[CentOS-announce] CEBA-2011:1413 CentOS 5 x86_64 nss_ldap Update
CentOS Errata and Bugfix Advisory 2011:1413
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1413.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
9685cce41f19d878310bf2a386a835e9 nss_ldap-253-42.el5_7.4.i386.rpm
428157c3998497d3331580a7ee90c1e4 nss_ldap-253-42.el5_7.4.x86_64.rpm
Source:
bb22d466e11a210e3c2e7a5c8c8e0a97 nss_ldap-253-42.el5_7.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2011:1413 CentOS 5 i386 nss_ldap Update
CentOS Errata and Bugfix Advisory 2011:1413
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1413.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
9685cce41f19d878310bf2a386a835e9 nss_ldap-253-42.el5_7.4.i386.rpm
Source:
bb22d466e11a210e3c2e7a5c8c8e0a97 nss_ldap-253-42.el5_7.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-es] Pregunta shorewall
slds lista , tengo una pregunta abra alguna manera de decirle al shorewall q en ves de q use el archivo mesagges dentro del var/log sea x asi decir iptables ? es que necesito ver los mensajes generales del sistema y shorewall genera mucho trafico. sldss -- rickygm http://gnuforever.homelinux.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Pregunta shorewall
2011/11/1 troxlinux xserverli...@gmail.com slds lista , tengo una pregunta abra alguna manera de decirle al shorewall q en ves de q use el archivo mesagges dentro del var/log sea x asi decir iptables ? es que necesito ver los mensajes generales del sistema y shorewall genera mucho trafico. sldss -- rickygm http://gnuforever.homelinux.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Aqui esta la informacion: http://www.shorewall.net/shorewall_logging.html -- Diego Chacón Rojas Teléfono: +506 2258.5757 E-mail: di...@gridshield.net Gridshield: I.T. Service Management ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] LC_ALL=C y segmentation fault
Vaya, no quisiera ver a nadie en esa situacion... y menos si te tratara de algo en produccion Estimado, seria ideal que indicaras la version que usas del CentOS y sobre todo, que hiciste al agregar ese disco (comandos) Tengo un Post de RedHat que me parece es lo que esta pasando https://bugzilla.redhat.com/show_bug.cgi?id=220873 En resumen, el BUG indica que si detienes el servicio 'rpcidmapd' y luego haces un 'umount -a', entonces desmontaras el rpc_pipefs. Luego, cuando intentas reiniciar el servicio 'rpcidmapd' (o el servicio 'nfs' que a su vez inicia el servicio 'rpcidmapd') te aparece el error Starting RPC idmapd: Error: RPC MTAB does not exist. Lo del segmentation fault puede ser originado al intentar forzar el reinicio del servicio. En el enlace adjunto trata varias posibles soluciones Espero te sirva de algo... Saludos El 31 de octubre de 2011 19:53, Diego Sanchez dieg...@gmail.com escribió: Estimados Tuve que reiniciar un server de mi casa, para agregarle un HD. Al encenderlo nuevamente, comenzo a arrojar los siguientes errores en pantalla: http://imageshack.us/photo/my-images/189/img2011103100051.jpg/ Alguna idea que puede estar pasando? y lo mas importante, alguna idea de como solucionarlo? Aclaro, que tiene 4 gb de ram, y probe usar de a 1gb para ver cual fallaba. memtest86, no mostro ningun error analizando de a 1gb y el segmentation fault sigue ahi. Por ahora, la unica forma que tengo de arreglarlo es entrando en single user, y reinstalando los paquetes. Eso si, si reinicio, los errores vuelven. -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) | http://about.me/diegors/bio Vivo gracias al SL, pero los talibanes, merecen un wipe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] LC_ALL=C y segmentation fault
Pues, lo que hice fue: root# shutdown -h now conectar el hd sata encender el equipo y sufrir porque no levanto mas. La version de Centos , es la 5.5 No instalé nada, ni actualice nada. Desde la ultima vez que lo hice (dos o 3 meses), reinicie varias veces ya. No quiero pecar de osado al decir: creo que no estaba activado nfs/rpcidmapd , principalmente, porque reinstale esta mañana con la netinstall Tampoco utilice umount -a (a menos que lo use linux al reiniciar el SO). Mas o menos, llegue a solucionarlo asi: 1. Descomprimi una .iso del dvd a un pendrive 2. Reinstalando paquetes de a uno (con --force para sobreescribir los archivos) 3. reiniciando y viendo que errores seguia mostrando 4. volviendo al punto 2 5. se hicieron las 4am. Logré avanzar mucho, pero me canse y reinstale todo ... 6. me vine a trabajar sin dormir ¬¬ Agendo el link, por si me llega a pasar otra vez. Gracias por la data PD: que no sea un server laboral, y lo utilice desde mi casa, no significa que no esta en produccion ;-D (tenia un mrtg monitoreando conexiones adsl, y un nagios bonitamente configurado monitoreando los servicios de algunos clientes, y un vpn server ) El 1 de noviembre de 2011 17:01, Fernando Díaz sirf...@gmail.com escribió: Vaya, no quisiera ver a nadie en esa situacion... y menos si te tratara de algo en produccion Estimado, seria ideal que indicaras la version que usas del CentOS y sobre todo, que hiciste al agregar ese disco (comandos) Tengo un Post de RedHat que me parece es lo que esta pasando https://bugzilla.redhat.com/show_bug.cgi?id=220873 En resumen, el BUG indica que si detienes el servicio 'rpcidmapd' y luego haces un 'umount -a', entonces desmontaras el rpc_pipefs. Luego, cuando intentas reiniciar el servicio 'rpcidmapd' (o el servicio 'nfs' que a su vez inicia el servicio 'rpcidmapd') te aparece el error Starting RPC idmapd: Error: RPC MTAB does not exist. Lo del segmentation fault puede ser originado al intentar forzar el reinicio del servicio. En el enlace adjunto trata varias posibles soluciones Espero te sirva de algo... Saludos El 31 de octubre de 2011 19:53, Diego Sanchez dieg...@gmail.com escribió: Estimados Tuve que reiniciar un server de mi casa, para agregarle un HD. Al encenderlo nuevamente, comenzo a arrojar los siguientes errores en pantalla: http://imageshack.us/photo/my-images/189/img2011103100051.jpg/ Alguna idea que puede estar pasando? y lo mas importante, alguna idea de como solucionarlo? Aclaro, que tiene 4 gb de ram, y probe usar de a 1gb para ver cual fallaba. memtest86, no mostro ningun error analizando de a 1gb y el segmentation fault sigue ahi. Por ahora, la unica forma que tengo de arreglarlo es entrando en single user, y reinstalando los paquetes. Eso si, si reinicio, los errores vuelven. -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) | http://about.me/diegors/bio Vivo gracias al SL, pero los talibanes, merecen un wipe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) | http://about.me/diegors/bio Vivo gracias al SL, pero los talibanes, merecen un wipe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] What happened to 6.1
If absolute 100% binary compatibility is not required, but admin-level compatibility and source-level compatibility with upstream EL is, Scientific Linux is covering that niche, and has their 6.1 out. In which concrete use cases is 100% binary compatibility important? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NSS ldap problems
On Tue, 1 Nov 2011, Trey Dockendorf wrote: One difference I ran into with samba authentication is in cent 5 /etc/pam.d/system-auth-ac is the file to change but in cent 6 its /etc/pam.d/password-auth-ac. I found that changes I made only to system-auth-ac in 5 had to be made to both system-auth-ac and password-auth-ac in 6. This was to have authentication work for things like ssh and sudo in centos 6. It is worth noting that those files should only be edited as a last resort. You should go through authconfig if possible. #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What happened to 6.1
Hi, On Tue, Nov 1, 2011 at 10:13 AM, Mathieu Baudier mbaud...@argeo.org wrote: If absolute 100% binary compatibility is not required, but admin-level compatibility and source-level compatibility with upstream EL is, Scientific Linux is covering that niche, and has their 6.1 out. In which concrete use cases is 100% binary compatibility important? I am no expert in compiling RPMs, but just recently I experienced the following: After installing a previous version of 3rd party SOGo RPM and reporting to the developers that the service wouldn't start after installation, I was informed that the RPM had been compiled on Scientific Linux 6.1 and because of binary incompatibility the RPM did not work under RHEL/CentOS. They recompiled on CentOS and the updated RPM installed/worked fine on my system. So if CentOS wouldn't be 100% compatible with RHEL, I guess we would start seeing more cases where programs compiled on RHEL might not run on CentOS. If you use just the base RPMs provided by the distro, this is no problem. But if you rely on some commercial / 3rd party RPMs, you might start facing problems. At least this is how I understood it, please correct me if I've got it wrong :) Best, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplicated packages in CR repo?
hi Patrick, On 10/31/2011 11:29 AM, Patrick Hurrelmann wrote: thanks for quickly handling this. But aren't the updated xorg-x11-server packages now missing in total? Or are they not yet ready for cr? They are missing from the CR repo now, I've got the srpm and debug info stuff going out at the moment, and these are just waiting in queue behind those. I could rebuild them and manually shovel them over.. - KB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/2011 06:53 AM, Eero Volotinen wrote: 2011/11/1 Bob Hoffmanb...@bobhoffman.com: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. I read some stories about microsoft wanting to work closer with centos http://www.theregister.co.uk/2011/05/17/microsoft_and_centos/ I have to update to centos 6 due to some needs of clients who need newer mysql and php (and installing them on centos5 was too hard for me). You can get updated php and mysql from ius community repo. http://iuscommunity.org/ I don't think the real question here is whether you can get updated packages from somewhere but if it's worthwhile to build upon centos when it's becoming increasingly difficult for centos to make releases. People like me are going to install a lot of systems in the coming months and years and upgrade older ones as well. Given that the problems we are seeing now don't seem to be temporary but are going to be around and probably get worse due to the upstream changes it is just prudent to consider to move to a more sustainable base. Lack of communication from the core team in these matters doesn't improve the situation either. I would expect some sort of announcement that the CR repo will fully replace the point releases as that seems to be the case now. The only thing that is missing then is ISO releases of updated versions and perhaps more importantly installation ISOs with updated kernels (you cannot install centos/rhel 6 on some systems with intel NICs due to a kernel bug but this is fixed in 6.1). Given that the status of 6.1 on the 1st of Sept. was CentOS 6.1 current status : 16 packages still don't built/link like they should. So no installable tree/ISO is currently available for the QA team to test. no ETA for that I don't see much hope for the future of point releases in centos. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
2011/11/1 Dennis Jacobfeuerborn denni...@conversis.de: On 11/01/2011 06:53 AM, Eero Volotinen wrote: 2011/11/1 Bob Hoffmanb...@bobhoffman.com: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. I read some stories about microsoft wanting to work closer with centos http://www.theregister.co.uk/2011/05/17/microsoft_and_centos/ I have to update to centos 6 due to some needs of clients who need newer mysql and php (and installing them on centos5 was too hard for me). You can get updated php and mysql from ius community repo. http://iuscommunity.org/ I don't think the real question here is whether you can get updated packages from somewhere but if it's worthwhile to build upon centos when it's becoming increasingly difficult for centos to make releases. Well, I mainly use RHEL on production systems - for many reasons. You can also try use scientific linux.. br, -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Tue, Nov 1, 2011 at 7:58 AM, Eero Volotinen eero.voloti...@iki.fi wrote: 2011/11/1 Dennis Jacobfeuerborn denni...@conversis.de: On 11/01/2011 06:53 AM, Eero Volotinen wrote: 2011/11/1 Bob Hoffmanb...@bobhoffman.com: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. I read some stories about microsoft wanting to work closer with centos http://www.theregister.co.uk/2011/05/17/microsoft_and_centos/ I have to update to centos 6 due to some needs of clients who need newer mysql and php (and installing them on centos5 was too hard for me). You can get updated php and mysql from ius community repo. http://iuscommunity.org/ I don't think the real question here is whether you can get updated packages from somewhere but if it's worthwhile to build upon centos when it's becoming increasingly difficult for centos to make releases. Well, I mainly use RHEL on production systems - for many reasons. You can also try use scientific linux.. br, Eero When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What happened to 6.1
Vreme: 11/01/2011 11:02 AM, Peter Peltonen piše: Hi, On Tue, Nov 1, 2011 at 10:13 AM, Mathieu Baudiermbaud...@argeo.org wrote: If absolute 100% binary compatibility is not required, but admin-level compatibility and source-level compatibility with upstream EL is, Scientific Linux is covering that niche, and has their 6.1 out. In which concrete use cases is 100% binary compatibility important? I am no expert in compiling RPMs, but just recently I experienced the following: After installing a previous version of 3rd party SOGo RPM and reporting to the developers that the service wouldn't start after installation, I was informed that the RPM had been compiled on Scientific Linux 6.1 and because of binary incompatibility the RPM did not work under RHEL/CentOS. They recompiled on CentOS and the updated RPM installed/worked fine on my system. So if CentOS wouldn't be 100% compatible with RHEL, I guess we would start seeing more cases where programs compiled on RHEL might not run on CentOS. If you use just the base RPMs provided by the distro, this is no problem. But if you rely on some commercial / 3rd party RPMs, you might start facing problems. At least this is how I understood it, please correct me if I've got it wrong :) The whole point in creating binary compatible clone distro, in this case CentOS is so you can use paid RHEL and CentOS in same maintenance environment, or at first use CentOS and easily switch to RHEl if you start needing paid support (like when your company starts making real money, admin stops being available all the time, etc...). In that case, you can Install CentOS and some paid (or OSS) application and set everything up. System will receive updates for next 7 years before EOL. If you expand your business in next 2-3 years, and your online business becomes critical, you can buy support from Red Hat and easily switch to RHEL (you would change several packages and system would slowly become full RHEL). If packets are not binary compatible, then your application could stop working in expected manner. Another use case is when you buy RHEL certified Application. Since CentOS is (still) binary compatible, many Software developers will accept CentOS as RHEL compatible system and provide you same support as to RHEL customer. If you would install on some other systems, they could deny you full support since your system is not certified for their Application. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
In article calkwpeyupru5az9xu_d_brjc0m_e9xdlh1t5iub2u8rvrze...@mail.gmail.com, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. Except that the other day, Johnny posted this: I can tell you that we have been contacted by upstream to make sure we **UNDERSTAND** the new AUP restrictions on distribution. I can also tell you that we (CentOS) are doing everything in our power to meet the restrictions as they were explained to us. which sounds like RH making it clear that their changes are aimed at CentOS too. Pity... perhaps RH have had a change of manager somewhere... Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplicated packages in CR repo?
On 01.11.2011 11:46, Karanbir Singh wrote: hi Patrick, On 10/31/2011 11:29 AM, Patrick Hurrelmann wrote: thanks for quickly handling this. But aren't the updated xorg-x11-server packages now missing in total? Or are they not yet ready for cr? They are missing from the CR repo now, I've got the srpm and debug info stuff going out at the moment, and these are just waiting in queue behind those. I could rebuild them and manually shovel them over.. - KB Hi KB, no, thats fine for me. I'm not in need for that packages. Thanks for you work. Regards Patrick -- Lobster LOGsuite GmbH, Hauptstraße 67, D-82327 Tutzing HRB 178831, Amtsgericht München Geschäftsführer: Dr. Martin Fischer, Rolf Henrich ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What happened to 6.1
On Tue, Nov 1, 2011 at 3:02 AM, Peter Peltonen peter.pelto...@gmail.com wrote: Hi, On Tue, Nov 1, 2011 at 10:13 AM, Mathieu Baudier mbaud...@argeo.org wrote: If absolute 100% binary compatibility is not required, but admin-level compatibility and source-level compatibility with upstream EL is, Scientific Linux is covering that niche, and has their 6.1 out. But then, CentOS does not give you absolute 100% binary compatibility either. No clone distros would (see below). After installing a previous version of 3rd party SOGo RPM and reporting to the developers that the service wouldn't start after installation, I was informed that the RPM had been compiled on Scientific Linux 6.1 and because of binary incompatibility the RPM did not work under RHEL/CentOS. They recompiled on CentOS and the updated RPM installed/worked fine on my system. This does not seem like a case of binary incompatibility as it is referred to in this thread. For example, if a package is built against a _specific_ version of another package in EL6.1 (let's say, a version of kernel in 6.1), that package will have a compatibility issue with EL6.0 (in this example, kernel in 6.0). Binary compatibility is indeed a major thing for any clone distros and is nearly impossible to achieve. This is because the build environment is not disclosed by upstream (understandably) and rebuilders must do some guessing or 'trial error' work. Often times certain versions of packages that were never released are required for the building. Not all binary incompatibility will lead to real world consequences. If, for example, upstream builds a package that links to bogus libraries (that are never used by that package) and the rebuilt package does not have those links, there should not be any problem running it. But in rather rare cases, packages that were not built correctly can result in failure in applications. For example: http://bugs.centos.org/view.php?id=4964 As you can see, there is yet another item that makes rebuilding not easy: build order. Package A-1.2.3 requires package B-4.5.6. So, package B-4.5.6 must be built _before_ package A. We certainly cannot blame the CentOS devs (nor the QA team!) for this particular instance. It is simply extremely difficult to check every single case like that. No clone distros, including CentOS and Scientific Linux, are perfect. If someone asks which of the two has a better binary compatibility, I would answer, they are equally good. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What happened to 6.1
On Tue, Nov 1, 2011 at 10:12 AM, Akemi Yagi amy...@gmail.com wrote: No clone distros, including CentOS and Scientific Linux, are perfect. If someone asks which of the two has a better binary compatibility, I would answer, they are equally good. One of the 'selling points' as a big reason to use open source is that you can fix problems or add features on your own by rebuilding from source. If, in fact, you cannot rebuild a src rpm and get a working copy then in that respect you might as well be using closed, proprietary software. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NSS ldap problems
On Mon, 31 Oct 2011, Mitch Patenaude wrote: I'm having trouble setting up ldap based authenication. I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine. However, I set up a virtual box running CentOS 6, and I can't get it to authenicate. Others have mentioned some good ideas, so consider these additions to the pile. :-) Is SSL configured correctly? Do you have a copy of the CA certificate in the right place? Is the CentOS 6 box querying the correct port (389 or 636) in your environment? Is the CentOS 6 box running sssd? If so, take a look at /etc/sssd/sssd.conf to see if its configuration looks correct for your environment. I assume there are no firewalls in place blocking LDAP traffic, but it never hurts to ask. :-/ Can you run ldapsearch on the CentOS 6 box and connect to the LDAP server? Are there any SELinux warnings in your audit log? (Unlikely, but possible.) If you run tcpdump on the LDAP server, can you see any traffic whatsoever from the CentOS 6 box? -- Paul Heinlein heinl...@madboa.com http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/2011 01:46 AM, Bob Hoffman wrote: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. Having spoken to folks at Red Hat in an unofficial capacity, I strongly believe that CentOS is appreciated by Red Hat. Changes Red Hat makes have nothing to do with throwing off CentOS. They do what they do for reasons that, to them, make technical and business sense. Nothing more. -- Digimer E-Mail: digi...@alteeve.com Freenode handle: digimer Papers and Projects: http://alteeve.com Node Assassin: http://nodeassassin.org omg my singularity battery is dead again. stupid hawking radiation. - epitron ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
Vreme: 11/01/2011 04:50 PM, Digimer piše: On 11/01/2011 01:46 AM, Bob Hoffman wrote: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. Having spoken to folks at Red Hat in an unofficial capacity, I strongly believe that CentOS is appreciated by Red Hat. Changes Red Hat makes have nothing to do with throwing off CentOS. They do what they do for reasons that, to them, make technical and business sense. Nothing more. Then Red Hat should see what problems CentOS team has and try to help them even with behind closed doors, like giving them tips what order to use to build packages, etc. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 81, Issue 1
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of CentOS-announce digest...
Today's Topics:
1. CEBA-2011:1413 CentOS 5 x86_64 nss_ldap Update (Johnny Hughes)
2. CEBA-2011:1413 CentOS 5 i386 nss_ldap Update (Johnny Hughes)
--
Message: 1
Date: Tue, 1 Nov 2011 10:10:30 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CEBA-2011:1413 CentOS 5 x86_64 nss_ldap
Update
To: centos-annou...@centos.org
Message-ID: 2001101030.ga16...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2011:1413
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1413.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
9685cce41f19d878310bf2a386a835e9 nss_ldap-253-42.el5_7.4.i386.rpm
428157c3998497d3331580a7ee90c1e4 nss_ldap-253-42.el5_7.4.x86_64.rpm
Source:
bb22d466e11a210e3c2e7a5c8c8e0a97 nss_ldap-253-42.el5_7.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Tue, 1 Nov 2011 10:10:30 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CEBA-2011:1413 CentOS 5 i386 nss_ldap
Update
To: centos-annou...@centos.org
Message-ID: 2001101030.ga16...@chakra.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2011:1413
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1413.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
9685cce41f19d878310bf2a386a835e9 nss_ldap-253-42.el5_7.4.i386.rpm
Source:
bb22d466e11a210e3c2e7a5c8c8e0a97 nss_ldap-253-42.el5_7.4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 81, Issue 1
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Tue, Nov 1, 2011 at 8:58 AM, Ljubomir Ljubojevic off...@plnet.rs wrote: Vreme: 11/01/2011 04:50 PM, Digimer piše: On 11/01/2011 01:46 AM, Bob Hoffman wrote: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. Having spoken to folks at Red Hat in an unofficial capacity, I strongly believe that CentOS is appreciated by Red Hat. Changes Red Hat makes have nothing to do with throwing off CentOS. They do what they do for reasons that, to them, make technical and business sense. Nothing more. Then Red Hat should see what problems CentOS team has and try to help them even with behind closed doors, like giving them tips what order to use to build packages, etc. I also see that Red Hat would appreciate CentOS but may not actively provide helping hands. One major contribution CentOS makes is to help maintain the Red Hat ecosystem as was pointed out by others. If it was not for CentOS, I would not have my current RHEL entitlement. :-) Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. See the trend at: http://w3techs.com/technologies/history_details/os-linux Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/2011 12:27 PM, Akemi Yagi wrote: On Tue, Nov 1, 2011 at 8:58 AM, Ljubomir Ljubojevic off...@plnet.rs wrote: Vreme: 11/01/2011 04:50 PM, Digimer piše: On 11/01/2011 01:46 AM, Bob Hoffman wrote: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. Having spoken to folks at Red Hat in an unofficial capacity, I strongly believe that CentOS is appreciated by Red Hat. Changes Red Hat makes have nothing to do with throwing off CentOS. They do what they do for reasons that, to them, make technical and business sense. Nothing more. Then Red Hat should see what problems CentOS team has and try to help them even with behind closed doors, like giving them tips what order to use to build packages, etc. I also see that Red Hat would appreciate CentOS but may not actively provide helping hands. One major contribution CentOS makes is to help maintain the Red Hat ecosystem as was pointed out by others. If it was not for CentOS, I would not have my current RHEL entitlement. :-) Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. See the trend at: http://w3techs.com/technologies/history_details/os-linux Akemi One thing that, I believe, would go a long way to helping CentOS would be for those of us who have purchased RHEL licenses after using CentOS to actually tell Red Hat this. If the bean counters hear from customers that they *are* customers thanks to their ability to use CentOS earlier on, it would help bolster the arguments coming from the technical folk who see the value in CentOS. -- Digimer E-Mail: digi...@alteeve.com Freenode handle: digimer Papers and Projects: http://alteeve.com Node Assassin: http://nodeassassin.org omg my singularity battery is dead again. stupid hawking radiation. - epitron ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
Dne 1.11.2011 17:27, Akemi Yagi napsal(a): Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. Well, there are no other RHEL clones except SL/Centos. We have quite large infrastructure and we want it homogeneous as possible. Because we run a few boxes with IBM, Ora stuff we need certified OSes, certified is only RHEL or SuSE. So we are using RHEL and Centos. We have been running happily and smoothly for a few years with this concept. Because of the lastest issues with CentOS we are really considering moving back to Debian. DH ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
Vreme: 11/01/2011 05:27 PM, Akemi Yagi piše: On Tue, Nov 1, 2011 at 8:58 AM, Ljubomir Ljubojevicoff...@plnet.rs wrote: Vreme: 11/01/2011 04:50 PM, Digimer piše: On 11/01/2011 01:46 AM, Bob Hoffman wrote: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. Having spoken to folks at Red Hat in an unofficial capacity, I strongly believe that CentOS is appreciated by Red Hat. Changes Red Hat makes have nothing to do with throwing off CentOS. They do what they do for reasons that, to them, make technical and business sense. Nothing more. Then Red Hat should see what problems CentOS team has and try to help them even with behind closed doors, like giving them tips what order to use to build packages, etc. I also see that Red Hat would appreciate CentOS but may not actively provide helping hands. One major contribution CentOS makes is to help maintain the Red Hat ecosystem as was pointed out by others. If it was not for CentOS, I would not have my current RHEL entitlement. :-) Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. See the trend at: http://w3techs.com/technologies/history_details/os-linux Yeah, overall loss (RHEL+CentOS+Fedoara) is almost 7%. Too bad Red Hat is blind to this trend. It WILL hurt them in the long run. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
- Original Message - From: Bob Hoffman b...@bobhoffman.com To: CentOS mailing list centos@centos.org Sent: Monday, October 31, 2011 10:46:57 PM Subject: [CentOS] redhat vs centos I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. I read some stories about microsoft wanting to work closer with centos http://www.theregister.co.uk/2011/05/17/microsoft_and_centos/ I have to update to centos 6 due to some needs of clients who need newer mysql and php (and installing them on centos5 was too hard for me). I am thinking of going ubuntu server but at the same time I have this feeling centos team will pull through, make a new method to streamline this, and redhat will back down and stop being REDa$$-hats. Redhat thinks us 'freebie' people will move to them to get the quicker updates and releases. I look at the pricing and I say they must be out of their minds. The server comes at 1,999 a year for 2 sockets and more than 4 guests...which is what I would need. The virtualization package, which may or may not be needed is thousands more. All for one server. You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. that ain't gonna happen. Personally I am thinking of staying away from all red hat clones due to redhat's actions for my own security. The only thing on the horizon I see is ubuntu server as best supported and up to date. I am teetering tonight. I have downloaded it and am thinking of wiping my new centos6 install and trying it out. How do you all feel about this turn of events and what is your gut feeling on where this is going? And how about them hard drive prices?!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4 Dovecot Problem
On Sun, Oct 23, 2011 at 10:19 AM, John Hinton webmas...@ew3d.com wrote: For those of you that still are running CentOS 4... I have one system that is still going... there is a problem with the newest release of Dovecot under mbox. Certain spam is causing this error when users try to log on. file lib.c: line 37 (nearest_power): assertion failed: (num = ((size_t)1 (BITS_IN_SIZE_T-1))) Rolling back to a previous release fixes these issues. I'm not bothering to file a bug with Redhat as the EOL is rapidly approaching and I just about have my one system's users moved to a new server. I have not as of yet seen this problem on CentOS 5 mbox systems, but I don't have many users on those systems either as I'm 'slowly' migrating all to CentOS 6 Maildir systems. I got bit by this bug as well. I rolled back to dovecot-0.9.11-9 for now until I find time to upgrade to CentOS 5 or 6. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/11 9:47 AM, David Hrbáč wrote: Well, there are no other RHEL clones except SL/Centos. coughOracle Enterprise Linux/cough -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
Tony Mountifield wrote: In article calkwpeyupru5az9xu_d_brjc0m_e9xdlh1t5iub2u8rvrze...@mail.gmail.com, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. Except that the other day, Johnny posted this: I can tell you that we have been contacted by upstream to make sure we **UNDERSTAND** the new AUP restrictions on distribution. I can also tell you that we (CentOS) are doing everything in our power to meet the restrictions as they were explained to us. which sounds like RH making it clear that their changes are aimed at CentOS too. This sounds more like a butt covering exercise by lawyers, remember this all comes from the USA where there are FAR TOO MANY lawyers. To be able to enforce a possible claim under this AUP restriction, they will need to show that those involved with use of the code, under this new clause, understand and have been communicated with...etc. As I said, a butt covering exercise - rather than any expressed attempt at intimidation or enforcement - just my $0.01 worth. Pity... perhaps RH have had a change of manager somewhere... Cheers Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NSS ldap problems [SOLVED]
Thanks to everybody for their suggestions, and for the pointer to getent, which was a gap in my sysadmin toolchest. I figured out the problem. The problem was that nslcd wasn't starting properly because the nslcd user didn't exist. We're using the same base passwd file for both centos5 and centos6, and that extra user didn't get added. Switching /etc/nslcd.conf to use an extant uid/gid allowed nslcd to start, and that allowed the query to work, and the test user can log in. I had never heard of nslcd--and it doesn't appear to have any man pages :-/, but inspection of the config file yields the impression of nscd for ldap, and it's config either supersedes or replaces /etc/ldap.conf. Thanks for all the good ideas, -- Mitch Patenaude mpatena...@shutterfly.com From: Mitch Patenaude mpatena...@shutterfly.commailto:mpatena...@shutterfly.com Date: Mon, 31 Oct 2011 15:10:31 -0700 To: CentOS mailing list centos@centos.orgmailto:centos@centos.org Subject: NSS ldap problems I'm having trouble setting up ldap based authenication. I have a virtual (KVM) CentOS 5.4 box set up to authenticate to a 389 (fedora) directory server, and that works fine. However, I set up a virtual box running CentOS 6, and I can't get it to authenicate. I've run authconfig with the appropriate flags, ldapsearch properly finds the data, but I can't log in. /var/log/secure shows that it doesn't find the user, and as a test I came up with the following perl snippet: perl -e 'print join( ,getpwnam(testuser)),\n;' And it properly finds the test user on the 5.4 box, but not the 6.0 box. I've checked /etc/ldap.conf and /etc/openldap/ldap.conf and both seem about right. Here are the ldap related packaged installed on the 6.0 box: [root@vburntest02 ~]# rpm -qa | grep ldap openldap-2.4.19-15.el6_0.2.x86_64 pam_ldap-185-5.el6.x86_64 nss-pam-ldapd-0.7.5-3.el6.x86_64 openldap-clients-2.4.19-15.el6_0.2.x86_64 apr-util-ldap-1.3.9-3.el6.x86_64 Any idea what to check next? Thanks, -- Mitch ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
David Miller wrote --- You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. --- From what I saw on the redhat site they have also taken away that support/subscription model. They have standard support as minimum, for me it would be 4,000+ or more for my 2 little non-commercial servers...forget it. With redhat doing this, I think I would stay away from all redhat variants. Really close to just wiping the install and going with U.LTS (ubuntu server). The guys at centos make it possible for people to get into redhat that are not huge businesses. I can see a small business hosting company paying 2,000 a year per server just to lease a 100/month dedicated server. Redhat is losing vision for profits here. It is not so hard to find other avenues. I would rather pay them something like 300 a year for each computer, that is coolbut 2,000? No thank you. The reason I went with centos is I DID try redhat. The support for redhat was terrible. It would take weeks of emails just to get someone who understood the question. I figured why pay for all that completely useless support and just go free and figure it out myself. Centos is fun, but I am kinda interested in more modern packages that ubu seems to offer. Worried about having to relearn a full system though. Redhat is killing itself in my opinion, just my opinion. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/2011 02:27 PM, Bob Hoffman wrote: David Miller wrote --- You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. --- From what I saw on the redhat site they have also taken away that support/subscription model. They have standard support as minimum, for me it would be 4,000+ or more for my 2 little non-commercial servers...forget it. They still very much offer self-support versions. In Canada, I believe the MSRP is ~$350/yr or $990/3yr. Don't quote me on the prices, obviously, but you can quote me on the availability of the self-support versions. -- Digimer E-Mail: digi...@alteeve.com Freenode handle: digimer Papers and Projects: http://alteeve.com Node Assassin: http://nodeassassin.org omg my singularity battery is dead again. stupid hawking radiation. - epitron ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Tue, Nov 01, 2011 at 01:57:29PM -0400, Rob Kampen wrote: Tony Mountifield wrote: In article calkwpeyupru5az9xu_d_brjc0m_e9xdlh1t5iub2u8rvrze...@mail.gmail.com, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. Except that the other day, Johnny posted this: I can tell you that we have been contacted by upstream to make sure we **UNDERSTAND** the new AUP restrictions on distribution. I can also tell you that we (CentOS) are doing everything in our power to meet the restrictions as they were explained to us. which sounds like RH making it clear that their changes are aimed at CentOS too. This sounds more like a butt covering exercise by lawyers, remember this all comes from the USA where there are FAR TOO MANY lawyers. To be able to enforce a possible claim under this AUP restriction, they will need to show that those involved with use of the code, under this new clause, understand and have been communicated with...etc. As I said, a butt covering exercise - rather than any expressed attempt at intimidation or enforcement - just my $0.01 worth. Pity... perhaps RH have had a change of manager somewhere... Can someone point me to some place where I can learn what the new AUP restrictions are? I'm sure there's a docuyment somewhere on the RH web site, but how would I know which parts are new (since I haven't been faithfully reading it from time to time.) ?? Also, one wonders, since most of it is GPL (or gpl-compatible), how can they place acceptable use policies on it? (some of the non-gpl parts, sure, but...) -- Fred Smith -- fre...@fcshome.stoneham.ma.us - But God demonstrates his own love for us in this: While we were still sinners, Christ died for us. --- Romans 5:8 (niv) -- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/11 12:09 PM, fred smith wrote: Also, one wonders, since most of it is GPL (or gpl-compatible), how can they place acceptable use policies on it? (some of the non-gpl parts, sure, but...) the AUP is on the services that RH provides. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 4 Dovecot Problem
on 11/1/2011 10:30 AM Grant McChesney spake the following: On Sun, Oct 23, 2011 at 10:19 AM, John Hintonwebmas...@ew3d.com wrote: For those of you that still are running CentOS 4... I have one system that is still going... there is a problem with the newest release of Dovecot under mbox. Certain spam is causing this error when users try to log on. file lib.c: line 37 (nearest_power): assertion failed: (num= ((size_t)1 (BITS_IN_SIZE_T-1))) Rolling back to a previous release fixes these issues. I'm not bothering to file a bug with Redhat as the EOL is rapidly approaching and I just about have my one system's users moved to a new server. I have not as of yet seen this problem on CentOS 5 mbox systems, but I don't have many users on those systems either as I'm 'slowly' migrating all to CentOS 6 Maildir systems. I got bit by this bug as well. I rolled back to dovecot-0.9.11-9 for now until I find time to upgrade to CentOS 5 or 6. DO yourself a favor and use a dovecot from a third party repo... the 0.9 series is YEARS old. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
2011/11/1 David Hrbáč david-li...@hrbac.cz: Dne 1.11.2011 17:27, Akemi Yagi napsal(a): Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. Well, there are no other RHEL clones except SL/Centos. We have quite Yes, there is: http://puias.math.ias.edu/ -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux and SETroubleshootd woes in CR
I'm setting up a dedicated database server, and since this will be a
central service to my various web servers I wanted it to be as secure as
possible...so I am leaving SELinux enabled. However I'm having trouble
getting Apache to use mod_auth_pam. I also now can't get setroubleshootd
working to send me notifications of the denials and provide tips to solve
the problem.
The Apache service has this directive on the default vhost,
---
Directory /usr/share/phpMyAdmin
AuthPAM_Enabled on
AllowOverride None
AuthName HTTP Auth
AuthType basic
require valid-user
/Directory
When I attempt to authenticate I noticed this in /var/log/secure
Nov 1 15:06:58 host httpd: PAM audit_open() failed: Permission denied
This is the entry from the audit log...
type=AVC msg=audit(1320178016.209:919): avc: denied { create } for
pid=22689 comm=unix_chkpwd scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:system_r:httpd_t:s0 tclass=netlink_audit_socket
type=SYSCALL msg=audit(1320178016.209:919): arch=c03e syscall=41
success=no exit=-13 a0=10 a1=3 a2=9 a3=7fff23386470 items=0 ppid=20102
pid=22689 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=107 comm=unix_chkpwd exe=/sbin/unix_chkpwd
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1320178018.386:920): avc: denied { create } for
pid=20102 comm=httpd scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:system_r:httpd_t:s0 tclass=netlink_audit_socket
type=SYSCALL msg=audit(1320178018.386:920): arch=c03e syscall=41
success=no exit=-13 a0=10 a1=3 a2=9 a3=0 items=0 ppid=20099 pid=20102
auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
tty=(none) ses=107 comm=httpd exe=/usr/sbin/httpd
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
As for setroubleshoot, I have a duplicate install working just fine on
another server, or at least it was working. I'm worried updating to CR may
have broken setroubleshootd. Mainly I'd like to know how to troubleshoot
that application. Messagebus is running.
Running setroubleshootd yields these results...
---
# setroubleshootd -f -V
2011-11-01 15:11:53,919 [database.DEBUG] created new database:
name=audit_listener, friendly_name=Audit Listener,
filepath=/var/lib/setroubleshoot/audit_listener_database.xml
2011-11-01 15:11:53,920 [database.DEBUG] database version 3.0 compatible
with current 3.0 version
2011-11-01 15:11:53,923 [plugin.DEBUG] load_plugins()
names=['httpd_bad_labels', 'allow_saslauthd_read_shadow',
'tftpd_write_content', 'allow_nfsd_anon_write', 'vbetool', 'allow_ypbind',
'httpd_use_cifs', 'file', 'allow_execheap', 'nfs_export_all_rw',
'allow_java_execstack', 'allow_httpd_sys_script_anon_write', 'samba_share',
'filesystem_associate', 'fcron_crond', 'inetd_bind_ports',
'named_write_master_zones', 'qemu_file_image', 'catchall',
'allow_mplayer_execstack', 'httpd_can_sendmail', 'httpd_enable_homedirs',
'wine', 'xen_image', 'secure_mode_policyload', 'allow_execmod',
'disable_ipv6', 'httpd_can_network_connect_db', 'sys_module', 'bind_ports',
'samba_export_all_rw', 'use_samba_home_dirs', 'rsync_data',
'allow_kerberos', 'httpd_ssi_exec', 'mmap_zero', 'global_ssp',
'allow_rsync_anon_write', 'cvs_data', 'allow_ftpd_anon_write', 'device',
'catchall_boolean', 'automount_exec_config', 'leaks', 'setenforce',
'ftpd_is_daemon', 'allow_zebra_write_config', 'firefox',
'nfs_export_all_ro', 'httpd_enable_cgi', 'httpd_tty_comm',
'public_content', 'ftp_home_dir', 'prelink_mislabled', 'allow_execstack',
'spamd_enable_home_dirs', 'sshd_root', 'samba_share_nfs',
'httpd_builtin_scripting', 'allow_ftpd_full_access', 'default',
'allow_ftpd_use_nfs', 'samba_enable_home_dirs', 'restorecon',
'selinuxpolicy', 'pppd_can_insmod', 'allow_daemons_dump_core',
'httpd_write_content', 'allow_httpd_anon_write', 'secure_mode_insmod',
'kernel_modules', 'samba_export_all_ro', 'httpd_enable_ftp_server',
'allow_postfix_local_write_mail_spool', 'execute', 'privoxy_connect_any',
'use_nfs_home_dirs', 'allow_smbd_anon_write', 'sys_resource',
'allow_ftpd_use_cifs', 'connect_ports', 'swapfile', 'httpd_use_nfs',
'httpd_can_network_relay', 'allow_cvs_read_shadow', 'squid_connect_any',
'mounton', 'qemu_blk_image', 'user_tcp_server', 'restore_source_context']
2011-11-01 15:11:53,923 [plugin.INFO] importing
/usr/share/setroubleshoot/plugins/__init__ as plugins
2011-11-01 15:11:55,114 [avc.DEBUG] Number of Plugins = 90
2011-11-01 15:11:55,116 [communication.DEBUG] parse_socket_address_list:
input='{unix}/var/run/setroubleshoot/setroubleshoot_server'
2011-11-01 15:11:55,117 [communication.DEBUG] parse_socket_address_list:
{unix}/var/run/setroubleshoot/setroubleshoot_server --
{unix}/var/run/setroubleshoot/setroubleshoot_server socket=None
2011-11-01 15:11:55,118 [communication.DEBUG] new_listening_socket:
{unix}/var/run/setroubleshoot/setroubleshoot_server
Re: [CentOS] SELinux and SETroubleshootd woes in CR
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/01/2011 04:16 PM, Trey Dockendorf wrote:
I'm setting up a dedicated database server, and since this will be
a central service to my various web servers I wanted it to be as
secure as possible...so I am leaving SELinux enabled. However I'm
having trouble getting Apache to use mod_auth_pam. I also now
can't get setroubleshootd working to send me notifications of the
denials and provide tips to solve the problem.
The Apache service has this directive on the default vhost,
--- Directory /usr/share/phpMyAdmin
AuthPAM_Enabled on AllowOverride None AuthName HTTP Auth AuthType
basic require valid-user /Directory
When I attempt to authenticate I noticed this in /var/log/secure
Nov 1 15:06:58 host httpd: PAM audit_open()
failed: Permission denied
This is the entry from the audit log... type=AVC
msg=audit(1320178016.209:919): avc: denied { create } for
pid=22689 comm=unix_chkpwd
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:system_r:httpd_t:s0
tclass=netlink_audit_socket type=SYSCALL
msg=audit(1320178016.209:919): arch=c03e syscall=41 success=no
exit=-13 a0=10 a1=3 a2=9 a3=7fff23386470 items=0 ppid=20102
pid=22689 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
sgid=48 fsgid=48 tty=(none) ses=107 comm=unix_chkpwd
exe=/sbin/unix_chkpwd subj=unconfined_u:system_r:httpd_t:s0
key=(null) type=AVC msg=audit(1320178018.386:920): avc: denied {
create } for pid=20102 comm=httpd
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:system_r:httpd_t:s0
tclass=netlink_audit_socket type=SYSCALL
msg=audit(1320178018.386:920): arch=c03e syscall=41 success=no
exit=-13 a0=10 a1=3 a2=9 a3=0 items=0 ppid=20099 pid=20102 auid=500
uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
tty=(none) ses=107 comm=httpd exe=/usr/sbin/httpd
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
As for setroubleshoot, I have a duplicate install working just fine
on another server, or at least it was working. I'm worried
updating to CR may have broken setroubleshootd. Mainly I'd like to
know how to troubleshoot that application. Messagebus is running.
Running setroubleshootd yields these results...
--- # setroubleshootd -f -V 2011-11-01 15:11:53,919
[database.DEBUG] created new database: name=audit_listener,
friendly_name=Audit Listener,
filepath=/var/lib/setroubleshoot/audit_listener_database.xml
2011-11-01 15:11:53,920 [database.DEBUG] database version 3.0
compatible with current 3.0 version 2011-11-01 15:11:53,923
[plugin.DEBUG] load_plugins() names=['httpd_bad_labels',
'allow_saslauthd_read_shadow', 'tftpd_write_content',
'allow_nfsd_anon_write', 'vbetool', 'allow_ypbind',
'httpd_use_cifs', 'file', 'allow_execheap', 'nfs_export_all_rw',
'allow_java_execstack', 'allow_httpd_sys_script_anon_write',
'samba_share', 'filesystem_associate', 'fcron_crond',
'inetd_bind_ports', 'named_write_master_zones', 'qemu_file_image',
'catchall', 'allow_mplayer_execstack', 'httpd_can_sendmail',
'httpd_enable_homedirs', 'wine', 'xen_image',
'secure_mode_policyload', 'allow_execmod', 'disable_ipv6',
'httpd_can_network_connect_db', 'sys_module', 'bind_ports',
'samba_export_all_rw', 'use_samba_home_dirs', 'rsync_data',
'allow_kerberos', 'httpd_ssi_exec', 'mmap_zero', 'global_ssp',
'allow_rsync_anon_write', 'cvs_data', 'allow_ftpd_anon_write',
'device', 'catchall_boolean', 'automount_exec_config', 'leaks',
'setenforce', 'ftpd_is_daemon', 'allow_zebra_write_config',
'firefox', 'nfs_export_all_ro', 'httpd_enable_cgi',
'httpd_tty_comm', 'public_content', 'ftp_home_dir',
'prelink_mislabled', 'allow_execstack', 'spamd_enable_home_dirs',
'sshd_root', 'samba_share_nfs', 'httpd_builtin_scripting',
'allow_ftpd_full_access', 'default', 'allow_ftpd_use_nfs',
'samba_enable_home_dirs', 'restorecon', 'selinuxpolicy',
'pppd_can_insmod', 'allow_daemons_dump_core',
'httpd_write_content', 'allow_httpd_anon_write',
'secure_mode_insmod', 'kernel_modules', 'samba_export_all_ro',
'httpd_enable_ftp_server', 'allow_postfix_local_write_mail_spool',
'execute', 'privoxy_connect_any', 'use_nfs_home_dirs',
'allow_smbd_anon_write', 'sys_resource', 'allow_ftpd_use_cifs',
'connect_ports', 'swapfile', 'httpd_use_nfs',
'httpd_can_network_relay', 'allow_cvs_read_shadow',
'squid_connect_any', 'mounton', 'qemu_blk_image',
'user_tcp_server', 'restore_source_context'] 2011-11-01
15:11:53,923 [plugin.INFO] importing
/usr/share/setroubleshoot/plugins/__init__ as plugins 2011-11-01
15:11:55,114 [avc.DEBUG] Number of Plugins = 90 2011-11-01
15:11:55,116 [communication.DEBUG] parse_socket_address_list:
input='{unix}/var/run/setroubleshoot/setroubleshoot_server'
2011-11-01 15:11:55,117 [communication.DEBUG]
parse_socket_address_list:
{unix}/var/run/setroubleshoot/setroubleshoot_server --
Re: [CentOS] redhat vs centos
On 01/11/11 18:27, Bob Hoffman wrote: David Miller wrote --- You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. --- From what I saw on the redhat site they have also taken away that support/subscription model. They have standard support as minimum, for me it would be 4,000+ or more for my 2 little non-commercial servers...forget it. First option, Desktop Self-support Subscription (1 year) $49: https://www.redhat.com/apps/store/desktop/ First option, Server Self-support Subscription (1 year) $349 https://www.redhat.com/apps/store/server/ A 2 socket virtualization platform is $1,999 giving unlimited virtual guests. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Tue, Nov 1, 2011 at 1:57 PM, Rob Kampen rkam...@kampensonline.com wrote: Tony Mountifield wrote: In article calkwpeyupru5az9xu_d_brjc0m_e9xdlh1t5iub2u8rvrze...@mail.gmail.com, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. Except that the other day, Johnny posted this: I can tell you that we have been contacted by upstream to make sure we **UNDERSTAND** the new AUP restrictions on distribution. I can also tell you that we (CentOS) are doing everything in our power to meet the restrictions as they were explained to us. which sounds like RH making it clear that their changes are aimed at CentOS too. This sounds more like a butt covering exercise by lawyers, remember this all comes from the USA where there are FAR TOO MANY lawyers. To be able to enforce a possible claim under this AUP restriction, they will need to show that those involved with use of the code, under this new clause, understand and have been communicated with...etc. As I said, a butt covering exercise - rather than any expressed attempt at intimidation or enforcement - just my $0.01 worth. I know it's more fun to blame the evil lawyers for everything, but it sounds more like they respect the project and took special effort to reach out and make sure they were aware and fully understood the changes. That is far more likely given the history and widespread usage of CentOS. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/2011 03:50 PM, Brian Mathis wrote: On Tue, Nov 1, 2011 at 1:57 PM, Rob Kampen rkam...@kampensonline.com wrote: Tony Mountifield wrote: In article calkwpeyupru5az9xu_d_brjc0m_e9xdlh1t5iub2u8rvrze...@mail.gmail.com, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. Except that the other day, Johnny posted this: I can tell you that we have been contacted by upstream to make sure we **UNDERSTAND** the new AUP restrictions on distribution. I can also tell you that we (CentOS) are doing everything in our power to meet the restrictions as they were explained to us. which sounds like RH making it clear that their changes are aimed at CentOS too. This sounds more like a butt covering exercise by lawyers, remember this all comes from the USA where there are FAR TOO MANY lawyers. To be able to enforce a possible claim under this AUP restriction, they will need to show that those involved with use of the code, under this new clause, understand and have been communicated with...etc. As I said, a butt covering exercise - rather than any expressed attempt at intimidation or enforcement - just my $0.01 worth. I know it's more fun to blame the evil lawyers for everything, but it sounds more like they respect the project and took special effort to reach out and make sure they were aware and fully understood the changes. That is far more likely given the history and widespread usage of CentOS. I said they made sure we were aware of the AUP and explained what the new AUP meant. I never said anything about anyone being threatening or being threatened. The CentOS Project is very appreciative for the openness of the upstream provider. It has always been our policy to stay within the upstream provider's guidelines and AUP's. We will continue to do so when the guidelines and AUP's change. = We have created the CR repo ... it has not REPLACED updates, it is just an additional repo. Its purpose is to allow us to release the packages that will eventually be in the NEXT point release in stages as we get them done. You can get these changes if you chose ... or you can wait until we get everything done and released as 6.1. We will eventually get a 6.1 release out ... in the meantime, the CR repo will have MOST of the updates (the ones that are done now) while we fix the problem updates. = We provide CentOS as is, to the best of our ability, for your use. If CentOS meets you needs, well then we certainly want you to use it. If you need it faster, or more like RHEL, then we HIGHLY recommend that you just buy RHEL. If Red Hat does not make money from RHEL then they will stop releasing it all together. CentOS can not exist without those sources. I would like to stress that we want you to use RHEL and buy RHN subscriptions for projects that require that kind of support. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux and SETroubleshootd woes in CR
Do you have the allow_httpd_mod_auth_pam boolean turned on? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6wVZgACgkQrlYvE4MpobOg8gCgzbPmuUBJJ20iBhAQnCoTvZVU NfUAoLz5TplWxxflLWscqc7Vc7RHahvj =UYqX -END PGP SIGNATURE- Ah! I did not know about setsebool. It's now not failing on SELinux (at least that I can tell). Now I get this in /var/log/secure... Nov 1 16:08:07 host unix_chkpwd[22541]: check pass; user unknown Nov 1 16:08:07 host unix_chkpwd[22541]: password check failed for user (treydock) Nov 1 16:08:07 host httpd: pam_unix(httpd:auth): authentication failure; logname= uid=48 euid=48 tty= ruser= rhost= user=treydock Nov 1 16:08:07 host httpd: pam_krb5[8049]: error reading keytab 'FILE:/etc/krb5.keytab' Nov 1 16:08:07 host httpd: pam_krb5[8049]: TGT verified Nov 1 16:08:07 host httpd: pam_krb5[8049]: authentication succeeds for 'treydock' (treyd...@tamu.edu) Nov 1 16:08:07 host unix_chkpwd[22545]: could not obtain user info (treydock) The keytab error is expected, because to authenticate with my university's Kerberos system it's without adding my server to the their databases. I have other servers on CentOS 5 and 6 running this just fine, so and right now SELinux is the only difference between them. Also, I'm still concerned I never got an email from setroubleshootd about the denials that are now fixed by using setsebool. Any steps I can take to troubleshoot the problem? Thanks - Trey ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/2011 09:36 PM, Ned Slider wrote: On 01/11/11 18:27, Bob Hoffman wrote: David Miller wrote --- You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. --- From what I saw on the redhat site they have also taken away that support/subscription model. They have standard support as minimum, for me it would be 4,000+ or more for my 2 little non-commercial servers...forget it. First option, Desktop Self-support Subscription (1 year) $49: https://www.redhat.com/apps/store/desktop/ First option, Server Self-support Subscription (1 year) $349 https://www.redhat.com/apps/store/server/ A 2 socket virtualization platform is $1,999 giving unlimited virtual guests. Just to be sure does that mean that for $2000 I can install on one physical system and unlimited guests on that system or does that mean the $2000 are only for the host system with the *ability* to host an unlimited number of guests and I still have to buy a subscription for each individual guest on top of that? Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/2011 06:26 PM, Dennis Jacobfeuerborn wrote: On 11/01/2011 09:36 PM, Ned Slider wrote: On 01/11/11 18:27, Bob Hoffman wrote: David Miller wrote --- You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. --- From what I saw on the redhat site they have also taken away that support/subscription model. They have standard support as minimum, for me it would be 4,000+ or more for my 2 little non-commercial servers...forget it. First option, Desktop Self-support Subscription (1 year) $49: https://www.redhat.com/apps/store/desktop/ First option, Server Self-support Subscription (1 year) $349 https://www.redhat.com/apps/store/server/ A 2 socket virtualization platform is $1,999 giving unlimited virtual guests. Just to be sure does that mean that for $2000 I can install on one physical system and unlimited guests on that system or does that mean the $2000 are only for the host system with the *ability* to host an unlimited number of guests and I still have to buy a subscription for each individual guest on top of that? Regards, Dennis As I understand it, you still need to buy licenses for whatever guest OS you want to create. They are, for all intent and purpose, separate servers. Of course, best would be to ask Red Hat sales directly, or a Red Hat reseller. -- Digimer E-Mail: digi...@alteeve.com Freenode handle: digimer Papers and Projects: http://alteeve.com Node Assassin: http://nodeassassin.org omg my singularity battery is dead again. stupid hawking radiation. - epitron ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
- Original Message - From: Johnny Hughes joh...@centos.org To: centos@centos.org Sent: Tuesday, November 1, 2011 2:12:15 PM Subject: Re: [CentOS] redhat vs centos On 11/01/2011 03:50 PM, Brian Mathis wrote: On Tue, Nov 1, 2011 at 1:57 PM, Rob Kampen rkam...@kampensonline.com wrote: Tony Mountifield wrote: In article calkwpeyupru5az9xu_d_brjc0m_e9xdlh1t5iub2u8rvrze...@mail.gmail.com, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. Except that the other day, Johnny posted this: I can tell you that we have been contacted by upstream to make sure we **UNDERSTAND** the new AUP restrictions on distribution. I can also tell you that we (CentOS) are doing everything in our power to meet the restrictions as they were explained to us. which sounds like RH making it clear that their changes are aimed at CentOS too. This sounds more like a butt covering exercise by lawyers, remember this all comes from the USA where there are FAR TOO MANY lawyers. To be able to enforce a possible claim under this AUP restriction, they will need to show that those involved with use of the code, under this new clause, understand and have been communicated with...etc. As I said, a butt covering exercise - rather than any expressed attempt at intimidation or enforcement - just my $0.01 worth. I know it's more fun to blame the evil lawyers for everything, but it sounds more like they respect the project and took special effort to reach out and make sure they were aware and fully understood the changes. That is far more likely given the history and widespread usage of CentOS. I said they made sure we were aware of the AUP and explained what the new AUP meant. I never said anything about anyone being threatening or being threatened. The CentOS Project is very appreciative for the openness of the upstream provider. It has always been our policy to stay within the upstream provider's guidelines and AUP's. We will continue to do so when the guidelines and AUP's change. = We have created the CR repo ... it has not REPLACED updates, it is just an additional repo. Its purpose is to allow us to release the packages that will eventually be in the NEXT point release in stages as we get them done. You can get these changes if you chose ... or you can wait until we get everything done and released as 6.1. We will eventually get a 6.1 release out ... in the meantime, the CR repo will have MOST of the updates (the ones that are done now) while we fix the problem updates. = My apologies if this has been addressed before. What are the plans if upstream releases 6.2 and CentOS 6.1 has not been released? Will CR just continue to get updates from 6.2? I actually love the CR and if such a scenario occurs would like that the CR to have the latest packages no matter how far behind the official release of CentOS is. We provide CentOS as is, to the best of our ability, for your use. If CentOS meets you needs, well then we certainly want you to use it. If you need it faster, or more like RHEL, then we HIGHLY recommend that you just buy RHEL. If Red Hat does not make money from RHEL then they will stop releasing it all together. CentOS can not exist without those sources. I would like to stress that we want you to use RHEL and buy RHN subscriptions for projects that require that kind of support. I always tell clients to use RHEL for internet facing computers/services so they can get the security patches as soon as they are available. Also use RHEL for mission critical services were they do not have the expertise of deep Linux troubleshooting and need a vendor to lean on. For internal services that should not or does not need immediate security patching use CentOS. As always, I appreciate and thank the CentOS team for providing such a wonderful free tool. David. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/11 3:26 PM, Dennis Jacobfeuerborn wrote: Just to be sure does that mean that for $2000 I can install on one physical system and unlimited guests on that system or does that mean the $2000 are only for the host system with the*ability* to host an unlimited number of guests and I still have to buy a subscription for each individual guest on top of that? afaik, its just the virtualization, not the guest licenses. Red Hat Enterprise Virtualization is priced on a per-managed-socket basis. The subscription includes the license to use Red Hat Enterprise Virtualization Manager for Servers (the management server) and the RHEV-H bare metal hypervisor on each licensed socket. no mention of licensing of guest OS's including RHEL. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux and SETroubleshootd woes in CR
Do you have the allow_httpd_mod_auth_pam boolean turned on? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6wVZgACgkQrlYvE4MpobOg8gCgzbPmuUBJJ20iBhAQnCoTvZVU NfUAoLz5TplWxxflLWscqc7Vc7RHahvj =UYqX -END PGP SIGNATURE- (Accidentally sent as quote ) Ah! I did not know about setsebool. It's now not failing on SELinux (at least that I can tell). Now I get this in /var/log/secure... Nov 1 16:08:07 host unix_chkpwd[22541]: check pass; user unknown Nov 1 16:08:07 host unix_chkpwd[22541]: password check failed for user (treydock) Nov 1 16:08:07 host httpd: pam_unix(httpd:auth): authentication failure; logname= uid=48 euid=48 tty= ruser= rhost= user=treydock Nov 1 16:08:07 host httpd: pam_krb5[8049]: error reading keytab 'FILE:/etc/krb5.keytab' Nov 1 16:08:07 host httpd: pam_krb5[8049]: TGT verified Nov 1 16:08:07 host httpd: pam_krb5[8049]: authentication succeeds for 'treydock' (treyd...@tamu.edu) Nov 1 16:08:07 host unix_chkpwd[22545]: could not obtain user info (treydock) The keytab error is expected, because to authenticate with my university's Kerberos system it's without adding my server to the their databases. I have other servers on CentOS 5 and 6 running this just fine, so and right now SELinux is the only difference between them. Also, I'm still concerned I never got an email from setroubleshootd about the denials that are now fixed by using setsebool. Any steps I can take to troubleshoot the problem? Thanks - Trey ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] VirtualBox on CentOS 6.0?
I have an older quad-core AMD processor that supports hardware virtualization on a motherboard that does not support it in the bios. Eventually I'll swap the mobo out on this box for one that will support hardware virtualization and use qemu-kvm. I prefer kvm because of SELinux and sVirt that protects the host from VM breakout should a VM become hostile. In the meantime, I want to start work on a web project and want to use this idle machine and CentOS 6.0 in a VM. What I prototype and learn will eventually be moved to the production machine using kvm and sVirt. So...I downloaded and installed Virtualbox 4.x but haven't yet had the time to check it out. Any tips/tricks concerning it? Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VirtualBox on CentOS 6.0?
Any tips/tricks concerning it? While I am used to using esx, I am forced to use vb on my wkst at my new gig and can tell you there are age old bugs that have never been resolved with respect to snap shot children not being cleaned up properly and the xml config while having a nice programatic interface is a pain to edit manually. Bottom line, I don't like it at all and find it only moderately stable. Not a fan... jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Wednesday, November 02, 2011 12:47 AM, David Hrbáč wrote: Dne 1.11.2011 17:27, Akemi Yagi napsal(a): Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. Well, there are no other RHEL clones except SL/Centos. We have quite large infrastructure and we want it homogeneous as possible. Because we run a few boxes with IBM, Ora stuff we need certified OSes, certified is only RHEL or SuSE. So we are using RHEL and Centos. We have been running happily and smoothly for a few years with this concept. Because of the lastest issues with CentOS we are really considering moving back to Debian. Ever heard of WBL? :-D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Wed, Nov 02, 2011 at 10:30:57AM +0800, Christopher Chan wrote: On Wednesday, November 02, 2011 12:47 AM, David Hrbáč wrote: Dne 1.11.2011 17:27, Akemi Yagi napsal(a): Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. Well, there are no other RHEL clones except SL/Centos. We have quite large infrastructure and we want it homogeneous as possible. Because we run a few boxes with IBM, Ora stuff we need certified OSes, certified is only RHEL or SuSE. So we are using RHEL and Centos. We have been running happily and smoothly for a few years with this concept. Because of the lastest issues with CentOS we are really considering moving back to Debian. Ever heard of WBL? :-D White Box Linux? Isn't it dead? -- Fred Smith -- fre...@fcshome.stoneham.ma.us - The Lord is like a strong tower. Those who do what is right can run to him for safety. --- Proverbs 18:10 (niv) - ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Wednesday, November 02, 2011 11:47 AM, fred smith wrote: On Wed, Nov 02, 2011 at 10:30:57AM +0800, Christopher Chan wrote: On Wednesday, November 02, 2011 12:47 AM, David Hrbáč wrote: Dne 1.11.2011 17:27, Akemi Yagi napsal(a): Real problem with recent release troubles with CentOS is that some (or many?) are migrating to Ubuntu/Debian rather than to other RHEL clones, which might eventually hurt the entire Red Hat community. Well, there are no other RHEL clones except SL/Centos. We have quite large infrastructure and we want it homogeneous as possible. Because we run a few boxes with IBM, Ora stuff we need certified OSes, certified is only RHEL or SuSE. So we are using RHEL and Centos. We have been running happily and smoothly for a few years with this concept. Because of the lastest issues with CentOS we are really considering moving back to Debian. Ever heard of WBL? :-D White Box Linux? Isn't it dead? Same thought I had when I saw someone on irc say he is using WBL... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 01/11/11 22:26, Dennis Jacobfeuerborn wrote: On 11/01/2011 09:36 PM, Ned Slider wrote: On 01/11/11 18:27, Bob Hoffman wrote: David Miller wrote --- You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. --- From what I saw on the redhat site they have also taken away that support/subscription model. They have standard support as minimum, for me it would be 4,000+ or more for my 2 little non-commercial servers...forget it. First option, Desktop Self-support Subscription (1 year) $49: https://www.redhat.com/apps/store/desktop/ First option, Server Self-support Subscription (1 year) $349 https://www.redhat.com/apps/store/server/ A 2 socket virtualization platform is $1,999 giving unlimited virtual guests. Just to be sure does that mean that for $2000 I can install on one physical system and unlimited guests on that system or does that mean the $2000 are only for the host system with the *ability* to host an unlimited number of guests and I still have to buy a subscription for each individual guest on top of that? Regards, Dennis All I can tell you is that our virtualization licenses allow you to install on 1 host (up to 2 sockets), and on *that* one host you can then install as many RHEL guests as you like and they will all be entitled to updates through RHN without consuming any further entitlements. So unlimited entitled RHEL guests. Obviously if you choose to install guest OSes from other vendors then you will need the appropriate licenses from those vendors. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 02/11/11 05:34, Ned Slider wrote: On 01/11/11 22:26, Dennis Jacobfeuerborn wrote: On 11/01/2011 09:36 PM, Ned Slider wrote: On 01/11/11 18:27, Bob Hoffman wrote: David Miller wrote --- You can go with the self support option. Seeing you are willing to go with CentOS as long as there are timely updates. That tells me you dont really care about getting support from the vendor. You can pick up workstation self support for $50 and server for $350 a year. That means you will get all the updates but just can't call or open tickets with Redhat. The limitations imposed by Redhat for Support they will provide are artificial. Although Redhat says it will only support 2 sockets and x amount of virtual guests you can still do it. --- From what I saw on the redhat site they have also taken away that support/subscription model. They have standard support as minimum, for me it would be 4,000+ or more for my 2 little non-commercial servers...forget it. First option, Desktop Self-support Subscription (1 year) $49: https://www.redhat.com/apps/store/desktop/ First option, Server Self-support Subscription (1 year) $349 https://www.redhat.com/apps/store/server/ A 2 socket virtualization platform is $1,999 giving unlimited virtual guests. Just to be sure does that mean that for $2000 I can install on one physical system and unlimited guests on that system or does that mean the $2000 are only for the host system with the *ability* to host an unlimited number of guests and I still have to buy a subscription for each individual guest on top of that? Regards, Dennis All I can tell you is that our virtualization licenses allow you to install on 1 host (up to 2 sockets), and on *that* one host you can then install as many RHEL guests as you like and they will all be entitled to updates through RHN without consuming any further entitlements. So unlimited entitled RHEL guests. And the item description for the above is called Red Hat Enterprise Linux Advanced Platform if that helps. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/01/11 10:37 PM, Ned Slider wrote: All I can tell you is that our virtualization licenses allow you to install on 1 host (up to 2 sockets), and on*that* one host you can then install as many RHEL guests as you like and they will all be entitled to updates through RHN without consuming any further entitlements. So unlimited entitled RHEL guests. And the item description for the above is called Red Hat Enterprise Linux Advanced Platform if that helps. I don't see anything on their site called Advanced Platform https://www.redhat.com/rhel/purchasing_guide.html ? -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
