Ok I know the password, I know the account, and I know it has ssh access but I keep getting access denied.
Problem is you have exceeded the failed logins set in /etc/ssh/sshd.conf If it is set at 0,1, or 2 it is kind of low (depends on how secure you want it) go ahead and up it to 4 - 6 or so, probably not a good idea to set higher.
Also check your pam_tally or pam_tally2 and see how many fails are listed for the ssh user.
#pam_tally --user sshguy or pam_tally2 --user sshguy
to reset the tally
pam_tally --reset --user sshguy or pam_tally2 --reset --user sshguy
I believe the pam_tally will also affect user logging in at the console as well.
Saturday, October 8, 2011
Why Won't my Drive Mapping Policy Work?
Running W2K3 AD and my drive mapping policy would not work.
Turns out due diligence in following our security checklist caused it.
The checklist said to remove read for 'USERS' from
windows\system32\net.exe
How is that for a denial of service?
Re-added read for 'users' and then went home.
Turns out due diligence in following our security checklist caused it.
The checklist said to remove read for 'USERS' from
windows\system32\net.exe
How is that for a denial of service?
Re-added read for 'users' and then went home.
Why won't my Windows Systems Keep the right time? Maybe it's a VMware setting??
I could not add user to local admin group on aW2K8 Member Server. Kept getting system error 5 time sync.
Found that server was authenticating with DC2 whose time was not in sync with DC1, so AD replication was degraded. Reset time on DC2 but it kept reverting to a different time.
Did I mention these are Virtual Servers on VmWare?
Found that DC2 was set in VM tool options to get time from VmWare host not DC1. Fixed that and fixed replication and then was able to add users to local admin group on W2K8 server.
Found that server was authenticating with DC2 whose time was not in sync with DC1, so AD replication was degraded. Reset time on DC2 but it kept reverting to a different time.
Did I mention these are Virtual Servers on VmWare?
Found that DC2 was set in VM tool options to get time from VmWare host not DC1. Fixed that and fixed replication and then was able to add users to local admin group on W2K8 server.
Why won't the ESRI SDE Service Start
What the heck, can't start the SDE service on one of the RHEL 5.x GEO Servers, pisses me off when I have to work.
Fix
giomgr_esri_sde.log was full, apparently has 2Gig or so limit. Renamed old log and restarted SDE service. You can safely delete old log. Log is located at $SDEHOME/etc
Fix
giomgr_esri_sde.log was full, apparently has 2Gig or so limit. Renamed old log and restarted SDE service. You can safely delete old log. Log is located at $SDEHOME/etc
VSphere Client Installation Fails throws .NET error
Could'nt get VSPHERE Client to install on Windows XP. Error was for .NET 3.0sp1 code 1601 or 1603.
Fix: install .Net v3.5
Ref: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010723
Fix: install .Net v3.5
Ref: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010723
Friday, October 7, 2011
Why Can't I get System Mail
RHEL 5.7
While configuring logwatch I found I was not getting any system mail.
# mail
Result: no mail for root
Even when I sent a message I got nadda
I had errors of these sorts in /var/log/maillog (system is offline so these are paraphrased)
p97Hblahblah: to=root, delay=00:00:00, xdelay=blah, mailer=relay, , pri=blah, relay=[127.0.0.1], dsn=5.0.0, stat=Service unavailable
and
My unqualified host name (localhost) unknown; sleeping for retry
After several hours of Googlin-around I stumbled on a simple hint to fix both error types:
Fix the host file
So I did
On the line where your loopback IP is listed (the top entry) make sure your system hostname and localhost.localdomain are listed
127.0.0.1 local localhost.localdomain my-hostname
Restart sendmail and errors were gone. Also fixed the extremely slow sendmail service start up, was waiting 5+ minutes now it starts right up.
While configuring logwatch I found I was not getting any system mail.
Result: no mail for root
Even when I sent a message I got nadda
I had errors of these sorts in /var/log/maillog (system is offline so these are paraphrased)
p97Hblahblah: to=root, delay=00:00:00, xdelay=blah, mailer=relay, , pri=blah, relay=[127.0.0.1], dsn=5.0.0, stat=Service unavailable
and
My unqualified host name (localhost) unknown; sleeping for retry
After several hours of Googlin-around I stumbled on a simple hint to fix both error types:
Fix the host file
So I did
On the line where your loopback IP is listed (the top entry) make sure your system hostname and localhost.localdomain are listed
127.0.0.1 local localhost.localdomain my-hostname
Restart sendmail and errors were gone. Also fixed the extremely slow sendmail service start up, was waiting 5+ minutes now it starts right up.
Subscribe to:
Comments (Atom)