Re: [expert] Unmountable Samba mounts and other oddities
I've got this problem as well, only it is happening with a share that still exists. As far as I can tell, it seems to be the case that our NT server is dropping the connection after some inactivity, and Samba can't re-establish for some reason... Anyhow, for me, I just use umount with the -l option. After that, I'm able to re-mount the share and it works just fine (until it times out again...) If anyone knows a real fix for this, I'd love to hear it... -Jason On Sunday 28 July 2002 11:09 pm, Rob Gillen wrote: I've seen a problem for many different versions (latest 8.2) of Mandrake with Samba before, and I may have even inquired about it before. Whether it is a problem with Samba I have no idea, but I suspect not. I'm trying to get some info/advice about what might be potentially the problem before going to Samba mailing lists to query them. Some of you might already be familiar with the strange way that Linux will often disallow umount-ing or listing directory contents of a mounted smb share, returning the error text, Input/output error. I believe this error happens when a smb share is mounted, then that remote share is removed. This is a seriously annoying problem, because restarting Samba does not solve the problem, nor does changing runlevels. Which is why I think it may be a kernel-level problem. I have tried changing the runlevel to [S]ingle level user, which is running pretty much nothing save kernel processes and a simple shell. At this level, a 'mount' command still shows the shares to be mounted, and also at this level it is still impossible to umount them. The only solution that I have found so far is rebooting, which I think is an unacceptable way to handle such a problem. = You can't second-guess ineffability, I always say. -- (Terry Pratchett Neil Gaiman, Good Omens) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Sun, 28 Jul 2002 23:27:11 -0500 J. Craig Woods [EMAIL PROTECTED] wrote: James Sparenberg wrote: On the subject of Crackers. Note this IP block owned by ATT 12.234.0.0/24 If been getting hit heavily from there by a number of compromised M$ boxes. I've alerted ATT but so far no answer,(it is Sunday though). So for the moment I'm blocking the entire IP block. . It's coming from NJ. See the logs snippet below. Yep, Over the years, I have never heard back from ATT when I have reported abuse to them. Like so many big cats, they do not give a shit about you and I. But if you think ATT is loaded with those crummy M$ boxes running infected IIS crap, check this out: I started blocking M$ boxes coming from the GTE network. I started with the CIDR notation you are using 24. The problem was so pervasive that I now have the entire netblock of ip addresses being shit-canned at my firewall, i.e. 4.0.0.0/8. You can bet that put a stop to my logs feeling up with unwanted IIS crap. Just goes to show you that if you take pride in being a good SA, you do not work on a M$ server if you can help it drjung DrJung, If you can claim 5,000 dollars in lost revenue due to something like this (and in todays market that isn't very hard) Call the FBI. These guys are REAL serious about helping you. I did once on a smurf attack, that was coming from a bunch of WinServers at Level III ... After two months of the guy I got my Office connection from talking with them they still hadn't done a thing. (On again off again DOS attack) But when the FBI walked in two days after I called them and sent them logs, with warrants to confiscate servers they became very very cooperative. Amazing what the concept of losing 20 servers will do to someones attitude. (Oh and they did find the kid in Texas, going through a bunch of zombies in Argentina an the UK) James -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] FontDrake
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I was playing around with fontdrake on a test system tonight, and decided to try using its Windows font installer. Everything seemed fine, KDE apps see the fonts, but all of them show up as some generic bitmap font rather then the actual fonts I installed. GTK apps see everything fine. Oh, and KDE using Xft doesn't see them at all. Any ideas? TIA, Tim - -- - Timothy R. Butler[EMAIL PROTECTED] Universal Networks http://www.uninet.info Christian Portal and Search Tool: http://www.faithtree.com Enterprise Open Source Journal: http://www.ofb.biz = Christian Web Services Since 1996 == -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9QjF7K37Cns9gJ0gRAo8OAJ9V2guApFeEDnlrpiU0DfxqFRMkhQCeJBj9 z5QrTlMTVJ8Qhij7vFYAbEc= =nhEk -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] PCMCIA: Texas Instruments PCI1420 not working after kernel-update
configuration: Mandrake 8.1 lspci: ... 00:04.0 CardBus bridge: Texas Instruments PCI1420 00:04.1 CardBus bridge: Texas Instruments PCI1420 ... Windows says: PCI1420 at i/o-address 0x3e0 and irq 11 tried that with [root@... root]# modprobe i82365 i365_base=0x3e0 cs_irq=11 resulted in: /lib/modules/2.4.18-8.2mdk/kernel/drivers/pcmcia/i82365.o.gz: init_module: No such device The pcmcia worked before i updated the kernel. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] FontDrake
On Saturday 27 July 2002 12:36 am, Timothy R. Butler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I was playing around with fontdrake on a test system tonight, and decided to try using its Windows font installer. Everything seemed fine, KDE apps see the fonts, but all of them show up as some generic bitmap font rather then the actual fonts I installed. GTK apps see everything fine. Oh, and KDE using Xft doesn't see them at all. Any ideas? add the paths to your /etc/X11/Xftconfig file and enable aa fonts in kcontrol. And if you want them to look really good, download the freetype2 source and recompile with byte code interpretter enabled. :) hth, -s Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] PCMCIA: Texas Instruments PCI1420 not working afterkernel-update
On Mon, 2002-07-29 at 08:05, t_gecks wrote: configuration: Mandrake 8.1 lspci: ... 00:04.0 CardBus bridge: Texas Instruments PCI1420 00:04.1 CardBus bridge: Texas Instruments PCI1420 ... Windows says: PCI1420 at i/o-address 0x3e0 and irq 11 tried that with [root@... root]# modprobe i82365 i365_base=0x3e0 cs_irq=11 resulted in: /lib/modules/2.4.18-8.2mdk/kernel/drivers/pcmcia/i82365.o.gz: init_module: No such device The pcmcia worked before i updated the kernel. Based on the error msg, I would say that when you did the 'make modules' part of the kernel compile, you were missing the particular module source that you need. Therefore, no such module was compiled/created. -- Dave Sherman Do not meddle in the affairs of dragons, MCSE, MCSA, CCNA for you are crunchy, and good with ketchup. signature.asc Description: This is a digitally signed message part
Re: [expert] PCMCIA: Texas Instruments PCI1420 not working after kernel-update
t_gecks wrote: configuration: Mandrake 8.1 lspci: ... 00:04.0 CardBus bridge: Texas Instruments PCI1420 00:04.1 CardBus bridge: Texas Instruments PCI1420 ... Windows says: PCI1420 at i/o-address 0x3e0 and irq 11 tried that with [root@... root]# modprobe i82365 i365_base=0x3e0 cs_irq=11 resulted in: /lib/modules/2.4.18-8.2mdk/kernel/drivers/pcmcia/i82365.o.gz: init_module: No such device The pcmcia worked before i updated the kernel. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com You are lucky _ANYTHING_ works after updating the kernel. You do not update kernels. If you have an updated kernel, you INSTALL it. Afterward you have the choice in LILO of booting either kernel. If you use update instead you have the new kernel with the old kernel modules, a definite mismatch when trying to load modules. Hmmm, you did not say your version but I know we had changed numbering schemes in 8.2 so the automated tools would not update kernels and our advisories which accompany such updates clearly states not to update. Civileme Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] 9.0's kernel?
Todd Lyons wrote: Damian G wrote on Fri, Jul 26, 2002 at 08:42:24PM -0300 : does anybody know if the final 9.0 release will include a preemptible kernel? i've heard great things about the pre-emptible patch for linux ... and i'm still I don't know for certain that it will or will not, but I just looked through the current Cooker kernel and I did not see the preemptible patch applied. You do realize that using this patch pretty much prevents the machine from being used as a high capacity server. It allow the kernel to be pulled away from unimportant things to take care of really important things like your desktop. Hardly an acceptable compromise on a server. This is totally untrue. In fact the preemptive kernel has been added to the 2.5 series and will be in 2.6 because it results in better preformance and lower latency. Much of userspace is spent in kernel space getting IO done. A preemptive kernel allows any process to be interrupted even while in the kernel. For example, when X needs to draw some stuff to the video card, that is done at a lower level in the kernel. A non-premptive kernel would not be able to interupt the process while it was in kernel space. The preeptive kernel can. Example of fully premptive kernel: Solaris, among many others Some more stuff to read: http://www.linuxjournal.com/article.php?sid=5833 - kernel locking http://vig.pearsoned.com/samplechapter/0130224960.pdf - Sample chapter on Solaris Kernel internals http://www.tech9.net/rml/linux/ - more links of how linux preemptive kernel works -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Quota on XFS problems
Don't use a secure kernel. The secure kernel does not give out quota information to users. gikoreno wrote: Hello everyone, This is a repost from the newbie list, so sorry about that, I haven't had a reply yet. I am running LM 8.2, and all my partitions are XFS. I am also running the system with msec level 5. The machine's Kernel is : kernel-secure-2.4.18.8 Today I setup quotas for my users. I added the lines that were needed in fstab, and the quotas are being enforced. For some reason it only works certain times... edquota opens up an editor, in which I make the changes and then save and quit. Is there a better way of doing this? One that works every time? am I missing a step? My problem is that I would like my users to know what their current quota is, and for some reason typing quota doesn't work (the users for which I tried this command do have quota enforced). If a user types quota, they get something like: Disk quotas for user XXX(uid ): none If they type quota -v they get something like: Disk quotas for user XXX (uid ): Filesystem blocks quota limit grace files quota limit grace /dev/hda5 0 0 0 0 0 0 /dev/hdc7 0 0 0 0 0 0 Yet, if I check their quota as root, I get the accurate values. In other words, the quota command works as expected only if I am running it as root. I am guessing it might be that quota can't read something that contains the quota info when it is run as a user. What else could it be? What should I try? I read the XFS info about the quota system on SGI's site (and in the docs), but they all seem to imply that it should be possible to run the quota command as a user and get the proper result. An edquota is supposed to work every time... My third and last question is that I would like the quota info to be displayed for each user when they log on through ssh. How do I make that happen? Thanks in advance! gikoreno *Join Excite! - http://www.excite.com http://www.excite.com/?PG=EmailSEC=Signature* The most personalized portal on the Web! -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
James Sparenberg wrote on Mon, Jul 29, 2002 at 08:50:24PM -0700 : On the subject of Crackers. Note this IP block owned by ATT 12.234.0.0/24 If been getting hit heavily from there by a number You're making the assumption that those boxes are actually owned by ATT. In reality it's probably a customer of ATT. Or even worse, a customer or a customer of ATT. Let me put it in another perspective. ATT is selling to NSP which is selling a portion of that to ISP. One of the customers of ISP is who actually owns the box. That person is 3 layers removed from ATT. So if you call ATT to tell them about it, they won't talk to you because YOU are not a customer and THEY are not a direct customer. Best thing they'll do is block the /24 of that non-direct customer and that will only be if that non-direct customer's traffic is6 causing problems for their routers. Second best thing that'll happen is that they'll actually tell NSP get your customer to fix their crap. Most likely is they'll tell you where to go (and it's hot there). Blue skies... Todd -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.0-0.2mdk Kernel 2.4.18-21mdk msg56604/pgp0.pgp Description: PGP signature
Re: [expert] Unmountable Samba mounts and other oddities
Thanks for the input James. I've actually tried some of the stuff that you mentioned. When I experience the problem, the CPU isn't being taxed in any way. Also, the mount point for the share is not removed and cannot be removed because the system thinks that the directory is already mounted (busy). Restarting Samba doesn't change this status at all. As I said earlier, it most likely is not a Samba problem. It seemed to be more of a problem in the kernel, as that is where I expect filesystem mounting is tracked, etc. Rob James Sparenberg wrote: this is neither a fix or a reason. But it might enable you to fix the situation without a reboot. It sounds like what happened was that samba was desperately trying to access a non-existent share and took up all of your CPU cycles, thereby fuzzing up your DHCPD. What I would do is. 1. touch or otherwise recreate the share/directory that was removed so that samba can find something. 2. Umount the share 3. remove it from being automounted if that is being done. 4. restart Samba 5. Make sure it didn't try and remount it again. 6. Remove the share/directory from the other box. This isn't a fix but a work around for keeping your system running. Then I'd go to the Samba site and report this as a bug with as much detail as you have provided here. (Maybe include Samba version etc.) It's definitely not catching an error and putting itself into a loop of some kind. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
Rob Gillen wrote on Sun, Jul 28, 2002 at 11:09:16PM -0400 : Some of you might already be familiar with the strange way that Linux will often disallow umount-ing or listing directory contents of a mounted smb share, returning the error text, Input/output error. I believe this error happens when a smb share is mounted, then that remote share is removed. This is a seriously annoying problem, because restarting Samba does not solve the problem, nor does changing runlevels. Which is why I think it may be a kernel-level problem. I have tried changing the runlevel to [S]ingle level user, which is running pretty much nothing save kernel processes and a simple shell. At this level, a 'mount' command still shows the shares to be mounted, and also at this level it is still impossible to umount them. The only umount -f solution that I have found so far is rebooting, which I think is an unacceptable way to handle such a problem. Yes, it is a kernel issue. mount is something that is done by the kernel, but calling it a problem doesn't seem right. It is a design decision, not a problem. It HAS to be in the kernel because of the way that mounts are treated by Linux. Now the interesting part. During the time that I could not remove the unmountable mounted smb shares, the dhcpd daemon also seemed to start malfunctioning. On the Mandrake box, everything seemed fine (that is, I restarted the dhcpd daemon which had no complaints during the restart). But none of the other machines that get served on the network from it were getting addresses. Unfortunately, I wasn't able to sniff packets, so I don't know what kind of communication (or lack thereof) was occurring. It was a frustrating exercise trying to figure out why my other boxes were not getting addresses. Strangely enough, when I rebooted the Mandrake box again, everything worked as normal -- the other boxes got their IP addresses fine. Read /var/log/messages. dhcpd may have started properly, but I'll bet that it didn't stay running for whatever reason. I don't know for sure if the dhcpd thing was related to the smb mount problem, but I'll try to repeat the problem and see if it recurs. If anybody has seen the same problem or something similar, I would appreciate it if you could share how you resolved it. I doubt it too, but I'm interested to see what /var/log/messages says about it. Also, did you do a 'netstat -lnp' to see if dhcpd was actually bound to a port and listening? Blue skies... Todd -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.0-0.2mdk Kernel 2.4.18-21mdk msg56606/pgp0.pgp Description: PGP signature
Re: [expert] 9.0's kernel?
Todd Lyons wrote: Bryan Whitehead wrote on Mon, Jul 29, 2002 at 11:51:27AM -0700 : You do realize that using this patch pretty much prevents the machine from being used as a high capacity server. It allow the kernel to be This is totally untrue. In fact the preemptive kernel has been added to the 2.5 series and will be in 2.6 because it results in better preformance and lower latency. Much of userspace is spent in kernel space getting IO done. A preemptive kernel allows any process to be interrupted even while in the kernel. For example, when X needs to draw some stuff to the video card, that is done at a lower level in the kernel. A non-premptive kernel would not be able to interupt the process while it was in kernel space. The preeptive kernel can. How is interrupting I/O to redraw the desktop a benefit in performacne? The thing is, the IO your interrupting IS the desktop redrawing itself, when a higher priority task needs the CPU, like nfs, apache, or a database, the IO from the desktop can be interupted to handle something else at a higher priority. When any userspace program, wether it's X, xmms, apache, oracle, or anything makes a call to a kernel level routine, the CPU that the routine is running on is tied up till the routine is done. Even if it's just doing nothing - or it's doing something that will take a long time. As the plain vanilla kernel is now, it's only prempting a process when it's running in userspace. So when a process is running in kernel space it has exclusive rights to the entire machine - it cannot be interupted. Even when a high priority task needs todo something. The side effect of course is everything feels smooth and snappy because IO that is 100times slower than RAM and the CPU gets interupted todo something else instead of just waiting for data. So overall the system will be faster for all processes combined. If your desktop apps are running at the same priority as your services (such as apache or nfs) then your desktop apps will be able to intrupt your services more offen than before - as before they'd only be able to interupt in userspace. But if your services have a higher priority than your desktop then you should have better preformance. In perceived performance, yes. In raw I/O? I don't see it. I do trust your opinion though Bryan, I would just like a little clarification. I will go read those URL's. Raw IO does increase. It's just your desktop (actually the schedular) is allowed to interupt more offen. Setting priorities on processes is very important in a preemptive kernel to make sure low priority process don't get to interupt. The schedular will not interupt a process for a lower priority task in kernel, or userspace! (before a premptive kernel - interupting in kernel space was just a dream) The best explination is the links tho... the best being on http://www.tech9.net/rml/linux/ Of couse searching on goolge is good also. ;) Some more stuff to read: http://www.linuxjournal.com/article.php?sid=5833 - kernel locking http://vig.pearsoned.com/samplechapter/0130224960.pdf - Sample chapter on Solaris Kernel internals http://www.tech9.net/rml/linux/ - more links of how linux preemptive kernel works Looks like interesting reading. Blue skies... Todd -- Bryan Whitehead SysAdmin - JPL - Interferometry Systems and Technology Phone: 818 354 2903 [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
can you reboot to run level 1? ie.; at lilo first prompt, type linux 1
without the quotes? and try the same thing? or post the output from ps aux |
grep sm or try a kill -9 {pidofwhatevercomesup} from theprevious command :
ps aux | grep sm without the quotes and without { }.
On Monday 29 July 2002 05:42 pm, you wrote:
Thanks for the advice. Unfortunately, the thing is that when I drop down
to runlevel 1, pretty much everything is killed off except kernel-level
processes. At that point, both Samba daemons, smbd and nmbd, are not
running (checked using ps). If I try to do a 'ls' on the mounted
directory, I get an Input/output error. If I try to umount it, I get a
(I believe) Device busy error, which means that I will not be able to
unmount it. If I try to use fuser to see what is holding it up, I get
another error. Basically, I have no way of dealing with the mount once I
get the Input/output error. Below is the script output of a few commands
in runlevel 1 to demonstrate what I am talking about.
---
--- bash-2.05# ps -efl
F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD
100 S root 1 0 0 68 0 - 356 do_sel Jul15 ? 00:00:03 init
040 S root 2 1 0 69 0 - 0 contex Jul15 ? 00:00:03 [keventd]
040 S root 3 1 0 69 0 - 0 apm_ma Jul15 ? 00:00:00 [kapmd]
040 S root 4 0 0 79 19 - 0 ksofti Jul15 ? 00:00:01 [ksoftirqd_CPU0]
040 S root 5 0 0 69 0 - 0 kswapd Jul15 ? 00:01:14 [kswapd]
040 S root 6 0 0 69 0 - 0 bdflus Jul15 ? 00:00:00 [bdflush]
040 S root 7 0 0 69 0 - 0 kupdat Jul15 ? 00:00:00 [kupdated]
040 S root 8 1 0 59 -20 - 0 md_thr Jul15 ? 00:00:00 [mdrecoveryd]
040 S root 14 1 0 69 0 - 0 down_i Jul15 ? 00:00:00 [scsi_eh_0]
040 S root 17 1 0 69 0 - 0 end Jul15 ? 00:00:01 [kjournald]
040 S root 247 1 0 69 0 - 0 end Jul15 ? 00:00:00 [kjournald]
040 S root 250 1 0 69 0 - 0 end Jul15 ? 00:00:00 [kjournald]
040 S root 251 1 0 69 0 - 0 end Jul15 ? 00:00:01 [kjournald]
040 S root 252 1 0 69 0 - 0 end Jul15 ? 00:00:04 [kjournald]
040 S root 253 1 0 69 0 - 0 end Jul15 ? 00:00:03 [kjournald]
040 S root 4369 1 0 69 0 - 356 wait4 17:01 tty1 00:00:00 init
000 S root 4370 4369 0 69 0 - 579 wait4 17:01 tty1 00:00:00 /bin/sh
100 S root 4389 4370 0 72 0 - 348 read_c 17:05 tty1 00:00:00 script -f
/pub/rlev1.txt
040 S root 4390 4389 0 73 0 - 350 read_c 17:05 tty1 00:00:00 script -f
/pub/rlev1.txt
000 S root 4391 4390 0 75 0 - 575 wait4 17:05 pts/0 00:00:00 bash -i
000 R root 4393 4391 0 76 0 - 770 - 17:05 pts/0 00:00:00 ps -efl
bash-2.05# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
bash-2.05# mount
/dev/hda1 on / type ext3 (rw)
none on /proc type proc (rw)
none on /dev type devfs (rw)
none on /dev/pts type devpts (rw,mode=0620)
none on /dev/shm type tmpfs (rw)
/dev/hda8 on /home type ext3 (rw)
/mnt/cdrom on /mnt/cdrom type supermount
(ro,dev=/dev/hdc,fs=iso9660,--,iocharset=iso8859-1)
/mnt/floppy on /mnt/floppy type supermount
(rw,sync,dev=/dev/fd0,fs=vfat,--,iocharset=iso8859-1,codepage=850)
/mnt/zip on /mnt/zip type supermount
(rw,sync,dev=/dev/sdb4,fs=vfat,--,iocharset=iso8859-1,codepage=850)
/dev/sda5 on /opt type ext3 (rw)
/dev/hdb1 on /pub type ext3 (rw)
/dev/hda6 on /usr type ext3 (rw)
/dev/hda7 on /var type ext3 (rw)
none on /proc/bus/usb type usbdevfs (rw,devmode=0664,devgid=43)
//RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0)
bash-2.05# umount /home/borgille/mnt/RGILLEN/shared
umount: /home/borgille/mnt/RGILLEN/shared: device is busy
bash-2.05# ls /home/borgille/mnt/RGILLEN/shared
ls: /home/borgille/mnt/RGILLEN/shared: Input/output error
bash-2.05# touch /home/borgille/mnt/RGILLEN/shared
touch: setting times of `/home/borgille/mnt/RGILLEN/shared':
Input/output error
---
Note that I did this on my Mandrake box at work (I was experiencing the
problem at home). To reproduce the problem, I first used smbmount to
mount a share on a Win2K box. Then, I disabled the network connection in
the Windows control panel on the machine that had the share. At this
point, any shells on the Mandrake box that try to do anything
interactive with the mounts lock up. After closing what I can, I
telinit'd down to runlevel 1 (from 5), which is where I ran the commands
that you see above. You'll notice that none of the Samba daemons are
running (nor could they without the network running). Even after I
return to runlevel 5 and restart the networking on the Win2K box, I
cannot umount the share. I can do nothing with it. At this point, the
only way to remove the mount (that I know of) is to reboot the machine.
This is the main reason that I suggested that it might be a kernel-level
problem -- the kernel, which controls
Re: [expert] 9.0's kernel?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 29 July 2002 1:51 pm, Bryan Whitehead wrote: while it was in kernel space. The preeptive kernel can. Example of fully premptive kernel: Solaris, among many others Some more stuff to read: http://www.linuxjournal.com/article.php?sid=5833 - kernel locking http://vig.pearsoned.com/samplechapter/0130224960.pdf - Sample chapter on Solaris Kernel internals http://www.tech9.net/rml/linux/ - more links of how linux preemptive kernel works Thank you, Bryan. I will use this information and create a preemptive kernel on my system to experience the difference. - -- - Altoine B Maximum Time Unlimited Chicago Based and Operated http://pgp.mit.edu - The only really masterful noise a man makes in a house is the noise of his key, when he is still on the landing, fumbling for the lock. -- Colette - 2.4.18-21mdk Mandrake Linux release 9.0 (Cooker) for i586 - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9RcESxjybQmhmUgYRAnz/AJ4sJCSoBt6XmlQVgJiPmCgrVCiDrwCgpKCz 0/oDrAd/o3KUgLtAxf7rQUk= =KJst -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
I have this problem all the time: 'umount /mount/point -l' should do the trick. -Jason (And once again, my first post on the topic was dropped... grr...) On Monday 29 July 2002 05:42 pm, Rob Gillen wrote: Thanks for the advice. Unfortunately, the thing is that when I drop down to runlevel 1, pretty much everything is killed off except kernel-level processes. = Did any of them kids have some space alien with a face like a friendly turd in a bike basket? -- (Terry Pratchett Neil Gaiman, Good Omens) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Local DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am having a hard time with a concept. I want my internal network to have a domain (which I plan on registering at a later date). I have another domain registered with namezero. I want to have a url for each of my internal computers like host.domain.com. Whether it be internal or external. I just don't know how to do this. I don't really know where to start. Am I to transfer my existing domain to my network server? What am I to do? Sincerely, Lost in the Web - -- - Altoine B Maximum Time Unlimited Chicago Based and Operated http://pgp.mit.edu - In war it is not men, but the man who counts. -- Napoleon - 2.4.18-21mdk Mandrake Linux release 9.0 (Cooker) for i586 - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9RcQgxjybQmhmUgYRAoyWAJ9uXbgT0fySdr8aB7Iaa300msEsNgCdF+8b FG7o4jt/MstlJlDJ4F2fHsA= =WLbg -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Mon, 29 Jul 2002 13:20:52 -0700 Todd Lyons [EMAIL PROTECTED] wrote: James Sparenberg wrote on Mon, Jul 29, 2002 at 08:50:24PM -0700 : On the subject of Crackers. Note this IP block owned by ATT 12.234.0.0/24 If been getting hit heavily from there by a number You're making the assumption that those boxes are actually owned by ATT. In reality it's probably a customer of ATT. Or even worse, a customer or a customer of ATT. Let me put it in another perspective. ATT is selling to NSP which is selling a portion of that to ISP. One of the customers of ISP is who actually owns the box. That person is 3 layers removed from ATT. So if you call ATT to tell them about it, they won't talk to you because YOU are not a customer and THEY are not a direct customer. Best thing they'll do is block the /24 of that non-direct customer and that will only be if that non-direct customer's traffic is6 causing problems for their routers. Second best thing that'll happen is that they'll actually tell NSP get your customer to fix their crap. Most likely is they'll tell you where to go (and it's hot there). Blue skies... Todd Actually in many ways I was hopping that the user agreement I had shoved at me recently had some teeth. One of the things that is says you can get your service suspended for is having a box that is infected and or attempting to infect whether manually or on it's on other boxes on the network (paraphrased but the idea is the same as the legalise. The warning is place here because it is such a large number of boxes that were hitting mine it wasn't funny and once I block one box... another takes over. It's moved now from 12.234 to 12.253... *sigh* Can't block 12... I'm on that subnet!! James -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.0-0.2mdk Kernel 2.4.18-21mdk Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] PHP vs MYSQL
On Sunday 28 July 2002 07:36 am, Ric Tibbetts wrote: Well, I guess it had to happen. If you hang around this stuff long enough, eventually you're going to need a database. I know, this may be a really subjective question, but what's the comparison between php mysql? Is one better/worse, easier/harder than the other? Or are they just different? Does one have strengths/weaknesses over/under the other? Or are they both good, but designed to do two different jobs? This is probably all documented somewhere. Maybe some kind soul could point me at a site somewhere, and I could just study all this myself. ;) Thanks! As always, any pointers are greatly appreciated. Ric Ric, MySql is the database and PHP is a scripting language used to access it. If you want to use MySql as a backend and have a frontend GUI that is easy to use try KNODA. Knoda works very much like M$ Access using visual tables, forms, reports and queries. It can be found here: http://hk-classes.sourceforge.net and http://knoda.sourceforge.net -- Ken Thompson, North West Antique Autos Payette, Idaho Email: [EMAIL PROTECTED] http://www.nwaa.com Office Phone: 208-642-0785 Cell Phone: 208-642-0223 Sales and brokering of antique autos and parts. Linux- Coming Soon To A Desktop Near You Registered Linux User #183936 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Can't get phpgroupware working
Hello world! I just untar and run http://127.0.0.1/phpgroupware/setup/index.php to create a header.inc.php file. As explained in installation doc, I did (as postgres user): /usr/bin/createdb phpgroupware /usr/bin/createuser phpgwuser --pwprompt So far so good, but it seems to work with phpgroupware itself (I can re-setup header.inc.php from web interface) but I cannot connect to postgresql database when I try to login. Error is: Warning: Unable to connect to PostgreSQL server: FATAL 1: No pg_hba.conf entry for host 127.0.0.1, user phpgwuser, database phpgroupware in /var/www/html/phpgroupware/phpgwapi/inc/class.db_pgsql.inc.php on line 89 I know user is ok because I connect from command line with: psql phpgroupware phpgwuser Also, I know postgresql is listening to TCP/IP (it is configured so) as long as phpPgAdmin works ok. I'm suspecting that file pg_hba.conf might be the culprit as I put access restriction to local all trust (I couldn't make it work rigth with another config). I'm going nuts with all this and moreover Google does not want to be my friend on this subject (I can't get a similar case solved to have a hint :-(( Thanx in advance!!! ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://es.messenger.yahoo.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
This worked the first time that I tried it, but there are cases when it does not work. For example, if after mounting a Windows share the connection gets broken, the mount will not work, and you might see things like command-line lockups during directory listings, etc. At this point, I believe you can successfully use a umount -l to unmount it. When I tried it, the mount was not immediately removed from the list of mounted filesystems via the mount command. I probably moved too fast trying to figure out what was going on, because I shot back to runlevel 1 (from 5), and it is from there that I noticed that the mount point was no longer listed with the mount command. Now, if instead of immediately using umount -l after the network connection is broken you decide to restart the Samba server daemons, then you will be unable to use the mount -l command. Here is a script output of what I see when I try this (runlevel 1 after Samba restart): - bash-2.05# mount /dev/hda1 on / type ext3 (rw) none on /proc type proc (rw) none on /dev type devfs (rw) none on /dev/pts type devpts (rw,mode=0620) none on /dev/shm type tmpfs (rw) /dev/hda8 on /home type ext3 (rw) /mnt/cdrom on /mnt/cdrom type supermount (ro,dev=/dev/hdc,fs=iso9660,--,iocharset=iso8859-1) /mnt/floppy on /mnt/floppy type supermount (rw,sync,dev=/dev/fd0,fs=vfat,--,iocharset=iso8859-1,codepage=850) /mnt/zip on /mnt/zip type supermount (rw,sync,dev=/dev/sdb4,fs=vfat,--,iocharset=iso8859-1,codepage=850) /dev/sda5 on /opt type ext3 (rw) /dev/hdb1 on /pub type ext3 (rw) /dev/hda6 on /usr type ext3 (rw) /dev/hda7 on /var type ext3 (rw) none on /proc/bus/usb type usbdevfs (rw,devmode=0664,devgid=43) //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) bash-2.05# umount /home/borgille/mnt/RGILLEN/share umount: /home/borgille/mnt/RGILLEN/share: not found bash-2.05# umount -l /home/borgille/mnt/RGILLEN/share umount: /home/borgille/mnt/RGILLEN/share: not found - One note here that may not be evident is that the mount point did exist. ROB PlugHead wrote: I have this problem all the time: 'umount /mount/point -l' should do the trick. -Jason (And once again, my first post on the topic was dropped... grr...) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
Jason, Not to seem dense. (I really do try not to.) is that a -1 (one) or a -l (ell). Second where did you find this out? It's seems to be a neat way to umount a stuck mount, I'd like to read more. James On Mon, 29 Jul 2002 18:44:08 -0400 PlugHead [EMAIL PROTECTED] wrote: I have this problem all the time: 'umount /mount/point -l' should do the trick. -Jason (And once again, my first post on the topic was dropped... grr...) On Monday 29 July 2002 05:42 pm, Rob Gillen wrote: Thanks for the advice. Unfortunately, the thing is that when I drop down to runlevel 1, pretty much everything is killed off except kernel-level processes. = Did any of them kids have some space alien with a face like a friendly turd in a bike basket? -- (Terry Pratchett Neil Gaiman, Good Omens) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
Rob Gillen wrote on Mon, Jul 29, 2002 at 05:42:12PM -0400 : Thanks for the advice. Unfortunately, the thing is that when I drop down to runlevel 1, pretty much everything is killed off except kernel-level processes. At that point, both Samba daemons, smbd and nmbd, are not running (checked using ps). If I try to do a 'ls' on the mounted directory, I get an Input/output error. If I try to umount it, I get a Doesn't matter if smbd is running. This is a MOUNT. It is handled directly by the kernel for outbound samba requests for accessing a remote Samba or NT or Windows share. smbd is a program that runs in userland that provides a service for inbound samba requests where the program LOOKS like an NT server. (I believe) Device busy error, which means that I will not be able to unmount it. If I try to use fuser to see what is holding it up, I get //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) umount -f /home/borgille/mnt/RGILLEN/shared Blue skies... Todd -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.0-0.2mdk Kernel 2.4.18-21mdk msg56617/pgp0.pgp Description: PGP signature
[expert] supermount problem?
I am running 8.2 with the cooker kernel. With the old kernel, I had no problems accessing cd's but now I get Stale NFS file handle when I try to ls under the cdrom directory. Is this a known bug? Is there a known fix? Darren Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] 9.0's kernel?
Bryan Whitehead wrote on Mon, Jul 29, 2002 at 11:51:27AM -0700 : You do realize that using this patch pretty much prevents the machine from being used as a high capacity server. It allow the kernel to be This is totally untrue. In fact the preemptive kernel has been added to the 2.5 series and will be in 2.6 because it results in better preformance and lower latency. Much of userspace is spent in kernel space getting IO done. A preemptive kernel allows any process to be interrupted even while in the kernel. For example, when X needs to draw some stuff to the video card, that is done at a lower level in the kernel. A non-premptive kernel would not be able to interupt the process while it was in kernel space. The preeptive kernel can. How is interrupting I/O to redraw the desktop a benefit in performacne? In perceived performance, yes. In raw I/O? I don't see it. I do trust your opinion though Bryan, I would just like a little clarification. I will go read those URL's. Some more stuff to read: http://www.linuxjournal.com/article.php?sid=5833 - kernel locking http://vig.pearsoned.com/samplechapter/0130224960.pdf - Sample chapter on Solaris Kernel internals http://www.tech9.net/rml/linux/ - more links of how linux preemptive kernel works Looks like interesting reading. Blue skies... Todd -- Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/ UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn Cooker Version mandrake-release-9.0-0.2mdk Kernel 2.4.18-21mdk msg56619/pgp0.pgp Description: PGP signature
Re: [expert] Hack attack or not?
On Tue, 30 Jul 2002 16:06:02 -0700 James Sparenberg [EMAIL PROTECTED] wrote: On Mon, 29 Jul 2002 13:20:52 -0700 Todd Lyons [EMAIL PROTECTED] wrote: James Sparenberg wrote on Mon, Jul 29, 2002 at 08:50:24PM -0700: On the subject of Crackers. Note this IP block owned by ATT 12.234.0.0/24 If been getting hit heavily from there by a number Ok Found out what it is. New WinIIS virus called code blue and it's re-spreading like wildfire ( at least in the realm of ATT customers). Starts out checking the class C then the class B then the class A of it's own subnet. Won't affect anyone using *nix but it seems to already be taking down a number of University networks. In fact it seems to be able to install itself using a hole in the WinIIS server. *sigh*... Note to if you follow this link it seems that it has spread through ATT before. http://cert.uni-stuttgart.de/archive/incidents/2001/09/msg00157.html James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
I imagine you wanted to grep the output of ps to find the smbd server,
but at runlevel 1 nothing is really running (by default). I get pretty
much the same thing from ps when I have the problem and when I do not.
The first listing is with the problem (telinit 1 first). The second
listing is after a reboot into runlevel 1:
---
bash-2.05# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1424 380 ?SJul15 0:03 init
root 2 0.0 0.0 00 ?SW Jul15 0:03 [keventd]
root 3 0.0 0.0 00 ?SW Jul15 0:00 [kapmd]
root 4 0.0 0.0 00 ?SWN Jul15 0:01
[ksoftirqd_CPU0]
root 5 0.0 0.0 00 ?SW Jul15 1:14 [kswapd]
root 6 0.0 0.0 00 ?SW Jul15 0:00 [bdflush]
root 7 0.0 0.0 00 ?SW Jul15 0:00 [kupdated]
root 8 0.0 0.0 00 ?SW Jul15 0:00
[mdrecoveryd]
root14 0.0 0.0 00 ?SW Jul15 0:00 [scsi_eh_0]
root17 0.0 0.0 00 ?SW Jul15 0:01 [kjournald]
root 247 0.0 0.0 00 ?SW Jul15 0:00 [kjournald]
root 250 0.0 0.0 00 ?SW Jul15 0:00 [kjournald]
root 251 0.0 0.0 00 ?SW Jul15 0:01 [kjournald]
root 252 0.0 0.0 00 ?SW Jul15 0:04 [kjournald]
root 253 0.0 0.0 00 ?SW Jul15 0:03 [kjournald]
root 8844 0.0 0.1 1424 404 tty1 S18:28 0:00 init
root 8845 0.0 0.4 2312 1212 tty1 S18:28 0:00 /bin/sh
root 8846 0.0 0.1 1392 456 tty1 S18:29 0:00 script -f
/pub/rl
root 8847 0.2 0.1 1400 500 tty1 S18:29 0:00 script -f
/pub/rl
root 8848 0.5 0.4 2296 1160 pts/0S18:29 0:00 bash -i
root 8849 0.0 0.2 2620 696 pts/0R18:29 0:00 ps aux
---
bash-2.05# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 5.0 0.1 1412 508 ?S18:53 0:03 init
root 2 0.0 0.0 00 ?SW 18:53 0:00 [keventd]
root 3 0.0 0.0 00 ?SW 18:53 0:00 [kapmd]
root 4 0.0 0.0 00 ?SWN 18:53 0:00
[ksoftirqd_CPU0]
root 5 0.0 0.0 00 ?SW 18:53 0:00 [kswapd]
root 6 0.0 0.0 00 ?SW 18:53 0:00 [bdflush]
root 7 0.0 0.0 00 ?SW 18:53 0:00 [kupdated]
root 8 0.0 0.0 00 ?SW 18:53 0:00
[mdrecoveryd]
root14 0.0 0.0 00 ?SW 18:53 0:00 [scsi_eh_0]
root17 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 242 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 245 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 246 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 247 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 248 0.0 0.0 00 ?SW 18:53 0:00 [kjournald]
root 575 0.0 0.1 1412 508 tty1 S18:53 0:00 init
root 576 0.1 0.4 2312 1208 tty1 S18:53 0:00 /bin/sh
root 577 0.0 0.1 1392 456 tty1 S18:54 0:00 script
/pub/rlev1
root 578 0.0 0.1 1400 500 tty1 S18:54 0:00 script
/pub/rlev1
root 579 0.2 0.4 2296 1160 pts/0S18:54 0:00 bash -i
root 580 0.0 0.2 2620 696 pts/0R18:54 0:00 ps aux
---
They are identical for all intents and purposes.
et wrote:
can you reboot to run level 1? ie.; at lilo first prompt, type linux 1
without the quotes? and try the same thing? or post the output from ps aux |
grep sm or try a kill -9 {pidofwhatevercomesup} from theprevious command :
ps aux | grep sm without the quotes and without { }.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
[expert] Re: drakconf Mandrake 8.2
On Fri Jul 26, 2002 at 01:39:20PM +0200, Info wrote:
After upgrading to mdk 8.2 i got diffrent problems.
1) drakconf
[root@dani root]# drakconf
Undefined subroutine Gtk::Object::new called at /usr/X11R6/bin/drakconf.real
line 60
[root@dani root]#
Have you upgraded to the latest drakxtools in updates?
2) rpmdrake if i try to ad sources (i think its an urpmi prob)
[root@dani root]# urpmi
rpmtools object version 4.2 does not match bootstrap parameter 2.3 at
/usr/lib/perl5/5.6.1/i386-linux/DynaLoader.pm line 225.
Compilation failed in require at /usr/lib/perl5/site_perl/5.6.1/urpm.pm line
95.
BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.6.1/urpm.pm
line 95.
Compilation failed in require at /usr/sbin/urpmi line 20.
BEGIN failed--compilation aborted at /usr/sbin/urpmi line 20.
[root@dani root]#
I'm not sure what this one is; I've never seen this error before.
Actually, taking a quick look, do you have the rpmtools package
installed? What does rpm -q rpmtools give you? It looks like
you're missing that package.
Please give me a quick hint/help whats wrong
Processor: Pentium III (Katmai) 551MHz
Kernel: 2.4.17
XFree86 Version: 4.2.0 X resolution: 1024x768
running kde3 and kde 2.1/2x
greetz from austria
--
MandrakeSoft Security; http://www.mandrakesecure.net/
lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import
{GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg56622/pgp0.pgp
Description: PGP signature
Re: [expert] Unmountable Samba mounts and other oddities
Thanks for the advice. Unfortunately, the thing is that when I drop down to runlevel 1, pretty much everything is killed off except kernel-level processes. At that point, both Samba daemons, smbd and nmbd, are not running (checked using ps). If I try to do a 'ls' on the mounted directory, I get an Input/output error. If I try to umount it, I get a (I believe) Device busy error, which means that I will not be able to unmount it. If I try to use fuser to see what is holding it up, I get another error. Basically, I have no way of dealing with the mount once I get the Input/output error. Below is the script output of a few commands in runlevel 1 to demonstrate what I am talking about. -- bash-2.05# ps -efl F S UID PID PPID C PRI NI ADDR SZ WCHAN STIME TTY TIME CMD 100 S root 1 0 0 68 0 - 356 do_sel Jul15 ? 00:00:03 init 040 S root 2 1 0 69 0 - 0 contex Jul15 ? 00:00:03 [keventd] 040 S root 3 1 0 69 0 - 0 apm_ma Jul15 ? 00:00:00 [kapmd] 040 S root 4 0 0 79 19 - 0 ksofti Jul15 ? 00:00:01 [ksoftirqd_CPU0] 040 S root 5 0 0 69 0 - 0 kswapd Jul15 ? 00:01:14 [kswapd] 040 S root 6 0 0 69 0 - 0 bdflus Jul15 ? 00:00:00 [bdflush] 040 S root 7 0 0 69 0 - 0 kupdat Jul15 ? 00:00:00 [kupdated] 040 S root 8 1 0 59 -20 - 0 md_thr Jul15 ? 00:00:00 [mdrecoveryd] 040 S root 14 1 0 69 0 - 0 down_i Jul15 ? 00:00:00 [scsi_eh_0] 040 S root 17 1 0 69 0 - 0 end Jul15 ? 00:00:01 [kjournald] 040 S root 247 1 0 69 0 - 0 end Jul15 ? 00:00:00 [kjournald] 040 S root 250 1 0 69 0 - 0 end Jul15 ? 00:00:00 [kjournald] 040 S root 251 1 0 69 0 - 0 end Jul15 ? 00:00:01 [kjournald] 040 S root 252 1 0 69 0 - 0 end Jul15 ? 00:00:04 [kjournald] 040 S root 253 1 0 69 0 - 0 end Jul15 ? 00:00:03 [kjournald] 040 S root 4369 1 0 69 0 - 356 wait4 17:01 tty1 00:00:00 init 000 S root 4370 4369 0 69 0 - 579 wait4 17:01 tty1 00:00:00 /bin/sh 100 S root 4389 4370 0 72 0 - 348 read_c 17:05 tty1 00:00:00 script -f /pub/rlev1.txt 040 S root 4390 4389 0 73 0 - 350 read_c 17:05 tty1 00:00:00 script -f /pub/rlev1.txt 000 S root 4391 4390 0 75 0 - 575 wait4 17:05 pts/0 00:00:00 bash -i 000 R root 4393 4391 0 76 0 - 770 - 17:05 pts/0 00:00:00 ps -efl bash-2.05# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path bash-2.05# mount /dev/hda1 on / type ext3 (rw) none on /proc type proc (rw) none on /dev type devfs (rw) none on /dev/pts type devpts (rw,mode=0620) none on /dev/shm type tmpfs (rw) /dev/hda8 on /home type ext3 (rw) /mnt/cdrom on /mnt/cdrom type supermount (ro,dev=/dev/hdc,fs=iso9660,--,iocharset=iso8859-1) /mnt/floppy on /mnt/floppy type supermount (rw,sync,dev=/dev/fd0,fs=vfat,--,iocharset=iso8859-1,codepage=850) /mnt/zip on /mnt/zip type supermount (rw,sync,dev=/dev/sdb4,fs=vfat,--,iocharset=iso8859-1,codepage=850) /dev/sda5 on /opt type ext3 (rw) /dev/hdb1 on /pub type ext3 (rw) /dev/hda6 on /usr type ext3 (rw) /dev/hda7 on /var type ext3 (rw) none on /proc/bus/usb type usbdevfs (rw,devmode=0664,devgid=43) //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) bash-2.05# umount /home/borgille/mnt/RGILLEN/shared umount: /home/borgille/mnt/RGILLEN/shared: device is busy bash-2.05# ls /home/borgille/mnt/RGILLEN/shared ls: /home/borgille/mnt/RGILLEN/shared: Input/output error bash-2.05# touch /home/borgille/mnt/RGILLEN/shared touch: setting times of `/home/borgille/mnt/RGILLEN/shared': Input/output error --- Note that I did this on my Mandrake box at work (I was experiencing the problem at home). To reproduce the problem, I first used smbmount to mount a share on a Win2K box. Then, I disabled the network connection in the Windows control panel on the machine that had the share. At this point, any shells on the Mandrake box that try to do anything interactive with the mounts lock up. After closing what I can, I telinit'd down to runlevel 1 (from 5), which is where I ran the commands that you see above. You'll notice that none of the Samba daemons are running (nor could they without the network running). Even after I return to runlevel 5 and restart the networking on the Win2K box, I cannot umount the share. I can do nothing with it. At this point, the only way to remove the mount (that I know of) is to reboot the machine. This is the main reason that I suggested that it might be a kernel-level problem -- the kernel, which controls filesystem mounts, will not release the mount point under any circumstances. So, if I am correct about it being a kernel problem, I am wondering if it happens only with Mandrake kernels. Unfortunately, since I am at work, I couldn't reproduce the dhcpd problem that I think might be related. I thought that the problem might be affecting networking on the Mandrake box, but
Re: [expert] Unmountable Samba mounts and other oddities
Hi Todd, Actually, if smbd is responsible for inbound smb requests, then it probably isn't relevant. My problem occurs when I connect to a Windows machine from my Mandrake machine, and then lose the network connection between them (power loss, windows machine removed from network, routing problems, etc.). But the real problem doesn't occur until after restarting the Samba daemons when the network connection is broken. I know, the easiest way to fix this problem is to avoid restarting Samba. But, I am really only using that example to demonstrate what I believe is a bigger problem, but whether or not it occurs with a generic kernel or a Mandrake one, I do not know (yet). Also, using 'umount -f' does not work after the Samba restart. Whether it works prior to that, I'm not sure (haven't had time to check). The following is a clip from a script capture trying it out (along with a few other things): -- bash-2.05# mount | grep smbfs //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) bash-2.05# ls /home/borgille/mnt/RGILLEN/shared ls: /home/borgille/mnt/RGILLEN/shared: Input/output error bash-2.05# umount -f /home/borgille/mnt/RGILLEN/shared umount2: Device or resource busy umount: //RGILLEN/shared: not found umount: /home/borgille/mnt/RGILLEN/shared: Illegal seek bash-2.05# umount -l /home/borgille/mnt/RGILLEN/shared bash-2.05# mount | grep smbfs //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) bash-2.05# umount -f /home/borgille/mnt/RGILLEN/shared umount2: Invalid argument umount: //RGILLEN/shared: not found umount: /home/borgille/mnt/RGILLEN/shared: Illegal seek bash-2.05# rmdir /home/borgille/mnt/RGILLEN/shared/ bash-2.05# umount -f /home/borgille/mnt/RGILLEN/shared umount2: No such file or directory umount: //RGILLEN/shared: not found umount: /home/borgille/mnt/RGILLEN/shared: Illegal seek -- ROB Todd Lyons wrote: Rob Gillen wrote on Mon, Jul 29, 2002 at 05:42:12PM -0400 : Thanks for the advice. Unfortunately, the thing is that when I drop down to runlevel 1, pretty much everything is killed off except kernel-level processes. At that point, both Samba daemons, smbd and nmbd, are not running (checked using ps). If I try to do a 'ls' on the mounted directory, I get an Input/output error. If I try to umount it, I get a Doesn't matter if smbd is running. This is a MOUNT. It is handled directly by the kernel for outbound samba requests for accessing a remote Samba or NT or Windows share. smbd is a program that runs in userland that provides a service for inbound samba requests where the program LOOKS like an NT server. (I believe) Device busy error, which means that I will not be able to unmount it. If I try to use fuser to see what is holding it up, I get //RGILLEN/shared on /home/borgille/mnt/RGILLEN/shared type smbfs (0) umount -f /home/borgille/mnt/RGILLEN/shared Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Sun Jul 28, 2002 at 10:17:41PM -0700, David Guntner wrote:
Thanks to all for the suggestions of snort and tripwire. Once I get my
system back up on its feet, I plan on installing both to keep an eye on my
system.
Both are extremely good tools and should be a part of everyone's
overall security plan.
I'm also going to make sure that my FTP server and sshd server are
listening to non-standard ports, to make it harder for someone to find an
access point.
This is trivial. An nmap scan will give an attacker an idea within
seconds of where these ports have been re-located. Security through
obscurity is no security at all. You're better off to disable FTP if
you don't need it, or if you do, configure your firewall to only allow
connections from certain IPs. Likewise for ssh. If you're making it
semi-public (ie. you need to be able to connect from
previously-unknown IPs), you may as well leave them where they are and
work on hardening other parts of your system. Putting FTP on port
2020 and SSH on port 4022 will only give you a false sense of
security.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import
{GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg56625/pgp0.pgp
Description: PGP signature
Re: [expert] Unmountable Samba mounts and other oddities
(Yet Another Re-posted Message...) James, It's -l (ell) as in 'lazy'. From man umount: -l Lazy unmount. Detach the filesystem from the filesystem hierarchy now, and cleanup all refer ences to the filesystem as soon as it is not busy anymore. (Requires kernel 2.4.11 or later.) This has always worked for me, but it may be a different problem. My problem seems to be that our NT server is disconnecting shares after a timeout period, and Samba doesn't automatically re-connect. This seems to occurr with Samba (at least) 2.2.3 - 2.2.5... Anyhow, Todd's suggestion of -f (force) is probably more appropriate... :) -Jason On Tuesday 30 July 2002 07:58 pm, James Sparenberg wrote: Jason, Not to seem dense. (I really do try not to.) is that a -1 (one) or a -l (ell). Second where did you find this out? It's seems to be a neat way to umount a stuck mount, I'd like to read more. 'umount /mount/point -l' = In the Beginning It was a nice day. -- (Terry Pratchett Neil Gaiman, Good Omens) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
At 08:24 PM 7/30/02, you wrote: On Tue, 30 Jul 2002 16:06:02 -0700 James Sparenberg [EMAIL PROTECTED] wrote: On Mon, 29 Jul 2002 13:20:52 -0700 Todd Lyons [EMAIL PROTECTED] wrote: James Sparenberg wrote on Mon, Jul 29, 2002 at 08:50:24PM -0700: On the subject of Crackers. Note this IP block owned by ATT 12.234.0.0/24 If been getting hit heavily from there by a number Ok Found out what it is. New WinIIS virus called code blue and it's re-spreading like wildfire ( at least in the realm of ATT customers). Starts out checking the class C then the class B then the class A of it's own subnet. Won't affect anyone using *nix but it seems to already be taking down a number of University networks. In fact it seems to be able to install itself using a hole in the WinIIS server. *sigh*... Note to if you follow this link it seems that it has spread through ATT before. http://cert.uni-stuttgart.de/archive/incidents/2001/09/msg00157.html James A new virus? Not if memory serves me correctly. Code Blue has been around almost as long as code red - since last year, at the least. The URL you give is dated Sep 18, 2001 - over 10 months ago. David Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
On Mon, 29 Jul 2002 22:20:04 -0400 David Relson [EMAIL PROTECTED] wrote: At 08:24 PM 7/30/02, you wrote: On Tue, 30 Jul 2002 16:06:02 -0700 James Sparenberg [EMAIL PROTECTED] wrote: On Mon, 29 Jul 2002 13:20:52 -0700 Todd Lyons [EMAIL PROTECTED] wrote: James Sparenberg wrote on Mon, Jul 29, 2002 at 08:50:24PM -0700: On the subject of Crackers. Note this IP block owned by ATT 12.234.0.0/24 If been getting hit heavily from there by a number Ok Found out what it is. New WinIIS virus called code blue and it's re-spreading like wildfire ( at least in the realm of ATT customers). Starts out checking the class C then the class B then the class A of it's own subnet. Won't affect anyone using *nix but it seems to already be taking down a number of University networks. In fact it seems to be able to install itself using a hole in the WinIIS server. *sigh*... Note to if you follow this link it seems that it has spread through ATT before. http://cert.uni-stuttgart.de/archive/incidents/2001/09/msg0015 7.html James A new virus? Not if memory serves me correctly. Code Blue has been around almost as long as code red - since last year, at the least. The URL you give is dated Sep 18, 2001 - over 10 months ago. David Your right I meant to say re-Newed virus... my bad. James Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Hack attack or not?
Vincent Danen grabbed a keyboard and wrote: On Sun Jul 28, 2002 at 10:17:41PM -0700, David Guntner wrote: I'm also going to make sure that my FTP server and sshd server are listening to non-standard ports, to make it harder for someone to find an access point. This is trivial. An nmap scan will give an attacker an idea within seconds of where these ports have been re-located. Security through obscurity is no security at all. You're better off to disable FTP if you don't need it, or if you do, configure your firewall to only allow connections from certain IPs. Likewise for ssh. If you're making it semi-public (ie. you need to be able to connect from previously-unknown IPs), you may as well leave them where they are and work on hardening other parts of your system. Putting FTP on port 2020 and SSH on port 4022 will only give you a false sense of security. I aggee with you that security through obscurity is no security at all. However, adding obscurity as a layer on top of existing security certainly doesn't hurt anything. :-) I would do as you suggest above, except for the fact that I have no way of knowing what IP addresses I'm going to want to connect from when I'm traveling away from home, and I have a few close friends that I've given accounts to the machine on. They need to be able to access the system from whatever IP their ISP gives them when they login. I do have sshd configured to only honor protocol 2 connections, which I understand helps quite a bit. FTP is needed sometimes, though not often enough that I'll leave it open for now. File transfers *can* be done through ssh, and I'm going to tell my friends that do access the system that if they want to upload/download a file, they'd better get ssh clients that support file transfer. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Snort portscan log
I finally installed snort and I just got this in my portscan log file. Jul 29 19:25:46 211.172.121.210:3155 - 66.47.48.54:515 SYN **S* Jul 29 19:25:47 211.172.121.210:3643 - 66.47.48.54:113 SYN **S* Jul 29 19:25:48 211.172.121.210:3644 - 66.47.48.54:23 SYN **S* Jul 29 19:25:46 211.172.121.210:3152 - 66.47.48.51:515 SYN **S* Jul 29 19:25:49 211.172.121.210:3645 - 66.47.48.51:113 SYN **S* Jul 29 19:25:50 211.172.121.210:3646 - 66.47.48.51:23 SYN **S* Does this meen someone is looking for a hole ? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Unmountable Samba mounts and other oddities
From the man pages for unmount: -l Lazy unmount. Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore. (Requires kernel 2.4.11 or later.) - Jason B. On Tuesday 30 July 2002 07:58 pm, James Sparenberg wrote: Jason, Not to seem dense. (I really do try not to.) is that a -1 (one) or a -l (ell). Second where did you find this out? It's seems to be a neat way to umount a stuck mount, I'd like to read more. James On Mon, 29 Jul 2002 18:44:08 -0400 PlugHead [EMAIL PROTECTED] wrote: I have this problem all the time: 'umount /mount/point -l' should do the trick. -Jason (And once again, my first post on the topic was dropped... grr...) On Monday 29 July 2002 05:42 pm, Rob Gillen wrote: Thanks for the advice. Unfortunately, the thing is that when I drop down to runlevel 1, pretty much everything is killed off except kernel-level processes. = Did any of them kids have some space alien with a face like a friendly turd in a bike basket? -- (Terry Pratchett Neil Gaiman, Good Omens) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] web cam
I recently setup a web cam so my future puppy owners could watch there pups grow up http://billbeau.net/cam.htm im using camstream. What it does is take a picture every 10 seconds or whatever time you tell it to do so then it ftp's it to my server. I have a staic link to that jpg file from my webserver directory and you can see it on the web. is there a software package that I can run to show realtime video. IM using a Logitech QuickCam Pro 3000 USB connected to a laptop in my garage which is on my network using a wireless pcmcia network card. The laptop is running RH7.3 and my server is running Mandrake 7.0 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
