Re: [CentOS-docs] potential wiki article on encryption
On Tue, 26 Aug 2008, Akemi Yagi wrote: There is a posting in the CentOS forum that can potentially make a good article regarding encryption (or supplement the existing page). Please take a look at #4 of: http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flattopic_id=15923forum=42 The poster says, I think that the contents of this document would make a good addition to the wiki, but I don't have the ability to submit such things and probably would not be a consistent enough contributer to get said rights. What do others think? Is this something we should consider placing on the wiki? If so, should we persuade this person to submit the writing? I think we should answer his comment in public so people can learn they do can contribute to the wiki and improve the project. I feel sad if people think they cannot contribute, or that their contribution would not be enough to get rights. In any case we should clear up that confusion for everyone that reads the forum message in the future. And make it easier for people to contribute. PS Today I added 2 small comments in the Pidgin FAQ to explain how people can add environment variables to Windows XP, I just registered and edited the FAQ because the FAQ did not specify *how* to set PIDGINLANG on Windows. It was a 60sec job. -- -- dag wieers, [EMAIL PROTECTED], http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors] ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] formatting parameters
On 8/25/08, Marcus Moeller [EMAIL PROTECTED] wrote: Dear Alain. Hi Marcus, Note the spaces before `--'. In the first example I see two, in the second just one. Try to use just one in the first example, just to see what happens. Sorry, I did not count the spaces in my ML post. But adding more spaces before the parameter in the wiki moves the whole paragraph a tab to the right (which is not what I was talking about). I think I lost the point for a second :D You might want to take a look at the wiki: http://wiki.centos.org/TipsAndTricks/KickStart Note the difference between the --resolvedeps and the --excludedocs description. Yep. Note an indentation there. For some reason the excludedocs' description is inside a paragraph tag. See the HTML output: dt--resolvedeps/dt ddDependencies between packages will be automatically resolved. This is now the default behaviour in CentOS 5, so you don't need this option anymore. span class=anchor id=line-8/span/dd dt--excludedocs/dt ddp class=line862Skips the installation of files that are marked as documentation (all files that are listed when you do rpm -qld lt;packagenamegt;) span class=anchor id=line-9/span/dd If the angular brackets are removed that indentation disappears. It may be a Moin parsing bug or maybe not. If that paragraph tag can't be removed, maybe we could tune its presentation ( as you suggested ). Tonight I'll look inside css files. Marcus Thanks, al. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CESA-2008:0836 Moderate CentOS 5 x86_64 libxml2 Update
CentOS Errata and Security Advisory 2008:0836 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0836.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: b9bd68fd5161263814580032fdcd3b1c libxml2-2.6.26-2.1.2.3.i386.rpm 2a2107f6e99afd3c0e0cfef742cf2a96 libxml2-2.6.26-2.1.2.3.x86_64.rpm 94f1ad5775ecc655f74e9aad24e50311 libxml2-devel-2.6.26-2.1.2.3.i386.rpm 50b2d4d9399819048645a016c01dfcbd libxml2-devel-2.6.26-2.1.2.3.x86_64.rpm 4ff35c872a7427701b02262a3119e995 libxml2-python-2.6.26-2.1.2.3.x86_64.rpm Source: 6fc7a7b5b96e3d5cdaf54390d2cca583 libxml2-2.6.26-2.1.2.3.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0836 Moderate CentOS 5 i386 libxml2 Update
CentOS Errata and Security Advisory 2008:0836 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0836.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 9297215f91d58d289a516ec2e0c623b7 libxml2-2.6.26-2.1.2.4.i386.rpm 728e4df5aea9871f76a6cee28a884732 libxml2-devel-2.6.26-2.1.2.4.i386.rpm 4ae3aa61aba94cd9dfcfb6258df9f7f4 libxml2-python-2.6.26-2.1.2.4.i386.rpm Source: 3c39593e6e1a9fc5dd3be8954391dffa libxml2-2.6.26-2.1.2.4.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0849 Important CentOS 5 i386 ipsec-tools Update
CentOS Errata and Security Advisory 2008:0849 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0849.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 454828f6e3176da0bce18da666cc0e51 ipsec-tools-0.6.5-9.el5_2.3.i386.rpm Source: c1bacf187fc0e9b25fe8e57b5560d78d ipsec-tools-0.6.5-9.el5_2.3.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0849 Important CentOS 5 x86_64 ipsec-tools Update
CentOS Errata and Security Advisory 2008:0849 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0849.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 9803ebb70d559dd5d6734b83e93c9f53 ipsec-tools-0.6.5-9.el5_2.3.x86_64.rpm Source: c1bacf187fc0e9b25fe8e57b5560d78d ipsec-tools-0.6.5-9.el5_2.3.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
RE: [CentOS-virt] xen+drbd Question
Jerry Amundson wrote: yes. i replied to myself. Talking to yourself is the first sign of insanity! The second being, disagreeing with the first. On Tue, Aug 26, 2008 at 10:56 PM, Jerry Amundson [EMAIL PROTECTED] wrote: On Tue, Aug 26, 2008 at 11:25 AM, Ross S. W. Walker [EMAIL PROTECTED] wrote: Alexandre Biancalana wrote: On 8/26/08, Ross S. W. Walker [EMAIL PROTECTED] wrote: If you upgrade to xen.org release of Xen then you can use the block-drbd script to specify by drbd resource name instead of device, but that's just fluff in stuff, and doesn't have anything to do with the ability to live migrate which is all handled by the allow-two-primaries option. True. In my case : CentOS 5.3, incl. kernel-xen and heartbeat, Xen.org 3.x, DRBD 8.2. It works, but has no cookie-cutter howto. Are you saying that we can only use block-drbd script with Xen 3.2 ? It's really not so much the Xen version, but the distro. more so, within the distro, the bootstrap method used for the domU More specifically 'pygrub' itself as mentioned below. It might work with the Xen 3.1 libraries too, but that's also irrelevant as CentOS/RHEL has decided to use the Xen 3.0.3 libraries (though they are using the Xen 3.1 hypervisor, go figure!). How did you determine they are different versions? oh, maybe the thread I just noticed in xen-users? http://lists.xensource.com/archives/html/xen-users/2008-08/msg00791.html where Pasi says, - To be more clear about it, RHEL 5.2 version of Xen _hypervisor_ is 3.1.2 + - patches. - RHEL 5.2 kernel-xen is based on older Xen (3.0.3 iirc) kernel code. Actually I found the version information through a 'xm info' which shows it's running 3.1, but the libraries and supporting apps are all 3.0.3. xen_major : 3 xen_minor : 1 xen_extra : .2-92.1.10.el5 xen_caps : xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p Linbit wrote the block-drbd script for Xen 3.1 (maybe 3.2) and up, but definitely not pre-3.1. For the definitive answer though I recommend posting on drbd-user. Someone there might even have a work-around to get it to work on earlier Xen libraries... http://lists.linbit.com/pipermail/drbd-user/2008-August/010077.html Ah so the culprit is pygrub, add that tidbit to my knowledge base. So if you define the kernel and ramdisk from external sources then the block script should work, but using pygrub, it only recognizes standard block devices. I suppose this will also affect the block-iscsi script out there too... It would be nice if someone could patch pygrub to look for handler scripts for any device NOT file, tap, phy and to use them to bootload as it's better IMHO to manage the domU's kernel and ramdisk from within the domU. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-es] Actualizar servicios apache , php y mysql instaldos desde las fuentes
hola amigos tengo un servIDOR que tiene corriendo apache , php y mysql , me gustaria que saber cual es la mejor forma de instalarle los parches a estos sistemas o como se puede hacer para actualizarlos ya que, estos estan compilados desde las fuentes .. NO ESTAN INSTALADOS DESDE LOS RPM ESO SI SIN BOTAR LOS SERVICIOS QUE DA ESTE SERVIDOR. GRACIAS -- ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Actualizar servicios apache , php y mysql instaldos desde las fuentes
Carlos Enzo Lazo Basaure wrote: hola amigos tengo un servIDOR que tiene corriendo apache , php y mysql , me gustaria que saber cual es la mejor forma de instalarle los parches a estos sistemas o como se puede hacer para actualizarlos ya que, estos estan compilados desde las fuentes .. NO ESTAN INSTALADOS DESDE LOS RPM uy qué pena con yum update hubieras actualizado todo sin perder tiempo ahora te toca hacer esto (es fácil): - Tal y como instalaste estos servicios desde tar.gz.. así mismo haces y con buena suerte te quedará todo actualizado -- Saludos! epe Ing. Ernesto Pérez Estévez http://www.NuestroServer.com/ USA: +1 305 359 4495 / España: +34 91 761 7884 Ecuador: +593 2 341 2402 / + 593 9 9246504 Mexico: +52 55 1163 8640 / Italia: +39 06 916504876 ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Problemas al hacer yum update
Hola, ejecute esto # rm -fr /var/lib/rpm/ Y ahora no puedo hacer yum update, intente haciendo esto: # yum clean all y # yum --rebuilddb Pero nada, al hacer yum update me da el siguiente error: http://software.virtualmin.com/gpl/rhel/Null/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. Error: Cannot open/read repomd.xml file for repository: virtualmin Que puedo hacer? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problemas al hacer yum update
Prueba con: # rpm -v --rebuilddb Un Saludo. Cherny D. C. Berbesi I. escribi: Hola, ejecute esto # rm -fr /var/lib/rpm/ Y ahora no puedo hacer yum update, intente haciendo esto: # yum clean all y # yum --rebuilddb Pero nada, al hacer yum update me da el siguiente error: http://software.virtualmin.com/gpl/rhel/Null/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. Error: Cannot open/read repomd.xml file for repository: virtualmin Que puedo hacer? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problemas al hacer yum update
Hola: http://software.virtualmin.com/gpl/rhel/Null/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. Error: Cannot open/read repomd.xml file for repository: virtualmin Una consulta, utilizas solo repositorios general de centos o tienes habilitado algun repositorio extra (especifico para instalar algun paquete). En el segundo caso, deja habilitado solo los repositorios de centos (los que tngas CentOS-Base.repo) y desabilita el resto enabled=0 y prueba de nuevo con el yum. Saludos Osvaldo ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problemas al hacer yum update
El Mié 27 Ago 2008, O. T. Suarez escribió: Hola: http://software.virtualmin.com/gpl/rhel/Null/i386/repodata/repomd.xml: [Errno 14] HTTP Error 404: Not Found Trying other mirror. Error: Cannot open/read repomd.xml file for repository: virtualmin Una consulta, utilizas solo repositorios general de centos o tienes habilitado algun repositorio extra (especifico para instalar algun paquete). En el segundo caso, deja habilitado solo los repositorios de centos (los que tngas CentOS-Base.repo) y desabilita el resto enabled=0 y prueba de nuevo con el yum. Saludos Osvaldo ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Este es mi /etc/yum.repos.d/CentOS-Base.repo [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #packages used/produced in the build but not released [addons] name=CentOS-$releasever - Addons mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=addons #baseurl=http://mirror.centos.org/centos/$releasever/addons/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=extras #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releaseverarch=$basearchrepo=centosplus #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5 Estoy nuevo en CentOS, siempre he usado Debian, que puedo hacer con este archivo?, gracias por la ayuda... ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problemas al hacer yum update
Hola: Estoy nuevo en CentOS, siempre he usado Debian, que puedo hacer con este archivo?, gracias por la ayuda... Si vienes del mundo debian no te sera muy dificil ubicarte en el mundo de redhat (sabias que existe apt-get para centos no?) De la misma manera que debian tiene repositorios extras, centos no es la excepcion. A los repositorios base (donde estan los binarios liberados por el proyecto centos) se le suman otros de los cuales los mas conocidos son rpmforge y epel (en el wiki de centos los explican en detalle). Pero ademas, hay determinados paquetes que no estan ningunos de los anteriores y el tipo que hace el software o alguien que se toma el trabajo, crean un repositorio. por ejemplo: ls -l /etc/yum.repos.d/ total 24 -rw-r--r-- 1 root root 2490 Nov 19 2007 CentOS-Base.repo -rw-r--r-- 1 root root 610 Nov 19 2007 CentOS-Media.repo -rw-r--r-- 1 root root 954 Apr 25 13:24 epel.repo -rw-r--r-- 1 root root 1054 Apr 25 13:24 epel-testing.repo Ese server tiene los repositorios base, y ademas, epel y epel-testing. Claro, tener el fichero no significa mucho, si tienes el repositorio con enabled=0 el yum lo ignora. Solo queria asegurarme de que no estuvieras utilizando algun repositorio especifico y que el problema viniera por ahi, de ahi la sugerencia de quedarte solo con lo imprescindible. Por lo general, los problemas con el yum es la conexion a la red de uno mismo, cuando los repositorios de centos tienen problemas, te enteras porque la queja es general. Saludos Osvaldo ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Help me
Hi, Yes I know what your saying ok! I didn't ask him any descent question but I gave a solution based on my experience. So why hell r u guy's coming after me and as you said in the world of IT there are lot of perhaps OK buddy. Regards, Sadaruwan On Wed, Aug 27, 2008 at 9:11 AM, Spiro Harvey, Knossos Networks Ltd [EMAIL PROTECTED] wrote: ISPConfig or anything but it was my net drivers but after installing the proper once I didn't got that problem ever again. So that's why I gave him this solution. And the other thing if you know more or a better way just tall him don't try to correct others ok. Because your solution was likely for a specific network card, which incidentally you didn't inform us as to what that was. Neither did the OP give any indication as to what his network card is, so your recommendation based on the information given, was wrong and dangerous. The correct thing to do is not give the guy rubbish answers, but to ask him more questions so that we can make a reasonable assessment of what is actually happening before we can determine what is wrong. Perhaps his card is not plugged in right. Perhaps he has a loose cable. Perhaps there's a port on his switch that's intermittently failing, perhaps there's a cron job to shut down the network card. Perhaps some firewall rules are being activated or disabled stopping a service from running. Perhaps SELinux is blocking something. Perhaps any number of other things. Is the network card actually being deactivated, or is he just not able to talk to a service? We don't know. He hasn't given us enough info yet. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: slow Perl on CentOS 5
On Wed, Aug 27, 2008 at 6:18 AM, Mark Pryor [EMAIL PROTECTED] wrote: Anyone want to try and get this built on C5.2? ftp://download.fedora.redhat.com/pub/fedora/linux/updates/8/SRPMS/perl-5.8.8-40.fc8.src.rpm the above runs in about .4 sec, while on C5.2 it takes 8-12 seconds. Can not wait for update, I have to build Perl 5.10.0 from src for my work on CentOS 5.2. I installed this into /opt/perl for now, so there is no impact on rpm Perl package. Waiting for fixed rpm of Perl ... -- http://vnoss.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Logwatch doesn´t report on dovecot
Hi List, Centos 5(.2) ships with dovecot-1.0.7-2.el5 and logwatch-7.3-6.el5 However the shipped logwatch is not aware of dovecot 1.x meaning none of the log entries (var/log/maillog) are processed at all. Should I file a bug report on this? Upstream? cheers Henry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help me
On Wed, 2008-08-27 at 12:00 +0530, Sadaruwan Samaraweera wrote: Hi, Yes I know what your saying ok! I didn't ask him any descent question but I gave a solution based on my experience. So why hell r u guy's coming after me and as you said in the world of IT there are lot of perhaps OK buddy. Yeesh. Look - I'm not starting to start a flamewar here. I'm just saying that given the little information that was given, it would be prudent to have the OP give more before catch-all answers are given. I understand that your solution worked for you, but how would any of us know that they're experiencing the same problem as you did? Oh - and incidentally, the proper Red Hat way to do this (trust me on this one - I used to work for Red Hat, have two RHCE certs, and have been a sysadmin for over 15 years) would be to get more info before changing out network drivers. Replacing stock parts of the OS is the *FASTEST* way to have RH support say we don't support you. Now, knowing that this is CentOS, things don't quite work that way here. But the general case still applies. Stick with stock as much as you can until you can demonstrably prove that it's broken and put in a workaround until the correct solution is found. That's the easiest way to get help on this list. (And, I suspect, many others...) Just look at the recent discussions on CPAN (shudder) and how it can really crap up a system based upon RPMs... -I ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slow Perl on CentOS 5
Akemi Yagi wrote: should explore the problem further with TUV and the CentOS community. If a fix is not forthcoming from TUV, I reluctantly suggest that we get together with the CentOS people and fork this portion of the distro, perhaps standardizing on Perl 5.10 . There are people in the Perl community ready to assist us. While forking the whole perl subsection of the distro is a bit drastic, I am quite happy to have a perl in C5Plus. Does someone want to get in touch with Keith and get a summary on what needs fixing in this case ? Also - if the conversation was to take place on centos-devel list, would be much cooler. Upstream have said the fix will be in 5U3, and considering that might be still a few months away, could we get something sorted before then ? ( questions, since I dont use perl myself ) -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logwatch doesn ´t report on dovecot
henry ritzlmayr wrote: Hi List, Centos 5(.2) ships with dovecot-1.0.7-2.el5 and logwatch-7.3-6.el5 However the shipped logwatch is not aware of dovecot 1.x meaning none of the log entries (var/log/maillog) are processed at all. Should I file a bug report on this? Upstream? See https://bugzilla.redhat.com/show_bug.cgi?id=424031 - not that that helps much at the moment. Cheers, Ralph pgpweyAwtwGvm.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix install error: fatal file /etc/postfix/main.cf: parameter setgid_group: unknown group name: postdrop
nate schrieb: Rainer Traut wrote: Ok, think I found the cause... The server I try to install to has heartbeat/cluster software installed. I already has a group with GID 90: Makes sense then, where did heartbeat/cluster software come from? If it's a supported package on RHEL-based systems it shouldn't add a user or group with a conflicting ID. It's from the LinuxHA/Pacemaker project which has its own repo build by OpenSuse build service. http://clusterlabs.org/ repo here: http://download.opensuse.org/repositories/server:/ha-clustering/ Rainer ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Logwatch doesn´t report on dovecot
Am Mittwoch, den 27.08.2008, 11:03 +0200 schrieb Ralph Angenendt: henry ritzlmayr wrote: Hi List, Centos 5(.2) ships with dovecot-1.0.7-2.el5 and logwatch-7.3-6.el5 However the shipped logwatch is not aware of dovecot 1.x meaning none of the log entries (var/log/maillog) are processed at all. Should I file a bug report on this? Upstream? See https://bugzilla.redhat.com/show_bug.cgi?id=424031 - not that that helps much at the moment. Cheers, Ralph Hi Ralph, its not a big deal for me. I patched the scripts here on my own and it works now. I just wanted to report this, so that others don´t have to do the same, and I can revert to standard afterwards. Thanks for the bugzilla link. cheers Henry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 42, Issue 9
Send CentOS-announce mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2008:0849 Important CentOS 3 i386ipsec-tools - security update (Tru Huynh) 2. CESA-2008:0849 Important CentOS 3 x86_64 ipsec-tools - security update (Tru Huynh) 3. CESA-2008:0836 Moderate CentOS 3 i386 libxml2 - security update (Tru Huynh) 4. CESA-2008:0836 Moderate CentOS 3 x86_64 libxml2 - security update (Tru Huynh) -- Message: 1 Date: Wed, 27 Aug 2008 00:54:10 +0200 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0849 Important CentOS 3 i386 ipsec-tools - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0849 ipsec-tools security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2008-0849.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/ipsec-tools-0.2.5-0.7.rhel3.5.i386.rpm source: updates/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update ipsec-tools Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080827/e465830d/attachment-0001.bin -- Message: 2 Date: Wed, 27 Aug 2008 00:54:38 +0200 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0849 Important CentOS 3 x86_64 ipsec-tools - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0849 ipsec-tools security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2008-0849.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/ipsec-tools-0.2.5-0.7.rhel3.5.x86_64.rpm source: updates/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm You may update your CentOS-3 x86_64 installations by running the command: yum update ipsec-tools Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080827/370fbe46/attachment-0001.bin -- Message: 3 Date: Wed, 27 Aug 2008 00:55:28 +0200 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0836 Moderate CentOS 3 i386 libxml2 - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0836 libxml2 security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2008-0836.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/libxml2-2.5.10-11.i386.rpm updates/i386/RPMS/libxml2-devel-2.5.10-11.i386.rpm updates/i386/RPMS/libxml2-python-2.5.10-11.i386.rpm source: updates/SRPMS/libxml2-2.5.10-11.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update libxml2\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080827/0587746c/attachment-0001.bin -- Message: 4 Date: Wed, 27 Aug 2008 00:56:20 +0200 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0836 Moderate CentOS 3 x86_64 libxml2 - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0836 libxml2 security update for CentOS 3 x86_64: https://rhn.redhat.com/errata
Re: [CentOS] restarting static-routes-ipv6
Barry Brimer wrote: Quoting Robert Moskowitz [EMAIL PROTECTED]: I want to change the contents of my /etc/sysconfig/static-routes-ipv6 and NOT restart the network. Is there a way to do this??? I know about ifup and ifdown for interfaces, but what about routing (and IP6 at that). Have you tried /etc/sysconfig/network-scripts/ifup-routes ?? This did the trick. Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache
I done this and it works vi /etc/sysconfig/httpd # Configuration file for the httpd service. # # The default processing model (MPM) is the process-based # 'prefork' model. A thread-based model, 'worker', is also # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # #HTTPD=/usr/sbin/httpd.worker # # To pass additional options (for instance, -D definitions) to the # httpd binary at startup, set OPTIONS here. # #OPTIONS= # # By default, the httpd process is started in the C locale; to # change the locale in which the server runs, the HTTPD_LANG # variable can be set. # #HTTPD_LANG=C ORACLE_BASE=/u01/oracle ORACLE_HOME=/u01/oracle/10g ORACLE_SID=king LD_LIBRARY_PATH=$ORACLE_HOME/lib LD_LIBRARY_PATH_32=$ORACLE_HOME/lib32 PATH=$PATH:$ORACLE_HOME/bin NLS_LANG=AMERICAN_AMERICA.AR8MSWIN1256; export NLS_LANG NLS_DATE_FORMAT=dd-mm- ; export NLS_DATE_FORMAT export ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH LD_LIBRARY_PATH_32 PATH On Tue, Aug 26, 2008 at 6:43 PM, Ross S. W. Walker [EMAIL PROTECTED]wrote: Jeff wrote: On Tue, Aug 26, 2008 at 10:11 AM, Mad Unix [EMAIL PROTECTED] wrote: Can I do the following vi /etc/sysconfig/httpd # Configuration file for the httpd service. # # The default processing model (MPM) is the process-based # 'prefork' model. A thread-based model, 'worker', is also # available, but does not work with some modules (such as PHP). # The service must be stopped before changing this variable. # #HTTPD=/usr/sbin/httpd.worker # # To pass additional options (for instance, -D definitions) to the # httpd binary at startup, set OPTIONS here. # #OPTIONS= # # By default, the httpd process is started in the C locale; to # change the locale in which the server runs, the HTTPD_LANG # variable can be set. # #HTTPD_LANG=C ORACLE_BASE=/u01/oracle ORACLE_HOME=/u01/oracle/10g ORACLE_SID=king LD_LIBRARY_PATH=$ORACLE_HOME/lib LD_LIBRARY_PATH_32=$ORACLE_HOME/lib32 PATH=$PATH:$ORACLE_HOME/bin NLS_LANG=AMERICAN_AMERICA.AR8MSWIN1256; export NLS_LANG NLS_DATE_FORMAT=dd-mm- ; export NLS_DATE_FORMAT export ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH LD_LIBRARY_PATH_32 PATH ~ snip Yes, that is the right way. But one point that was not clearly made is that you probably ALSO need to add to your apache configuration: PassEnv ORACLE_BASE ORACLE_HOME [etc.] This make the values available to PHP. Or you could add those environment variables in /etc/profile.d, create a file called oracle.sh and put those environment variables there, then in /etc/httpd/conf.d create a file called oracle, and add the PassEnv directives there. At least this way the environment variables are available to all local processes and users. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Madunix_at_Gmail Sysadmin Computers are useless. They can only give you answers - Pablo Picasso Never trust a computer you can't throw out a window. - Steve Wozniak ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.2, Firefox 3, and IPv6
Rob Townley wrote: On Mon, Aug 11, 2008 at 11:15 PM, Robert Moskowitz [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Craig White wrote: On Mon, 2008-08-11 at 23:28 -0400, Robert Moskowitz wrote: Craig White wrote: On Mon, 2008-08-11 at 21:11 -0400, Robert Moskowitz wrote: I am doing some testing and it almost seems as if Firefox 3.0.1 that comes with Centos 5.2 is NOT working with IPv6. Anyone know for sure? I am getting weird hang behaviours and other just not working things. more likely a DNS issue Name is coded in /etc/hosts Of course the fqdn I am using does NOT follow 'standard' TLDs, but it should NOT be masking that, or would that be a 'security' feature? I have no clue what you are talking about being coded in /etc/hosts... you can check DNS if it returns ipV6 addresses for hosts or if there are snags/delays in trying to resolve names from command line p3490.htt is in my /etc/hosts file as something like: 2701:24:2:1:0:1:2:3 p3490.htt I can 'ping6 -n p3490.htt' But putting a url of http//p3490.htt does not work ___ CentOS mailing list CentOS@centos.org mailto:CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos DNS can be real slow when IPv6 is enabled. For instance the following firefox delta would speed up firefox on IPv4 connections. Maybe you need to turn it on? You may have already found this, but it helped when I had the same problem. In firefox type in about:config, filter for 'ipv6' you should have an entry for network.dns.disableIPv6 right click on it and 'toggle' it to a true value, restart firefox and see if it helps. Um, as the original poster, I WANT IPv6. Not make IPv4 lookups faster by ignoring records. Further testing has IPv6 working just fine. Thing is when I enable the HIP API intercepts, FIrefox does not work. Like they are doing something 'non-standard' with the regualr TCP socket API so that HIP can't slide in there. I tried disabling a number of options, thinking it might be some security setting, but if it is, I have not found it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Offline uncorrectable sectors
On Tue, Aug 26, 2008 at 04:02:22PM +0200, Lorenzo Quatrini wrote: William L. Maltby ha scritto: From man badblocks: -n Use non-destructive read-write mode. By default only a non- destructive read-only test is done. This option must not be combined with the -w option, as they are mutually exclusive. Note the phrase beginning with By default only I'll admit it could be more clearly stated. The Italian translation of the man page is outdated... I guess I sould stick with the original version of man pages, or at least remember to check them. Consider filing a bug -- One goal for the user community is to turn the old phrase RTFM to be Read The Fine Manual in contrast to the historic profanity. You can file it against either the English, the Italian translation or both. As an alternative you can post a difference file to a list like this for discussion and ask ONE person to help you file the bug. Translations are commonly not done by the maintainer so a bug can be the best path. If you need help with the mechanics of filing a bug ask... -- T o m M i t c h e l l Got a great hat... now what. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help me
On Wed, 2008-08-27 at 12:00 +0530, Sadaruwan Samaraweera wrote: Hi, Yes I know what your saying ok! I didn't ask him any descent question but I gave a solution based on my experience. So why hell r u guy's coming after me First, don't get offended. If you've been on any/many lists for awhile, you'll know that time is at a premium for many of the participants and they tend to give short answers. *And* when someone gives definitive answers based on (possibly incorrect) assumptions (like the problem is similar to yours, equipment similar to yours, net setup similar, ...) they are quick to jump in because those answers may lead to severe damage to the recipient. Sometimes immediate harm, sometimes longer-term difficulty. Because of those risks, it is important to try to fully understand (to a *reasonable* extent, for the time expended) the nature of a problem, its operational environment, various constraints that may be in place, etc., before offering solutions that may be tried. That is why, if you follow the lists on *good* sites like CentOS, you will often see (I'll exaggerate now) My network card doesn't work! Help followed by various types of responses saying, essentially, something like We need more information and those responses may ask specific questions. Solving many technical problems can be difficult even in a hands-on situation, it's inordinately more difficult to do remotely. As with *any* resolution process, the first step is to identify the *problem*, *not* the *symptoms*. Symptoms are clues pointing to the problem. Ergo, sufficient, but *not* excessive information is a necessity. *Experienced* people know this and will quickly try to help *educate* those who don't seem to know this, whether is is the person with the problem or one responding to the OP. That's why we are coming after you. The problem is not we are coming after you, the problem is that both the OP and you seem to have been extremely casual in the problem resolution process and that engenders a high degree of risk to the OP and none for you. Further it wastes the valuable time of those who might try to help, both in reading the original request for help (and then having to ask for even the most basic pertinent information) and in reading replies that may be offered that pose excessive risk to those who might use the offered solutions. So, education is in order so that *all* may benefit, including the OP, the folks who reply and even just those who have to wade through som many useless posts (and post of the type being discussed ar, at best, useless). As long as no one is completely crude, rude and unattractive in their replies (not always the case), you should take no offense. My suggestion is you thicken your skin, contribute as you can and desire to, with *due* *care*, and learn from others as we *all* learn from others on this list. and as you said in the world of IT there are lot of perhaps OK buddy. I don't know what you mean by this. Regards, Sadaruwan I won't even mention top posting or failure to snip text not needed. ;-) snip -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problems with writing Dual Layer DVD
Hi, I am running Centos 4 (fully updated on this box). I removed the old DVD writer (/dev/hdc) and installed a new LG GH20 Internal Super Multi DVD Rewriter with a SATA interface - this shows up as /dev/scd0. When I insert a pre-recorded DVD autorun mounts it and displays the contents without any hassles. It appears to me that the required kernel modules are loaded - as copied below from lsmod output. sata_nv18629 0 libata111261 1 sata_nv sd_mod 17217 0 scsi_mod 125261 3 sr_mod,libata,sd_mod I am using Verbatim DVD-RDL blanks. When I try to write a pre-recorded iso to the DVD I get the following error message: [EMAIL PROTECTED] growisofs -dvd-compat -Z /dev/dvdwriter=pre-recorded.iso :-( /dev/dvdwriter: media is not recognized as recordable DVD: 10015 I have tried to do this as root with the same result. /dev/dvdwriter is a link to /dev/scd0 and has full read/write/execute permissions. Output of growisofs -version: * growisofs by [EMAIL PROTECTED], version 5.21, front-ending to mkisofs: mkisofs 2.01 (i686-pc-linux-gnu) Any suggestions will be welcome - if any further information is required I will do my best to supply it. I have Googled with the error message but only get reports of this problem and no solutions. TIA ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with writing Dual Layer DVD
On Wed, 2008-08-27 at 19:38 +0200, Chris Geldenhuis wrote: Hi, I am running Centos 4 (fully updated on this box). I removed the old DVD writer (/dev/hdc) and installed a new LG GH20 Internal Super Multi DVD Rewriter with a SATA interface - this shows up as /dev/scd0. When I insert a pre-recorded DVD autorun mounts it and displays the contents without any hassles. It appears to me that the required kernel modules are loaded - as copied below from lsmod output. sata_nv18629 0 libata111261 1 sata_nv sd_mod 17217 0 scsi_mod 125261 3 sr_mod,libata,sd_mod I am using Verbatim DVD-RDL blanks. When I try to write a pre-recorded iso to the DVD I get the following error message: [EMAIL PROTECTED] growisofs -dvd-compat -Z /dev/dvdwriter=pre-recorded.iso :-( /dev/dvdwriter: media is not recognized as recordable DVD: 10015 I have tried to do this as root with the same result. /dev/dvdwriter is a link to /dev/scd0 and has full read/write/execute permissions. Output of growisofs -version: * growisofs by [EMAIL PROTECTED], version 5.21, front-ending to mkisofs: mkisofs 2.01 (i686-pc-linux-gnu) Any suggestions will be welcome - if any further information is required I will do my best to supply it. I'm *really* a novice at this, but the first time I tried to record a DVD (I use cdrecord) I learned that the media needed to be formatted first. I don't know if what your using is already formatted, if your software does it for you or if it's even needed. Using the cdrecord software, there are flags that will let me know. I have Googled with the error message but only get reports of this problem and no solutions. TIA ChrisG snip HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with writing Dual Layer DVD
William L. Maltby wrote: On Wed, 2008-08-27 at 19:38 +0200, Chris Geldenhuis wrote: Hi, I am running Centos 4 (fully updated on this box). I removed the old DVD writer (/dev/hdc) and installed a new LG GH20 Internal Super Multi DVD Rewriter with a SATA interface - this shows up as /dev/scd0. When I insert a pre-recorded DVD autorun mounts it and displays the contents without any hassles. It appears to me that the required kernel modules are loaded - as copied below from lsmod output. sata_nv18629 0 libata111261 1 sata_nv sd_mod 17217 0 scsi_mod 125261 3 sr_mod,libata,sd_mod I am using Verbatim DVD-RDL blanks. When I try to write a pre-recorded iso to the DVD I get the following error message: [EMAIL PROTECTED] growisofs -dvd-compat -Z /dev/dvdwriter=pre-recorded.iso :-( /dev/dvdwriter: media is not recognized as recordable DVD: 10015 I have tried to do this as root with the same result. /dev/dvdwriter is a link to /dev/scd0 and has full read/write/execute permissions. Output of growisofs -version: * growisofs by [EMAIL PROTECTED], version 5.21, front-ending to mkisofs: mkisofs 2.01 (i686-pc-linux-gnu) Any suggestions will be welcome - if any further information is required I will do my best to supply it. I'm *really* a novice at this, but the first time I tried to record a DVD (I use cdrecord) I learned that the media needed to be formatted first. I don't know if what your using is already formatted, if your software does it for you or if it's even needed. Using the cdrecord software, there are flags that will let me know. I have Googled with the error message but only get reports of this problem and no solutions. TIA ChrisG snip HTH Hi Bill, Thanks for the quick response - I did try to format with dvd+rw tools but also got a respnse that the media was not recordable. AFAIK it should not be required. From reading your many and interesting posts to this list I realize that we must be contemporaries (possoibly I started programming before you - circa 1963 on a ICL1500 aka RCA 301 in assembler or directly punching machine code into punch cards). I do appreciate your responses as they always are helpfull and when them flame wars flare up you remain sensible. Thanks again ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Unfortunately, that doesn't work either. I made the changes, shut down the machine and started it without networking, and here's what happens: login: root Password: login: login pukes and init starts it again. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Unfortunately, that doesn't work either. I made the changes, shut down the machine and started it without networking, and here's what happens: login: root Password: login: login pukes and init starts it again. you shouldn't need to restart but if you can't login as root, you probably still have something messed up in /etc/nsswitch.conf or may have messed up /etc/passwd | /etc/shadow can you login as a user and su - to root? if not, it probably would be best to boot to runlevel 1 and edit /etc/nsswitch.conf so it has this... passwd: files ldap shadow: files ldap group: files ldap and remove the NOTFOUND entries Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with writing Dual Layer DVD
On Wed, Aug 27, 2008 at 11:13 AM, Chris Geldenhuis [EMAIL PROTECTED] wrote: Hi Bill, Thanks for the quick response - I did try to format with dvd+rw tools but also got a respnse that the media was not recordable. AFAIK it should not be required. I usually use K3B for all my CD and DVD recording needs - it works nicely, even under GNOME (I don't use KDE). I've never had a problem like the one you describe, but I've upgraded to each new CentOS release fairly quickly, so I'm on 5.2, and that might be better. The one problem I did have with a new DVD burner was that it would only write at 2.47x at the fastest, and it was supposed to be a 20x drive. The manufacturer suggested I RMA it, which I will if I ever get around to taking it out and putting in a (different, known good) one. I also have mplayer/mencoder installed (and vobcopy and a few others), so I don't know if any of them might be involved peripherally, dragging in a more recent module from rpmforge, but I'm thinking you could try K3B and not lose anything if it works. HTH mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with writing Dual Layer DVD
On Wednesday 27 August 2008 20:27:15 MHR wrote: On Wed, Aug 27, 2008 at 11:13 AM, Chris Geldenhuis [EMAIL PROTECTED] wrote: Hi Bill, Thanks for the quick response - I did try to format with dvd+rw tools but also got a respnse that the media was not recordable. AFAIK it should not be required. I usually use K3B for all my CD and DVD recording needs - it works nicely, even under GNOME (I don't use KDE). I've never had a problem like the one you describe, but I've upgraded to each new CentOS release fairly quickly, so I'm on 5.2, and that might be better. The one problem I did have with a new DVD burner was that it would only write at 2.47x at the fastest, and it was supposed to be a 20x drive. The manufacturer suggested I RMA it, which I will if I ever get around to taking it out and putting in a (different, known good) one. I also have mplayer/mencoder installed (and vobcopy and a few others), so I don't know if any of them might be involved peripherally, dragging in a more recent module from rpmforge, but I'm thinking you could try K3B and not lose anything if it works. One question to Chris - did you click on the status bar where you need to change the disk type? Anne signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] RADVD address timeouts
I am using RADVD to assign IPv6 addresses. It works for 'static' devices. I want it to work for devices that move to different networks without having to restart the network on those devices. So if I have a notebook on network Lab1 getting prefix 2607:7:4:1::64 and moves to network Lab2 where RADVD advertises prefix 2607:7:4:2::/64, I want the host to switch to the new address. This is NOT for MobileIP. Right now I get the new global address, but the old address never goes away. I have tried setting AdvPreferredLifetime, but that has not helped. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Problems with writing Dual Layer DVD
On Wed, Aug 27, 2008 at 03:19:01PM -0400, William L. Maltby wrote: My updated 5.2 has these cdrdao-1.2.1-2.i386 cdrecord-2.01-10.i386 xcdroast-0.98a15-12.2.2.i386 Rpmforge has only the development rpm for the current cdrecord. I don't have atrpm on my system. You might check there and see if they have later packages. Just be aware that many months ago that repo was less trusted (IIRC, considered unstable and overlaid base packages if you weren't careful), but that may not be the case now. Plus, since then, yum priorities and protect have become available (can protect against overlay of base packages). Hearsay, your honour! Well, there's some FUD floating around about ATrpms - I'm of course biased in the other direction. Suffice it to say that you will not find any report of unstable packages in the stable repo, and that since RHEL5/CentOS5's birth there were no stable packages replacing CentOS packages but one that accidentially was in the stable and was fixed minutes within the report (I forgot which package it was, just check these archives, it was O(1-2 months) ago). There is also nothing that has happened in the last months to increase/decrease ATrpms' trustworthiness. Maybe less FUD and gossiping. ;) Finally yum priorities and protect have been long enough available to show that they create more bugs than they solve. If you don't trust a repo, just don't use it. Selective/partial enabling creates per user bugs that no one can diagnose. But to get back to the actual issue: No, ATrpms has neither cdrdao, nor cdrecord, nor xcdroast. -- Axel.Thimm at ATrpms.net pgp57Ri2yIskI.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Unfortunately, that doesn't work either. I made the changes, shut down the machine and started it without networking, and here's what happens: login: root Password: login: login pukes and init starts it again. you shouldn't need to restart but if you can't login as root, you probably still have something messed up in /etc/nsswitch.conf or may have messed up /etc/passwd | /etc/shadow can you login as a user and su - to root? if not, it probably would be best to boot to runlevel 1 and edit /etc/nsswitch.conf so it has this... passwd: files ldap shadow: files ldap group: files ldap and remove the NOTFOUND entries Yes, done. Without networking, still the login failure trouble. With networking, no trouble at all, but with those timeouts of 30 seconds and without those changes to nsswitch.conf, it takes a while for the first root login to succeed even though it is using local auth. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Unfortunately, that doesn't work either. I made the changes, shut down the machine and started it without networking, and here's what happens: login: root Password: login: login pukes and init starts it again. you shouldn't need to restart but if you can't login as root, you probably still have something messed up in /etc/nsswitch.conf or may have messed up /etc/passwd | /etc/shadow can you login as a user and su - to root? if not, it probably would be best to boot to runlevel 1 and edit /etc/nsswitch.conf so it has this... passwd: files ldap shadow: files ldap group: files ldap and remove the NOTFOUND entries Yes, done. Without networking, still the login failure trouble. With networking, no trouble at all, but with those timeouts of 30 seconds and without those changes to nsswitch.conf, it takes a while for the first root login to succeed even though it is using local auth. do you have this line in /etc/pam.d/system-auth account sufficientpam_localuser.so ??? What does your /etc/pam.d/system-auth look like? Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Unfortunately, that doesn't work either. I made the changes, shut down the machine and started it without networking, and here's what happens: login: root Password: login: login pukes and init starts it again. you shouldn't need to restart but if you can't login as root, you probably still have something messed up in /etc/nsswitch.conf or may have messed up /etc/passwd | /etc/shadow can you login as a user and su - to root? if not, it probably would be best to boot to runlevel 1 and edit /etc/nsswitch.conf so it has this... passwd: files ldap shadow: files ldap group: files ldap and remove the NOTFOUND entries Yes, done. Without networking, still the login failure trouble. With networking, no trouble at all, but with those timeouts of 30 seconds and without those changes to nsswitch.conf, it takes a while for the first root login to succeed even though it is using local auth. do you have this line in /etc/pam.d/system-auth account sufficientpam_localuser.so ??? What does your /etc/pam.d/system-auth look like? my /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass debug authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok debug passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so debug session required pam_mkhomedir.so skel=/etc/skel umask=0022 === I added account sufficientpam_localuser.so right before pam_ldap in the account section and tried again with the same procedure (turn off networking (chkconfig --levels 2345 network off), reboot). Same result, login dies and gets restarted. login: root Password: login: Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, 2008-08-27 at 17:35 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Unfortunately, that doesn't work either. I made the changes, shut down the machine and started it without networking, and here's what happens: login: root Password: login: login pukes and init starts it again. you shouldn't need to restart but if you can't login as root, you probably still have something messed up in /etc/nsswitch.conf or may have messed up /etc/passwd | /etc/shadow can you login as a user and su - to root? if not, it probably would be best to boot to runlevel 1 and edit /etc/nsswitch.conf so it has this... passwd: files ldap shadow: files ldap group: files ldap and remove the NOTFOUND entries Yes, done. Without networking, still the login failure trouble. With networking, no trouble at all, but with those timeouts of 30 seconds and without those changes to nsswitch.conf, it takes a while for the first root login to succeed even though it is using local auth. do you have this line in /etc/pam.d/system-auth account sufficientpam_localuser.so ??? What does your /etc/pam.d/system-auth look like? my /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass debug authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok debug passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so debug session required pam_mkhomedir.so skel=/etc/skel umask=0022 === I added account sufficientpam_localuser.so right before pam_ldap in the account section and tried again with the same procedure (turn off networking (chkconfig --levels 2345 network off),
[CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad
Our new lab has HP Intel Core 2 Quad systems with DVD/CDRW and SATA. I can provide the model number if needed. They stop on kernel startup when trying to boot the CentOS 5.2 boot CD. It is during ACPI. I have tried linux noprobe and linux pci=noacpi and linux noprobe pci=noacpi. I still cannot get to the first install screen. Fedora 10 Live will not but up either. I am using Fedora 9 from Live and DVD Install to teach a fall class and it works fine. Would CentOS 5.3 possibly work once it is released? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:35 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote: I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing this problem. Hello, I'm seeing a weird problem that perhaps someone has run into with groups. First, a little background. I was made aware of a problem with CentOS 5 where if the nscd password cache is clear and someone tries to log in if there is no network connection with an LDAP account that it just hangs. Even worse, if the machine is rebooted and it continues to have no network connection, even root login doesn't work. I messed around with nsswitch.conf to fix this problem. I altered these lines as so: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: files [!NOTFOUND=return] ldap and the problem seemed to go away. But now, here's the weird stuff: I have defined in my local /etc/groups file this line: group1:x:100:apache group2:x:101:apache 'getent group groupname' shows the right info: # getent group group1 group1:x:100:apache # sudo -u apache bash $ groups apache I revert back to my old config: # sudo -u apache bash $ groups apache group1 group2 Also, something else that's interesting. If I do this: passwd: files [!NOTFOUND=return] ldap shadow: files [!NOTFOUND=return] ldap group: ldap [NOTFOUND=continue] files and reboot, udev segfaults and the system freezes up after a few more seconds. Starting udev: /sbin/start_udev: line 43: 519 Segmentation fault $@ $ARGS /sbin/start_udev: line 201: 523 Segmentation fault /sbin/udevd -d Wait timeout. Will continue in the background.[FAILED] Any advice? Try putting this at the bottom of /etc/ldap.conf timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap I wouldn't recommend the changes that you have in nsswitch.conf Unfortunately, that doesn't work either. I made the changes, shut down the machine and started it without networking, and here's what happens: login: root Password: login: login pukes and init starts it again. you shouldn't need to restart but if you can't login as root, you probably still have something messed up in /etc/nsswitch.conf or may have messed up /etc/passwd | /etc/shadow can you login as a user and su - to root? if not, it probably would be best to boot to runlevel 1 and edit /etc/nsswitch.conf so it has this... passwd: files ldap shadow: files ldap group: files ldap and remove the NOTFOUND entries Yes, done. Without networking, still the login failure trouble. With networking, no trouble at all, but with those timeouts of 30 seconds and without those changes to nsswitch.conf, it takes a while for the first root login to succeed even though it is using local auth. do you have this line in /etc/pam.d/system-auth account sufficientpam_localuser.so ??? What does your /etc/pam.d/system-auth look like? my /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass debug authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok debug passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so debug session required pam_mkhomedir.so skel=/etc/skel umask=0022 === I added account sufficientpam_localuser.so right before pam_ldap in the account section and tried again with the same procedure (turn off networking (chkconfig --levels 2345 network off), reboot). Same result, login dies and gets restarted. login: root Password: login: well, it hardly makes any sense
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, Aug 27, 2008 at 2:56 PM, Mark Hennessy [EMAIL PROTECTED] wrote: Quoting Craig White [EMAIL PROTECTED]: Yes, I agree, it makes no sense to operate a machine with ldap accounts if it has no network connection, but at least one should be able to log in as root. To clarify, here's the problem: I have a machine. In normal operation, the network connection is non-functional and LDAP accounts are usable and everyone does their thing over ssh. If the network connection craps out, I can get into the machine via serial console and try to find out what's going on, perhaps switch to a different network connection, whatever. If I can't log in as root, my only recourse is to powercycle the machine and go into single-user mode. Now, multiply that by 100. This is why I need to get this working. Since you have now restated the problem, could you possibly edit your replies so as not to repeat the entire thread every time? Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: well, it hardly makes any sense to use ldap for user accounts and start up with networking off but I would recommend that you adhere to the advice at the top of the file and run 'authconfig' or 'system-config-authentication', make sure the settings are correct (including checking the box for local authentication is sufficient) so that it configures not only /etc/pam.d/system-auth and nsswitch.conf Yes, I agree, it makes no sense to operate a machine with ldap accounts if it has no network connection, but at least one should be able to log in as root. To clarify, here's the problem: I have a machine. In normal operation, the network connection is non-functional and LDAP accounts are usable and everyone does their thing over ssh. If the network connection craps out, I can get into the machine via serial console and try to find out what's going on, perhaps switch to a different network connection, whatever. If I can't log in as root, my only recourse is to powercycle the machine and go into single-user mode. Now, multiply that by 100. This is why I need to get this working. sounds like you're trying to fix a symptom, not the problem. anyway, did you run authconfig/system-config-authentication ? Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad
Our new lab has HP Intel Core 2 Quad systems with DVD/CDRW and SATA. I can provide the model number if needed. They stop on kernel startup when trying to boot the CentOS 5.2 boot CD. It is during ACPI. Model #'s would be good, even some cheap units have quad cores now, so its Impossible to guess. Most certainly support RH - CentOS. Check the Manual, there are likely some BIOS settings you need tweaked. jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Mark Hennessy wrote: perhaps switch to a different network connection, whatever. If I can't log in as root, my only recourse is to powercycle the machine and go into single-user mode. Now, multiply that by 100. This is why I need to get this working. Phew, seems like people don't know how to trim posts around here! Anyways, I suggest you install SSH keys on your systems, I've found I can authenticate with a system using an SSH key no problem even if LDAP is down. I finally migrated off of LDAP this past weekend for my home network, files are so much simpler :) (even for my work network with 300 systems) nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, Aug 27, 2008 at 05:07:26PM -0400, Mark Hennessy wrote: With networking, no trouble at all, but with those timeouts of 30 seconds and without those changes to nsswitch.conf, it takes a while for the first root login to succeed even though it is using local auth. If you have ldap groups and the ldap server isn't reachable then logins _can_ take a long time (depending on why the ldap server isn't reachable; if a telnet ldapserver ldap returns immediately then it shouldn't) because a login has to go through _every_ group to determine if you're in the group or not. It doesn't do a getent group blah it does the equivalent of while (getgrent()) { } which means it tries to parse the whole local _and_ ldap group entries. It needs to do this to get your secondary group list. Even root would need to do this. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad
They stop on kernel startup when trying to boot the CentOS 5.2 boot CD. It is during ACPI. Fedora 10 Live will not but up either. I am using Fedora 9 from Live and DVD Install to teach a fall class and it works fine. Are the CentOS and fed 10 DVDs of a similar type, and different to the DVD you used with fed 9? Or is your CentOS on CDs? A common problem I have is that some DVD drives really don't like some brands of disc. Some have issues with DVD-R's, some have issues with DVD+R's, some seem to be completely random. ymmv, but if the failing discs are the same brand, it's probably your cheapest quickest solution to reburn on a different brand and see if that helps. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Problems with writing Dual Layer DVD
On Wed, 2008-08-27 at 23:33 +0300, Axel Thimm wrote: On Wed, Aug 27, 2008 at 03:19:01PM -0400, William L. Maltby wrote: snip I don't have atrpm on my system. You might check there and see if they have later packages. Just be aware that many months ago that repo was less trusted (IIRC, considered unstable and overlaid base packages if you weren't careful), but that may not be the case now. Plus, since then, yum priorities and protect have become available (can protect against overlay of base packages). Hearsay, your honour! That's all that's available on any list for 80% of everything! :-) Well, there's some FUD floating around about ATrpms - I'm of course biased in the other direction. Suffice it to say that you will not find any report of unstable packages in the stable repo, and that since RHEL5/CentOS5's birth there were no stable packages replacing CentOS packages but one that accidentally was in the stable and was fixed minutes within the report (I forgot which package it was, just check these archives, it was O(1-2 months) ago). There is also nothing that has happened in the last months to increase/decrease ATrpms' trustworthiness. Maybe less FUD and gossiping. ;) True, to my knowledge as to the last few (well, time flies, it may be more than few, might be many or even mucho) months. That's why I made sure to include many months ago when I mentioned it. I've not heard any of those... gossips for some time now. That's what led me to believe that the gossip I'd heard might no longer be true, if it ever was. However, w/o mentioning names, I can certainly (long ago) recall ... advisories WRT atrpms in certain threads for a CentOS system. Not being truly knowledgeable myself, I felt it my civic duty to *not* doubt the rumors, innuendo and falsehoods of which I was unaware! 8-O And, of course, that same social obligation requires unquestioning propagation of the mis-information. This works well because one who truly knows will be outraged and therefore goaded into correcting the misinformed fool who passes on such drivel. :-{ *softly whistling and looking around in innocence* Finally yum priorities and protect have been long enough available to show that they create more bugs than they solve. If you don't trust a repo, just don't use it. Selective/partial enabling creates per user bugs that no one can diagnose. Small disagreement. A knowledgeable user who caused the bug (presumed through oversight rather than ignorance) can often correct it. Especially if he queries the list so that others can read what he wrote, not what he meant/thought he wrote. Of course, even if ignorance about one particular facet was involved, (community) knowledge + good problem resolution process = solution often. But that's really only an argument contrary to those of obsessive anal-retentive BOFH types desiring absolute control - we know there are none here! :)) But to get back to the actual issue: No, ATrpms has neither cdrdao, nor cdrecord, nor xcdroast. Well, maybe the OP will get lucky. snicker - no age comments PLEASE! OH! Almost forgot. No offense intended in my previous or current reply. snip sig stuff -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, 2008-08-27 at 18:19 -0400, Stephen Harris wrote: On Wed, Aug 27, 2008 at 05:07:26PM -0400, Mark Hennessy wrote: With networking, no trouble at all, but with those timeouts of 30 seconds and without those changes to nsswitch.conf, it takes a while for the first root login to succeed even though it is using local auth. If you have ldap groups and the ldap server isn't reachable then logins _can_ take a long time (depending on why the ldap server isn't reachable; if a telnet ldapserver ldap returns immediately then it shouldn't) because a login has to go through _every_ group to determine if you're in the group or not. It doesn't do a getent group blah it does the equivalent of while (getgrent()) { } which means it tries to parse the whole local _and_ ldap group entries. It needs to do this to get your secondary group list. Even root would need to do this. that's why I suggested the changes to /etc/ldap.conf to time limit and to tell it not to bother with certain users Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: iptables question
on 8-27-2008 4:27 PM Joseph L. Casale spake the following: http://iptables.rlworkman.net/chunkyhtml/index.html Nice doc, any ideas on how to print it (or many chapters easily) so I can haul with me on my plane ride this weekend? Thanks! jlc E-mail me offlist and I can get make a pdf if you want it. ssilva at sgvwater dot com -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: iptables question
on 8-27-2008 4:27 PM Joseph L. Casale spake the following: http://iptables.rlworkman.net/chunkyhtml/index.html Nice doc, any ideas on how to print it (or many chapters easily) so I can haul with me on my plane ride this weekend? Thanks! jlc Or here is a link to a non chunk version http://iptables.rlworkman.net/iptables-tutorial.html -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: PGP signature signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] System goes into read only mode - not the same as posted earlier
Hello all, I’m at my wits end trying to resolve this. We are running centos 4.5 on Intel hardware. Dual SCSI disk drives mirrored on an LSI Logic controller. Every once in a while and not always on the same server and not only on the local SCSI Drives. System A – Dual internal drives on /dev/sda System B – Dual internal drives on /dev/sdc with a DAS on /dev/sda. Each of these systems experienced a kernel mptbase error and placed /dev/sda into read only mode. Note again the /dev/sda isn’t always local. For system A – remounting in ro mode didn’t work and the system had to be rebooted. File system check and bad block checks showed nothing and when the system was rebooted – it was fine. A portion of the messages log is below. I would appreciate any ideas or directions. Thanks, Steve Moccio Aug 7 01:00:06 sshd(pam_unix)[18336]: session opened for user root by (uid=0) Aug 7 09:00:36 kernel: mptscsi: ioc1: attempting task abort! (sc=f6f07c80) Aug 7 09:00:36 kernel: scsi1 : destination target 0, lun 0 Aug 7 09:00:36 kernel: command = Write (10) 00 00 00 fb d7 00 01 90 00 Aug 7 09:00:38 kernel: mptbase: Initiating ioc1 recovery Aug 7 09:00:44 kernel: drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC Reset Aug 7 09:01:19 last message repeated 10 times Aug 7 09:01:40 last message repeated 7 times Aug 7 09:01:41 kernel: mptbase: ioc1: ERROR - Diagnostic reset FAILED! (102h) Aug 7 09:01:41 kernel: mptbase: ioc1 NOT READY WARNING! Aug 7 09:01:41 kernel: mptbase: WARNING - (-1) Cannot recover ioc1 Aug 7 09:01:41 kernel: mptscsi: ioc1: Issue of TaskMgmt failed! Aug 7 09:01:41 kernel: mptscsi: ioc1: task abort: FAILED (sc=f6f07c80) Aug 7 09:01:41 kernel: mptscsi: ioc1: attempting bus reset! (sc=f6f07c80) Aug 7 09:01:41 kernel: scsi1 : destination target 0, lun 0 Aug 7 09:01:41 kernel: command = Write (10) 00 00 00 fb d7 00 01 90 00 Aug 7 09:01:41 kernel: mptbase: Initiating ioc1 recovery Aug 7 09:01:46 kernel: mptbase: ioc1: ERROR - Doorbell ACK timeout (count=4999), IntStatus=8000! Aug 7 09:01:47 kernel: drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC Reset Aug 7 09:02:23 last message repeated 10 times Aug 7 09:02:44 last message repeated 7 times Aug 7 09:02:47 kernel: mptbase: ioc1: ERROR - Diagnostic reset FAILED! (102h) Aug 7 09:02:47 kernel: mptbase: ioc1 NOT READY WARNING! Aug 7 09:02:47 kernel: mptbase: WARNING - (-1) Cannot recover ioc1 Aug 7 09:02:47 kernel: mptscsi: ioc1: bus reset: FAILED (sc=f6f07c80) Aug 7 09:02:48 kernel: mptscsi: ioc1: Attempting host reset! (sc=f6f07c80) Aug 7 09:02:48 kernel: mptbase: Initiating ioc1 recovery Aug 7 09:02:51 kernel: drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC Reset Aug 7 09:02:51 kernel: drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC Reset Aug 7 09:02:53 kernel: mptbase: ioc1: ERROR - Doorbell ACK timeout (count=4999), IntStatus=8000! Aug 7 09:02:58 kernel: drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC Reset Aug 7 09:03:34 last message repeated 10 times Aug 7 09:03:48 last message repeated 5 times Aug 7 09:03:54 kernel: mptbase: ioc1: ERROR - Diagnostic reset FAILED! (102h) Aug 7 09:03:54 kernel: mptbase: ioc1 NOT READY WARNING! Aug 7 09:03:54 kernel: mptbase: WARNING - (-1) Cannot recover ioc1 Aug 7 09:03:54 kernel: scsi: Device offlined - not ready after error recovery: host 1 channel 0 id 0 lun 0 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: well, it hardly makes any sense to use ldap for user accounts and start up with networking off but I would recommend that you adhere to the advice at the top of the file and run 'authconfig' or 'system-config-authentication', make sure the settings are correct (including checking the box for local authentication is sufficient) so that it configures not only /etc/pam.d/system-auth and nsswitch.conf Yes, I agree, it makes no sense to operate a machine with ldap accounts if it has no network connection, but at least one should be able to log in as root. To clarify, here's the problem: I have a machine. In normal operation, the network connection is non-functional and LDAP accounts are usable and everyone does their thing over ssh. If the network connection craps out, I can get into the machine via serial console and try to find out what's going on, perhaps switch to a different network connection, whatever. If I can't log in as root, my only recourse is to powercycle the machine and go into single-user mode. Now, multiply that by 100. This is why I need to get this working. sounds like you're trying to fix a symptom, not the problem. anyway, did you run authconfig/system-config-authentication ? Yes, I did in fact run it. here are the results: authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com --enableldaptls --ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test caching is enabled nss_files is always enabled nss_compat is enabled nss_db is disabled nss_hesiod is disabled hesiod LHS = hesiod RHS = nss_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com nss_nis is disabled NIS server = NIS domain = nss_nisplus is disabled nss_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = Winbind template shell = /bin/false SMB idmap uid = blah-blah SMB idmap gid = blah-blah nss_wins is disabled pam_unix is always enabled shadow passwords are enabled md5 passwords are enabled pam_krb5 is disabled krb5 realm = EXAMPLE.COM krb5 realm via dns is disabled krb5 kdc = kerberos.example.com:88 krb5 kdc via dns is disabled krb5 admin server = kerberos.example.com:749 pam_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = coolkey smartcard removal action = Ignore pam_smb_auth is disabled SMB workgroup = WORKGROUP SMB servers = pam_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = pam_cracklib is enabled (try_first_pass retry=3 debug) pam_passwdqc is disabled () Always authorize local users is disabled () Authenticate system accounts against network services is disabled These last two lines look interesting. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Strategy for using CentOS on laptops in an NIS environment
We use NIS (ypbind) and Kerberos at work for all our Linux and Unix systems. Home directories are mounted via autofs from an NIS map. Everything works just fine as long as all network resources are available (however, things turn ugly when the NIS servers are not reachable). Some users also want to start using laptops and bring them home or on trips to continue working while not at the office. Of course, their home directories won't be available and neither will other network resources. Creating local accounts with the same UIDs and local home directories solves most of the problems. However, I can't create a local account with useradd while ypbind is running because it complains that that account already exists. Is there a better way to create a local account then service ypbind stop; useradd...; service ypbind start? What are other strategies that you use to deal with off- network use in an NIS environment? Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
On Wed, 2008-08-27 at 20:41 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: well, it hardly makes any sense to use ldap for user accounts and start up with networking off but I would recommend that you adhere to the advice at the top of the file and run 'authconfig' or 'system-config-authentication', make sure the settings are correct (including checking the box for local authentication is sufficient) so that it configures not only /etc/pam.d/system-auth and nsswitch.conf Yes, I agree, it makes no sense to operate a machine with ldap accounts if it has no network connection, but at least one should be able to log in as root. To clarify, here's the problem: I have a machine. In normal operation, the network connection is non-functional and LDAP accounts are usable and everyone does their thing over ssh. If the network connection craps out, I can get into the machine via serial console and try to find out what's going on, perhaps switch to a different network connection, whatever. If I can't log in as root, my only recourse is to powercycle the machine and go into single-user mode. Now, multiply that by 100. This is why I need to get this working. sounds like you're trying to fix a symptom, not the problem. anyway, did you run authconfig/system-config-authentication ? Yes, I did in fact run it. here are the results: authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com --enableldaptls --ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test caching is enabled nss_files is always enabled nss_compat is enabled nss_db is disabled nss_hesiod is disabled hesiod LHS = hesiod RHS = nss_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com nss_nis is disabled NIS server = NIS domain = nss_nisplus is disabled nss_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = Winbind template shell = /bin/false SMB idmap uid = blah-blah SMB idmap gid = blah-blah nss_wins is disabled pam_unix is always enabled shadow passwords are enabled md5 passwords are enabled pam_krb5 is disabled krb5 realm = EXAMPLE.COM krb5 realm via dns is disabled krb5 kdc = kerberos.example.com:88 krb5 kdc via dns is disabled krb5 admin server = kerberos.example.com:749 pam_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = coolkey smartcard removal action = Ignore pam_smb_auth is disabled SMB workgroup = WORKGROUP SMB servers = pam_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = pam_cracklib is enabled (try_first_pass retry=3 debug) pam_passwdqc is disabled () Always authorize local users is disabled () Authenticate system accounts against network services is disabled These last two lines look interesting. I would think that authenticate system accounts against network services is disabled would be the setting that you want but the other... always authorize local users should be enabled. Also, I'm assuming that you've swapped out dc=example,dc=com for the real entries and will put in the real entries when you actually run the command. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum provides on centos 5.2
On Wednesday, August 27, 2008 at 8:49 PM, Jerry Geis wrote: I am trying things like yum provides alsamixer on centox 5.2 i386 and x86_64 also yum provides vi yum provides gvimdiff yum provides dumpiso yum provides uname All of these return no matches found is something broke??? Include the path: # yum provides uname No Matches found # which uname /bin/uname # yum provides /bin/uname coreutils.x86_64 : The GNU core utilities... Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum provides on centos 5.2
Jerry Geis wrote: I am trying things like yum provides alsamixer on centox 5.2 i386 and x86_64 also yum provides vi yum provides gvimdiff yum provides dumpiso yum provides uname All of these return no matches found is something broke??? These are just examples. I was trying to do yum provides xf86Modes.h it returns no matches also. Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos For files try yum provides '*/vi' etc... I think this is new behavior for yum Tony Schreiner ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 20:41 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: well, it hardly makes any sense to use ldap for user accounts and start up with networking off but I would recommend that you adhere to the advice at the top of the file and run 'authconfig' or 'system-config-authentication', make sure the settings are correct (including checking the box for local authentication is sufficient) so that it configures not only /etc/pam.d/system-auth and nsswitch.conf Yes, I agree, it makes no sense to operate a machine with ldap accounts if it has no network connection, but at least one should be able to log in as root. To clarify, here's the problem: I have a machine. In normal operation, the network connection is non-functional and LDAP accounts are usable and everyone does their thing over ssh. If the network connection craps out, I can get into the machine via serial console and try to find out what's going on, perhaps switch to a different network connection, whatever. If I can't log in as root, my only recourse is to powercycle the machine and go into single-user mode. Now, multiply that by 100. This is why I need to get this working. sounds like you're trying to fix a symptom, not the problem. anyway, did you run authconfig/system-config-authentication ? Yes, I did in fact run it. here are the results: authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com --enableldaptls --ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test caching is enabled nss_files is always enabled nss_compat is enabled nss_db is disabled nss_hesiod is disabled hesiod LHS = hesiod RHS = nss_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com nss_nis is disabled NIS server = NIS domain = nss_nisplus is disabled nss_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = Winbind template shell = /bin/false SMB idmap uid = blah-blah SMB idmap gid = blah-blah nss_wins is disabled pam_unix is always enabled shadow passwords are enabled md5 passwords are enabled pam_krb5 is disabled krb5 realm = EXAMPLE.COM krb5 realm via dns is disabled krb5 kdc = kerberos.example.com:88 krb5 kdc via dns is disabled krb5 admin server = kerberos.example.com:749 pam_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = coolkey smartcard removal action = Ignore pam_smb_auth is disabled SMB workgroup = WORKGROUP SMB servers = pam_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = pam_cracklib is enabled (try_first_pass retry=3 debug) pam_passwdqc is disabled () Always authorize local users is disabled () Authenticate system accounts against network services is disabled These last two lines look interesting. I would think that authenticate system accounts against network services is disabled would be the setting that you want but the other... always authorize local users should be enabled. Also, I'm assuming that you've swapped out dc=example,dc=com for the real entries and will put in the real entries when you actually run the command. Your assumption is valid, and, in this case, correct. After running that, I ran authconfig-tui and followed the prompts, including making local login sufficient, and then performed the test. It failed with the same issue, password accepted without claim of failure, no shell, new login prompt. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.2, Firefox 3, and IPv6
On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz [EMAIL PROTECTED]wrote: Rob Townley wrote: On Mon, Aug 11, 2008 at 11:15 PM, Robert Moskowitz [EMAIL PROTECTED]mailto: [EMAIL PROTECTED] wrote: Craig White wrote: On Mon, 2008-08-11 at 23:28 -0400, Robert Moskowitz wrote: Craig White wrote: On Mon, 2008-08-11 at 21:11 -0400, Robert Moskowitz wrote: I am doing some testing and it almost seems as if Firefox 3.0.1 that comes with Centos 5.2 is NOT working with IPv6. Anyone know for sure? I am getting weird hang behaviours and other just not working things. more likely a DNS issue Name is coded in /etc/hosts Of course the fqdn I am using does NOT follow 'standard' TLDs, but it should NOT be masking that, or would that be a 'security' feature? I have no clue what you are talking about being coded in /etc/hosts... you can check DNS if it returns ipV6 addresses for hosts or if there are snags/delays in trying to resolve names from command line p3490.htt is in my /etc/hosts file as something like: 2701:24:2:1:0:1:2:3 p3490.htt I can 'ping6 -n p3490.htt' But putting a url of http//p3490.htt does not work ___ CentOS mailing list CentOS@centos.org mailto:CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos DNS can be real slow when IPv6 is enabled. For instance the following firefox delta would speed up firefox on IPv4 connections. Maybe you need to turn it on? You may have already found this, but it helped when I had the same problem. In firefox type in about:config, filter for 'ipv6' you should have an entry for network.dns.disableIPv6 right click on it and 'toggle' it to a true value, restart firefox and see if it helps. Um, as the original poster, I WANT IPv6. Not make IPv4 lookups faster by ignoring records. Further testing has IPv6 working just fine. Thing is when I enable the HIP API intercepts, FIrefox does not work. Like they are doing something 'non-standard' with the regualr TCP socket API so that HIP can't slide in there. I tried disabling a number of options, thinking it might be some security setting, but if it is, I have not found it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Yep, i fully understood you wanted IPv6. i just thought you might want to verify what settings you have for Firefox -- making sure Firefox has turned on IPv6 dns. Just curious, what is the motivation for the HIP api stuff, it is not there by default is it? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum provides on centos 5.2
Include the path: Doesn't that defeat the purpose? My favourite use of the whatprovides feature of yum is could find things that aren't on my system. I'd prefer not to go on a wild path chase. :) This looks like a bug to me. On CentOS 5.1 (yum 3.0.5): # yum provides uname | awk '/i386|noarch/ {print $1}' uucp.i386 man-pages-de.noarch man-pages-de.noarch bash.i386 kdevelop.i386 kdevelop.i386 kdevelop.i386 man-pages-ja.noarch man-pages-ja.noarch man-pages-ko.noarch man-pages-ko.noarch coreutils.i386 coreutils.i386 python-tools.i386 man-pages-fr.noarch man-pages-es.noarch kdewebdev.i386 man-pages-ru.noarch man-pages-cs.noarch epic.i386 man-pages.noarch man-pages.noarch man-pages.noarch man-pages-it.noarch inn.i386 man-pages-pl.noarch man-pages-pl.noarch man-pages.noarch bash.i386 coreutils.i386 on CentOS 5.2 (yum 3.2.8), No Matches found -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6
Rob Townley wrote: On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Um, as the original poster, I WANT IPv6. Not make IPv4 lookups faster by ignoring records. Further testing has IPv6 working just fine. Thing is when I enable the HIP API intercepts, FIrefox does not work. Like they are doing something 'non-standard' with the regualr TCP socket API so that HIP can't slide in there. I tried disabling a number of options, thinking it might be some security setting, but if it is, I have not found it. Yep, i fully understood you wanted IPv6. i just thought you might want to verify what settings you have for Firefox -- making sure Firefox has turned on IPv6 dns. Default was on. Just curious, what is the motivation for the HIP api stuff, it is not there by default is it? read the RFCs on HIP: 4423 and 5201-5206. 4423 provides the justification of HIP and its architecture. I created HIP almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec RFCs out. HIP is much more than an alternative keying protocol for ESP (compared to IKE). It directly addresses secure mobility. HIP **IS** an important change to the TCP/IP architecture; this has been part of its slow advancement. As such it has its own 'native' API: http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt. I can go into more about HIP if you wish. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nsswitch.conf, ldap, local groups problem
Mark, Probe with this line: authconfig --enablelocauthorize --updateall Regards, Alejandro www.linuxiso.com.ar Argentina 2008/8/27 Mark Hennessy [EMAIL PROTECTED] Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 20:41 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote: Quoting Craig White [EMAIL PROTECTED]: well, it hardly makes any sense to use ldap for user accounts and start up with networking off but I would recommend that you adhere to the advice at the top of the file and run 'authconfig' or 'system-config-authentication', make sure the settings are correct (including checking the box for local authentication is sufficient) so that it configures not only /etc/pam.d/system-auth and nsswitch.conf Yes, I agree, it makes no sense to operate a machine with ldap accounts if it has no network connection, but at least one should be able to log in as root. To clarify, here's the problem: I have a machine. In normal operation, the network connection is non-functional and LDAP accounts are usable and everyone does their thing over ssh. If the network connection craps out, I can get into the machine via serial console and try to find out what's going on, perhaps switch to a different network connection, whatever. If I can't log in as root, my only recourse is to powercycle the machine and go into single-user mode. Now, multiply that by 100. This is why I need to get this working. sounds like you're trying to fix a symptom, not the problem. anyway, did you run authconfig/system-config-authentication ? Yes, I did in fact run it. here are the results: authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com --enableldaptls --ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test caching is enabled nss_files is always enabled nss_compat is enabled nss_db is disabled nss_hesiod is disabled hesiod LHS = hesiod RHS = nss_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com nss_nis is disabled NIS server = NIS domain = nss_nisplus is disabled nss_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = Winbind template shell = /bin/false SMB idmap uid = blah-blah SMB idmap gid = blah-blah nss_wins is disabled pam_unix is always enabled shadow passwords are enabled md5 passwords are enabled pam_krb5 is disabled krb5 realm = EXAMPLE.COM krb5 realm via dns is disabled krb5 kdc = kerberos.example.com:88 krb5 kdc via dns is disabled krb5 admin server = kerberos.example.com:749 pam_ldap is enabled LDAP+TLS is enabled LDAP server = ldap.example.com LDAP base DN = dc=example,dc=com pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = coolkey smartcard removal action = Ignore pam_smb_auth is disabled SMB workgroup = WORKGROUP SMB servers = pam_winbind is disabled SMB workgroup = WORKGROUP SMB servers = SMB security = user SMB realm = pam_cracklib is enabled (try_first_pass retry=3 debug) pam_passwdqc is disabled () Always authorize local users is disabled () Authenticate system accounts against network services is disabled These last two lines look interesting. I would think that authenticate system accounts against network services is disabled would be the setting that you want but the other... always authorize local users should be enabled. Also, I'm assuming that you've swapped out dc=example,dc=com for the real entries and will put in the real entries when you actually run the command. Your assumption is valid, and, in this case, correct. After running that, I ran authconfig-tui and followed the prompts, including making local login sufficient, and then performed the test. It failed with the same issue, password accepted without claim of failure, no shell, new login prompt. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad
On Wed, Aug 27, 2008 at 5:23 PM, Spiro Harvey, Knossos Networks Ltd [EMAIL PROTECTED] wrote: They stop on kernel startup when trying to boot the CentOS 5.2 boot CD. It is during ACPI. Fedora 10 Live will not but up either. I am using Fedora 9 from Live and DVD Install to teach a fall class and it works fine. Are the CentOS and fed 10 DVDs of a similar type, and different to the DVD you used with fed 9? Or is your CentOS on CDs? A common problem I have is that some DVD drives really don't like some brands of disc. Some have issues with DVD-R's, some have issues with DVD+R's, some seem to be completely random. ymmv, but if the failing discs are the same brand, it's probably your cheapest quickest solution to reburn on a different brand and see if that helps. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i was very disappointed to find these new machines that don't boot Linux easily. i have to wonder if HP received rebates from M$ by making it difficult to boot Linux on these machines. These machines have to be noob proof. $300.00 less expensive than the same CPU and intel chipset as Dell. To boot off of a knoppix disc use the boot option *knoppix acpi=off*. For CentOS, use *linux pci=noacpi,nommconf*. On HP Compaq Business Desktop Small Form Factor. dc7800 Core 2 DUO e8400 @ 3.00GhZ BIOS Version: Hewlett-Packard 786F1 v01.24 3/18/2008. Mfr# KA607UT#ABA UPC/EAN# 884420101468 HP Compaq Business Desktop dc7800 - SFF - 1 x Core 2 Duo E8400 / 3 GHz - RAM 2 GB - HDD 1 x 160 GB - DVD±RW (±R DL) / DVD-RAM - GMA 3100 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strategy for using CentOS on laptops in an NIS environment
Alfred von Campe wrote: Creating local accounts with the same UIDs and local home directories solves most of the problems. However, I can't create a local account with useradd while ypbind is running because it complains that that account already exists. Is there a better way to create a local account then service ypbind stop; useradd...; service ypbind start? What are other strategies that you use to deal with off- network use in an NIS environment? I haven't use NIS in a long time but you could just add the account manually by putting it in the passwd/group/shadow file by hand (what I do is build a master set of passwd/group/shadow files and they are replicated to all systems using cfengine). As for home directories perhaps something like AFS? Though AFS is quite complex(or it was last I looked at it 6 years ago) from http://en.wikipedia.org/wiki/Andrew_File_System AFS has several benefits over traditional networked file systems, particularly in the areas of security and scalability. It is not uncommon for enterprise AFS cells to exceed fifty thousand clients[citation needed]. AFS uses Kerberos for authentication, and implements access control lists on directories for users and groups. Each client caches files on the local filesystem for increased speed on subsequent requests for the same file. This also allows limited filesystem access in the event of a server crash or a network outage. -- nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6
On Wed, Aug 27, 2008 at 9:50 PM, Robert Moskowitz [EMAIL PROTECTED]wrote: Rob Townley wrote: On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz [EMAIL PROTECTED]mailto: [EMAIL PROTECTED] wrote: Um, as the original poster, I WANT IPv6. Not make IPv4 lookups faster by ignoring records. Further testing has IPv6 working just fine. Thing is when I enable the HIP API intercepts, FIrefox does not work. Like they are doing something 'non-standard' with the regualr TCP socket API so that HIP can't slide in there. I tried disabling a number of options, thinking it might be some security setting, but if it is, I have not found it. Yep, i fully understood you wanted IPv6. i just thought you might want to verify what settings you have for Firefox -- making sure Firefox has turned on IPv6 dns. Default was on. Just curious, what is the motivation for the HIP api stuff, it is not there by default is it? read the RFCs on HIP: 4423 and 5201-5206. 4423 provides the justification of HIP and its architecture. I created HIP almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec RFCs out. HIP is much more than an alternative keying protocol for ESP (compared to IKE). It directly addresses secure mobility. HIP **IS** an important change to the TCP/IP architecture; this has been part of its slow advancement. As such it has its own 'native' API: http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt. I can go into more about HIP if you wish. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos So HIP isn't in any distribution by default or is it? How does one know? Would it make sense to include HIP in a Wireless Access Point firmware or a RADIUS type machine? Looks interesting, will have to keep it in mind for wlan sec. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes
On Tue, Aug 26, 2008 at 5:55 PM, Robert Moskowitz [EMAIL PROTECTED]wrote: Jeff Kinz wrote: On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote: Is there an easy way or anyway to establish a 128 bit encrypted tunnel between a handful of centos 5.2 boxes? In addition the rest of the good info others already posted for you, please remember that 128 bit encryption doesn't mean anything unless you also specify the encryption scheme being used. A 128 bit encryption scheme may or may not be easily broken depending on which one it is. (Pick a good!) Actually 'we' (crypto community) talk about crypto-suites, as you have to look at all the pieces involved. If everything is not disclosed (like with Skype), then you just don't know where the weakness may be. SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the suites are too weak to talk about), and HIP are all well-rounded security protocols. I have worked on all of them. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i would look into the HIP stuff. But also look at the Hamachi like solutions such as EOIP - Ethernet Over IP (built into dd-wrt) and tinc-vpn. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6
Rob Townley wrote: On Wed, Aug 27, 2008 at 9:50 PM, Robert Moskowitz [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Rob Townley wrote: On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Um, as the original poster, I WANT IPv6. Not make IPv4 lookups faster by ignoring records. Further testing has IPv6 working just fine. Thing is when I enable the HIP API intercepts, FIrefox does not work. Like they are doing something 'non-standard' with the regualr TCP socket API so that HIP can't slide in there. I tried disabling a number of options, thinking it might be some security setting, but if it is, I have not found it. Yep, i fully understood you wanted IPv6. i just thought you might want to verify what settings you have for Firefox -- making sure Firefox has turned on IPv6 dns. Default was on. Just curious, what is the motivation for the HIP api stuff, it is not there by default is it? read the RFCs on HIP: 4423 and 5201-5206. 4423 provides the justification of HIP and its architecture. I created HIP almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec RFCs out. HIP is much more than an alternative keying protocol for ESP (compared to IKE). It directly addresses secure mobility. HIP **IS** an important change to the TCP/IP architecture; this has been part of its slow advancement. As such it has its own 'native' API: http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt. I can go into more about HIP if you wish. So HIP isn't in any distribution by default or is it? No, but Ericsson just released there FreeBSD implementation: http://www.hip4inter.net/download/download.php And Boeing has their Vista and I think NetBSD code base. HIPL is available for FC8 and Ubuntu and I think Suse. I saw it running on the Nokia N810 when I was in Helsinki earlier this month. How does one know? Our goal is to move HIP from Experimental to Standards track in the IETF at the November session. From there it may well be that HIP could be in Centos 6.0. But that is a long shot. Would it make sense to include HIP in a Wireless Access Point firmware or a RADIUS type machine? As a better security protocol to run RADIUS through between the AP and the Radius server? YES! Looks interesting, will have to keep it in mind for wlan sec. Just remember that it is NOT a tunneling keying protocol. It runs ESP in Transport mode, even if you are using BEET ESP mode. You can run a tunneling protocol within it. I am working on that HIP is NOT a VPN alternative. It is really host-to-host security. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum provides on centos 5.2
On Thu, 2008-08-28 at 13:50 +1200, Spiro Harvey, Knossos Networks Ltd wrote: Include the path: Doesn't that defeat the purpose? My favourite use of the whatprovides feature of yum is could find things that aren't on my system. I'd prefer not to go on a wild path chase. :) This looks like a bug to me. On CentOS 5.1 (yum 3.0.5): # yum provides uname | awk '/i386|noarch/ {print $1}' uucp.i386 ... coreutils.i386 on CentOS 5.2 (yum 3.2.8), No Matches found That's not a bug, that's a “feature”. :-D Historically, “yum provides” dumped the kitchen sink on you and you had to wade through the debris to find what you wanted. Looks like the new “feature” went a bit too far the other way. Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum provides on centos 5.2
Steve Tindall wrote: Looks like the new “feature� went a bit too far the other way. Roger that. From too much to not enough. We must bring balance back to the force. -- Spiro Harvey Knossos Networks Ltd 021-295-1923www.knossos.net.nz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos