Re: Cisco VPN Client on SL6.7
Hello, this is hard to say, i don't use cisco client, so can't say for sure, but I'd start with a common steps used to solve problems: - try to run the cisco client directly from command line - and observe, if there is any messages displayed there - check /var/log/messages for any possible errors - check if the client has it's own log file, if it does, check it too -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 05/04/2016 12:17 PM, Ian A Taylor wrote: Sir/Madam I have a user with SL 6.7 installed (2.6.32-573.3.1) Up until a few weeks ago he could run a Cisco VPN client on this system ok. However now, when he loads the Cisco VPN client then the process load on his system just climbs and climbs until he cannot do anything on the system. It appears the CiscoVPN client is version 2.5.6005 If anybody can suggest a solution to this, it would be much appreciated.
Re: SSH port forward with firewalld
Hi, i see 2 basic ways howto go about this firstly, yes, you can solve this by port-forwarding on the iptables level on the host machine. Unfortunately, i dont use firewalld, i use only iptables, so can't say if your config is right or not. But basically if the forwarding firewall rule works, then after you issue: ssh user@IP-of-host-machine -p portnumber-that-is-forwarded then you are immediately redirected at guest machine and you should get pw prompt from guest - if not, something is wrong - probably on firewall. secondly, you can use ssh tunnel and tunnel your ssh session through your host to your guest very quickly from your laptop (this assumes both sshd daemons on guest and host use 22 port) ssh -L 2:IP-of-guest-virt-machine:22 user@IP-of-host-machine this establishes the ssh tunnel next goes: ssh user@localhost -p 2 you should get the pw prompt from guest machine check, if your host machine forwards packets in /etc/sysctl.conf net.ipv4.ip_forward = 1 cheers, -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 04/28/2016 09:59 AM, Benjamin Lefoul wrote: Hi! I have a KVM guest called "streeling" running on physicalhost "trantor". I can easily ssh to "trantor", and from there ssh to "streeling", put I cannot seem to be able to set the port forward properly to ssh directly to "streeling" ("Connection refused"). This should be simple enough to follow through: seldon@anacreon:~ $ head .ssh/config Host streeling Hostname 10.0.75.192 Port 4077 User root Host trantor Hostname 10.0.75.192 ForwardX11=yes User seldon seldon@anacreon:~ $ ssh streeling ssh: connect to host 10.0.75.192 port 4077: Connection refused seldon@anacreon:~ $ ssh trantor Last login: Thu Apr 28 09:31:52 2016 from 10.0.75.177 seldon@trantor:~ $ sudo virsh list IdName State 2 streeling running 3 mycogenrunning 4 dahl running seldon@trantor:~ $ ip a 1: lo:mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp4s1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 6c:62:6d:6a:ab:fc brd ff:ff:ff:ff:ff:ff inet 10.0.75.192/24 brd 10.0.75.255 scope global enp4s1 valid_lft forever preferred_lft forever inet6 fe80::6e62:6dff:fe6a:abfc/64 scope link valid_lft forever preferred_lft forever 3: virbr1: mtu 1500 qdisc noqueue state UP link/ether 52:54:00:0d:4a:73 brd ff:ff:ff:ff:ff:ff inet 192.168.128.1/24 brd 192.168.128.255 scope global virbr1 valid_lft forever preferred_lft forever 4: virbr1-nic: mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500 link/ether 52:54:00:0d:4a:73 brd ff:ff:ff:ff:ff:ff 5: vnet0: mtu 1500 qdisc pfifo_fast master virbr1 state UNKNOWN qlen 500 link/ether fe:54:00:89:ac:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::fc54:ff:fe89:acbc/64 scope link valid_lft forever preferred_lft forever seldon@trantor:~ $ getenforce Enforcing seldon@trantor:~ $ sudo grep "Port" /etc/ssh/sshd_config Port 22 Port 4077 seldon@trantor:~ $ sudo semanage port -l | grep ssh ssh_port_t tcp 4077, 22 seldon@trantor:~ $ cat /proc/sys/net/ipv4/ip_forward 1 seldon@trantor:~ $ head -4 .ssh/config Host streeling Hostname 192.168.128.128 User root seldon@trantor:~ $ sudo firewall-cmd --list-all public (default, active) interfaces: enp4s1 sources: services: ssh ports: 4077/tcp masquerade: yes forward-ports: port=4077:proto=tcp:toport=22:toaddr=192.168.128.128 icmp-blocks: rich rules: seldon@trantor:~ $ ssh streeling Last login: Thu Apr 28 09:10:57 2016 from 192.168.128.1 root@streeling:~ # ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:89:ac:bc brd ff:ff:ff:ff:ff:ff inet 192.168.128.128/24 brd 192.168.128.255 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe89:acbc/64 scope link valid_lft forever preferred_lft forever What should I do? Regards, Benjamin Lefoul
Re: php 5.6
hello, from my notes: SL / CentOS_6_PHP56 + owncloud-8.2.0-4.1 Run the following shell commands as root to trust the repository. rpm --import https://download.owncloud.org/download/repositories/8.2/CentOS_6_PHP56/repodata/repomd.xml.key Run the following shell commands as root to add the repository and install from there. yum install -y https://www.softwarecollections.org/en/scls/rhscl/rh-php56/epel-6-x86_64/download/rhscl-rh-php56-epel-6-x86_64.noarch.rpm yum install -y https://www.softwarecollections.org/en/scls/rhscl/httpd24/epel-6-x86_64/download/rhscl-httpd24-epel-6-x86_64.noarch.rpm wget http://download.owncloud.org/download/repositories/8.2/CentOS_6_PHP56/ce:8.2.repo -O /etc/yum.repos.d/ce:8.2.repo yum clean expire-cache yum install owncloud -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 04/08/2016 03:46 PM, Jim Campbell wrote: Hello, On Fri, Apr 8, 2016, at 07:40 AM, Stephan Wiesand wrote: On 08 Apr 2016, at 14:22, Ralf Farkewrote: Hi, i need php 5.6 for my Owncloud Server 9, installed is 5.4.16 from @sl-security. I installed the repos epel and webtatic. If i try to install php 5.6w i get the error: php56w-common conflicts with php-common-5.4.16-36.el7_1.x86_64. When i try to delete php 5.4 i get a lot of Software to delete because of dependencies, so this is not a solution. Any suggestions? rh-php56 from external_products/softwarecollections? Greetings, Ralf Farke I would agree with Stephan's suggestion, and suggest using Software Collections, as well. One of the Scientific Linux maintainers, Bonnie King, gave a talk on using Software Collections at our GNU/Linux User Group a few years ago. The slides are here [1], and they include some SL-specific commands to get Software Collections installed & some info on using them. Cheers, Jim [1] https://mediagoblin.chicagolug.org/u/chicagolug/m/rh-software-collections/
Re: fglrx problem
Hi, i don't know why you were doing the kernel/vga driver update, but if there wasn't a particular bug you were fixing, i would downgrade the kernel/driver/X server back to previous, working versions.. -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 03/31/2016 08:18 PM, Stephen Isard wrote: I have a Dell Optiplex 980 with a Radeon HD 6450 card which was working fine with the elrepo fglrx-x11-drv and kmod-fglrx packages until I recently upgraded to kernel 2.6.32-573.12.1.el6.x86_64 and fglrx versions 15.12-1. Now when I move a window on the screen, the content isn't erased from the old location, leaving a trail of ghosts behind. This happens with more than one window manager (fvwm, icewm, fluxbox), so I think its an X problem, rather than a window manager bug. The guys at elrepo were very responsive, but they didn't have the problem on their own machines, and it's not really their software - it is closed source from ATI - and they have run out of guesses for what to try. I have tried installing ATI's own rpm and that behaves the same way. I've filed a bug on the unofficial ATI bugzilla, but don't have great hopes there. I'm wondering whether anyone here has ever seen symptoms like these. Using the radeon driver gets me a mostly usable system, but there is some stuff that says it won't work without glx. Stephen Isard
Re: snooping windows 10 - how to stop it on a linux gateway?
Hmm ... yes, yes. Thanks for bringing this up. I force all http traffic through the squid proxy on our SL 6 gateway, this could be also helpful.. On 03/05/2016 11:00 AM, prmari...@gmail.com wrote: The only way I can think of is to force all internet access through a proxy and filter it out in the proxy. Then you don't give the machines any internet access just access to the proxy. Unfortunately I do not have details for you on how to filter the snoop messages because in I haven't looked at them but it should be fairly easy using squid and an external Perl regex filter script or other filter application, but you will take a latency hit because you will have to inspect every transaction. Original Message From: jdow Sent: Friday, March 4, 2016 23:35 To: scientific-linux-us...@fnal.gov Subject: Re: snooping windows 10 - how to stop it on a linux gateway? That windows update server is a relay for the "snoop" messages. About the only way to totally stop the snoop messages is to totally isolate the network containing Windows machines from the network. Any windows machine can serve as a relay point for any others. {o.o} On 2016-03-04 20:16, Karel Lang AFD wrote: Hi guys, firstly, sorry Todd, i don't know how it happened i got attached to your thread. secondly, thank you all for your thoughtful posts. I know it is not easy to block the selected traffic from windows 10 and you are right, it is being backported to windows 7 as well. Horrible and disgusting. I already have windows server in LAN dedicated as a update server (work of my windows colleagues), so the PC don't have to access windows update servers outside LAN - this should simplify things. Also the PCs must have internet access to email, http, https, ftp, sftp - simply the 'usual' stuff. I think, yet, there should be a way. I'll try to consult mikrotik experts (the router brand we use) and guys from our ISP. If i have something, i'll let you know :-) thank you, bb Karel On 03/05/2016 12:40 AM, Steven Haigh wrote: On 05/03/16 07:24, Karel Lang AFD wrote: Hi all, guys, i think everyone heard already about how windows 10 badly treat its users privacy. My solution to this was to finally rid Windows 7 off my desktop PC - as most of the telemetry has also been 'back ported' to Windows 7 also. You can't stop it. I'm now thinking about a way howto stop a windows 10 sending these data mining results to a microsoft telemetry servers and filter it on our SL 6 linux gateway. Nope. There are no specific servers in use - just general - so whatever you block will end up killing other services. I think it could be (maybe?) done via DPI (deep packet inspection). I similarly filter torrent streams on our gateway - i patched standard SL 6 kernel with 'xtables' (iptables enhancement) and it is working extremely well. I would be interested to see if you could identify telemetry packets in the flow - but I'm not predicting much success. If you do get it, make sure you let the world know though! I read (not sure if true) that some DNS resolutions to M$ servers are even 'hardwired' via some .dll library, so it makes it even harder. Correct. I'm no windows expert, but i'm and unix administrator concerned about privacy of windows desktop/laptop users sitting inside my LAN. What i'd like to come up is some more general iptables rules, than blocking specific IP addresses or names, because, apparently they may change in any incoming windows update ... Anyone gave this thought already? Anyone else's concerned the way i am? Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on a few things that I like - so Fedora is a happy medium for me - as I still have the fedora-updates-testing repo enabled. My work laptop as well as my personal laptop - and now my home desktop all run Fedora 23 (KDE Spin if you hate Gnome 3 - like me). -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
Re: snooping windows 10 - how to stop it on a linux gateway?
Hi Todd and all, you wouldn't belive, how glad i would be to get rid off all windows PCs. And if it was just because of regular office users, it would be happening. But, alas, in my LAN is sitting roughly like 350 Dell and HP workstations that run 'Catia', which is a CAD application for automotive industry - and there is no way this will run under wine or on KVM virtualized windows guests (sigh)... With what jdow wrote - about the windows update server (that sits insided your LAN) acting like relay point, it is really hard/bad. Really, only thing i can think of is as i said in my 1st post the so called 'DPI' - deep packet inspection, which is a method of packet filtering that functions at the Application layer and inspects packet payloads searching for defined pattern(s). Thing is i need to know which pattern or string to search for (which i dunno). I found on internet many posts trying to block the telemetry windows servers, but this is really not much elegant way and also not much effective, as these things can change very dynamically. As i said, i'm not giving up yet and i'm gonna consult some network IP specialists. with br, Karel -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 03/05/2016 10:09 AM, ToddAndMargo wrote: On 03/04/2016 08:16 PM, Karel Lang AFD wrote: Also the PCs must have internet access to email, http, https, ftp, sftp - simply the 'usual' stuff. Hi Karl, All work marvelously user Fedora/RHEL. It may be time for your to consider migrating off of Windows. I support Windows, Linux, Apple. Apple is like an excruciatingly weird straight jacket. The quality and security issues involved with Windows takes my breath away, especially with all the Crypto Locker style viruses out there. Yo are one eMail away from an absolute disaster. And these viruses go after your backup too! With Linux, you will noticed that you are only assisting with programs and setting up features. You will no longer be chasing your tail over quality issues, bad updates, spying, "Where's Waldo?", etc.. You can make Xfce look like XP and KDE look like W7. Nothing can make anything look as bad as Frankenstein and Sons (W8 and W-Nein). I love Xfce just as it is. With Fedora/RHEL, there is none of this "w7 installer can't read USB 3 ports, so no keyboard or mouse" baloney to deal with. Where you get into trouble are Windows only business apps, such as Quick Bucks, oops, Quick Books. Set up a KVM server and have them log into with Spice from their workstations. (I prefer XP for such, it is more powerful and less buggy. Plus no more idiot M$ updates to crash your next boot up.) And this profession starts to become fun again. And dead, dragging computer come back to life! -T
Re: snooping windows 10 - how to stop it on a linux gateway?
Hi guys, firstly, sorry Todd, i don't know how it happened i got attached to your thread. secondly, thank you all for your thoughtful posts. I know it is not easy to block the selected traffic from windows 10 and you are right, it is being backported to windows 7 as well. Horrible and disgusting. I already have windows server in LAN dedicated as a update server (work of my windows colleagues), so the PC don't have to access windows update servers outside LAN - this should simplify things. Also the PCs must have internet access to email, http, https, ftp, sftp - simply the 'usual' stuff. I think, yet, there should be a way. I'll try to consult mikrotik experts (the router brand we use) and guys from our ISP. If i have something, i'll let you know :-) thank you, bb Karel On 03/05/2016 12:40 AM, Steven Haigh wrote: On 05/03/16 07:24, Karel Lang AFD wrote: Hi all, guys, i think everyone heard already about how windows 10 badly treat its users privacy. My solution to this was to finally rid Windows 7 off my desktop PC - as most of the telemetry has also been 'back ported' to Windows 7 also. You can't stop it. I'm now thinking about a way howto stop a windows 10 sending these data mining results to a microsoft telemetry servers and filter it on our SL 6 linux gateway. Nope. There are no specific servers in use - just general - so whatever you block will end up killing other services. I think it could be (maybe?) done via DPI (deep packet inspection). I similarly filter torrent streams on our gateway - i patched standard SL 6 kernel with 'xtables' (iptables enhancement) and it is working extremely well. I would be interested to see if you could identify telemetry packets in the flow - but I'm not predicting much success. If you do get it, make sure you let the world know though! I read (not sure if true) that some DNS resolutions to M$ servers are even 'hardwired' via some .dll library, so it makes it even harder. Correct. I'm no windows expert, but i'm and unix administrator concerned about privacy of windows desktop/laptop users sitting inside my LAN. What i'd like to come up is some more general iptables rules, than blocking specific IP addresses or names, because, apparently they may change in any incoming windows update ... Anyone gave this thought already? Anyone else's concerned the way i am? Yup - and as I said, I'm now running Fedora 23 on my desktop (EL lags on a few things that I like - so Fedora is a happy medium for me - as I still have the fedora-updates-testing repo enabled. My work laptop as well as my personal laptop - and now my home desktop all run Fedora 23 (KDE Spin if you hate Gnome 3 - like me).
snooping windows 10 - how to stop it on a linux gateway?
Hi all, guys, i think everyone heard already about how windows 10 badly treat its users privacy. I'm now thinking about a way howto stop a windows 10 sending these data mining results to a microsoft telemetry servers and filter it on our SL 6 linux gateway. I think it could be (maybe?) done via DPI (deep packet inspection). I similarly filter torrent streams on our gateway - i patched standard SL 6 kernel with 'xtables' (iptables enhancement) and it is working extremely well. I read (not sure if true) that some DNS resolutions to M$ servers are even 'hardwired' via some .dll library, so it makes it even harder. I'm no windows expert, but i'm and unix administrator concerned about privacy of windows desktop/laptop users sitting inside my LAN. What i'd like to come up is some more general iptables rules, than blocking specific IP addresses or names, because, apparently they may change in any incoming windows update ... Anyone gave this thought already? Anyone else's concerned the way i am? cheers -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz
Re: a year later - CERN move to Centos - what are we doing?
Hi, anyone who wants to go with centos, is free to do so, right? So just go and do it and don't 'fuss' about it on SL mail list. We all should be grateful for continuing support of Fermilab for SL builds. -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 01/12/2016 10:29 PM, lejeczek wrote: On 12/01/16 20:30, Mark Stodola wrote: Since this is becoming a top-post thread, I will continue the trend. CentOS does not offer a support contract like RHEL. Why would a company compete with itself? It is essentially a community supported release of RHEL, just like SL. Of course, some one please correct me if I am wrong here... This is not a new topic, and was discussed at length when RedHat announced the acquisition of CentOS and changes to the build process. To my knowledge, the SL team had discussions with the CentOS and RedHat people on how to move forward. The SL team decided to continue as a complete separate distribution instead of become in extra repository/site for the foreseeable future. One of the key features I like about SL is the ability to stay on a specific point release and still receive relevant updates. There are probably several other reasons Connie or Pat could elaborate on as well. In the end, it is up to personal/company preference with any distribution you chose to use. That is part of what open source is about. Arguing for distribution usage/mergers doesn't really do anything productive here in a users' mailing list. Of course it does. When somebody mentions fondness towards the support SL offers - what does it mean? - I always thought SL support has always been exclusively community(users) based + contributing developers. Am I wrong and missing that somewhere there we can get some extra level of support? Now, CERN and affiliates, associates, whatever or whoever decides to follow this path is going to drift a bit away, if not completely. There was one scientificLinux both great labs shared - now they are parting away in a sense. The same would happen with users. Opensource community, though the greatest in the world had always had problems coming together. And "complete separate distribution" I think is a bit abused notion in case of SL. I've been a SL user for many years and I'm grateful for it. Even if only for the fact that one can get such a great product in its entirety without getting tied up in some commercial contracts, greedy and doggy as they usually are. I don't want to argue superiority of one over the other in terms of point-release, updates and/or their promptness, I did not mean to, not much to argue there, anybody can check it themselves. If it was discussed here on the list before I apologize - I must have rushed my search for the topic on the list, I only found a 2014 old topic and then CERN's news about 2015 move. I've learned what I sought, many thanks. -Mark On 01/12/2016 02:10 PM, Miles O'Neal wrote: Has CentOS got support yet? My employer moved to RHEL because we got tired of fighting third party vendors over their support on non-RHEL platforms, but I personally always found SL to be more consistent and quicker to release... and they had much better support. On 01/12/2016 02:04 PM, lejeczek wrote: hi, after my first post I made a move, I should say a smaller rather, I did migrate a small HA cluster from SL7.1 to Centos7.2. Instructions to do that I'm sure everybody can easily look up, just one tiny manual intervention was needed above what is already covered by a doc on Centos website. But most importantly nothing broke, all the usual servers, web, mail, other net related services including HA carried on seamlessly. Like I said earlier, and everybody knows, a lot, a lot is already shared, differences boil down to maybe a philosophy behind each organization responsible for each snip-off, some organizational and administrative processes, protocols. Slight advantage seems that Centos offers, but expected as they are closer to the source in the lifecycle supply chain, is higher revision of some rpm packages, I see I get slightly newer kernel for example, etc. If I was to voice my opinion out - and scientific devel & other responsible culprits are listening - then I say: go for it, get together, merge userbase, share devel jobs, duties, etc. Merge/share or even better, tell Redhat we want to use their, shared by all, bug reporting system. I've decided, I'll be moving over to Centos, gradually but surely. Note, one thing to remember if you did SL -> Centos, afterwards, is yum repos, make sure what you have enabled there. cheers On 12/01/16 09:48, lejeczek wrote: hi everybody, I've wondered and got curious, what do you guys, gals think about that move? More importantly do you think it's a step we SL users should also consider? CERN mention there were talks between them, Fermilab - what are Fermilab plans with regards to future releases, with regards to SL in
Re: a year later - CERN move to Centos - what are we doing?
Lejeczek, Iosif etc, I really dunno, what you guys wanna hear? you come and say you switch/switched to centos - and you ask for what? for blessing? :D well ... i bless you :D Now, joking aside, Fermilab said clearly they go with SL7x and they do. And while you will have supp for sl/rhel 6x roughly to 2020, that makes sl/rhel 7x to roughly 2025? this is enough for me without detail, why i prefer sl is -small friendly community, incl. friendly devs -updates -i feel more independent to rh as far as possible, considering it is rhel clone Again, what you trying to say? That we have here at list some ppl (me?) stuck on SL and saw no other distros? haha :D i go with linux since 1997.. -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 01/13/2016 11:43 AM, lejeczek wrote: I think we see two groups of people here, taking part in this "exciting" debate. One is, people who genuinely try to learn a bit about more concrete plans Fermilab have(or don't have) for the future of Scientificlinux - and they do it here on the list because they can sroogle all over the Net and they won't find any solid, ideally rendered by the very source itself statement. The second group is people who don't give a toss, a good chance is it's because they have not seen much beside Scientificlinux and they really believe it's very unique indeed. You can see scientist type of mentality here -- I have got my one little or big app, it runs great! and I'm happy with it and I can say I do it all on by myself cause I do not have to deal with any commercial third entities (which is very important for a scientist) -- very simplistic and egotistic attitude, but works. And a good chance is this bunch don't have to even ask about bigger picture. Some individuals from this group can even be rude and hostile towards others, even if only asked about sharing a thought or two on the issue. Well, like esteemed fellows already said - we're free to do as we wish, fortunately, only unfortunate is that we cannot always make fully informed decisions. I guess that's science, that's life. Heh. :) b.w. On 13/01/16 10:13, Iosif Fettich wrote: Hi there, anyone who wants to go with centos, is free to do so, right? So just go and do it and don't 'fuss' about it on SL mail list. Thanks for the nice advice. Would you have another one too? On which list should current SL users ask/discuss about the short/long term plans regarding SL? And/or of the problems related with a migration from/to SL? We all should be grateful for continuing support of Fermilab for SL builds. That's something we most probably all on this list agree with unconditionally. Thank you, Iosif Fettich --- Iosif Fettich | e-mail: ifett...@netsoft.ro phone+fax: +40-265-260256 Gen. Manager | web:http://www.netsoft.ro phone: +40-365-806800 NetSoft SRL | GPGkey: http://www.netsoft.ro/ifettich/public_gpg_key
Re: [SCIENTIFIC-LINUX-USERS] Firewall-cmd doesn't assign an interface permanently to a zone
Hi, i already installed couple of SL7 boxes and i have to say, that the menitoned 'firewalld' is the new feature that i like the least. What i do is, i just remove 'firewalld' and install 'iptables'. There i know what to do and there i could help you. But not with this. Firewalld is ugly (imho). cheers, -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 12/29/2014 03:24 PM, Pat Riehecky wrote: This appears somewhat similar to TUV bugzilla 1112742 I'm afraid I don't have 7 system to test with at the moment, but the listed workaround there may be of some help. Pat On 12/29/2014 02:47 AM, Peter Boy wrote: Hi all, I’m installing a new SL7 box running a KVM host and several guests. I established a bridge br0 attached to eth0 for external access for host and all guests und use virbr0 as an internal connection between guests and host to access protected resources (e.g. a tomcat application server). Anything works fine so far. I tried to assign the internal network devices (eth1 on guests, virbr0 on host) to the trusted zones using # firewall-cmd --permanent --zone=public --remove-interface=eth1 # firewall-cmd --permanent —zone=trusted --add-interface=eth1 # firewall-cmd —reload but it doesn’t work, eth1 is always in public zone after reload. If I omit the —permanent option I can successfully modify the running firewall. But after an reload or a reboot the modification is lost. I found an entry at https://bugs.centos.org/view.php?id=7526 that it is a bug and SL7 might be affected as well. I found a workaround as well. You can add ZONE=trusted to the /etc/sysconfig/netrwork-scripts/ifcfg-eth1 file and eth1 is added to the trusted zone on reboot and firewall reload. There is no ifcfg-virbr0 file, of course. I found an information (Fedora) that you may add fwzone=‚trusted‘ using virsh net-edit, but on save it is deleted in SL7. My question is: Does anyone know how to accomplish it for virbr0 in SL7? Thanks in advance PB — Dr. Peter Boy Universität Bremen Mary-Somerville-Str. 5 28359 Bremen Germany p...@zes.uni-bremen.de www.zes.uni-bremen.de Are you looking for a web content management system for scientific research organizations? Have a look at http://www.scientificcms.org
Re: Longest LTS - still SL/RHEL?
Keith, good you got it working :] If i need info about laptops etc. i usually go here: http://forum.notebookreview.com/ In the IBM / Lenovo subsection, there is lots ppl in the same boat - liking / tinkering with old IBM laptops and there is a lot good topics in this regard. I'm in the same boat - i work mostly in unix / linux terminal and need precise tool for it - trackpoint + 3 hardware 'mouse' keys and good resolution and good keyboard. New Lenovo laps is a screwups with worse keyboard - oh my god, trackpad - wth is this, what genius thought it out? Next 'bright spot' generally is NVIDIA Optimus - OMDG ... But enough rambling, i'll stay positive and keep my 6yrs old R61 too :]] -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 12/16/2014 11:21 PM, Keith Lofstrom wrote: On Tue, Dec 16, 2014 at 09:55:19AM +0100, Karel Lang AFD wrote: If I might ask, why do you need 32b for T61? I run 6yrs old R61 and I run 64b on it from the start. I'm not sure about T60, but it had 64b CPUs ready too? This is a helpful thought. The T60 laptops are Socket M. Although the T60 I first tested SL7 on silently failed, it had a T2500 Core Duo processor, 32 bits. I just scrounged up a T7200 Core *2* Duo processor, 64 bits, and installed it in that T60. SL7 is installing on that machine now. I just ordered some allegedly new T7200s for $8 each, and those (plus spare complete laptops, and spare screens, fans, AC adapters, docking cradles, and keyboards) should last my wife and I until our brains shrivel. I'll occasionally test with the latest Fedora Live distro for early warning of future incompatibility. The T7600 is 16% faster, but 6x more expensive, and probably burns more power. The T7200 seems the lowest risk. The batteries will die soonest, but we should be able to get the old batteries refurbished with new cells (there are companies that do this for power tools). After that, electromigration of copper up through gold plating on connectors, then oxidation, will doom these machines. And who knows? After everyone has bought their wide screen (AKA vertically challenged) laptops, manufacturers will probably start pushing tall screens again. Or headmounts. Or brain implants. The current fad is bigger and bigger handhelds with asymptotically vanishing sound quality - laptops will become popular again in order to make voice telephone calls. Keith
Re: Longest LTS - still SL/RHEL?
:] Thanks Akemi - i know. Thanks to a community of a bright and knowledge-sharing ppl we have at least this. (Linus Torvalds said it nicely a while ago ..(cite) Fuck you Nvidia! :]] ) But let's be blunt - it is not perfect, heck, it's not working correctly even on M$ windows. I read tons of Win users complains about this. I think that if i had to (was forced to) buy new laptop for linux nowadays, i'd buy most probably something with Kaveri APU from AMD (like eg. HP EliteBook 745 G2) .. Intel has good CPUs but bad VGAs and Optimus won't help you much, because it means you look at a bad pictures on screen most of the time (using Intel Vga). AMD Kaveri APU has ofc worse CPU part compared to Intel APUs - but - do i need the CPU computing power here on laptop - no i dont, but do i need good sharp picture? Yes i need that one. Why should i buy Optimus with Nvidia 1GB Ram card, which is used only 5% of time then and 95% time is used ugly Intel VGA? Haha, i see it just as another clever plot to trick out us, poor users. Anyway this became a bit offtopic, sorry for that :]] -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 12/17/2014 02:27 PM, Akemi Yagi wrote: On Wed, Dec 17, 2014 at 4:48 AM, Karel Lang AFD l...@afd.cz mailto:l...@afd.cz wrote: New Lenovo laps is a screwups with worse keyboard - oh my god, trackpad - wth is this, what genius thought it out? Next 'bright spot' generally is NVIDIA Optimus - OMDG ... For Nvidia optimus, you may want to try ELRepo's bumblebee: http://elrepo.org/tiki/bumblebee Akemi
Re: Longest LTS - still SL/RHEL?
Hi Keith, if i might ask, why do you need 32b for T61? I run 6yrs old R61 and i run 64b on it from the start .. I'm not sure about T60, but it had 64b CPUs ready too? cheers, -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 12/16/2014 01:51 AM, Keith Lofstrom wrote: On Mon, Dec 15, 2014 at 04:46:29PM +0100, Karel Lang AFD wrote: The laptops you talk about are 6+ yrs old now ... will be 12yrs then. After that its museum piece :]. Again - the reason for 32 bit is not that I cherish old CPUs with inadequate RAM - but that I am currently looking at a 15 inch diagonal (12x9 inch) 2048x1536 matt finish screen on a laptop, and such useful screens are no longer made. Indeed, I start with 1600x1200 production laptops and replace the displays with ultra-high resolution NEC prototypes that some friends and I bought when Microsoft refused to support them. They just happen to fit the T60 after some firmware hacking. Production laptops are now made for watching movies and playing games when the boss isn't looking. I do crazy stuff like write A or A4 size papers, construct high resolution graphs, and fill screens with lots of xterms with beautifully rendered text. Chromebook is interesting, but the screen is small and my visual acuity is decreasing. I guess that makes me a museum piece, too. :-) There is a promising local startup that hopes to custom build laptops, using a kit of plug-together boards fit into a 3D-printed case (!!!). But I don't understand how they will survive, much less where I will find more 12x9 inch LCDs in the future. That is why I stockpiled what I have, and accept reduced rendering speed. And that is why I ask here; if anybody runs old machines for compatibility reasons, it would be experimental scientists running multi-year data collections. Perhaps scientists doing very high resolution imaging. There appear to be Thinkpad T60s deployed all over the International Space Station in the pictures I've seen. Yet another museum piece ... Keith
Re: turla
Hi, i'm not much afraid of this. I run all servers i take care of with tight SELinux policies. I dont think this poses a threat to a secured server. Don't get me wrong, i'm not saying i'm a 'master knowing all, afraid of nothing' :] I know, i'm not, that's why i've got everything backed up and barebone reinstall procedure in place - in case, disaster happens (box is hacked, burnt, stolen, 3rd WW started - in this case i also have a bottle of whiskey in my stash :D) And if all this is in vain, then you should at least have a good insurance, if your business is really critical. Biggest threat to any Linux box server (IMHO) is still at the social (engineering) level, like exceptions with weak passwords for some 'special' users, stolen laptops, secretary giving away her pw to any guy who says he needs it because he's from IT department .. etc etc :] -- *Karel Lang* *Unix/Linux Administration* l...@afd.cz | +420 731 13 40 40 AUFEER DESIGN, s.r.o. | www.aufeerdesign.cz On 12/09/2014 07:23 PM, Yasha Karant wrote: I am attempting to discover the degree of penetration of the following compromise methodology into EL systems, particularly SL 6 and SL 7. I apologize for including the actual article in addition to the URL; however, if the URL should be compromised or removed, the material is of sufficient importance to be retained. At the moment, I do not have time to research this item; however, I suspect that there are subscribers to this list who have more detailed information. There is mention of a tool called YARA that will help in the detection (albeit evidently neither the quarantine nor removal of the infection) -- has anyone used this tool and is it effective? Yasha Karant From: https://securelist.com/blog/research/67962/the-penquin-turla-2/ The 'Penquin' Turla A Turla/Snake/Uroburos Malware for Linux By Kurt Baumgartner, Costin Raiu on December 8, 2014. 7:05 pm Recently, an interesting malicious sample was uploaded to a multi-scanner service. This immediately triggered our interest because it appears to represent a previously unknown piece of a larger puzzle. That puzzle is Turla, one of the most complex APTs in the world. We have written previously about the Turla APT with posts about their Epic Turla operations http://securelist.com/analysis/publications/65545/the-epic-turla-operation/ and Agent.btz inspiration http://securelist.com/blog/virus-watch/58551/agent-btz-a-source-of-inspiration/ . So far, every single Turla sample we've encountered was designed for the Microsoft Windows family, 32 and 64 bit operating systems. The newly discovered Turla sample is unusual in the fact that it's the *first Turla sample targeting the Linux operating system* that we have discovered. This newly found Turla component supports Linux for broader system support at victim sites. The attack tool takes us further into the set alongside the Snake rootkit http://www.baesystems.com/what-we-do-rai/the-snake-campaign and components first associated with this actor a couple years ago. We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet. The Linux Turla module is a C/C++ executable statically linked against multiple libraries, greatly increasing its file size. It was stripped of symbol information, more likely intended to increase analysis effort than to decrease file size. Its functionality includes hidden network communications, arbitrary remote command execution, and remote management. Much of its code is based on public sources. *Md5* *Size* *Verdict Name* 0994d9deb50352e76b0322f48ee576c6627.2 kbN/A (broken file) 14ecd5e6fc8e501037b54ca263896a11637.6 kb HEUR:Backdoor.Linux.Turla.gen General executable characteristics: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.2.5, stripped Statically linked libraries: * glibc2.3.2 - the GNU C library * openssl v0.9.6 - an older OpenSSL library * libpcap - tcpdump's network capture library Hardcoded CC, known Turla activity: *news-bbc.podzone[.]org* The domain has the following pDNS IP: *80.248.65.183* 80.248.65.183 aut-num:AS30982 announcement: 80.248.65.0/24 as-name:CAFENET descr: CAFE Informatique et telecommunications admin-c:YN2-AFRINIC tech-c: AN39-AFRINIC org:ORG-CIet1-AFRINIC mnt-by: AFRINIC-HM-MNT mnt-lower: CAFENET-NOC source: AFRINIC # Filtered 1 2 3 4 5 6 7 8 9 10 11 80.248.65.183 aut-num: AS30982 announcement: 80.248.65.0/24 as-name: CAFENET descr: CAFE Informatique et telecommunications admin-c: YN2-AFRINIC tech-c: AN39-AFRINIC org: ORG-CIet1-AFRINIC mnt-by: AFRINIC-HM-MNT mnt-lower: CAFENET-NOC source: AFRINIC# Filtered Note: the CC domain is currently sinkholed by Kaspersky Lab. Functional description The sample is a stealth backdoor based on the cd00r sources
Re: Posted for testing: Scientific Linux 7.0 x86_64 RELEASE CANDIDATE 1
Great news! Thanks for all the hard work, can't wait for the final go ..:] On 09/26/2014 04:29 PM, Pat Riehecky wrote: Scientific Linux 7.0 x86_64 RELEASE CANDIDATE 1 - Sep 26, 2014 == Information == Fermilab's intention is to continue the development and support of Scientific Linux and refine its focus as an operating system for scientific computing. Today we are announcing a release candidate of Scientific Linux 7. We continue to develop a stable process for generating and distributing Scientific Linux, with the intent that Scientific Linux remains the same high quality operating system the community has come to expect. THIS IS NOT A PRODUCTION RELEASE OF SCIENTIFIC LINUX 7.0 NOTE: Please review the SL Release Notes along with The Upstream Vendor's Release Notes: http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/release-notes/ https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/index.html There is a great deal of information within those documents not listed here. Send comments/issues/test reports to: SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV == Media == You can find the release media at: http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/iso/ NOTE: The 'everything' dvd image requires a Dual-Layer (DL) compatible drive for both burning and booting off of. Alternatively the livecd-iso-to-disk utility is able to convert this to USB successfully. A USB device of sufficient size is required. Alternatively you can utilize the dd command to write the raw image to a USB device. http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/release-notes/#_how_to_make_a_bootable_usb_installer == UEFI Secure Boot == The status of UEFI Secure Boot for Scientific Linux is noted in detail at: http://ftp.scientificlinux.org/linux/scientific/7.0/x86_64/release-notes/#_about_uefi_secure_boot Booting SL7 with Secure Boot enabled works but requires a manual step. This is because the shim has not been signed by the UEFI CA. Instructions are included within the SL7 Release Notes. NOTE: The kernels in sl7-security have not yet been built with the SL7 Secure Boot Certificate and may not function in secure boot environments.
Re: Keyboard not working in Gnome
Hi there, good you at least got working this way. I just been thinking a few more ideas: -try to look into your home dir and erase (backup, move ..) there any mention of gnome (gnome folders etc) and X settings etc - also erase /tmp for any X related things - as for yum - you have to check your repository files in /etc/yum.repos.d and see if they point to right repositories for SL 6.5 and enable = 0 or enable = 1 for disable / enable the repo there also try: yum clean dbcache yum clean all yum update and try install again cheers, On 09/18/2014 09:09 AM, MAH Maccallum wrote: Thanks for the sample xorg.conf. I also found an old one of mine in a backup from March 2013 and used both as guides but this did not seem to resolve the problem. What makes things really galling is that all works fine from the SL 6.5 LIVE CD. Currently, to get functionality, I have booted from that, mounted the usual hard drives, and then created my usual username with my real directory as home. So for now I have a workaround which I am using. But I am still completely mystified by the absence of the keyboard in Gnome or gdm when I boot off the hard drive. I did try to do the groupinstalls you recommended, but hit trouble with them. I had Desktop, General Purpose Desktop and X Window System installed but attempts to install the others failed. I did try to report this to the users list but that did not seem to getthrough so here are the details again. When trying to install Desktop Platform I got Error: Package: libxml2-python-2.7.6-12.el6_4.1.i686 (@sl-security) Requires: libxml2 = 2.7.6-12.el6_4.1 Removing: libxml2-2.7.6-12.el6_4.1.i686 (@sl-security) libxml2 = 2.7.6-12.el6_4.1 Updated By: libxml2-2.7.6-14.el6_5.1.i686 (sl-security) libxml2 = 2.7.6-14.el6_5.1 Removing: libxml2-2.7.6-14.el6.i686 (installed) libxml2 = 2.7.6-14.el6 Updated By: libxml2-2.7.6-14.el6_5.1.i686 (sl-security) libxml2 = 2.7.6-14.el6_5.1 Available: libxml2-2.7.6-1.el6.i686 (sl) libxml2 = 2.7.6-1.el6 Available: libxml2-2.7.6-4.el6.i686 (sl-security) libxml2 = 2.7.6-4.el6 Available: libxml2-2.7.6-4.el6_2.1.i686 (sl-security) libxml2 = 2.7.6-4.el6_2.1 Available: libxml2-2.7.6-4.el6_2.4.i686 (sl-security) libxml2 = 2.7.6-4.el6_2.4 Available: libxml2-2.7.6-8.el6_3.3.i686 (sl-security) libxml2 = 2.7.6-8.el6_3.3 Available: libxml2-2.7.6-8.el6_3.4.i686 (sl-security) libxml2 = 2.7.6-8.el6_3.4 which looks like some messup over versions between repositories More worryingly, trying to install KDE I got error: rpmts_HdrFromFdno: Header V4 DSA/SHA1 Signature, key ID 192a7d7d: BAD Problem opening package htdig-3.2.0-0.10.b6.el6.i686.rpm which looks like the repo has a package that's not signed correctly although all the other 70+ rpms in the group apparently worked OK Thanks once more for your attention to this problem Malcolm From: Karel Lang AFD l...@afd.cz Sent: 17 September 2014 13:43 To: MAH Maccallum Cc: scientific-linux-users@listserv.fnal.gov Subject: Re: Keyboard not working in Gnome Hi, the X server on RHEL 6 can go without xorg.conf while creating needed parameters for itself 'on the fly' when starts. But you can still control you X server via custom 'xorg.conf' e.g. my laptop: [root@orionis ~]# ls -al /etc/X11/xorg.conf.d/xorg.conf -rw-r--r--. 1 root root 1748 Jul 30 08:43 /etc/X11/xorg.conf.d/xorg.conf e.g. my xorg.conf : # Xorg configuration Section ServerLayout Identifier Default Layout Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard EndSection Section InputDevice # generated from default Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/input/mice Option Emulate3Buttons no Option ZAxisMapping 4 5 EndSection Section InputDevice Identifier Keyboard0 Driver kbd Option XkbModel pc105 Option XkbLayout us EndSection Section Monitor Identifier Monitor0 VendorName Unknown ModelName Unknown HorizSync 28.0 - 33.0 VertRefresh 43.0 - 72.0 Option DPMS EndSection Section Device Identifier Videocard0 Driver nvidia EndSection Section Screen Identifier Screen0 Device Videocard0 MonitorMonitor0 DefaultDepth24 SubSection Display Viewport0 0 Depth 24 EndSubSection EndSection also, you can use 'xinput --list' to list input devices On 09/17/2014 01:40 PM, MAH Maccallum wrote: Hmm! I
Re: Keyboard not working in Gnome
Hi, the X server on RHEL 6 can go without xorg.conf while creating needed parameters for itself 'on the fly' when starts. But you can still control you X server via custom 'xorg.conf' e.g. my laptop: [root@orionis ~]# ls -al /etc/X11/xorg.conf.d/xorg.conf -rw-r--r--. 1 root root 1748 Jul 30 08:43 /etc/X11/xorg.conf.d/xorg.conf e.g. my xorg.conf : # Xorg configuration Section ServerLayout Identifier Default Layout Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard EndSection Section InputDevice # generated from default Identifier Mouse0 Driver mouse Option Protocol auto Option Device /dev/input/mice Option Emulate3Buttons no Option ZAxisMapping 4 5 EndSection Section InputDevice Identifier Keyboard0 Driver kbd Option XkbModel pc105 Option XkbLayout us EndSection Section Monitor Identifier Monitor0 VendorName Unknown ModelName Unknown HorizSync 28.0 - 33.0 VertRefresh 43.0 - 72.0 Option DPMS EndSection Section Device Identifier Videocard0 Driver nvidia EndSection Section Screen Identifier Screen0 Device Videocard0 MonitorMonitor0 DefaultDepth24 SubSection Display Viewport0 0 Depth 24 EndSubSection EndSection also, you can use 'xinput --list' to list input devices On 09/17/2014 01:40 PM, MAH Maccallum wrote: Hmm! I don't appear to have an xorg.conf file anywhere (not even in backups from before the problems). I do have xorg.conf.d directories but they seem to be empty both in the current system and in the backups Yum group list showed I did not have the Desktop Platform or KDE groups. I tried group install but each failed, the Desktop one with clashes on libxml and the KDE with a package with wrong signature. I cannot cut and paste the errors from this iPad so I will forward them separately Thanks for help, Malcolm Sent from my iPad On 16 Sep 2014, at 21:58, Karel Lang AFD l...@afd.cz wrote: Hi, to solve this, id suggest: 1. have a look what is stated in your xorg.conf file - you should have there something like Section InputDevice # generated from data in /etc/sysconfig/keyboard Identifier Keyboard0 Driver keyboard Option XkbLayout us Option XkbModel pc105 EndSection 2. log in as root at runlevel 3 and 'startx' then switch back to console via ctrl+alt+f1 and have a look at /var/log/Xorg.0.log and look for any error message switch back to gui via ctrl-alt-f7 to try to type 3. check if you have all X server related packages installed - if you run below command you should get those groups installed (except kde if you dont use it) ... as a matter of a fact, you can try to install it and see if you can run keyboard in kde ... ( to install grp run 'yum groupinstall name of grp yum grouplist Desktop Desktop Platform General Purpose Desktop KDE Desktop X Window System cheers, On 09/16/2014 04:34 PM, MAH Maccallum wrote: I recently had a glitch (my own fault) and had to restore/rebuild. I also upgraded from SL 6.1 to 6,5. After several days struggle I can now boot up and login using run level 3 but gnome does not seem to accept any keyboard input, either in the password dialog box if I start at run level 5 or in any window or dialog box started after a startx from the run level 3 console. I have found reports of similar problems on the web but none of the solutions suggested (or the exact symptoms) seem to match my problem. Our system guru is on vacation and I have a deadline to meet so I desperately want help to get my GUI back! My best guess is that some file leftover from the old installation is interacting badly with the new: but what? All help gratefully received!
Re: Keyboard not working in Gnome
Hi, to solve this, id suggest: 1. have a look what is stated in your xorg.conf file - you should have there something like Section InputDevice # generated from data in /etc/sysconfig/keyboard Identifier Keyboard0 Driver keyboard Option XkbLayout us Option XkbModel pc105 EndSection 2. log in as root at runlevel 3 and 'startx' then switch back to console via ctrl+alt+f1 and have a look at /var/log/Xorg.0.log and look for any error message switch back to gui via ctrl-alt-f7 to try to type 3. check if you have all X server related packages installed - if you run below command you should get those groups installed (except kde if you dont use it) ... as a matter of a fact, you can try to install it and see if you can run keyboard in kde ... ( to install grp run 'yum groupinstall name of grp yum grouplist Desktop Desktop Platform General Purpose Desktop KDE Desktop X Window System cheers, On 09/16/2014 04:34 PM, MAH Maccallum wrote: I recently had a glitch (my own fault) and had to restore/rebuild. I also upgraded from SL 6.1 to 6,5. After several days struggle I can now boot up and login using run level 3 but gnome does not seem to accept any keyboard input, either in the password dialog box if I start at run level 5 or in any window or dialog box started after a startx from the run level 3 console. I have found reports of similar problems on the web but none of the solutions suggested (or the exact symptoms) seem to match my problem. Our system guru is on vacation and I have a deadline to meet so I desperately want help to get my GUI back! My best guess is that some file leftover from the old installation is interacting badly with the new: but what? All help gratefully received!
Re: setup windows printer on sl6
Hello, Can you please clarify you intentions a little bit more in detail? 'the setup windows printer on SL 6' can mean lots of things like e.g.: - i have SL6 server and i want to share networked printer to windows (or any) client by creating print queue on my SL6 server - i want my SL6 laptop to connect to printer that is shared and has printer queue setup on the windows 2008 server - i want my SL6 laptop connect to other SL6 server that share its CUPs printer queue via Samba ... .. which is it :]? for your other questions: the nmbd is just a binary, one of multiple in the Samba packages (even though one of most important). if i may suggest, try: service smb status service nmb status you should get something like: [root@srv-022 ~]# service nmb status nmbd (pid 7069) is running... [root@srv-022 ~]# service smb status smbd (pid 7080) is running... On 09/10/2014 11:35 AM, Ian A Taylor wrote: Sir/Madam I wish to setup a windows printer on SL6. I currently have installed yum list installed | grep samba samba.x86_64 3.6.9-169.el6_5 @sl-security samba-common.x86_64 3.6.9-169.el6_5 @sl-security samba-swat.x86_64 3.6.9-169.el6_5 @sl-security samba-winbind.x86_64 3.6.9-169.el6_5 @sl-security samba-winbind-clients.x86_64 3.6.9-169.el6_5 @sl-security samba4-libs.x86_644.0.0-63.el6_5.rc4 @sl-security I am not entirely what I need to start to allow samba to access windows printer I did find http://scientificlinuxforum.org/index.php?showtopic=221 However I do not appear to have service nmbd I do believe I have sl-security configured in /etc/yum.repos.d/sl.repo [sl-security] name=Scientific Linux $releasever - $basearch - security updates baseurl=http://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ http://ftp1.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ http://ftp2.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ ftp://ftp.scientificlinux.org/linux/scientific/$releasever/$basearch/updates/security/ #mirrorlist=http://ftp.scientificlinux.org/linux/scientific/mirrorlist/sl-security-6.txt enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl file:///etc/pki/rpm-gpg/RPM-GPG-KEY-sl6 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cern === yet a yum install nmbd tells me no package available That renders the rest of this page useless Therefore some help about howto setup samba client to access shared windows printer. Would be sincerely appreciated. Thanking you. Yours sincerely Ian Taylor University of St.Andrews, School of Physics Astronomy, North Haugh, St.Andrews, Fife KY16 9SS, Scotland. e-Mail :- i...@st-and.ac.uk Tel:- (0)1334-463141 Fax:- (0)1334-463104 The University of St Andrews is a charity registered in Scotland : No SC013532.