Hi,
when you connect with the console to a remote administration server, the server does a host name based access control. If you want to give access to any host, you can set the host name mask to "*".
But if the host name DNS resolution fails, even if the mask is "*", the authorization fails (HTTP 401: authorization required).
In my environment it is a problem to put every client host in the DNS system used by the server.
How can I bypass the hostname verification of the administration server ?
Thank you
François
François Beretti kirjoitti viestissään (lähetysaika Wednesday 03 May 2006 13:18):
Hi,
How can I bypass the hostname verification of the administration server ?
Hi
There is a bug in 1.0.2 related to this (address matching is reversed). If you need to allow administration from anywhere, you need to set nsAdminAccessAddresses=something you don't have nsAdminAccessHosts=empty
I have used limited broadcast address (255.255.255.255) as nsAdminAccessAddresses and it seems to work. I do my access control with IPsec.
When next version comes and this is fixed, you might not be able to connect before you change that nsAdminAccessAddresses back to what it really should be (can be done from command line with ldapmodify).
Best Regards Kimmo Koivisto
2006/5/3, Kimmo Koivisto kimmo.koivisto@surfeu.fi:
There is a bug in 1.0.2 related to this (address matching is reversed). If you need to allow administration from anywhere, you need to set nsAdminAccessAddresses=something you don't have nsAdminAccessHosts=empty
Hi,
by "empty" do you mean "no value" or "an empty string" ?
François
François Beretti kirjoitti viestissään (lähetysaika Thursday 04 May 2006 10:42):
2006/5/3, Kimmo Koivisto kimmo.koivisto@surfeu.fi:
There is a bug in 1.0.2 related to this (address matching is reversed). If you need to allow administration from anywhere, you need to set nsAdminAccessAddresses=something you don't have nsAdminAccessHosts=empty
Hi,
by "empty" do you mean "no value" or "an empty string" ?
I guess it's "an empty string" if you do it with FDS console, I have just used it to remove default values.
BR Kimmo
389-users@lists.fedoraproject.org