Re: [e-smith-devinfo] Recommended Raid Controllers
Brandon Friedman [EMAIL PROTECTED] wrote: Has anybody configured a Mylex Raid controller? I have a MegaRAID LD0 RAID5 86390R working with SME5. It works just fine, auto-detected during install... -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Recommended Raid Controllers
Which of the current mylex pci raid comtrollers is supported by SME V%? NiGhTsPiRiT wrote: Brandon Friedman [EMAIL PROTECTED] wrote: Has anybody configured a Mylex Raid controller? I have a MegaRAID LD0 RAID5 86390R working with SME5. It works just fine, auto-detected during install... -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Regards Brandon Friedman Product Manager Tech-Knowledgy Advantage Ph: +27 (011) 486-0626 Fax: +27 (011) 486-0629 Cell: +27 (083) 408-7840 E: [EMAIL PROTECTED] www.techknowledgy.co.za PO Box 1909, Houghton, 2041 South Africa No. 1 Mowbray Road, Greenside, Johannesburg, South Africa Mitel Networks Authorized Partners -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] root / shell access
With respect to Mitel cautions as to insecurity of telnet, and assuming you've used the web manager to otherwise enable remote access: /sbin/e-smith/db configuration setprop telnet PermitRootLogin yes /sbin/e-smith/signal-event remoteaccess-update Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 09, 2001 7:56 PM To: [EMAIL PROTECTED] Subject: [e-smith-devinfo] root / shell access I am running the latest version of the server (v5) but cant seem to access the shell like I could in v4 by telnet. Telnet IS enabled and I can login as admin but not root! -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] sorting integers in perl
On Wednesday 10 October 2001 05:40 am, stephen noble wrote: Try: foreach (sort { $a = $b } keys %dungog) { } -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] sorting integers in perl
On Wednesday 10 October 2001 05:40 am, stephen noble wrote: Try: foreach (sort { $a = $b } keys %dungog) { } If you have a list of integers, the following will sort them in desending order: @arrayToSort (1,2,3,4,5,6); @sortedArray = sort {$b = $a} @arrayToSort; Greg Zartman -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6
fyi...samba rpms on rpmfind have been updated to samba-2.2.1a-5, your howto lists samba-2.2.1a-4 -Original Message- From: Darrell May [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 09, 2001 10:06 PM To: e-smith-devinfo Subject: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6 Ok folks. This is now completed as far as I can take it. Latest developer rpms available here: http://myEZserver.com/downloads/mitel dmc-mitel-samba-2.2.1a-6.noarch.rpm dmc-mitel-samba-2.2.1a-6.src.rpm Copy of the latest Howto here: http://myezserver.com/docs/mitel/samba-upgrade-howto.html It is now up to Mitel to meld our changes into a samba update blade. I believe Gordon's e-smith-samba-1.1.0-03.noarch.rpm was the first step to move smb.conf fragments out of e-smith-base into a separate rpm to facilitate this. Currently dmc-mitel-samba-2.2.1a-6.noarch.rpm populates templates-custom with the complete samba fragments from e-smith-samba-1.1.0-03.src.rpm + the additional fragments we've built. This rpm works fine for 4.1.2/SME5 and is usable today. When a blade comes out simply remove this rpm and install the blade. Because templates-custom is used this should not pose any problems. Finally, each fragment includes a remarked entry displaying the fragment name in the smb.conf file. I really like this idea. Makes it immediately simple to determine in a large templated file which fragment the parameter belongs to. What do you think of this idea? Regards, -- Darrell May DMC NETSOURCED.COM http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Altering Kick Start Script
Hi Folks How do you alter the kick start script to add your own driver specifications in a SME installation? -- Regards Brandon Friedman Product Manager Tech-Knowledgy Advantage Ph: +27 (011) 486-0626 Fax: +27 (011) 486-0629 Cell: +27 (083) 408-7840 E: [EMAIL PROTECTED] www.techknowledgy.co.za PO Box 1909, Houghton, 2041 South Africa No. 1 Mowbray Road, Greenside, Johannesburg, South Africa Mitel Networks Authorized Partners -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Recommended Raid Controllers
Mylex Acceleraid 250??? SME V 5 picked it up from installation? Anton Sabelski wrote: I have AcceleRaid 250 no problems - Original Message - From: Brandon Friedman [EMAIL PROTECTED] To: NiGhTsPiRiT [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, October 10, 2001 4:08 PM Subject: Re: [e-smith-devinfo] Recommended Raid Controllers Which of the current mylex pci raid comtrollers is supported by SME V%? NiGhTsPiRiT wrote: Brandon Friedman [EMAIL PROTECTED] wrote: Has anybody configured a Mylex Raid controller? I have a MegaRAID LD0 RAID5 86390R working with SME5. It works just fine, auto-detected during install... -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Regards Brandon Friedman Product Manager Tech-Knowledgy Advantage Ph: +27 (011) 486-0626 Fax: +27 (011) 486-0629 Cell: +27 (083) 408-7840 E: [EMAIL PROTECTED] www.techknowledgy.co.za PO Box 1909, Houghton, 2041 South Africa No. 1 Mowbray Road, Greenside, Johannesburg, South Africa Mitel Networks Authorized Partners -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Regards Brandon Friedman Product Manager Tech-Knowledgy Advantage Ph: +27 (011) 486-0626 Fax: +27 (011) 486-0629 Cell: +27 (083) 408-7840 E: [EMAIL PROTECTED] www.techknowledgy.co.za PO Box 1909, Houghton, 2041 South Africa No. 1 Mowbray Road, Greenside, Johannesburg, South Africa Mitel Networks Authorized Partners -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6
It is now up to Mitel to meld our changes into a samba update blade. I believe Gordon's e-smith-samba-1.1.0-03.noarch.rpm was the first step to move smb.conf fragments out of e-smith-base into a separate rpm to facilitate this. As part of this process, it seem like it might be a good idea to repackage the Samba RPM to remove those deamons and associated files currently not being used by the e-smith/SME server. Having looked at the Samba 2.2.1a RPM spec file, I think the following could be removed and/or slightly modified. REMOVE mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include,using_samba} mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{figs,gifs} MODIFY TO NOT INSTALL SWAT # Install secure binary files for i in smbd nmbd swat smbmount smbumount smbmnt debug2html do install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin doneve those Samba services that REMOVE # Install SWAT helper files for i in swat/help/*.html docs/htmldocs/*.html do install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help done for i in swat/images/*.gif do install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images done for i in swat/include/*.html do install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include done REMOVE # Add swat entry to /etc/services if not already there. if !( grep ^[:space:]*swat /etc/services /dev/null ) then echo 'swat 901/tcp # Add swat service used via inetd' /etc/services fi REMOVE # Add swat entry to /etc/inetd.conf if needed. if [ -f /etc/inetd.conf ]; then if !( grep ^[:space:]*swat /etc/inetd.conf /dev/null ) then echo 'swat stream tcp nowait.400 root %{prefix}/sbin/swat swat' /etc/inetd.conf killall -1 inetd || : fi fi REMOVE # Add swat entry to xinetd.d if needed. if [ -d $RPM_BUILD_ROOT/etc/xinetd.d ]; then mv /etc/samba/samba.xinetd /etc/xinetd.d/swat else rm -f /etc/samba/samba.xinetd fi -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] root / shell access
Probably (make that definitely) a better approach is leave the config alone, telnet in as admin and su - to root. The best approach, of course, is to use SSH, not telnet. Neither of those involve major compromises to security or any change to the config. Just a suggestion. JP - Original Message - From: Smith, Jeffery S (Scott) [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, October 10, 2001 9:33 AM Subject: RE: [e-smith-devinfo] root / shell access With respect to Mitel cautions as to insecurity of telnet, and assuming you've used the web manager to otherwise enable remote access: /sbin/e-smith/db configuration setprop telnet PermitRootLogin yes /sbin/e-smith/signal-event remoteaccess-update Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 09, 2001 7:56 PM To: [EMAIL PROTECTED] Subject: [e-smith-devinfo] root / shell access I am running the latest version of the server (v5) but cant seem to access the shell like I could in v4 by telnet. Telnet IS enabled and I can login as admin but not root! -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] root / shell access
-Original Message- From: John Powell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 10, 2001 12:34 PM Subject: Re: [e-smith-devinfo] root / shell access Probably (make that definitely) a better approach is leave the config alone, The stated approach does not modify the config in any non-standard way. It simply sets a property that was removed from the web manager. From a system integrity perspective, nothing untoward is done. telnet in as admin and su - to root. Have you ever telneted into the server as admin? You get the admin console, not the command line. It would be pretty tough to su to anything from there. The best approach, of course, is to use SSH, not telnet. Reminds me of the old GOTO is evil argument. Pretty tough to program most popular processors without GOTO -- usually referred to as a JUMP in most assembly mnemonics :-) The GOTO in and of itself is not bad -- it is the misuse of GOTO, which is an easy thing to do, that is bad. Similarly, not all telnet access is bad. Prone to be bad, yes, but inherently and inescapably bad, no. Neither of those involve major compromises to security or any change to the config. Except that one won't work, and the other has issues of its own. Not the least of which is that most SSH clients are pretty lame when compared to their more mature telnet cousins. Machines don't think, people do. It should be the option and responsibility of the local admin to determine if the security risks of telnet -- or any other arguably risky service or protocol or practice -- are worth the rewards. IMHO Scott -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] root / shell access
I do not want to start a major debate on the topic. You are correct, I forgot about the admin console thing. You can enable a user as having shell access and su from there. The dangers of enabling root from telnet that I can think of are this: - easier to for someone sniffing on your network to look for root logins and capture the password. Yes, they could look for su, but that is a little bit more obscure. This is also a reason to go for SSH. - Someone trying to guess their way in is likely to start by attempting to crack their way in by trying to telnet in as root. This is an unsophisticated attack for sure, but those are the first tried. Not allowing root to telnet in adds another obscurity layer. Before you get into the Security by obscurity argument. I agree this is not a good primary line of defense, but it is a decent secondary line of defense. As far as SSH clients. I use SecureCRT when coming in from a Windows box. I love it. Others have high praise for Putty, haven't used it personally though. I am not sure what super-advanced Telnet clients you are referring to, but I find it hard to grasp what they have over SecureCRT and other solid SSH clients. Basically, no matter how advanced you are as a user, opening up telnet to root is widely considered a bad idea and your skills are not going to stop anyone from exploiting your network if they get root. I don't even allow root directly in via SSH, but require su there too. Bottom line, I respectfully disagree with your premise that allowing telnet in directly as root is a good idea, particularly if it is on an external interface or if your internal network is not 100% physically secure. If you would like to continue this thread, we should probably take it off-list. I would prefer to just agree to disagree and leave it at that. JP -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] root / shell access
On Wed, Oct 10, 2001 at 11:34:08AM -0500, John Powell wrote: Probably (make that definitely) a better approach is leave the config alone, telnet in as admin and su - to root. While others have pointed out that you cannot telnet in as admin and get to a shell, he does raise another option. Telnet in as *another user* and then su to root. This gets around the issue of telnetting in directly as root, BUT, when you type in the root password (to su), you are, of course, transmitting that password in the clear. (Note that all user accounts other than admin and root cannot login to the SME Server. You need to (as root) issue the command chsh -s /bin/bash username to enable username to login to the server. Having said that, I would strongly suggest that you limit shell access to very trusted users.) The best approach, of course, is to use SSH, not telnet. Absolutely. My favorite in the Windows world has been TTSSH. You first install TeraTermPro (which is free) and then you unzip the TTSSH distribution and drop it into the Tera Term Pro folder. Execute ttssh.exe and you are in. Works great. I have used Putty as well and it has worked fine for me as well. My 2 cents, Dan -- Dan York, Director of Training, Network Server Solutions Group Mitel Networks Corporation [EMAIL PROTECTED] Ph: +1-613-751-4401 Cell: +1-613-263-4312 Fax: +1-613-564-7739 150 Metcalfe Street, Suite 1500, Ottawa,ON K2P 1P1 Canada http://www.e-smith.com/ http://www.mitel.com/sme/ -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] root / shell access
-Original Message- From: John Powell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 10, 2001 1:10 PM Subject: Re: [e-smith-devinfo] root / shell access I do not want to start a major debate on the topic. Nor do I, for there is no one correct conclusion. Bottom line, I respectfully disagree with your premise that allowing telnet in directly as root is a good idea, particularly if it is on an external interface or if your internal network is not 100% physically secure. I did not express an opinion that root access via telnet is always a good idea. Quite to the contrary, I stated that the unqualified categorization of root telnet access as a bad thing is itself a bad thing. The position that secured access methods are generally preferable to unsecured is of course reasonable -- it is the assertion that unsecured methods are always bad that I take exception to. The determination as whether root telnet access is bad or good is situational and best left to the individual administrator. But as you say, we are best left agreeing to disagree :-) Scott -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6
David Erdman [EMAIL PROTECTED] said: fyi...samba rpms on rpmfind have been updated to samba-2.2.1a-5, your howto lists samba-2.2.1a-4 Thanks, I've updated my copy of the Howto. Copy of the latest developer Howto here: http://myezserver.com/docs/mitel/samba-upgrade-howto.html -- Darrell May DMC NETSOURCED.COM http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6
Keith Winston [EMAIL PROTECTED] said: Finally, each fragment includes a remarked entry displaying the fragment name in the smb.conf file. snip This is a great idea. snip Thanks Keith. I'm hoping others will agree as well. I'd like to see this become the 'standard'. Regards, -- Darrell May DMC NETSOURCED.COM http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6
Hmmm. Smart. Simple. Effective. Sensible. Gotta be something wrong with it somewhere... ;) Darrell May wrote: Finally, each fragment includes a remarked entry displaying the fragment name in the smb.conf file. snip I'm hoping others will agree as well. I'd like to see this become the 'standard'. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] root / shell access
On Wed, 10 Oct 2001, Dan York wrote: Absolutely. My favorite in the Windows world has been TTSSH. You first install TeraTermPro (which is free) and then you unzip the TTSSH distribution and drop it into the Tera Term Pro folder. Execute ttssh.exe and you are in. Works great. Moreover, TeraTermPro is an advanced telnet client. Adding the TTSSH add-on gives you all the features of that telnet client, but connecting over the secured SSH protocol. -- Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Grouphttp://www.e-smith.com/ Mitel Networks Corporationhttp://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Altering Kick Start Script
On Wed, Oct 10, 2001 at 05:45:33PM +0200, Brandon Friedman [EMAIL PROTECTED] wrote: Hi Folks How do you alter the kick start script to add your own driver specifications in a SME installation? We don't have any direct support for adding drivers at install time. RedHat's site has details on configuring kickstart, but you are also likely to need a new boot image and potentially a new boot kernel. This may be easy, hard or (close to) impossible, depending on the hardware involved. I would not recommend using hardware unless it is supported by the installer, especially disk controllers. Using unsupported disk controllers may make recovery of a failed system difficult, or impossible. Expect to spend many days working on this - it's not for the faint-hearted, and I'd recommend purchasing supported hardware instead. Thanks, Gordon -- Gordon Rowell[EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] root / shell access
On Wed, Oct 10, 2001 at 01:23:27PM -0400, Smith, Jeffery S (Scott) [EMAIL PROTECTED] wrote: [...] I did not express an opinion that root access via telnet is always a good idea. Quite to the contrary, I stated that the unqualified categorization of root telnet access as a bad thing is itself a bad thing. The position that secured access methods are generally preferable to unsecured is of course reasonable -- it is the assertion that unsecured methods are always bad that I take exception to. The determination as whether root telnet access is bad or good is situational and best left to the individual administrator. [...] FYI - We removed the telnet as root option from the manager so that it required an explicit action on the part of an administrator with shell access to allow this access. The previous toggle in the manager made it far too easy for people to enable a practice which is commonly accepted as bad. Gordon -- Gordon Rowell[EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Comments in generated config files (was Re: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6)
On Wed, Oct 10, 2001 at 05:42:06PM -, Darrell May [EMAIL PROTECTED] wrote: [...] Thanks Keith. I'm hoping others will agree as well. I'd like to see this become the 'standard'. We've played around with this in the past, but I don't see that it provides a great deal over the use of individual template fragments with sensible names (see my split-up of smb.conf/10globals). Many of the existing templates are too big and we are splitting and renaming them as we modify them. IMO, the generated files should be as compact as possible, without additional comment noise. The reasoning for the fragment is captured in the fragment, which then generates as little as is required. The comments often obscure the vital information. Thanks, Gordon -- Gordon Rowell[EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Re: Comments in generated config files
On Thu, 11 Oct 2001, Gordon Rowell wrote: IMO, the generated files should be as compact as possible, without additional comment noise. The reasoning for the fragment is captured in the fragment, which then generates as little as is required. The comments often obscure the vital information. I agree with Gordon on this. The correct place for comments is in the template fragment. No human need ever read the generated configuration file, so comments should not be required there. In fact comments in the generated file might encourage people to directly edit the configuration file, instead of making changes to a template. I've never found grep to be deficient when trying to determine which fragment is responsible for which line of a config file. Try, for example: cd /etc/e-smith/templates grep oplock etc/smb.conf/* Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Grouphttp://www.e-smith.com/ Mitel Networks Corporationhttp://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Re: Comments in generated config
phm1a [EMAIL PROTECTED] said: Hmmm. Smart. Simple. Effective. Sensible. Gotta be something wrong with it somewhere... ;) Yup, just found it. The Mitel gang doesn't agree :( Sorry for being nasty but I just had to ;- Darrell -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Comments in generated config files (was Re: [e-smith-devinfo] dmc-mitel-samba-2.2.1a-6)
I know this isn't up for a vote, but I agree with Darrell on this one... I guess I don't see a problem with larger files due to comments. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Altering Kick Start Script
At 17:40 10/10/2001, you wrote: Expect to spend many days working on this - it's not for the faint-hearted, and I'd recommend purchasing supported hardware instead. Somewhat germane to the topic - I'm in the market for a new server, for which I'd like RAID 5. I was told this past weekend by one of the 3Ware distributors in Vancouver that they (3Ware) have discontinued all RAID controller production, so that definitely impacts the IDE RAID side of things. Des Dougan -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Re: Comments in generated config files
On 10 Oct 2001, Charlie Brady wrote: On Thu, 11 Oct 2001, Gordon Rowell wrote: IMO, the generated files should be as compact as possible, without additional comment noise. The reasoning for the fragment is captured in the fragment, which then generates as little as is required. The comments often obscure the vital information. I agree with Gordon on this. The correct place for comments is in the template fragment. No human need ever read the generated configuration file, so comments should not be required there. In fact comments in the generated file might encourage people to directly edit the configuration file, instead of making changes to a template. It would be handy though to have a setting, similar to the existing DebugTemplateExpansion, which when enabled would insert a single '# Generated from /etc/e-smith/templates/etc/foo.bar/50bla' line for each template fragment expanded. I'm sure there must be an instance where such a comment would break a config file though... Daniel van Raay -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Re: Comments in generated config files
On Thu, Oct 11, 2001 at 01:00:54PM +1000, Daniel van Raay [EMAIL PROTECTED] wrote: [...] It would be handy though to have a setting, similar to the existing DebugTemplateExpansion, which when enabled would insert a single '# Generated from /etc/e-smith/templates/etc/foo.bar/50bla' line for each template fragment expanded. I certainly like this idea (and have thought about doing it in the past). This seems a very clean solution to the issue - no comments in the general case, but comments when you really want to see them. The comments are also auto-generated which I like as it saves on duplication of information. When combined with the newer expand-template which allows you to specify the output file, this should provide lots of debugging information. I'm sure there must be an instance where such a comment would break a config file though... There sure will be ones for which # commands are not allowed. Oh how I wish Unix had a standard config file comment character. Gordon -- Gordon Rowell[EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Re: Comments in generated config
I like the comments and I think it's a good idea to include them in the output files. Just a quick question. What difference will it make to the server whether or not comments are included? With the speed and power of today's computers, are we talking about a huge loss in speed due to extra code? Or does it have nothing to do with processing the output files? If you are worried about people editing the files directly, then including the comments helps them find the templates easier (and understand the SME system better)... instead of grepping themselves in circles. Just my 2cents. Trev. -Original Message- From: Gordon Rowell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 10, 2001 9:19 PM To: Darrell May Cc: e-smith-devinfo Subject: Re: [e-smith-devinfo] Re: Comments in generated config On Thu, Oct 11, 2001 at 02:11:31AM -, Darrell May [EMAIL PROTECTED] wrote: phm1a [EMAIL PROTECTED] said: Hmmm. Smart. Simple. Effective. Sensible. Gotta be something wrong with it somewhere... ;) Yup, just found it. The Mitel gang doesn't agree :( Sorry for being nasty but I just had to ;- I think it was a bit unnecessary :-( There are lots of things we could put in, and you were saying it should be a standard. Charlie and I disagreed for various reasons. That's what discussion is about...isn't it? We strongly support proper documentation of the template fragments themselves, but want to keep the output files as small and clean as possible. Gordon -- Gordon Rowell[EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org