Kimmo Koivisto wrote:
Richard Megginson kirjoitti viestissään (lähetysaika Friday 03 March 2006 17:26):Does this help - http://directory.fedora.redhat.com/wiki/Howto:AdminServerLDAPMgmtNo, or I might not understand it correctly. Wiki says:"If you're not sure about your DNS and reverse DNS configuration, you should not use host based access, you should use IP address based access."And also:"If you want to just allow access from everywhere, just use "*" for the value of nsAdminAccessAddresses."I have done that and that was the situation when I wrote the first mail.I have client address 192.168.13.72, reverse DNS works. I also have address 192.168.19.12, which has no reverse DNS name.1. If I have nsAdminAccessAddresses=*nsAdminAccessHosts=*I get error messages that I appended to my message, only reverse DNS address works.2. If I have nsAdminAccessAddresses= nsAdminAccessHosts= (or I delete attributes) Admin server does not start. 3. If I have nsAdminAccessAddresses=* nsAdminAccessHosts= I cannot connect even if the reverse DNS is correct <error log> [Fri Mar 03 19:18:14 2006] [notice] Access Address filter is: * [Fri Mar 03 19:18:15 2006] [notice] Access Address filter is: *[Fri Mar 03 19:18:15 2006] [notice] Apache/2.0 configured -- resuming normal operations [Fri Mar 03 19:18:15 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:18 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:21 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:24 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected [Fri Mar 03 19:18:27 2006] [notice] [client 192.168.13.72] admserv_host_ip_check: Unauthorized host ip=192.168.13.72, connection rejected</error log>4. If I have nsAdminAccessAddresses= nsAdminAccessHosts=*I can connect from address with working reverse DNS, not with non-working-reverse DNS address.5. If I have nsAdminAccessAddresses=192.*.*.* nsAdminAccessHosts=*I can connect from address with working reverse DNS, not with non-working-reverse DNS address.6. If I have nsAdminAccessAddresses=192.*.*.* nsAdminAccessHosts= I cannot connect from any address.
This is a bug. For now, to make it work, specify nsAdminAccessHosts=and then for nsAdminAccessAddresses specify a pattern which _does not match_ the client IP address.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183925
Any ideas, how this should be done? I need no access control, connections should be allowed from anywhere.Regards Kimmo KoivistoHello I installed FDS 1.0.2 to the FC4 and tried to connect it with Admin console. I have set Host filter to * and Address filter to *. When I try to use admin console from client workstation which has working reverse DNS address, connection works. But when I try to connect from workstation without working reverse DNS, login fails: <error log> [Fri Mar 03 16:41:57 2006] [notice] Access Host filter is: * [Fri Mar 03 16:41:57 2006] [notice] Access Address filter is: * [Fri Mar 03 16:41:58 2006] [notice] Access Host filter is: * [Fri Mar 03 16:41:58 2006] [notice] Access Address filter is: * [Fri Mar 03 16:41:58 2006] [notice] Apache/2.0 configured -- resuming normal operations [Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12] admserv_host_ip_check: ap_get_remote_host could not resolve 192.168.19.12 [Fri Mar 03 16:44:06 2006] [warn] [client 192.168.19.12] admserv_host_ip_check: failed to get host by ip addr [192.168.19.12] - check your host and DNS configuration [Fri Mar 03 16:44:06 2006] [notice] [client 192.168.19.12] admserv_host_ip_check: Unauthorized host ip=192.168.19.12, connection rejected </error log> How to allow admin console connections to admin server from addresses that do not have working reverse DNS? Best Regards Kimmo Koivisto -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
