- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Winbind is preventing web connection to AV config ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2012 05:39 AM
05-22-2012 05:39 AM
I have installed Virusscan (McAfee AV) for Linux on a RHEL 5.8 machine. Installation went without problems.
To run Virsuscan requires I connect to the machine via web-browser via https://machine:55443. I get a timeout error. I ran wireshark and saw a ICMP "Destination unreachable (Host administratively prohibited) " message when trying to connect.
I have Winbind installed, but have not yet hardend the machine. The computer requires AD credientials to log in, and I restrict users in an AD group with a line in /etc/security/pam_winbind.conf :
require_membership_of=testserver01A
If I comment out the above line, and restart, I get the same answer.
Should I be configuring something else to allow this connection to make?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2012 07:07 AM
05-22-2012 07:07 AM
SolutionIf you installed RHEL 5.8 with default settings, the system has an iptables firewall enabled by default.
You can use the "system-config-securitylevel" utility to add port 55443 to the list of allowed ports. By default, incoming connections are restricted to SSH only. The software packages included in the RHEL installation media *may* add their ports to the allowed list automatically, but third-party software like McAfee AV needs to have the required network ports added to the "allow" list by the sysadmin.
The rejection with the specific "host administratively prohibited" ICMP code makes it very likely the rejection is by iptables: if it was because the web GUI of the anti-virus software was not running, you would have received a TCP reset packet or a ICMP "Destination unreachable (port-unreachable)" instead.
I don't see how Winbind would be related to the access problem at all. A TCP connection does not include any usernames or passwords as TCP protocol options, so the server cannot make any decisions to reject the connection based on usernames at that point.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2012 07:24 AM
05-22-2012 07:24 AM