serverfault.com

I'm making this post just to make the solution more visible, as I had to dig around multiple answers and reddit posts without finding a resolution. Our windows domain had an issue where users could not change their passwords via Ctrl+Alt+Del. Our group policy had a minimum password age of 0, and complexity requirements enabled. We did not have any Fine-Grained password policies in place. When attempting to change the password, the error pop up stated "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the machine or domain. Try increasing the length of your password, along with including upper and lowercase letters, numbers, and symbols." The new password contained special characters, numbers, and lowercase/uppercase letters. When our windows admins would set "User needs to change password on next login" via ADUC for users, they would be prompted with

I just created a new server based on debian 13, and my proftpd is failing because the file '/etc/ssh/ssh_host_dsa_key' does not exist. I my proftpd I have a couple of lines with this content SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPHostKey /etc/ssh/ssh_host_dsa_key The error message for proftpd 2026-01-27 16:04:26,720 example proftpd[42786]: fatal: SFTPHostKey: unable to check '/etc/ssh/ssh_host_dsa_key': No such file or directory on line 13 of '/etc/proftpd/conf.d/sftpd.conf' I looked into debian bugs to see if there's mention of removing the ssh_host_dsa_key file, but I coudln't find anything. I will remove the line with the error and stay with the rsa key but I'd like to find the source cause

I've installed proxmox in a DELL C6400 with a NIC Broadcom BCM57416, using the driver bnxt-en. The ethernet controller is recognized with the command lspci | grep -i ethernet, and I have the interfaces configured but DOWN. The LEDs also doesn't turn on when I connect the ethernet cable, but I'm sure it's not the cable because I exchanged the cables with the iDRAC port and both works correctly. Running the tests ethtool -t nic0 it fails at the Link test (online) and the Ext loopback test (offline). Also I've looked at dmesg and journalctl but I haven't found meaningful information.

I am completely lost now and need help figuring out what's going on. My DigitalOcean droplets keep getting compromised and used for DDoS attacks. This is the third time in a row on completely fresh builds. Each time I destroy the droplet, start from scratch, add more security, and within a day it happens again. Could there be something in my application code itself that's being exploited? Could my GitHub Actions deployment pipeline be compromised? Is there something at the DigitalOcean account level that could be the issue? What am I fundamentally missing here? i am running - Node.js application with Docker containers, PostgreSQL and Redis, Nginx as reverse proxy, Deploying via GitHub Actions Security measures I've implemented (after getting burned twice already): SSH: Disabled password auth, disabled root login, using ED25519 keys only, changed default port, a

This is a Shibboleth question regarding PEM files and Tomcat. I noticed within the Shibboleth Windows installation, there are some PEM files within the ...\shibboleth-sp\etc\shibboleth dir. Do I need to use the Java JDK keytool.exe utility and add these to my keystore for Shibboleth to work properly with Tomcat? EXAMPLE: keytool -import -trustcacerts -file c:\opt\shibboleth-sp\etc\shibboleth\sp-encrypt-cert.pem -keystore cacerts keytool -import -trustcacerts -file c:\opt\shibboleth-sp\etc\shibboleth\sp-encrypt-key.pem -keystore cacerts keytool -import -trustcacerts -file c:\opt\shibboleth-sp\etc\shibboleth\sp-signing-cert.pem -keystore cacerts keytool -import -trustcacerts -file c:\opt\shibboleth-sp\etc\shibboleth\sp-signing-key.pem -keystore cacerts

We have physical separation between the internal and external networks, with WSUS servers on both networks. Updates are transferred from the external network to the internal network server using a combination of copying and overwriting the WSUS content and using the wsusutil export/import commands. This process has been working correctly, but recently a strange problem has occurred. Previously, after copying the patch files and metadata to the internal server and the server stabilized, the WSUS overview page showed the status as Download Status: Updates requiring files: 0. Recently it changed to: Download Status: Updates requiring files: 1765, Downloaded 108.34MB, Total 154,393.54MB After two weeks, the screen remains unchanged. Running wsusutil.exe reset several times did not resolve the issue. How can we solve this problem?

I am currently managing a complex Azure subscription that contains a large number of Resource Groups, Resources and various models (mostly AI models/deployments). Navigating through the portal list-view is becoming difficult. I am looking for a way to visualize these components in a hierarchical or graphical representation. How can I visualize the hierarchy of all Azure resource groups, resources and models in my Azure subscription?

I have some issue with DKIM signature of my EXIM4 server. For some domains it works for others it doesn't work and I want to start checking what is wrong. Is there any way to get the output message in testing mode? I could get all debug informations for a delivery but I cannot get the final output message with all its headers. For example if I run: echo -e "Subject: Test01\nno body" | exim -d+all-f [email protected] -N [email protected] How can I see all added headers?

Issue Receiving an email for an alias, I got those errors: <[email protected]>Recipient address rejected: Unknown user; I realized this happened when postfix queries dovecot about user quota. Basically, what happens is that postfix queries dovecot using the virutal alias as name, not the virtual user. And since dovecot doesn't find a user under that name, it returns an error and postfix rejects the mail. Configuration I followed the docs at https://doc.dovecot.org/latest/core/plugins/quota.html when setting up the server. /etc/postfix/main.cf smtpd_recipient_restrictions = check_policy_service unix:private/quota-status /etc/dovecot/conf.d/90-quota.conf service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-s

There are zero snapshots in my zpool, and the datasets themselves occupy only 14% of the available zpool space. This used to be a functioning mirror, but recently a lot of my data has become truncated and the pool (and df) now shows 100% utility. # zfs list -o space NAME AVAIL USED USEDSNAP USEDDS USEDREFRESERV USEDCHILD pool1 0B 8.69T 0B 151K 0B 8.69T pool1/encrypted 0B 8.69T 0B 7.45T 0B 1.24T pool1/encrypted/general 0B 256K 0B 256K 0B 0B pool1/encrypted/images 0B 1.24T 0B 1.24T 0B 0B df: pool1/encrypted/images 1326699904 1326699904 0 100% /pool/1/encrypted/images pool1/encrypted/general 256 256 0 100% /pool/1/encrypted/general This just finished a scrub. Can someone help me under