Aravinda's questions

我有portal.azure.com用户密码重置的问题。single sign on我已经在 azure AD 和 onpremis AD 中配置了混合身份。连接是通过Azure AD Connect.

问题是我password writeback已经在 AD Connect中配置了

然而，当我尝试重置Windows Server AD user (For example "n3 n4" user in the below image)已在 Azure AD 中填充的密码时，它会说

**Unfortunately, you cannot reset this user's password because password writeback is not enabled in your tenant.**

(for example "admna" in the below image)但是可以重置在 Azure Active Directory 中创建的用户。

同样的 azure 租户也有一个 Office 365 租户。如果我通过 office 365 重置用户密码，但重置成功，则有两个密码，一个用于 onpremis windows 登录，另一个用于 office 365。显然 office 365 可以重置密码并且它不同步到本地 AD，而 Azure 门户根本无法重置密码。

我可以通过本地 AD 重置密码并成功同步到云端。如果我通过本地 AD 重置，它将毫无问题地同步。显然，同步从本地到云端以一种方式工作，反之亦然。

当我们查看目录同步时，没有报告任何问题。（全绿色）

这是我的 AD 连接设置，其中“Adsync”用户是企业管理员。

并且“Adsync”用户也full control以Active directory users and computers以下方式结束

并且用于同步的azure global admin (admna)具有以下许可证。（https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-whats-next）

不管天蓝色的密码重置说什么，

请指导我我在搞砸什么？我应该采取哪个方向来解决/解决这个问题？任何帮助，将不胜感激 。

提前感谢您为此花费的宝贵时间。

韩国

阿拉文达

我已配置 WSUS 服务器以保留网络中的带宽，同时保持使用该 WSUS 打开基本更新。

指向客户端 pc 的 Intranet WSUS 服务器和其他设置通过域控制器 2003 中的组策略推送。

在域中配置了以下策略..

电脑配置部分

用户配置部分

并以这种方式在客户端中正确配置..

但我希望禁用/删除，

(1) 用户检查更新的能力（因为它自动安排在星期五下午 4 点安装）

(2) 用户安装更新的能力

(3) 能够从 Windows 在线检查更新（只有我希望 wsus 成为下载源）

如果我在 3 个事实以上列出，则在 Windows 7 客户端设置中，它低于我希望禁用的设置

这可能使用现有的 Server 2003 组策略吗？达到以上3个要求？作为客户，我们确实有需要以上 3 个要求的 windows xp、7、8、8.1。

任何帮助将不胜感激。

我们有一个旧的 ms sql 2005 服务器，出于某种原因，sa 帐户设置中的大部分功能都显示为灰色。

即使我无法更改 sa 密码它也会出现此错误“找不到存储过程'master.dbo.sp_password'。（.Net SqlClient 数据提供程序”

虽然我启用了混合模式，但我无法使用 sa 帐户登录..（仅 Windows 身份验证有效）

任何帮助从哪里开始故障排除步骤？谷歌搜索了大约一天，但找不到解决问题的线索。在此先感谢您提供任何提示！

PS：只有默认实例有这个问题..另一个很好，登录为sa工作并且没有变灰

我在这个位置有一个共享文件夹，我试图在ubuntu 14.10 /media/aravinda/f6c682f3-5271-4f2b-99e8-93aa3bd39990/share中使用 samba （版本 4.1.11）进行共享

/media/aravinda/f6c682f3-5271-4f2b-99e8-93aa3bd39990/ 是一个挂载的分区 /dev/sda1 .. 挂载为 ext4 ..

这是我对上述文件夹的共享权限..

和samba配置如下

#======================= Global Settings =====================================
[global]

workgroup = REXXXXPSL

   hosts allow = 127. 172. 172.16.

   load printers = yes

   security = user
   map to guest = Bad User
   dns proxy = no

#============================ Share Definitions ==============================
[shaa]
    path = "/media/aravinda/f6c682f3-5271-4f2b-99e8-93aa3bd39990/share"
    force user = nobody
    force group = nogroup
    nt acl support = no
    browsable = yes
    guest ok = yes
    read only = no

我在 Windows pc 中遇到此错误 .. 无论我用谷歌搜索什么并尝试..

错误是“您可能没有使用此网络资源的权限。请联系此服务器的管理员以了解您是否具有访问权限。访问被拒绝。”

网络配置工作站如下..

测试参数结果

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[shaa]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = REXXXXPSL
        map to guest = Bad User
        dns proxy = No
        idmap config * : backend = tdb
        hosts allow = 127., 172., 172.16.

[shaa]
        path = "/media/aravinda/f6c682f3-5271-4f2b-99e8-93aa3bd39990/share"
        force user = nobody
        force group = nogroup
        read only = No
        create mask = 0755
        guest ok = Yes
        nt acl support = No

ps：我的ubuntu pc ip是172.16.30.110，网络范围是172.16.0.0./16

不知道我在哪里做傻事，虽然我花了更多时间检查谷歌中的配置和类似线程，但我无法弄清楚。任何帮助/提示将不胜感激，因为无论我做什么，我都会完全陷入困境。

我通过添加登录到我的 smb.conf 文件

log level = 3
log file = /var/log/samba/log.%p

max log size = 5000
debug timestamp = yes

然后使用tail -f log.%p | grep 172.16.100.190 （其中 172.16.100.190 是 windows clent ）

下面是错误输出...

Allowed connection from 172.16.100.190 (172.16.100.190)
com-dc01-hof (ipv4:172.16.100.190:1644) connect to service IPC$ initially as user nobody (uid=65534, gid=65534) (pid 6096)
com-dc01-hof (ipv4:172.16.100.190:1644) closed connection to service IPC$
process_local_master_announce: from COM-DC01-HOF<46> IP 172.16.100.190 to REXXXXPSL<1e> for server COM-DC01-HOF.
process_local_master_announce: from COM-DC01-HOF<46> IP 172.16.100.190 to REXXXXPSL<1e> for server COM-DC01-HOF.
check_for_master_browser_success: Local master browser for workgroup REXXXXPSL exists at IP 172.16.100.190 (just checking).
check_for_master_browser_success: Local master browser for workgroup REXXXXPSL exists at IP 172.16.100.190 (just checking).

iptables 状态..

我正在研究wan带宽/速度检查工具/图表。通常我们使用 pfsence 作为防火墙/网关/路由器。我们也习惯使用“Traffic Graph”局域网接口。最近我们安装了 netbalancer https://seriousbit.com/netbalancer/ .. 但是当我们同时检查/比较两者时，存在巨大差异/异常..

哪个好？

我已经配置了 dovecot 和 postfix ......电子邮件服务器工作正常......（Webmail 和 Outlook 都工作......）我使用 unix 命令创建了用户......

usreadd -s /sbin/nologin myuser

但我有一个顾虑，如果我想登录 webmail 或 Outlook，我必须使用 myuser 而不是 myuser@mydomain.com。

目前我正在使用，只有用户名如下..

如果我使用 myuser@mydomain.com 它说它的无效用户包括 webmail 和 Outlook ..

我试着用谷歌搜索..没有运气..但是..请有人给我亮一下..

10-master.conf 是

#default_process_limit = 100
#default_client_limit = 1000

# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M

# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull

# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot

service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    #port = 993
    #ssl = yes
  }

  # Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  #service_count = 1

  # Number of processes to always keep waiting for more connections.
  #process_min_avail = 0

  # If you set service_count=0, you probably need to grow this.
  #vsz_limit = 64M
}

service pop3-login {
  inet_listener pop3 {
    #port = 110
  }
  inet_listener pop3s {
    #port = 995
    #ssl = yes
  }
}

service lmtp {
  unix_listener lmtp {
   # mode = 0666
  }

  # Create inet listener only if you can't use the above UNIX socket
  #inet_listener lmtp {
    # Avoid making LMTP visible for the entire internet
    #address =
    #port = 
  #}
}

service imap {
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = 256M

  # Max. number of IMAP processes (connections)
  #process_limit = 1024
}

service pop3 {
  # Max. number of POP3 processes (connections)
  #process_limit = 1024
}

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
 # unix_listener auth-userdb {
 #   mode = 0600
 #   user = postfix
 #   group = postfix
 # }

   #Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
  mode = 0666
  user = postfix
  group = postfix  
}

  # Auth process is run as this user.
  #user = $default_internal_user
}

service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  #user = root
}

service dict {
  # If dict proxy is used, mail processes should have access to its socket.
  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  unix_listener dict {
    #mode = 0600
    #user = 
    #group = 
  }
}

鸽舍 -n 的结果

# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-042stab093.4 x86_64 CentOS release 6.6 (Final)
auth_mechanisms = login plain
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl
passdb {
  driver = pam
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
ssl_cert = </etc/pki/tls/certs/mycert.crt
ssl_key = </etc/pki/tls/private/mycert.key
userdb {
  driver = passwd
}

我在 CentOS 上设置了 postfix，并尝试使用 smtp 身份验证配置 phpmailer。

只有当我将 0.0.0.0/0 放在后缀main.conf中的 mynetworks下时， Phpmailer才会起作用

mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128, 0.0.0.0/0

但是在这个线程中（如何配置 PostFix 以允许其他机器通过它发送电子邮件？）有人说不要把 0.0.0.0/0 放在 mynetworks 中，因为它会导致垃圾邮件问题等。

有人可以建议我应该怎么做，让我的服务器远离垃圾邮件问题，并让 phpmailer 工作吗？

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = example.com
mydomain = example.com
myorigin = /etc/mailname
inet_interfaces = all
inet_protocols = all
mydestination = localhost.localdomain localhost $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128, 0.0.0.0/0
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, permit
relayhost = 
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/postfix/virtual
mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = Maildir/
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file  = /etc/pki/tls/private/my.key
smtpd_tls_cert_file = /etc/pki/tls/certs/my.crt
smtpd_tls_CAfile = /etc/pki/tls/certs/my.ca-bundle
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
#SASL SMTP Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

如果我删除 0.0.0.0/0 并只保留 mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128

phpmailer说它不能发送邮件..

phpmailer调试...

2014-11-23 04:57:10 SERVER -> CLIENT: 220 myhost.com ESMTP Postfix
2014-11-23 04:57:10 CLIENT -> SERVER: EHLO www.myhost.com
2014-11-23 04:57:10 SERVER -> CLIENT: 250-myhost.com
                              250-PIPELINING
                              250-SIZE 10240000
                              250-VRFY
                              250-ETRN
                              250-STARTTLS
                              250-AUTH LOGIN PLAIN
                              250-AUTH=LOGIN PLAIN
                              250-ENHANCEDSTATUSCODES
                              250-8BITMIME
                              250 DSN
2014-11-23 04:57:10 CLIENT -> SERVER: AUTH LOGIN
2014-11-23 04:57:10 SERVER -> CLIENT: 334 VXNlcm5hbWU6
2014-11-23 04:57:10 CLIENT -> SERVER: XXXX
2014-11-23 04:57:10 SERVER -> CLIENT: 334 UGFzc3dvcmQ6
2014-11-23 04:57:10 CLIENT -> SERVER: XXXX
2014-11-23 04:57:10 SERVER -> CLIENT: 235 2.7.0 Authentication successful
2014-11-23 04:57:10 CLIENT -> SERVER: MAIL FROM: sender@example.com
2014-11-23 04:57:10 SERVER -> CLIENT: 250 2.1.0 Ok
2014-11-23 04:57:10 CLIENT -> SERVER: RCPT TO: someone@yahoo.com
2014-11-23 04:57:10 SERVER -> CLIENT: 554 5.7.1 :Relay access denied
2014-11-23 04:57:10 SMTP ERROR: RCPT TO command failed: 554 5.7.1 : Relay access denied
2014-11-23 04:57:10 CLIENT -> SERVER: QUIT
2014-11-23 04:57:10 SERVER -> CLIENT: 221 2.0.0 Bye
2014-11-23 04:57:10 SMTP Error: The following recipients failed: someone@yahoo.com Mailer Error: SMTP Error: The following recipients failed: someone@yahoo.com

和后缀错误日志

myhost postfix/smtpd[8272]: connect from myhost.com[168.x.x.x]
myhost postfix/smtpd[8272]: NOQUEUE: reject: RCPT from myhost.com[168.x.x.x]: 
554 5.7.1 <mymail@yahoo.com>: Relay access denied; from=<ara@myhost.com> 
to=<mymail@yahoo.com> proto=ESMTP helo=<www.myhost.com>Nov 22 23:57:10 myhost 
postfix/smtpd[8272]: disconnect from myhost.com[168.x.x.x]

php 邮件设置（我只更改了 php 邮件的索引。其他文件保持原样/未更改）

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>PHPMailer - SMTP email test</title>
</head>
<body>
<?php

//SMTP needs accurate times, and the PHP time zone MUST be set
//This should be done in your php.ini, but this is how to do it if you don't have access to that
date_default_timezone_set('Etc/UTC');

require 'PHPMailerAutoload.php';

//Create a new PHPMailer instance
$mail = new PHPMailer();
$mail->isSMTP();
$host = "myhost.com";
$username = "ara";
$password = "ara";
$Port = 25;

$mail->FromName = "Mail from gottsf3 ";
$mail->From = "ara@myhost.com";
$mail->Host = $host;
$mail->Port = $Port;
//$mail->SMTPSecure = 'tls'; //optional 
$mail->SMTPAuth = true;
$mail->Username = $username;
$mail->Password = $password;


$mail->AddAddress("someone@yahoo.com");
$mail->Subject = 'gottsf3PHPMailer - SMTP email test';
$mail->Body = 'This is a plain-text message body';
$mail->SMTPDebug  = 2;

//send the message, check for errors
if (!$mail->send()) {
    echo "Mailer Error: " . $mail->ErrorInfo;
} else {
    echo "Message sent!";
}
?>
</body>
</html>

只是想知道，有没有办法使用 squid 日志检查上传内容或与上传相关的任何数据？任何插件或增强功能？任何其他可行的选择。感谢您的任何建议。谢谢..

我是linux的新手。我试图弄清楚事情。有人可以帮我如何组合这两个命令吗？

(1) 通常可以通过以下方式编辑 crontab 将 cron 的结果定向到日志文件

*/10 * * * * /scripts/mysc.sh >> /home/ara/Desktop/test/log.txt 2>&1 

(2) 如果我们需要 cron 结果是我们可以使用的电子邮件，MAILTO=someemail@domain.com例如

MAILTO=someemail@domain.com
*/10 * * * * /scripts/mysc.sh

但是如何结合选项（1）和（2）呢？我已经看到一些虚拟主机空间确实同时启用了这两个选项。我做了我的研究/谷歌搜索，但没有做到。我正在使用 centos 6.5 并用于crontab -e编辑。