Re: Cisco VPN Client on SL6.7

[Karel Lang AFD]

Hello,

this is hard to say, i don't use cisco client, so can't say for sure, 
but I'd start with a common steps used to solve problems:


- try to run the cisco client directly from command line - and observe, 
if there is any messages displayed there

- check /var/log/messages for any possible errors
- check if the client has it's own log file, if it does, check it too


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz



On 05/04/2016 12:17 PM, Ian A Taylor wrote:

Sir/Madam

I have a user with SL 6.7 installed  (2.6.32-573.3.1)

Up until a few weeks ago he could run a Cisco VPN client on this system ok.

However now, when he loads the Cisco VPN client then the process load on
his system just climbs and climbs until he cannot do anything on the
system.

It appears the CiscoVPN client is version  2.5.6005

If anybody can suggest a solution to this, it would be much appreciated.

Re: SSH port forward with firewalld

[Karel Lang AFD]

Hi,

i see 2 basic ways howto go about this

firstly,
yes, you can solve this by port-forwarding on the iptables level on the 
host machine.
Unfortunately, i dont use firewalld, i use only iptables, so can't say 
if your config is right or not.


But basically if the forwarding firewall rule works, then after you issue:

ssh user@IP-of-host-machine -p portnumber-that-is-forwarded

then you are immediately redirected at guest machine and you should get 
pw prompt from guest - if not, something is wrong - probably on firewall.




secondly,
you can use ssh tunnel and tunnel your ssh session through your host to 
your guest very quickly


from your laptop (this assumes both sshd daemons on guest and host use 
22 port)


ssh -L 2:IP-of-guest-virt-machine:22  user@IP-of-host-machine

this establishes the ssh tunnel

next goes:
ssh user@localhost -p 2

you should get the pw prompt from guest machine

check, if your host machine forwards packets in /etc/sysctl.conf
net.ipv4.ip_forward = 1


cheers,


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 04/28/2016 09:59 AM, Benjamin Lefoul wrote:

Hi!

I have a KVM guest called "streeling" running on physicalhost "trantor".
I can easily ssh to "trantor", and from there ssh to "streeling", put I
cannot seem to be able to set the port forward properly to ssh directly
to "streeling" ("Connection refused"). This should be simple enough to
follow through:

seldon@anacreon:~ $ head .ssh/config
Host streeling
 Hostname 10.0.75.192
 Port 4077
 User root

Host trantor
 Hostname 10.0.75.192
 ForwardX11=yes
 User seldon
seldon@anacreon:~ $ ssh streeling
ssh: connect to host 10.0.75.192 port 4077: Connection refused
seldon@anacreon:~ $ ssh trantor
Last login: Thu Apr 28 09:31:52 2016 from 10.0.75.177
seldon@trantor:~ $ sudo virsh list
  IdName   State

  2 streeling  running
  3 mycogenrunning
  4 dahl   running

seldon@trantor:~ $ ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp4s1:  mtu 1500 qdisc pfifo_fast
state UP qlen 1000
 link/ether 6c:62:6d:6a:ab:fc brd ff:ff:ff:ff:ff:ff
 inet 10.0.75.192/24 brd 10.0.75.255 scope global enp4s1
valid_lft forever preferred_lft forever
 inet6 fe80::6e62:6dff:fe6a:abfc/64 scope link
valid_lft forever preferred_lft forever
3: virbr1:  mtu 1500 qdisc noqueue state UP
 link/ether 52:54:00:0d:4a:73 brd ff:ff:ff:ff:ff:ff
 inet 192.168.128.1/24 brd 192.168.128.255 scope global virbr1
valid_lft forever preferred_lft forever
4: virbr1-nic:  mtu 1500 qdisc pfifo_fast master
virbr1 state DOWN qlen 500
 link/ether 52:54:00:0d:4a:73 brd ff:ff:ff:ff:ff:ff
5: vnet0:  mtu 1500 qdisc pfifo_fast
master virbr1 state UNKNOWN qlen 500
 link/ether fe:54:00:89:ac:bc brd ff:ff:ff:ff:ff:ff
 inet6 fe80::fc54:ff:fe89:acbc/64 scope link
valid_lft forever preferred_lft forever
seldon@trantor:~ $ getenforce
Enforcing
seldon@trantor:~ $ sudo grep "Port" /etc/ssh/sshd_config
Port 22
Port 4077
seldon@trantor:~ $ sudo semanage port -l | grep ssh
ssh_port_t tcp  4077, 22
seldon@trantor:~ $ cat /proc/sys/net/ipv4/ip_forward
1
seldon@trantor:~ $ head -4 .ssh/config
Host streeling
 Hostname 192.168.128.128
 User root

seldon@trantor:~ $ sudo firewall-cmd --list-all
public (default, active)
   interfaces: enp4s1
   sources:
   services: ssh
   ports: 4077/tcp
   masquerade: yes
   forward-ports: port=4077:proto=tcp:toport=22:toaddr=192.168.128.128
   icmp-blocks:
   rich rules:

seldon@trantor:~ $ ssh streeling
Last login: Thu Apr 28 09:10:57 2016 from 192.168.128.1
root@streeling:~ # ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
group default
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3:  mtu 1500 qdisc fq_codel state
UP group default qlen 1000
 link/ether 52:54:00:89:ac:bc brd ff:ff:ff:ff:ff:ff
 inet 192.168.128.128/24 brd 192.168.128.255 scope global ens3
valid_lft forever preferred_lft forever
 inet6 fe80::5054:ff:fe89:acbc/64 scope link
valid_lft forever preferred_lft forever

What should I do?


Regards,


Benjamin Lefoul

Re: php 5.6

[Karel Lang AFD]

hello,

from my notes:
SL / CentOS_6_PHP56 + owncloud-8.2.0-4.1

Run the following shell commands as root to trust the repository.

rpm --import 
https://download.owncloud.org/download/repositories/8.2/CentOS_6_PHP56/repodata/repomd.xml.key


Run the following shell commands as root to add the repository and 
install from there.


yum install -y 
https://www.softwarecollections.org/en/scls/rhscl/rh-php56/epel-6-x86_64/download/rhscl-rh-php56-epel-6-x86_64.noarch.rpm
yum install -y 
https://www.softwarecollections.org/en/scls/rhscl/httpd24/epel-6-x86_64/download/rhscl-httpd24-epel-6-x86_64.noarch.rpm
wget 
http://download.owncloud.org/download/repositories/8.2/CentOS_6_PHP56/ce:8.2.repo 
-O /etc/yum.repos.d/ce:8.2.repo

yum clean expire-cache
yum install owncloud


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 04/08/2016 03:46 PM, Jim Campbell wrote:

Hello,

On Fri, Apr 8, 2016, at 07:40 AM, Stephan Wiesand wrote:

On 08 Apr 2016, at 14:22, Ralf Farke  wrote:

Hi,
i need php 5.6 for my Owncloud Server 9, installed is 5.4.16 from @sl-security.
I installed the repos epel and webtatic.
If i try to install php 5.6w i get the error:
php56w-common conflicts with php-common-5.4.16-36.el7_1.x86_64.
When i try to delete php 5.4 i get a lot of Software to delete because of 
dependencies, so this is not a solution.

Any suggestions?


rh-php56 from external_products/softwarecollections?



Greetings,

Ralf Farke


I would agree with Stephan's suggestion, and suggest using Software
Collections, as well. One of the Scientific Linux maintainers, Bonnie
King, gave a talk on using Software Collections at our GNU/Linux User
Group a few years ago. The slides are here [1], and they include some
SL-specific commands to get Software Collections installed & some info
on using them.

Cheers,

Jim

[1]
https://mediagoblin.chicagolug.org/u/chicagolug/m/rh-software-collections/

Re: fglrx problem

[Karel Lang AFD]

Hi,
i don't know why you were doing the kernel/vga driver update, but if 
there wasn't a particular bug you were fixing, i would downgrade the 
kernel/driver/X server back to previous, working versions..


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz


On 03/31/2016 08:18 PM, Stephen Isard wrote:

I have a Dell Optiplex 980 with a Radeon HD 6450 card which was working
fine with the elrepo fglrx-x11-drv and kmod-fglrx packages until I
recently upgraded to kernel 2.6.32-573.12.1.el6.x86_64 and fglrx
versions 15.12-1.  Now when I move a window on the screen, the content
isn't erased from the old location, leaving a trail of ghosts behind.
This happens with more than one window manager (fvwm, icewm, fluxbox),
so I think its an X problem, rather than a window manager bug.

The guys at elrepo were very responsive, but they didn't have the
problem on their own machines, and it's not really their software - it
is closed source from ATI - and they have run out of guesses for what to
try.  I have tried installing ATI's own rpm and that behaves the same
way.  I've filed a bug on the unofficial ATI bugzilla, but don't have
great hopes there.  I'm wondering whether anyone here has ever seen
symptoms like these.  Using the radeon driver gets me a mostly usable
system, but there is some stuff that says it won't work without glx.

Stephen Isard

Re: snooping windows 10 - how to stop it on a linux gateway?

[Karel Lang AFD]

Hmm ... yes, yes.
Thanks for bringing this up.
I force all http traffic through the squid proxy on our SL 6 gateway, 
this could be also helpful..




On 03/05/2016 11:00 AM, prmari...@gmail.com wrote:

The only way I can think of is to force all internet access through a proxy and 
filter it out in the proxy.
Then you don't give the machines any internet access just access to the proxy.
Unfortunately I do not have details for you on how to filter the snoop messages 
because in I haven't looked at them but it should be fairly easy using squid 
and an external Perl regex filter script or other filter application, but you 
will take a latency hit because you will have to inspect every transaction.

   Original Message
From: jdow
Sent: Friday, March 4, 2016 23:35
To: scientific-linux-us...@fnal.gov
Subject: Re: snooping windows 10 - how to stop it on a linux gateway?

That windows update server is a relay for the "snoop" messages. About the only
way to totally stop the snoop messages is to totally isolate the network
containing Windows machines from the network. Any windows machine can serve as a
relay point for any others.

{o.o}

On 2016-03-04 20:16, Karel Lang AFD wrote:

Hi guys,

firstly, sorry Todd, i don't know how it happened i got attached to your thread.

secondly, thank you all for your thoughtful posts.

I know it is not easy to block the selected traffic from windows 10 and you are
right, it is being backported to windows 7 as well. Horrible and disgusting.

I already have windows server in LAN dedicated as a update server (work of my
windows colleagues), so the PC don't have to access windows update servers
outside LAN - this should simplify things.

Also the PCs must have internet access to email, http, https, ftp, sftp - simply
the 'usual' stuff.
I think, yet, there should be a way. I'll try to consult mikrotik experts (the
router brand we use) and guys from our ISP.
If i have something, i'll let you know :-)

thank you, bb

Karel

On 03/05/2016 12:40 AM, Steven Haigh wrote:

On 05/03/16 07:24, Karel Lang AFD wrote:

Hi all,

guys, i think everyone heard already about how windows 10 badly treat
its users privacy.


My solution to this was to finally rid Windows 7 off my desktop PC - as
most of the telemetry has also been 'back ported' to Windows 7 also. You
can't stop it.


I'm now thinking about a way howto stop a windows 10 sending these data
mining results to a microsoft telemetry servers and filter it on our SL
6 linux gateway.


Nope. There are no specific servers in use - just general - so whatever
you block will end up killing other services.


I think it could be (maybe?) done via DPI (deep packet inspection). I
similarly filter torrent streams on our gateway - i patched standard SL
6 kernel with 'xtables' (iptables enhancement) and it is working
extremely well.


I would be interested to see if you could identify telemetry packets in
the flow - but I'm not predicting much success. If you do get it, make
sure you let the world know though!


I read (not sure if true) that some DNS resolutions to M$ servers are
even 'hardwired' via some .dll library, so it makes it even harder.


Correct.


I'm no windows expert, but i'm and unix administrator concerned about
privacy of windows desktop/laptop users sitting inside my LAN.

What i'd like to come up is some more general iptables rules, than
blocking specific IP addresses or names, because, apparently they may
change in any incoming windows update ...

Anyone gave this thought already? Anyone else's concerned the way i am?


Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on
a few things that I like - so Fedora is a happy medium for me - as I
still have the fedora-updates-testing repo enabled. My work laptop as
well as my personal laptop - and now my home desktop all run Fedora 23
(KDE Spin if you hate Gnome 3 - like me).







--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

Re: snooping windows 10 - how to stop it on a linux gateway?

[Karel Lang AFD]

Hi Todd and all,
you wouldn't belive, how glad i would be to get rid off all windows PCs.

And if it was just because of regular office users, it would be 
happening. But, alas, in my LAN is sitting roughly like 350 Dell and HP 
workstations that run 'Catia', which is a CAD application for automotive 
industry - and there is no way this will run under wine or on KVM 
virtualized windows guests (sigh)...


With what jdow wrote - about the windows update server (that sits 
insided your LAN) acting like relay point, it is really hard/bad.


Really, only thing i can think of is as i said in my 1st post the so 
called 'DPI' - deep packet inspection, which is a method of packet 
filtering that functions at the Application layer and inspects packet 
payloads searching for defined pattern(s).


Thing is i need to know which pattern or string to search for (which i 
dunno).
I found on internet many posts trying to block the telemetry windows 
servers, but this is really not much elegant way and also not much 
effective, as these things can change very dynamically.


As i said, i'm not giving up yet and i'm gonna consult some network IP 
specialists.


with br,
Karel



--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 03/05/2016 10:09 AM, ToddAndMargo wrote:

On 03/04/2016 08:16 PM, Karel Lang AFD wrote:

Also the PCs must have internet access to email, http, https, ftp, sftp
- simply the 'usual' stuff.


Hi Karl,

All work marvelously user Fedora/RHEL.  It may be time for
your to consider migrating off of Windows.

I support Windows, Linux, Apple.

Apple is like an excruciatingly weird straight jacket.

The quality and security issues involved with Windows takes
my breath away, especially with all the Crypto Locker style
viruses out there.  Yo are one eMail away from an absolute
disaster.  And these viruses go after your backup too!

With Linux, you will noticed that you are only assisting with
programs and setting up features.  You will no longer be
chasing your tail over quality issues, bad updates, spying,
"Where's Waldo?", etc..

You can make Xfce look like XP and KDE look like W7.  Nothing
can make anything look as bad as Frankenstein and Sons
(W8 and W-Nein).  I love Xfce just as it is.

With Fedora/RHEL, there is none of this "w7 installer
can't read USB 3 ports, so no keyboard or mouse" baloney
to deal with.

Where you get into trouble are Windows only business
apps, such as Quick Bucks, oops, Quick Books.  Set up
a KVM server and have them log into with Spice from
their workstations.  (I prefer XP for such, it is
more powerful and less buggy.  Plus no more idiot
M$ updates to crash your next boot up.)

And this profession starts to become fun again. And dead,
dragging computer come back to life!

-T

Re: snooping windows 10 - how to stop it on a linux gateway?

[Karel Lang AFD]

Hi guys,

firstly, sorry Todd, i don't know how it happened i got attached to your 
thread.


secondly, thank you all for your thoughtful posts.

I know it is not easy to block the selected traffic from windows 10 and 
you are right, it is being backported to windows 7 as well. Horrible and 
disgusting.


I already have windows server in LAN dedicated as a update server (work 
of my windows colleagues), so the PC don't have to access windows update 
servers outside LAN - this should simplify things.


Also the PCs must have internet access to email, http, https, ftp, sftp 
- simply the 'usual' stuff.
I think, yet, there should be a way. I'll try to consult mikrotik 
experts (the router brand we use) and guys from our ISP.

If i have something, i'll let you know :-)

thank you, bb

Karel

On 03/05/2016 12:40 AM, Steven Haigh wrote:

On 05/03/16 07:24, Karel Lang AFD wrote:

Hi all,

guys, i think everyone heard already about how windows 10 badly treat
its users privacy.


My solution to this was to finally rid Windows 7 off my desktop PC - as
most of the telemetry has also been 'back ported' to Windows 7 also. You
can't stop it.


I'm now thinking about a way howto stop a windows 10 sending these data
mining results to a microsoft telemetry servers and filter it on our SL
6 linux gateway.


Nope. There are no specific servers in use - just general - so whatever
you block will end up killing other services.


I think it could be (maybe?) done via DPI (deep packet inspection). I
similarly filter torrent streams on our gateway - i patched standard SL
6 kernel with 'xtables' (iptables enhancement) and it is working
extremely well.


I would be interested to see if you could identify telemetry packets in
the flow - but I'm not predicting much success. If you do get it, make
sure you let the world know though!


I read (not sure if true) that some DNS resolutions to M$ servers are
even 'hardwired' via some .dll library, so it makes it even harder.


Correct.


I'm no windows expert, but i'm and unix administrator concerned about
privacy of windows desktop/laptop users sitting inside my LAN.

What i'd like to come up is some more general iptables rules, than
blocking specific IP addresses or names, because, apparently they may
change in any incoming windows update ...

Anyone gave this thought already? Anyone else's concerned the way i am?


Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on
a few things that I like - so Fedora is a happy medium for me - as I
still have the fedora-updates-testing repo enabled. My work laptop as
well as my personal laptop - and now my home desktop all run Fedora 23
(KDE Spin if you hate Gnome 3 - like me).

snooping windows 10 - how to stop it on a linux gateway?

[Karel Lang AFD]

Hi all,

guys, i think everyone heard already about how windows 10 badly treat 
its users privacy.


I'm now thinking about a way howto stop a windows 10 sending these data 
mining results to a microsoft telemetry servers and filter it on our SL 
6 linux gateway.


I think it could be (maybe?) done via DPI (deep packet inspection). I 
similarly filter torrent streams on our gateway - i patched standard SL 
6 kernel with 'xtables' (iptables enhancement) and it is working 
extremely well.


I read (not sure if true) that some DNS resolutions to M$ servers are 
even 'hardwired' via some .dll library, so it makes it even harder.


I'm no windows expert, but i'm and unix administrator concerned about 
privacy of windows desktop/laptop users sitting inside my LAN.


What i'd like to come up is some more general iptables rules, than 
blocking specific IP addresses or names, because, apparently they may 
change in any incoming windows update ...


Anyone gave this thought already? Anyone else's concerned the way i am?

cheers



--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

Re: a year later - CERN move to Centos - what are we doing?

[Karel Lang AFD]

Hi,
anyone who wants to go with centos, is free to do so, right? So just go 
and do it and don't 'fuss' about it on SL mail list.


We all should be grateful for continuing support of Fermilab for SL builds.


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz


On 01/12/2016 10:29 PM, lejeczek wrote:

On 12/01/16 20:30, Mark Stodola wrote:

Since this is becoming a top-post thread, I will continue the trend.

CentOS does not offer a support contract like RHEL.  Why would a
company compete with itself?  It is essentially a community supported
release of RHEL, just like SL.

Of course, some one please correct me if I am wrong here...

This is not a new topic, and was discussed at length when RedHat
announced the acquisition of CentOS and changes to the build process.
To my knowledge, the SL team had discussions with the CentOS and
RedHat people on how to move forward.  The SL team decided to continue
as a complete separate distribution instead of become in extra
repository/site for the foreseeable future.

One of the key features I like about SL is the ability to stay on a
specific point release and still receive relevant updates. There are
probably several other reasons Connie or Pat could elaborate on as well.

In the end, it is up to personal/company preference with any
distribution you chose to use.  That is part of what open source is
about.  Arguing for distribution usage/mergers doesn't really do
anything productive here in a users' mailing list.

Of course it does.

When somebody mentions fondness towards the support SL offers - what
does it mean? - I always thought SL support has always been exclusively
community(users) based + contributing developers. Am I wrong and missing
that somewhere there we can get some extra level of support?

Now, CERN and affiliates, associates, whatever or whoever decides to
follow this path is going to drift a bit away, if not completely. There
was one scientificLinux both great labs shared - now they are parting
away in a sense. The same would happen with users. Opensource community,
though the greatest in the world had always had problems coming together.

And "complete separate distribution" I think is a bit abused notion in
case of SL. I've been a SL user for many years and I'm grateful for it.
Even if only for the fact that one can get such a great product in its
entirety without getting tied up in some commercial contracts, greedy
and doggy as they usually are.

I don't want to argue superiority of one over the other in terms of
point-release, updates and/or their promptness, I did not mean to, not
much to argue there, anybody can check it themselves.

If it was discussed here on the list before I apologize - I must have
rushed my search for the topic on the list, I only found a 2014 old
topic and then CERN's news about 2015 move.

I've learned what I sought, many thanks.



-Mark


On 01/12/2016 02:10 PM, Miles O'Neal wrote:

Has CentOS got support yet? My employer moved to RHEL because we got
tired of fighting third party vendors over their support on non-RHEL
platforms, but I personally always found SL to be more consistent and
quicker to release... and they had much better support.

On 01/12/2016 02:04 PM, lejeczek wrote:

hi,
after my first post I made a move, I should say a smaller rather, I
did migrate a small HA cluster from SL7.1 to Centos7.2.
Instructions to do that I'm sure everybody can easily look up, just
one tiny manual intervention was needed above what is already covered
by a doc on Centos website.
But most importantly nothing broke, all the usual servers, web, mail,
other net related services including HA carried on seamlessly.
Like I said earlier, and everybody knows, a lot, a lot is already
shared, differences boil down to maybe a philosophy behind each
organization responsible for each snip-off, some organizational and
administrative processes, protocols.
Slight advantage seems that Centos offers, but expected as they are
closer to the source in the lifecycle supply chain, is higher revision
of some rpm packages, I see I get slightly newer kernel for example,
etc.

If I was to voice my opinion out - and scientific devel & other
responsible culprits are listening - then I say: go for it, get
together, merge userbase, share devel jobs, duties, etc. Merge/share
or even better, tell Redhat we want to use their, shared by all, bug
reporting system.

I've decided, I'll be moving over to Centos, gradually but surely.
Note, one thing to remember if you did SL -> Centos, afterwards, is
yum repos, make sure what you have enabled there.

cheers

On 12/01/16 09:48, lejeczek wrote:

hi everybody,

I've wondered and got curious, what do you guys, gals think about
that move?
More importantly do you think it's a step we SL users should also
consider?
CERN mention there were talks between them, Fermilab - what are
Fermilab plans with regards to future releases, with regards to SL in

Re: a year later - CERN move to Centos - what are we doing?

[Karel Lang AFD]

Lejeczek, Iosif etc,
I really dunno, what you guys wanna hear?

you come and say you switch/switched to centos - and you ask for what? 
for blessing? :D well ... i bless you :D


Now, joking aside, Fermilab said clearly they go with SL7x and they do.
And while you will have supp for sl/rhel 6x roughly to 2020, that makes 
sl/rhel 7x to roughly 2025? this is enough for me


without detail, why i prefer sl is
-small friendly community, incl. friendly devs
-updates
-i feel more independent to rh as far as possible, considering it is 
rhel clone


Again, what you trying to say? That we have here at list some ppl (me?) 
stuck on SL and saw no other distros? haha :D i go with linux since 1997..


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 01/13/2016 11:43 AM, lejeczek wrote:

I think we see two groups of people here, taking part in this "exciting"
debate.

One is, people who genuinely try to learn a bit about more concrete
plans Fermilab have(or don't have) for the future of Scientificlinux -
and they do it here on the list because they can sroogle all over the
Net and they won't find any solid, ideally rendered by the very source
itself statement.

The second group is people who don't give a toss, a good chance is it's
because they have not seen much beside Scientificlinux and they really
believe it's very unique indeed. You can see scientist type of mentality
here -- I have got my one little or big app, it runs great! and I'm
happy with it and I can say I do it all on by myself cause I do not have
to deal with any commercial third entities (which is very important for
a scientist) -- very simplistic and egotistic attitude, but works. And a
good chance is this bunch don't have to even ask about bigger picture.
Some individuals from this group can even be rude and hostile towards
others, even if only asked about sharing a thought or two on the issue.

Well, like esteemed fellows already said - we're free to do as we wish,
fortunately, only unfortunate is that we cannot always make fully
informed decisions. I guess that's science, that's life. Heh. :)
b.w.



On 13/01/16 10:13, Iosif Fettich wrote:

Hi there,


anyone who wants to go with centos, is free to do so, right? So just
go and do it and don't 'fuss' about it on SL mail list.


Thanks for the nice advice.

Would you have another one too? On which list should current SL users
ask/discuss about the short/long term plans regarding SL? And/or of
the problems related with a migration from/to SL?


We all should be grateful for continuing support of Fermilab for SL
builds.


That's something we most probably all on this list agree with
unconditionally.

Thank you,

Iosif Fettich

---
Iosif Fettich | e-mail: ifett...@netsoft.ro   phone+fax: +40-265-260256
Gen. Manager  | web:http://www.netsoft.ro phone: +40-365-806800
NetSoft SRL   | GPGkey: http://www.netsoft.ro/ifettich/public_gpg_key

Re: [SCIENTIFIC-LINUX-USERS] Firewall-cmd doesn't assign an interface permanently to a zone

[Karel Lang AFD]

Hi,
i already installed couple of SL7 boxes and i have to say, that the 
menitoned 'firewalld' is the new feature that i like the least.


What i do is, i just remove 'firewalld' and install 'iptables'. There i 
know what to do and there i could help you. But not with this.

Firewalld is ugly (imho).

cheers,

--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 12/29/2014 03:24 PM, Pat Riehecky wrote:

This appears somewhat similar to TUV bugzilla 1112742

I'm afraid I don't have 7 system to test with at the moment, but the
listed workaround there may be of some help.

Pat


On 12/29/2014 02:47 AM, Peter Boy wrote:

Hi all,

I’m installing a new SL7 box running a KVM host and several guests. I
established a bridge br0 attached to eth0 for external access for host
and all guests und use virbr0 as an internal connection between guests
and host to access protected resources (e.g. a tomcat application
server). Anything works fine so far.

I tried to assign the internal network devices (eth1 on guests, virbr0
on host) to the trusted zones using

# firewall-cmd --permanent --zone=public --remove-interface=eth1
# firewall-cmd --permanent —zone=trusted --add-interface=eth1
# firewall-cmd —reload

but it doesn’t work, eth1 is always in public zone after reload. If I
omit the —permanent option I can successfully modify the running
firewall. But after an reload or a reboot the modification is lost.

I found an entry at https://bugs.centos.org/view.php?id=7526 that it
is a bug and SL7 might be affected as well.

I found a workaround as well. You can add ZONE=trusted to the
/etc/sysconfig/netrwork-scripts/ifcfg-eth1 file and eth1 is added to
the trusted zone on reboot and firewall reload.

There is no ifcfg-virbr0 file, of course. I found an information
(Fedora) that you may add fwzone=‚trusted‘ using virsh net-edit, but
on save it is deleted in SL7.



My question is: Does anyone know how to accomplish it for virbr0 in SL7?





Thanks in advance

PB






—
Dr. Peter Boy
Universität Bremen
Mary-Somerville-Str. 5
28359 Bremen
Germany

p...@zes.uni-bremen.de
www.zes.uni-bremen.de



Are you looking for a web content management system for scientific
research organizations?
Have a look at http://www.scientificcms.org

Re: Longest LTS - still SL/RHEL?

[Karel Lang AFD]

Keith,
good you got it working :]
If i need info about laptops etc. i usually go here:
http://forum.notebookreview.com/

In the IBM / Lenovo subsection, there is lots ppl in the same boat - 
liking / tinkering with old IBM laptops and there is a lot good topics 
in this regard.


I'm in the same boat - i work mostly in unix / linux terminal and need 
precise tool for it - trackpoint + 3 hardware 'mouse' keys and good 
resolution and good keyboard.


New Lenovo laps is a screwups with worse keyboard - oh my god, trackpad 
- wth is this, what genius thought it out?

Next 'bright spot' generally is NVIDIA Optimus - OMDG ...

But enough rambling, i'll stay positive and keep my 6yrs old R61 too :]]


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 12/16/2014 11:21 PM, Keith Lofstrom wrote:

On Tue, Dec 16, 2014 at 09:55:19AM +0100, Karel Lang AFD wrote:

If I might ask, why do you need 32b for T61? I run 6yrs old
R61 and I run 64b on it from the start.
I'm not sure about T60, but it had 64b CPUs ready too?


This is a helpful thought.  The T60 laptops are Socket M.
Although the T60 I first tested SL7 on silently failed, it
had a T2500 Core Duo processor, 32 bits.  I just scrounged
up a T7200 Core *2* Duo processor, 64 bits, and installed it
in that T60. SL7 is installing on that machine now.

I just ordered some allegedly new T7200s for $8 each, and those
(plus spare complete laptops, and spare screens, fans, AC adapters,
docking cradles, and keyboards) should last my wife and I until
our brains shrivel.  I'll occasionally test with the latest
Fedora Live distro for early warning of future incompatibility.

The T7600 is 16% faster, but 6x more expensive, and probably
burns more power.  The T7200 seems the lowest risk.

The batteries will die soonest, but we should be able to get the
old batteries refurbished with new cells (there are companies
that do this for power tools).  After that, electromigration of
copper up through gold plating on connectors, then oxidation,
will doom these machines.

And who knows?  After everyone has bought their wide screen (AKA
vertically challenged) laptops, manufacturers will probably start
pushing tall screens again.  Or headmounts.  Or brain implants.
The current fad is bigger and bigger handhelds with asymptotically
vanishing sound quality - laptops will become popular again in
order to make voice telephone calls.

Keith

Re: Longest LTS - still SL/RHEL?

[Karel Lang AFD]

:]
Thanks Akemi - i know. Thanks to a community of a bright and 
knowledge-sharing ppl we have at least this.

(Linus Torvalds said it nicely a while ago ..(cite) Fuck you Nvidia! :]] )

But let's be blunt - it is not perfect, heck, it's not working correctly 
even on M$ windows. I read tons of Win users complains about this.


I think that if i had to (was forced to) buy new laptop for linux 
nowadays, i'd buy most probably something with Kaveri APU from AMD (like 
eg. HP EliteBook 745 G2) .. Intel has good CPUs but bad VGAs and Optimus 
won't help you much, because it means you look at a bad pictures on 
screen most of the time (using Intel Vga).


AMD Kaveri APU has ofc worse CPU part compared to Intel APUs - but - do 
i need the CPU computing power here on laptop - no i dont, but do i need 
good sharp picture? Yes i need that one.
Why should i buy Optimus with Nvidia 1GB Ram card, which is used only 5% 
of time then and 95% time is used ugly Intel VGA?

Haha, i see it just as another clever plot to trick out us, poor users.


Anyway this became a bit offtopic, sorry for that :]]



--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 12/17/2014 02:27 PM, Akemi Yagi wrote:

On Wed, Dec 17, 2014 at 4:48 AM, Karel Lang AFD l...@afd.cz
mailto:l...@afd.cz wrote:


New Lenovo laps is a screwups with worse keyboard - oh my god,
trackpad - wth is this, what genius thought it out?
Next 'bright spot' generally is NVIDIA Optimus - OMDG ...

  For Nvidia optimus, you may want to try ELRepo's bumblebee:

http://elrepo.org/tiki/bumblebee

Akemi

Re: Longest LTS - still SL/RHEL?

[Karel Lang AFD]

Hi Keith,
if i might ask, why do you need 32b for T61? I run 6yrs old R61 and i 
run 64b on it from the start ..

I'm not sure about T60, but it had 64b CPUs ready too?

cheers,


--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz

On 12/16/2014 01:51 AM, Keith Lofstrom wrote:

On Mon, Dec 15, 2014 at 04:46:29PM +0100, Karel Lang AFD wrote:

The laptops you talk about are 6+ yrs old now ...  will be 12yrs then.
After that its museum piece :].


Again - the reason for 32 bit is not that I cherish old CPUs with
inadequate RAM - but that I am currently looking at a 15 inch diagonal
(12x9 inch) 2048x1536 matt finish screen on a laptop, and such useful
screens are no longer made.  Indeed, I start with 1600x1200 production
laptops and replace the displays with ultra-high resolution NEC
prototypes that some friends and I bought when Microsoft refused to
support them.  They just happen to fit the T60 after some firmware
hacking.  Production laptops are now made for watching movies and
playing games when the boss isn't looking.

I do crazy stuff like write A or A4 size papers, construct high
resolution graphs, and fill screens with lots of xterms with
beautifully rendered text.  Chromebook is interesting, but the
screen is small and my visual acuity is decreasing.  I guess that
makes me a museum piece, too. :-)

There is a promising local startup that hopes to custom build laptops,
using a kit of plug-together boards fit into a 3D-printed case (!!!).
But I don't understand how they will survive, much less where I will
find more 12x9 inch LCDs in the future.  That is why I stockpiled
what I have, and accept reduced rendering speed.

And that is why I ask here; if anybody runs old machines for
compatibility reasons, it would be experimental scientists running
multi-year data collections.  Perhaps scientists doing very high
resolution imaging.  There appear to be Thinkpad T60s deployed all
over the International Space Station in the pictures I've seen.
Yet another museum piece ...

Keith

Re: turla

[Karel Lang AFD]

Hi,
i'm not much afraid of this. I run all servers i take care of with tight 
SELinux policies.

I dont think this poses a threat to a secured server.

Don't get me wrong, i'm not saying i'm a 'master knowing all, afraid of 
nothing' :] I know, i'm not, that's why i've got everything backed up 
and barebone reinstall procedure in place - in case, disaster happens 
(box is hacked, burnt, stolen, 3rd WW started - in this case i also have 
a bottle of whiskey in my stash :D)


And if all this is in vain, then you should at least have a good 
insurance, if your business is really critical.


Biggest threat to any Linux box server (IMHO) is still at the social 
(engineering) level, like exceptions with weak passwords for some 
'special' users, stolen laptops, secretary giving away her pw to any guy 
who says he needs it because he's from IT department .. etc etc :]



--
*Karel Lang*
*Unix/Linux Administration*
l...@afd.cz | +420 731 13 40 40
AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz


On 12/09/2014 07:23 PM, Yasha Karant wrote:

I am attempting to discover the degree of penetration of the following
compromise methodology into EL systems, particularly SL 6 and SL 7.  I
apologize for including the actual article in addition to the URL;
however, if the URL should be compromised or removed, the material is of
sufficient importance to be retained.  At the moment, I do not have time
to research this item; however, I suspect that there are subscribers to
this list who have more detailed information.   There is mention of a
tool called YARA that will help in the detection (albeit evidently
neither the quarantine nor removal of the infection) -- has anyone used
this tool and is it effective?

Yasha Karant

From: https://securelist.com/blog/research/67962/the-penquin-turla-2/
The 'Penquin' Turla

A Turla/Snake/Uroburos Malware for Linux
By Kurt Baumgartner, Costin Raiu on December 8, 2014. 7:05 pm

Recently, an interesting malicious sample was uploaded to a
multi-scanner service. This immediately triggered our interest because
it appears to represent a previously unknown piece of a larger puzzle.
That puzzle is Turla, one of the most complex APTs in the world.

We have written previously about the Turla APT with posts about their
Epic Turla operations
http://securelist.com/analysis/publications/65545/the-epic-turla-operation/
and Agent.btz inspiration
http://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/
 .
So far, every single Turla sample we've encountered was designed for the
Microsoft Windows family, 32 and 64 bit operating systems. The newly
discovered Turla sample is unusual in the fact that it's the *first
Turla sample targeting the Linux operating system* that we have discovered.

This newly found Turla component supports Linux for broader system
support at victim sites. The attack tool takes us further into the set
alongside the Snake rootkit
http://www.baesystems.com/what-we-do-rai/the-snake-campaign and
components first associated with this actor a couple years ago. We
suspect that this component was running for years at a victim site, but
do not have concrete data to support that statement just yet.

The Linux Turla module is a C/C++ executable statically linked against
multiple libraries, greatly increasing its file size. It was stripped of
symbol information, more likely intended to increase analysis effort
than to decrease file size. Its functionality includes hidden network
communications, arbitrary remote command execution, and remote
management. Much of its code is based on public sources.

*Md5*   *Size*  *Verdict Name*
0994d9deb50352e76b0322f48ee576c6627.2 kbN/A (broken file)
14ecd5e6fc8e501037b54ca263896a11637.6 kb
HEUR:Backdoor.Linux.Turla.gen

General executable characteristics:

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically
linked, for GNU/Linux 2.2.5, stripped

Statically linked libraries:

  * glibc2.3.2 - the GNU C library
  * openssl v0.9.6 - an older OpenSSL library
  * libpcap - tcpdump's network capture library

Hardcoded CC, known Turla activity: *news-bbc.podzone[.]org*
The domain has the following pDNS IP: *80.248.65.183*

80.248.65.183 aut-num:AS30982 announcement:   80.248.65.0/24
as-name:CAFENET descr:  CAFE Informatique et
telecommunications admin-c:YN2-AFRINIC tech-c:
AN39-AFRINIC org:ORG-CIet1-AFRINIC mnt-by:
AFRINIC-HM-MNT mnt-lower:  CAFENET-NOC source: AFRINIC #
Filtered
1
2
3
4
5
6
7
8
9
10
11

80.248.65.183
aut-num: AS30982
announcement: 80.248.65.0/24
as-name: CAFENET
descr: CAFE Informatique et telecommunications
admin-c: YN2-AFRINIC
tech-c: AN39-AFRINIC
org: ORG-CIet1-AFRINIC
mnt-by: AFRINIC-HM-MNT
mnt-lower: CAFENET-NOC
source: AFRINIC# Filtered


Note: the CC domain is currently sinkholed by Kaspersky Lab.


Functional description

The sample is a stealth backdoor based on the cd00r sources

Re: Posted for testing: Scientific Linux 7.0 x86_64 RELEASE CANDIDATE 1

[Karel Lang AFD]

Great news! Thanks for all the hard work, can't wait for the final go ..:]

On 09/26/2014 04:29 PM, Pat Riehecky wrote:

Scientific Linux 7.0 x86_64 RELEASE CANDIDATE 1 - Sep 26, 2014

== Information ==

Fermilab's intention is to continue the development and support of
Scientific Linux and refine its focus as an operating system for
scientific computing. Today we are announcing a release candidate of
Scientific Linux 7.  We continue to develop a stable process for
generating and distributing Scientific Linux, with the intent that
Scientific Linux remains the same high quality operating system the
community has come to expect.

THIS IS NOT A PRODUCTION RELEASE OF SCIENTIFIC LINUX 7.0

NOTE: Please review the SL Release Notes along with
   The Upstream Vendor's Release Notes:

http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/release-notes/

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/index.html


There is a great deal of information within those documents not listed
here.

Send comments/issues/test reports to:
  SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

== Media ==
You can find the release media at:
http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/iso/

NOTE: The 'everything' dvd image requires a Dual-Layer (DL) compatible
   drive for both burning and booting off of.

   Alternatively the livecd-iso-to-disk utility is able to convert
   this to USB successfully.  A USB device of sufficient size is
   required.

   Alternatively you can utilize the dd command to write the
   raw image to a USB device.

http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/release-notes/#_how_to_make_a_bootable_usb_installer


== UEFI Secure Boot ==
The status of UEFI Secure Boot for Scientific Linux is noted in detail at:

http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/release-notes/#_about_uefi_secure_boot


Booting SL7 with Secure Boot enabled works but requires a manual step.
This is because the shim has not been signed by the UEFI CA.
Instructions are included within the SL7 Release Notes.

NOTE: The kernels in sl7-security have not yet been built with
   the SL7 Secure Boot Certificate and may not function
   in secure boot environments.

Re: Keyboard not working in Gnome

[Karel Lang AFD]

Hi there,
good you at least got working this way.

I just been thinking a few more ideas:
-try to look into your home dir and erase (backup, move ..) there any 
mention of gnome (gnome folders etc) and X settings etc


- also erase /tmp for any X related things

- as for yum - you have to check your repository files in 
/etc/yum.repos.d and see if they point to right repositories for SL 6.5 
and enable = 0 or enable = 1 for disable / enable the repo there


also try:
yum clean dbcache
yum clean all

yum update

and try install again

cheers,

On 09/18/2014 09:09 AM, MAH Maccallum wrote:

Thanks for the sample xorg.conf. I also found an old one of mine in a backup 
from March 2013 and used both as guides but this did not seem to resolve the 
problem. What makes things really galling is that all works fine from the SL 
6.5 LIVE CD. Currently, to get functionality, I have booted from that, mounted 
the usual hard drives, and then created my usual username with my real 
directory as home. So for now I have a workaround which I am using. But I am 
still completely mystified by the absence of the keyboard in Gnome or gdm when 
I boot off the hard drive.

I did try to do the groupinstalls you recommended, but hit trouble with them. I 
had Desktop, General Purpose Desktop and X Window System installed but attempts 
to install the others failed. I did try to report this to the users list but 
that did not seem to getthrough so here are the details again.

When trying to install Desktop Platform I got
Error: Package: libxml2-python-2.7.6-12.el6_4.1.i686 (@sl-security)
Requires: libxml2 = 2.7.6-12.el6_4.1
Removing: libxml2-2.7.6-12.el6_4.1.i686 (@sl-security)
libxml2 = 2.7.6-12.el6_4.1
Updated By: libxml2-2.7.6-14.el6_5.1.i686 (sl-security)
libxml2 = 2.7.6-14.el6_5.1
Removing: libxml2-2.7.6-14.el6.i686 (installed)
libxml2 = 2.7.6-14.el6
Updated By: libxml2-2.7.6-14.el6_5.1.i686 (sl-security)
libxml2 = 2.7.6-14.el6_5.1
Available: libxml2-2.7.6-1.el6.i686 (sl)
libxml2 = 2.7.6-1.el6
Available: libxml2-2.7.6-4.el6.i686 (sl-security)
libxml2 = 2.7.6-4.el6
Available: libxml2-2.7.6-4.el6_2.1.i686 (sl-security)
libxml2 = 2.7.6-4.el6_2.1
Available: libxml2-2.7.6-4.el6_2.4.i686 (sl-security)
libxml2 = 2.7.6-4.el6_2.4
Available: libxml2-2.7.6-8.el6_3.3.i686 (sl-security)
libxml2 = 2.7.6-8.el6_3.3
Available: libxml2-2.7.6-8.el6_3.4.i686 (sl-security)
libxml2 = 2.7.6-8.el6_3.4
which looks like some messup over versions between repositories

More worryingly, trying to install KDE I got
error: rpmts_HdrFromFdno: Header V4 DSA/SHA1 Signature, key ID 192a7d7d: BAD

Problem opening package htdig-3.2.0-0.10.b6.el6.i686.rpm
which looks like the repo has a package that's not signed correctly although 
all the other 70+ rpms in the group
apparently worked OK

Thanks once more for your attention to this problem
  Malcolm



 
From: Karel Lang AFD l...@afd.cz
Sent: 17 September 2014 13:43
To: MAH Maccallum
Cc: scientific-linux-users@listserv.fnal.gov
Subject: Re: Keyboard not working in Gnome

Hi,
the X server on RHEL 6 can go without xorg.conf while creating needed
parameters for itself 'on the fly' when starts.
But you can still control you X server via custom 'xorg.conf'

e.g. my laptop:

[root@orionis ~]# ls -al /etc/X11/xorg.conf.d/xorg.conf
-rw-r--r--. 1 root root 1748 Jul 30 08:43 /etc/X11/xorg.conf.d/xorg.conf

e.g. my xorg.conf :


# Xorg configuration

Section ServerLayout
  Identifier Default Layout
  Screen  0  Screen0 0 0
  InputDeviceMouse0 CorePointer
  InputDeviceKeyboard0 CoreKeyboard
EndSection

Section InputDevice
  # generated from default
  Identifier Mouse0
  Driver mouse
  Option Protocol auto
  Option Device /dev/input/mice
  Option Emulate3Buttons no
  Option ZAxisMapping 4 5
EndSection

Section InputDevice
  Identifier Keyboard0
  Driver kbd
  Option XkbModel pc105
  Option XkbLayout us
EndSection

Section Monitor
  Identifier Monitor0
  VendorName Unknown
  ModelName  Unknown
  HorizSync   28.0 - 33.0
  VertRefresh 43.0 - 72.0
  Option DPMS
EndSection

Section Device
  Identifier Videocard0
  Driver nvidia
EndSection

Section Screen
  Identifier Screen0
  Device Videocard0
  MonitorMonitor0
  DefaultDepth24
  SubSection Display
  Viewport0 0
  Depth   24
  EndSubSection
EndSection




also, you can use 'xinput --list' to list input devices



On 09/17/2014 01:40 PM, MAH Maccallum wrote:

Hmm! I

Re: Keyboard not working in Gnome

[Karel Lang AFD]

Hi,
the X server on RHEL 6 can go without xorg.conf while creating needed 
parameters for itself 'on the fly' when starts.

But you can still control you X server via custom 'xorg.conf'

e.g. my laptop:

[root@orionis ~]# ls -al /etc/X11/xorg.conf.d/xorg.conf
-rw-r--r--. 1 root root 1748 Jul 30 08:43 /etc/X11/xorg.conf.d/xorg.conf

e.g. my xorg.conf :


# Xorg configuration

Section ServerLayout
Identifier Default Layout
Screen  0  Screen0 0 0
InputDeviceMouse0 CorePointer
InputDeviceKeyboard0 CoreKeyboard
EndSection

Section InputDevice
# generated from default
Identifier Mouse0
Driver mouse
Option Protocol auto
Option Device /dev/input/mice
Option Emulate3Buttons no
Option ZAxisMapping 4 5
EndSection

Section InputDevice
Identifier Keyboard0
Driver kbd
Option XkbModel pc105
Option XkbLayout us
EndSection

Section Monitor
Identifier Monitor0
VendorName Unknown
ModelName  Unknown
HorizSync   28.0 - 33.0
VertRefresh 43.0 - 72.0
Option DPMS
EndSection

Section Device
Identifier Videocard0
Driver nvidia
EndSection

Section Screen
Identifier Screen0
Device Videocard0
MonitorMonitor0
DefaultDepth24
SubSection Display
Viewport0 0
Depth   24
EndSubSection
EndSection




also, you can use 'xinput --list' to list input devices



On 09/17/2014 01:40 PM, MAH Maccallum wrote:

Hmm! I don't appear to have an xorg.conf file anywhere (not even in backups 
from before the problems). I do have xorg.conf.d directories but they seem to 
be empty both in the current system and in the backups

Yum group list showed I did not have the Desktop Platform or KDE groups. I 
tried group install but each failed, the Desktop one with clashes on libxml and 
the KDE with a package with wrong signature. I cannot cut and paste the errors 
from this iPad so I will forward them separately

Thanks for help, Malcolm

Sent from my iPad


On 16 Sep 2014, at 21:58, Karel Lang AFD l...@afd.cz wrote:

Hi,
to solve this, id suggest:
1. have a look what is stated in your xorg.conf file - you should have there 
something like


Section InputDevice
   # generated from data in /etc/sysconfig/keyboard
   Identifier Keyboard0
   Driver keyboard
   Option XkbLayout us
   Option XkbModel pc105
EndSection


2. log in as root at runlevel 3 and 'startx'
then switch back to console via ctrl+alt+f1 and have a look at 
/var/log/Xorg.0.log

and look for any error message
switch back to gui via ctrl-alt-f7 to try to type

3. check if you have all X server related packages installed - if you run below command 
you should get those groups installed (except kde if you dont use it) ... as a matter of 
a fact, you can try to install it and see if you can run keyboard in kde ... ( to install 
grp run 'yum groupinstall name of grp

yum grouplist

Desktop
Desktop Platform
General Purpose Desktop
KDE Desktop
X Window System


cheers,



On 09/16/2014 04:34 PM, MAH Maccallum wrote:
I recently had a glitch (my own fault) and had to restore/rebuild. I also 
upgraded from SL 6.1 to 6,5. After several days struggle I can now boot  up
and login using run level 3 but gnome does not seem to accept any keyboard
input, either in the password dialog box if I start at run level 5 or in any 
window or dialog box started after a startx from the run level 3 console.
I have found reports of similar problems on the web but none of the solutions 
suggested (or the exact symptoms) seem to match my problem. Our system
guru is on vacation and I have a deadline to meet so I desperately want help to 
get my
GUI back! My best guess is that some file leftover from the old installation is 
interacting badly with the new: but what? All help gratefully received!

Re: Keyboard not working in Gnome

[Karel Lang AFD]

Hi,
to solve this, id suggest:
1. have a look what is stated in your xorg.conf file - you should have 
there something like



Section InputDevice
# generated from data in /etc/sysconfig/keyboard
Identifier Keyboard0
Driver keyboard
Option XkbLayout us
Option XkbModel pc105
EndSection


2. log in as root at runlevel 3 and 'startx'
then switch back to console via ctrl+alt+f1 and have a look at 
/var/log/Xorg.0.log


and look for any error message
switch back to gui via ctrl-alt-f7 to try to type

3. check if you have all X server related packages installed - if you 
run below command you should get those groups installed (except kde if 
you dont use it) ... as a matter of a fact, you can try to install it 
and see if you can run keyboard in kde ... ( to install grp run 'yum 
groupinstall name of grp


yum grouplist

Desktop
Desktop Platform
General Purpose Desktop
KDE Desktop
X Window System


cheers,


On 09/16/2014 04:34 PM, MAH Maccallum wrote:

I recently had a glitch (my own fault) and had to restore/rebuild. I also 
upgraded from SL 6.1 to 6,5. After several days struggle I can now boot  up
and login using run level 3 but gnome does not seem to accept any keyboard
input, either in the password dialog box if I start at run level 5 or in any 
window or dialog box started after a startx from the run level 3 console.
I have found reports of similar problems on the web but none of the solutions 
suggested (or the exact symptoms) seem to match my problem. Our system
guru is on vacation and I have a deadline to meet so I desperately want help to 
get my
GUI back! My best guess is that some file leftover from the old installation is 
interacting badly with the new: but what? All help gratefully received!

Re: setup windows printer on sl6

[Karel Lang AFD]

Hello,

Can you please clarify you intentions a little bit more in detail?
'the setup windows printer on SL 6' can mean lots of things like e.g.:

- i have SL6 server and i want to share networked printer to windows (or 
any) client by creating print queue on my SL6 server
- i want my SL6 laptop to connect to printer that is shared and has 
printer queue setup on the windows 2008 server
- i want my SL6 laptop connect to other SL6 server that share its CUPs 
printer queue via Samba

...
..
which is it :]?

for your other questions:

the nmbd is just a binary, one of multiple in the Samba packages (even 
though one of most important).


if i may suggest, try:

service smb status
service nmb status

you should get something like:

[root@srv-022 ~]# service nmb status
nmbd (pid  7069) is running...
[root@srv-022 ~]# service smb status
smbd (pid  7080) is running...




On 09/10/2014 11:35 AM, Ian A Taylor wrote:

Sir/Madam

I wish to setup a windows printer on SL6.

I currently have installed

yum list installed | grep samba
samba.x86_64  3.6.9-169.el6_5  @sl-security
samba-common.x86_64   3.6.9-169.el6_5  @sl-security
samba-swat.x86_64 3.6.9-169.el6_5  @sl-security
samba-winbind.x86_64  3.6.9-169.el6_5  @sl-security
samba-winbind-clients.x86_64  3.6.9-169.el6_5  @sl-security
samba4-libs.x86_644.0.0-63.el6_5.rc4   @sl-security

I am not entirely what I need to start to allow samba to access windows
printer

I did find

http://scientificlinuxforum.org/index.php?showtopic=221

However I do not appear to have  service nmbd

I do believe I have sl-security configured


in /etc/yum.repos.d/sl.repo

[sl-security]
name=Scientific Linux $releasever - $basearch - security updates
baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/

http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/

http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/

ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/

#mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-security-6.txt

enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl6
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cern

===


yet a yum install nmbd tells me no package available

That renders the rest of this page useless

Therefore some help about howto setup samba client
to access shared windows printer.

Would be sincerely appreciated.

Thanking you.

Yours sincerely



Ian Taylor
University of St.Andrews,
School of Physics  Astronomy,
North Haugh,
St.Andrews,
Fife  KY16 9SS,
Scotland.

e-Mail :- i...@st-and.ac.uk
Tel:- (0)1334-463141
Fax:- (0)1334-463104

The University of St Andrews
is a charity registered in
Scotland : No SC013532.