Re: [CentOS-docs] http://www.centos.org/docs
On 04/22/2012 07:00 PM, Karanbir Singh wrote: On 04/22/2012 12:38 AM, Ed Heron wrote: Is it possible to export a set of pages from the wiki into a pdf or e-pub format? yes, that should be possible - but would need a bit of coding around it. I am happy to investigate. the good thing about moin is that each page can be loaded into pyhon as an object, and then rendered in various formats. So that might be one route to take. Alternatively the text content is also available in raw format, so that might work too. Having the wiki and docs go to my kindle when they are changed would be pretty cool. Can get noisy though. Just to keep all those interested informed, I sent KB a single document. The main changes to appearance were, logos, colors in css, and wholesale substitution of upstream name to CentOS. Nothing else has changed so the doc is still in quite a questionable state. My first suggestion is to either 1) completely remove the legal preamble and insert a url referring to the original document somewhere at the bottom of the page 2) remove any references to CentOS support. I think once we have agreed to what can and cannot go into one of these documents, I will proceed to generate the remaining ones in the tree. I would suggest that only after this is done, we discuss integrating this into a wiki or converting to other formats. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] http://www.centos.org/docs
On 04/23/2012 11:05 AM, Paul R. (Crunch) wrote: On 04/22/2012 07:00 PM, Karanbir Singh wrote: On 04/22/2012 12:38 AM, Ed Heron wrote: ... documents, I will proceed to generate the remaining ones in the tree. I would suggest that only after this is done, we discuss integrating this into a wiki or converting to other formats. I only suggest this because it might make it easier to make changes on that level once the whole tree is setup and all the links work? ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-es] Configurar YUM
El 21 de abril de 2012 23:39, Alex Irmel Oviedo Solis alleinerw...@gmail.com escribió: Hola, Héctor creo que lo entendiste mal, creo que es suficiente actualizar cache de yum una vez en cada sesión de trabajo no cada vez que metes un comando :-) Claudio, usa la opción -C para que yum busque en el cache local, tu comando quedaría más o menos así: yum -C search paquete , saludos y suerte :-) Muchas Gracias!!! Eso es lo que necesitaba. Saludos. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS] LVM: PV on 2 external USB drives
Hi all, I have a box, until warranty (I may not open it) and 2 external USB hard drives. My perfect solution is to open the box, plug the drives on the SATA slots, and use them. Unfortunately, I'll have to fall back to the cheap solution: I would like to use each external drive as physical volume (PV) and then join them as a VG in order to use a LVM composed by internal drives and the externals. This is not for a very secure storage, just for a low reliability quantity temporary one: I just need it to work for 3-4 weeks with potential power cycles. How to get the USB external drives to be detected in always the same order, so that they always get the same name? /dev/sdX fixed to them? That way, the LVM wont be messed... Thank you. -- RMA. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 live cd?
On 04/22/2012 08:54 PM, Jason Pyeron wrote: It seems that the live cd for 5 is no longer in existence. Is this an oversight or by design? at CentOS-5.8 release time, people thought that it wasent worth doing the C5 livecd anymore since everyone was expected to be using centos-6 now for livecd type things. If someone wants to step up and offer to help maintain the livecd for centos-5, I would be willing to add that into the release files -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On 04/23/2012 09:21 AM, Mihamina Rakotomandimby wrote: How to get the USB external drives to be detected in always the same order, so that they always get the same name? /dev/sdX fixed to them? That way, the LVM wont be messed... Perhaps you can use UUIDs for that like Fedora is already doing. See man uuidgen for more info about a UUID. Assign each USB drive a unique UUID and use those UUIDs (instead of /dev/sdX) in /etc/fstab. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4 repos help me!
On 04/22/2012 08:54 AM, Tony Mountifield wrote: In article 4f9281cb.4050...@hrbac.cz, David Hrbac david-li...@hrbac.cz wrote: Dne 21.4.2012 10:27, Tony Mountifield napsal(a): Except don't change the gpgkey lines, as the keys are still in the original place and haven't moved to vault. (I discovered this just yesterday after finding and applying your excellent sed one-liner). Cheers Tony Tony, I can see the keys on vault. DH Interesting, I can see them now, but they definitely weren't there on Friday, as yum install failed, and so did a wget. In addition, they weren't shown in the list when I browsed to http://vault.centos.org/ But they are there now, so perhaps they have only recently been moved. They have been put there recently ... I am conflicted about making vault easy to use. If we make it too easy to use vault, people will use it and the WILL get hacked. If we make it too hard to use, they will be in even worse shape as they will have older than even the latest updates from vault, which will have more vulnerabilities than the latest vault version. In the end, we have decided to put up a CentOS-Base.repo file and add the keys to vault. Here is a link to the CentOS-4 version of the CentOS-Base.repo file: http://vault.centos.org/4.9/CentOS-Base.repo NOTE: Please upgrade your CentOS machines to supported versions whenever possible ... otherwise it is only a matter of time before someone uses a critical vulnerability to break into your machine. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On 23.4.2012 09:21, Mihamina Rakotomandimby wrote: How to get the USB external drives to be detected in always the same order, so that they always get the same name? /dev/sdX fixed to them? That way, the LVM wont be messed... lvm cares about device names? I always thought lvm works with uuid's internally. -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On 04/23/2012 09:02 AM, Patrick Lists wrote: How to get the USB external drives to be detected in always the same order, so that they always get the same name? /dev/sdX fixed to them? That way, the LVM wont be messed... Perhaps you can use UUIDs for that like Fedora is already doing. See man lvm does that anyway, does it not ? ( or has done in recent memory ) the drive ordering will not matter as long as the bios isnt mapping the usb disk as sda and/or trying to inject them into boot ordering I suspect Mihamina is trying to fix a non-existant problem :) - KB -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On 04/23/2012 01:43 PM, Karanbir Singh wrote: I suspect Mihamina is trying to fix a non-existant problem I'm on the way to buy the external racks (I got the disks), I did not really test... Sorry if inconvenient. -- RMA. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice rpm's vs Centos testing repo
Le ven. 20 avril 2012 19:24:37 CEST, Ljubomir Ljubojevic a écrit: On 03/19/2012 11:28 AM, Philippe Naudin wrote: I am also using a meta-package to ease installation of official *Office. It is far from perfect, because it don't work if I just do yum update openoffice, I have to uninstall openoffice* ooobasis* and then install again openoffice (or libreoffice now). So : me too ;) (I am interested to hear about a better way to install official LibreOffice...) My srpms for meta-package are here: http://rpms.plnet.rs/plnet-centos5-srpms/RPMS.plnet-compiled/ but my rpms also have problems with removing openoffice. Thanks Ljubomir, The problem occurs only when removing openoffice (like in yum remove), or also when updating it ? If it happens only when removing (and this is normal IMHO), it's already a big progress in comparison with my previous attempts. Cheers, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 live cd?
-Original Message- From: Karanbir Singh Sent: Monday, April 23, 2012 3:57 Subject: Re: [CentOS] Centos 5 live cd? On 04/22/2012 08:54 PM, Jason Pyeron wrote: It seems that the live cd for 5 is no longer in existence. Is this an oversight or by design? at CentOS-5.8 release time, people thought that it wasent worth doing the C5 livecd anymore since everyone was expected to be using centos-6 now for livecd type things. Hmmm, I see. I was looking for it since I needed to some extensive offline work on a 5 box before chrooting. If someone wants to step up and offer to help maintain the livecd for centos-5, I would be willing to add that into the release files Given it is unlikely anyone will (I have never made one before and my itch has been scratched with 5.6), how about leaving the 5.6 live cd in the isos directory with the present and future 5.x releases? -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 live cd?
On 04/23/2012 01:03 PM, Jason Pyeron wrote: Given it is unlikely anyone will (I have never made one before and my itch has been scratched with 5.6), how about leaving the 5.6 live cd in the isos directory with the present and future 5.x releases? there is the issue of a rather long SA / BA / EA list that applies to 5.8 content that isnt on there. Plus the hardware and other kernel improvements since 5.6 wont be available... I *suspect* its about a day's worth of work for someone to get the c5 livecd stuff adopted. buildsystems and resources available on request within .centos.org ( well, the to-release stuff would haveto be built in the centos buildsystem anyway ) -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219| Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5 live cd?
On 04/23/2012 07:03 AM, Jason Pyeron wrote: -Original Message- From: Karanbir Singh Sent: Monday, April 23, 2012 3:57 Subject: Re: [CentOS] Centos 5 live cd? On 04/22/2012 08:54 PM, Jason Pyeron wrote: It seems that the live cd for 5 is no longer in existence. Is this an oversight or by design? at CentOS-5.8 release time, people thought that it wasent worth doing the C5 livecd anymore since everyone was expected to be using centos-6 now for livecd type things. Hmmm, I see. I was looking for it since I needed to some extensive offline work on a 5 box before chrooting. If someone wants to step up and offer to help maintain the livecd for centos-5, I would be willing to add that into the release files Given it is unlikely anyone will (I have never made one before and my itch has been scratched with 5.6), how about leaving the 5.6 live cd in the isos directory with the present and future 5.x releases? Vault is specifically for that purpose ... all released CD isos (live or otherwise) are there. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On Mon, 2012-04-23 at 11:43 +0100, Karanbir Singh wrote: On 04/23/2012 09:02 AM, Patrick Lists wrote: How to get the USB external drives to be detected in always the same order, so that they always get the same name? /dev/sdX fixed to them? That way, the LVM wont be messed... Perhaps you can use UUIDs for that like Fedora is already doing. See man lvm does that anyway, does it not ? ( or has done in recent memory ) +1 Each PV is assigned a GUID. And the VG is reassembled dynamically. So don't worry about it. That is just yet another stupid problem LVM eliminates. signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On Mon, 2012-04-23 at 13:06 +0200, Markus Falb wrote: On 23.4.2012 09:21, Mihamina Rakotomandimby wrote: How to get the USB external drives to be detected in always the same order, so that they always get the same name? /dev/sdX fixed to them? That way, the LVM wont be messed... lvm cares about device names? I always thought lvm works with uuid's internally. It does. signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On Monday, April 23, 2012 06:43:12 AM Karanbir Singh wrote: the drive ordering will not matter as long as the bios isnt mapping the usb disk as sda and/or trying to inject them into boot ordering FWIW, and for the archives, we have a Dell Precision 690 that does exactly that. I have a Seagate GoFlex 1TB 2.5 inch drive with both USB and FW800 'dongles' that I use for data interchange between a Macbook and the 690. The drive is partitioned GPT (for the booting of Mac OS X on the Macbook as a recovery system), and has four partitions. If I boot the 690 with this particular drive plugged in, it hangs the 690's BIOS boot completely. Removing the USB boot device from the boot order doesn't help. Don't know why, and haven't tried to more thoroughly determine if it's the EFI partition or the boot code for Mac OS X or what. No splash screen comes up, the BIOS just hangs after AHCI enumeration (the last set of interfaces in the machine). The 690 is normally capable of USB boot; I used my CentOS 6.2 install USB key with my self-generated Dual Layer ISO on it to do the initial installation. Again, FWIW and for the archives in case someone sees something similar with USB bootable devices getting in the way of normal boot. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On 04/20/2012 04:23 PM, Dmitry Cherkasov wrote: On CentOS6 all is fine with KVM right out of the box. Never used XEN so cannot compare. Same here. I would add some LXC pins for quick ehanced chroot, depending on the use case. I think the OP should provide more details: What is benchmarked (Network? HD?...) -- RMA. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
Hi, On Mon, Apr 23, 2012 at 6:29 PM, Mihamina Rakotomandimby miham...@rktmb.org wrote: I would add some LXC pins for quick ehanced chroot, depending on the use case. LXC sounds interesting: are there any yum repositries / RPMs / tutorials for CentOS available? I've been quite happy with Xen under CentOS5. For CentOS6 the situation is a bit more problematic, as RH switched to KVM and left Xen behind. Best, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4 repos help me!
On 04/23/2012 10:32 AM, Lamar Owen wrote: On Monday, April 23, 2012 06:51:36 AM Johnny Hughes wrote: They have been put there recently ... I am conflicted about making vault easy to use. Johnny, speaking of vault, there is a minor issue I see with vault: + rsync rsync://vault.centos.org/ msync.CentOS.org rsync service (centosk5) --- This service is intended for the sole use of the CentOS worldwide mirror network to synchronize mirrors. Unless you are running or intending to run a listed public CentOS mirror use a mirror listed at http://www.CentOS.org/modules/tinycontent/index.php?id=13 If you intend to populate a mirror for public use please read the notes at :- http://www.CentOS.org/modules/tinycontent/index.php?id=15 If you do use this service then it is implied that you are providing a mirror for public use and giving us authority to publicise such mirror. ++ The list referenced is for main CentOS content, not vault. Are there mirrors of vault, and, if not, is it OK to pull a private mirror of portions of vault (Source RPMs, in particular) with rsync, or will such cause the result mentioned in the last paragraph? Rsync is setup on all the vault mirrors ... there are more than 1. (There are currently 4 and one master ... these are in both the US and EU) Here is how to rsync them if you want: rsync vault.centos.org::centos-full-store/ The name is geoip enabled, so you should get machines close to you in the US and EU ... and others (outside the US and EU) will get a US or EU vault mirror. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Latest 6.2 kernel is broken
I just kickstarted a new machine with the latest CentOS 6.2 files, including kernel 2.6.32-220.13.1.el6.x86_64. It came up without network interfaces. dmesg says: bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.2.1 (Dec 18, 2011) alloc irq_desc for 36 on node -1 alloc kstat_irqs on node -1 bnx2 :01:00.0: PCI INT A - GSI 36 (level, low) - IRQ 36 bnx2 :01:00.0: setting latency timer to 64 bnx2 :01:00.0: firmware: requesting bnx2/bnx2-mips-09-6.2.1b.fw bnx2: Can't load firmware file bnx2/bnx2-mips-09-6.2.1b.fw bnx2 :01:00.0: PCI INT A disabled bnx2: probe of :01:00.0 failed with error -2 The firmware file is missing from /lib/firmware and the kernel-firmware rpm. I found a copy of it on a Fedora site and dumped it into the right location, but it wasn't found after a reboot. Yet, it was found after a second reboot. Why is that? Is a rebuild of initramfs triggered somehow? What I don't understand is: I have an identical machine that I installed under 6.2 a while back, and kept up to date, and it doesn't have this problem. However, it tells me it uses version v2.1.11 (July 20, 2011) of the driver, how is that possible? # grep bnx2 /var/log/messages Apr 23 17:10:03 localhost kernel: bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011) Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: PCI INT A - GSI 36 (level, low) - IRQ 36 Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: firmware: requesting bnx2/bnx2-mips-09-6.2.1a.fw Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: firmware: requesting bnx2/bnx2-rv2p-09-6.0.17.fw Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: eth0: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem da00, IRQ 36, node addr 78:2b:cb:67:3f:b6 [...] # modinfo /lib/modules/2.6.32-220.13.1.el6.x86_64/kernel/drivers/net/bnx2.ko filename: /lib/modules/2.6.32-220.13.1.el6.x86_64/kernel/drivers/net/bnx2.ko firmware: bnx2/bnx2-rv2p-09ax-6.0.17.fw firmware: bnx2/bnx2-rv2p-09-6.0.17.fw firmware: bnx2/bnx2-mips-09-6.2.1a.fw firmware: bnx2/bnx2-rv2p-06-6.0.15.fw firmware: bnx2/bnx2-mips-06-6.2.1.fw version:2.1.11 license:GPL description:Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver [...] # lspci -v -s 01:00.1 01:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5716 Gigabit Ethernet (rev 20) Subsystem: Dell PowerEdge R410 BCM5716 Gigabit Ethernet Flags: bus master, fast devsel, latency 0, IRQ 48 Memory at dc00 (64-bit, non-prefetchable) [size=32M] Capabilities: [48] Power Management version 3 Capabilities: [50] Vital Product Data Capabilities: [58] MSI: Enable- Count=1/16 Maskable- 64bit+ Capabilities: [a0] MSI-X: Enable+ Count=9 Masked- Capabilities: [ac] Express Endpoint, MSI 00 Capabilities: [100] Device Serial Number 78-2b-cb-ff-fe-67-3f-b7 Capabilities: [110] Advanced Error Reporting Capabilities: [150] Power Budgeting ? Capabilities: [160] Virtual Channel ? Kernel driver in use: bnx2 Kernel modules: bnx2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On Mon, 23 Apr 2012, Peter Peltonen wrote: I've been quite happy with Xen under CentOS5. For CentOS6 the situation is a bit more problematic, as RH switched to KVM and left Xen behind. I used Xen for about four or five years before switching to KVM. I like KVM better in every way, and for my fork-heavy workloads, the performance is a lot better than Xen. It is also much easier to use and is in my experience more stable. Steve ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest 6.2 kernel is broken
On 04/23/2012 11:54 AM, Lars Hecking wrote: I just kickstarted a new machine with the latest CentOS 6.2 files, including kernel 2.6.32-220.13.1.el6.x86_64. It came up without network interfaces. dmesg says: bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.2.1 (Dec 18, 2011) alloc irq_desc for 36 on node -1 alloc kstat_irqs on node -1 bnx2 :01:00.0: PCI INT A - GSI 36 (level, low) - IRQ 36 bnx2 :01:00.0: setting latency timer to 64 bnx2 :01:00.0: firmware: requesting bnx2/bnx2-mips-09-6.2.1b.fw bnx2: Can't load firmware file bnx2/bnx2-mips-09-6.2.1b.fw bnx2 :01:00.0: PCI INT A disabled bnx2: probe of :01:00.0 failed with error -2 The firmware file is missing from /lib/firmware and the kernel-firmware rpm. I found a copy of it on a Fedora site and dumped it into the right location, but it wasn't found after a reboot. Yet, it was found after a second reboot. Why is that? Is a rebuild of initramfs triggered somehow? What I don't understand is: I have an identical machine that I installed under 6.2 a while back, and kept up to date, and it doesn't have this problem. However, it tells me it uses version v2.1.11 (July 20, 2011) of the driver, how is that possible? # grep bnx2 /var/log/messages Apr 23 17:10:03 localhost kernel: bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011) Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: PCI INT A - GSI 36 (level, low) - IRQ 36 Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: firmware: requesting bnx2/bnx2-mips-09-6.2.1a.fw Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: firmware: requesting bnx2/bnx2-rv2p-09-6.0.17.fw Apr 23 17:10:03 localhost kernel: bnx2 :01:00.0: eth0: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem da00, IRQ 36, node addr 78:2b:cb:67:3f:b6 [...] # modinfo /lib/modules/2.6.32-220.13.1.el6.x86_64/kernel/drivers/net/bnx2.ko filename: /lib/modules/2.6.32-220.13.1.el6.x86_64/kernel/drivers/net/bnx2.ko firmware: bnx2/bnx2-rv2p-09ax-6.0.17.fw firmware: bnx2/bnx2-rv2p-09-6.0.17.fw firmware: bnx2/bnx2-mips-09-6.2.1a.fw firmware: bnx2/bnx2-rv2p-06-6.0.15.fw firmware: bnx2/bnx2-mips-06-6.2.1.fw version:2.1.11 license:GPL description:Broadcom NetXtreme II BCM5706/5708/5709/5716 Driver [...] # lspci -v -s 01:00.1 01:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5716 Gigabit Ethernet (rev 20) Subsystem: Dell PowerEdge R410 BCM5716 Gigabit Ethernet Flags: bus master, fast devsel, latency 0, IRQ 48 Memory at dc00 (64-bit, non-prefetchable) [size=32M] Capabilities: [48] Power Management version 3 Capabilities: [50] Vital Product Data Capabilities: [58] MSI: Enable- Count=1/16 Maskable- 64bit+ Capabilities: [a0] MSI-X: Enable+ Count=9 Masked- Capabilities: [ac] Express Endpoint, MSI 00 Capabilities: [100] Device Serial Number 78-2b-cb-ff-fe-67-3f-b7 Capabilities: [110] Advanced Error Reporting Capabilities: [150] Power Budgeting ? Capabilities: [160] Virtual Channel ? Kernel driver in use: bnx2 Kernel modules: bnx2 There are now new external kernel modules for that: http://lists.centos.org/pipermail/centos-announce/2012-April/018587.html yum install kmod-bnx2 signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Networking issue, C6.2 LiveDVD x86_64
Good afternoon, CentOS list. I am beginning triage of a rather wierd issue I experienced Saturday with CentOS 6.2 LiveDVD, x86_64. I'm posting this information in hope that someone may have seen something similar. I use a USB key with CentOS 6.2 LiveDVD loaded, with an encrypted home filesystem, built using the instructions on the CentOS wiki for a LiveUSB build, and it was built by a CentOS 6.2 x86_64 system with the livecd-iso-to-disk.sh tool. It has worked fine for general usage for a while, now. I began a disk image backup of a Dell Inspiron 1420 laptop Saturday, using dd piped into ssh to a file, on an RHEL6 server (RHEL6.2, i686 dist, fully updated). The command line used on the laptop, booted into the C6 LiveDVD environment, was: dd if=/dev/sda |ssh root@rhel6-server-used.local cat \/opt/backups/sda.img which I have used before, on this specific laptop, without incident, booted into Fedora 14 Security LiveCD 32-bit. Something, however, in this particular combination is creating an issue. After approximately 3MB or so of the image is transferred, no network traffic at all can flow, causing the transfer to hang. And I mean hang, with unresponsive terminals in GNOME, and a non-killable ssh process. It seems to disrupt the server as well, but, like I said, I'm just beginning triage of the problem, so am still gathering data. Now, I booted my trusty Fedora 14 i686 Security Live CD (which boots into LXDE), and the transfer to the same server, using the same cable, same switch, and same hardware all the way around is going smoothly (25GB into a 500GB transfer so far). So I tend to think that it is not a hardware problem. I'm going to next try a CentOS 6.2 LiveUSB using the 32-bit LiveDVD instead of the 64-bit one, hopefully set up as identically as possible to the 64-bit one I've been using, and then see if it's a 32-bit versus 64-bit NIC driver issue or similar. Incidentally, the ethernet device gets a 'p3p1' device name instead of 'eth0.' I'm somewhat concerned by this, since I'm upgrading the laptop in question to CentOS 6.2 as part of this process, so I want to track down the problem so that if I need to install the 32-bit version instead of the 64-bit version I can. So, if anyone has had specific experience with a Dell Inspiron 1420n (came with Ubuntu pre-installed, incidentally) and CentOS 6 64-bit, I'd be interested in hearing it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4 repos help me!
On Monday, April 23, 2012 12:14:22 PM Johnny Hughes wrote: Rsync is setup on all the vault mirrors ... there are more than 1. (There are currently 4 and one master ... these are in both the US and EU) ... Thanks, Johnny. Nice to know the mirror police won't be after me. :-) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4 repos help me!
rsync vault.centos.org::centos-full-store/ This is good news to get the data in a sane way for some special cases. (Yes, I can still see RHEL3 installations, so RHEL4 is not the only version that needs to migrate off.) best regards, Florian La Roche ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cisco AnyConnect on 6.2 32-bit?
Scott Robbins wrote on 04/22/2012 05:53 PM: Do you really need it? I much prefer vpnc. http://home.roadrunner.com/~computertaijutsu/vpnc.html The Cisco client has always (in my less than humble opinion), been pretty bad. I remember one wouldn't work on any smp, another wouldn't work on 64 bit, etc. The EPEL packages work for me to connect to a Cisco VPN: NetworkManager-vpnc.x86_64 1:0.8.0-1.git20100411.el6 epel vpnc.x86_64 0.5.3-4.el6epel Phil ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking issue, C6.2 LiveDVD x86_64
On Monday, April 23, 2012 01:48:59 PM Lamar Owen wrote: ... So, if anyone has had specific experience with a Dell Inspiron 1420n (came with Ubuntu pre-installed, incidentally) and CentOS 6 64-bit, I'd be interested in hearing it. ... Additional information, from the F14 FSL i686 command line: + 09:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5906M Fast Ethernet PCI Express (rev 02) Subsystem: Dell Inspiron 1420 Flags: bus master, fast devsel, latency 0, IRQ 48 Memory at fe5f (64-bit, non-prefetchable) [size=64K] Expansion ROM at ignored [disabled] Capabilities: [48] Power Management version 3 Capabilities: [50] Vital Product Data Capabilities: [58] Vendor Specific Information: Len=78 ? Capabilities: [e8] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [d0] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [13c] Virtual Channel Capabilities: [160] Device Serial Number 00-1c-23-ff-fe-f8-f0-9f Kernel driver in use: tg3 Kernel modules: tg3 + Hmm, tigon III. I'm getting ready to look around, but anyone know of issues with tg3 and the EL6 kernel as shipped in the LiveDVD? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking issue, C6.2 LiveDVD x86_64
On Mon, Apr 23, 2012 at 11:14 AM, Lamar Owen lo...@pari.edu wrote: Additional information, from the F14 FSL i686 command line: + 09:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5906M Fast Ethernet PCI Express (rev 02) Kernel driver in use: tg3 Kernel modules: tg3 + Hmm, tigon III. I'm getting ready to look around, but anyone know of issues with tg3 and the EL6 kernel as shipped in the LiveDVD? There are some known issues. For example: http://bugs.centos.org/view.php?id=5572 http://bugs.centos.org/view.php?id=5650 Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4 repos help me! [OT]
-Original Message- From: Florian La Roche Sent: Monday, April 23, 2012 13:58 rsync vault.centos.org::centos-full-store/ This is good news to get the data in a sane way for some special cases. (Yes, I can still see RHEL3 installations, so We have been migrating a single RHEL3 box for several years. Shoot me now please. RHEL4 is not the only version that needs to migrate off.) best regards, Florian La Roche ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4 repos help me! [OT]
On Monday, April 23, 2012 02:39:10 PM Jason Pyeron wrote: We have been migrating a single RHEL3 box for several years. Shoot me now please. I still have a 'not internet-connected' CentOS 2.1 server for one particular application. Hrmph, I still have a Red Hat Linux 5.2 box in production for a really old application that the client 'just can't live without' (but they are just about finished with an 8 year long migration over to something more modern the problem is that the 'modern' target keeps moving.). The people with the RHL5 box were considering upgrading to CentOS 2.1 for that application (it's a libc5-based binary-only app with no vendor support (vendor's upgrade doesn't support features heavily used by client's app!)). I suggested something completely different, and they've been on-again/off-again migrating to something ever newer looks like they are about 90% of the way there, using a PHP app framework that keeps getting upgrades None of these are internet connected; an RHL5.2 box on the live internet... hmm, might be old enough that current metasploit and script kiddie frameworks may not work. but that's probably a pipe dream ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking issue, C6.2 LiveDVD x86_64
On Monday, April 23, 2012 02:32:56 PM Akemi Yagi wrote: On Mon, Apr 23, 2012 at 11:14 AM, Lamar Owen lo...@pari.edu wrote: Hmm, tigon III. I'm getting ready to look around, but anyone know of issues with tg3 and the EL6 kernel as shipped in the LiveDVD? There are some known issues. For example: http://bugs.centos.org/view.php?id=5572 http://bugs.centos.org/view.php?id=5650 Akemi Thanks for the pointers, Akemi. It seems additionally that this Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=527209 may be the root of this. Going to try a few things, once the dd is finished (not today, in other words). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest 6.2 kernel is broken
There are now new external kernel modules for that: http://lists.centos.org/pipermail/centos-announce/2012-April/018587.html yum install kmod-bnx2 They are all installed. # yum list installed kmod\* Loaded plugins: fastestmirror, kabi, refresh-packagekit, security Loading support for CentOS kernel ABI Cleaning repos: base extras updates Cleaning up Everything Cleaning up list of fastest mirrors Loaded plugins: fastestmirror, kabi, refresh-packagekit, security Loading support for CentOS kernel ABI Determining fastest mirrors base | 3.7 kB 00:00 ... base/primary_db | 4.5 MB 00:00 ... updates | 3.5 kB 00:00 ... updates/primary_db | 2.9 MB 00:00 ... Installed Packages kmod-bnx2.x86_64 2.2.1-1.el6_2 @anaconda-CentOS-201112091719.x86_64/6.2 kmod-bnx2fc.x86_641.0.10-1.el6_2@anaconda-CentOS-201112091719.x86_64/6.2 kmod-bnx2i.x86_64 2.7.2.1-1.el6_2 @anaconda-CentOS-201112091719.x86_64/6.2 kmod-bnx2x.x86_64 1.72.00_0-1.el6_2 @anaconda-CentOS-201112091719.x86_64/6.2 kmod-bnx2x-firmware.x86_64 1.72.00_0-1.el6_2 @anaconda-CentOS-201112091719.x86_64/6.2 kmod-cnic.x86_64 2.5.9-1.el6_2 @anaconda-CentOS-201112091719.x86_64/6.2 kmod-tg3.x86_64 3.119-2.el6_1 @base Loaded plugins: fastestmirror, kabi, refresh-packagekit, security Loading support for CentOS kernel ABI Cleaning repos: base extras updates 0 package files removed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 6.2 Nvidia drivers from elrepo - kmod-nvidia
Hi all, Having issues with the Nvidia drives on Centos 6.2. So after I do yum install kmod-nvidia and rebooting, I get no screen. My errors; /var/log/messages; kernel: NVRM: The NVIDIA GeForce4 MX 4000 GPU installed in this system is kernel: NVRM: supported through the NVIDIA 96.43.xx Legacy drivers. Please kernel: NVRM: visit http://www.nvidia.com/object/unix.html for more kernel: NVRM: information. The 295.40 NVIDIA driver will ignore kernel: NVRM: this GPU. Continuing probe... kernel: NVRM: No NVIDIA graphics adapter found! gdm-binary[2013]: WARNING: GdmDisplay: display lasted 0.548291 seconds gdm-binary[2013]: WARNING: GdmLocalDisplayFactory: maximum number of X display failures reached: check X server log for errors /var/log/Xorg.0.log; [37.145] (EE) NVIDIA: Failed to load the NVIDIA kernel module. Please check your [37.145] (EE) NVIDIA: system's kernel log for additional error messages. [37.145] (II) UnloadModule: nvidia [37.145] (II) Unloading nvidia [37.145] (EE) Failed to load module nvidia (module-specific error, 0) [37.145] (EE) No drivers available. [37.145] Fatal server error: [37.145] no screens found [37.145] I also tried to install the Nvidia driver from there site by first disabling nouveau and running there installer but that one seemed rather unstable. Any ideas? Thanks in adance. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On Apr 23, 2012, at 1:02 PM, Steve Thompson wrote: On Mon, 23 Apr 2012, Peter Peltonen wrote: I've been quite happy with Xen under CentOS5. For CentOS6 the situation is a bit more problematic, as RH switched to KVM and left Xen behind. I used Xen for about four or five years before switching to KVM. I like KVM better in every way, and for my fork-heavy workloads, the performance is a lot better than Xen. It is also much easier to use and is in my experience more stable. Steve I also prefer KVM over Xen, mainly I don;t have to do anything special when maintaining the env. But I haven't notice an improvement over Xen. I really like the fact that the guest OS has a stock kernel, etc.. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6.2 Nvidia drivers from elrepo - kmod-nvidia
On Mon, Apr 23, 2012 at 12:40 PM, aurfalien aurfal...@gmail.com wrote: So after I do yum install kmod-nvidia and rebooting, I get no screen. My errors; /var/log/messages; kernel: NVRM: The NVIDIA GeForce4 MX 4000 GPU installed in this system is kernel: NVRM: supported through the NVIDIA 96.43.xx Legacy drivers. Please kernel: NVRM: visit http://www.nvidia.com/object/unix.html for more kernel: NVRM: information. The 295.40 NVIDIA driver will ignore kernel: NVRM: this GPU. Continuing probe... (snip) Any ideas? Yes. As the error message says ... You need to install the legacy driver (96xx), not the 295.40 NVIDIA driver. Please see: http://elrepo.org/tiki/kmod-nvidia-96xx Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6.2 Nvidia drivers from elrepo - kmod-nvidia
On Apr 23, 2012, at 3:53 PM, Akemi Yagi wrote: On Mon, Apr 23, 2012 at 12:40 PM, aurfalien aurfal...@gmail.com wrote: So after I do yum install kmod-nvidia and rebooting, I get no screen. My errors; /var/log/messages; kernel: NVRM: The NVIDIA GeForce4 MX 4000 GPU installed in this system is kernel: NVRM: supported through the NVIDIA 96.43.xx Legacy drivers. Please kernel: NVRM: visit http://www.nvidia.com/object/unix.html for more kernel: NVRM: information. The 295.40 NVIDIA driver will ignore kernel: NVRM: this GPU. Continuing probe... (snip) Any ideas? Yes. As the error message says ... You need to install the legacy driver (96xx), not the 295.40 NVIDIA driver. Please see: http://elrepo.org/tiki/kmod-nvidia-96xx Akemi Hi Akemi, Yes i did that but a bit unstable. Hoping some one had some insight. Thanks for the reply though, I didn't expect any to be honest. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
Hi, On Mon, Apr 23, 2012 at 10:54 PM, aurfalien aurfal...@gmail.com wrote: I also prefer KVM over Xen, mainly I don;t have to do anything special when maintaining the env. But I haven't notice an improvement over Xen. I really like the fact that the guest OS has a stock kernel, etc.. I do not quite see how Xen requires one to do something special for maintenance? With pygrub you can use the stock kernel with your Xen domUs just fine. I have not seen any issues with stability either, but then again I am running mostly just web and mail servers without really high traffic. But if KVM would offer improvements for performance over Xen, I should perhaps try it out, as sometimes when doing backups and other things that require a lot of disk I/O a better performance could be wished for... Regards, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On Apr 23, 2012, at 4:01 PM, Peter Peltonen wrote: Hi, On Mon, Apr 23, 2012 at 10:54 PM, aurfalien aurfal...@gmail.com wrote: I also prefer KVM over Xen, mainly I don;t have to do anything special when maintaining the env. But I haven't notice an improvement over Xen. I really like the fact that the guest OS has a stock kernel, etc.. I do not quite see how Xen requires one to do something special for maintenance? Regarding Centos 6 there are some extra things to install. Even when I deviated from the included version of Xen in 5, I had to pay special attention. As for stock kernels, you mean HVMs right? I was speaking more about PVMs which is faster and more flexible then HVMs. I never had any issues with Xen other then VGA and USB pass through. But Xen ran well for me. As for convenience, I'm into KVM now, very cool features with pass throughs, graphics etc... - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On Apr 23, 2012, at 4:01 PM, Peter Peltonen wrote: Hi, On Mon, Apr 23, 2012 at 10:54 PM, aurfalien aurfal...@gmail.com wrote: I also prefer KVM over Xen, mainly I don;t have to do anything special when maintaining the env. But I haven't notice an improvement over Xen. I really like the fact that the guest OS has a stock kernel, etc.. I do not quite see how Xen requires one to do something special for maintenance? With pygrub you can use the stock kernel with your Xen domUs just fine. I have not seen any issues with stability either, but then again I am running mostly just web and mail servers without really high traffic. But if KVM would offer improvements for performance over Xen, I should perhaps try it out, as sometimes when doing backups and other things that require a lot of disk I/O a better performance could be wished for... Forgot to add there there are some cool options for increasing disk IO. Load up KVM and check it out. I'm pretty happy with it. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On Mon, Apr 23, 2012 at 11:11 PM, aurfalien aurfal...@gmail.com wrote: As for stock kernels, you mean HVMs right? I was speaking more about PVMs which is faster and more flexible then HVMs. No, with pygrub you can run a stock kernel on a PVM domU: http://wiki.xensource.com/xenwiki/PyGrub I never had any issues with Xen other then VGA and USB pass through. But Xen ran well for me. As for convenience, I'm into KVM now, very cool features with pass throughs, graphics etc... USB pass through has worked fine for me under Xen. Never had the need for graphics for my servers. For desktops I've been happy with Parallels and VirtualBox. But from comments it sounds like KVM is maturing and I should perhaps give it a try. Regards, Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange partitioning problem
Yeah, I just read a thread about it in this mailing list: On 04/18/2012 10:18 AM, John R Pierce wrote: do I need to preboot into a shell or something and use parted before I can install ? I use a bootable CD with gparted to create the GPT partition table and the partitions. After this, I can boot CentOS and install on the created partitions. Mogens Thread is named 3TB system drive partitioning question, from 2 days ago. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe OK, I just used Gparted Live ( http://gparted.sourceforge.net/livecd.php , a very useful distro, by the way) to create a GPT partitioned disk. Then I booted the netinstall for CentOS 6.2 - and it just fails to see the data on that disk! It wants to wipe it clean - apparently, to create an MS-DOS partition on it! How do I get around this now? In short - and this is a question for everybody - how do I install CentOS 6.2 on a GPT partitioned drive, or create a GPT partition as I go? Thanks. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Windows 2008R2 AD, kerberos, NFSv4
Hi, I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it authenticate against our Windows 2008R2 AD server acting as the KDC. (samba/winbind is running ok with idmap config MYCOMPANY: backend = rid so we have identical ids across the servers.) I can mount my test directory fine via NFSv4 *without* the sec=krb5 option. However, once I put the sec=krb5 option in, then I get a mount error: mount.nfs4: Permission denied and rpc.gssd reports: Failed to obtain machine credentials for connection to server The computers have an AD computer account and for the service-principal, I created an AD user account nfsHostname and mapped the UPN e.g. NFS/ hostname.mycompany...@mycompany.tv to it using ktpass. This is the closest post similar to my issue I could find: http://lists.centos.org/pipermail/centos/2010-July/096378.htmlHowever, I'm trying not to run the createupn command via smbutils. Side note: Eventually we will also be using a HDS nas which doesn't provide us with samba net utils (e.g. net ads join createupn) only their proprietary webadmin/cli. When that nas joined our AD domain, it created a computer account with SPNs of HOST/HOSTNAME, HOST/hostname.MYCOMPANY.TV and a UPN of HOST/hostname.mycompany...@mycompany.tv And the HDS nas only wants encryption type: des-cbc-crc:normal. This is why on my test nfs server (nas002), I'm trying to use the same limited commands as I would if I were using the HDS nas. Any suggestions where to look next or get more verbose info from kerberos/KDC or the nfs server? (nothing shows up in either syslog -- plus, I'm not all that familiar with kerberos.) thanks in advance! JA. info: 10.100.1.11 KDC server (Windows 2008 R2, AD) 10.100.1.35 bk001 (nfsv4 client, kernel 2.6.18-194.32.1.el5) 10.100.1.82 nas002 (nfsv4 server, kernel 2.6.18-194.32.1.el5) 10.100.1.99 monitoring server intsalled on both nfsv4 client and server: nfs-utils.x86_64 1.0.9-60.el5 nfs-utils-lib.x86_64 1.0.8-7.9.el5 nfs4-acl-tools.x86_64 0.3.3-3.el5 krb5-workstation.x86_64 1.6.1-70.el5 samba (nas002) 3.3.8-0.52.el5_5.2 samba (bk001) 3.5.10-0.107.el5 [root@bk001 ~]# net ads testjoin Join is OK [root@bk001 ~]# kinit administra...@mycompany.tv Password for administra...@mycompany.tv: [root@bk001 ~]# kinit nfs/nas002.mycompany...@mycompany.tv Password for nfs/nas002.mycompany...@mycompany.tv: [root@bk001 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: nfs/nas002.mycompany...@mycompany.tv Valid starting ExpiresService principal 04/13/12 16:08:51 04/14/12 02:08:51 krbtgt/mycompany...@mycompany.tv renew until 04/16/12 16:08:51 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@bk001 ~]# showmount -e nas002.mycompany.tv Export list for nas002.mycompany.tv: /array gss/krb5,* [root@bk001 ~]# mount -v -t nfs4 -o proto=tcp,sec=krb5 nas002.mycompany.tv:/ /mnt/nfs4test Warning: rpc.idmapd appears not to be running. All uids will be mapped to the nobody uid. Warning: rpc.gssd appears not to be running. mount: pinging: prog 13 vers 4 prot tcp port 2049 mount.nfs4: Permission denied [root@bk001 ~]# ps -elf | egrep 'gss|idmap' 1 S root 2498 1 0 75 0 - 8016 - Apr12 ?00:00:00 rpc.gssd -rrr 1 S root 4575 1 0 76 0 - 14833 - Apr12 ?00:00:00 rpc.idmapd -vvv [root@bk001 ~]# tail /var/log/messages Apr 13 16:09:09 bk001 rpc.idmapd[4575]: New client: 16 Apr 13 16:09:09 bk001 rpc.gssd[2498]: handling krb5 upcall Apr 13 16:09:09 bk001 rpc.idmapd[4575]: New client: 17 Apr 13 16:09:09 bk001 rpc.idmapd[4575]: Opened /var/lib/nfs/rpc_pipefs/nfs/clnt16/idmap Apr 13 16:09:09 bk001 rpc.gssd[2498]: Using keytab file '/etc/krb5.keytab' Apr 13 16:09:09 bk001 rpc.gssd[2498]: WARNING: Failed to obtain machine credentials for connection to server nas002.mycompany.tv Apr 13 16:09:09 bk001 rpc.gssd[2498]: doing error downcall Apr 13 16:09:09 bk001 rpc.idmapd[4575]: Stale client: 16 Apr 13 16:09:09 bk001 rpc.idmapd[4575]: - closed /var/lib/nfs/rpc_pipefs/nfs/clnt16/idmap Apr 13 16:09:09 bk001 rpc.idmapd[4575]: Stale client: 17 Apr 13 16:09:09 bk001 rpc.idmapd[4575]: - closed /var/lib/nfs/rpc_pipefs/nfs/clnt17/idmap Apr 13 16:09:09 bk001 rpc.gssd[2498]: destroying client clnt17 Apr 13 16:09:09 bk001 rpc.gssd[2498]: destroying client clnt16 tshark capture of commands I performed (above): [root@bk001 ~]# cat /var/tmp/tshark_041312-1608.out 366 9.948504 10.100.1.35 - 10.100.1.11 TCP 42564 kerberos [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=86719599 TSER=0 WS=7 367 9.948813 10.100.1.11 - 10.100.1.35 TCP kerberos 42564 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 TSV=396813568 TSER=86719599 368 9.948824 10.100.1.35 - 10.100.1.11 TCP 42564 kerberos [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=86719599 TSER=396813568 369 9.948849 10.100.1.35 - 10.100.1.11 KRB5 AS-REQ 370 9.949976 10.100.1.11 - 10.100.1.35 KRB5 KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED 371
[CentOS] openldap-server 'TLSVerifyClient demand' fails on centos 6.2?
ldapsearch -x -ZZ works fine on clients, when the server side slapd.conf has
'TLSVerifyClient' is set to 'try'. But after I changed that the 'demand' all
clients' ldapsearch -x -ZZ command fails immediately. I run the 'slapd -d3'
at server side too.
It looks like maybe 'ldapsearch -x -zz' didn't send out client certificates,
even though it should with '-ZZ' options -- from ldap.conf manual?
My client side /etc/openldap/ldap.conf is like below:
BASE dc=example,dc=com
URI ldap://ldapmaster.example.com
## working
TLS_CACERT /etc/openldap/myca.crt
TLS_CERT /etc/openldap/ldapclient01.crt
TLS_KEY /etc/openldap/ldapclient01.key
My server side setup is:
## now using my own CA
## and it works!
TLSCACertificateFile /etc/openldap/myca.crt
TLSCertificateFile /etc/openldap/ldapmaster.crt
TLSCertificateKeyFile /etc/openldap/ldapmaster.key
#TLSVerifyClient allow
TLSVerifyClient demand ## testing client TLS keys and my own CA setup,
'demand' failed for ldapsearch
#TLSCipherSuite HIGH:MEDIUM:LOW:+SSLv2
TLSCipherSuite HIGH:MEDIUM:+SSLv2
The logs on server is attahed below as well, Thanks.
...
connection_get(14): got connid=1000
connection_read(14): checking for input on id=1000
TLS: loaded CA certificate file /etc/openldap/myca.crt.
TLS: certificate
[E=ad...@example.com,CN=ldapmaster.example.com,OU=techOps,O=Pegaclouds
Inc.,L=San Mateo,ST=CA,C=US] is valid
tls_read: want=3, got=3
: 16 03 01 ...
tls_read: want=2, got=2
: 00 41 .A
tls_read: want=65, got=65
: 01 00 00 3d 03 01 4f 95 c1 e0 a9 10 22 30 25 4b ...=..O.0%K
0010: f8 da a5 27 64 9e 25 60 35 d0 5c 28 30 74 a8 40 ...'d.%`5.\(0t.@
...
tls_read: want=5 error=Resource temporarily unavailable
connection_get(14): got connid=1000
connection_read(14): checking for input on id=1000
tls_read: want=5, got=5
: 16 03 01 01 0d .
tls_read: want=269, got=269
: 0b 00 00 03 00 00 00 10 00 01 02 01 00 ac 64 b8 ..d.
0010: bd bf 20 46 b8 14 e7 38 9a a1 40 2c 36 3a 78 fa .. F...8..@,6:x.
0020: 8a 12 61 3d e3 5e bf 02 f2 f9 a1 70 4e 7f 4e 11 ..a=.^.pN.N.
0030: cd e6 ba 6d ee 1e 91 95 c7 9f c7 b3 e0 21 ea bb ...m.!..
0040: 11 78 cc 58 c1 b1 37 f4 d5 18 ff 59 ad df 48 52 .x.X..7Y..HR
0050: a7 cd 26 0a fe d8 09 bb 7e 70 16 d2 b7 35 de 9f ...~p...5..
0060: b3 0a ee 1e aa 42 e4 20 ed 8d 2f 31 f2 5d e9 d7 .B. ../1.]..
0070: 82 4c 78 30 48 5d 54 5c cf c2 cc c9 33 31 50 c5 .Lx0H]T\31P.
0080: 56 62 f8 ea dd 34 32 ff a1 81 e3 2f f7 a4 0e 58 Vb...42/...X
0090: ff 84 39 0a fe 74 20 18 a6 ac 18 00 dc 8c 0e fd ..9..t .
00a0: 5d 2e a3 87 4e 0b e8 51 66 85 8a 60 2e b7 01 a2 ]...N..Qf..`
00b0: 4a 5c d9 74 9b 32 04 16 57 2e f2 60 2d 45 3d 30 J\.t.2..W..`-E=0
00c0: e3 39 c9 a3 af 7b 86 4b f0 f0 7e 34 f8 bf cf 4c .9...{.K..~4...L
00d0: 73 57 df e5 11 0a 41 de 7f 78 ed f4 cf 9b e8 10 sWA..x..
00e0: ce 1a b1 73 ff 76 ec ff 23 46 85 24 02 b9 aa 4b ...s.v..#F.$...K
00f0: fe c9 2a c6 06 ff 54 94 25 5d cc 3d de 5b 1d 9f ..*...T.%].=.[..
0100: 03 a1 36 da 3b 69 95 67 21 b5 61 d7 e9 ..6.;i.g!.a..
tls_write: want=7, written=7
: 15 03 01 00 02 02 2a ..*
TLS: error: accept - force handshake failure: errno 11 - moznss error -12285
TLS: can't accept: TLS error -12285:Unable to find the certificate or key
necessary for authentication..
connection_read(14): TLS accept failure error=-1 id=1000, closing
connection_close: conn=1000 sd=14
...
--Robinson
From: Robinson Tiemuqinke hahaha_...@yahoo.com
To: CentOS mailing list centos@centos.org
Sent: Wednesday, November 23, 2011 11:20 AM
Subject: Re: [CentOS] Any ideas?? -- Re: EC2 compatible kernel for centos 6?
I've tried with cr kernel, not it moves much faster but still fails -- fails at
the partition failure, this setup is S3 backed image.
root (hd0)
Filesystem type is ext2fs, using whole disk
kernel /boot/vmlinuz-2.6.32-131.17.1.el6.x86_64 ro root=/dev/sda1 rd_NO_LUKS rd
_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTY
PE=pc KEYTABLE=us crashkernel=auto crashkernel=auto
initrd /boot/initramfs-2.6.32-131.17.1.el6.x86_64.img
close blk: backend at /local/domain/0/backend/vbd/8/2049
close blk: backend at /local/domain/0/backend/vbd/8/2064
close blk: backend at /local/domain/0/backend/vbd/8/2080
close blk: backend at /local/domain/0/backend/vbd/8/2096
close blk: backend at
/local/domain/0/backend/vbd/8/2112
Initializing cgroup subsys cpuset
Initializing cgroup subsys cpu
Linux version 2.6.32-131.17.1.el6.x86_64 (mockbu...@c6b5.bsys.dev.centos.org)
(gcc version 4.4.5 20110214 (Red Hat 4.4.5-6) (GCC) ) #1 SMP Thu Oct 6 19:24:09
BST 2011
Command line: ro root=/dev/sda1 rd_NO_LUKS rd_NO_LVM rd_NO_MD
Re: [CentOS] strange partitioning problem
On 04/23/12 2:34 PM, Boris Epstein wrote: OK, I just used Gparted Live (http://gparted.sourceforge.net/livecd.php , a very useful distro, by the way) to create a GPT partitioned disk. Then I booted the netinstall for CentOS 6.2 - and it just fails to see the data on that disk! It wants to wipe it clean - apparently, to create an MS-DOS partition on it! How do I get around this now? In short - and this is a question for everybody - how do I install CentOS 6.2 on a GPT partitioned drive, or create a GPT partition as I go? I ended up partitioning the system drive MBR and living with a 2TB limit. the system I'm on doesn't support EFI or whatever the new boot standard is, so it can't boot off a GPT disk anyways. I'm loosing 700GB from that first volume but I've got 20 more 3TB drives in this server for data storage, so not a big problem. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Probelm solved -- Re: openldap-server 'TLSVerifyClient demand' fails on centos 6.2?
Found the problem and solved.
I accidently copied the file /etc/openldap/ldap.conf accidently to under /root
account as .ldaprc file and immediately the problem goes away. Read manual
again and found that the tls_cert and tls_key are USER_ONLY option!
So now the problem goes away, and sure I'lll change the TLSVerifyClient option
back to 'try'. It is of no immediate uses if TLS client authentication is only
user-option.
Thanks.
From: Robinson Tiemuqinke hahaha_...@yahoo.com
To: CentOS mailing list centos@centos.org
Sent: Monday, April 23, 2012 2:42 PM
Subject: openldap-server 'TLSVerifyClient demand' fails on centos 6.2?
ldapsearch -x -ZZ works fine on clients, when the server side slapd.conf has
'TLSVerifyClient' is set to 'try'. But after I changed that the 'demand' all
clients' ldapsearch -x -ZZ command fails immediately. I run the 'slapd -d3'
at server side too.
It looks like maybe 'ldapsearch -x -zz' didn't send out client certificates,
even though it should with '-ZZ' options -- from ldap.conf manual?
My client side /etc/openldap/ldap.conf is like below:
BASE dc=example,dc=com
URI ldap://ldapmaster.example.com
## working
TLS_CACERT /etc/openldap/myca.crt
TLS_CERT /etc/openldap/ldapclient01.crt
TLS_KEY
/etc/openldap/ldapclient01.key
My server side setup is:
## now using my own CA
## and it works!
TLSCACertificateFile /etc/openldap/myca.crt
TLSCertificateFile /etc/openldap/ldapmaster.crt
TLSCertificateKeyFile /etc/openldap/ldapmaster.key
#TLSVerifyClient allow
TLSVerifyClient demand ## testing client TLS keys and my own CA setup,
'demand' failed for ldapsearch
#TLSCipherSuite HIGH:MEDIUM:LOW:+SSLv2
TLSCipherSuite HIGH:MEDIUM:+SSLv2
The logs on server is attahed below as well, Thanks.
...
connection_get(14): got connid=1000
connection_read(14): checking for input on id=1000
TLS: loaded CA certificate file /etc/openldap/myca.crt.
TLS: certificate
[E=ad...@example.com,CN=ldapmaster.example.com,OU=techOps,O=Pegaclouds
Inc.,L=San Mateo,ST=CA,C=US] is valid
tls_read: want=3, got=3
: 16 03 01 ...
tls_read: want=2, got=2
: 00 41 .A
tls_read: want=65,
got=65
: 01 00 00 3d 03 01 4f 95 c1 e0 a9 10 22 30 25 4b ...=..O.0%K
0010: f8 da a5 27 64 9e 25 60 35 d0 5c 28 30 74 a8 40 ...'d.%`5.\(0t.@
...
tls_read: want=5 error=Resource temporarily unavailable
connection_get(14): got connid=1000
connection_read(14): checking for input on id=1000
tls_read: want=5, got=5
: 16 03 01 01 0d .
tls_read: want=269, got=269
: 0b 00 00 03 00 00 00 10 00 01 02 01 00 ac 64 b8 ..d.
0010: bd bf 20 46 b8 14 e7 38 9a a1 40 2c 36 3a 78 fa .. F...8..@,6:x.
0020: 8a 12 61 3d e3 5e bf 02 f2 f9
a1 70 4e 7f 4e 11 ..a=.^.pN.N.
0030: cd e6 ba 6d ee 1e 91 95 c7 9f c7 b3 e0 21 ea bb ...m.!..
0040: 11 78 cc 58 c1 b1 37 f4 d5 18 ff 59 ad df 48 52 .x.X..7Y..HR
0050: a7 cd 26 0a fe d8 09 bb 7e 70 16 d2 b7 35 de 9f ...~p...5..
0060: b3 0a ee 1e aa 42 e4 20 ed 8d 2f 31 f2 5d e9 d7 .B. ../1.]..
0070: 82 4c 78 30 48 5d 54 5c cf c2 cc c9 33 31 50 c5 .Lx0H]T\31P.
0080: 56 62 f8 ea dd 34 32 ff a1 81 e3 2f f7 a4 0e 58 Vb...42/...X
0090: ff 84 39 0a fe 74 20 18 a6 ac 18 00 dc 8c 0e fd ..9..t .
00a0: 5d 2e a3 87 4e 0b e8 51 66 85 8a 60 2e b7 01 a2 ]...N..Qf..`
00b0: 4a 5c d9 74 9b 32 04 16 57 2e f2 60 2d 45 3d
30 J\.t.2..W..`-E=0
00c0: e3 39 c9 a3 af 7b 86 4b f0 f0 7e 34 f8 bf cf 4c .9...{.K..~4...L
00d0: 73 57 df e5 11 0a 41 de 7f 78 ed f4 cf 9b e8 10 sWA..x..
00e0: ce 1a b1 73 ff 76 ec ff 23 46 85 24 02 b9 aa 4b ...s.v..#F.$...K
00f0: fe c9 2a c6 06 ff 54 94 25 5d cc 3d de 5b 1d 9f ..*...T.%].=.[..
0100: 03 a1 36 da 3b 69 95 67 21 b5 61 d7 e9 ..6.;i.g!.a..
tls_write: want=7, written=7
: 15 03 01 00 02 02 2a ..*
TLS: error: accept - force handshake failure: errno 11 - moznss error -12285
TLS: can't accept: TLS
error -12285:Unable to find the certificate or key necessary for
authentication..
connection_read(14): TLS accept failure error=-1 id=1000, closing
connection_close: conn=1000 sd=14
...
--Robinson
From: Robinson Tiemuqinke hahaha_...@yahoo.com
To: CentOS mailing list centos@centos.org
Sent: Wednesday, November 23, 2011 11:20 AM
Subject: Re: [CentOS] Any ideas?? -- Re: EC2 compatible kernel for centos 6?
I've tried with cr kernel, not it moves much faster but still fails -- fails at
the partition failure, this setup is S3 backed image.
root (hd0)
Filesystem type is ext2fs, using whole disk
kernel /boot/vmlinuz-2.6.32-131.17.1.el6.x86_64 ro root=/dev/sda1 rd_NO_LUKS rd
_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTY
PE=pc
Re: [CentOS] problems with PV snapshots
On 04/23/2012 03:44 AM, James A. Peltier wrote: | pvs |Found duplicate PV 5ZTDCmWHDH6M04nl58Wyyi3nYG8BOCRo: using | /dev/mapper/mpathl not /dev/mapper/mpathi |PV VG Fmt Attr PSize PFree |/dev/mapper/mpathk NetCluster0 lvm2 a--1.67t 1020.00m | snip HINT: You'll need to generate a new UUID/rename the PV. (pvchange -u) I suggest to first backup original UUID to some file, then change it. It might be needed. -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Probelm solved -- Re: openldap-server 'TLSVerifyClient demand' fails on centos 6.2?
Can't speak with certainty about CentOS6 but assuming that it is using sssd
somewhat like Fedora you need to concentrate on /etc/sssd/sssd.conf and include
ldap_tls_reqcert = never
Note that sssd essentially takes the place of padl tools (/etc/ldap.conf)
Also note that /etc/openldap/ldap.conf is only for openldap cli client tools
such as ldapsearch/ldapmodify/etc.
That's why /root/.ldaprc sort of works for you but it is much more
logical/consistent to configure sssd.conf properly because that is where
daemons should be looking for system configuration information.
Craig
On Apr 23, 2012, at 3:01 PM, Robinson Tiemuqinke wrote:
Found the problem and solved.
I accidently copied the file /etc/openldap/ldap.conf accidently to under
/root account as .ldaprc file and immediately the problem goes away. Read
manual again and found that the tls_cert and tls_key are USER_ONLY option!
So now the problem goes away, and sure I'lll change the TLSVerifyClient
option back to 'try'. It is of no immediate uses if TLS client authentication
is only user-option.
Thanks.
From: Robinson Tiemuqinke hahaha_...@yahoo.com
To: CentOS mailing list centos@centos.org
Sent: Monday, April 23, 2012 2:42 PM
Subject: openldap-server 'TLSVerifyClient demand' fails on centos 6.2?
ldapsearch -x -ZZ works fine on clients, when the server side slapd.conf has
'TLSVerifyClient' is set to 'try'. But after I changed that the 'demand' all
clients' ldapsearch -x -ZZ command fails immediately. I run the 'slapd
-d3' at server side too.
It looks like maybe 'ldapsearch -x -zz' didn't send out client certificates,
even though it should with '-ZZ' options -- from ldap.conf manual?
My client side /etc/openldap/ldap.conf is like below:
BASE dc=example,dc=com
URI ldap://ldapmaster.example.com
## working
TLS_CACERT /etc/openldap/myca.crt
TLS_CERT /etc/openldap/ldapclient01.crt
TLS_KEY
/etc/openldap/ldapclient01.key
My server side setup is:
## now using my own CA
## and it works!
TLSCACertificateFile /etc/openldap/myca.crt
TLSCertificateFile /etc/openldap/ldapmaster.crt
TLSCertificateKeyFile /etc/openldap/ldapmaster.key
#TLSVerifyClient allow
TLSVerifyClient demand ## testing client TLS keys and my own CA setup,
'demand' failed for ldapsearch
#TLSCipherSuite HIGH:MEDIUM:LOW:+SSLv2
TLSCipherSuite HIGH:MEDIUM:+SSLv2
The logs on server is attahed below as well, Thanks.
...
connection_get(14): got connid=1000
connection_read(14): checking for input on id=1000
TLS: loaded CA certificate file /etc/openldap/myca.crt.
TLS: certificate
[E=ad...@example.com,CN=ldapmaster.example.com,OU=techOps,O=Pegaclouds
Inc.,L=San Mateo,ST=CA,C=US] is valid
tls_read: want=3, got=3
: 16 03 01 ...
tls_read: want=2, got=2
: 00 41 .A
tls_read: want=65,
got=65
: 01 00 00 3d 03 01 4f 95 c1 e0 a9 10 22 30 25 4b ...=..O.0%K
0010: f8 da a5 27 64 9e 25 60 35 d0 5c 28 30 74 a8 40 ...'d.%`5.\(0t.@
...
tls_read: want=5 error=Resource temporarily unavailable
connection_get(14): got connid=1000
connection_read(14): checking for input on id=1000
tls_read: want=5, got=5
: 16 03 01 01 0d .
tls_read: want=269, got=269
: 0b 00 00 03 00 00 00 10 00 01 02 01 00 ac 64 b8 ..d.
0010: bd bf 20 46 b8 14 e7 38 9a a1 40 2c 36 3a 78 fa .. F...8..@,6:x.
0020: 8a 12 61 3d e3 5e bf 02 f2 f9
a1 70 4e 7f 4e 11 ..a=.^.pN.N.
0030: cd e6 ba 6d ee 1e 91 95 c7 9f c7 b3 e0 21 ea bb ...m.!..
0040: 11 78 cc 58 c1 b1 37 f4 d5 18 ff 59 ad df 48 52 .x.X..7Y..HR
0050: a7 cd 26 0a fe d8 09 bb 7e 70 16 d2 b7 35 de 9f ...~p...5..
0060: b3 0a ee 1e aa 42 e4 20 ed 8d 2f 31 f2 5d e9 d7 .B. ../1.]..
0070: 82 4c 78 30 48 5d 54 5c cf c2 cc c9 33 31 50 c5 .Lx0H]T\31P.
0080: 56 62 f8 ea dd 34 32 ff a1 81 e3 2f f7 a4 0e 58 Vb...42/...X
0090: ff 84 39 0a fe 74 20 18 a6 ac 18 00 dc 8c 0e fd ..9..t .
00a0: 5d 2e a3 87 4e 0b e8 51 66 85 8a 60 2e b7 01 a2 ]...N..Qf..`
00b0: 4a 5c d9 74 9b 32 04 16 57 2e f2 60 2d 45 3d
30 J\.t.2..W..`-E=0
00c0: e3 39 c9 a3 af 7b 86 4b f0 f0 7e 34 f8 bf cf 4c .9...{.K..~4...L
00d0: 73 57 df e5 11 0a 41 de 7f 78 ed f4 cf 9b e8 10 sWA..x..
00e0: ce 1a b1 73 ff 76 ec ff 23 46 85 24 02 b9 aa 4b ...s.v..#F.$...K
00f0: fe c9 2a c6 06 ff 54 94 25 5d cc 3d de 5b 1d 9f ..*...T.%].=.[..
0100: 03 a1 36 da 3b 69 95 67 21 b5 61 d7 e9..6.;i.g!.a..
tls_write: want=7, written=7
: 15 03 01 00 02 02 2a ..*
TLS: error: accept - force handshake failure: errno 11 - moznss error -12285
TLS: can't accept: TLS
error -12285:Unable to find the certificate or key necessary for
Re: [CentOS] Windows 2008R2 AD, kerberos, NFSv4
Please provide your smb.conf and krb5.conf files as well. BTW: the createupn is not required on Win2K8R2 as this credential is passed now (according to MS) - Original Message - | Hi, | | I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it | authenticate against our Windows 2008R2 AD server acting as the KDC. | (samba/winbind is running ok with idmap config MYCOMPANY: backend = | rid | so we have identical ids across the servers.) | | I can mount my test directory fine via NFSv4 *without* the sec=krb5 | option. | However, once I put the sec=krb5 option in, then I get a mount | error: | mount.nfs4: Permission denied and rpc.gssd reports: Failed to | obtain | machine credentials for connection to server | | The computers have an AD computer account and for the | service-principal, I | created an AD user account nfsHostname and mapped the UPN e.g. NFS/ | hostname.mycompany...@mycompany.tv to it using ktpass. | | This is the closest post similar to my issue I could find: | http://lists.centos.org/pipermail/centos/2010-July/096378.html |However, | I'm trying not to run the createupn command via smbutils. | Side note: | Eventually we will also be using a HDS nas which doesn't provide us | with | samba net utils (e.g. net ads join createupn) only their proprietary | webadmin/cli. When that nas joined our AD domain, it created a | computer | account with SPNs of HOST/HOSTNAME, HOST/hostname.MYCOMPANY.TV and a | UPN of | HOST/hostname.mycompany...@mycompany.tv And the HDS nas only wants | encryption type: des-cbc-crc:normal. This is why on my test nfs | server | (nas002), I'm trying to use the same limited commands as I would if I | were | using the HDS nas. | | Any suggestions where to look next or get more verbose info from | kerberos/KDC or the nfs server? (nothing shows up in either syslog | -- | plus, I'm not all that familiar with kerberos.) | | thanks in advance! | JA. | | | | info: | 10.100.1.11 KDC server (Windows 2008 R2, AD) | 10.100.1.35 bk001 (nfsv4 client, kernel 2.6.18-194.32.1.el5) | 10.100.1.82 nas002 (nfsv4 server, kernel 2.6.18-194.32.1.el5) | 10.100.1.99 monitoring server | | intsalled on both nfsv4 client and server: | nfs-utils.x86_64 1.0.9-60.el5 | nfs-utils-lib.x86_64 1.0.8-7.9.el5 | nfs4-acl-tools.x86_64 0.3.3-3.el5 | krb5-workstation.x86_64 1.6.1-70.el5 | samba (nas002) 3.3.8-0.52.el5_5.2 | samba (bk001) 3.5.10-0.107.el5 | | | | [root@bk001 ~]# net ads testjoin | Join is OK | | [root@bk001 ~]# kinit administra...@mycompany.tv | Password for administra...@mycompany.tv: | | [root@bk001 ~]# kinit nfs/nas002.mycompany...@mycompany.tv | Password for nfs/nas002.mycompany...@mycompany.tv: | | [root@bk001 ~]# klist | Ticket cache: FILE:/tmp/krb5cc_0 | Default principal: nfs/nas002.mycompany...@mycompany.tv | | Valid starting ExpiresService principal | 04/13/12 16:08:51 04/14/12 02:08:51 | krbtgt/mycompany...@mycompany.tv | renew until 04/16/12 16:08:51 | | | Kerberos 4 ticket cache: /tmp/tkt0 | klist: You have no tickets cached | | | [root@bk001 ~]# showmount -e nas002.mycompany.tv | Export list for nas002.mycompany.tv: | /array gss/krb5,* | | | [root@bk001 ~]# mount -v -t nfs4 -o proto=tcp,sec=krb5 | nas002.mycompany.tv:/ | /mnt/nfs4test | Warning: rpc.idmapd appears not to be running. | All uids will be mapped to the nobody uid. | Warning: rpc.gssd appears not to be running. | mount: pinging: prog 13 vers 4 prot tcp port 2049 | mount.nfs4: Permission denied | | [root@bk001 ~]# ps -elf | egrep 'gss|idmap' | 1 S root 2498 1 0 75 0 - 8016 - Apr12 ? |00:00:00 | rpc.gssd -rrr | 1 S root 4575 1 0 76 0 - 14833 - Apr12 ? |00:00:00 | rpc.idmapd -vvv | | | [root@bk001 ~]# tail /var/log/messages | Apr 13 16:09:09 bk001 rpc.idmapd[4575]: New client: 16 | Apr 13 16:09:09 bk001 rpc.gssd[2498]: handling krb5 upcall | Apr 13 16:09:09 bk001 rpc.idmapd[4575]: New client: 17 | Apr 13 16:09:09 bk001 rpc.idmapd[4575]: Opened | /var/lib/nfs/rpc_pipefs/nfs/clnt16/idmap | Apr 13 16:09:09 bk001 rpc.gssd[2498]: Using keytab file | '/etc/krb5.keytab' | Apr 13 16:09:09 bk001 rpc.gssd[2498]: WARNING: Failed to obtain | machine | credentials for connection to server nas002.mycompany.tv | Apr 13 16:09:09 bk001 rpc.gssd[2498]: doing error downcall | Apr 13 16:09:09 bk001 rpc.idmapd[4575]: Stale client: 16 | Apr 13 16:09:09 bk001 rpc.idmapd[4575]: - closed | /var/lib/nfs/rpc_pipefs/nfs/clnt16/idmap | Apr 13 16:09:09 bk001 rpc.idmapd[4575]: Stale client: 17 | Apr 13 16:09:09 bk001 rpc.idmapd[4575]: - closed | /var/lib/nfs/rpc_pipefs/nfs/clnt17/idmap | Apr 13 16:09:09 bk001 rpc.gssd[2498]: destroying client clnt17 | Apr 13 16:09:09 bk001 rpc.gssd[2498]: destroying client clnt16 | | | | tshark capture of commands I performed (above): | [root@bk001 ~]# cat /var/tmp/tshark_041312-1608.out | 366 9.948504 10.100.1.35 - 10.100.1.11 TCP 42564 kerberos | [SYN]
Re: [CentOS] Cisco AnyConnect on 6.2 32-bit?
On Mon, Apr 23, 2012 at 02:14:19PM -0400, Phil Schaffner wrote: Scott Robbins wrote on 04/22/2012 05:53 PM: Do you really need it? I much prefer vpnc. http://home.roadrunner.com/~computertaijutsu/vpnc.html The Cisco client has always (in my less than humble opinion), been pretty bad. I remember one wouldn't work on any smp, another wouldn't work on 64 bit, etc. The EPEL packages work for me to connect to a Cisco VPN: NetworkManager-vpnc.x86_64 1:0.8.0-1.git20100411.el6 epel vpnc.x86_64 0.5.3-4.el6epel Yeah, vpnc works perfectly and almost always has for me. The one I mean is the one provided by Cisco. Sorry, I probably wasn't clear. To be fair though, I haven't tried a Cisco client (that is, from Cisco), in a couple of years, at least, vpnc does a perfect job for me. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6.2 Nvidia drivers from elrepo - kmod-nvidia
On 23/04/12 21:00, aurfalien wrote: On Apr 23, 2012, at 3:53 PM, Akemi Yagi wrote: On Mon, Apr 23, 2012 at 12:40 PM, aurfalienaurfal...@gmail.com wrote: So after I do yum install kmod-nvidia and rebooting, I get no screen. My errors; /var/log/messages; kernel: NVRM: The NVIDIA GeForce4 MX 4000 GPU installed in this system is kernel: NVRM: supported through the NVIDIA 96.43.xx Legacy drivers. Please kernel: NVRM: visit http://www.nvidia.com/object/unix.html for more kernel: NVRM: information. The 295.40 NVIDIA driver will ignore kernel: NVRM: this GPU. Continuing probe... (snip) Any ideas? Yes. As the error message says ... You need to install the legacy driver (96xx), not the 295.40 NVIDIA driver. Please see: http://elrepo.org/tiki/kmod-nvidia-96xx Akemi Hi Akemi, Yes i did that but a bit unstable. Hoping some one had some insight. Thanks for the reply though, I didn't expect any to be honest. - aurf Can you be more specific? What do you mean by a bit unstable? kmod-nvidia-96xx is still in the testing repo because no one has yet confirmed the package works at all. If it's a driver related issue then you should report it to NVIDIA here attaching the appropriate nvidia-bug-report.log file: http://www.nvnews.net/vbulletin/showthread.php?t=46678 and if it's a packaging issue you should report it here: http://elrepo.org/bugs Hope that helps. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6.2 Nvidia drivers from elrepo - kmod-nvidia
On Apr 23, 2012, at 3:53 PM, Akemi Yagi wrote: On Mon, Apr 23, 2012 at 12:40 PM, aurfalien aurfal...@gmail.com wrote: So after I do yum install kmod-nvidia and rebooting, I get no screen. My errors; /var/log/messages; kernel: NVRM: The NVIDIA GeForce4 MX 4000 GPU installed in this system is kernel: NVRM: supported through the NVIDIA 96.43.xx Legacy drivers. Please kernel: NVRM: visit http://www.nvidia.com/object/unix.html for more kernel: NVRM: information. The 295.40 NVIDIA driver will ignore kernel: NVRM: this GPU. Continuing probe... (snip) Any ideas? Yes. As the error message says ... You need to install the legacy driver (96xx), not the 295.40 NVIDIA driver. Please see: http://elrepo.org/tiki/kmod-nvidia-96xx Wait, this is brilliant! Re read your post, awesome man thanks, worked well. Thanks man. - aurf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange partitioning problem
On 04/23/2012 11:44 PM, John R Pierce wrote: On 04/23/12 2:34 PM, Boris Epstein wrote: OK, I just used Gparted Live (http://gparted.sourceforge.net/livecd.php , a very useful distro, by the way) to create a GPT partitioned disk. Then I booted the netinstall for CentOS 6.2 - and it just fails to see the data on that disk! It wants to wipe it clean - apparently, to create an MS-DOS partition on it! How do I get around this now? In short - and this is a question for everybody - how do I install CentOS 6.2 on a GPT partitioned drive, or create a GPT partition as I go? I ended up partitioning the system drive MBR and living with a 2TB limit. the system I'm on doesn't support EFI or whatever the new boot standard is, so it can't boot off a GPT disk anyways. I'm loosing 700GB from that first volume but I've got 20 more 3TB drives in this server for data storage, so not a big problem. You could use LVM. Just create 2TB partitions and use them as physical volumes for a large volume group. Then just create one big logical volume from that volume group. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On 04/23/2012 10:11 PM, aurfalien wrote: On Apr 23, 2012, at 4:01 PM, Peter Peltonen wrote: Hi, On Mon, Apr 23, 2012 at 10:54 PM, aurfalien aurfal...@gmail.com wrote: I also prefer KVM over Xen, mainly I don;t have to do anything special when maintaining the env. But I haven't notice an improvement over Xen. I really like the fact that the guest OS has a stock kernel, etc.. I do not quite see how Xen requires one to do something special for maintenance? Regarding Centos 6 there are some extra things to install. Even when I deviated from the included version of Xen in 5, I had to pay special attention. As for stock kernels, you mean HVMs right? I was speaking more about PVMs which is faster and more flexible then HVMs. The PVM/HVM distinction isn't really that relevant any more on modern hardware and modern hypervisors since most of the overhead is eliminated with hardware features (Nested Page Tables, etc.) and special guest drivers. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange partitioning problem
On Mon, Apr 23, 2012 at 7:56 PM, Dennis Jacobfeuerborn denni...@conversis.de wrote: On 04/23/2012 11:44 PM, John R Pierce wrote: On 04/23/12 2:34 PM, Boris Epstein wrote: OK, I just used Gparted Live (http://gparted.sourceforge.net/livecd.php , a very useful distro, by the way) to create a GPT partitioned disk. Then I booted the netinstall for CentOS 6.2 - and it just fails to see the data on that disk! It wants to wipe it clean - apparently, to create an MS-DOS partition on it! How do I get around this now? In short - and this is a question for everybody - how do I install CentOS 6.2 on a GPT partitioned drive, or create a GPT partition as I go? I ended up partitioning the system drive MBR and living with a 2TB limit. the system I'm on doesn't support EFI or whatever the new boot standard is, so it can't boot off a GPT disk anyways. I'm loosing 700GB from that first volume but I've got 20 more 3TB drives in this server for data storage, so not a big problem. You could use LVM. Just create 2TB partitions and use them as physical volumes for a large volume group. Then just create one big logical volume from that volume group. Regards, Dennis ___ Dennis, Thanks! The controller I've got (I believe it is a 3Ware 9000 series) - I think that controller does not allow you to create hardware slices on top of a RAID'ed disk (volume). But that is a good idea in general. I used that approach on a couple of HP Proliant servers and that worked. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On 04/23/12 5:12 PM, Dennis Jacobfeuerborn wrote: The PVM/HVM distinction isn't really that relevant any more on modern hardware and modern hypervisors since most of the overhead is eliminated with hardware features (Nested Page Tables, etc.) and special guest drivers. special guest drivers is pretty much what paravirtualization is about. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange partitioning problem
On 04/23/12 5:33 PM, Boris Epstein wrote: Thanks! The controller I've got (I believe it is a 3Ware 9000 series) - I think that controller does not allow you to create hardware slices on top of a RAID'ed disk (volume). But that is a good idea in general. I used that approach on a couple of HP Proliant servers and that worked. really? I've never run into ANY sort of hardware raid that had any such restrictions. I've not used the 3ware stuff, but I've used lots of LSI Logic raid (9260-8i, etc), HP SmartArray stuff (p410, etc), Dell PERC stuff, etc etc. anyways, I'm dealing with a pair of single 3TB (2.78 TiB) drives in a mdraid mirror here as the system disk. On 04/23/12 4:56 PM, Dennis Jacobfeuerborn wrote: You could use LVM. Just create 2TB partitions and use them as physical volumes for a large volume group. Then just create one big logical volume from that volume group. um, LVM can't see over 2TB of the drive either, unless its formatted GPT, whereupon it can't be used as a boot device on a non-EFI system. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange partitioning problem
On 04/24/2012 03:20 AM, John R Pierce wrote: On 04/23/12 5:33 PM, Boris Epstein wrote: Thanks! The controller I've got (I believe it is a 3Ware 9000 series) - I think that controller does not allow you to create hardware slices on top of a RAID'ed disk (volume). But that is a good idea in general. I used that approach on a couple of HP Proliant servers and that worked. really? I've never run into ANY sort of hardware raid that had any such restrictions. I've not used the 3ware stuff, but I've used lots of LSI Logic raid (9260-8i, etc), HP SmartArray stuff (p410, etc), Dell PERC stuff, etc etc. anyways, I'm dealing with a pair of single 3TB (2.78 TiB) drives in a mdraid mirror here as the system disk. On 04/23/12 4:56 PM, Dennis Jacobfeuerborn wrote: You could use LVM. Just create 2TB partitions and use them as physical volumes for a large volume group. Then just create one big logical volume from that volume group. um, LVM can't see over 2TB of the drive either, unless its formatted GPT, whereupon it can't be used as a boot device on a non-EFI system. The idea is to create multiple 2TB partitions. In one specific case I set up a 4TB System by creating a 1G boot volume and 3.99T system volume. Then I created two 2T partitions on the system volume, formatted them as physical volumes and added them to the main volume group. Then you can create a 4T logical volume if you like. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange partitioning problem
On 04/23/12 8:31 PM, Dennis Jacobfeuerborn wrote: um, LVM can't see over 2TB of the drive either, unless its formatted GPT, whereupon it can't be used as a boot device on a non-EFI system. The idea is to create multiple 2TB partitions. In one specific case I set up a 4TB System by creating a 1G boot volume and 3.99T system volume. Then I created two 2T partitions on the system volume, formatted them as physical volumes and added them to the main volume group. Then you can create a 4T logical volume if you like. how do I create two disks from one 3TB JBOD ? -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XEN or KVM - performance/stability/security?
On 04/24/2012 03:08 AM, John R Pierce wrote: On 04/23/12 5:12 PM, Dennis Jacobfeuerborn wrote: The PVM/HVM distinction isn't really that relevant any more on modern hardware and modern hypervisors since most of the overhead is eliminated with hardware features (Nested Page Tables, etc.) and special guest drivers. special guest drivers is pretty much what paravirtualization is about. Exactly, but only since CPU got hardware extensions for virtualization. Before that the CPU could also be paravirtualized and that made a significant difference in performance. With that advantage gone though the old distinction between a PVM guest and HVM guest doesn't really matter that much any more (virt-manager asks you which of the two you want to install for example). Now you only have a guest that may or may not run certain paravirtualized drivers. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
