Re: [CentOS] centos as a firewall help
On 12/31/2010 10:40 AM, Ryan Wagoner wrote: > On Fri, Dec 31, 2010 at 10:19 AM, Roland RoLaNd > wrote: >> Secondly, i'm trying to setup a centos 5.4 to act as: >> >> 1. firewall # can you check my config below and tell me if i missed anything? >> 2. DHCP # already configured >> 3. transparent squid proxy # already configured >> 4. http (virtual hosts) # in the near future >> 5. squirrelmail # in the near future >> >> - Relevant info: >> >> Two NICs: >> >> eth0 LAN: with dhcp service: 192.168.57.1(255.255.255.0) # my lan users are >> connected to this interface >> eth1 WAN: static: 172.16.2.14 gw/172.16.2.13 (255.255.255.248) # My isp is >> connected to this interface >> >> I want my firewall to do the following: >> >> 1. get my box to be completely secure from outside access, in other words >> deny all access from the outside world to my box&/or my LAN >> 2. allow my LAN users to access the internet/ box without any restrictions, >> through a transparent squid installation > So you are only allowing http and https transparently through squid? > The reason I ask is you only showed the firewall rules not the nat > table. Otherwise you need to setup nat masquerading to allow other > connections out. > > Have you though of virtualizing your firewall with a purpose built > distribution like Vyatta or pfSense? I have taken this approach with > my setup. I find it makes updates easy and provides better uptime. I'm > running everything on ESXi and have a handful of virtual machines. > > - Vyatta Firewall > - CentOS 5.5 Web Server and MySQL > - CentOS 5.5 Zimbra Email > - CentOS 5.5 DHCP and DNS > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Smoothwall is another option, though not based on Centos. Very easy to configure. Vyatta is a bit more work to configure. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] High Availability and Storage Cluster
On 2/9/2011 7:04 PM, Rajagopal Swaminathan wrote: > Greetings, > > On 2/9/11, Denis Zaharov wrote: >> Dear mailing list members, >> >> There are two servers with CentOS 5.5 installed. >> The servers are working with Zabbix (monitoring system for traffic, >> using a MySQL), wiki and RT (all are using Apache). >> If one server will have became not available then necessary start these >> services on another server with replication of data. >> >> Can I use the Red Hat Cluster Suite for it at CentOS? > Assuming all the application uses Single instance mysql or apache > service, Yes. For multiple instances though, you need to check > further. > > You may lose a sessions during the transition, I am not too sure. > Again depends how application handles it. Don't know. > >> Also I heard about Heartbeat and DRBD. Maybe it is what I need? >> > Well, if you want HA filesystem too, then GFS on top CLVM on top of > DRBD makes sense. > > But DRBD HA should be simpler for two node. > > Adding couple of NIC and bonding them will help further the high availability > > However, ir you plan to add more nodes to this cluster, then consider > RHCS as that would supprt 16 nodes IIRC. > > And oh, RHCS requires good working fencing -- power or management port > and/or storage. Don't leave home without it! > Also remember that Zabbix will only allow you to specify ONE server address in the client config. You can use heartbeat to handle the VIP (Virtual IP) failover, drbd, mysql and apache. Ryan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't download large files
If someone already mentioned this my apologies... Use 'ifconfig ethX' to display adapter stats. Look for TX and RX errors. Another problem could be faulty RAM. Try memtest. Ryan Manikowski | System Administrator :703.677.8499: ryan.manikow...@2ergo.com 2ergo – Digital leaders in a mobile world Mobile Excellence Award - Best Innovator Mobile Star Award - Best Enterprise Mobile Web Publishing Solution Webby Awards - Official Honoree for Best Mobile News Site Deloitte Fast 50 - Fastest Growing Technology Companies in the UK GSMA - GSMA Mobile Innovation Award Finalist Vodafone - Vodafone Innovation Award * Email confidentiality notice * This message (including attachments) is confidential and may be legally privileged. The content and views expressed are those of the sender and not necessarily the 2ergo Group. If you are not the intended recipient, you must not disclose, copy or use any part of it. Please delete all copies immediately and notify the sender. Giovanni P. Tirloni wrote: > On Oct 9, 2009, at 3:34 PM, David Suhendrik wrote: > >> When I tried to shutdown iptables and download again still after 4.1 >> GB, >> download can't continue and file unusable... >> > > Try to strace wget and see what you get. > > -Giovanni > > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redundant ldap - client config
On 6/4/2010 3:09 PM, Paul Heinlein wrote: > On Fri, 4 Jun 2010, aurfal...@gmail.com wrote: > > >> Hi all, >> >> I have a few ldap servers slaved to a primary via syncrepl, all is well. >> >> I've set my clients to auth against a few and there /etc/ldap.conf >> looks like so; >> >> uri ldap://primary.domain.com ldap://secondary.domain.com >> >> However when either primary or slaves go down, while the clients can >> log in, access is very slow, ls of any dir is painful. >> > I've had less than good luck using the "uri" directive with redundant > servers. I think that "host" is deprecated, but it's worked better for > me. I also decrease some timelimit settings. > > - %< - > host ldap1.domain ldap2.domain > bind_timelimit 30 > idle_timelimit 120 > timelimit 30 > - %< - > > Decreasing 'timelimit' in ldap.conf will help. Enabling nscd for caching and setting sane dns timeout values in /etc/resolv.conf is recommended as well. Ryan Manikowski ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] One server not showing SSH port, the other is.
On 10/11/2010 7:44 PM, Joseph L. Casale wrote: > >> Specifically, how can I hide the port that SSH is running on? >> I'm sorry that I cannot provide the IP addresses, the owner of the servers >> doesn't want that! I also know how silly it is to do "stealth" >> ports but I'm not the one making the decision! One method to obscure the presence of the ssh daemon would be to use port knocking: http://dotancohen.com/howto/portknocking.html Honestly (and this is mere opinion), the other person (who wants to hide ssh-the owner) is being paranoid. Use strong passwords, run ssh on an alternate port, don't expose unneeded services to the outside world, and install something like fail2ban to block ssh attackers. If they need higher security then set up openvpn. -- Ryan Manikowski r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] adding users on multiple servers
If you have your own account on each of the boxes the ssh key method is
the best.
1) Create ssh keys for YOUR unprivileged user account.
2) Add YOUR account to /etc/sudoers by adding: userALL=NOPASSWD:
/bin/su -
Then from there you can use clusterssh to connect to all the boxes
simultaneously. Issue the 'sudo su -' command while logged in with your
account, then run add the new users on all of the systems.
Just another idea.
Ryan Manikowski
]] Devision Media Services LLC [[
www.devision.us
r...@devision.us | 716.771.2282
On 4/1/2010 10:09 AM, Ross Walker wrote:
> On Apr 1, 2010, at 9:24 AM, Bazy wrote:
>
>
>>> Short of finding some remotely exploitable vulnerability, you'll have
>>> to visit each server and login. Imagine if you *could* create IDs
>>> without root authority? :D
>>>
>>> Are the servers identically configured?
>>>
>>> If you can login remotely as root you can automate some of them via
>>> expect. What issues were you encountering?
>>>
>>> If you're doing this it might be the perfect opportunity to add some
>>> sort of remote management or authentication to the systems.
>>>
>> I cannot do any changes to the environment therefor I cannot configure
>> centralized authentication :-) It's fun stuff.
>> I managed to find a way with perl and Net::SSH::Expect.
>>
>> The simple expect script would enter the su password and die without
>> sending the adduser commands.
>>
> Like another poster suggested, create root .ssh key, copy it to each
> box, modify sshd.conf to allow login via either key or password in
> each box, you hold the key, they hold the password.
>
> You can then use one of those ssh cluster utilities out there that
> issues the same command on a list of servers.
>
> That is the best way and it requires minor changes with zero impact to
> the operational environment.
>
> -Ross
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How long will CENTOS 4.X automatic resync to to time server???
On 4/12/2010 2:34 PM, mcclnx mcc wrote: > We have several CENTOS 4 and 5 servers. ALL CENTOS servers have NTP setup to > sync time server. Several days ago due to power outage all servers are > reboot. Due to DNS server did NOT up quickly, CENTOS servers start up and > can NOT find time server. > > For CENTOS 5.X servers, it did quickly resync to time server after 30 minutes. > > For CENTOS 4.X servers, it have been 3 days still NOT sync to time server. I > know I can run "service ntpd restart" to force server sync to time server, > but I like to know how long it take for CENTOS 4.X automatic resync to time > server. > > Thanks. > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > If you need to force it by hand to resync and don't mind an abrupt time change run the following command: ntpdate -u your.ntp.server -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installing a .ko file?
On 4/12/2010 12:04 PM, John Doe wrote: > From: Slack-Moehrle > >> Can you tell me the process you take? I >> dont see drives available, I believe they are being exported to the OS >> though. I >> took my 8x1.5tb drives, went into the card setup and set each one as a >> single >> drive and when the machine boots, the card says they are exported. >> > Look maybe at SCSI_3W_9XXX In '/usr/src/kernels/.../drivers/scsi/Kconfig' > But they mention a '3w-9xxx.c' that is not there... > > JD > > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Another user already suggested the use of fdisk and this is a continuation of that. Issuing the command 'fdisk -l' without specifying a drive will print the partition table of ALL detected drives attached to a system. Also, having used 3ware cards extensively with Centos, the module for you card is included with 5.4. No need to use the 3ware module from their website. -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 12-15 TB RAID storage recommendations
On 4/13/2010 1:05 PM, Boris Epstein wrote: > Hello listmates, > > I would like to build a 12-15 TB RAID 5 data server to run under > ContOS. Any recommendations as far as hardware, configuration, etc? > > Thanks. > > Boris. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Chassis - CSE-836A-R1200B Supermicro SC836 A-R1200B - Rack-mountable - 3U - SATA/SAS - hot-swap - power supply 1200 Watt RAID Card - 3ware 9650SE-16ML-SGL 9650SE-16ML-SGL RAID 0/1/5/6/10/50 16CH SATA II PCIE 256MB ECC DDR2 - PCI Express x8 - Up to 300MBps - 4 x SATA x4 Serial ATA/300 - Serial ATA BBU Module for RAID card - 3ware BBU-MODULE-03 Pick the cpu(s) and motherboard to fit the chassis. Obviously go with ECC ram and ONLY enterprise grade hard drives. To ensure compatibility check with 3ware to see which drives they recommend. Areca RAID cards will get you a little better performance but the module for the 9650SE series of 3ware cards is included with the Centos kernel. Getting the Areca driver going is a bit more work, but nothing that would be considered a huge hurdle for a competent sysadmin. Also, if you're looking for advice on Areca products call their Tekram contact in the USA. Their other distributors have been less than stellar on answering pre-sales questions. -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 12-15 TB RAID storage recommendations
On 4/13/2010 1:19 PM, David Miller wrote: > > Ryan's hardware recommendations are good. But I wouldn't run a RAID5 > volume that large, software or hardware. It's just too risky as > rebuilds will take days and the chances of hitting a non recoverable > read error would be near 100% on a volume that size. > > Either run multiple smaller RAID5's and use LVM to manage the volumes > which the OS will use or choose a better RAID layout. RAID6 or RAID10 > are much better choices these days. > -- > David With the config mentioned above it would give the flexibility to run RAID10 with a resulting data store of just under 14TB (8x RAID1 stripe using 2TB drives). Choice of RAID implementation (specifically RAID5) could be an impediment to performance as noted above. Always good to have input from more than one source. At that level of storage looking into spending a bit more for redundancy (drbd/pacemkaker/heartbeat) may be a worthwhile investment as well. -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.3x64 iso
On 4/13/2010 6:12 PM, aurfal...@gmail.com wrote: > Hi all, > > My 5.3 DVD is ruined and the 5.4 installer won't run on my box w/o > errors (uts not the disk, something to do with the installer itself). > > I usually just install 5.3 and then yum it to 5.4. > > Does any one know were I can find a 5.3x64 iso file? > > - aurf > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > http://vault.centos.org has all you need. -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.x and Fedora
On 4/14/2010 6:27 PM, Les Mikesell wrote: > On 4/14/2010 5:16 PM, Matt wrote: > >>> Which Fedora release is the CentOS 5.x kernel based on? I am wanting >>> to know which Fedora rpm's I would have the best luck installing on >>> CentOS 5.x 64 bit. >>> >> I am really looking for a Squid 3.1 rpm for CentOS 5.x. >> > At least some new stuff is backported into the version in the 5.4 > update. It changed behavior regarding letting you override the cache > settings in the content headers with a configured refresh pattern. And > I didn't think that was done before the 3.x versions in the base source. > > See here for instructions on building an rpm of squid 3.1 for Centos 5.x: http://www.x83.net/install-squid-3-1-on-centos-5-x/ -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] heartbeat package in extras trouble with 5.4
On 5/4/2010 11:39 PM, Baird, Josh wrote: > I just recently upgraded a box from i386 5.3 -> 5.4. The box has heartbeat > packages installed from "extras:" > heartbeat-pils-2.1.3-3.el5.centos > heartbeat-stonith-2.1.3-3.el5.centos > heartbeat-devel-2.1.3-3.el5.centos > heartbeat-2.1.3-3.el5.centos > The heartbeat daemon no longer starts.. the init script reports a success, as > well as the logs: > May 4 22:33:10 fc-fmcln02 heartbeat: [9344]: info: Enabling logging daemon > May 4 22:33:10 fc-fmcln02 heartbeat: [9344]: info: logfile and debug file > are those specified in logd config file (default /etc/logd.cf) > May 4 22:33:10 fc-fmcln02 heartbeat: [9344]: info: Version 2 support: false > May 4 22:33:10 fc-fmcln02 heartbeat: [9344]: WARN: logd is enabled but > logfile/debugfile is still configured in ha.cf > May 4 22:33:10 fc-fmcln02 heartbeat: [9344]: info: ** > May 4 22:33:10 fc-fmcln02 heartbeat: [9344]: info: Configuration validated. > Starting heartbeat 2.1.3 > May 4 22:33:10 fc-fmcln02 heartbeat: [9345]: info: heartbeat: version 2.1.3 > May 4 22:33:11 fc-fmcln02 heartbeat: [9345]: info: Heartbeat generation: > 1208455492 > > However, the daemons never actually start. When I run the daemon > interactively without the init script, > the following error appears: > heartbeat[8818]: 2010/05/04_22:23:37 ERROR: Cannot shmget for process status: > Invalid argument > This may suggest that some libs on the system may have been upgraded and > heartbeat is trying to use > the old ones? > Does anyone have any suggestions on how to get heartbeat working again? > Running heartbeat on Centos 5.4 here without a problem. Just powered up my test cluster and made sure system was up-to-date using yum. Heartbeat started without a problem. Perhaps you have selinux enabled on the system? Can you try disabling selinux? This may sound like a half-hearted attempt to 'repair' the issue, but try backing up your authkeys, ha.cf and haresources on each host and try removing and reinstalling the packages. At this point you have nothing to lose since the daemons will not start. -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Resolving dependencies from the command-line
On 5/6/2010 1:55 PM, m.r...@5-cent.us wrote: >> "Stuck"... I'm working with a remote instance through terminal >> services into a VM running on Microsoft Hyper-V... The mouse didn't >> work at all, but yum has that all fixed up now. >> >> Thanks all... >> >> > mark wrote: > >>> Several folks have already pointed to yum. This is the *intended* >>> package manager, as pkgmanager is for Solaris. >>> >>> And what do you mean, "stuck"? >>> > Oh. Windows, why did it have to be WinDoze? > > Could be worse - I'm trying to get minicom to talk to an HP ProCurve > switch, and it just won't talk. > > mark > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Try this Bits per second: 115200 (or try 9600) Data bits: 8 Parity: None Submit Stop bits: 1 Flow control: None -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not firewall, but what?
On 5/6/2010 2:35 PM, Gavin Carr wrote: > Is one of your dns servers broken? > > On Thu, May 06, 2010 at 09:31:22PM +0300, Jussi Hirvi wrote: > >> I have a strange problem, where some clients see the website on my >> server and some do not. It is not about the iptables, and seems to be >> not about tcp wrapper. Still it is something within the box. >> >> More details: >> - the problem is only with some clients, with no geographical connection >> between them; other clients see the website just fine >> - the problem-clients get timeout with their browser >> >> *- they get timeout also when they try a numerical ip address* >> >> - but they see another machine in the same subnet just fine (when they >> browse by ip number), so the problem has to be inside this webserver >> box, right? >> - port 80 (not ssl) >> >> Switching off iptables does not help. The files hosts.allow and >> hosts.deny are empty, so I guess it's not the tcp wrapper. >> >> Notice the op posted they get timeouts even when going directly to a numerical address (if the apache server is configured to respond to *:80 it should at least display something) Try using telnet from a client machine that can not connect. e.g. telnet host.name.here 80 or telnet xx.xxx.xxx.xxx 80 Try a few times and see if you're getting a timeout or if it connects every time. Run tcpdump on the apache server while sending the connection requests and see if the connection attempts show up at all. If they do not, then it's a network problem. -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] was, Resolving dependencies from the command-line, is ProCurve switch
On 5/6/2010 3:19 PM, m.r...@5-cent.us wrote: > >> Try this >> >> Bits per second: 115200 (or try 9600) >> Data bits: 8 >> Parity: None >> Submit >> Stop bits: 1 >> Flow control: None >> > Thanks - yeah, I saw that in the manual, and online, saw the 9600, did > that, no joy at all. Just sits there at a blank screen. Btw, about flow > control: h/w?s/w? Those are my two options in minicom. > > Meanwhile, on the switch (ssh'ing in, but I need to get the serial port > working so I can get a newer version of the firmware there (what's there > is *ancient*), show console reports flow control as xon/xoff.... > > F - Hardware Flow Control : No G - Software Flow Control : No -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Tomcat/5.5.23
On 5/7/2010 8:18 AM, testwreq wreq wrote: > I have a new instllation of tomcat on centos. My $CATALINA_HOME is > /usr/share/tomcat5 and tomcat is running. > > http://localhost:8080 <http://localhost:8080/> brings up the tomcat > page & one of the option is "Administration". I would like to use this > web interface and even give some of the test webapp users ability to > restart tomcat. > > According to the home page, users are defined in > |$CATALINA_HOME/conf/tomcat-users.xml|. Currently my file has the > following content > more tomcat-users.xml > > > > > > > > > I tried logging to the administration web interface with tomcat/tomcat > but it did not work. Can anyone guide to configure this file? I am > very new to tomcat. > > Thank you. > Are you new to tomcat? If so it would be in your best interested to read: http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html The apache foundation provides extensive documentation for Tomcat. It is a wealth of knowledge. >From the page above: "The username and password you enter do not matter, as long as they identify a valid user in the users database who possesses the role *manager*." -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mail server best practices question
On 5/10/2010 8:02 AM, Brian McKerr wrote: > I use Mailscanner with postfix and Mailwatch to manage quarantine etc; > > http://mailscanner.info/ > > On the backup MX, I just use postfix and some basic anti-spam stuff. > Very little gets through and even less gets through to the primary. I > am aware that some spam techniques go straight to the backup MX > because most people don't set it up quite as well as the primary. YMMV. > > I also used to use greylisting, which does reduce spam, but, > unfortunately it also reduces valid mail ;-) In the end I'd rather > suffer a few spams getting through compared to the delayed receipt of > important emails. > > Brian. Another vote here for Mailscanner + Postfix. Add a few RBL's into your postfix config and spam will be at a minimum. -- Ryan Manikowski ]] Devision Media Services LLC [[ www.devision.us r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4
On 5/20/2010 9:21 AM, Whit Blauvelt wrote: > Hi, > > We've got a fresh CentOS 5.4 box, and the only glitch so far is that > /etc/init.d/smb doesn't start smbd. It claims it does - shows "[ok]" - but > only nmbd ends up running. Even setting a higher debugging level in the smbd > flags, nothing logs or shows on the console as to why smbd is immediatly > quitting. > > To make it stranger, doing this works fine: > > . /etc/init.d/functions > daemon smbd -D > > That's the core of how the /etc/init.d/smb file is set up to start it. > Except from there it's not working - despite the reported "[ok]". > > Anyone seen this, or have advice on how to debug it? > > Thanks, > Whit > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > Have you run 'testparm' to verify the samba configuration does not contain any errors that are preventing the smbd daemon from loading? -- Ryan Manikowski r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4
On 5/20/2010 10:45 AM, Whit Blauvelt wrote: > On Thu, May 20, 2010 at 10:21:51AM -0400, Ryan Manikowski wrote: > > >> Have you run 'testparm' to verify the samba configuration does not >> contain any errors that are preventing the smbd daemon from loading? >> > I had not. Doesn't seem to tell us anything: > > As your config appears to be clean and free of errors that would prevent smbd from starting have you... ...tried starting smbd from the command line NOT using the init scripts? Make sure nmbd is started first: nmbd -D Try using the -i and -F flag to start smbd: e.g. smbd -iF This will start smbd interactively, log to standard out, and prevent the smbd process from daemonizing and thus keeping it active in the terminal from which it was launched. Combine this with strace to see what exactly the process is doing and why it is failing. e.g. strace smbd -iF Prior to doing any of this ensure that there are no other services listening on the ports samba uses: netstat -pan | grep 139 -- Ryan Manikowski r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can't update CENTOS - mirrore issue? or what?
On 5/20/2010 4:32 PM, Dave Stevens wrote: > Quoting m.r...@5-cent.us: > > >> Dave wrote: >> >>> For about a week a biug stack of updates have been pending for CENTOS >>> but I can't install them. The yum update command leads to dependency >>> resolution in the usual way but it always ends in this: >>> >>> ---> Package poppler-utils.i386 0:0.5.4-4.4.el5_4.11 set to be updated >>> ---> Package xorg-x11-drv-qxl.i386 0:0.0.12-1.2.el5 set to be updated >>> --> Running transaction check >>> --> Processing Dependency: gmime = 2.2.10-5.el5.centos for package: >>> gmime-sharp >>> ---> Package java-1.6.0-openjdk.i386 1:1.6.0.0-1.7.b09.el5 set to be >>> updated >>> http://linux.mirrors.es.net/fedora-epel/5/i386/repodata/0a2db1a48154104f63a81022653699a425c794c3-filelists.sqlite.bz2: >>> [Errno 14] HTTP Error 404: Not >>> Found >>> Trying other mirror. >>> >> >> I see it's trying to get a file list. I started upgrading this week, and >> get the occasional pkgKey not found. You might try what I found as the >> answer: yum clean all, yum clean metadata. >> >> mark >> > well, I'm now much better off in consequence of disabling epel, 179 > updates went through just fine. the cleanup with yum didn't seem to > have the desired effect: > > [r...@cserver admin]# yum check-update > Loaded plugins: fastestmirror, priorities > Loading mirror speeds from cached hostfile > * addons: ftp.telus.net > * base: ftp.telus.net > * epel: linux.mirrors.es.net > * extras: ftp.telus.net > * updates: ftp.telus.net > > gmime.i386 2.2.25-1.el5 > epel > wxBase.i386 2.8.11-1.el5 > epel > wxGTK.i386 2.8.11-1.el5 > epel > [r...@cserver admin]# yum clean all > Loaded plugins: fastestmirror, priorities > Cleaning up Everything > Cleaning up list of fastest mirrors > [r...@cserver admin]# yum clean metadata > Loaded plugins: fastestmirror, priorities > 0 metadata files removed > 0 sqlite files removed > 0 metadata files removed > [r...@cserver admin]# yum update > Loaded plugins: fastestmirror, priorities > Determining fastest mirrors > Could not retrieve mirrorlist > http://mirrorlist.centos.org/?release=5&arch=i386&repo=addons error was > [Errno 4] IOError: resolution')> > Error: Cannot find a valid baseurl for repo: addons > [r...@cserver admin]# > > so definite progress but not quite there yet. thanks for the help. > > Dave > > > > >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos >> >> > > > Disable the 'addons' repo and your problem will be resolved. -- Ryan Manikowski r...@devision.us | 716.771.2282 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Odd failure of smbd to start from init.d - CentOS 5.4
On 5/20/2010 6:39 PM, Whit Blauvelt wrote:
> I'm afraid this is giving CentOS a bad rep among my coworkers.
>
Tell them to join the debian-users list and see what kind of intelligent
discussion goes on there. They will be back to Centos in a week. =)
--
Ryan Manikowski
r...@devision.us | 716.771.2282
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Having trouble with LDAP Authentication...
On 5/25/2010 5:16 PM, Andy Akins wrote: I've google and searched, and have had very little luck... I have: 1. Installed all the packages. 2. Configured and have running OpenLDAP. 3. Migrated my passwd/shadow/group/hosts files into the directory 4. Tested the directory using ldapsearch 5. Installed LAM (web interface to LDAP authentication) 6. Added a user using LAM. 7. Confirmed user is in directory. 8. Confirmed user is not in /etc/passwd 9. Confirmed using "getent passwd | grep username" that the user is listed. 10. Confirmed using "getent passwd" shows two records for each user /except/ ldap-only users (one for /etc/passwd, one for LDAP). However, "id username" Returns unknown user And trying to log in as username at either the terminal or ssh fails, and upon examining the logs, the error message says unknown user. I configured /etc/pam.d/system-auth using authcongfig-tui, adding only the pam_mkhomedir.so line (and I tried it without that line as well). Everything /seems/ right -- but its not working. Can anyone offer any suggestions as to where I should be looking? If necessary, I'll post my /etc/openldap/slapd.conf, /etc/openldap/ldap.conf, /etc/pam.d/system-auth, and /etc/nsswitch.conf files -- I just didn't want to send them if not necessary. Any help or suggestions would be appreciated. Thanks! -- Andy Akins Director of Development NICUSA, Tennessee -- A Partnership with Tennessee.gov Phone: (615) 313-0305 Email: a...@egovtn.org Visit www.tn.gov - the official website of the State of Tennessee * CONFIDENTIALITY NOTICE: This email and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this email in error, please notify us immediately by returning it to the sender and deleting this copy from your system. Thank you. NIC, Inc., Tennessee * ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos We'll assume you've properly configured your OpenLDAP server and can query the directory and whatever user/group accounts you have created are valid. Now, you make no statements regarding the system that you are attempting to authenticate from. Run 'authconfig-tui' from the console/terminal and ensure the ldap server is specified. See this page (http://beginlinux.com/server_training/server-managment-topics/1316-set-up-ldap-client) and concern yourself with the 2 screenshots for now. You can tweak the manual settings to your hearts content but ONLY need to set the options contained in the screenshots to at least get LDAP auth working. Make sure you leave an '*' next to 'Local authentication is sufficient' as well so the system continues to auth local accounts. Placing a '*' next to 'Cache Information' will enable nscd. Ryan Manikowski ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question on CPU
On 5/27/2010 9:25 AM, James Bensley wrote: > How many processors are shown in your process monitor/activity monitor? > > In order to view the number of cpu's in top, press the '1' key. You will then see cpu0, cpu1, cpu2, etc. if there is more than 1 core detected. Ryan Manikowski ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement tape drive configuration
On 5/27/2010 6:14 PM, Hugh E Cruickshank wrote: > CentOS 4.8 > > Hi All: > > We recently had a Sony SDX-500V tape drive fail on one of our servers > running CentOS 4.8. I have now replaced it with a spare SDX-500C. The > problem that I am having now is that the failed drive had ceased > responding to SCSI commands and we have since rebooted the system > which resulted in the tape drive being removed from our current > hardware configuration and the system does not recognize the new > tape drive. > > I know that I can just reboot the system and kudzu will add the tape > drive back in during the boot process however I was wondering if it > would be possible to manually run kudzu to add the drive or am I just > "borrowing trouble" by trying to do this? > > TIA > > Regards, Hugh > > When you say the 'system' no longer recognizes the tape drive, are you sure the SCSI controller even detects the tape drive during boot? From what I've seen, tape drives use the generic tape driver and get mapped to /dev/stX. Ryan Manikowski ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
