Admin console and reverse DNS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Megginson kirjoitti viestiss??n (l?hetysaika Friday 03 March 2006 
17:26):
> Does this help -
> http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt
>

No, or I might not understand it correctly.

Wiki says:
"If you're not sure about your DNS and reverse DNS configuration, you should 
not use host based access, you should use IP address based access."

And also:
"If you want to just allow access from everywhere, just use "*" for the value 
of nsAdminAccessAddresses."

I have done that and that was the situation when I wrote the first mail.

I have client address 192.168.13.72, reverse DNS works. I also have address 
192.168.19.12, which has no reverse DNS name.

1. If I have 
nsAdminAccessAddresses=*
nsAdminAccessHosts=*

I get error messages that I appended to my message, only reverse DNS address 
works.

2. If I have
nsAdminAccessAddresses=
nsAdminAccessHosts=
(or I delete attributes)
Admin server does not start.

3. If I have
nsAdminAccessAddresses=*
nsAdminAccessHosts=

I cannot connect even if the reverse DNS is correct
<error log>
[Fri Mar 03 19:18:14 2006] [notice] Access Address filter is: *
[Fri Mar 03 19:18:15 2006] [notice] Access Address filter is: *
[Fri Mar 03 19:18:15 2006] [notice] Apache/2.0 configured -- resuming normal 
operations
[Fri Mar 03 19:18:15 2006] [notice] [client 192.168.13.72] 
admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
rejected
[Fri Mar 03 19:18:18 2006] [notice] [client 192.168.13.72] 
admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
rejected
[Fri Mar 03 19:18:21 2006] [notice] [client 192.168.13.72] 
admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
rejected
[Fri Mar 03 19:18:24 2006] [notice] [client 192.168.13.72] 
admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
rejected
[Fri Mar 03 19:18:27 2006] [notice] [client 192.168.13.72] 
admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
rejected
</error log>

4. If I have
nsAdminAccessAddresses=
nsAdminAccessHosts=*

I can connect from address with working reverse DNS, not with 
non-working-reverse DNS address.

5. If I have
nsAdminAccessAddresses=192.*.*.*
nsAdminAccessHosts=*

I can connect from address with working reverse DNS, not with 
non-working-reverse DNS address.

6. If I have
nsAdminAccessAddresses=192.*.*.*
nsAdminAccessHosts=

I cannot connect from any address.


Any ideas, how this should be done? I need no access control, connections 
should be allowed from anywhere.

Regards
Kimmo Koivisto


> >Hello
> >
> >I installed FDS 1.0.2 to the FC4 and tried to connect it with Admin
> > console.
> >
> >I have set Host filter to * and Address filter to *. When I try to use
> > admin console from client workstation which has working reverse DNS
> > address, connection works.
> >
> >But when I try to connect from workstation without working reverse DNS,
> > login fails:
> ><error log>
> >[Fri Mar 03 16:41:57 2006] [notice] Access Host filter is: *
> >[Fri Mar 03 16:41:57 2006] [notice] Access Address filter is: *
> >[Fri Mar 03 16:41:58 2006] [notice] Access Host filter is: *
> >[Fri Mar 03 16:41:58 2006] [notice] Access Address filter is: *
> >[Fri Mar 03 16:41:58 2006] [notice] Apache/2.0 configured -- resuming
> > normal operations
> >[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
> >admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.19.12
> >[Fri Mar 03 16:44:06 2006] [warn] [client 192.168.19.12]
> >admserv_host_ip_check: failed to get host by ip addr [192.168.19.12] -
> > check your host and DNS configuration
> >[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
> >admserv_host_ip_check: Unauthorized host ip=192.168.19.12, connection
> >rejected
> ></error log>
> >
> >How to allow admin console connections to admin server from addresses that
> > do not have working reverse DNS?
> >
> >Best Regards
> >Kimmo Koivisto
> >
> >--
> >Fedora-directory-users mailing list
> >Fedora-directory-users at redhat.com
> >https://www.redhat.com/mailman/listinfo/fedora-directory-users




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux