Re: [CentOS] Re: slow Perl on CentOS 5

[Vnpenguin]

On Wed, Aug 27, 2008 at 6:18 AM, Mark Pryor <[EMAIL PROTECTED]> wrote:
>
> Anyone want to try and get this built on C5.2?
> ftp://download.fedora.redhat.com/pub/fedora/linux/updates/8/SRPMS/perl-5.8.8-40.fc8.src.rpm
>
> the above runs in about .4 sec, while on C5.2 it takes 8-12 seconds.
>

Can not wait for update, I have to build Perl 5.10.0 from src for my
work on CentOS 5.2. I installed this into /opt/perl for now, so there
is no impact on rpm Perl package.

Waiting for fixed rpm of Perl ...

-- 
http://vnoss.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Logwatch doesn´t report on dovecot

[henry ritzlmayr]

Hi List,

Centos 5(.2) ships with dovecot-1.0.7-2.el5 and logwatch-7.3-6.el5

However the shipped logwatch is not aware of dovecot 1.x meaning none of
the log entries (var/log/maillog) are processed at all. 

Should I file a bug report on this? Upstream?

cheers 
Henry

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help me

[Ian Forde]

On Wed, 2008-08-27 at 12:00 +0530, Sadaruwan Samaraweera wrote:
> Hi,
> 
>  Yes I know what your saying ok! I didn't ask him any descent question
> but I gave a solution based on my experience. So why hell r u guy's
> coming after me and as you said in the world of IT there are lot of
> perhaps OK buddy.

Yeesh.  Look - I'm not starting to start a flamewar here.  I'm just
saying that given the little information that was given, it would be
prudent to have the OP give more before catch-all answers are given.  I
understand that your solution worked for you, but how would any of us
know that they're experiencing the same problem as you did?

Oh - and incidentally, the proper "Red Hat" way to do this (trust me on
this one - I used to work for Red Hat, have two RHCE certs, and have
been a sysadmin for over 15 years) would be to get more info before
changing out network drivers.  Replacing stock parts of the OS is the
*FASTEST* way to have RH support say "we don't support you".  Now,
knowing that this is CentOS, things don't quite work that way here.  But
the general case still applies.  Stick with stock as much as you can
until you can demonstrably prove that it's broken and put in a
workaround until the "correct" solution is found.  That's the easiest
way to get help on this list.  (And, I suspect, many others...)  Just
look at the recent discussions on CPAN (shudder) and how it can really
crap up a system based upon RPMs...

-I

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] slow Perl on CentOS 5

[Karanbir Singh]

Akemi Yagi wrote:

should explore the problem further with TUV and the CentOS
community. If a fix is not forthcoming from TUV, I reluctantly suggest
that we get together with the CentOS people and fork this portion of
 the distro, perhaps standardizing on Perl 5.10 . There are people
in the Perl community ready to assist us.


While forking the whole perl subsection of the distro is a bit drastic, 
I am quite happy to have a perl in C5Plus. Does someone want to get in 
touch with Keith and get a summary on what needs fixing in this case ? 
Also - if the conversation was to take place on centos-devel list, would 
be much cooler.


Upstream have said the fix will be in 5U3, and considering that might be 
still a few months away, could we get something sorted before then ?


( questions, since I dont use perl myself )


--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Logwatch doesn ´t report on dovecot

[Ralph Angenendt]

henry ritzlmayr wrote:
> Hi List,
> 
> Centos 5(.2) ships with dovecot-1.0.7-2.el5 and logwatch-7.3-6.el5
> 
> However the shipped logwatch is not aware of dovecot 1.x meaning none of
> the log entries (var/log/maillog) are processed at all. 
> 
> Should I file a bug report on this? Upstream?

See  - not that that
helps much at the moment.

Cheers,

Ralph


pgpweyAwtwGvm.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] postfix install error: fatal file /etc/postfix/main.cf: parameter setgid_group: unknown group name: postdrop

[Rainer Traut]

nate schrieb:

Rainer Traut wrote:

Ok, think I found the cause...

The server I try to install to has heartbeat/cluster software installed.
I already has a group with GID 90:


Makes sense then, where did heartbeat/cluster software come from?
If it's a supported package on RHEL-based systems it shouldn't add
a user or group with a conflicting ID.


It's from the LinuxHA/Pacemaker project which has its own repo build by 
OpenSuse build service.


http://clusterlabs.org/

repo here:
http://download.opensuse.org/repositories/server:/ha-clustering/

Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Logwatch doesn´t report on dovecot

[henry ritzlmayr]

Am Mittwoch, den 27.08.2008, 11:03 +0200 schrieb Ralph Angenendt:
> henry ritzlmayr wrote:
> > Hi List,
> > 
> > Centos 5(.2) ships with dovecot-1.0.7-2.el5 and logwatch-7.3-6.el5
> > 
> > However the shipped logwatch is not aware of dovecot 1.x meaning none of
> > the log entries (var/log/maillog) are processed at all. 
> > 
> > Should I file a bug report on this? Upstream?
> 
> See  - not that that
> helps much at the moment.
> 
> Cheers,
> 
> Ralph

Hi Ralph, 

its not a big deal for me. I patched the scripts here on my own and it
works now. I just wanted to report this, so that others don´t have to do
the same, and I can revert to standard afterwards.

Thanks for the bugzilla link. 

cheers
Henry

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 42, Issue 9

[centos-announce-request]

Send CentOS-announce mailing list submissions to
[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2008:0849 Important CentOS 3 i386ipsec-tools - security
  update (Tru Huynh)
   2. CESA-2008:0849 Important CentOS 3 x86_64  ipsec-tools -
  security update (Tru Huynh)
   3. CESA-2008:0836 Moderate CentOS 3 i386 libxml2 -   security
  update (Tru Huynh)
   4. CESA-2008:0836 Moderate CentOS 3 x86_64 libxml2 - security
  update (Tru Huynh)


--

Message: 1
Date: Wed, 27 Aug 2008 00:54:10 +0200
From: Tru Huynh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CESA-2008:0849 Important CentOS 3 i386
ipsec-tools - security update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2008:0849

ipsec-tools security update for CentOS 3 i386:
https://rhn.redhat.com/errata/RHSA-2008-0849.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/ipsec-tools-0.2.5-0.7.rhel3.5.i386.rpm

source:
updates/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm

You may update your CentOS-3 i386 installations by running the command:

yum update ipsec-tools

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20080827/e465830d/attachment-0001.bin

--

Message: 2
Date: Wed, 27 Aug 2008 00:54:38 +0200
From: Tru Huynh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CESA-2008:0849 Important CentOS 3 x86_64
ipsec-tools - security update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2008:0849

ipsec-tools security update for CentOS 3 x86_64:
https://rhn.redhat.com/errata/RHSA-2008-0849.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

x86_64:
updates/x86_64/RPMS/ipsec-tools-0.2.5-0.7.rhel3.5.x86_64.rpm

source:
updates/SRPMS/ipsec-tools-0.2.5-0.7.rhel3.5.src.rpm

You may update your CentOS-3 x86_64 installations by running the command:

yum update ipsec-tools

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20080827/370fbe46/attachment-0001.bin

--

Message: 3
Date: Wed, 27 Aug 2008 00:55:28 +0200
From: Tru Huynh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CESA-2008:0836 Moderate CentOS 3 i386
libxml2 -   security update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2008:0836

libxml2 security update for CentOS 3 i386:
https://rhn.redhat.com/errata/RHSA-2008-0836.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/libxml2-2.5.10-11.i386.rpm
updates/i386/RPMS/libxml2-devel-2.5.10-11.i386.rpm
updates/i386/RPMS/libxml2-python-2.5.10-11.i386.rpm

source:
updates/SRPMS/libxml2-2.5.10-11.src.rpm

You may update your CentOS-3 i386 installations by running the command:

yum update libxml2\*

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20080827/0587746c/attachment-0001.bin

--

Message: 4
Date: Wed, 27 Aug 2008 00:56:20 +0200
From: Tru Huynh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CESA-2008:0836 Moderate CentOS 3 x86_64
libxml2 -   security update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; 

Re: [CentOS] restarting static-routes-ipv6

[Robert Moskowitz]

Barry Brimer wrote:

Quoting Robert Moskowitz <[EMAIL PROTECTED]>:

  

I want to change the contents of my /etc/sysconfig/static-routes-ipv6
and NOT restart the network.

Is there a way to do this???

I know about ifup and ifdown for interfaces, but what about routing (and
IP6 at that).



Have you tried /etc/sysconfig/network-scripts/ifup-routes ??

This did the trick. Thanks.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] apache

[Mad Unix]

I done this and it works
vi /etc/sysconfig/httpd

# Configuration file for the httpd service.

#
# The default processing model (MPM) is the process-based
# 'prefork' model.  A thread-based model, 'worker', is also
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
#HTTPD=/usr/sbin/httpd.worker

#
# To pass additional options (for instance, -D definitions) to the
# httpd binary at startup, set OPTIONS here.
#
#OPTIONS=

#
# By default, the httpd process is started in the C locale; to
# change the locale in which the server runs, the HTTPD_LANG
# variable can be set.
#
#HTTPD_LANG=C

ORACLE_BASE=/u01/oracle
ORACLE_HOME=/u01/oracle/10g
ORACLE_SID=king
LD_LIBRARY_PATH=$ORACLE_HOME/lib
LD_LIBRARY_PATH_32=$ORACLE_HOME/lib32
PATH=$PATH:$ORACLE_HOME/bin
NLS_LANG=AMERICAN_AMERICA.AR8MSWIN1256; export NLS_LANG
NLS_DATE_FORMAT=dd-mm- ; export NLS_DATE_FORMAT
export ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH LD_LIBRARY_PATH_32
PATH


On Tue, Aug 26, 2008 at 6:43 PM, Ross S. W. Walker <[EMAIL PROTECTED]>wrote:

> Jeff wrote:
> > On Tue, Aug 26, 2008 at 10:11 AM, Mad Unix <[EMAIL PROTECTED]> wrote:
> > > Can I do the following
> > >
> > > vi /etc/sysconfig/httpd
> > >
> > > # Configuration file for the httpd service.
> > >
> > > #
> > > # The default processing model (MPM) is the process-based
> > > # 'prefork' model.  A thread-based model, 'worker', is also
> > > # available, but does not work with some modules (such as PHP).
> > > # The service must be stopped before changing this variable.
> > > #
> > > #HTTPD=/usr/sbin/httpd.worker
> > >
> > > #
> > > # To pass additional options (for instance, -D definitions) to the
> > > # httpd binary at startup, set OPTIONS here.
> > > #
> > > #OPTIONS=
> > >
> > > #
> > > # By default, the httpd process is started in the C locale; to
> > > # change the locale in which the server runs, the HTTPD_LANG
> > > # variable can be set.
> > > #
> > > #HTTPD_LANG=C
> > > ORACLE_BASE=/u01/oracle
> > > ORACLE_HOME=/u01/oracle/10g
> > > ORACLE_SID=king
> > > LD_LIBRARY_PATH=$ORACLE_HOME/lib
> > > LD_LIBRARY_PATH_32=$ORACLE_HOME/lib32
> > > PATH=$PATH:$ORACLE_HOME/bin
> > > NLS_LANG=AMERICAN_AMERICA.AR8MSWIN1256; export NLS_LANG
> > > NLS_DATE_FORMAT=dd-mm- ; export NLS_DATE_FORMAT
> > > export ORACLE_BASE ORACLE_HOME ORACLE_SID LD_LIBRARY_PATH
> > LD_LIBRARY_PATH_32
> > > PATH
> > > ~
> > 
> >
> > Yes, that is the right way. But one point that was not clearly made is
> > that you probably ALSO need to add to your apache configuration:
> >
> > PassEnv ORACLE_BASE ORACLE_HOME [etc.]
> >
> > This make the values available to PHP.
>
> Or you could add those environment variables in /etc/profile.d, create
> a file called oracle.sh and put those environment variables there, then
> in /etc/httpd/conf.d create a file called oracle, and add the PassEnv
> directives there.
>
> At least this way the environment variables are available to all
> local processes and users.
>
> -Ross
>
> __
> This e-mail, and any attachments thereto, is intended only for use by
> the addressee(s) named herein and may contain legally privileged
> and/or confidential information. If you are not the intended recipient
> of this e-mail, you are hereby notified that any dissemination,
> distribution or copying of this e-mail, and any attachments thereto,
> is strictly prohibited. If you have received this e-mail in error,
> please immediately notify the sender and permanently delete the
> original and any copy or printout thereof.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Madunix_at_Gmail
Sysadmin

"Computers are useless. They can only give you answers" - Pablo Picasso
"Never trust a computer you can't throw out a window." - Steve Wozniak
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

[Robert Moskowitz]

Rob Townley wrote:
On Mon, Aug 11, 2008 at 11:15 PM, Robert Moskowitz 
<[EMAIL PROTECTED] > wrote:


Craig White wrote:

On Mon, 2008-08-11 at 23:28 -0400, Robert Moskowitz wrote:
 


Craig White wrote:
   


On Mon, 2008-08-11 at 21:11 -0400, Robert Moskowitz wrote:
   


I am doing some testing and it almost seems as if
Firefox 3.0.1 that comes with Centos 5.2 is NOT
working with IPv6.

Anyone know for sure?

I am getting weird hang behaviours and other just
not working things.
   



more likely a DNS issue
 


Name is coded in /etc/hosts

Of course the fqdn I am using does NOT follow 'standard'
TLDs, but it should NOT be masking that, or would that be
a 'security' feature?
   



I have no clue what you are talking about being coded in
/etc/hosts...

you can check DNS if it returns ipV6 addresses for hosts or if
there are
snags/delays in trying to resolve names from command line

p3490.htt is in my /etc/hosts file as something like:

2701:24:2:1:0:1:2:3   p3490.htt

I can 'ping6 -n p3490.htt'

But putting a url of http//p3490.htt does not work



___
CentOS mailing list
CentOS@centos.org 
http://lists.centos.org/mailman/listinfo/centos

DNS can be real slow when IPv6 is enabled.  For instance the following 
firefox delta would speed up firefox on IPv4 connections.  Maybe you 
need to turn it on?


You may have already found this, but it helped when I had the same 
problem.


In firefox type in about:config,
filter for 'ipv6' you should have an entry for network.dns.disableIPv6
right click on it and 'toggle' it to a true value,
restart firefox and see if it helps.


Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups faster 
by ignoring  records.


Further testing has IPv6 working just fine.  Thing is when I enable the 
HIP API intercepts, FIrefox does not work.  Like they are doing 
something 'non-standard' with the regualr TCP socket API so that HIP 
can't slide in there.  I tried disabling a number of options, thinking 
it might be some security setting, but if it is, I have not found it.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT - Offline uncorrectable sectors

[Nifty Cluster Mitch]

On Tue, Aug 26, 2008 at 04:02:22PM +0200, Lorenzo Quatrini wrote:
> William L. Maltby ha scritto:
> >From "man badblocks":
> > 
> > -n Use non-destructive read-write mode.  By  default  only  a  non-
> >destructive  read-only  test  is  done.  This option must not be
> >combined with the -w option, as they are mutually exclusive.
> > 
> > Note the phrase beginning with "By default only...". I'll admit it could
> > be more clearly stated.
> > 
> The Italian translation of the man page is outdated... I guess I sould stick
> with the original version of man pages, or at least remember to check them.
> 

Consider filing a bug --
One goal for the user community is to turn the old phrase RTFM
to be "Read The Fine Manual" in contrast to the historic profanity.

You can file it against either the English, the Italian translation
or both.

As an alternative you can post a difference file to a list like
this for discussion and ask ONE person to help you file the bug.

Translations are commonly not done by the maintainer so a bug can be
the best path.   If you need help with the mechanics of filing a bug 
ask...




-- 
T o m  M i t c h e l l 
Got a great hat... now what.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] nsswitch.conf, ldap, local groups problem

[Mark Hennessy]

I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing  
this problem.


Hello, I'm seeing a weird problem that perhaps someone has run into  
with groups.


First, a little background.
I was made aware of a problem with CentOS 5 where if the nscd password  
cache is clear and
someone tries to log in if there is no network connection with an LDAP  
account that it
just hangs.  Even worse, if the machine is rebooted and it continues  
to have no network
connection, even root login doesn't work.  I messed around with  
nsswitch.conf to fix this

problem.

I altered these lines as so:
passwd: files [!NOTFOUND=return] ldap
shadow: files [!NOTFOUND=return] ldap
group:  files [!NOTFOUND=return] ldap

and the problem seemed to go away.

But now, here's the weird stuff:
I have defined in my local /etc/groups file this line:
group1:x:100:apache
group2:x:101:apache

'getent group groupname' shows the right info:
# getent group group1
group1:x:100:apache

# sudo -u apache bash
$ groups
apache

I revert back to my old config:
# sudo -u apache bash
$ groups
apache group1 group2

Also, something else that's interesting. If I do this:
passwd: files [!NOTFOUND=return] ldap
shadow: files [!NOTFOUND=return] ldap
group:  ldap [NOTFOUND=continue] files

and reboot, udev segfaults and the system freezes up after a few more seconds.
Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault  
 "$@" $ARGS

/sbin/start_udev: line 201:   523 Segmentation fault  /sbin/udevd -d
Wait timeout. Will continue in the background.[FAILED]

Any advice?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help me

[William L. Maltby]

On Wed, 2008-08-27 at 12:00 +0530, Sadaruwan Samaraweera wrote:
> Hi,
> 
>  Yes I know what your saying ok! I didn't ask him any descent question
> but I gave a solution based on my experience. So why hell r u guy's
> coming after me

First, don't get offended. If you've been on any/many lists for awhile,
you'll know that time is at a premium for many of the participants and
they tend to give short answers. *And* when someone gives "definitive"
answers based on (possibly incorrect) assumptions (like the problem is
similar to yours, equipment similar to yours, net setup similar, ...)
they are quick to jump in because those answers may lead to severe
damage to the recipient. Sometimes immediate harm, sometimes longer-term
difficulty.

Because of those risks, it is important to try to fully understand (to a
*reasonable* extent, for the time expended) the nature of a problem, its
operational environment, various constraints that may be in place, etc.,
before offering solutions that may be tried. That is why, if you follow
the lists on *good* sites like CentOS, you will often see (I'll
exaggerate now) "My network card doesn't work! Help" followed by various
types of responses saying, essentially, something like "We need more
information" and those responses may ask specific questions.

Solving many technical problems can be difficult even in a hands-on
situation, it's inordinately more difficult to do remotely. As with
*any* resolution process, the first step is to identify the *problem*,
*not* the *symptoms*. Symptoms are clues pointing to the problem. Ergo,
sufficient, but *not* excessive information is a necessity.

*Experienced* people know this and will quickly try to help *educate*
those who don't seem to know this, whether is is the person with the
problem or one responding to the OP.

That's why we are "coming after you". The problem is not "we are coming
after you", the problem is that both the OP and you seem to have been
extremely casual in the problem resolution process and that engenders a
high degree of risk to the OP and none for you. Further it wastes the
valuable time of those who might try to help, both in reading the
original request for help (and then having to ask for even the most
basic pertinent information) and in reading replies that may be offered
that pose excessive risk to those who might use the offered solutions.
So, "education" is in order so that *all* may benefit, including the OP,
the folks who reply and even just those who have to wade through som
many useless posts (and post of the type being discussed ar, at best,
useless).

As long as no one is completely crude, rude and unattractive in their
replies (not always the case), you should take no offense.

My suggestion is you thicken your skin, contribute as you can and desire
to, with *due* *care*, and learn from others as we *all* learn from
others on this list.

> and as you said in the world of IT there are lot of perhaps OK buddy.

I don't know what you mean by this.

> 
> Regards,
> Sadaruwan

I won't even mention top posting or failure to snip text not needed. ;-)

> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Craig White]

On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing  
> this problem.
> 
> Hello, I'm seeing a weird problem that perhaps someone has run into  
> with groups.
> 
> First, a little background.
> I was made aware of a problem with CentOS 5 where if the nscd password  
> cache is clear and
> someone tries to log in if there is no network connection with an LDAP  
> account that it
> just hangs.  Even worse, if the machine is rebooted and it continues  
> to have no network
> connection, even root login doesn't work.  I messed around with  
> nsswitch.conf to fix this
> problem.
> 
> I altered these lines as so:
> passwd: files [!NOTFOUND=return] ldap
> shadow: files [!NOTFOUND=return] ldap
> group:  files [!NOTFOUND=return] ldap
> 
> and the problem seemed to go away.
> 
> But now, here's the weird stuff:
> I have defined in my local /etc/groups file this line:
> group1:x:100:apache
> group2:x:101:apache
> 
> 'getent group groupname' shows the right info:
> # getent group group1
> group1:x:100:apache
> 
> # sudo -u apache bash
> $ groups
> apache
> 
> I revert back to my old config:
> # sudo -u apache bash
> $ groups
> apache group1 group2
> 
> Also, something else that's interesting. If I do this:
> passwd: files [!NOTFOUND=return] ldap
> shadow: files [!NOTFOUND=return] ldap
> group:  ldap [NOTFOUND=continue] files
> 
> and reboot, udev segfaults and the system freezes up after a few more seconds.
> Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault  
>   "$@" $ARGS
> /sbin/start_udev: line 201:   523 Segmentation fault  /sbin/udevd -d
> Wait timeout. Will continue in the background.[FAILED]
> 
> Any advice?

Try putting this at the bottom of /etc/ldap.conf

timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap

I wouldn't recommend the changes that you have in nsswitch.conf

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems with writing Dual Layer DVD

[Chris Geldenhuis]

Hi,

I am running Centos 4 (fully updated on this box).

I removed the old DVD writer (/dev/hdc) and installed a new LG GH20 
"Internal Super Multi DVD Rewriter" with a SATA interface - this shows 
up as /dev/scd0.


When I insert a pre-recorded DVD autorun mounts it and displays the 
contents without any hassles. It appears to me that the required kernel 
modules are loaded - as copied below from lsmod output.


sata_nv18629  0
libata111261  1 sata_nv
sd_mod 17217  0
scsi_mod  125261  3 sr_mod,libata,sd_mod

I am using Verbatim DVD-RDL blanks.

When I try to write a pre-recorded iso to the DVD I get the following 
error message:


[EMAIL PROTECTED] growisofs -dvd-compat -Z /dev/dvdwriter=.iso
:-( /dev/dvdwriter: media is not recognized as recordable DVD: 10015

I have tried to do this as root with the same result. /dev/dvdwriter is 
a link to /dev/scd0 and has full read/write/execute permissions.


Output of growisofs -version:

* growisofs by <[EMAIL PROTECTED]>, version 5.21,
 front-ending to mkisofs: mkisofs 2.01 (i686-pc-linux-gnu)

Any suggestions will be welcome - if any further information is required 
I will do my best to supply it.


I have Googled with the error message but only get reports of this 
problem and no solutions.


TIA

ChrisG

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with writing Dual Layer DVD

[William L. Maltby]

On Wed, 2008-08-27 at 19:38 +0200, Chris Geldenhuis wrote:
> Hi,
> 
> I am running Centos 4 (fully updated on this box).
> 
> I removed the old DVD writer (/dev/hdc) and installed a new LG GH20 
> "Internal Super Multi DVD Rewriter" with a SATA interface - this shows 
> up as /dev/scd0.
> 
> When I insert a pre-recorded DVD autorun mounts it and displays the 
> contents without any hassles. It appears to me that the required kernel 
> modules are loaded - as copied below from lsmod output.
> 
> sata_nv18629  0
> libata111261  1 sata_nv
> sd_mod 17217  0
> scsi_mod  125261  3 sr_mod,libata,sd_mod
> 
> I am using Verbatim DVD-RDL blanks.
> 
> When I try to write a pre-recorded iso to the DVD I get the following 
> error message:
> 
> [EMAIL PROTECTED] growisofs -dvd-compat -Z /dev/dvdwriter=.iso
> :-( /dev/dvdwriter: media is not recognized as recordable DVD: 10015
> 
> I have tried to do this as root with the same result. /dev/dvdwriter is 
> a link to /dev/scd0 and has full read/write/execute permissions.
> 
> Output of growisofs -version:
> 
> * growisofs by <[EMAIL PROTECTED]>, version 5.21,
>   front-ending to mkisofs: mkisofs 2.01 (i686-pc-linux-gnu)
> 
> Any suggestions will be welcome - if any further information is required 
> I will do my best to supply it.

I'm *really* a novice at this, but the first time I tried to record a
DVD (I use cdrecord) I learned that the media needed to be formatted
first. I don't know if what your using is already formatted, if your
software does it for you or if it's even needed.

Using the cdrecord software, there are flags that will let me know.

> 
> I have Googled with the error message but only get reports of this 
> problem and no solutions.
> 
> TIA
> 
> ChrisG
> 

HTH
-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with writing Dual Layer DVD

[Chris Geldenhuis]

William L. Maltby wrote:

On Wed, 2008-08-27 at 19:38 +0200, Chris Geldenhuis wrote:
  

Hi,

I am running Centos 4 (fully updated on this box).

I removed the old DVD writer (/dev/hdc) and installed a new LG GH20 
"Internal Super Multi DVD Rewriter" with a SATA interface - this shows 
up as /dev/scd0.


When I insert a pre-recorded DVD autorun mounts it and displays the 
contents without any hassles. It appears to me that the required kernel 
modules are loaded - as copied below from lsmod output.


sata_nv18629  0
libata111261  1 sata_nv
sd_mod 17217  0
scsi_mod  125261  3 sr_mod,libata,sd_mod

I am using Verbatim DVD-RDL blanks.

When I try to write a pre-recorded iso to the DVD I get the following 
error message:


[EMAIL PROTECTED] growisofs -dvd-compat -Z /dev/dvdwriter=.iso
:-( /dev/dvdwriter: media is not recognized as recordable DVD: 10015

I have tried to do this as root with the same result. /dev/dvdwriter is 
a link to /dev/scd0 and has full read/write/execute permissions.


Output of growisofs -version:

* growisofs by <[EMAIL PROTECTED]>, version 5.21,
  front-ending to mkisofs: mkisofs 2.01 (i686-pc-linux-gnu)

Any suggestions will be welcome - if any further information is required 
I will do my best to supply it.



I'm *really* a novice at this, but the first time I tried to record a
DVD (I use cdrecord) I learned that the media needed to be formatted
first. I don't know if what your using is already formatted, if your
software does it for you or if it's even needed.

Using the cdrecord software, there are flags that will let me know.

  
I have Googled with the error message but only get reports of this 
problem and no solutions.


TIA

ChrisG




HTH
  

Hi Bill,

Thanks for the quick response - I did try to format with dvd+rw tools 
but also got a respnse that the media was not recordable. AFAIK it 
should not be required.


From reading your many and interesting posts to this list I realize 
that we must be contemporaries (possoibly I started programming before 
you - circa 1963 on a ICL1500 aka RCA 301 in assembler or directly 
punching machine code into punch cards).


I do appreciate your responses as they always  are helpfull and when 
them flame wars flare up you remain sensible.


Thanks again

ChrisG
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Mark Hennessy]

Quoting Craig White <[EMAIL PROTECTED]>:


On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:

I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
this problem.

Hello, I'm seeing a weird problem that perhaps someone has run into
with groups.

First, a little background.
I was made aware of a problem with CentOS 5 where if the nscd password
cache is clear and
someone tries to log in if there is no network connection with an LDAP
account that it
just hangs.  Even worse, if the machine is rebooted and it continues
to have no network
connection, even root login doesn't work.  I messed around with
nsswitch.conf to fix this
problem.

I altered these lines as so:
passwd: files [!NOTFOUND=return] ldap
shadow: files [!NOTFOUND=return] ldap
group:  files [!NOTFOUND=return] ldap

and the problem seemed to go away.

But now, here's the weird stuff:
I have defined in my local /etc/groups file this line:
group1:x:100:apache
group2:x:101:apache

'getent group groupname' shows the right info:
# getent group group1
group1:x:100:apache

# sudo -u apache bash
$ groups
apache

I revert back to my old config:
# sudo -u apache bash
$ groups
apache group1 group2

Also, something else that's interesting. If I do this:
passwd: files [!NOTFOUND=return] ldap
shadow: files [!NOTFOUND=return] ldap
group:  ldap [NOTFOUND=continue] files

and reboot, udev segfaults and the system freezes up after a few   
more seconds.

Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
  "$@" $ARGS
/sbin/start_udev: line 201:   523 Segmentation fault  /sbin/udevd -d
Wait timeout. Will continue in the background.[FAILED]

Any advice?


Try putting this at the bottom of /etc/ldap.conf

timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap

I wouldn't recommend the changes that you have in nsswitch.conf


Unfortunately, that doesn't work either.
I made the changes, shut down the machine and started it without  
networking, and here's what happens:


login: root
Password:

login:

login pukes and init starts it again.


Craig




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Craig White]

On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote:
> Quoting Craig White <[EMAIL PROTECTED]>:
> 
> > On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
> >> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
> >> this problem.
> >>
> >> Hello, I'm seeing a weird problem that perhaps someone has run into
> >> with groups.
> >>
> >> First, a little background.
> >> I was made aware of a problem with CentOS 5 where if the nscd password
> >> cache is clear and
> >> someone tries to log in if there is no network connection with an LDAP
> >> account that it
> >> just hangs.  Even worse, if the machine is rebooted and it continues
> >> to have no network
> >> connection, even root login doesn't work.  I messed around with
> >> nsswitch.conf to fix this
> >> problem.
> >>
> >> I altered these lines as so:
> >> passwd: files [!NOTFOUND=return] ldap
> >> shadow: files [!NOTFOUND=return] ldap
> >> group:  files [!NOTFOUND=return] ldap
> >>
> >> and the problem seemed to go away.
> >>
> >> But now, here's the weird stuff:
> >> I have defined in my local /etc/groups file this line:
> >> group1:x:100:apache
> >> group2:x:101:apache
> >>
> >> 'getent group groupname' shows the right info:
> >> # getent group group1
> >> group1:x:100:apache
> >>
> >> # sudo -u apache bash
> >> $ groups
> >> apache
> >>
> >> I revert back to my old config:
> >> # sudo -u apache bash
> >> $ groups
> >> apache group1 group2
> >>
> >> Also, something else that's interesting. If I do this:
> >> passwd: files [!NOTFOUND=return] ldap
> >> shadow: files [!NOTFOUND=return] ldap
> >> group:  ldap [NOTFOUND=continue] files
> >>
> >> and reboot, udev segfaults and the system freezes up after a few   
> >> more seconds.
> >> Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
> >>   "$@" $ARGS
> >> /sbin/start_udev: line 201:   523 Segmentation fault  /sbin/udevd -d
> >> Wait timeout. Will continue in the background.[FAILED]
> >>
> >> Any advice?
> > 
> > Try putting this at the bottom of /etc/ldap.conf
> >
> > timelimit 30
> > bind_timelimit 30
> > bind_policy soft
> > nss_initgroups_ignoreusers root,ldap
> >
> > I wouldn't recommend the changes that you have in nsswitch.conf
> 
> Unfortunately, that doesn't work either.
> I made the changes, shut down the machine and started it without  
> networking, and here's what happens:
> 
> login: root
> Password:
> 
> login:
> 
> login pukes and init starts it again.

you shouldn't need to restart but if you can't login as root, you
probably still have something messed up in /etc/nsswitch.conf or may
have messed up /etc/passwd | /etc/shadow

can you login as a user and su - to root?

if not, it probably would be best to boot to runlevel 1 and
edit /etc/nsswitch.conf so it has this...

passwd: files ldap
shadow: files ldap
group:  files ldap

and remove the NOTFOUND entries

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with writing Dual Layer DVD

[William L. Maltby]

On Wed, 2008-08-27 at 20:13 +0200, Chris Geldenhuis wrote:
> William L. Maltby wrote:
> > On Wed, 2008-08-27 at 19:38 +0200, Chris Geldenhuis wrote:
> >   

LG GH20

> >>

> >> I am using Verbatim DVD-RDL blanks.

Did a quick perusal of the Verbatim and LG specs. Looks OK.

> >>
> >> When I try to write a pre-recorded iso to the DVD I get the following 
> >> error message:
> >>
> >> [EMAIL PROTECTED] growisofs -dvd-compat -Z 
> >> /dev/dvdwriter=.iso
> >> :-( /dev/dvdwriter: media is not recognized as recordable DVD: 10015
> >>
> >> I have tried to do this as root with the same result. /dev/dvdwriter is 
> >> a link to /dev/scd0 and has full read/write/execute permissions.
> >>
> >>

> >> I have Googled with the error message but only get reports of this 
> >> problem and no solutions.

Yeah. I've often wondered if folks just give up or don't bother to post
when they either find a solution or find an embarrassing problem and
don't want to acknowledge it.  :-;

> Thanks for the quick response - I did try to format with dvd+rw tools 
> but also got a response that the media was not recordable. AFAIK it 
> should not be required.

With two software packages indicating not recordable, I'm betting that
the drivers *or* the applications currently on the system are not
up-to-date enough to handle the dual layer facility. This is an
unfortunate side-effect of enterprise-class systems, which will tend to
run behind overall. Unfortunately, every new "feature" on these types of
devices requires new driver support.

My updated 5.2 has these 
   cdrdao-1.2.1-2.i386
   cdrecord-2.01-10.i386
   xcdroast-0.98a15-12.2.2.i386

Rpmforge has only the development rpm for the current cdrecord.

I don't have atrpm on my system. You might check there and see if they
have later packages. Just be aware that many months ago that repo was
less trusted (IIRC, considered unstable and overlaid base packages if
you weren't careful), but that may not be the case now. Plus, since
then, yum priorities and protect have become available (can protect
against overlay of base packages).

If your vendor offers *any* tech support, they *may* be able to tell you
if they know of any sources (yum repos, source code, distributions -
Fedora is a likely candidate) that they know supports the dual layer
feature.

Also, visit the manufacturers web site. Sometimes they might have
technical information that includes drivers needed or linux releases,
etc. Often they have support via e-mail that may help.

Barring any immediate solutions, I would try using regular DVD+-RW media
and wait until the software catches up. You won't have wasted your $$,
it's just a deferred benefit thingy.

OH! Almost forgot, visit the cdrecord home web-site. Lots of good stuff
there. I forget the URL, but I think it's in one of the files
in /usr/share/doc/cdrecord-2.01. Be warned that that author has a
long-term dim view of the Linux SCSI interface implementation and is
apparently on a crusade about it.

If you do install something outside of the CentOS and related repos, be
aware of the risks and potential workload as updates occur.

> 
>  From reading your many and interesting posts to this list I realize 
> that we must be contemporaries (possibly I started programming before 
> you - circa 1963 on a ICL1500 aka RCA 301 in assembler or directly 
> punching machine code into punch cards).

Yep. I had my 1st professional job in 1969. I was in the "modern" age,
S360 stuff was the equipment then. The punch cards were still there,
made on 026 and 029 card punches and read by MFCMs to load programs into
IBM's DOS.

I guess we're both old enough to fill in for JP when the resident
curmudgeon is not on-list.  ;-)

> 
> I do appreciate your responses as they always  are helpfull and when 
> them flame wars flare up you remain sensible.

Thanks. The "sensible" part took a lot of years and the majority of my
youth to develop!

> 
> Thanks again
> 
> ChrisG
> 

I hope some of this ends up helping.

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with writing Dual Layer DVD

[MHR]

On Wed, Aug 27, 2008 at 11:13 AM, Chris Geldenhuis
<[EMAIL PROTECTED]> wrote:
>
> Hi Bill,
>
> Thanks for the quick response - I did try to format with dvd+rw tools but
> also got a respnse that the media was not recordable. AFAIK it should not be
> required.
>

I usually use K3B for all my CD and DVD recording needs - it works
nicely, even under GNOME (I don't use KDE).

I've never had a problem like the one you describe, but I've upgraded
to each new CentOS release fairly quickly, so I'm on 5.2, and that
might be better.

The one problem I did have with a "new" DVD burner was that it would
only write at 2.47x at the fastest, and it was supposed to be a 20x
drive.  The manufacturer suggested I RMA it, which I will if I ever
get around to taking it out and putting in a (different, known good)
one.

I also have mplayer/mencoder installed (and vobcopy and a few others),
so I don't know if any of them might be involved peripherally,
dragging in a more recent module from rpmforge, but I'm thinking you
could try K3B and not lose anything if it works.

HTH

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with writing Dual Layer DVD

[Anne Wilson]

On Wednesday 27 August 2008 20:27:15 MHR wrote:
> On Wed, Aug 27, 2008 at 11:13 AM, Chris Geldenhuis
>
> <[EMAIL PROTECTED]> wrote:
> > Hi Bill,
> >
> > Thanks for the quick response - I did try to format with dvd+rw tools but
> > also got a respnse that the media was not recordable. AFAIK it should not
> > be required.
>
> I usually use K3B for all my CD and DVD recording needs - it works
> nicely, even under GNOME (I don't use KDE).
>
> I've never had a problem like the one you describe, but I've upgraded
> to each new CentOS release fairly quickly, so I'm on 5.2, and that
> might be better.
>
> The one problem I did have with a "new" DVD burner was that it would
> only write at 2.47x at the fastest, and it was supposed to be a 20x
> drive.  The manufacturer suggested I RMA it, which I will if I ever
> get around to taking it out and putting in a (different, known good)
> one.
>
> I also have mplayer/mencoder installed (and vobcopy and a few others),
> so I don't know if any of them might be involved peripherally,
> dragging in a more recent module from rpmforge, but I'm thinking you
> could try K3B and not lose anything if it works.
>
One question to Chris - did you click on the status bar where you need to 
change the disk type?

Anne



signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] RADVD address timeouts

[Robert Moskowitz]

I am using RADVD to assign IPv6 addresses.  It works for 'static' devices.

I want it to work for devices that move to different networks without 
having to restart the network on those devices.  So if I have a notebook 
on network Lab1 getting prefix 2607:7:4:1::64 and moves to network Lab2 
where RADVD advertises prefix 2607:7:4:2::/64, I want the host to switch 
to the new address.  This is NOT for MobileIP.


Right now I get the new global address, but the old address never goes 
away.  I have tried setting AdvPreferredLifetime, but that has not helped.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Problems with writing Dual Layer DVD

[Axel Thimm]

On Wed, Aug 27, 2008 at 03:19:01PM -0400, William L. Maltby wrote:
> My updated 5.2 has these 
>cdrdao-1.2.1-2.i386
>cdrecord-2.01-10.i386
>xcdroast-0.98a15-12.2.2.i386
> 
> Rpmforge has only the development rpm for the current cdrecord.
> 
> I don't have atrpm on my system. You might check there and see if they
> have later packages. Just be aware that many months ago that repo was
> less trusted (IIRC, considered unstable and overlaid base packages if
> you weren't careful), but that may not be the case now. Plus, since
> then, yum priorities and protect have become available (can protect
> against overlay of base packages).

Hearsay, your honour!

Well, there's some FUD floating around about ATrpms - I'm of course
biased in the other direction. Suffice it to say that you will not
find any report of unstable packages in the "stable" repo, and that
since RHEL5/CentOS5's birth there were no "stable" packages replacing
CentOS packages but one that accidentially was in the "stable" and was
fixed minutes within the report (I forgot which package it was, just
check these archives, it was O(1-2 months) ago).

There is also nothing that has happened in the last months to
increase/decrease ATrpms' trustworthiness. Maybe less FUD and
gossiping. ;)

Finally yum priorities and protect have been long enough available to
show that they create more bugs than they solve. If you don't trust a
repo, just don't use it. Selective/partial enabling creates per user
bugs that no one can diagnose.

But to get back to the actual issue: No, ATrpms has neither cdrdao,
nor cdrecord, nor xcdroast.
-- 
Axel.Thimm at ATrpms.net


pgp57Ri2yIskI.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Mark Hennessy]

Quoting Craig White <[EMAIL PROTECTED]>:


On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote:

Quoting Craig White <[EMAIL PROTECTED]>:

> On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
>> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
>> this problem.
>>
>> Hello, I'm seeing a weird problem that perhaps someone has run into
>> with groups.
>>
>> First, a little background.
>> I was made aware of a problem with CentOS 5 where if the nscd password
>> cache is clear and
>> someone tries to log in if there is no network connection with an LDAP
>> account that it
>> just hangs.  Even worse, if the machine is rebooted and it continues
>> to have no network
>> connection, even root login doesn't work.  I messed around with
>> nsswitch.conf to fix this
>> problem.
>>
>> I altered these lines as so:
>> passwd: files [!NOTFOUND=return] ldap
>> shadow: files [!NOTFOUND=return] ldap
>> group:  files [!NOTFOUND=return] ldap
>>
>> and the problem seemed to go away.
>>
>> But now, here's the weird stuff:
>> I have defined in my local /etc/groups file this line:
>> group1:x:100:apache
>> group2:x:101:apache
>>
>> 'getent group groupname' shows the right info:
>> # getent group group1
>> group1:x:100:apache
>>
>> # sudo -u apache bash
>> $ groups
>> apache
>>
>> I revert back to my old config:
>> # sudo -u apache bash
>> $ groups
>> apache group1 group2
>>
>> Also, something else that's interesting. If I do this:
>> passwd: files [!NOTFOUND=return] ldap
>> shadow: files [!NOTFOUND=return] ldap
>> group:  ldap [NOTFOUND=continue] files
>>
>> and reboot, udev segfaults and the system freezes up after a few
>> more seconds.
>> Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
>>   "$@" $ARGS
>> /sbin/start_udev: line 201:   523 Segmentation fault  /sbin/udevd -d
>> Wait timeout. Will continue in the background.[FAILED]
>>
>> Any advice?
> 
> Try putting this at the bottom of /etc/ldap.conf
>
> timelimit 30
> bind_timelimit 30
> bind_policy soft
> nss_initgroups_ignoreusers root,ldap
>
> I wouldn't recommend the changes that you have in nsswitch.conf

Unfortunately, that doesn't work either.
I made the changes, shut down the machine and started it without
networking, and here's what happens:

login: root
Password:

login:

login pukes and init starts it again.


you shouldn't need to restart but if you can't login as root, you
probably still have something messed up in /etc/nsswitch.conf or may
have messed up /etc/passwd | /etc/shadow

can you login as a user and su - to root?

if not, it probably would be best to boot to runlevel 1 and
edit /etc/nsswitch.conf so it has this...

passwd: files ldap
shadow: files ldap
group:  files ldap

and remove the NOTFOUND entries


Yes, done.
Without networking, still the login failure trouble.

With networking, no trouble at all, but with those timeouts of 30  
seconds and without those changes to nsswitch.conf, it takes a while  
for the first root login to succeed even though it is using local auth.




Craig





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Craig White]

On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote:
> Quoting Craig White <[EMAIL PROTECTED]>:
> 
> > On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote:
> >> Quoting Craig White <[EMAIL PROTECTED]>:
> >>
> >> > On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
> >> >> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
> >> >> this problem.
> >> >>
> >> >> Hello, I'm seeing a weird problem that perhaps someone has run into
> >> >> with groups.
> >> >>
> >> >> First, a little background.
> >> >> I was made aware of a problem with CentOS 5 where if the nscd password
> >> >> cache is clear and
> >> >> someone tries to log in if there is no network connection with an LDAP
> >> >> account that it
> >> >> just hangs.  Even worse, if the machine is rebooted and it continues
> >> >> to have no network
> >> >> connection, even root login doesn't work.  I messed around with
> >> >> nsswitch.conf to fix this
> >> >> problem.
> >> >>
> >> >> I altered these lines as so:
> >> >> passwd: files [!NOTFOUND=return] ldap
> >> >> shadow: files [!NOTFOUND=return] ldap
> >> >> group:  files [!NOTFOUND=return] ldap
> >> >>
> >> >> and the problem seemed to go away.
> >> >>
> >> >> But now, here's the weird stuff:
> >> >> I have defined in my local /etc/groups file this line:
> >> >> group1:x:100:apache
> >> >> group2:x:101:apache
> >> >>
> >> >> 'getent group groupname' shows the right info:
> >> >> # getent group group1
> >> >> group1:x:100:apache
> >> >>
> >> >> # sudo -u apache bash
> >> >> $ groups
> >> >> apache
> >> >>
> >> >> I revert back to my old config:
> >> >> # sudo -u apache bash
> >> >> $ groups
> >> >> apache group1 group2
> >> >>
> >> >> Also, something else that's interesting. If I do this:
> >> >> passwd: files [!NOTFOUND=return] ldap
> >> >> shadow: files [!NOTFOUND=return] ldap
> >> >> group:  ldap [NOTFOUND=continue] files
> >> >>
> >> >> and reboot, udev segfaults and the system freezes up after a few
> >> >> more seconds.
> >> >> Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
> >> >>   "$@" $ARGS
> >> >> /sbin/start_udev: line 201:   523 Segmentation fault  /sbin/udevd -d
> >> >> Wait timeout. Will continue in the background.[FAILED]
> >> >>
> >> >> Any advice?
> >> > 
> >> > Try putting this at the bottom of /etc/ldap.conf
> >> >
> >> > timelimit 30
> >> > bind_timelimit 30
> >> > bind_policy soft
> >> > nss_initgroups_ignoreusers root,ldap
> >> >
> >> > I wouldn't recommend the changes that you have in nsswitch.conf
> >>
> >> Unfortunately, that doesn't work either.
> >> I made the changes, shut down the machine and started it without
> >> networking, and here's what happens:
> >>
> >> login: root
> >> Password:
> >>
> >> login:
> >>
> >> login pukes and init starts it again.
> > 
> > you shouldn't need to restart but if you can't login as root, you
> > probably still have something messed up in /etc/nsswitch.conf or may
> > have messed up /etc/passwd | /etc/shadow
> >
> > can you login as a user and su - to root?
> >
> > if not, it probably would be best to boot to runlevel 1 and
> > edit /etc/nsswitch.conf so it has this...
> >
> > passwd: files ldap
> > shadow: files ldap
> > group:  files ldap
> >
> > and remove the NOTFOUND entries
> 
> Yes, done.
> Without networking, still the login failure trouble.
> 
> With networking, no trouble at all, but with those timeouts of 30  
> seconds and without those changes to nsswitch.conf, it takes a while  
> for the first root login to succeed even though it is using local auth.

do you have this line in /etc/pam.d/system-auth

account sufficientpam_localuser.so

???

What does your /etc/pam.d/system-auth look like?

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Mark Hennessy]

Quoting Craig White <[EMAIL PROTECTED]>:


On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote:

Quoting Craig White <[EMAIL PROTECTED]>:

> On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote:
>> Quoting Craig White <[EMAIL PROTECTED]>:
>>
>> > On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
>> >> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
>> >> this problem.
>> >>
>> >> Hello, I'm seeing a weird problem that perhaps someone has run into
>> >> with groups.
>> >>
>> >> First, a little background.
>> >> I was made aware of a problem with CentOS 5 where if the nscd password
>> >> cache is clear and
>> >> someone tries to log in if there is no network connection with an LDAP
>> >> account that it
>> >> just hangs.  Even worse, if the machine is rebooted and it continues
>> >> to have no network
>> >> connection, even root login doesn't work.  I messed around with
>> >> nsswitch.conf to fix this
>> >> problem.
>> >>
>> >> I altered these lines as so:
>> >> passwd: files [!NOTFOUND=return] ldap
>> >> shadow: files [!NOTFOUND=return] ldap
>> >> group:  files [!NOTFOUND=return] ldap
>> >>
>> >> and the problem seemed to go away.
>> >>
>> >> But now, here's the weird stuff:
>> >> I have defined in my local /etc/groups file this line:
>> >> group1:x:100:apache
>> >> group2:x:101:apache
>> >>
>> >> 'getent group groupname' shows the right info:
>> >> # getent group group1
>> >> group1:x:100:apache
>> >>
>> >> # sudo -u apache bash
>> >> $ groups
>> >> apache
>> >>
>> >> I revert back to my old config:
>> >> # sudo -u apache bash
>> >> $ groups
>> >> apache group1 group2
>> >>
>> >> Also, something else that's interesting. If I do this:
>> >> passwd: files [!NOTFOUND=return] ldap
>> >> shadow: files [!NOTFOUND=return] ldap
>> >> group:  ldap [NOTFOUND=continue] files
>> >>
>> >> and reboot, udev segfaults and the system freezes up after a few
>> >> more seconds.
>> >> Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
>> >>   "$@" $ARGS
>> >> /sbin/start_udev: line 201:   523 Segmentation fault
/sbin/udevd -d

>> >> Wait timeout. Will continue in the background.[FAILED]
>> >>
>> >> Any advice?
>> > 
>> > Try putting this at the bottom of /etc/ldap.conf
>> >
>> > timelimit 30
>> > bind_timelimit 30
>> > bind_policy soft
>> > nss_initgroups_ignoreusers root,ldap
>> >
>> > I wouldn't recommend the changes that you have in nsswitch.conf
>>
>> Unfortunately, that doesn't work either.
>> I made the changes, shut down the machine and started it without
>> networking, and here's what happens:
>>
>> login: root
>> Password:
>>
>> login:
>>
>> login pukes and init starts it again.
> 
> you shouldn't need to restart but if you can't login as root, you
> probably still have something messed up in /etc/nsswitch.conf or may
> have messed up /etc/passwd | /etc/shadow
>
> can you login as a user and su - to root?
>
> if not, it probably would be best to boot to runlevel 1 and
> edit /etc/nsswitch.conf so it has this...
>
> passwd: files ldap
> shadow: files ldap
> group:  files ldap
>
> and remove the NOTFOUND entries

Yes, done.
Without networking, still the login failure trouble.

With networking, no trouble at all, but with those timeouts of 30
seconds and without those changes to nsswitch.conf, it takes a while
for the first root login to succeed even though it is using local auth.


do you have this line in /etc/pam.d/system-auth

account sufficientpam_localuser.so

???

What does your /etc/pam.d/system-auth look like?

my /etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired  pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid >= 500 quiet
authsufficientpam_ldap.so use_first_pass debug
authrequired  pam_deny.so

account required  pam_unix.so broken_shadow
account sufficientpam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required  pam_permit.so

passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so md5 shadow nullok try_first_pass  
use_authtok

passwordsufficientpam_ldap.so use_authtok debug
passwordrequired  pam_deny.so

session optional  pam_keyinit.so revoke
session required  pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in  
crond quiet use_uid

session required  pam_unix.so
session optional  pam_ldap.so debug
session required  pam_mkhomedir.so skel=/etc/skel umask=0022


===
I added

account sufficientpam_localuser.so

right before pam_ldap in the account section and tried again with the  
same procedure (turn off networking (chkconfig --levels 2345 network  
off), reboot).


Same res

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Craig White]

On Wed, 2008-08-27 at 17:35 -0400, Mark Hennessy wrote:
> Quoting Craig White <[EMAIL PROTECTED]>:
> 
> > On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote:
> >> Quoting Craig White <[EMAIL PROTECTED]>:
> >>
> >> > On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote:
> >> >> Quoting Craig White <[EMAIL PROTECTED]>:
> >> >>
> >> >> > On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
> >> >> >> I'm using CentOS 5.0,5.1, and 5.2 on several systems where I'm seeing
> >> >> >> this problem.
> >> >> >>
> >> >> >> Hello, I'm seeing a weird problem that perhaps someone has run into
> >> >> >> with groups.
> >> >> >>
> >> >> >> First, a little background.
> >> >> >> I was made aware of a problem with CentOS 5 where if the nscd 
> >> >> >> password
> >> >> >> cache is clear and
> >> >> >> someone tries to log in if there is no network connection with an 
> >> >> >> LDAP
> >> >> >> account that it
> >> >> >> just hangs.  Even worse, if the machine is rebooted and it continues
> >> >> >> to have no network
> >> >> >> connection, even root login doesn't work.  I messed around with
> >> >> >> nsswitch.conf to fix this
> >> >> >> problem.
> >> >> >>
> >> >> >> I altered these lines as so:
> >> >> >> passwd: files [!NOTFOUND=return] ldap
> >> >> >> shadow: files [!NOTFOUND=return] ldap
> >> >> >> group:  files [!NOTFOUND=return] ldap
> >> >> >>
> >> >> >> and the problem seemed to go away.
> >> >> >>
> >> >> >> But now, here's the weird stuff:
> >> >> >> I have defined in my local /etc/groups file this line:
> >> >> >> group1:x:100:apache
> >> >> >> group2:x:101:apache
> >> >> >>
> >> >> >> 'getent group groupname' shows the right info:
> >> >> >> # getent group group1
> >> >> >> group1:x:100:apache
> >> >> >>
> >> >> >> # sudo -u apache bash
> >> >> >> $ groups
> >> >> >> apache
> >> >> >>
> >> >> >> I revert back to my old config:
> >> >> >> # sudo -u apache bash
> >> >> >> $ groups
> >> >> >> apache group1 group2
> >> >> >>
> >> >> >> Also, something else that's interesting. If I do this:
> >> >> >> passwd: files [!NOTFOUND=return] ldap
> >> >> >> shadow: files [!NOTFOUND=return] ldap
> >> >> >> group:  ldap [NOTFOUND=continue] files
> >> >> >>
> >> >> >> and reboot, udev segfaults and the system freezes up after a few
> >> >> >> more seconds.
> >> >> >> Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
> >> >> >>   "$@" $ARGS
> >> >> >> /sbin/start_udev: line 201:   523 Segmentation fault
> >> /sbin/udevd -d
> >> >> >> Wait timeout. Will continue in the background.[FAILED]
> >> >> >>
> >> >> >> Any advice?
> >> >> > 
> >> >> > Try putting this at the bottom of /etc/ldap.conf
> >> >> >
> >> >> > timelimit 30
> >> >> > bind_timelimit 30
> >> >> > bind_policy soft
> >> >> > nss_initgroups_ignoreusers root,ldap
> >> >> >
> >> >> > I wouldn't recommend the changes that you have in nsswitch.conf
> >> >>
> >> >> Unfortunately, that doesn't work either.
> >> >> I made the changes, shut down the machine and started it without
> >> >> networking, and here's what happens:
> >> >>
> >> >> login: root
> >> >> Password:
> >> >>
> >> >> login:
> >> >>
> >> >> login pukes and init starts it again.
> >> > 
> >> > you shouldn't need to restart but if you can't login as root, you
> >> > probably still have something messed up in /etc/nsswitch.conf or may
> >> > have messed up /etc/passwd | /etc/shadow
> >> >
> >> > can you login as a user and su - to root?
> >> >
> >> > if not, it probably would be best to boot to runlevel 1 and
> >> > edit /etc/nsswitch.conf so it has this...
> >> >
> >> > passwd: files ldap
> >> > shadow: files ldap
> >> > group:  files ldap
> >> >
> >> > and remove the NOTFOUND entries
> >>
> >> Yes, done.
> >> Without networking, still the login failure trouble.
> >>
> >> With networking, no trouble at all, but with those timeouts of 30
> >> seconds and without those changes to nsswitch.conf, it takes a while
> >> for the first root login to succeed even though it is using local auth.
> > 
> > do you have this line in /etc/pam.d/system-auth
> >
> > account sufficientpam_localuser.so
> >
> > ???
> >
> > What does your /etc/pam.d/system-auth look like?
> my /etc/pam.d/system-auth:
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> authrequired  pam_env.so
> authsufficientpam_unix.so nullok try_first_pass
> authrequisite pam_succeed_if.so uid >= 500 quiet
> authsufficientpam_ldap.so use_first_pass debug
> authrequired  pam_deny.so
> 
> account required  pam_unix.so broken_shadow
> account sufficientpam_succeed_if.so uid < 500 quiet
> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
> account required  pam_permit.so
> 
> passwordrequisite pam_cracklib.so try_first_pass retry=3
> passwordsufficientpam_unix.so md5 shadow nullok try_first_pass  
> u

[CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad

[Michael Peterson]

Our new lab has HP Intel Core 2 Quad systems with DVD/CDRW and SATA.
I can provide the model number if needed.

They stop on kernel startup when trying to boot the CentOS 5.2 boot CD.
It is during ACPI.

I have tried linux noprobe and linux pci=noacpi and linux noprobe
pci=noacpi.

I still cannot get to the first install screen.

Fedora 10 Live will not but up either.

I am using Fedora 9 from Live and DVD Install to teach a fall class and it
works fine.

Would CentOS 5.3 possibly work once it is released?




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Mark Hennessy]

Quoting Craig White <[EMAIL PROTECTED]>:


On Wed, 2008-08-27 at 17:35 -0400, Mark Hennessy wrote:

Quoting Craig White <[EMAIL PROTECTED]>:

> On Wed, 2008-08-27 at 17:07 -0400, Mark Hennessy wrote:
>> Quoting Craig White <[EMAIL PROTECTED]>:
>>
>> > On Wed, 2008-08-27 at 14:53 -0400, Mark Hennessy wrote:
>> >> Quoting Craig White <[EMAIL PROTECTED]>:
>> >>
>> >> > On Wed, 2008-08-27 at 12:34 -0400, Mark Hennessy wrote:
>> >> >> I'm using CentOS 5.0,5.1, and 5.2 on several systems where  
 I'm seeing

>> >> >> this problem.
>> >> >>
>> >> >> Hello, I'm seeing a weird problem that perhaps someone has run into
>> >> >> with groups.
>> >> >>
>> >> >> First, a little background.
>> >> >> I was made aware of a problem with CentOS 5 where if the   
nscd password

>> >> >> cache is clear and
>> >> >> someone tries to log in if there is no network connection   
with an LDAP

>> >> >> account that it
>> >> >> just hangs.  Even worse, if the machine is rebooted and it  
 continues

>> >> >> to have no network
>> >> >> connection, even root login doesn't work.  I messed around with
>> >> >> nsswitch.conf to fix this
>> >> >> problem.
>> >> >>
>> >> >> I altered these lines as so:
>> >> >> passwd: files [!NOTFOUND=return] ldap
>> >> >> shadow: files [!NOTFOUND=return] ldap
>> >> >> group:  files [!NOTFOUND=return] ldap
>> >> >>
>> >> >> and the problem seemed to go away.
>> >> >>
>> >> >> But now, here's the weird stuff:
>> >> >> I have defined in my local /etc/groups file this line:
>> >> >> group1:x:100:apache
>> >> >> group2:x:101:apache
>> >> >>
>> >> >> 'getent group groupname' shows the right info:
>> >> >> # getent group group1
>> >> >> group1:x:100:apache
>> >> >>
>> >> >> # sudo -u apache bash
>> >> >> $ groups
>> >> >> apache
>> >> >>
>> >> >> I revert back to my old config:
>> >> >> # sudo -u apache bash
>> >> >> $ groups
>> >> >> apache group1 group2
>> >> >>
>> >> >> Also, something else that's interesting. If I do this:
>> >> >> passwd: files [!NOTFOUND=return] ldap
>> >> >> shadow: files [!NOTFOUND=return] ldap
>> >> >> group:  ldap [NOTFOUND=continue] files
>> >> >>
>> >> >> and reboot, udev segfaults and the system freezes up after a few
>> >> >> more seconds.
>> >> >> Starting udev: /sbin/start_udev: line 43:   519 Segmentation fault
>> >> >>   "$@" $ARGS
>> >> >> /sbin/start_udev: line 201:   523 Segmentation fault
>> /sbin/udevd -d
>> >> >> Wait timeout. Will continue in the background.[FAILED]
>> >> >>
>> >> >> Any advice?
>> >> > 
>> >> > Try putting this at the bottom of /etc/ldap.conf
>> >> >
>> >> > timelimit 30
>> >> > bind_timelimit 30
>> >> > bind_policy soft
>> >> > nss_initgroups_ignoreusers root,ldap
>> >> >
>> >> > I wouldn't recommend the changes that you have in nsswitch.conf
>> >>
>> >> Unfortunately, that doesn't work either.
>> >> I made the changes, shut down the machine and started it without
>> >> networking, and here's what happens:
>> >>
>> >> login: root
>> >> Password:
>> >>
>> >> login:
>> >>
>> >> login pukes and init starts it again.
>> > 
>> > you shouldn't need to restart but if you can't login as root, you
>> > probably still have something messed up in /etc/nsswitch.conf or may
>> > have messed up /etc/passwd | /etc/shadow
>> >
>> > can you login as a user and su - to root?
>> >
>> > if not, it probably would be best to boot to runlevel 1 and
>> > edit /etc/nsswitch.conf so it has this...
>> >
>> > passwd: files ldap
>> > shadow: files ldap
>> > group:  files ldap
>> >
>> > and remove the NOTFOUND entries
>>
>> Yes, done.
>> Without networking, still the login failure trouble.
>>
>> With networking, no trouble at all, but with those timeouts of 30
>> seconds and without those changes to nsswitch.conf, it takes a while
>> for the first root login to succeed even though it is using local auth.
> 
> do you have this line in /etc/pam.d/system-auth
>
> account sufficientpam_localuser.so
>
> ???
>
> What does your /etc/pam.d/system-auth look like?
my /etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired  pam_env.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid >= 500 quiet
authsufficientpam_ldap.so use_first_pass debug
authrequired  pam_deny.so

account required  pam_unix.so broken_shadow
account sufficientpam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required  pam_permit.so

passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so md5 shadow nullok try_first_pass
use_authtok
passwordsufficientpam_ldap.so use_authtok debug
passwordrequired  pam_deny.so

session optional  pam_keyinit.so revoke
session required  pam_limits.so
session [success=1 default=ignore] pam_su

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[MHR]

On Wed, Aug 27, 2008 at 2:56 PM, Mark Hennessy <[EMAIL PROTECTED]> wrote:
> Quoting Craig White <[EMAIL PROTECTED]>:
>
> Yes, I agree, it makes no sense to operate a machine with ldap accounts if
> it has no network connection, but at least one should be able to log in as
> root.  To clarify, here's the problem:
> I have a machine.  In normal operation, the network connection is
> non-functional and LDAP accounts are usable and everyone does their thing
> over ssh.  If the network connection craps out, I can get into the machine
> via serial console and try to find out what's going on, perhaps switch to a
> different network connection, whatever.  If I can't log in as root, my only
> recourse is to powercycle the machine and go into single-user mode.  Now,
> multiply that by 100.  This is why I need to get this working.
>

Since you have now restated the problem, could you possibly edit your
replies so as not to repeat the entire thread every time?

Thanks.

mhr
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Craig White]

On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote:
> Quoting Craig White <[EMAIL PROTECTED]>:

> > well, it hardly makes any sense to use ldap for user accounts and start
> > up with networking off but I would recommend that you adhere to the
> > advice at the top of the file and run 'authconfig' or
> > 'system-config-authentication', make sure the settings are correct
> > (including checking the box for local authentication is sufficient) so
> > that it configures not only /etc/pam.d/system-auth and nsswitch.conf
> 
> Yes, I agree, it makes no sense to operate a machine with ldap  
> accounts if it has no network connection, but at least one should be  
> able to log in as root.  To clarify, here's the problem:
> I have a machine.  In normal operation, the network connection is  
> non-functional and LDAP accounts are usable and everyone does their  
> thing over ssh.  If the network connection craps out, I can get into  
> the machine via serial console and try to find out what's going on,  
> perhaps switch to a different network connection, whatever.  If I  
> can't log in as root, my only recourse is to powercycle the machine  
> and go into single-user mode.  Now, multiply that by 100.  This is why  
> I need to get this working.

sounds like you're trying to fix a symptom, not the problem.

anyway, did you run authconfig/system-config-authentication ?

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad

[Joseph L. Casale]

>Our new lab has HP Intel Core 2 Quad systems with DVD/CDRW and SATA.
>I can provide the model number if needed.
>
>They stop on kernel startup when trying to boot the CentOS 5.2 boot CD.
>It is during ACPI.

Model #'s would be good, even some cheap units have quad cores now, so its
Impossible to guess. Most certainly support RH -> CentOS. Check the Manual,
there are likely some BIOS settings you need tweaked.

jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[nate]

Mark Hennessy wrote:


> perhaps switch to a different network connection, whatever.  If I
> can't log in as root, my only recourse is to powercycle the machine
> and go into single-user mode.  Now, multiply that by 100.  This is why
> I need to get this working.

Phew, seems like people don't know how to trim posts around here!

Anyways, I suggest you install SSH keys on your systems, I've found
I can authenticate with a system using an SSH key no problem even
if LDAP is down.

I finally migrated off of LDAP this past weekend for my home network,
files are so much simpler :)

(even for my work network with 300 systems)

nate

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Stephen Harris]

On Wed, Aug 27, 2008 at 05:07:26PM -0400, Mark Hennessy wrote:
> With networking, no trouble at all, but with those timeouts of 30  
> seconds and without those changes to nsswitch.conf, it takes a while  
> for the first root login to succeed even though it is using local auth.

If you have ldap groups and the ldap server isn't reachable then logins
_can_ take a long time (depending on why the ldap server isn't reachable;
if a "telnet ldapserver ldap" returns immediately then it shouldn't) because
a login has to go through _every_ group to determine if you're in the
group or not.

It doesn't do a "getent group blah" it does the equivalent of
  while (getgrent())
  {
  }
which means it tries to parse the whole local _and_ ldap group entries.

It needs to do this to get your secondary group list.

Even root would need to do this.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad

[Spiro Harvey, Knossos Networks Ltd]

They stop on kernel startup when trying to boot the CentOS 5.2 boot CD.
It is during ACPI.
Fedora 10 Live will not but up either.
I am using Fedora 9 from Live and DVD Install to teach a fall class and it
works fine.


Are the CentOS and fed 10 DVDs of a similar type, and different to the 
DVD you used with fed 9?


Or is your CentOS on CDs?

A common problem I have is that some DVD drives really don't like some 
brands of disc. Some have issues with DVD-R's, some have issues with 
DVD+R's, some seem to be completely random.


ymmv, but if the failing discs are the same brand, it's probably your 
cheapest quickest solution to reburn on a different brand and see if 
that helps.



--
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Re: Problems with writing Dual Layer DVD

[William L. Maltby]

On Wed, 2008-08-27 at 23:33 +0300, Axel Thimm wrote:
> On Wed, Aug 27, 2008 at 03:19:01PM -0400, William L. Maltby wrote:
> >

> > I don't have atrpm on my system. You might check there and see if they
> > have later packages. Just be aware that many months ago that repo was
> > less trusted (IIRC, considered unstable and overlaid base packages if
> > you weren't careful), but that may not be the case now. Plus, since
> > then, yum priorities and protect have become available (can protect
> > against overlay of base packages).
> 
> Hearsay, your honour!

That's all that's available on any list for 80% of everything! :-)

> 
> Well, there's some FUD floating around about ATrpms - I'm of course
> biased in the other direction. Suffice it to say that you will not
> find any report of unstable packages in the "stable" repo, and that
> since RHEL5/CentOS5's birth there were no "stable" packages replacing
> CentOS packages but one that accidentally was in the "stable" and was
> fixed minutes within the report (I forgot which package it was, just
> check these archives, it was O(1-2 months) ago).
> 
> There is also nothing that has happened in the last months to
> increase/decrease ATrpms' trustworthiness. Maybe less FUD and
> gossiping. ;)

True, to my knowledge as to the last few (well, time flies, it may be
more than "few", might be "many" or even "mucho") months. That's why I
made sure to include "many months ago" when I mentioned it. I've not
heard any of those... "gossips" for some time now. That's what led me to
believe that the "gossip" I'd heard might no longer be true, if it ever
was. However, w/o mentioning names, I can certainly (long ago)
recall ... "advisories" WRT atrpms in certain threads for a CentOS
system. Not being truly knowledgeable myself, I felt it my civic duty to
*not* doubt the rumors, innuendo and falsehoods of which I was unaware! 

8-O

And, of course, that same social obligation requires unquestioning
propagation of the mis-information. This works well because one who
truly knows will be outraged and therefore goaded into correcting the
misinformed fool who passes on such drivel. :-{

<*softly whistling and looking around in innocence*>

> 
> Finally yum priorities and protect have been long enough available to
> show that they create more bugs than they solve. If you don't trust a
> repo, just don't use it. Selective/partial enabling creates per user
> bugs that no one can diagnose.

Small disagreement. A knowledgeable user who caused the bug (presumed
through oversight rather than ignorance) can often correct it.
Especially if he queries the list so that others can "read what he
wrote, not what he meant/thought he wrote". Of course, even if ignorance
about one particular facet was involved,

 (community) knowledge + good problem resolution process = solution

often.

But that's really only an argument contrary to those of obsessive
anal-retentive BOFH types desiring absolute control - we know there are
none here!  >:))

> 
> But to get back to the actual issue: No, ATrpms has neither cdrdao,
> nor cdrecord, nor xcdroast.

Well, maybe the OP will get lucky. 

OH! Almost forgot. No offense intended in my previous or current reply.

> 

-- 
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] iptables question

[Robert Spangler]

On Tuesday 26 August 2008 16:17, Ned Slider wrote:

>  Joseph L. Casale wrote:
>  >> My understanding is that --dport can only specify a single port
>  >> (--dport 80) or port range (--dport 137:139) inclusive. Use of the
>  >> multiport module allows up to 15 ports (or port ranges) to be
>  >> specified.
>  >
>  > Ned,
>  > So to write --dport 5060,1:6 you need to write:
>  > -m multiport -p udp -dport 5060,1:6
>  > Correct?
>  >
>  > Thanks for the help!
>  > jlc
>
>  I've not used multiport so am unsure of the exact syntax, but that looks
>  reasonable.
>
>  I'd keep the -m multiport and --dports together though (also note it's
>  --dports, not -dport), so something like this:
>
>  iptables -A INPUT -p udp -m multiport --dports 5060,1:6 -j ACCEPT
>
>  would accept all UDP packets destined for ports 5060 and 1-6.

Some light reading on IPTABLES.  :)

http://iptables.rlworkman.net/chunkyhtml/index.html


-- 

Regards
Robert

Smile... it increases your face value!
Linux User #296285
http://counter.li.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] iptables question

[Joseph L. Casale]

>http://iptables.rlworkman.net/chunkyhtml/index.html

Nice doc, any ideas on how to print it (or many chapters easily) so I can
haul with me on my plane ride this weekend?

Thanks!
jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Craig White]

On Wed, 2008-08-27 at 18:19 -0400, Stephen Harris wrote:
> On Wed, Aug 27, 2008 at 05:07:26PM -0400, Mark Hennessy wrote:
> > With networking, no trouble at all, but with those timeouts of 30  
> > seconds and without those changes to nsswitch.conf, it takes a while  
> > for the first root login to succeed even though it is using local auth.
> 
> If you have ldap groups and the ldap server isn't reachable then logins
> _can_ take a long time (depending on why the ldap server isn't reachable;
> if a "telnet ldapserver ldap" returns immediately then it shouldn't) because
> a login has to go through _every_ group to determine if you're in the
> group or not.
> 
> It doesn't do a "getent group blah" it does the equivalent of
>   while (getgrent())
>   {
>   }
> which means it tries to parse the whole local _and_ ldap group entries.
> 
> It needs to do this to get your secondary group list.
> 
> Even root would need to do this.

that's why I suggested the changes to /etc/ldap.conf to time limit and
to tell it not to bother with certain users

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: iptables question

[Scott Silva]

on 8-27-2008 4:27 PM Joseph L. Casale spake the following:

http://iptables.rlworkman.net/chunkyhtml/index.html


Nice doc, any ideas on how to print it (or many chapters easily) so I can
haul with me on my plane ride this weekend?

Thanks!
jlc

E-mail me offlist and I can get make a pdf if you want it.

ssilva at sgvwater dot com

--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: iptables question

[Scott Silva]

on 8-27-2008 4:27 PM Joseph L. Casale spake the following:

http://iptables.rlworkman.net/chunkyhtml/index.html


Nice doc, any ideas on how to print it (or many chapters easily) so I can
haul with me on my plane ride this weekend?

Thanks!
jlc

Or here is a link to a non chunk version

http://iptables.rlworkman.net/iptables-tutorial.html



--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't


signature.asc
Description: PGP signature


signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] System goes into read only mode - not the same as posted earlier

[Stephen Moccio]

Hello all,

 

I’m at my wits end trying to resolve this. We are running centos 4.5 on
Intel hardware. Dual SCSI disk drives mirrored on an LSI Logic controller.

 

Every once in a while and not always on the same server and not only on the
local SCSI Drives.

 

System A – Dual internal drives on /dev/sda

System B – Dual internal drives on /dev/sdc with a DAS on /dev/sda.

 

Each of these systems experienced a kernel mptbase error and placed /dev/sda
into read only mode. Note again the /dev/sda isn’t always local.

 

For system A – remounting in ro mode didn’t work and the system had to be
rebooted. File system check and bad block checks showed nothing and when the
system was rebooted – it was fine.

 

A portion of the messages log is below. I would appreciate any ideas or
directions.

 

Thanks, 

 Steve Moccio

 

Aug 7 01:00:06 sshd(pam_unix)[18336]: session opened for user root by
(uid=0)

Aug 7 09:00:36 kernel: mptscsi: ioc1: attempting task abort! (sc=f6f07c80)

Aug 7 09:00:36 kernel: scsi1 : destination target 0, lun 0

Aug 7 09:00:36 kernel: command = Write (10) 00 00 00 fb d7 00 01 90
00 

Aug 7 09:00:38 kernel: mptbase: Initiating ioc1 recovery

Aug 7 09:00:44 kernel:
drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC
Reset 

Aug 7 09:01:19 last message repeated 10 times

Aug 7 09:01:40 last message repeated 7 times

Aug 7 09:01:41 kernel: mptbase: ioc1: ERROR - Diagnostic reset FAILED!
(102h)

Aug 7 09:01:41 kernel: mptbase: ioc1 NOT READY WARNING!

Aug 7 09:01:41 kernel: mptbase: WARNING - (-1) Cannot recover ioc1

Aug 7 09:01:41 kernel: mptscsi: ioc1: Issue of TaskMgmt failed!

Aug 7 09:01:41 kernel: mptscsi: ioc1: task abort: FAILED (sc=f6f07c80)

Aug 7 09:01:41 kernel: mptscsi: ioc1: attempting bus reset! (sc=f6f07c80)

Aug 7 09:01:41 kernel: scsi1 : destination target 0, lun 0

Aug 7 09:01:41 kernel: command = Write (10) 00 00 00 fb d7 00 01 90
00 

Aug 7 09:01:41 kernel: mptbase: Initiating ioc1 recovery

Aug 7 09:01:46 kernel: mptbase: ioc1: ERROR - Doorbell ACK timeout
(count=4999), IntStatus=8000!

Aug 7 09:01:47 kernel:
drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC
Reset 

Aug 7 09:02:23 last message repeated 10 times

Aug 7 09:02:44 last message repeated 7 times

Aug 7 09:02:47 kernel: mptbase: ioc1: ERROR - Diagnostic reset FAILED!
(102h)

Aug 7 09:02:47 kernel: mptbase: ioc1 NOT READY WARNING!

Aug 7 09:02:47 kernel: mptbase: WARNING - (-1) Cannot recover ioc1

Aug 7 09:02:47 kernel: mptscsi: ioc1: bus reset: FAILED (sc=f6f07c80)

Aug 7 09:02:48 kernel: mptscsi: ioc1: Attempting host reset! (sc=f6f07c80)

Aug 7 09:02:48 kernel: mptbase: Initiating ioc1 recovery

Aug 7 09:02:51 kernel:
drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC
Reset 

Aug 7 09:02:51 kernel:
drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC
Reset 

Aug 7 09:02:53 kernel: mptbase: ioc1: ERROR - Doorbell ACK timeout
(count=4999), IntStatus=8000!

Aug 7 09:02:58 kernel:
drivers/message/fusion/[EMAIL PROTECTED]::mptctl_do_mpt_command - Busy with IOC
Reset 

Aug 7 09:03:34 last message repeated 10 times

Aug 7 09:03:48 last message repeated 5 times

Aug 7 09:03:54 kernel: mptbase: ioc1: ERROR - Diagnostic reset FAILED!
(102h)

Aug 7 09:03:54 kernel: mptbase: ioc1 NOT READY WARNING!

Aug 7 09:03:54 kernel: mptbase: WARNING - (-1) Cannot recover ioc1

Aug 7 09:03:54 kernel: scsi: Device offlined - not ready after error
recovery: host 1 channel 0 id 0 lun 0

 

 

 

 

 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Mark Hennessy]

Quoting Craig White <[EMAIL PROTECTED]>:


On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote:

Quoting Craig White <[EMAIL PROTECTED]>:



> well, it hardly makes any sense to use ldap for user accounts and start
> up with networking off but I would recommend that you adhere to the
> advice at the top of the file and run 'authconfig' or
> 'system-config-authentication', make sure the settings are correct
> (including checking the box for local authentication is sufficient) so
> that it configures not only /etc/pam.d/system-auth and nsswitch.conf

Yes, I agree, it makes no sense to operate a machine with ldap
accounts if it has no network connection, but at least one should be
able to log in as root.  To clarify, here's the problem:
I have a machine.  In normal operation, the network connection is
non-functional and LDAP accounts are usable and everyone does their
thing over ssh.  If the network connection craps out, I can get into
the machine via serial console and try to find out what's going on,
perhaps switch to a different network connection, whatever.  If I
can't log in as root, my only recourse is to powercycle the machine
and go into single-user mode.  Now, multiply that by 100.  This is why
I need to get this working.


sounds like you're trying to fix a symptom, not the problem.

anyway, did you run authconfig/system-config-authentication ?


Yes, I did in fact run it.
here are the results:
authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com  
--enableldaptls  
--ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test


caching is enabled
nss_files is always enabled
nss_compat is enabled
nss_db is disabled
nss_hesiod is disabled
 hesiod LHS = ""
 hesiod RHS = ""
nss_ldap is enabled
 LDAP+TLS is enabled
 LDAP server = "ldap.example.com"
 LDAP base DN = "dc=example,dc=com"
nss_nis is disabled
 NIS server = ""
 NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
 SMB workgroup = "WORKGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
 Winbind template shell = "/bin/false"
 SMB idmap uid = "blah-blah"
 SMB idmap gid = "blah-blah"
nss_wins is disabled
pam_unix is always enabled
 shadow passwords are enabled
 md5 passwords are enabled
pam_krb5 is disabled
 krb5 realm = "EXAMPLE.COM"
 krb5 realm via dns is disabled
 krb5 kdc = "kerberos.example.com:88"
 krb5 kdc via dns is disabled
 krb5 admin server = "kerberos.example.com:749"
pam_ldap is enabled

 LDAP+TLS is enabled
 LDAP server = "ldap.example.com"
 LDAP base DN = "dc=example,dc=com"
pam_pkcs11 is disabled

 use only smartcard for login is disabled
 smartcard module = "coolkey"
 smartcard removal action = "Ignore"
pam_smb_auth is disabled
 SMB workgroup = "WORKGROUP"
 SMB servers = ""
pam_winbind is disabled
 SMB workgroup = "WORKGROUP"
 SMB servers = ""
 SMB security = "user"
 SMB realm = ""
pam_cracklib is enabled (try_first_pass retry=3 debug)
pam_passwdqc is disabled ()
Always authorize local users is disabled ()
Authenticate system accounts against network services is disabled

These last two lines look interesting.


Craig






___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Strategy for using CentOS on laptops in an NIS environment

[Alfred von Campe]

We use NIS (ypbind) and Kerberos at work for all our Linux and Unix  
systems.  Home directories are mounted via autofs from an NIS map.   
Everything works just fine as long as all network resources are  
available (however, things turn ugly when the NIS servers are not  
reachable).  Some users also want to start using laptops and bring  
them home or on trips to continue working while not at the office.   
Of course, their home directories won't be available and neither will  
other network resources.


Creating local accounts with the same UIDs and local home directories  
solves most of the problems.  However, I can't create a local account  
with useradd while ypbind is running because it complains that that  
account already exists.  Is there a better way to create a local  
account then "service ypbind stop; useradd...; service ypbind  
start"?  What are other strategies that you use to deal with off- 
network use in an NIS environment?


Alfred

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] yum provides on centos 5.2

[Jerry Geis]

I am trying things like "yum provides alsamixer" on centox 5.2 i386 and 
x86_64

also "yum provides vi"
"yum provides gvimdiff"
"yum provides dumpiso"
"yum provides uname"

All of these return "no matches found"

is something broke???

These are just examples. I was trying to do "yum provides xf86Modes.h" 
it returns no matches also.


Jerry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Craig White]

On Wed, 2008-08-27 at 20:41 -0400, Mark Hennessy wrote:
> Quoting Craig White <[EMAIL PROTECTED]>:
> 
> > On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote:
> >> Quoting Craig White <[EMAIL PROTECTED]>:
> >
> >> > well, it hardly makes any sense to use ldap for user accounts and start
> >> > up with networking off but I would recommend that you adhere to the
> >> > advice at the top of the file and run 'authconfig' or
> >> > 'system-config-authentication', make sure the settings are correct
> >> > (including checking the box for local authentication is sufficient) so
> >> > that it configures not only /etc/pam.d/system-auth and nsswitch.conf
> >>
> >> Yes, I agree, it makes no sense to operate a machine with ldap
> >> accounts if it has no network connection, but at least one should be
> >> able to log in as root.  To clarify, here's the problem:
> >> I have a machine.  In normal operation, the network connection is
> >> non-functional and LDAP accounts are usable and everyone does their
> >> thing over ssh.  If the network connection craps out, I can get into
> >> the machine via serial console and try to find out what's going on,
> >> perhaps switch to a different network connection, whatever.  If I
> >> can't log in as root, my only recourse is to powercycle the machine
> >> and go into single-user mode.  Now, multiply that by 100.  This is why
> >> I need to get this working.
> > 
> > sounds like you're trying to fix a symptom, not the problem.
> >
> > anyway, did you run authconfig/system-config-authentication ?
> 
> Yes, I did in fact run it.
> here are the results:
> authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com  
> --enableldaptls  
> --ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test
> 
> caching is enabled
> nss_files is always enabled
> nss_compat is enabled
> nss_db is disabled
> nss_hesiod is disabled
>   hesiod LHS = ""
>   hesiod RHS = ""
> nss_ldap is enabled
>   LDAP+TLS is enabled
>   LDAP server = "ldap.example.com"
>   LDAP base DN = "dc=example,dc=com"
> nss_nis is disabled
>   NIS server = ""
>   NIS domain = ""
> nss_nisplus is disabled
> nss_winbind is disabled
>   SMB workgroup = "WORKGROUP"
>   SMB servers = ""
>   SMB security = "user"
>   SMB realm = ""
>   Winbind template shell = "/bin/false"
>   SMB idmap uid = "blah-blah"
>   SMB idmap gid = "blah-blah"
> nss_wins is disabled
> pam_unix is always enabled
>   shadow passwords are enabled
>   md5 passwords are enabled
> pam_krb5 is disabled
>   krb5 realm = "EXAMPLE.COM"
>   krb5 realm via dns is disabled
>   krb5 kdc = "kerberos.example.com:88"
>   krb5 kdc via dns is disabled
>   krb5 admin server = "kerberos.example.com:749"
> pam_ldap is enabled
> 
>   LDAP+TLS is enabled
>   LDAP server = "ldap.example.com"
>   LDAP base DN = "dc=example,dc=com"
> pam_pkcs11 is disabled
> 
>   use only smartcard for login is disabled
>   smartcard module = "coolkey"
>   smartcard removal action = "Ignore"
> pam_smb_auth is disabled
>   SMB workgroup = "WORKGROUP"
>   SMB servers = ""
> pam_winbind is disabled
>   SMB workgroup = "WORKGROUP"
>   SMB servers = ""
>   SMB security = "user"
>   SMB realm = ""
> pam_cracklib is enabled (try_first_pass retry=3 debug)
> pam_passwdqc is disabled ()
> Always authorize local users is disabled ()
> Authenticate system accounts against network services is disabled
> 
> These last two lines look interesting.

I would think that authenticate system accounts against network services
is disabled would be the setting that you want but the other...

always authorize local users should be enabled.

Also, I'm assuming that you've swapped out dc=example,dc=com for the
real entries and will put in the real entries when you actually run the
command.

Craig

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum provides on centos 5.2

[S.Tindall]

On Wednesday, August 27, 2008 at 8:49 PM, Jerry Geis wrote:


I am trying things like "yum provides alsamixer" on centox 5.2 
i386 and x86_64

also "yum provides vi"
"yum provides gvimdiff"
"yum provides dumpiso"
"yum provides uname"

All of these return "no matches found"

is something broke???


Include the path:

# yum provides uname
No Matches found

# which uname
/bin/uname

# yum provides /bin/uname
coreutils.x86_64 : The GNU core utilities...


Steve 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum provides on centos 5.2

[Tony Schreiner]

Jerry Geis wrote:
I am trying things like "yum provides alsamixer" on centox 5.2 i386 
and x86_64

also "yum provides vi"
"yum provides gvimdiff"
"yum provides dumpiso"
"yum provides uname"

All of these return "no matches found"

is something broke???

These are just examples. I was trying to do "yum provides xf86Modes.h" 
it returns no matches also.


Jerry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

For files try

yum provides '*/vi'
etc...

I think this is new behavior for yum

Tony Schreiner
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Mark Hennessy]

Quoting Craig White <[EMAIL PROTECTED]>:


On Wed, 2008-08-27 at 20:41 -0400, Mark Hennessy wrote:

Quoting Craig White <[EMAIL PROTECTED]>:

> On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote:
>> Quoting Craig White <[EMAIL PROTECTED]>:
>
>> > well, it hardly makes any sense to use ldap for user accounts and start
>> > up with networking off but I would recommend that you adhere to the
>> > advice at the top of the file and run 'authconfig' or
>> > 'system-config-authentication', make sure the settings are correct
>> > (including checking the box for local authentication is sufficient) so
>> > that it configures not only /etc/pam.d/system-auth and nsswitch.conf
>>
>> Yes, I agree, it makes no sense to operate a machine with ldap
>> accounts if it has no network connection, but at least one should be
>> able to log in as root.  To clarify, here's the problem:
>> I have a machine.  In normal operation, the network connection is
>> non-functional and LDAP accounts are usable and everyone does their
>> thing over ssh.  If the network connection craps out, I can get into
>> the machine via serial console and try to find out what's going on,
>> perhaps switch to a different network connection, whatever.  If I
>> can't log in as root, my only recourse is to powercycle the machine
>> and go into single-user mode.  Now, multiply that by 100.  This is why
>> I need to get this working.
> 
> sounds like you're trying to fix a symptom, not the problem.
>
> anyway, did you run authconfig/system-config-authentication ?

Yes, I did in fact run it.
here are the results:
authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com
--enableldaptls
--ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test

caching is enabled
nss_files is always enabled
nss_compat is enabled
nss_db is disabled
nss_hesiod is disabled
  hesiod LHS = ""
  hesiod RHS = ""
nss_ldap is enabled
  LDAP+TLS is enabled
  LDAP server = "ldap.example.com"
  LDAP base DN = "dc=example,dc=com"
nss_nis is disabled
  NIS server = ""
  NIS domain = ""
nss_nisplus is disabled
nss_winbind is disabled
  SMB workgroup = "WORKGROUP"
  SMB servers = ""
  SMB security = "user"
  SMB realm = ""
  Winbind template shell = "/bin/false"
  SMB idmap uid = "blah-blah"
  SMB idmap gid = "blah-blah"
nss_wins is disabled
pam_unix is always enabled
  shadow passwords are enabled
  md5 passwords are enabled
pam_krb5 is disabled
  krb5 realm = "EXAMPLE.COM"
  krb5 realm via dns is disabled
  krb5 kdc = "kerberos.example.com:88"
  krb5 kdc via dns is disabled
  krb5 admin server = "kerberos.example.com:749"
pam_ldap is enabled

  LDAP+TLS is enabled
  LDAP server = "ldap.example.com"
  LDAP base DN = "dc=example,dc=com"
pam_pkcs11 is disabled

  use only smartcard for login is disabled
  smartcard module = "coolkey"
  smartcard removal action = "Ignore"
pam_smb_auth is disabled
  SMB workgroup = "WORKGROUP"
  SMB servers = ""
pam_winbind is disabled
  SMB workgroup = "WORKGROUP"
  SMB servers = ""
  SMB security = "user"
  SMB realm = ""
pam_cracklib is enabled (try_first_pass retry=3 debug)
pam_passwdqc is disabled ()
Always authorize local users is disabled ()
Authenticate system accounts against network services is disabled

These last two lines look interesting.


I would think that authenticate system accounts against network services
is disabled would be the setting that you want but the other...

always authorize local users should be enabled.

Also, I'm assuming that you've swapped out dc=example,dc=com for the
real entries and will put in the real entries when you actually run the
command.


Your assumption is valid, and, in this case, correct.

After running that, I ran authconfig-tui and followed the prompts,  
including making local login sufficient, and then performed the test.   
It failed with the same issue, password accepted without claim of  
failure, no shell, new login prompt.




Craig






___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

[Rob Townley]

On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

>
>
> Rob Townley wrote:
>
>> On Mon, Aug 11, 2008 at 11:15 PM, Robert Moskowitz <[EMAIL PROTECTED]> [EMAIL PROTECTED]>> wrote:
>>
>>Craig White wrote:
>>
>>On Mon, 2008-08-11 at 23:28 -0400, Robert Moskowitz wrote:
>>
>>Craig White wrote:
>>
>>On Mon, 2008-08-11 at 21:11 -0400, Robert Moskowitz wrote:
>>
>>I am doing some testing and it almost seems as if
>>Firefox 3.0.1 that comes with Centos 5.2 is NOT
>>working with IPv6.
>>
>>Anyone know for sure?
>>
>>I am getting weird hang behaviours and other just
>>not working things.
>>
>>
>>more likely a DNS issue
>>
>>Name is coded in /etc/hosts
>>
>>Of course the fqdn I am using does NOT follow 'standard'
>>TLDs, but it should NOT be masking that, or would that be
>>a 'security' feature?
>>
>>
>>I have no clue what you are talking about being coded in
>>/etc/hosts...
>>
>>you can check DNS if it returns ipV6 addresses for hosts or if
>>there are
>>snags/delays in trying to resolve names from command line
>>
>>p3490.htt is in my /etc/hosts file as something like:
>>
>>2701:24:2:1:0:1:2:3   p3490.htt
>>
>>I can 'ping6 -n p3490.htt'
>>
>>But putting a url of http//p3490.htt does not work
>>
>>
>>
>>___
>>CentOS mailing list
>>CentOS@centos.org 
>>http://lists.centos.org/mailman/listinfo/centos
>>
>> DNS can be real slow when IPv6 is enabled.  For instance the following
>> firefox delta would speed up firefox on IPv4 connections.  Maybe you need to
>> turn it on?
>>
>
>  You may have already found this, but it helped when I had the same
>> problem.
>>
>> In firefox type in about:config,
>> filter for 'ipv6' you should have an entry for network.dns.disableIPv6
>> right click on it and 'toggle' it to a true value,
>> restart firefox and see if it helps.
>>
>
> Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups faster by
> ignoring  records.
>
> Further testing has IPv6 working just fine.  Thing is when I enable the HIP
> API intercepts, FIrefox does not work.  Like they are doing something
> 'non-standard' with the regualr TCP socket API so that HIP can't slide in
> there.  I tried disabling a number of options, thinking it might be some
> security setting, but if it is, I have not found it.
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Yep, i fully understood you wanted IPv6.  i just thought you might want to
verify what settings you have for Firefox -- making sure Firefox has turned
on IPv6 dns.

Just curious, what is the motivation for the HIP api stuff, it is not there
by default is it?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum provides on centos 5.2

[Spiro Harvey, Knossos Networks Ltd]

Include the path:


Doesn't that defeat the purpose? My favourite use of the "whatprovides" 
feature of yum is could find things that aren't on my system. I'd prefer 
not to go on a wild path chase. :)


This looks like a bug to me.


On CentOS 5.1 (yum 3.0.5):

# yum provides uname | awk '/i386|noarch/ {print $1}'
uucp.i386
man-pages-de.noarch
man-pages-de.noarch
bash.i386
kdevelop.i386
kdevelop.i386
kdevelop.i386
man-pages-ja.noarch
man-pages-ja.noarch
man-pages-ko.noarch
man-pages-ko.noarch
coreutils.i386
coreutils.i386
python-tools.i386
man-pages-fr.noarch
man-pages-es.noarch
kdewebdev.i386
man-pages-ru.noarch
man-pages-cs.noarch
epic.i386
man-pages.noarch
man-pages.noarch
man-pages.noarch
man-pages-it.noarch
inn.i386
man-pages-pl.noarch
man-pages-pl.noarch
man-pages.noarch
bash.i386
coreutils.i386



on CentOS 5.2 (yum 3.2.8), No Matches found



--
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

[Robert Moskowitz]

Rob Townley wrote:
On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz <[EMAIL PROTECTED] 
> wrote:


Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups
faster by ignoring  records.

Further testing has IPv6 working just fine.  Thing is when I
enable the HIP API intercepts, FIrefox does not work.  Like they
are doing something 'non-standard' with the regualr TCP socket API
so that HIP can't slide in there.  I tried disabling a number of
options, thinking it might be some security setting, but if it is,
I have not found it.


Yep, i fully understood you wanted IPv6.  i just thought you might 
want to verify what settings you have for Firefox -- making sure 
Firefox has turned on IPv6 dns.
Default was on. 
Just curious, what is the motivation for the HIP api stuff, it is not 
there by default is it? 

read the RFCs on HIP:  4423 and 5201-5206.

4423 provides the justification of HIP and its architecture.  I created 
HIP almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec 
RFCs out.  HIP is much more than an alternative keying protocol for ESP 
(compared to IKE).  It directly addresses secure mobility.  HIP **IS** 
an important change to the TCP/IP architecture; this has been part of 
its slow advancement.  As such it has its own 'native' API:  
http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt.


I can go into more about HIP if you wish.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] nsswitch.conf, ldap, local groups problem

[Alejandro]

Mark,

Probe with this line:

authconfig --enablelocauthorize --updateall

Regards,

Alejandro
www.linuxiso.com.ar
Argentina

2008/8/27 Mark Hennessy <[EMAIL PROTECTED]>

> Quoting Craig White <[EMAIL PROTECTED]>:
>
>  On Wed, 2008-08-27 at 20:41 -0400, Mark Hennessy wrote:
>>
>>> Quoting Craig White <[EMAIL PROTECTED]>:
>>>
>>> > On Wed, 2008-08-27 at 17:56 -0400, Mark Hennessy wrote:
>>> >> Quoting Craig White <[EMAIL PROTECTED]>:
>>> >
>>> >> > well, it hardly makes any sense to use ldap for user accounts and
>>> start
>>> >> > up with networking off but I would recommend that you adhere to the
>>> >> > advice at the top of the file and run 'authconfig' or
>>> >> > 'system-config-authentication', make sure the settings are correct
>>> >> > (including checking the box for local authentication is sufficient)
>>> so
>>> >> > that it configures not only /etc/pam.d/system-auth and nsswitch.conf
>>> >>
>>> >> Yes, I agree, it makes no sense to operate a machine with ldap
>>> >> accounts if it has no network connection, but at least one should be
>>> >> able to log in as root.  To clarify, here's the problem:
>>> >> I have a machine.  In normal operation, the network connection is
>>> >> non-functional and LDAP accounts are usable and everyone does their
>>> >> thing over ssh.  If the network connection craps out, I can get into
>>> >> the machine via serial console and try to find out what's going on,
>>> >> perhaps switch to a different network connection, whatever.  If I
>>> >> can't log in as root, my only recourse is to powercycle the machine
>>> >> and go into single-user mode.  Now, multiply that by 100.  This is why
>>> >> I need to get this working.
>>> > 
>>> > sounds like you're trying to fix a symptom, not the problem.
>>> >
>>> > anyway, did you run authconfig/system-config-authentication ?
>>>
>>> Yes, I did in fact run it.
>>> here are the results:
>>> authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com
>>> --enableldaptls
>>> --ldaploadcacert=file:///etc/openldap/cacerts/cacert.pem --test
>>>
>>> caching is enabled
>>> nss_files is always enabled
>>> nss_compat is enabled
>>> nss_db is disabled
>>> nss_hesiod is disabled
>>>  hesiod LHS = ""
>>>  hesiod RHS = ""
>>> nss_ldap is enabled
>>>  LDAP+TLS is enabled
>>>  LDAP server = "ldap.example.com"
>>>  LDAP base DN = "dc=example,dc=com"
>>> nss_nis is disabled
>>>  NIS server = ""
>>>  NIS domain = ""
>>> nss_nisplus is disabled
>>> nss_winbind is disabled
>>>  SMB workgroup = "WORKGROUP"
>>>  SMB servers = ""
>>>  SMB security = "user"
>>>  SMB realm = ""
>>>  Winbind template shell = "/bin/false"
>>>  SMB idmap uid = "blah-blah"
>>>  SMB idmap gid = "blah-blah"
>>> nss_wins is disabled
>>> pam_unix is always enabled
>>>  shadow passwords are enabled
>>>  md5 passwords are enabled
>>> pam_krb5 is disabled
>>>  krb5 realm = "EXAMPLE.COM"
>>>  krb5 realm via dns is disabled
>>>  krb5 kdc = "kerberos.example.com:88"
>>>  krb5 kdc via dns is disabled
>>>  krb5 admin server = "kerberos.example.com:749"
>>> pam_ldap is enabled
>>>
>>>  LDAP+TLS is enabled
>>>  LDAP server = "ldap.example.com"
>>>  LDAP base DN = "dc=example,dc=com"
>>> pam_pkcs11 is disabled
>>>
>>>  use only smartcard for login is disabled
>>>  smartcard module = "coolkey"
>>>  smartcard removal action = "Ignore"
>>> pam_smb_auth is disabled
>>>  SMB workgroup = "WORKGROUP"
>>>  SMB servers = ""
>>> pam_winbind is disabled
>>>  SMB workgroup = "WORKGROUP"
>>>  SMB servers = ""
>>>  SMB security = "user"
>>>  SMB realm = ""
>>> pam_cracklib is enabled (try_first_pass retry=3 debug)
>>> pam_passwdqc is disabled ()
>>> Always authorize local users is disabled ()
>>> Authenticate system accounts against network services is disabled
>>> 
>>> These last two lines look interesting.
>>>
>> 
>> I would think that authenticate system accounts against network services
>> is disabled would be the setting that you want but the other...
>>
>> always authorize local users should be enabled.
>>
>> Also, I'm assuming that you've swapped out dc=example,dc=com for the
>> real entries and will put in the real entries when you actually run the
>> command.
>>
>
> Your assumption is valid, and, in this case, correct.
>
> After running that, I ran authconfig-tui and followed the prompts,
> including making local login sufficient, and then performed the test.  It
> failed with the same issue, password accepted without claim of failure, no
> shell, new login prompt.
>
>
>
>> Craig
>>
>>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to install CentOS 5.2 on New HP Intel Core 2 Quad

[Rob Townley]

On Wed, Aug 27, 2008 at 5:23 PM, Spiro Harvey, Knossos Networks Ltd <
[EMAIL PROTECTED]> wrote:
>>
>> They stop on kernel startup when trying to boot the CentOS 5.2 boot CD.
>> It is during ACPI.
>> Fedora 10 Live will not but up either.
>> I am using Fedora 9 from Live and DVD Install to teach a fall class and
it
>> works fine.
>
> Are the CentOS and fed 10 DVDs of a similar type, and different to the DVD
you used with fed 9?
>
> Or is your CentOS on CDs?
>
> A common problem I have is that some DVD drives really don't like some
brands of disc. Some have issues with DVD-R's, some have issues with
DVD+R's, some seem to be completely random.
>
> ymmv, but if the failing discs are the same brand, it's probably your
cheapest quickest solution to reburn on a different brand and see if that
helps.
>
>
> --
> Spiro Harvey  Knossos Networks Ltd
> 021-295-1923www.knossos.net.nz
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

i was very disappointed to find these new machines that don't boot Linux
easily.  i have to wonder if HP received rebates from M$ by making it
difficult to boot Linux on these machines.  These machines have to be noob
proof.  $300.00 less expensive than the same CPU and intel chipset as Dell.

To boot off of a knoppix disc use the boot option *knoppix acpi=off*.
For CentOS, use *linux pci=noacpi,nommconf*.

On HP Compaq Business Desktop Small Form Factor.
dc7800 Core 2 DUO e8400  @ 3.00GhZ
BIOS Version: Hewlett-Packard 786F1 v01.24 3/18/2008.
Mfr# KA607UT#ABA
UPC/EAN# 884420101468
HP Compaq Business Desktop dc7800 - SFF - 1 x Core 2 Duo E8400 / 3 GHz - RAM
2 GB - HDD 1 x 160 GB - DVD±RW (±R DL) / DVD-RAM - GMA 3100
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strategy for using CentOS on laptops in an NIS environment

[nate]

Alfred von Campe wrote:

> Creating local accounts with the same UIDs and local home directories
> solves most of the problems.  However, I can't create a local account
> with useradd while ypbind is running because it complains that that
> account already exists.  Is there a better way to create a local
> account then "service ypbind stop; useradd...; service ypbind
> start"?  What are other strategies that you use to deal with off-
> network use in an NIS environment?

I haven't use NIS in a long time but you could just add the
account manually by putting it in the passwd/group/shadow file by
hand (what I do is build a master set of passwd/group/shadow files
and they are replicated to all systems using cfengine).

As for home directories perhaps something like AFS? Though AFS is
quite complex(or it was last I looked at it 6 years ago)

from
http://en.wikipedia.org/wiki/Andrew_File_System
AFS has several benefits over traditional networked file
systems, particularly in the areas of security and
scalability. It is not uncommon for enterprise AFS
cells to exceed fifty thousand clients[citation needed].
AFS uses Kerberos for authentication, and implements
access control lists on directories for users and
groups. Each client caches files on the local
filesystem for increased speed on subsequent requests
for the same file. This also allows limited filesystem
access in the event of a server crash or a network outage.

--

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

[Rob Townley]

On Wed, Aug 27, 2008 at 9:50 PM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

>
>
> Rob Townley wrote:
>
>> On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz <[EMAIL PROTECTED]> [EMAIL PROTECTED]>> wrote:
>>
>>Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups
>>faster by ignoring  records.
>>
>>Further testing has IPv6 working just fine.  Thing is when I
>>enable the HIP API intercepts, FIrefox does not work.  Like they
>>are doing something 'non-standard' with the regualr TCP socket API
>>so that HIP can't slide in there.  I tried disabling a number of
>>options, thinking it might be some security setting, but if it is,
>>I have not found it.
>>
>>
>> Yep, i fully understood you wanted IPv6.  i just thought you might want to
>> verify what settings you have for Firefox -- making sure Firefox has turned
>> on IPv6 dns.
>>
> Default was on.
>
>> Just curious, what is the motivation for the HIP api stuff, it is not
>> there by default is it?
>>
> read the RFCs on HIP:  4423 and 5201-5206.
>
> 4423 provides the justification of HIP and its architecture.  I created HIP
> almost 10 years ago, shortly after (as IPsec co-chair) got the IPsec RFCs
> out.  HIP is much more than an alternative keying protocol for ESP (compared
> to IKE).  It directly addresses secure mobility.  HIP **IS** an important
> change to the TCP/IP architecture; this has been part of its slow
> advancement.  As such it has its own 'native' API:
> http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt.
>
> I can go into more about HIP if you wish.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


So HIP isn't in any distribution by default or is it?  How does one know?
Would it make sense to include HIP in a Wireless Access Point firmware or a
RADIUS type machine?   Looks interesting, will have to keep it in mind for
wlan sec.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] establish a 128 bit encrypted tunnel between centos 5.2 boxes

[Rob Townley]

On Tue, Aug 26, 2008 at 5:55 PM, Robert Moskowitz <[EMAIL PROTECTED]>wrote:

> Jeff Kinz wrote:
>
>> On Tue, Aug 26, 2008 at 04:04:21PM -0400, Jerry Geis wrote:
>>
>>
>>> Is there an easy way or anyway to establish a 128 bit encrypted tunnel
>>> between a handful of centos 5.2 boxes?
>>>
>>>
>>
>> In addition the rest of the good info others already posted for you,
>> please remember that "128 bit encryption" doesn't mean anything unless you
>> also specify the encryption scheme being used.
>>
>> A 128 bit encryption scheme may or may not be easily broken depending on
>> which one it is. (Pick a good!)
>>
> Actually 'we' (crypto community) talk about crypto-suites, as you have to
> look at all the pieces involved. If everything is not disclosed (like with
> Skype), then you just don't know where the weakness may be.
>
> SSH, IPsec (watch out for the 'Null' cipher :) ), TLS (some of the suites
> are too weak to talk about), and HIP are all well-rounded security
> protocols. I have worked on all of them.
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



i would look into the HIP stuff.  But also look at the Hamachi like
solutions such as EOIP  - Ethernet Over IP (built into dd-wrt) and tinc-vpn.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: HIP - was Re: [CentOS] Centos 5.2, Firefox 3, and IPv6

[Robert Moskowitz]

Rob Townley wrote:
On Wed, Aug 27, 2008 at 9:50 PM, Robert Moskowitz <[EMAIL PROTECTED] 
> wrote:




Rob Townley wrote:

On Wed, Aug 27, 2008 at 8:24 AM, Robert Moskowitz
<[EMAIL PROTECTED] 
>> wrote:

   Um, as the original poster, I WANT IPv6.  Not make IPv4 lookups
   faster by ignoring  records.

   Further testing has IPv6 working just fine.  Thing is when I
   enable the HIP API intercepts, FIrefox does not work.  Like
they
   are doing something 'non-standard' with the regualr TCP
socket API
   so that HIP can't slide in there.  I tried disabling a
number of
   options, thinking it might be some security setting, but if
it is,
   I have not found it.


Yep, i fully understood you wanted IPv6.  i just thought you
might want to verify what settings you have for Firefox --
making sure Firefox has turned on IPv6 dns.

Default was on.

Just curious, what is the motivation for the HIP api stuff, it
is not there by default is it?

read the RFCs on HIP:  4423 and 5201-5206.

4423 provides the justification of HIP and its architecture.  I
created HIP almost 10 years ago, shortly after (as IPsec co-chair)
got the IPsec RFCs out.  HIP is much more than an alternative
keying protocol for ESP (compared to IKE).  It directly addresses
secure mobility.  HIP **IS** an important change to the TCP/IP
architecture; this has been part of its slow advancement.  As such
it has its own 'native' API:
 http://www.ietf.org/internet-drafts/draft-ietf-hip-native-api-05.txt.

I can go into more about HIP if you wish.


So HIP isn't in any distribution by default or is it? 


No, but Ericsson just released there FreeBSD implementation:  
http://www.hip4inter.net/download/download.php


And Boeing has their Vista and I think NetBSD code base.

HIPL is available for FC8 and Ubuntu and I think Suse.  I saw it running 
on the Nokia N810 when I was in Helsinki earlier this month.



How does one know?


Our goal is to move HIP from Experimental to Standards track in the IETF 
at the November session.  From there it may well be that HIP could be in 
Centos 6.0.  But that is a long shot.


Would it make sense to include HIP in a Wireless Access Point firmware 
or a RADIUS type machine?


As a better security protocol to run RADIUS through between the AP and 
the Radius server?  YES!



Looks interesting, will have to keep it in mind for wlan sec.


Just remember that it is NOT a tunneling keying protocol.  It runs ESP 
in Transport mode, even if you are using BEET ESP mode.  You can run a 
tunneling protocol within it.  I am working on that


HIP is NOT a VPN alternative.  It is really host-to-host security.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum provides on centos 5.2

[Steve Tindall]

On Thu, 2008-08-28 at 13:50 +1200, Spiro Harvey, Knossos Networks Ltd
wrote:

> > Include the path:
> 
> Doesn't that defeat the purpose? My favourite use of the "whatprovides" 
> feature of yum is could find things that aren't on my system. I'd prefer 
> not to go on a wild path chase. :)
> 
> This looks like a bug to me.
> 
> 
> On CentOS 5.1 (yum 3.0.5):
> 
> # yum provides uname | awk '/i386|noarch/ {print $1}'
> uucp.i386
> ...
> coreutils.i386
> 
>
> on CentOS 5.2 (yum 3.2.8), No Matches found


That's not a bug, that's a “feature”. :-D


Historically, “yum provides” dumped the kitchen sink on you and you had
to wade through the debris to find what you wanted.

Looks like the new “feature” went a bit too far the other way.


Steve

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum provides on centos 5.2

[Spiro Harvey, Knossos Networks Ltd]

Steve Tindall wrote:

Looks like the new “feature� went a bit too far the other way.


Roger that.

From too much to not enough. We must bring balance back to the force.


--
Spiro Harvey  Knossos Networks Ltd
021-295-1923www.knossos.net.nz

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strategy for using CentOS on laptops in an NIS environment

[Nicolas KOWALSKI]

On Wed, Aug 27, 2008 at 08:45:05PM -0400, Alfred von Campe wrote:
> We use NIS (ypbind) and Kerberos at work for all our Linux and Unix  
> systems.  Home directories are mounted via autofs from an NIS map.   
> Everything works just fine as long as all network resources are  
> available (however, things turn ugly when the NIS servers are not  
> reachable).  

Yes, NIS and autofs/NFS are usefull, but only in a fully connected 
environment.


> What are other strategies that you use to deal with off-network use in 
> an NIS environment?

I would suggest you configure their laptops outside of your 
NIS/autofs/NFS environment, create them specific accounts on the 
laptops, and make them use replication of their office home directories 
and resources on the laptop with Unison [1] (and ssh as a transport). 
This way, before they gome home/outside, they replicate from office to 
laptop their files; when they go back to office, they push back the 
modifications.

In my lab, this stragegy works well since years.


[1] http://www.cis.upenn.edu/~bcpierce/unison/

-- 
Nicolas
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] problem with slave dns servers

[Mark Quitoriano]

Hi,

I have 4 bind9 dns installed on centos 4. My primary dns server went down
and all of my domains doesn't resolve even if the 3 slave dns is up and
running. Im not sure where to configure this is it in my domain registration
or in bind?


-- 
Regards,
Mark Quitoriano
Blog | http://mark.quitoriano.org
VicidialNOW! | http://www.vicidialnow.com
APUG! | http://asterisk.org.ph
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos