I want to connect to Windows Active Directory from CentOS 7 with Samba, winbind.
Samba is already running but Winbind is not errored by following error at log.winbindd.
../source3/winbindd/winbindd_util.c:891(init_domain_list)
Could not fetch our SID - did we join?
I try "net -d 10 ads join -S dcserver -U poweruser" then get error log.
what parameter is Invalid? what parameter ddidn't I write in my config?
I don't know "dn" written in this log.
kerberos_kinit_password: as poweruser#DMNAME.OURCO.JP using [MEMORY:libnet_join_user_creds] as ccache and config [/var/lib/samba/lock/smb_krb5/krb5.conf.DMNAME]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gse_get_client_auth_token: Server principal not found
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT for ldap/dcserver failed (next[(null)]): NT_STATUS_INVALID_PARAMETER
Failed to setup SPNEGO negTokenInit request: NT_STATUS_INVALID_PARAMETER
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/dcserver with user[poweruser] realm=[DMNAME.OURCO.JP]: An invalid parameter was passed to a service or function.
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : 'MYCENTSV$'
netbios_domain_name : 'DMNAME'
dns_domain_name : 'dmname.OURCO.JP'
forest_name : 'dmname.OURCO.JP'
dn : NULL
domain_guid : 4b8db2c2-43fd-4008-be4f-66ad75c21c2d
domain_sid : *
domain_sid : S-1-5-21-1645522239-789336058-839522115
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: An invalid parameter was passed to a service or function.'
domain_is_ad : 0x01 (1)
set_encryption_types : 0x00000000 (0)
krb5_salt : NULL
result : WERR_NERR_DEFAULTJOINREQUIRED
Failed to join domain: failed to connect to AD: An invalid parameter was passed to a service or function.
return code = -1
msg_dgm_ref_destructor: refs=(nil)
I resolved by myself.
I didn't know but "dcserver" was alias of "dcserver-1" in Active Directory.
So It works after I replace it "dcserver-1" - net ads join -S dcserver-1 -U poweruser!
I guess maybe "dcserver-1" is specified in ldap config, but because I have no right of Active Directory Administration, so I'm not sure.
Thanks.
Related
Good Day!
PostgreSQL using flyway not able to create variable but using PostgreSQL client or command line its working well.
Below code is working well in client application [like DBeaver]
#set TEST = 'testing by us';
but when I add sql in flyway file its give error
#set TEST = 'testing by us';
SQL State : 42601 Error Code : 0 Message : ERROR: syntax error at or near "#" Position: 1
Location : db/migration/pgsql/_env/V1__zopn_obsolete.sql
(C:\workspace\zara-flyway\target\classes\db\migration\pgsql_env\V1__zopn_obsolete.sql)
Line : 1 Statement : #set TEST = 'testing by us'
Caused by: org.postgresql.util.PSQLException: ERROR: syntax error at
or near "#"
It seems that the ansible lookup plugin does not adhere to privilege escalation and it is not clear to me if this is by design.
I have looked for an answer to this, but though I have found many similar questions, I haven't yet seen one which seems to answers why the following playbook behaves like it does.
---
- hosts: localhost
become: 1
tasks:
- name: cat file
command: cat /home/bob/.ssh/id_rsa.pub
register: cat
- debug:
msg: |
dog: {{ cat.stdout }}
- name: add the variable
set_fact:
rsa_key: "{{ lookup('file', '/home/bob/.ssh/id_rsa.pub') }}"
delegate_to: localhost
The result of running this play is that the command module "works" while the lookup module does not:
PLAY [localhost] *************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cat file] **************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [debug] *****************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "dog: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCl+xAFC2hwsLaWvCEOFHEz96AU8ltF1fA8ZNQp9Mkl6FFZUEFu2rAl+imSXm+xAPrWhqOoLgkYZKq6qAsqG3SqSisrr4uHGdC4F/5NBlgR7OqfAU76VfJRmcq4F01caXBJVuciZ0EX7KQcC6ixNpZweLPoRDBNntDJnDKVIbx8h7w3qAYRbYOsLv6OT7BLgldSrJSOYBOJ0/SLZIUDAvewPnPppkwZgMAMV12bXHzn5Imsn9S6K5riZ/n3oenOgW787w5XQI0xKsxO6g4NjzciMELafXfoq07+Gz53NMyo9/DHag2w8y6m+Js4axazMFFgcnS3Hrbc/tSejvarEynEktN1/+JTu8eEdKxtZYr2ez55SW+MOxZr14isQJDc0btduO4yJfXvJ6KooULVbqZyVnmun6pKgecsCDTy6kYQVV0oJgpixiquoLAMPN+nKzufaSgGTRbKnQuf+7w6X94ci3iIkpS7qxvQsZ/P61q7uQjhtsmG6qsk6/M9nIruJY0= ansible-generated on rh1.local.home\n"
}
TASK [add the variable] ******************************************************************************************************************************************************************************************************************************************************
[WARNING]: Unable to find '/home/bob/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/bob/.ssh/id_rsa.pub"}
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I'm running this under a user, which is NOT "bob", and with become_user = root and become_method = sudo. Any ideas or a confirmation that indeed the lookup plugin ignores privilege escalation statements, would be appreciated.
Looking into to the actually code and commands to be found for the standard plugins for ansible I found this:
As all lookups, this runs on the Ansible host as the user running the playbook, and "become" does not apply, the target file must be readable by the playbook user, or, if it does not exist, the playbook user must have sufficient privileges to create it. (So, for example, attempts to write into areas such as /etc will fail unless the entire playbook is being run as root).'
Inside the password plugin. Hence, lookup plugins indeed ignore "become" escalation directives and hence it is "by design" this behavior though I find it rather counter intuitive, not well documented, and dislike it since it forces me to write ugly code to get around it ;-).
I am having troubles when trying to upgrade my Portable Msys2 under Win 10 with pacman -Syuu, as detailed below.
I did this before with no problem.
What could the problem and solution be?
$ pacman -Syuu
:: Synchronizing package databases...
mingw32 is up to date
mingw64 is up to date
msys is up to date
:: Starting core system upgrade...
there is nothing to do
:: Starting full system upgrade...
warning: grep: downgrading from version 3.1-1 to version 3.0-2
warning: libgc: downgrading from version 8.0.0-1 to version 7.6.8-1
warning: mingw-w64-x86_64-binutils: downgrading from version 2.31.1-2 to version 2.30-5
:: Replace mingw-w64-x86_64-minizip with mingw64/mingw-w64-x86_64-zlib? [Y/n] y
:: Replace mingw-w64-x86_64-vulkan with mingw64/mingw-w64-x86_64-vulkan-loader? [Y/n] y
resolving dependencies...
looking for conflicting packages...
Packages (217) autogen-5.18.16-1 bison-3.3.2-1 brotli-1.0.7-1 ca-certificates-20180409-1 cmake-3.13.2-1 curl-7.64.0-2 diffutils-3.7-1 doxygen-1.8.15-1
...
Total Download Size: 1400.65 MiB
Total Installed Size: 9648.15 MiB
Net Upgrade Size: 261.06 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from repo.msys2.org : Operation too slow. Less than 1 bytes/sec transferred the last 10 seconds
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from sourceforge.net : SSL certificate problem: unable to get local issuer certificate
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from www2.futureware.at : Operation too slow. Less than 1 bytes/sec transferred the last 10 seconds
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from mirror.yandex.ru : SSL certificate problem: unable to get local issuer certificate
warning: failed to retrieve some files
error: failed to commit transaction (download library error)
Errors occurred, no packages were upgraded.
As per this, my repo configuration seems to be ok:
$ pacman-conf.exe
[options]
RootDir = /
DBPath = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
HookDir = /etc/pacman.d/hooks/
GPGDir = /etc/pacman.d/gnupg/
LogFile = /var/log/pacman.log
HoldPkg = pacman
Architecture = i686
CheckSpace
UseDelta = 0.000000
CleanMethod = KeepInstalled
SigLevel = PackageRequired
SigLevel = PackageTrustedOnly
SigLevel = DatabaseOptional
SigLevel = DatabaseTrustedOnly
LocalFileSigLevel = PackageOptional
LocalFileSigLevel = PackageTrustedOnly
[mingw32]
Usage = All
Server = http://repo.msys2.org/mingw/i686/
Server = https://sourceforge.net/projects/msys2/files/REPOS/MINGW/i686/
Server = http://www2.futureware.at/~nickoe/msys2-mirror/mingw/i686/
Server = https://mirror.yandex.ru/mirrors/msys2/mingw/i686/
[mingw64]
Usage = All
Server = http://repo.msys2.org/mingw/x86_64/
Server = https://sourceforge.net/projects/msys2/files/REPOS/MINGW/x86_64/
Server = http://www2.futureware.at/~nickoe/msys2-mirror/mingw/x86_64/
Server = https://mirror.yandex.ru/mirrors/msys2/mingw/x86_64/
[msys]
Usage = All
Server = http://repo.msys2.org/msys/i686/
Server = https://sourceforge.net/projects/msys2/files/REPOS/MSYS2/i686/
Server = http://www2.futureware.at/~nickoe/msys2-mirror/msys/i686/
Server = https://mirror.yandex.ru/mirrors/msys2/msys/i686/
Related:
https://github.com/msys2/MINGW-packages/issues/1887
https://bbs.archlinux.org/viewtopic.php?id=199693
https://sourceforge.net/p/msys2/discussion/general/thread/8427aab0/
EDIT
It was suggested in a comment that I execute pacman-mirrors ...
There seems to be no such executable in my system (either script, alias, etc.)
On the other hand, it seems I already have pacman-mirrors, and that it does not provide any executable (at least in msys2). Is this correct?
$ updatedb
$ locate pacman-mirrors
/var/cache/pacman/pkg/pacman-mirrors-20180604-2-any.pkg.tar.xz
/var/lib/pacman/local/pacman-mirrors-20180604-2
/var/lib/pacman/local/pacman-mirrors-20180604-2/desc
/var/lib/pacman/local/pacman-mirrors-20180604-2/files
/var/lib/pacman/local/pacman-mirrors-20180604-2/mtree
$ pacman -Ql pacman-mirrors
pacman-mirrors /etc/
pacman-mirrors /etc/pacman.d/
pacman-mirrors /etc/pacman.d/mirrorlist.mingw32
pacman-mirrors /etc/pacman.d/mirrorlist.mingw64
pacman-mirrors /etc/pacman.d/mirrorlist.msys
$ pacman --needed -S bash pacman pacman-mirrors msys2-runtime
warning: bash-4.4.023-1 is up to date -- skipping
warning: pacman-5.1.2-2 is up to date -- skipping
warning: pacman-mirrors-20180604-2 is up to date -- skipping
warning: msys2-runtime-2.11.2-1 is up to date -- skipping
You can disable the timeout of pacman with the parameter --disable-download-timeout. Then you should be able to download
http://repo.msys2.org/mingw/x86_64/mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz
It's described on the man-page for pacman.
Also --gpgdir to Specify a directory of files used by GnuPG to verify package signatures might be useful.
Additional you can consider using the parameter --noconfirm
to bypass any and all “Are you sure?” messages.
About the certificates I'm not sure, perhaps the local paths are not configured correctly. Nevertheless you've two domains, that still serve by http.
In browser the download works btw. it just has finished, the screenshot is still showing the download in progress:
I've also faced this problem but I got the solution: Open Add or Remove Softwares and go to Preferences and then change your official repositories to Canada then Refresh mirror lists
It may work now
The following were the steps I used to solve the problem;
sudo nano /etc/pacman.d/mirrorlist (to open the mirror list on manjaro or any arch based distro)
In the mirror list, all the source servers will be active. Put a hash at the beginning of each line of a selected active server to prevent the server from being contacted during the download process. You don't need all of the servers to be active, so only allow countries close to you and place a hash in front of all other servers that aren't.
## Generated on 2022-08-16 12:13
##
## Please use 'pacman-mirrors -f [NUMBER] [NUMBER]' to modify mirrorlist
## (Use 0 for all mirrors)
##
## Country : Poland
# Server = https://mirror.tuchola-dc.pl/manjaro/stable/$repo/$arch
## Country : Hungary
# Serve<p>r = http://mirror.infotronik.hu/mirrors/pub/manjaro/stable/$repo/$arch
## Country : Germany
Server = http://ftp.tu-chemnitz.de/pub/linux/manjaro/stable/$repo/$arch
## Country : Brazil
# Server = http://linorg.usp.br/manjaro/stable/$repo/$arch
## Country : Costa_Rica
# Server = https://mirrors.ucr.ac.cr/manjaro/stable/$repo/$arch
## Country : Australia
Server = http://mirror.ventraip.net.au/Manjaro/stable/$repo/$arch
## Country : Australia
Server = http://mirror.ventraip.net.au/Manjaro/stable/$repo/$arch
## Country : Germany
Server = http://ftp.rz.tu-bs.de/pub/mirror/manjaro.org/repos/stable/$repo/$arch
## Country : Germany
Server = https://repo.rhindon.net/manjaro/stable/$repo/$arch
## Country : Brazil
#Server = https://manjaro.c3sl.ufpr.br/stable/$repo/$arch
## Country : United_States
Server = https://mirror.math.princeton.edu/pub/manjaro/stable/$repo/$arch
## Country : Poland
#Server = http://mirror.chmuri.net/manjaro/stable/$repo/$arch
## Country : China
#Server = https://mirrors.sjtug.sjtu.edu.cn/manjarostable/$repo/$arch
## Country : China</p>
#Server = https://mirrors.ustc.edu.cn/manjaro/stable/$repo/$arch
## Country : Germany
Server =https://mirror.netzspielplatz.de/manjaro/packages/stable/$repo/$arch```
I've created a ASP.NET Web API that retrieves a file as a stream content, saves to disk and scans the file using Windows defender (MpCmdRun.exe). When running the API locally on my computer, everything is fine. However, I want to host this API in the cloud (Azure), as the rest of my applications are there. I decided to put this Web API inside a docker container, and then publish it to Azure. However, when running Windows Defender inside the Docker Container, I get the following error:
Running:
C:\Program Files\Windows Defender>MpCmdRun.exe -Scan -ScanType 3 -File ThirdPartyNotices.txt
Returns:
Scan starting...
CmdTool: Failed with hr = 0x8050800C. Check C:\Users\ContainerAdministrator\AppData\Local\Temp\MpCmdRun.log for more information
The log file doesn't give much more information.
MpCmdRun: Command Line: MpCmdRun.exe -Scan -ScanType 3 -File
ThirdPartyNotices.txt
Start Time: ?Sun ?Dec ?03 ?2017 23:53:16
Starting RunCommandScan.
INFO: ScheduleJob is not set. Skipping signature update.
Scanning path as file: ThirdPartyNotices.txt.
Start: MpScan(MP_FEATURE_SUPPORTED, dwOptions=16385, path
ThirdPartyNotices.txt, DisableRemediation = 0, BootSectorScan
= 0, Timeout in days = 1)
MpScan() started
Warning: MpScan() encounter errror. hr = 0x8050800c
MpScan() was completed
ERROR: MpScan(dwOptions=16385) Completion Failed 8050800C
MpCmdRun: End Time: ?Sun ?Dec ?03 ?2017 23:53:16
Dockerfile:
FROM microsoft/aspnet
COPY ./bin/Release/PublishOutput/ /inetpub/wwwroot
#So I can write sent file to disk in container
RUN powershell New-Item c:\inetpub\wwwroot\temp_files -type directory
RUN icacls c:\inetpub\wwwroot\temp_files /grant IIS_IUSRS:F
#Without this Windows Update is disabled
RUN powershell Set-Service wuauserv -StartupType "Automatic"
#Without this Windows defender is disabled
RUN reg add "HKLM\SYSTEM\CurrentControlSet\services\WinDefend" /v Start /t REG_DWORD /d 2 /f
#Tried running these, as well as Update-MpSignature in powershell, to no success.
#RUN ["c:\\Program Files\\Windows Defender\\MpCmdRun.exe", "-RemoveDefinitions", "-All"]
#RUN ["c:\\Program Files\\Windows Defender\\MpCmdRun.exe", "-SignatureUpdate"]
When inside the docker container (docker exec -it test powershell). Running Get-MpComputerStatus in powershell returns the following:
AMEngineVersion : 1.1.14306.0
AMProductVersion : 4.10.14393.1794
AMServiceEnabled : True
AMServiceVersion : 4.10.14393.1794
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 12/3/2017 8:15:49 PM
AntispywareSignatureVersion : 1.257.1327.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 12/3/2017 8:15:51 PM
AntivirusSignatureVersion : 1.257.1327.0
BehaviorMonitorEnabled : False
ComputerState : 0
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
PSComputerName :
Here I'm concerned about the NIS settings being 0.0.0.0.
When trying to update the Windows Defender signatures with
Update-MpSignature
Returns:
Update-MpSignature : Virus and spyware definitions update was completed with
errors.
At line:1 char:1
+ Update-MpSignature
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified:
(MSFT_MpSignature:ROOT\Microsoft\...SFT_MpSignature) [Update-MpSignature],
CimException
+ FullyQualifiedErrorId : HRESULT 0x80070643,Update-MpSignature
I'm not really able to RDP into the docker container (as far as I can tell it's not possible with the microsoft/aspnet image). This means I have to do everything in the command prompt/powershell, and I'm still quite new to that.
This might not be enough information, or even the right information to track this problem, but I've been stuck with this for way to long now. If anyone can give me some pointers on what to look for/how to proceed with locating/fixing these issues that'd be awesome. Thank you in advance!
run this as admin to completely disable windows defender
Set-MpPreference -DisableRealtimeMonitoring $true
Windows Server 2016 by default uses process isolation (not HyperV) and antivirus already scans your files on unlabeled disk and volume.
I am using the following script:
UNLOAD ('SELECT * FROM table WHERE
UPPER(description) LIKE \'%something%\' AND
transaction_date=\'2014-01-01\'')
TO 's3://yourdirectory/jan14.txt' CREDENTIALS
'aws_access_key_id=xxxx;
aws_secret_access_key=xxx'
PARALLEL OFF
But it returns this error:
An error occurred when executing the SQL command:
UNLOAD ('SELECT * FROM yi_base_views.card_panel WHERE
UPPER(description) LIKE \'%LULULEMON%\' AND
transaction_date=\'2014-01-01\'')
TO 's3://yourdirec...
ERROR: Invalid credentials. Must be of the format: credentials 'aws_access_key_id=;aws_secret_access_key=[;token=]'
Detail:
error: Invalid credentials. Must be of the format: credentials 'aws_access_key_id=;aws_secret_access_key=[;token=]'
code: 8001
context:
query: 0
location: aws_credentials_parser.cpp:59
process: padbmaster [pid=43295]
Remove the line break between the access key and secret key and it should work.