My company just installed Blue Coat's Web Security Service and put the Unified Agent on all our computers. It filters our HTTPS traffic w/ a CA that was added to all the computers. We added the certificate to the cacerts.pem file.
We can no longer push/pull from our mercurial host (Kiln). We get the message abort: authorization failed. We have verified the credentials and verified that we can access the site from a web browser. I have even tried doing a push with --insecure in case it was a certificate error. What else can I do?
We have a mix of Windows 7 an Windows 8 computers.
Output of -v --debug
C:\Users\me\Documents\Development\Client Name>hg pull -v --debug https://mycompany.kilnhg.com/Code/Client/Group/New-Development
using https://mycompany.kilnhg.com/Code/Client/Group/New-Development
sending capabilities command
using auth.mycompany.kilnhg.com.* for authentication
mycompany.kilnhg.com certificate successfully verified
using auth.mycompany.kilnhg.com.* for authentication
http authorization required for https://mycompany.kilnhg.com/Code/Client/Group/New-Development
realm: kiln
http auth: user me#domain.com, password ************************
using auth.mycompany.kilnhg.com.* for authentication
mycompany.kilnhg.com certificate successfully verified
http auth: user me#domain.com, password ************************
using auth.mycompany.kilnhg.com.* for authentication
mycompany.kilnhg.com certificate successfully verified
http auth: user me#domain.com, password ************************
using auth.mycompany.kilnhg.com.* for authentication
mycompany.kilnhg.com certificate successfully verified
http auth: user me#domain.com, password ************************
using auth.mycompany.kilnhg.com.* for authentication
mycompany.kilnhg.com certificate successfully verified
http auth: user me#domain.com, password ************************
using auth.mycompany.kilnhg.com.* for authentication
mycompany.kilnhg.com certificate successfully verified
http auth: user me#domain.com, password ************************
using auth.mycompany.kilnhg.com.* for authentication
mycompany.kilnhg.com certificate successfully verified
abort: authorization failed
Related
I'm having troubles connecting MySQL database as a source endpoint on AWS DMS.
Client sent me credentials (host, port, username, password) and certificates (CA cert, client cert, client key) and I successfully connected to DB with DBeaver.
I tried to import CA certificate in DMS and it did it successfully, but for SSL mode selected in endpoint (both verify-full and verify-ca) it gives me an error in connection testing:
Test Endpoint failed: Application-Status: 1020912, Application-Message: Cannot connect to ODBC provider ODBC general error., Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HY000 NativeError: 2026 Message: [unixODBC][MySQL][ODBC 8.0(w) Driver]SSL connection error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
I have checked CA certificate with
openssl x509 -in certificate.pem -text -noout
and it seems OK.
I also ran into this article which says that CA cert must be signed by certification authority, the client sent me self signed CA certificate and apparently doesn't know how to properly sign it.
Does anyone knows how to bypass getting CA signed certificate or to get proper CA signed certificate (if this really is a problem)?
I'm running Docker on NAS in a home network behind a FritzBox router. Mail and web server are dockerized, external ports 22, 80, 443 are forwarded to the respektive ports on the NAS, Traefik serves as reverse proxy.
While traefik works fine thanks for X-Forwarded headers and HTTP 1.1 Host headers, I'm unable to setup fail2ban to block excessive login attempts of rogue clients. Thanks to NAT on the router, the mail container always seems the router's IP as source.
Server logs look like this:
dovecot: auth: passwd-file(luv5#xn--...,172.19.0.1): unknown user (SHA1 of given password: 63f39e)
postfix/smtpd[1118]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
postfix/smtpd[1118]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/smtpd[1028]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: Connection lost to authentication server
postfix/smtpd[1028]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/smtpd[1066]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: Connection lost to authentication server
postfix/smtpd[1066]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
dovecot: auth: passwd-file(mathew#xn--...,172.19.0.1): unknown user (SHA1 of given password: 011c94)
postfix/smtpd[2295]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
postfix/smtpd[2295]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36922 to [172.19.0.11]:25
postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36922
postfix/smtpd[1118]: connect from unknown[172.19.0.1]
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36948 to [172.19.0.11]:25
dovecot: auth: passwd-file(psycho#xn--...,172.19.0.1): unknown user (SHA1 of given password: 7c4a8d)
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36950 to [172.19.0.11]:25
postfix/smtpd[1118]: warning: unknown[172.19.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
postfix/smtpd[1118]: disconnect from unknown[172.19.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
postfix/postscreen[1020]: CONNECT from [172.19.0.1]:36958 to [172.19.0.11]:25
postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36948
postfix/smtpd[2295]: connect from unknown[172.19.0.1]
postfix/postscreen[1020]: PASS OLD [172.19.0.1]:36950
postfix/smtpd[1066]: connect from unknown[172.19.0.1]
Is there anything that can be done to get fail2ban to block based on IP address for SMTP behind NAT (except for using an "exposed host")?
Thanks to NAT on the router, the mail container always seems the router's IP as source.
If you're able at all to capture from log/journal an originated IP (or something else identifying the intruder) in the filter, you could:
write own failregex or filter capturing forwarded IP, session or username (something you can use as ID to identify intruder), then ...
either try to implement a solution described in our wiki - How to ban something other as host (IP address), like user or mail, etc.
or write some actions like https://github.com/fail2ban/fail2ban/blob/0.10/config/action.d/nginx-block-map.conf (banning intruder resp. rejecting its connection on web-server or mail-service side)
or write your own action to notify your proxying service, in order to ban the originated IP on the other side (no idea traefik has something like that, but there is still open RFE about that - https://github.com/containous/traefik/issues/4026).
Also note similar question - How to implement fail2ban with Traefik
I installed Redmine 2.6.1.1 using Bitnami on Win 7, but couldn't figure out why redmine cannot send any email. I edited the configuration.yml file under \redmine-2.6.1-1\apps\redmine\htdocs\config and tried to send a test mail via both Gmail and our own e-mail server, but it didn't work.
My configuration.yml file is just like below:
default:
email_delivery:
delivery_method: :smtp
smtp_settings:
enable_starttls_auto: true
address: smtp.gmail.com
port: 587
domain: smtp.gmail.com
authentication: :plain
user_name: "someusername#gmail.com"
password: "somepassword"
In this configuration the error is:
an error occurred while sending mail (a socket operation was attempted to an unreachable network. - connect (2))
If I change the address and domain values with IP addresses then the error becomes:
an error occurred while sending mail (Permission denied - connect(2))
If I try to configure it with the values of our own mail server, then I still get the second error (permission denied).
I tried it in another PC and it worked. However, the same configuration in the old PC, it does not work. 2 PCs are in the same network and the only difference between 2 installations is that I did not configure mail settings during the Bitnami installtion in the old machine. After the installation was completed, I modified configuration.yml. However, in the new PC, I configured it during the installation.
I could solve the problem finally. The reason is McAfee security. When I disable McAfee's "Access Protection" task, it worked without any problem.
I changed my Bitbucket password based on 1Pass's watchtower recommendation. Ever since, I can't pull / push any of my repos, although I can login via a browser. I've tried both HTTP and SSH, and neither work.
Here is a sample output.
hg pull --debug https://caliChander#bitbucket.org/caliChander/cs1
using https://bitbucket.org/caliChander/cs1
http auth: user caliChander, password not set
sending capabilities command
using auth.bitbucket.* for authentication
bitbucket.org certificate successfully verified
using auth.bitbucket.* for authentication
http auth: user caliChander, password *******************************
using auth.bitbucket.* for authentication
bitbucket.org certificate successfully verified
http auth: user caliChander, password *******************************
using auth.bitbucket.* for authentication
bitbucket.org certificate successfully verified
http auth: user caliChander, password *******************************
using auth.bitbucket.* for authentication
bitbucket.org certificate successfully verified
http auth: user caliChander, password *******************************
using auth.bitbucket.* for authentication
bitbucket.org certificate successfully verified
http auth: user caliChander, password *******************************
using auth.bitbucket.* for authentication
bitbucket.org certificate successfully verified
http auth: user caliChander, password *******************************
using auth.bitbucket.* for authentication
bitbucket.org certificate successfully verified
abort: authorization failed
I'm curious as to why it says "password not set" when my ~/.hgrc looks something like this:
[ui]
username = First Last <some.email#random.com>
[auth]
bitbucket.prefix = bitbucket.org
bitbucket.username = caliChander
bitbucket.password = some_very_long_password_here
bitbucket.schemes = http https
[web]
cacerts = /etc/hg-dummy-cert.pem
My gut feeling is that certain characters aren't allowed in the password field? This was randomly generated via 1Pass. Is this so?
Just in case it's needed, the .hg/hgrc in the cs1 repo looks like this:
[paths]
default = https://caliChander#bitbucket.org/caliChander/cs1
I'm on OS X Mavericks. Thanks for the help!
I'm curious as to why it says "password not set"
Because URL may contain both username and password, your https://caliChander#bitbucket.org/ have only username part
[ui] section is irrelevant in auth-stage (it's just informative data, used for defining userdata, shown in log for local commits), only username-password from [auth] used for authentication. You can temporary disable password in hgrc and enter it by hand
Please i want to know how to configure the SMTP for Swiftmailer in Symfony2.
I use FOSUserBundle, and i enabled the activation by email after registration, but after registration i get the message that says the activation email has been sent, without receiving any mail.
i use Servage.net hosting, and i have tried this configuration :
app/config/config.yml
# Swiftmailer Configuration
swiftmailer:
transport: smtp
host: smtp1.servage.net
auth_mode: login
username: webmaster#myEmailAtServage.com
password: mypassword
port : 25
Thanks.
Thanks, now the Swiftmailer works with this configuration:
# Swiftmailer Configuration
swiftmailer:
transport: %mailer_transport%
host: %mailer_host%
username: %mailer_user%
password: %mailer_password%
port : %mailer_port%
encryption: ssl
auth_mode: login
parameters.ini
mailer_transport="smtp"
mailer_host="smtp2.servage.net"
mailer_user="me#mywebsite.com"
mailer_password="myPassword"
mailer_port=465
You can try smtp2 with ssl/tls
From the servage wiki: https://www.servage.net/wiki/SMTP_server
The mail server smtp2.servage.net has support for TLS and SSL, using standard SSL port 465