Re: Booting, grub etc.
On 4/20/2015 at 04:20 PM, Christer Solskogen christer.solsko...@gmail.com wrote: Okay, but why? What do I need resume on s390x for? I'm sorry if I'm sounding like I'm having an attitude. I *really* wonder what you use resume on s390x/z/VM for. Say you want to have a number of servers in warm standby mode that can be spun up quickly. This will do that for you. Or, you might have a very long-running analytics job that you don't want to interrupt, but you need to take your z/VM LPAR down for some reason. I don't consider the capability a major feature of Linux on the mainframe, but it has its uses. Also, you get huge kudos for replying faster than tech support at SuSE :-) SUSE, please. And not really faster than our tech support. They have a _lot_ of customers to take care of. I try to take some of the load off by hanging out here (among other reasons). When I was still in technical support, my response time in the mailing list could be on the order of days. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Booting, grub etc.
On Mon, Apr 20, 2015 at 5:23 PM, Mark Post mp...@suse.com wrote: On 4/20/2015 at 07:33 AM, Christer Solskogen christer.solsko...@gmail.com wrote: Hi again. With SLES 12 it seems like grub2 is being used for booting and not zipl(?) - I can't find a /etc/zipl.conf* in SLES 12 at least. Is that normal? Yes, that is normal. The zipl command is still used, infrequently, to write out the kernel and ramdisk that are used to get grub2 up and running. But you shouldn't have to modify the config file for that since that isn't what boots the kernel and ramdisk _you_ care about. With SLES 12 I also had some trouble booting the system properly after a clean install (it might have something to do with the swap disk I mentioned in a earlier mail) - unless I remove any trace of resume=/path/to/disk in grub-config. Does having resume on s390 have any meaning? Absolutely it has meaning, as long as your swap space is large enough to hold all the memory contents that need to be written there. One caveat there is if you use something like a VDISK or a T-DISK for your paging. If those go away for any reason, you won't be able to resume the system from where it was paused. Okay, but why? What do I need resume on s390x for? I'm sorry if I'm sounding like I'm having an attitude. I *really* wonder what you use resume on s390x/z/VM for. Also, you get huge kudos for replying faster than tech support at SuSE :-) -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Booting, grub etc.
On Mon, Apr 20, 2015 at 5:28 PM, Berthold Gunreben b...@suse.de wrote: On Mon, 20 Apr 2015 13:33:02 +0200 Hi Christer, yes, you might fall over issues in SLES12 when using swapgen. The reason is, that dracut by default wants to detect all disks by UUID. To fix this, you will have to change the default persistency of dracut to by-path instead of uuid... to accomplish this, change /etc/dracut.conf and add persistent_policy=by-path then: 1. grub2-install 2. dracut -f I've already tried that without any luck, but that might be because we have a old version of swapgen. I'll get back to you when we've installed the newest one. About the resume, this is just for people that want to do suspend to disk (and I don't actually know if this even works for s390). You should be aware, that to modify the kernel command line, you have to edit /etc/default/grub and afterwards run grub2-mkconfig (which is also stated in a comment at the top of that exact file). Yeap, I know. Thanks :-) -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Booting, grub etc.
Hi again. With SLES 12 it seems like grub2 is being used for booting and not zipl(?) - I can't find a /etc/zipl.conf* in SLES 12 at least. Is that normal? With SLES 12 I also had some trouble booting the system properly after a clean install (it might have something to do with the swap disk I mentioned in a earlier mail) - unless I remove any trace of resume=/path/to/disk in grub-config. Does having resume on s390 have any meaning? -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
kernel: Swap area shorter than signature indicates
Hi! In our setup we have two swap disks. One on 300 and one on 301. 300 works fine, but with the 301 swap disk I get the error in subject. This *only* happens if I logout, if I just reboot (or ipl cms) it works just fine, so it *might* have something to do with SWAPGEN. 'SWAPGEN 300 524288' /* create a 256M VDISK disk swap space */ 'SWAPGEN 301 1048576' /* create a 512M VDISK disk swap space */ In order to fix the problem I have to run mkswap after each logout. The error only seems to be a problem on our new SLES 12 machines (SuSE Linux) - but that might as well be a red herring. I'm a newbie on s390, so please bare with me if I've used the wrong wording. -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: PAM Prompting For Password Twice
Hello, Do you auth against an LDAP? Or is it local only? Is it only this server, or do others servers have it as well? You can also try adding debug in the pam config. That gives more output. BR/ Robbert _ Robbert de Schepper -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Jason Space Sent: maandag 20 april 2015 12:57 To: LINUX-390@VM.MARIST.EDU Subject: PAM Prompting For Password Twice All, Distro: RHEL 6.6 (s390x) I'm having trouble tracking down why PAM is asking for a password twice before allowing access. Best I can determine from reading is the pam_unix.so module being called twice. To be honest, I know next to nothing about PAM.. Below is the contents of the system-auth file. Any help would be appreciated. authrequired pam_env.so auth [default=ignore success=1] pam_succeed_if.so quiet user ingroup nolockout authrequisite pam_tally2.so deny=3 onerr=fail auth [default=ignore success=1] pam_succeed_if.so quiet uid = 0 authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_unix.so try_first_pass auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900 authrequired pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900 authrequired pam_deny.so account required pam_unix.so account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid 500 quiet account required pam_tally2.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 type= dcredit=-1 lcredit=-1 ocredit=-1 ucredit=-1 minlen=14 difok=4 passwordsufficientpam_unix.so sha512 shadow try_first_pass use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session required pam_lastlog.so showfailed session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so Thx, Jason Space -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: kernel: Swap area shorter than signature indicates
Hello, Christer. This is a know issue with older versions of SWAPGEN. I believe the latest version of SWAPGEN available from here: http://download.sinenomine.net/swapgen fixes this problem. Have a good one, too. DJ On Mon, 20 Apr 2015 13:27:45 +0200, Christer Solskogen christer.solsko...@gmail.com wrote: Hi! In our setup we have two swap disks. One on 300 and one on 301. 300 works fine, but with the 301 swap disk I get the error in subject. This *only* happens if I logout, if I just reboot (or ipl cms) it works just fine, so it *might* have something to do with SWAPGEN. 'SWAPGEN 300 524288' /* create a 256M VDISK disk swap space */ 'SWAPGEN 301 1048576' /* create a 512M VDISK disk swap space */ In order to fix the problem I have to run mkswap after each logout. The error only seems to be a problem on our new SLES 12 machines (SuSE Linux) - but that might as well be a red herring. I'm a newbie on s390, so please bare with me if I've used the wrong wording. -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: kernel: Swap area shorter than signature indicates
Best Regards, Ted Allen Compute Platform Services Mainframe/Midrange Services z/VM and Linux on System z Support Wells Fargo Corporation | 1525 West WT Harris Blvd | Charlotte, NC 28262 MAC D1112-023 Tel 704-427-1176 | Cell 980-229-8709 ted.al...@wellsfargo.com Original Message From: vmda...@runbox.com Sent: Monday, April 20, 2015 8:26 AM To: LINUX-390@VM.MARIST.EDU Reply To: Linux on 390 Port Subject: Re: kernel: Swap area shorter than signature indicates Hello, Christer. This is a know issue with older versions of SWAPGEN. I believe the latest version of SWAPGEN available from here: http://download.sinenomine.net/swapgen fixes this problem. Have a good one, too. DJ On Mon, 20 Apr 2015 13:27:45 +0200, Christer Solskogen christer.solsko...@gmail.com wrote: Hi! In our setup we have two swap disks. One on 300 and one on 301. 300 works fine, but with the 301 swap disk I get the error in subject. This *only* happens if I logout, if I just reboot (or ipl cms) it works just fine, so it *might* have something to do with SWAPGEN. 'SWAPGEN 300 524288' /* create a 256M VDISK disk swap space */ 'SWAPGEN 301 1048576' /* create a 512M VDISK disk swap space */ In order to fix the problem I have to run mkswap after each logout. The error only seems to be a problem on our new SLES 12 machines (SuSE Linux) - but that might as well be a red herring. I'm a newbie on s390, so please bare with me if I've used the wrong wording. -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
PAM Prompting For Password Twice
All, Distro: RHEL 6.6 (s390x) I'm having trouble tracking down why PAM is asking for a password twice before allowing access. Best I can determine from reading is the pam_unix.so module being called twice. To be honest, I know next to nothing about PAM.. Below is the contents of the system-auth file. Any help would be appreciated. authrequired pam_env.so auth [default=ignore success=1] pam_succeed_if.so quiet user ingroup nolockout authrequisite pam_tally2.so deny=3 onerr=fail auth [default=ignore success=1] pam_succeed_if.so quiet uid = 0 authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_unix.so try_first_pass auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900 authrequired pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900 authrequired pam_deny.so account required pam_unix.so account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid 500 quiet account required pam_tally2.so account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 type= dcredit=-1 lcredit=-1 ocredit=-1 ucredit=-1 minlen=14 difok=4 passwordsufficientpam_unix.so sha512 shadow try_first_pass use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session required pam_lastlog.so showfailed session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so Thx, Jason Space -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Booting, grub etc.
Zipl is used to start grub2. You can find it in /boot/zipl/config if i remember correctly... On Apr 20, 2015 2:35 PM, Christer Solskogen christer.solsko...@gmail.com wrote: Hi again. With SLES 12 it seems like grub2 is being used for booting and not zipl(?) - I can't find a /etc/zipl.conf* in SLES 12 at least. Is that normal? With SLES 12 I also had some trouble booting the system properly after a clean install (it might have something to do with the swap disk I mentioned in a earlier mail) - unless I remove any trace of resume=/path/to/disk in grub-config. Does having resume on s390 have any meaning? -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: PAM Prompting For Password Twice
It's authenticating locally only and it is happening on all the Redhat servers at this point. We have some SLES servers, but they're working fine, which leads me to believe there is something different between the distro's or kernel releases. One other thing I will mention is we've replaced supplied ssh with Tectia ssh server/client software. I did turn on debug on the /etc/pam.d/system-auth file It appears to be failing on the public-key authentication and then falling through the password authentication and allows access. Based on the login prompts this seems to makes sense.. Login Prompts: PAM Authentication Password: Password Authentication: jspace's password: In the messages and secure logs there are errors. messages Apr 20 13:57:15 rh66cln-pk ssh-server-g3: 1002 Algorithm_negotiation_success, kex_algorithm=diffie-hellman-group-exchange-sha256, hostkey_algorithm=ssh-rsa, cipher=aes128-cbc/aes128-cbc, mac=hmac-sha1/hmac-sha1, compression=none/none, Session-Id: 1 Apr 20 13:57:15 rh66cln-pk ssh-server-g3: 1003 KEX_success, Algorithm: diffie-hellman-group-exchange-sha256, Modulus: 2048 bits, Session-Id: 1, Protocol-session-Id: 37E91F9819846E8DB400EA8627283F7A6ADCE7B26A7EF2737623DD71FCEB0E55 Apr 20 13:57:15 rh66cln-pk ssh-server-g3: 801 Authentication_block_selected, Username: jspace, Policy name: authentication, Session-Id: 1, file: /etc/ssh2/ssh-server-config.xml, line: 191 Apr 20 13:57:15 rh66cln-pk ssh-server-g3: 703 Auth_methods_available, Username: jspace, Auth methods: gssapi-with-mic,password,publickey,keyboard-interactive, Session-Id: 1 Apr 20 13:57:18 rh66cln-pk ssh-server-g3: 717 Keyboard_interactive_pam_auth_error, Username: jspace, Algorithm: pam, pam_internal_op_error() failed: Permission denied(6) / pam_acct_mgmt() failed., Session-Id: 1 Apr 20 13:57:58 rh66cln-pk ssh-server-g3: 722 Keyboard_interactive_password_auth_success, Username: jspace, Algorithm: password, Keyboard-interactive Password authentication successful, Session-Id: 1 Apr 20 13:58:00 rh66cln-pk ssh-server-g3: 700 Auth_method_success, Username: jspace, Auth method: keyboard-interactive, Session-Id: 1 Apr 20 13:58:00 rh66cln-pk ssh-server-g3: 802 Authentication_block_allow, Username: jspace, Policy name: authentication, Session-Id: 1, file: /etc/ssh2/ssh-server-config.xml, line: 191 secure Apr 20 13:57:15 rh66cln-pk ssh-pam-proxy: pam_succeed_if(ssh-server-g3:auth): 'user' resolves to 'jspace' Apr 20 13:57:15 rh66cln-pk ssh-pam-proxy: pam_succeed_if(ssh-server-g3:auth): 'uid' resolves to '1100' Apr 20 13:57:15 rh66cln-pk ssh-pam-proxy: pam_succeed_if(ssh-server-g3:auth): 'uid' resolves to '1100' Apr 20 13:57:18 rh66cln-pk ssh-pam-proxy: pam_access(ssh-server-g3:account): access denied for user `jspace' from [removed]' . . . pr 20 13:57:18 rh66cln-pk ssh-pam-proxy: pam_localuser(ssh-server-g3:account): checking jspace:x:1100:1100:jspace:/home/jspace:/bin/bash#012 Apr 20 13:57:18 rh66cln-pk ssh-pam-proxy: pam_succeed_if(ssh-server-g3:account): 'uid' resolves to '1100' Apr 20 13:57:18 rh66cln-pk ssh-pam-proxy: pam_succeed_if(ssh-server-g3:session): 'service' resolves to 'ssh-server-g3' Apr 20 13:57:18 rh66cln-pk ssh-pam-proxy: pam_unix(ssh-server-g3:session): session closed for user jspace From: de Schepper Robbert robbert.de.schep...@volvo.com To: LINUX-390@VM.MARIST.EDU, Date: 04/20/2015 07:33 AM Subject:Re: PAM Prompting For Password Twice Sent by:Linux on 390 Port LINUX-390@VM.MARIST.EDU Hello, Do you auth against an LDAP? Or is it local only? Is it only this server, or do others servers have it as well? You can also try adding debug in the pam config. That gives more output. BR/ Robbert _ Robbert de Schepper -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Jason Space Sent: maandag 20 april 2015 12:57 To: LINUX-390@VM.MARIST.EDU Subject: PAM Prompting For Password Twice All, Distro: RHEL 6.6 (s390x) I'm having trouble tracking down why PAM is asking for a password twice before allowing access. Best I can determine from reading is the pam_unix.so module being called twice. To be honest, I know next to nothing about PAM.. Below is the contents of the system-auth file. Any help would be appreciated. authrequired pam_env.so auth [default=ignore success=1] pam_succeed_if.so quiet user ingroup nolockout authrequisite pam_tally2.so deny=3 onerr=fail auth [default=ignore success=1] pam_succeed_if.so quiet uid = 0 authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_unix.so try_first_pass auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900 authrequired pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900 authrequired pam_deny.so account required pam_unix.so account sufficientpam_localuser.so account sufficient
Re: Booting, grub etc.
On 4/20/2015 at 07:33 AM, Christer Solskogen christer.solsko...@gmail.com wrote: Hi again. With SLES 12 it seems like grub2 is being used for booting and not zipl(?) - I can't find a /etc/zipl.conf* in SLES 12 at least. Is that normal? Yes, that is normal. The zipl command is still used, infrequently, to write out the kernel and ramdisk that are used to get grub2 up and running. But you shouldn't have to modify the config file for that since that isn't what boots the kernel and ramdisk _you_ care about. With SLES 12 I also had some trouble booting the system properly after a clean install (it might have something to do with the swap disk I mentioned in a earlier mail) - unless I remove any trace of resume=/path/to/disk in grub-config. Does having resume on s390 have any meaning? Absolutely it has meaning, as long as your swap space is large enough to hold all the memory contents that need to be written there. One caveat there is if you use something like a VDISK or a T-DISK for your paging. If those go away for any reason, you won't be able to resume the system from where it was paused. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Booting, grub etc.
On 4/20/2015 at 11:28 AM, Berthold Gunreben b...@suse.de wrote: You should be aware, that to modify the kernel command line, you have to edit /etc/default/grub and afterwards run grub2-mkconfig (which is also stated in a comment at the top of that exact file). I would think it's easier to use YaST, or edit /boot/grub2/grub.cfg directly. Granted, the grub.cfg for grub2 is considerably more complex than menu.lst for grub, but still. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Booting, grub etc.
On Mon, 20 Apr 2015 13:33:02 +0200 Hi Christer, yes, you might fall over issues in SLES12 when using swapgen. The reason is, that dracut by default wants to detect all disks by UUID. To fix this, you will have to change the default persistency of dracut to by-path instead of uuid... to accomplish this, change /etc/dracut.conf and add persistent_policy=by-path then: 1. grub2-install 2. dracut -f About the resume, this is just for people that want to do suspend to disk (and I don't actually know if this even works for s390). You should be aware, that to modify the kernel command line, you have to edit /etc/default/grub and afterwards run grub2-mkconfig (which is also stated in a comment at the top of that exact file). Berthold Christer Solskogen christer.solsko...@gmail.com wrote: Hi again. With SLES 12 it seems like grub2 is being used for booting and not zipl(?) - I can't find a /etc/zipl.conf* in SLES 12 at least. Is that normal? With SLES 12 I also had some trouble booting the system properly after a clean install (it might have something to do with the swap disk I mentioned in a earlier mail) - unless I remove any trace of resume=/path/to/disk in grub-config. Does having resume on s390 have any meaning? -- chs -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- -- Berthold Gunreben Build Service Team http://www.suse.de/ Maxfeldstr. 5 SUSE LINUX Products GmbH D-90409 Nuernberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
