LDAP is down

Predrag Punosevac predragp at andrew.cmu.edu
Wed Oct 23 21:29:28 EDT 2019 

The changes I pushed onto the server appears to work like a charm and
LDAP is up and running. I tested it. Before anyone cries foul I would
like to warn you. Some of you have tried pretty hard to log into our
gateways. John I am thinking of you :-)


There were 62 failed login attempts since the last successful login.
Last login: Tue Oct 22 09:30:27 2019 from 15inmachine.wv.cc.cmu.edu

That have probably ban (temporary) the IP address from which you were
trying as it was understood by the intrusion detection system as a
brute force attack. I will not start manually deleting IP addresses
from the firewall jails until tomorrow morning. Based on the severity
of the offense your IP should be OK by then. If you still can't log
into the system please send me the IP address (if it is fixed) of the
machine you have been trying from.

Finally this incident could not end up without  ritual sacrifice.
Computer Gods have requested and we have brought the lifeless body of
our legacy shell gateway lop1.autonlab.org  which have perished during
the debugging process.  If you need to access the DMZ zone from shell
gateways (Jarod I am thinking of you) please ping me. Available shell
gateways are:

bash.autonlab.org
lop2.autonlab.org

libcrypto is not fixed yet upstream and NREC as well Auton Sys LDAP
servers are for now running 6.5 version of OpenBSD.

Best,
Predrag

On Wed, Oct 23, 2019 at 3:46 PM Predrag Punosevac
<predragp at andrew.cmu.edu> wrote:
>
> Ok. I have a solution for this. Namely I was at least smart enough not
> to upgrade all 10 OpenBSD servers to 6.6. I left one :-) running 6.5.
> It was not LDAP backup server which I also upgraded yesterday but one
> of new mighty backup firewalls machines which was idling. I have fully
> functional LDAP server running on it. I tested only one computing node
> with new setup (lov1) and works like a charm. You will now have to
> wait 2-3h until I globally push changes. I want to make sure I don't
> screw up anything else before this goes into production.
>
> Cheers,
> Predrag
>
>
> On Wed, Oct 23, 2019 at 12:40 PM Predrag Punosevac
> <predragp at andrew.cmu.edu> wrote:
> >
> > Hi Autonians,
> >
> > The problem with LDAP appears to be more serious than I originally
> > anticipated. I have regenerated SSL certificates and TLS handshake
> > still fails. I am working with developers upstream to see why is this
> > happening. I don't want to enact nuclear option and allow your
> > password to be transferred in clear text between LDAP server and
> > computing nodes. I would much rather "downgrade" installation if
> > needed than take that path.
> >
> > Thanks for your patience.
> >
> > Predrag

More information about the Autonlab-users mailing list