Command " /asadmin list-applications " failed in solaris - ssl

It appears that server [localhost:4848] does not accept secure connections. Retry with --secure=false.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Thu Jul 21 05:29:59 IST 2022
Command list-applications failed.
I want to verify that is there any certificate is installed or not , If installed then how to resolved the problem . how to check the installed applications from solaris.How to check the ssl expiries in solaris system.

Related

"PKIX path building failed:" "unable to find valid certification path to requested target" for remote server

I am getting this error in my tomcat catalina.out log:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
when trying to access this remote URL: https://remote-hostname-fqdn-here:8443. This works fine when the same call is made locally.
I have the certificate imported into the keystore, i.e. I see the following when I list the certs content with keytool:
$ /opt/jdk1.7.0_75/bin/keytool -list -v -keystore /opt/apache-tomcat/conf/ssl/cacerts | grep icr
Alias name: remote-hostname-fqdn-here
Creation date: Jan 4, 2018
Entry type: trustedCertEntry
Owner: CN=remote-hostname-fqdn-here, O="Org-name-removed", L=Place-removed, ST=State-removed, C=US
Issuer: CN=remote-hostname-fqdn-here, O="Org-name-removed", L=Place-removed, ST=State-removed, C=US
Serial number: serial-number-removed
Valid from: Thu Jan 04 13:22:32 CST 2018 until: Sun Jan 02 13:22:32 CST 2028
Certificate fingerprints:
MD5: md5sum-value-removed
SHA1: sha1-value-removed
SHA256: sha256-value-removed
Signature algorithm name: SHA1withRSA
Version: 1
Note that I have tomcat instances in two environments, both running Java jdk1.7.0_75 and Tomcat 7.0.90, and the same SSL connector configuration. Strangely enough, this error only happens on one of them, even though we've tried the same action to clear the application cache to trigger the error on both.
While I do have a wildcard cert (different from the cert mentioned here) configured in server.xml on all the servers, I can see it logical that I'd have to import that cert into the keystore. However, I haven't imported it on either environment, so I'm at a loss as to why I'm only getting this error in one environment. Note that other than this functionality of clearing a remote server's application cache, all other aspects of SSL seem to be working fine.
Importing the wildcard cert that covered the same domain as the current ones for each server solved the problem. Still don’t know why I wasn’t able to recreate the problem in the other environment. While the .war and .jar files were different, I was told the portion of the code for the problem here is the same.

Radius server failed to start in centos 7

At beginning I successfully configured radius server with mariadb and httpd. But I changed to hostname of the server and rebooted. Now even if the mariadb and httpd is running but radiusd failed to start. Here is the answer from journalctl -xe .. Please help me.
Jan 10 12:34:08 cpe.twcny.res.rr.com systemd[1]: Unit radiusd.service entered failed state.
Jan 10 12:34:08 cpe.twcny.res.rr.com systemd[1]: radiusd.service failed.
Jan 10 12:34:08 cpe.twcny.res.rr.com polkitd[963]: Unregistered Authentication Agent for unix-process:2183:15540 (system bus name :1.43, object path /org/
Jan 10 12:40:01 cpe.twcny.res.rr.com systemd[1]: Created slice User Slice of root.

sssd Error: Could not start TLS encryption. (unknown error code)

I am trying to configure Linux machine authentication with Google secure LDAP, adding the steps below that I have done
Added the LDAP client with below permission:
Access permission: Entire Domain
Read user information: Entire Domain
Read group information: ON
Installed SSSd in my Ubuntu box(which is running in Azure)
sudo apt install -y sssd sssd-tools
My sssd.conf file
[sssd]
debug_level = 7
services = nss, pam
domains = mydomain.com
[pam]
debug_level = 7
[nss]
debug_level = 7
[domain/mydomain.com]
debug_level = 7
cache_credentials = true
ldap_id_use_start_tls = true
ldap_tls_cacertdir = /home/ubuntu/ssl_Linux
ldap_tls_cacert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_cert = /home/ubuntu/ssl_Linux/gldap.crt
ldap_tls_key = /home/ubuntu/ssl_Linux/gldap.key
ldap_uri = ldaps://ldap.google.com:636
ldap_search_base = ou=Users,dc=mydomain,dc=com
ldap_group_name = uniqueMember
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_user_uuid = entryUUID
ldap_groups_use_matching_rule_in_chain = true
ldap_initgroups_use_matching_rule_in_chain = true
enumerate = false
Here I'm able to start the SSSD service bt getting the below error
Nov 15 09:14:54 myserver systemd[1]: Started System Security Services Daemon.
Nov 15 09:14:55 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:16:11 myserver sssd[be[67530]: Backend is offline
Nov 15 09:17:19 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:19:48 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
Nov 15 09:24:02 myserver sssd[be[67530]: Could not start TLS encryption. (unknown error code)
FYI: I'm able to successfully authenticate with the google secure LDAP using below command
LDAPTLS_CERT=mycrt.crt LDAPTLS_KEY=mykey.key ldapsearch -H ldaps://ldap.google.com:636 -b "ou=Users,dc=mydomain,dc=com" -D "my.user#mydomain.com" "(uid=my.user)" -W
Refrance: https://helpcenter.itopia.com/en/articles/2394004-configuring-google-cloud-identity-ldap-on-ubuntu-16-04-for-user-logins
Please help me on this,
Thanks :)
I had same issue.
adding ldap_tls_cipher_suite = NORMAL:!VERS-TLS1.3 to sssd.conf file worked for me. I am on Ubuntu 20.04.5 LTS
I had tried the same document with the new Virtual-Machine, It works fine for me.
Just need to make sure after configuring google LDAP client in http://admin.google.com/ portal may take up to 24 hours to take effect.
Thanks

Guacamole fails to connect to xRDP server

I have a xrdp server running and would like to connect to it using Guacamole. However, each time I try to make any RDP connection it always fails with "You Have Been Disconnected." I know it is a fault with guacamole because I can log into xRDP using Remmina RDP client using the same credentials.
Here are my Logs:
/var/run/syslog :
Jul 26 10:02:36 ubuntu guacd[1291]: Creating new client for protocol "rdp"
Jul 26 10:02:36 ubuntu guacd[1291]: Connection ID is "$0c72bf59-0ff9-448d-a5a2-dc3229157122"
Jul 26 10:02:36 ubuntu guacd[5737]: Security mode: ANY
Jul 26 10:02:36 ubuntu guacd[5737]: Resize method: none
Jul 26 10:02:36 ubuntu guacd[5737]: User "#cce2ec3d-03c5-4387-be88-054a00927f56" joined connection "$0c72bf59-0ff9-448d-a5a2-dc3229157122" (1 users now present)
Jul 26 10:02:36 ubuntu guacd[5737]: Loading keymap "base"
Jul 26 10:02:36 ubuntu guacd[5737]: Loading keymap "en-us-qwerty"
Jul 26 10:02:36 ubuntu kernel: [ 4736.455320] guacd[5749]: segfault at 8000000000 ip 0000008000000000 sp 00007f3bc9f8bc98 error 14
Jul 26 10:02:36 ubuntu kernel: [ 4736.455323] traps: guacd[5750] general protection ip:7f3bcb074c69 sp:7f3bc978ac98 error:0
Jul 26 10:02:36 ubuntu kernel: [ 4736.455323]
Jul 26 10:02:36 ubuntu kernel: [ 4736.455325] in libguac.so.5.0.0[7f3bcb070000+d000]
Jul 26 10:02:36 ubuntu guacd[1291]: Connection "$0c72bf59-0ff9-448d-a5a2-dc3229157122" removed.
/var/log/tomcat8/Catalina.out :
10:02:33.079 [http-nio-8080-exec-2] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 0:0:0:0:0:0:0:1 for user "-------" failed.
10:02:33.943 [http-nio-8080-exec-1] WARN o.a.g.r.auth.AuthenticationService - Authentication attempt from 0:0:0:0:0:0:0:1 for user "jonathan" failed.
10:02:36.100 [http-nio-8080-exec-6] INFO o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully authenticated from 0:0:0:0:0:0:0:1.
10:02:36.241 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "3".
10:02:38.179 [Thread-7] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from connection "3". Duration: 1937 milliseconds
Connection settings:
security mode: any
port: 3389
I am on ubuntu server 16.04. Any possible solutions would be much appreciated.
Try:
Removing the [path to libfreerdp*.so]/freerdp/guac*.so files that were copied, assuming this is the case.
Create symbolic links within [path to libfreerdp*.so]/freerdp/ to /usr/local/lib/freerdp/guac*.so, so you do not need to worry about
this going forward.
Source: RDP stopped working v0.9.9 - Apache Guacamole.

LDAP over SSL using Wordpress plugin

I'm trying to integrate LDAP over SSL on a Wordpress site using the plugin here:
http://wordpress.org/plugins/active-directory-integration/
The site is hosted on MediaTemple and out Active Directory server is hosted locally behind our firewall.
I successfully tested the connection using LDAP over SSL outside of my firewall - so I think the issue resides somewhere on the MediaTemple server.
Using plugin version 1.1.4 with WP 3.7.1
note: my site is not an adult site, I just replaced the real site with x's :)
[INFO] method authenticate() called
[INFO] ------------------------------------------
PHP version: 5.4.13
WP version: 3.7.1
ADI version: 1.1.4
OS Info : Linux xxxxxxxxxx.com 2.6.32-042stab083.2 #1 SMP Fri Nov 8 18:08:40 MSK 2013 x86_64
Web Server : cgi-fcgi
adLDAP ver.: 3.3.2 Extended (201104081456)
------------------------------------------
[NOTICE] username: murphyd
[NOTICE] password: not shown
[INFO] Options for adLDAP connection:
- account_suffix:
- base_dn: cn=users,dc=xxxxxxxxx,dc=local
- domain_controllers: ldaps://firewall.xxxxxxxx.com
- ad_port: 636
- use_tls: 0
- network timeout: 5
[NOTICE] adLDAP object created.
[INFO] max_login_attempts: 50
[INFO] users failed logins: 0
[NOTICE] trying account suffix ""
[ERROR] Authentication failed
[WARN] storing failed login for user "murphyd"
Any suggestions?