Admin console and reverse DNS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kimmo Koivisto wrote:

>Richard Megginson kirjoitti viestiss??n (l?hetysaika Friday 03 March 2006 
>17:26):
>  
>
>>Does this help -
>>http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmt
>>
>>    
>>
>
>No, or I might not understand it correctly.
>
>Wiki says:
>"If you're not sure about your DNS and reverse DNS configuration, you should 
>not use host based access, you should use IP address based access."
>
>And also:
>"If you want to just allow access from everywhere, just use "*" for the value 
>of nsAdminAccessAddresses."
>
>I have done that and that was the situation when I wrote the first mail.
>
>I have client address 192.168.13.72, reverse DNS works. I also have address 
>192.168.19.12, which has no reverse DNS name.
>
>1. If I have 
>nsAdminAccessAddresses=*
>nsAdminAccessHosts=*
>
>I get error messages that I appended to my message, only reverse DNS address 
>works.
>
>2. If I have
>nsAdminAccessAddresses=
>nsAdminAccessHosts=
>(or I delete attributes)
>Admin server does not start.
>
>3. If I have
>nsAdminAccessAddresses=*
>nsAdminAccessHosts=
>
>I cannot connect even if the reverse DNS is correct
><error log>
>[Fri Mar 03 19:18:14 2006] [notice] Access Address filter is: *
>[Fri Mar 03 19:18:15 2006] [notice] Access Address filter is: *
>[Fri Mar 03 19:18:15 2006] [notice] Apache/2.0 configured -- resuming normal 
>operations
>[Fri Mar 03 19:18:15 2006] [notice] [client 192.168.13.72] 
>admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
>rejected
>[Fri Mar 03 19:18:18 2006] [notice] [client 192.168.13.72] 
>admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
>rejected
>[Fri Mar 03 19:18:21 2006] [notice] [client 192.168.13.72] 
>admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
>rejected
>[Fri Mar 03 19:18:24 2006] [notice] [client 192.168.13.72] 
>admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
>rejected
>[Fri Mar 03 19:18:27 2006] [notice] [client 192.168.13.72] 
>admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection 
>rejected
></error log>
>  
>
>4. If I have
>nsAdminAccessAddresses=
>nsAdminAccessHosts=*
>
>I can connect from address with working reverse DNS, not with 
>non-working-reverse DNS address.
>
>5. If I have
>nsAdminAccessAddresses=192.*.*.*
>nsAdminAccessHosts=*
>
>I can connect from address with working reverse DNS, not with 
>non-working-reverse DNS address.
>
>6. If I have
>nsAdminAccessAddresses=192.*.*.*
>nsAdminAccessHosts=
>
>I cannot connect from any address.
>  
>
This is a bug.  For now, to make it work, specify
nsAdminAccessHosts=
and then for nsAdminAccessAddresses specify a pattern which _does not 
match_ the client IP address.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183925

>
>Any ideas, how this should be done? I need no access control, connections 
>should be allowed from anywhere.
>
>Regards
>Kimmo Koivisto
>
>
>  
>
>>>Hello
>>>
>>>I installed FDS 1.0.2 to the FC4 and tried to connect it with Admin
>>>console.
>>>
>>>I have set Host filter to * and Address filter to *. When I try to use
>>>admin console from client workstation which has working reverse DNS
>>>address, connection works.
>>>
>>>But when I try to connect from workstation without working reverse DNS,
>>>login fails:
>>><error log>
>>>[Fri Mar 03 16:41:57 2006] [notice] Access Host filter is: *
>>>[Fri Mar 03 16:41:57 2006] [notice] Access Address filter is: *
>>>[Fri Mar 03 16:41:58 2006] [notice] Access Host filter is: *
>>>[Fri Mar 03 16:41:58 2006] [notice] Access Address filter is: *
>>>[Fri Mar 03 16:41:58 2006] [notice] Apache/2.0 configured -- resuming
>>>normal operations
>>>[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
>>>admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.19.12
>>>[Fri Mar 03 16:44:06 2006] [warn] [client 192.168.19.12]
>>>admserv_host_ip_check: failed to get host by ip addr [192.168.19.12] -
>>>check your host and DNS configuration
>>>[Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12]
>>>admserv_host_ip_check: Unauthorized host ip=192.168.19.12, connection
>>>rejected
>>></error log>
>>>
>>>How to allow admin console connections to admin server from addresses that
>>>do not have working reverse DNS?
>>>
>>>Best Regards
>>>Kimmo Koivisto
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>      
>>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060303/d9052d14/attachment.bin 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux