[prev in list] [next in list] [prev in thread] [next in thread]
List: ngw
Subject: Re: [ngw] GW High Availability
From: "Al Hidalgo" <ahidalgo () salud ! unm ! edu>
Date: 2007-04-30 13:05:57
Message-ID: 46359546.4770.0087.0 () salud ! unm ! edu
[Download RAW message or body]
I removed the ssl stuff from gwha.conf and it's working!
To recap I did two things:
1) Changed the port from 8400 to 8500
2) removed ssl from gwha.conf (I had actually added this when it was not working on \
port 8400 since I have everything else ssl)
With regards to ssl in the gwha.conf, I used the save cert and key that I use for ssl \
on the poa. I even generated and used a new cert and key and I tried it with just the \
names and with the full path. I could never get it to work with ssl.
Thanks All!
Al
> > > On 4/27/2007 at 1:30 PM, "Troy Worthington" <tworthington@novell.com> wrote:
You could see the hauser and hapassword if you took a trace so someone could have a \
valid linux username and password for that server. I can't think of anything else \
that would be considered a security risk.
Troy
> > > "Al Hidalgo" <ahidalgo@salud.unm.edu> 4/27/2007 12:56 PM >>>
Is not using SSL a security risk?
Is the http/https port that the POA uses involved?
Thanks,
Al
> > > On 4/27/2007 at 10:53 AM, "Morris Blackham" <mblackham@gw.novell.com> wrote:
You won't be able to telnet as you have SSL enabled in gwha.conf..
Morris
> > > "Al Hidalgo" <ahidalgo@salud.unm.edu> 4/27/2007 10:32 AM >>>
netstat does not show the port listening. When I telnet I get Error:800f
Al
> > > On 4/27/2007 at 8:19 AM, "Troy Worthington" <tworthington@novell.com> wrote:
Is port 8500 show as listening on the server using netstat? Is this sles10, sles9, \
oes? Could be a firewall issue on sles10 but you should be able to run telnet on \
that server to bypass the firewall to test it. If the port is listening and a \
telnet connects but you don't get a login prompt, then its most likely an issue with \
the gwha.conf file.
Troy
> > > "Al Hidalgo" <ahidalgo@salud.unm.edu> 4/27/2007 7:35 AM >>>
I tried using port 8500 and it still did not work.
What ports need to be open for GWHA to work?
I can't telnet in.
Al
> > > On 4/26/2007 at 10:00 AM, "Troy Worthington" <TWORTHINGTON@novell.com> wrote:
If you telnet to the gwha port you should get prompted for a user and password. I \
have seen problems with a misconfigured gwha.conf file causing the gwha not to load \
properly.
Troy
> > > "Al Hidalgo" <ahidalgo@salud.unm.edu> 4/26/2007 9:22 AM >>>
Yes and yes but you may have keyed me to my problem. This is my /etc/xinetd.d/gwha \
and the port 8400 is a port that "Galaxy" backup uses. I will change the port to \
something else and test early tomorrow morning. Thanks. Al
service gwha
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /opt/novell/groupwise/agents/bin/gwha
instances = 1
type = UNLISTED
port = 8400
}
> > > On 4/26/2007 at 8:56 AM, "Morris Blackham" <mblackham@gw.novell.com> wrote:
Did you enable the gwha service in /etc/xinetd.d/gwha. Edit this file and set \
enabled to yes. Then make sure to restart the xinetd service;
/etc/init.d/xinetd restart
and also check to see if it's enabled to start on boot:
chkconfig xinetd
If OFF, then do chkconfig xinetd on
Morris
> > > "Al Hidalgo" <ahidalgo@salud.unm.edu> 4/26/2007 8:37 AM >>>
Has anyone been able to get GW Availability to work?
I am trying to get this going with a GW 7.0.2 POA and when I unload the POA it will \
not auto-restart. Monitor does see that the POA is down.
I have created a HA user on the POA box and Monitor loads with the --hauser gwha \
--hapassword gwagents options.
This is my POA gwha.conf file:
[gwha]
ssl = yes
key = 1650.key
cert = 1650.b64
password = *******
[1650-1.UH]
server = /opt/novell/groupwise/agents/bin/gwpoa
command = /etc/init.d/grpwise
startup = 1650-1.poa
delay = 2
wait = 10
Al Hidalgo
Enterprise Systems Support Analyst
Information Technology
University Hospitals
ahidalgo@salud.unm.edu
--
Visit http://www.ngwlist.com ( http://www.ngwlist.com/ ) ( http://www.ngwlist.com/ ) \
( http://www.ngwlist.com/ ) for help unsubscribing
Novell, Inc.
Software for the Open Enterprise
--
Visit http://www.ngwlist.com ( http://www.ngwlist.com/ ) ( http://www.ngwlist.com/ ) \
for help unsubscribing
Novell, Inc.
Software for the Open Enterprise
--
Visit http://www.ngwlist.com ( http://www.ngwlist.com/ ) for help unsubscribing
[Attachment #3 (text/html)]
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.2900.3059" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma; COLOR: #000000">
<DIV>I removed the ssl stuff from gwha.conf and it's working!</DIV>
<DIV> </DIV>
<DIV>To recap I did two things:</DIV>
<DIV>1) Changed the port from 8400 to 8500</DIV>
<DIV>2) removed ssl from gwha.conf (I had actually added this when it was not working \
on port 8400 since I have everything else ssl)</DIV> <DIV> </DIV>
<DIV>With regards to ssl in the gwha.conf, I used the save cert and key that I use \
for ssl on the poa. I even generated and used a new cert and key and I tried it with \
just the names and with the full path. I could never get it to work with ssl.</DIV> \
<DIV> </DIV> <DIV>Thanks All!</DIV>
<DIV> </DIV>
<DIV>Al<BR><BR>>>> On 4/27/2007 at 1:30 PM, "Troy Worthington" \
<tworthington@novell.com> wrote:<BR></DIV> <DIV style="PADDING-LEFT: 7px; \
MARGIN: 0px 0px 0px 15px; BORDER-LEFT: #050505 1px solid; BACKGROUND-COLOR: #f3f3f3"> \
<DIV>You could see the hauser and hapassword if you took a trace so someone could \
have a valid linux username and password for that server. I can't think \
of anything else that would be considered a security risk.</DIV> <DIV> </DIV>
<DIV>Troy<BR><BR>>>> "Al Hidalgo" <ahidalgo@salud.unm.edu> 4/27/2007 \
12:56 PM >>><BR></DIV> <DIV>Is not using SSL a security risk?</DIV>
<DIV> </DIV>
<DIV>Is the http/https port that the POA uses involved? </DIV>
<DIV> </DIV>
<DIV>Thanks,</DIV>
<DIV> </DIV>
<DIV>Al</DIV>
<DIV><BR><BR>>>> On 4/27/2007 at 10:53 AM, "Morris Blackham" \
<mblackham@gw.novell.com> wrote:<BR></DIV> <DIV style="PADDING-LEFT: 7px; \
MARGIN: 0px 0px 0px 15px; BORDER-LEFT: #050505 1px solid; BACKGROUND-COLOR: \
#f3f3f3">You won't be able to telnet as you have SSL enabled in \
gwha.conf..<BR><BR>Morris<BR><BR>>>> "Al Hidalgo" \
<ahidalgo@salud.unm.edu> 4/27/2007 10:32 AM >>><BR>netstat does not \
show the port listening. When I telnet I get Error:800f<BR><BR>Al<BR><BR>>>> \
On 4/27/2007 at 8:19 AM, "Troy Worthington" <tworthington@novell.com> \
wrote:<BR>Is port 8500 show as listening on the server using netstat? Is this \
sles10, sles9, oes? Could be a firewall issue on sles10 but you should be able \
to run telnet on that server to bypass the firewall to test it. If \
the port is listening and a telnet connects but you don't get a login prompt, then \
its most likely an issue with the gwha.conf file.<BR><BR>Troy<BR><BR>>>> "Al \
Hidalgo" <ahidalgo@salud.unm.edu> 4/27/2007 7:35 AM >>><BR>I tried \
using port 8500 and it still did not work.<BR><BR>What ports need to be open for GWHA \
to work? <BR><BR>I can't telnet in.<BR><BR>Al<BR><BR>>>> On 4/26/2007 at \
10:00 AM, "Troy Worthington" <TWORTHINGTON@novell.com> wrote:<BR>If you telnet \
to the gwha port you should get prompted for a user and password. I have \
seen problems with a misconfigured gwha.conf file causing the gwha not to load \
properly.<BR><BR>Troy<BR><BR>>>> "Al Hidalgo" <ahidalgo@salud.unm.edu> \
4/26/2007 9:22 AM >>><BR>Yes and yes but you may have keyed me to my \
problem. This is my /etc/xinetd.d/gwha and the port 8400 is a port that "Galaxy" \
backup uses. I will change the port to something else and test early tomorrow \
morning. Thanks. Al<BR><BR>service gwha<BR>{<BR>socket_type = \
stream<BR>protocol = \
tcp<BR>wait = \
no<BR>user = \
root<BR>server = \
/opt/novell/groupwise/agents/bin/gwha<BR> instances = 1<BR> \
type = UNLISTED<BR> port = 8400<BR>}<BR><BR><BR>>>> On 4/26/2007 \
at 8:56 AM, "Morris Blackham" <mblackham@gw.novell.com> wrote:<BR>Did you \
enable the gwha service in /etc/xinetd.d/gwha. Edit this file and set enabled \
to yes. Then make sure to restart the xinetd service; \
<BR><BR>/etc/init.d/xinetd restart<BR><BR>and also check to see if it's enabled to \
start on boot:<BR><BR>chkconfig xinetd<BR><BR>If OFF, then do chkconfig xinetd \
on<BR><BR>Morris<BR><BR>>>> "Al Hidalgo" <ahidalgo@salud.unm.edu> \
4/26/2007 8:37 AM >>><BR>Has anyone been able to get GW Availability to \
work?<BR><BR>I am trying to get this going with a GW 7.0.2 POA and when I unload the \
POA it will not auto-restart. Monitor does see that the POA is down.<BR><BR>I have \
created a HA user on the POA box and Monitor loads with the --hauser gwha \
--hapassword gwagents options.<BR><BR>This is my POA gwha.conf \
file:<BR><BR>[gwha]<BR>ssl = yes \
<BR>key = \
1650.key<BR>cert = 1650.b64<BR>password = \
*******<BR><BR>[1650-1.UH]<BR>server = \
/opt/novell/groupwise/agents/bin/gwpoa<BR>command = \
/etc/init.d/grpwise<BR>startup = \
1650-1.poa<BR>delay = 2<BR>wait \
= 10<BR><BR><BR><BR>Al Hidalgo<BR>Enterprise Systems Support Analyst<BR>Information \
Technology <BR>University Hospitals<BR>ahidalgo@salud.unm.edu \
<BR><BR><BR><BR>--<BR>Visit <A \
href="http://www.ngwlist.com/">http://www.ngwlist.com</A> ( <A \
href="http://www.ngwlist.com/">http://www.ngwlist.com/</A> ) ( <A \
href="http://www.ngwlist.com/">http://www.ngwlist.com/</A> ) for help \
unsubscribing<BR><BR><BR>Novell, Inc.<BR>Software for the Open \
Enterprise<BR><BR>--<BR>Visit <A \
href="http://www.ngwlist.com/">http://www.ngwlist.com</A> ( <A \
href="http://www.ngwlist.com/">http://www.ngwlist.com/</A> ) for help \
unsubscribing<BR><BR><BR>Novell, Inc.<BR>Software for the Open \
Enterprise<BR><BR>--<BR>Visit <A \
href="http://www.ngwlist.com/">http://www.ngwlist.com</A> for help \
unsubscribing<BR><BR></DIV></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic