Re: [389-users] admserv_host_ip_check: ap_get_remote_host could not resolve

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Rich,

 

  I’ve got no nsAdminAccessHost lines in that config file, only a configuration.nsAdminAccessAddresses entry.

 

Cheers,

Brett

 

De : Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Envoyé : mercredi 8 février 2012 21:15
À : MATON Brett
Cc : General discussion list for the 389 Directory server project.
Objet : Re: [389-users] admserv_host_ip_check: ap_get_remote_host could not resolve

 

On 02/08/2012 12:09 PM, MATON Brett wrote:

Hi Rick,

 

  I restarted both dirsrv and dirsrv-admin, problem persists though.

ok - try this
service dirsrv-admin stop
edit /etc/dirsrv/admin-serv/local.conf - remove any nsAdminAccessHost lines
service dirsrv-admin start

 

 

 

De : Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Envoyé : mercredi 8 février 2012 16:39
À : General discussion list for the 389 Directory server project.
Cc : MATON Brett
Objet : Re: [389-users] admserv_host_ip_check: ap_get_remote_host could not resolve

 

On 02/08/2012 08:19 AM, MATON Brett wrote:

Thanks the update to the wiki solved the “wrong attribute type” error on nsAdminAccessHosts.

 

Configuration as it stands, with no nsAdminAccessHosts attribure:

 

# configuration, admin-serv-<host>, 389 Administration Server, Server Gro

up, <fqdn>, admins.unix, NetscapeRoot

dn: cn=configuration,cn=admin-serv-<host>,cn=389 Administration Server,cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot

nsServerPort: 9830

objectClass: nsConfig

objectClass: nsAdminConfig

objectClass: nsAdminObject

objectClass: nsDirectoryInfo

objectClass: top

nsClassname: com.netscape.management.admserv.AdminServer@xxxxxxxxxxxxxxxxx@cn=admin-serv-<host>,cn=389 Administration Server,cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot

cn: Configuration

nsDirectoryInfoRef: cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot

nsAdminAccessAddresses: *

nsSuiteSpotUser: nobody

nsAdminEnableDSGW: on

nsAdminCacheLifetime: 600

nsDefaultAcceptLanguage: en

nsServerAddress: 0.0.0.0

nsAdminOneACLDir: adminacl

nsErrorLog: /var/log/dirsrv/admin-serv/error

nsAdminUsers: /etc/dirsrv/admin-serv/admpw

nsPidLog: admin-serv.pid

nsAccessLog: /var/log/dirsrv/admin-serv/access

nsAdminEnableEnduser: on

nsServerSecurity: on

 

admin-serv/error log after restarting admin-serv (also tried restarting dirsrv / dirsrv-admin):

 

[Wed Feb 08 07:02:35 2012] [notice] caught SIGTERM, shutting down

[Wed Feb 08 07:02:36 2012] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0

[Wed Feb 08 07:02:37 2012] [notice] Access Host filter is: *

[Wed Feb 08 07:02:37 2012] [notice] Access Address filter is: *

[Wed Feb 08 07:02:38 2012] [notice] Apache/2.2.15 (Unix) mod_nss/2.2.15 NSS/3.12.9.0 configured -- resuming normal operations

[Wed Feb 08 07:02:38 2012] [notice] Access Host filter is: *

[Wed Feb 08 07:02:38 2012] [notice] Access Address filter is: *

[Wed Feb 08 07:03:07 2012] [notice] [client <client ip>] admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>

[Wed Feb 08 07:03:07 2012] [notice] [client <client ip>] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler

[Wed Feb 08 07:17:10 2012] [notice] [client <client ip>] admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>

[Wed Feb 08 07:17:10 2012] [notice] [client <client ip>] admserv_check_authz(): passing [/admin-serv/authenticate] to the userauth handler

[Wed Feb 08 07:17:17 2012] [notice] [client <client ip>] admserv_host_ip_check: ap_get_remote_host could not resolve <client ip>

 

I’m still getting the could not resolve notices, and noticed that the Access Host filter is still ‘*’, picking up a default somewhere?

(I don’t know why it can’t resolve either, nslookup / host can both resolve ip’s to hostnames and vice versa).

Did you restart the admin server after making this change?


 

Brett

 

 

From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Sent: 08 February 2012 00:57
To: MATON Brett
Cc: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] admserv_host_ip_check: ap_get_remote_host could not resolve

 

On 02/07/2012 03:23 PM, MATON Brett wrote:

Hi Rich,

 

  I tried this and got the following error :

 

Enter LDAP Password:

dn: cn=configuration,cn=admin-serv-<host>,cn=389 Administration Server,cn=

 Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot

changetype: modify

replace: nsAdminAccessAddresses nsAdminAccessHosts

nsAdminAccessAddresses: *

nsAdminAccessHosts:

 

ldapmodify: wrong attributeType at line 4, entry "cn=configuration,cn=admin-serv-<host>,cn=389 Administration Server,cn=Server Group,cn=<fqdn>,ou=admins.unix,o=NetscapeRoot"

 

Does this mean anything to you?

Yes, a typo on the wiki page.  I've updated the page.



 

Thanks,

Brett

De : Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Envoyé : mardi 7 février 2012 15:18
À : General discussion list for the 389 Directory server project.
Cc : MATON Brett
Objet : Re: [389-users] admserv_host_ip_check: ap_get_remote_host could not resolve

 

On 02/07/2012 01:05 AM, MATON Brett wrote:

How can I stop admin server from logging theses messages?

 

I realize from the console.conf file that the messages are created because HostnameLookups is Off.

My /etc/dirsrv.admin-serv/httpd.conf file has LogLevel set to warn, so why is it logging notice messages?

 

I’m probably overlooking some other configuration file somewhere.

 

Any help appreciated

 

As a side note, why is it whining about name resolution when the configuration specifically says Don’t do name lookups?

http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt




-------------------------------------------------------------------

GreeNRB
NRB considers its environmental responsibility and goes for green IT.
May we ask you to consider yours before printing this e-mail?  

NRB, daring to commit
This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.

 
 
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

 

-------------------------------------------------------------------

GreeNRB
NRB considers its environmental responsibility and goes for green IT.
May we ask you to consider yours before printing this e-mail?  

NRB, daring to commit
This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.

 

-------------------------------------------------------------------

GreeNRB
NRB considers its environmental responsibility and goes for green IT.
May we ask you to consider yours before printing this e-mail?  

NRB, daring to commit
This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.

 
 
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

 

-------------------------------------------------------------------

GreeNRB
NRB considers its environmental responsibility and goes for green IT.
May we ask you to consider yours before printing this e-mail?  

NRB, daring to commit
This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.

 

-------------------------------------------------------------------

GreeNRB
NRB considers its environmental responsibility and goes for green IT.
May we ask you to consider yours before printing this e-mail?  

NRB, daring to commit
This e-mail and any attachments, which may contain information that is confidential and/or protected by intellectual property rights, are intended for the exclusive use of the above-mentioned addressee(s). Any use (including reproduction, disclosure and whole or partial distribution in any form whatsoever) of their content is prohibited without prior authorization of NRB. If you have received this message by error, please contact the sender promptly by resending this e-mail back to him (her), or by calling the above number. Thank you for subsequently deleting this e-mail and any files attached thereto.

 
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux