ldap: Unable to log in to the FreeIPA web user interface: "Login failed due to an unknown reason".

After the Fedora server update, my Freeipa broke down and I'm not sure how to treat it. Does anyone have any idea what the problem could be?

I cannot log in to the web user interface or execute any IPA command.

$ journalctl

gssproxy(910): gssproxy(951): (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, No credentials cache found
gssproxy(951): (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, No credentials cache found
gssproxy(910): gssproxy(951): (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, Preauthentication failed
gssproxy(951): (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, Preauthentication failed

$ cat / var / log / httpd / error_log

(suexec:notice) (pid 5529:tid 139897184471296) AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
(so:warn) (pid 5529:tid 139897184471296) AH01574: module proxy_module is already loaded, skipping
(so:warn) (pid 5529:tid 139897184471296) AH01574: module proxy_http_module is already loaded, skipping
(lbmethod_heartbeat:notice) (pid 5529:tid 139897184471296) AH02282: No slotmem from mod_heartmonitor
(mpm_event:notice) (pid 5529:tid 139897184471296) AH00489: Apache/2.4.39 (Fedora) OpenSSL/1.1.1c mod_wsgi/4.6.4 Python/3.7 3.9 mod_perl/2.0.10 Perl/v5.28.2 configured -- resuming normal operations
(core:notice) (pid 5529:tid 139897184471296) AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
(wsgi:error) (pid 5833:tid 139897184471296) ipa: INFO: *** PROCESS START ***
(wsgi:error) (pid 5837:tid 139897184471296) ipa: INFO: *** PROCESS START ***
(wsgi:error) (pid 5832:tid 139897184471296) ipa: INFO: *** PROCESS START ***
(wsgi:error) (pid 5839:tid 139897184471296) ipa: INFO: *** PROCESS START ***
(wsgi:error) (pid 5833:tid 139896787969792) (remote 10.0.1.8:36236) ipa: INFO: (jsonserver_i18n_messages) UNKNOWN: CCESS
(:warn) (pid 5842:tid 139896429713152) (client 10.0.1.8:36236) KRB5CCNAME file (/run/ipa/ccaches/admin@HOME.MYDOMAIN.COM) lookup .home.mydomain.com/ipa/ui/
(:warn) (pid 5841:tid 139896561800960) (client 10.0.1.8:36238) KRB5CCNAME file (/run/ipa/ccaches/admin@HOME.MYDOMAIN.COM) lookup .home.mydomain.com/ipa/ui/
(auth_gssapi:error) (pid 5840:tid 139896236779264) (client 10.0.1.10:47164) GSS ERROR gss_acquire_cred(_from)() failed to get lure.  Minor code may provide more information ( SPNEGO cannot find mechanisms to negotiate))
(wsgi:error) (pid 5833:tid 139896787969792) (remote 10.0.1.8:36236) ipa: INFO: 401 Unauthorized: No session cookie found

$ ipa-pkinit-manage state

PKINIT is enabled
The ipa-pkinit-manage command was successful

$ kinit myuser

Password for myuser@HOME.MYDOMAIN.COM: 
$ klist
Ticket cache: KEYRING:persistent:1907400001:krb_ccache_QYeLVmz
Default principal: myuser@HOME.MYDOMAIN.COM

Valid starting     Expires            Service principal
08/09/19 00:11:36  09/09/19 00:11:33  krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM

$ ipa -v ping

ipa: DEBUG: trying https://$ ipaserver.home.mydomain.com/ipa/json
ipa: DEBUG: Created connection context.rpcclient_139944946411792
ipa: DEBUG: (try 1): Forwarding 'schema' to json server 'https://$ ipaserver.home.mydomain.com/ipa/json'
ipa: DEBUG: New HTTP connection ($ ipaserver.home.mydomain.com)
ipa: DEBUG: HTTP connection destroyed ($ ipaserver.home.mydomain.com)
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package
    plugins = api._remote_plugins
AttributeError: 'API' object has no attribute '_remote_plugins'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 649, in get_auth_info
    response = self._sec_context.step()
  File "", line 2, in step
  File "/usr/lib64/python3.7/site-packages/gssapi/_utils.py", line 167, in check_last_err
    return func(self, *args, **kwargs)
  File "", line 2, in step
  File "/usr/lib64/python3.7/site-packages/gssapi/_utils.py", line 127, in catch_and_return_token
    return func(self, *args, **kwargs)
  File "/usr/lib64/python3.7/site-packages/gssapi/sec_contexts.py", line 521, in step
    return self._initiator_step(token=token)
  File "/usr/lib64/python3.7/site-packages/gssapi/sec_contexts.py", line 542, in _initiator_step
    token)
  File "gssapi/raw/sec_contexts.pyx", line 244, in gssapi.raw.sec_contexts.init_sec_context
gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639053): No Kerberos credentials available (default cache: KEYRING:persistent:0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 699, in single_request
    self.get_auth_info()
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 651, in get_auth_info
    self._handle_exception(e, service=service)
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 608, in _handle_exception
    raise errors.CCacheError()
ipalib.errors.CCacheError: did not receive Kerberos credentials
ipa: DEBUG: Destroyed connection context.rpcclient_139944946411792
ipa: ERROR: did not receive Kerberos credentials

$ kinit -k -t /var/lib/ipa/gssproxy/http.keytab HTTP / $

ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM
kinit: Preauthentication failed while getting initial credentials

$ ipa -vv pwpolicy-show global_policy

ipa: DEBUG: failed to find session_cookie in persistent storage for principal 'admin@HOME.IBLVFX.COM'
ipa: DEBUG: trying https://$ ipaserver.home.mydomain.com/ipa/json
ipa: DEBUG: Created connection context.rpcclient_140652464016656
ipa: DEBUG: (try 1): Forwarding 'schema' to json server 'https://$ ipaserver.home.mydomain.com/ipa/json'
ipa: DEBUG: New HTTP connection ($ ipaserver.home.mydomain.com)
ipa: DEBUG: HTTP connection destroyed ($ ipaserver.home.mydomain.com)
Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package
    plugins = api._remote_plugins
AttributeError: 'API' object has no attribute '_remote_plugins'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 726, in single_request
    if not self._auth_complete(response):
  File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 679, in _auth_complete
    message=u"No valid Negotiate header in server response")
ipalib.errors.KerberosError: No valid Negotiate header in server response
ipa: DEBUG: Destroyed connection context.rpcclient_140652464016656
ipa: ERROR: No valid Negotiate header in server response

dnd 5e: can the Freedom of movement spell prevent an aberrant earth feature of Gibbering Mouther from slowing a creature to 0 in a failed save?

the freedom of movement the spell only prevents the difficult terrain from affecting our movement. The throw of salvation occurs independently

the freedom of movement spell states:

While it lasts, the movement of the target will not be affected by difficult terrain, and spells and other magical effects cannot reduce the target's speed or cause the target to be paralyzed or restricted.

From that we can conclude what things the spell does:

  1. Difficult terrain does not affect your movement. Keep in mind that this says nothing about your speed, hit points or anything else that can affect difficult terrain.

  2. Spells and magic effects cannot reduce your speed.

  3. Spells and magic effects cannot paralyze or restrict it.

The Aberrant Ground function of Gibbering Mouther is not magical, so the last two points do not apply. What the function does is this:

The terrain within a radius of 10 feet around the mouth is difficult terrain like a mass. Each creature that begins its turn in that area must succeed in a Force 10 DC save throw or reduce its speed to 0 until the start of its next turn.

  1. The terrain within a 10-foot radius becomes difficult terrain.

  2. If a creature begins its turn within a 10-foot radius, it must make a saving throw; If this saving throw fails, its speed becomes 0.

The feature never says that being immune to the normal effect of difficult terrain makes us automatically succeed (or not have to do) the saving throw. As freedom of movement It only helps prevent changes in our movement But this is a change in our speed, it will still apply to us normally.

Similarly, with a spell like peak growth, which creates a harmful area of ​​difficult terrain,freedom of movement somehow it will not prevent us from receiving damages; just keep the area from costing more movement.

linux – Avaje Ebean failed in the unimproved class

My class is derived from Avabean Ebean as follows:

import com.avaje.ebean.Model;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
import lombok.Getter;
import lombok.Setter;

/**
 * Model for table channel_group 
 */
@Getter
@Setter
@Entity
@Table(name = "channel_group")
public class ChannelGroupModel extends Model {
......
}

When I am using to create ebeanserver, there is no problem at all. But when I am using the same way to create ebanserver using:
datasource_db_databaseUrl = "jdbc: h2: mem: tests";
dtasource_db_databaseDriver = "org.h2.Driver";

I started getting class no improved exception. I had the @Entity notation, it has an improvement task in the compilation file. Even installed ebean enhancer in intellij. But nothing works. The exeption:

ERROR com.avaje.ebeaninternal.server.deploy.BeanDescriptorManager - Error in deployment
java.lang.IllegalStateException: Bean class com.linkedin.zamboni.models.BulkCampaignFileModel is not enhanced?
    at com.avaje.ebeaninternal.server.deploy.BeanDescriptorManager.setEntityBeanClass(BeanDescriptorManager.java:1334)
    at com.avaje.ebeaninternal.server.deploy.BeanDescriptorManager.createByteCode(BeanDescriptorManager.java:1079)
    at com.avaje.ebeaninternal.server.deploy.BeanDescriptorManager.readDeployAssociations(BeanDescriptorManager.java:1001)
    at com.avaje.ebeaninternal.server.deploy.BeanDescriptorManager.readEntityDeploymentAssociations(BeanDescriptorManager.java:490)
    at com.avaje.ebeaninternal.server.deploy.BeanDescriptorManager.deploy(BeanDescriptorManager.java:217)
    at com.avaje.ebeaninternal.server.core.InternalConfiguration.(InternalConfiguration.java:119)
    at com.avaje.ebeaninternal.server.core.DefaultContainer.createServer(DefaultContainer.java:142)
    at com.avaje.ebeaninternal.server.core.DefaultContainer.createServer(DefaultContainer.java:38)
    at com.avaje.ebean.EbeanServerFactory.createInternal(EbeanServerFactory.java:81)
    at com.avaje.ebean.EbeanServerFactory.create(EbeanServerFactory.java:66)
    at app.com.linkedin.zamboni.TestZamboniBackendMt.setUp(TestZamboniBackendMt.java:138)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:124)
    at org.testng.internal.MethodInvocationHelper.invokeMethodConsideringTimeout(MethodInvocationHelper.java:59)
    at org.testng.internal.Invoker.invokeConfigurationMethod(Invoker.java:458)
    at org.testng.internal.Invoker.invokeConfigurations(Invoker.java:222)
    at org.testng.internal.Invoker.invokeConfigurations(Invoker.java:142)
    at org.testng.internal.TestMethodWorker.invokeBeforeClassMethods(TestMethodWorker.java:168)
    at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:105)
    at org.testng.TestRunner.privateRun(TestRunner.java:648)
    at org.testng.TestRunner.run(TestRunner.java:505)
    at org.testng.SuiteRunner.runTest(SuiteRunner.java:455)
    at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:450)
    at org.testng.SuiteRunner.privateRun(SuiteRunner.java:415)
    at org.testng.SuiteRunner.run(SuiteRunner.java:364)
    at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
    at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:84)
    at org.testng.TestNG.runSuitesSequentially(TestNG.java:1208)
    at org.testng.TestNG.runSuitesLocally(TestNG.java:1137)
    at org.testng.TestNG.runSuites(TestNG.java:1049)
    at org.testng.TestNG.run(TestNG.java:1017)
    at org.testng.IDEARemoteTestNG.run(IDEARemoteTestNG.java:72)
    at org.testng.RemoteTestNGStarter.main(RemoteTestNGStarter.java:123)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.CommandLineWrapper.main(CommandLineWrapper.java:67)

I dedicated myself to it. The code failed in BeanDescriptorManager:

private boolean hasEntityBeanInterface(Class beanClass) {

    Class() interfaces = beanClass.getInterfaces();
    for (int i = 0; i < interfaces.length; i++) {
      if (interfaces(i).equals(EntityBean.class)) {
        return true;
      }
    }
    return false;
  }

The interface that is returned for the class is not avaje.ebean.bean.Entity, but is: io.ebean.Entity, or it is sometimes returned empty. Any clues about this?

node.js: problem starting the pm2 node process manager in aws elastic beanstalk, npm update verification failed

I am trying to use pm2 for the process management of my typed node application, which has been implemented in elasticbeanstalk.

Every time pm2 launches a new instance, I get this in the logs

——————— node.js records ————————- —

pm2 start pm2.yaml

(PM2) Spawning PM2 daemon with pm2_home=/tmp/.pm2
(PM2) PM2 Successfully daemonized
(PM2)(WARN) Applications server not running, starting...
(PM2) App (server) launched (1 instances)

Use pm2 show to get more details about an app

npm update check failed
Try running with sudo or get access
to the local update config store via
sudo chown -R $USER:$(id -gn $USER) /tmp/.config

————————final———————–

Every time you try to restart the application and launch another instance, it eventually ends the application degradation.

I tried to use the command it suggests but it was in vain.

Any help will be greatly appreciated. 🙂

Acquisition of failed hosting companies with customers

Once again, I am looking to acquire start-up hosting companies that cannot reduce work if you have started a hosting company and cannot maintain costs or cannot manage it successfully, let me know.

During the last 10 years, we have acquired more than 60 "Fly By Night" hosting companies that had customers who had paid for the service in advance and did not know they were about to lose. We successfully transfer all these clients to our network and still host their sites. We know that times for companies can be difficult. Maybe he knows a lot about the industry and didn't know how difficult it was to stay afloat?

We are currently only looking for companies that have a minimum of 5 customers who actively pay for more than 3 months and a registered domain name of at least 5 months.
SEMrush

To find out if your company meets the criteria, send me a PM to your domain, current income for 3 to 6 months, current traffic statistics, country servers and the data center or provider they meet.

Regards,

How to handle (retry) failed requests with squid proxy?

I am using a parent proxy that has a bad connection and often fails. I'm trying to retry those failed connections. Is that possible?

apt – gpg: key server reception failed: connection has expired with Ubuntu Bionic

Objective:

I want to add apt-key to Ubuntu Bionic

Ambient:

Ubuntu Bionic 18.04.3

I send:

/usr/bin/apt-key adv --no-tty --keyserver keyserver.ubuntu.com --recv E084DAB9

or

/usr/bin/apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv E298A3A825C0D65DFD57CBB651716619E084DAB9

Error:

"stderr": "Warning: the output of the apt key should not be parsed (stdout is not a terminal) ngpg: the reception of the key server has failed: the connection has timed out n", "stderr_lines" : ("Warning: the output of the apt key must not be analyzed (stdout is not a terminal)", "gpg: the reception of the key server has failed: the connection has expired"

Additional Information:

  • This works fine for Ubuntu Xenial but does not work for Ubuntu Bionic.

  • I am running this command inside the Ubuntu Bionic Docker container. I took this ubuntu bionic image in my store and ran /usr/bin/apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv E298A3A825C0D65DFD57CBB651716619E084DAB9That seems to be working fine.

/usr/bin/apt-key adv --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv E298A3A825C0D65DFD57CBB651716619E084DAB9
Executing: /tmp/apt-key-gpghome.rA90EMTH3h/gpg.1.sh --no-tty --keyserver hkp://keyserver.ubuntu.com:80 --recv E298A3A825C0D65DFD57CBB651716619E084DAB9
gpg: key 51716619E084DAB9: public key "Michael Rutter " imported
gpg: Total number processed: 1
gpg:               imported: 1

But nevertheless, /usr/bin/apt-key adv --no-tty --keyserver keyserver.ubuntu.com --recv E084DAB9 it does not work and the timeout in the Ubuntu Bionic Docker container runs out.

Does anyone face a similar problem? Any help is appreciated. Thanks in advance!

Encryption failed after turning on my Android phone [duplicate]

This question is an exact duplicate of:

  • Encryption failed on Android phone

When I turn on my phone it shows "Encryption error" and "Your device cannot be started. The encryption process was interrupted. You need to reset your device to factory default settings. This will erase all your data" and reset button.
This reset button and the flickering of my phone with Odin does not help.
How can I make it work again?

windows – InitializeSecurityContext failed with SEC_E_DOWNGRADE_DETECTED

I have a question.
There are client and server applications written in Java.
The Java client connects to the server through kerberos authentication, the client needs to retrieve a token from the server; use the Waffle library that JNA uses, which invokes the InitializeSecurityContext function of the SSPI API (https://docs.microsoft.com/en-us/ windows / win32 / api / sspi / nf-sspi-initializesecuritycontexta).

The invocation of the InitializeSecurityContext function fails with the exception SEC_E_DOWNGRADE_DETECTED (message: the system cannot contact a domain controller to handle the authentication request. Please try again later. Https://docs.microsoft.com/en-us / windows / win32 / com / com -error-codes-4)

The client machine is in the Windows domain, the user is in this domain, it is possible to ping the domain and all its controllers.
The domain is also shown for a network adapter (domain vtm.local).
Network adapters

Could you help me? What is the reason for the problem? Why SEC_E_DOWNGRADE_DETECTED?

Thank you.

Encryption failed on Android phone

I get "encryption error" on my galaxy A8 + phone and the factory reset and reset button and blinking with Odin does not solve my problem.
Any solution to fix it?