I am currently experiencing the problem that my freeradius installation with the kerberos5 module does not like my rcache. It spits this error when authenticating.
ERROR: (0) krb5: Error verifying credentials (-1765328174): Generic preauthentication failure
According to Kemptechnologies this error code means the rcache format is not supported.
-1765328174
KRB5_RCACHE_BADVNO
Unsupported replay cache format version number
I tried to disable rcache by using the information provided by MIT.
http://web.mit.edu/kerberos/krb5-devel/doc/basic/rcache_def.html
Setting KRB5RCACHETYPE to none to disable it, setting it to dfl and setting the KRB5RCACHEDIR to /tmp but freeradius seems to not like any option.
Can anyone tell me how i have to format the rcache so that freeradius is able to read it?
Related
I am trying to authenticate user using FormLoginHandler and Postgresql Database with SqlAuthentication.
But I get the following error:
Jun 15, 2022 1:14:34 PM io.vertx.ext.web.RoutingContext
SEVERE: Unhandled exception in router
io.vertx.ext.web.handler.HttpException: Unauthorized
Caused by: io.vertx.core.impl.NoStackTraceThrowable: Invalid username/password
I am providing the right credentials.
The code snippet is:
SqlAuthenticationOptions sauthopts = new SqlAuthenticationOptions();
sauthopts.setAuthenticationQuery(AUTHENTICATE_QUERY);
SqlAuthentication authenticationProvider = SqlAuthentication.create(sqlClient, sauthopts);
router.route("/secure/*").handler(RedirectAuthHandler.create(authenticationProvider, "/login.html"));
FormLoginHandler formLoginHandler = FormLoginHandler.create(authenticationProvider);
router.route("/loginhandler").handler(formLoginHandler);
Please let me know if I am missing something here; or point me to a sample example.
Thanks in Advance.
Your setup doesn't show anything abnormal at first sight. For security reasons, we cannot "just" log the authentication data, as it would be a critical OWASP bug and security vulnerability.
My best guess is that probably is something not totally correct with the query, so this means you have now 2 options:
debug the application and see the query that is being sent + the arguments
prepare a small complete example that shows the bug and open an issue in vert.x so we can debug it further.
If you're upgrading from an older version, be aware that in vert.x 4.2.0 some changes were made to the base64 encoding to keep it consistent across modules. This could be a reason why authentication could fail as the encoded hashes may be slightly different. If you're just doing 4.3.0 from the start, then this would not be a problem.
I have an issue in a yocto based embedded linux system. I have tracked it down to an interaction between dbus and SELinux, and using dbus-monitor I can see the following error:
error time=1621869986.514891 sender=org.freedesktop.DBus -> destination=:1.4 error_name=org.freedesktop.DBus.Error.AccessDenied reply_serial=69729
string "An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_return", sender=":1.4" (uid=0 pid=905 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.6390" (uid=0 pid=14426 comm="/opt/metix-embedded/metix-wg-ui " label="system_u:system_r:init_t:s0")"
However, there is no 'AVC denied' error in the audit log, so I cannot use audit2allow to determine an SELinux rule to allow the interaction.
How can I work out the SELinux rule I need from the dbus-monitor error?
Further research shows that dbus itself is an SELinux aware application. It is checking the SELinux configuration, and taking enforcement actions within dbus itself. This accounts for why the denials from dbus do not appear in the audit log, even when silent denials are turned off.
My particular issue was solved by adding some allow rules for 'send_msg' as follows:
allow init_t NetworkManager_t:dbus send_msg;
allow NetworkManager_t init_t:dbus send_msg;
Note that the 'init_t' and 'NetworkManager_t' types are derived from the dbus-monitor error.
Further information:
https://hub.packtpub.com/handling-selinux-aware-applications/
https://blog.siphos.be/2014/06/d-bus-and-selinux/
https://relativkreativ.at/articles/how-to-compile-a-selinux-policy-package
I currently have a server with freeradius version 2.2.8 integrated with daloradius 0.9-9. When I try to connect with any user added in daloradius I get the following error:
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
I wanted to know if you could give me give me about itç
Thanks
I bought a HotPi a while ago, and decided to use it. So I followed the procedure to configure the IR and after a few hours I was able to IR signals on my Raspberry 1.
But my purpose here is to send IR signals, which I tried, without any luck.
So this is the command I try to do (just for test):
irsend SEND_START devinput KEY_POWER ; sleep 3
And this is what lircd tells me:
lircd-0.9.4c[907]: Notice: accepted new client on /var/run/lirc/lircd
lircd-0.9.4c[907]: Info: Cannot configure the rc device for /dev/lirc0
lircd-0.9.4c[907]: Error: invalid send buffer
lircd-0.9.4c[907]: Error: this remote configuration cannot be used to transmit
lircd-0.9.4c[907]: Error: error processing command: SEND_START devinput KEY_POWER
lircd-0.9.4c[907]: Error: transmission failed
lircd-0.9.4c[907]: Info: removed client
Edit:
It seems I'm not using the good drivers. According to the HotPi documentation, I'm suppose to use lirc-rpi, which I'm suppos to install with
sudo modprobe lirc-rpi
Which, at least, doesn't return an error. But trying to configure the interface tells me that the driver doesn't exist:
pi#raspberrypi:~ $ mode2 --driver lirc-rpi --device /dev/lirc0
Driver `lirc-rpi' not found. (Missing -U/--plugins option?)
Available drivers:
accent
alsa_usb
asusdh
atilibusb
atwf83
audio
audio_alsa
awlibusb
bte
bw6130
commandir
creative
creative_infracd
default
devinput
dfclibusb
dsp
dvico
ea65
file
ftdi
ftdi-exp
ftdix
girs
i2cuser
irlink
irtoy
livedrive_midi
livedrive_seq
logitech
macmini
mouseremote
mouseremote_ps2
mp3anywhere
mplay
mplay2
pcmak
pinsys
pixelview
samsung
sb0540
silitek
slinke
sonyir
srm7500libusb
tira
tira_raw
udp
uirt2
uirt2_raw
usb_uirt_raw
usbx
zotac
Here is no info what lirc version you are using. There are vast differences between the legacy 0.9.0 still used in some distros and modern lirc.
That said, the logs seems pretty clear. You are using the devinput driver, right? This driver does not support sending data, reflecting the fact that also the kernel doesn't.
You then need to use another driver - first stop might be the default one. If/when using this other driver, you need another lircd.conf.
Please refer to http://lirc.org/html/configuration-guide.html
EDIT: Ah, lirc-0.9.4c says the log. Sorry, my bad. The reply should still be valid, though.
When you record the remote, use:
irrecord -d /dev/lirc0 -f name.conf
The -f uses raw mode. This then worked for me on the transmit side, before I got same error as you.
I'm using WordPress 3.5 with child-theme of Twenty Eleven 1.5. Suddenly I'm getting following Warning,
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'cp_admin_init' was given in /home/templ/public_html/wp-includes/plugin.php on line 406
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, '_canonical_charset' was given in /home/templ/public_html/wp-includes/plugin.php on line 173
I'm using following plugins:
download-manager 2.3.9
wordpress-seo 1.4.7
wp-pagenavi 2.83
Some more points:
1) If I'm giving mysite.com it's giving above 2 line warning. If I give www.mysite.com, the following line also include,
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-includes/pluggable.php on line 876
2) If I give mysite.com/wp-admin/ or www.mysite.com/wp-admin/, It's giving 1st warning and 3rd warning.
3) If I goto www.mysite.com/wp-login.php, It's giving following 5 warning.
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'cp_admin_init' was given in /home/templ/public_html/wp-includes/plugin.php on line 406
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, '_canonical_charset' was given in /home/templ/public_html/wp-includes/plugin.php on line 173
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-login.php on line 368
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-login.php on line 380
Warning: call_user_func_array() [function.call-user-func-array]: First argument is expected to be a valid callback, 'wp_authenticate_spam_check' was given in /home/templ/public_html/wp-includes/plugin.php on line 173
4) If I give correct username and password, it's not going to login. giving following problem,
ERROR: Invalid username or incorrect password.
ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.
I'm trying to find solution. I can't. Can any-one help me?
This sounds like a corrupted install. So you have a few options to fix this:
Attempt to get logins operational again and doing an upgrade though the wp-admin: Explained Below.
Do a manual Update: http://codex.wordpress.org/Updating_WordPress#Manual_Update
But First: Make a Backup
Please be sure to backup your install! Before proceeding: http://codex.wordpress.org/WordPress_Backups
Getting Logins Working: Masking the symptoms
First I would disable debugging output because that should fix most of these issues. When a warning occurs in Wordpress, PHP starts writing the response body and closes the header section of the response. This means that whenever Wordpress tries to add another header after the original warning was raised, PHP will raise another warning:
Warning: Cannot modify header information - headers already sent by (output started at /home/templ/public_html/wp-includes/plugin.php:406) in /home/templ/public_html/wp-login.php on line 380
So if we disable debugging then we should be able to mask the symptoms. This is a quick patch for a larger problem that we will have to solve with an in-place upgrade
To Disable Debugging
Ensure that the following constants exist and are set correctly is in your wp-config.php file
define('WP_DEBUG', false);
and
define('WP_DEBUG_DISPLAY', false);
Now you should be able to login to your site as an administrator without errors.
Disable your Plugins
Disable all your plugins in Plugins -> Installed Plugins This is imperative so that we can make sure that the update goes smoothly.
Do an Update
Go to Dashboard -> Updates and click either Update Now or Re-install Now
Reactivate your Plugins
Reactivate all your plugins in Plugins -> Installed Plugins and update them if necessary.
That's It
That's the process for reinstalling Wordpress. The key here is that you have Debugging enabled on a production site which is not good. You should always have WP_DEBUG and WP_DEBUG_DISPLAY set to false in a production environment.