Richard Megginson kirjoitti viestiss??n (l?hetysaika Friday 03 March 2006 17:26): > Does this help - > http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt > No, or I might not understand it correctly. Wiki says: "If you're not sure about your DNS and reverse DNS configuration, you should not use host based access, you should use IP address based access." And also: "If you want to just allow access from everywhere, just use "*" for the value of nsAdminAccessAddresses." I have done that and that was the situation when I wrote the first mail. I have client address 192.168.13.72, reverse DNS works. I also have address 192.168.19.12, which has no reverse DNS name. 1. If I have nsAdminAccessAddresses=* nsAdminAccessHosts=* I get error messages that I appended to my message, only reverse DNS address works. 2. If I have nsAdminAccessAddresses= nsAdminAccessHosts= (or I delete attributes) Admin server does not start. 3. If I have nsAdminAccessAddresses=* nsAdminAccessHosts= I cannot connect even if the reverse DNS is correct <error log> [Fri Mar 03 19:18:14 2006] [notice] Access Address filter is: * [Fri Mar 03 19:18:15 2006] [notice] Access Address filter is: * [Fri Mar 03 19:18:15 2006] [notice] Apache/2.0 configured -- resuming normal operations [Fri Mar 03 19:18:15 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:18 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:21 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:24 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:27 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected </error log> 4. If I have nsAdminAccessAddresses= nsAdminAccessHosts=* I can connect from address with working reverse DNS, not with non-working-reverse DNS address. 5. If I have nsAdminAccessAddresses=192.*.*.* nsAdminAccessHosts=* I can connect from address with working reverse DNS, not with non-working-reverse DNS address. 6. If I have nsAdminAccessAddresses=192.*.*.* nsAdminAccessHosts= I cannot connect from any address. Any ideas, how this should be done? I need no access control, connections should be allowed from anywhere. Regards Kimmo Koivisto > >Hello > > > >I installed FDS 1.0.2 to the FC4 and tried to connect it with Admin > > console. > > > >I have set Host filter to * and Address filter to *. When I try to use > > admin console from client workstation which has working reverse DNS > > address, connection works. > > > >But when I try to connect from workstation without working reverse DNS, > > login fails: > ><error log> > >[Fri Mar 03 16:41:57 2006] [notice] Access Host filter is: * > >[Fri Mar 03 16:41:57 2006] [notice] Access Address filter is: * > >[Fri Mar 03 16:41:58 2006] [notice] Access Host filter is: * > >[Fri Mar 03 16:41:58 2006] [notice] Access Address filter is: * > >[Fri Mar 03 16:41:58 2006] [notice] Apache/2.0 configured -- resuming > > normal operations > >[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12] > >admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.19.12 > >[Fri Mar 03 16:44:06 2006] [warn] [client 192.168.19.12] > >admserv_host_ip_check: failed to get host by ip addr [192.168.19.12] - > > check your host and DNS configuration > >[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12] > >admserv_host_ip_check: Unauthorized host ip=192.168.19.12, connection > >rejected > ></error log> > > > >How to allow admin console connections to admin server from addresses that > > do not have working reverse DNS? > > > >Best Regards > >Kimmo Koivisto > > > >-- > >Fedora-directory-users mailing list > >Fedora-directory-users at redhat.com > >https://www.redhat.com/mailman/listinfo/fedora-directory-users
