation is not very exaustive, can you explain briefly to me how a guest agent works? After installing it via the apt-get on the hypervisor (I am using ubuntu as host system) how can I create a script which would do this? That is waiting for an acpi signal and actually shut down the guest. And what other operation can you actually do with a guest agent? I

Hi, I'm running fedora core rel. 1 on a dual system, using syslinux on a floppy disk as boot manager to start fedora. However, after up2date, I can't start fedora with the new kernel, as syslinux probably points to the old one. Kernel installation was done automatically via rpm (up2date online), but it didn't change syslinux parameters. What do I need to change in syslinux config

Hello, I need to get how much memory is used by a guest system, in order to implement some monitoring function which tells me if the system is overstressed. I am currently using java apis and the binding which was suggested to me was Domain.memoryStats(); This is a binding to int virDomainMemoryStats (virDomainPtr<http://libvirt.org/html/libvirt-libvirt.html#virDomainPtr>dom,

Another strange thing. I tried, in order to solve this, to put my hostname as listening address. I started with the ip, 192.168.2.2, and it works. I then decided to use the domain name, pasquale-Dell, but the socket is not created. Looking into logs it seems it tries to resolve the name, without success. After a lot of tries it just decides to give up. However, in file /etc/hosts the resolution is

Fedora Core 7 has just updated their Ruby package (was 1.8.6.36-3.fc7, is now 1.8.6.110-3.fc7), and the upgrade broke my Puppet installation, and there was a similar report from someone else. Communications between the puppetmasterd and the puppetd running on the same host broke down with the message: Could not retrieve configuration: Certificates were not trusted: hostname not match with

I am seeing that migrate() function is blocking, isn't there a non blocking function with a callback associated to it, so to report events like end migration, migration progress (job domain info informations) and so on? Pasquale -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hello, how can I programmatically get the vm which is currently using a storage volume? I looked at the apis but I can't find anything about it. Pasquale

I set up my certificates, ca client and server, as described in your documentation: http://wiki.libvirt.org/page/TLSCreateServerCerts. I followed it step by step so it must be ok. However, when I run virsh -c qemu://192.168.1.2/system and I try a command like list --all I get: error: impossible connect to the hypervisor errore: no valid connection errore: Unable to set x509 CA certificate:

I have another problem. As in java bindings there is no way to obtain cpu stats I decided to use a python script. It gives me, for the guest domain, cpu time, system time and user time. Now, what does it mean cpu time? I though that it could be the overall cpu time given to this vm...but the sum doesn't add up: user_time+system_time != cpu_time. As I would need to get a %cpu usage, like

Hello! Does libvirt uses certificate pinning in tls? I want to setup a transparent proxy (mitmproxy) and can't do this even after I added mitmproxy ca certificate to the trusted certificates in ubuntu.

We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All

Hello, I'm looking into adding support for extracting the username from client certificate's rfc822Name (from the subjectAltName extension). The question I have is what would be the best approach to do this? Current implementation has a kind of clean code since it just goes through the subject name, extracting the values with X509_NAME_get_text_by_NID (while NID is obtained with

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

[please don't top post on technical lists. it is easier to follow conversation and less likely you forget answering a question if you reply to the questions in line] [please keep the conversation on the list - I've re-added libvirt-users] At Sat, 15 Mar 2014 10:15:15 +0100, Pasquale Dir wrote: > > I am on a kubuntu 13.10 x64, qemu version 1.5.0, guest uses kvm as emulator >

I am looking at the shutdown method, but if the guest system is a desktop system, like for example ubuntu, it just has the effect to show a box prompting the user for a shutdown/reboot/ and such. I could enter the guest and change this default behaviour and it actually works..but I'd like for a way to send a shutdown command without doing so. Is it possible?

Can someone help me understand the overall picture of SSL certificates in this scenario? I have a working dovecot/postfix/mysql server. It has a certificate. I now want to create a second, essentially duplicate configured server for use with replication. What is the relationship between the certificate and the hostname, or the DNS entry since the certs are created using the server?s domain

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Hi there, If I have a manifest with, say: node default { ..stuff.. } node mymachine { ..stuff.. } What would happen on mymachine: will the stuff in default be executed *as well as* the stuff in default, or only the stuff in mymachine? And, if the latter, should I move global stuff just to global scope outside of nodes? Thanks -Iwan