Re: [389-users] Password + anything works ?
Hello On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad ali.ja...@splendor.net wrote: Hi Arpit Actually I was attempting to change the password using command line passwd I.e. each user changes his own password, is passwd the right choice here ? Yes, passwd is right choice, considering you have pam_ldap.so properly configured yes passwd dont need ssl/tls to be configured. Regards On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani arpittol...@gmail.com wrote: Hello On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad ali.ja...@splendor.net wrote: In that case I have a major overhaul that I need to complete, change password is not working for me, my assumption is that it only works with TLS enabled between the client and the server, I have tried to get TLS to run a few times but could not get it to run so far. Am I right about the assumption that I need encryption between the server and the clients for password change to work ? Regards When using ldappasswd command, Yes ssl/tls is mandatory, Try changing password using ldapmodify, it doesnt required ssl/tls connection. On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds marey...@redhat.com wrote: Only crypt uses the first 8 characters, so any other scheme would be fine. After you change the scheme you will need to force all the users to change their passwords - otherwise their crypt passwords will still be present. On 11/12/2012 01:52 PM, Ali Jawad wrote: Hi All This is an all Linux environment with 389 being used as the sole authentication mechanism, I do believe I am using crypt, I am out of office right now, what should I use instead of crypt to match more characters ? Regards On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds marey...@redhat.com wrote: Also what password storage scheme are you using? For example crypt only checks the first 8 characters of a password. On 11/12/2012 11:18 AM, Dan Lavu wrote: In regards to a password policy? Just 389 or are you using winsync with AD? Because the password policy from AD does not transfer over. Also they are some extra steps if you want to setup an OU based password policy but if you just do it for the entire directory through ‘configuration’ it works with no issues. Dan From: Ali Jawad ali.ja...@splendor.net Sent: November 12, 2012 6:00 AM To: General discussion list for the 389 Directory server project. Subject: [389-users] Password + anything works ? Hi I just noticed that you can use the password+ANYLetters and it will work, I.e. if the password is xyz xyz99 or xyzABC will work as well, is this a misconfiguration on my part or a bug ? Regards Regards Arpit Tolani -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Ali Jawad Information Systems Manager CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554 -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Regards Arpit Tolani -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] segfault while moving entry to non-existent LDAP container
Hello, First of all I'd say that most likely this segfault is a result of badly designed application and/or bad coding. The segfault occurs while this application tries to move an entry to non-existing LDAP container. Unfortunately I don't have access to the source code of this app. The segfault is below with backtrace from dgb: ns-slapd[4983]: segfault at 18 ip 7f2ed4a60759 sp 7f2e955e13e0 error 4 in libback-ldbm.so[7f2ed4a34000+8f000] #0 0x7f2ed4a60759 in id2entry_add_ext () from /usr/lib64/dirsrv/plugins/libback-ldbm.so #1 0x7f2ed4a8a34c in modify_update_all () from /usr/lib64/dirsrv/plugins/libback-ldbm.so #2 0x7f2ed4a8eb4f in ldbm_back_modrdn () from /usr/lib64/dirsrv/plugins/libback-ldbm.so #3 0x7f2eddbecdaa in ?? () from /usr/lib64/dirsrv/libslapd.so.0 #4 0x7f2eddbed66c in do_modrdn () from /usr/lib64/dirsrv/libslapd.so.0 #5 0x00413904 in ?? () #6 0x7f2edc0369e3 in ?? () from /lib64/libnspr4.so #7 0x7f2edb9d9851 in start_thread () from /lib64/libpthread.so.0 #8 0x7f2edb72711d in clone () from /lib64/libc.so.6 I'd appreciate any thoughts regarding what kind of (bad) things this application is doing. Is it possible to have a kind of protection in this case on directory server? Regards, Vlad. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Password + anything works ?
Hi All I am trying to change the password using passwd, please see the below : [xyz@server ~]$ passwd Changing password for user xyz. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: *LDAP password information update failed: Confidentiality required* *Operation requires a secure connection.* The error log shows Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): user xyz does not exist in /etc/passwd Pam config follows : /etc/pam.d/passwd #%PAM-1.0 auth include system-auth accountinclude system-auth password include system-auth ~ /etc/pam.d/system-auth #/etc/pam.d/system-auth #%PAM-1.0 authrequired pam_env.so authsufficient pam_unix.so authsufficient pam_ldap.so use_first_pass authrequired pam_deny.so account sufficient pam_unix.so account sufficient pam_ldap.so use_first_pass account required pam_deny.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so #passwordrequiredpam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 #passwordsufficient pam_unix.so nullok use_authtok md5 shadow #passwordsufficient pam_ldap.so #passwordrequired pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ~ ~ On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani arpittol...@gmail.comwrote: Hello On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad ali.ja...@splendor.net wrote: Hi Arpit Actually I was attempting to change the password using command line passwd I.e. each user changes his own password, is passwd the right choice here ? Yes, passwd is right choice, considering you have pam_ldap.so properly configured yes passwd dont need ssl/tls to be configured. Regards On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani arpittol...@gmail.com wrote: Hello On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad ali.ja...@splendor.net wrote: In that case I have a major overhaul that I need to complete, change password is not working for me, my assumption is that it only works with TLS enabled between the client and the server, I have tried to get TLS to run a few times but could not get it to run so far. Am I right about the assumption that I need encryption between the server and the clients for password change to work ? Regards When using ldappasswd command, Yes ssl/tls is mandatory, Try changing password using ldapmodify, it doesnt required ssl/tls connection. On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds marey...@redhat.com wrote: Only crypt uses the first 8 characters, so any other scheme would be fine. After you change the scheme you will need to force all the users to change their passwords - otherwise their crypt passwords will still be present. On 11/12/2012 01:52 PM, Ali Jawad wrote: Hi All This is an all Linux environment with 389 being used as the sole authentication mechanism, I do believe I am using crypt, I am out of office right now, what should I use instead of crypt to match more characters ? Regards On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds marey...@redhat.com wrote: Also what password storage scheme are you using? For example crypt only checks the first 8 characters of a password. On 11/12/2012 11:18 AM, Dan Lavu wrote: In regards to a password policy? Just 389 or are you using winsync with AD? Because the password policy from AD does not transfer over. Also they are some extra steps if you want to setup an OU based password policy but if you just do it for the entire directory through ‘configuration’ it works with no issues. Dan From: Ali Jawad ali.ja...@splendor.net Sent: November 12, 2012 6:00 AM To: General discussion list for the 389 Directory server project. Subject: [389-users] Password + anything works ? Hi I just noticed that you can use the password+ANYLetters and it will work, I.e. if the password is xyz xyz99 or xyzABC will work as well, is this a misconfiguration on my part or a bug ? Regards Regards Arpit Tolani -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Ali Jawad Information Systems Manager CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554 -- 389 users mailing list
Re: [389-users] Password + anything works ?
What about NSS configuration? Maybe there is configuration making ssl mandatory? Greg 13 lis 2012 12:51, Ali Jawad ali.ja...@splendor.net napisał(a): Hi All I am trying to change the password using passwd, please see the below : [xyz@server ~]$ passwd Changing password for user xyz. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: *LDAP password information update failed: Confidentiality required* *Operation requires a secure connection.* The error log shows Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): user xyz does not exist in /etc/passwd Pam config follows : /etc/pam.d/passwd #%PAM-1.0 auth include system-auth accountinclude system-auth password include system-auth ~ /etc/pam.d/system-auth #/etc/pam.d/system-auth #%PAM-1.0 authrequired pam_env.so authsufficient pam_unix.so authsufficient pam_ldap.so use_first_pass authrequired pam_deny.so account sufficient pam_unix.so account sufficient pam_ldap.so use_first_pass account required pam_deny.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so #passwordrequiredpam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 #passwordsufficient pam_unix.so nullok use_authtok md5 shadow #passwordsufficient pam_ldap.so #passwordrequired pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ~ ~ On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani arpittol...@gmail.comwrote: Hello On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad ali.ja...@splendor.net wrote: Hi Arpit Actually I was attempting to change the password using command line passwd I.e. each user changes his own password, is passwd the right choice here ? Yes, passwd is right choice, considering you have pam_ldap.so properly configured yes passwd dont need ssl/tls to be configured. Regards On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani arpittol...@gmail.com wrote: Hello On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad ali.ja...@splendor.net wrote: In that case I have a major overhaul that I need to complete, change password is not working for me, my assumption is that it only works with TLS enabled between the client and the server, I have tried to get TLS to run a few times but could not get it to run so far. Am I right about the assumption that I need encryption between the server and the clients for password change to work ? Regards When using ldappasswd command, Yes ssl/tls is mandatory, Try changing password using ldapmodify, it doesnt required ssl/tls connection. On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds marey...@redhat.com wrote: Only crypt uses the first 8 characters, so any other scheme would be fine. After you change the scheme you will need to force all the users to change their passwords - otherwise their crypt passwords will still be present. On 11/12/2012 01:52 PM, Ali Jawad wrote: Hi All This is an all Linux environment with 389 being used as the sole authentication mechanism, I do believe I am using crypt, I am out of office right now, what should I use instead of crypt to match more characters ? Regards On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds marey...@redhat.com wrote: Also what password storage scheme are you using? For example crypt only checks the first 8 characters of a password. On 11/12/2012 11:18 AM, Dan Lavu wrote: In regards to a password policy? Just 389 or are you using winsync with AD? Because the password policy from AD does not transfer over. Also they are some extra steps if you want to setup an OU based password policy but if you just do it for the entire directory through 'configuration' it works with no issues. Dan From: Ali Jawad ali.ja...@splendor.net Sent: November 12, 2012 6:00 AM To: General discussion list for the 389 Directory server project. Subject: [389-users] Password + anything works ? Hi I just noticed that you can use the password+ANYLetters and it will work, I.e. if the password is xyz xyz99 or xyzABC will work as well, is this a misconfiguration on my part or a bug ? Regards Regards Arpit Tolani -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- Ali Jawad Information Systems Manager CISSP -
Re: [389-users] Password + anything works ?
Hi nsswitch.conf contains the following relevant lines, the rest is unchanged passwd: ldap files shadow: ldap files group: ldap files Maybe it is my ldap settings, please see /etc/ldap.conf below bind_policy soft URI ldap://ldap.server.ip BASE dc=domain,dc=local TLS_CACERTDIR /etc/openldap/cacerts pam_password clear pam_lookup_policy yes pam_password exop # Idle timelimit; client will close connections # (nss_ldap only) if the server has not been contacted # for the number of seconds specified below. #idle_timelimit 3600 idle_timelimit 900 On Tue, Nov 13, 2012 at 1:59 PM, Grzegorz Dwornicki gd1...@gmail.comwrote: What about NSS configuration? Maybe there is configuration making ssl mandatory? Greg 13 lis 2012 12:51, Ali Jawad ali.ja...@splendor.net napisał(a): Hi All I am trying to change the password using passwd, please see the below : [xyz@server ~]$ passwd Changing password for user xyz. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: *LDAP password information update failed: Confidentiality required* *Operation requires a secure connection.* The error log shows Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): user xyz does not exist in /etc/passwd Pam config follows : /etc/pam.d/passwd #%PAM-1.0 auth include system-auth accountinclude system-auth password include system-auth ~ /etc/pam.d/system-auth #/etc/pam.d/system-auth #%PAM-1.0 authrequired pam_env.so authsufficient pam_unix.so authsufficient pam_ldap.so use_first_pass authrequired pam_deny.so account sufficient pam_unix.so account sufficient pam_ldap.so use_first_pass account required pam_deny.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so #passwordrequiredpam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 #passwordsufficient pam_unix.so nullok use_authtok md5 shadow #passwordsufficient pam_ldap.so #passwordrequired pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ~ ~ On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani arpittol...@gmail.comwrote: Hello On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad ali.ja...@splendor.net wrote: Hi Arpit Actually I was attempting to change the password using command line passwd I.e. each user changes his own password, is passwd the right choice here ? Yes, passwd is right choice, considering you have pam_ldap.so properly configured yes passwd dont need ssl/tls to be configured. Regards On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani arpittol...@gmail.com wrote: Hello On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad ali.ja...@splendor.net wrote: In that case I have a major overhaul that I need to complete, change password is not working for me, my assumption is that it only works with TLS enabled between the client and the server, I have tried to get TLS to run a few times but could not get it to run so far. Am I right about the assumption that I need encryption between the server and the clients for password change to work ? Regards When using ldappasswd command, Yes ssl/tls is mandatory, Try changing password using ldapmodify, it doesnt required ssl/tls connection. On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds marey...@redhat.com wrote: Only crypt uses the first 8 characters, so any other scheme would be fine. After you change the scheme you will need to force all the users to change their passwords - otherwise their crypt passwords will still be present. On 11/12/2012 01:52 PM, Ali Jawad wrote: Hi All This is an all Linux environment with 389 being used as the sole authentication mechanism, I do believe I am using crypt, I am out of office right now, what should I use instead of crypt to match more characters ? Regards On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds marey...@redhat.com wrote: Also what password storage scheme are you using? For example crypt only checks the first 8 characters of a password. On 11/12/2012 11:18 AM, Dan Lavu wrote: In regards to a password policy? Just 389 or are you using winsync with AD? Because the password policy from AD does not transfer over. Also they are some extra steps if you want to setup an OU based password policy but if you just do it for the entire directory through ‘configuration’ it works with no issues.
Re: [389-users] Password + anything works ?
Ho Yes ldap.conf is only what is listed, yes you are right there are two pam_password that is wrong, I prefer not to use crypt if possible as I do not want to be limited to 8 char passwords, does that make sense ? Regards On Tue, Nov 13, 2012 at 2:38 PM, Grzegorz Dwornicki gd1...@gmail.comwrote: Sorry my bad i thinking about ldap.conf but said nss... Does ldap.conf contains only these lines? Why you use pam_password clear and then exop? try crypt. Greg. 13 lis 2012 13:18, Ali Jawad ali.ja...@splendor.net napisał(a): Hi nsswitch.conf contains the following relevant lines, the rest is unchanged passwd: ldap files shadow: ldap files group: ldap files Maybe it is my ldap settings, please see /etc/ldap.conf below bind_policy soft URI ldap://ldap.server.ip BASE dc=domain,dc=local TLS_CACERTDIR /etc/openldap/cacerts pam_password clear pam_lookup_policy yes pam_password exop # Idle timelimit; client will close connections # (nss_ldap only) if the server has not been contacted # for the number of seconds specified below. #idle_timelimit 3600 idle_timelimit 900 On Tue, Nov 13, 2012 at 1:59 PM, Grzegorz Dwornicki gd1...@gmail.comwrote: What about NSS configuration? Maybe there is configuration making ssl mandatory? Greg 13 lis 2012 12:51, Ali Jawad ali.ja...@splendor.net napisał(a): Hi All I am trying to change the password using passwd, please see the below : [xyz@server ~]$ passwd Changing password for user xyz. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: *LDAP password information update failed: Confidentiality required* *Operation requires a secure connection.* The error log shows Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): user xyz does not exist in /etc/passwd Pam config follows : /etc/pam.d/passwd #%PAM-1.0 auth include system-auth accountinclude system-auth password include system-auth ~ /etc/pam.d/system-auth #/etc/pam.d/system-auth #%PAM-1.0 authrequired pam_env.so authsufficient pam_unix.so authsufficient pam_ldap.so use_first_pass authrequired pam_deny.so account sufficient pam_unix.so account sufficient pam_ldap.so use_first_pass account required pam_deny.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so #passwordrequiredpam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 #passwordsufficient pam_unix.so nullok use_authtok md5 shadow #passwordsufficient pam_ldap.so #passwordrequired pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ~ ~ On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani arpittol...@gmail.comwrote: Hello On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad ali.ja...@splendor.net wrote: Hi Arpit Actually I was attempting to change the password using command line passwd I.e. each user changes his own password, is passwd the right choice here ? Yes, passwd is right choice, considering you have pam_ldap.so properly configured yes passwd dont need ssl/tls to be configured. Regards On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani arpittol...@gmail.com wrote: Hello On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad ali.ja...@splendor.net wrote: In that case I have a major overhaul that I need to complete, change password is not working for me, my assumption is that it only works with TLS enabled between the client and the server, I have tried to get TLS to run a few times but could not get it to run so far. Am I right about the assumption that I need encryption between the server and the clients for password change to work ? Regards When using ldappasswd command, Yes ssl/tls is mandatory, Try changing password using ldapmodify, it doesnt required ssl/tls connection. On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds marey...@redhat.com wrote: Only crypt uses the first 8 characters, so any other scheme would be fine. After you change the scheme you will need to force all the users to change their passwords - otherwise their crypt passwords will still be present. On 11/12/2012 01:52 PM, Ali Jawad wrote: Hi All This is an all Linux environment with 389 being used as the sole authentication mechanism, I do believe I am using crypt, I am out of office right now, what should I use instead of crypt to match more characters ? Regards On Mon, Nov 12, 2012 at 7:02 PM, Mark
[389-users] MMR issue ...
Hi, I've encountered issues with a MMR setup, which looks like the following: A --- B \ / \ / \ / C The replication works for approximately 24 hours. There are not many changes to the content anyway. After about 1 day, the attribute value of the type nsds5replicaLastUpdateStatus changes to 1 Can't acquire busy replica of the replication agreement object from type nsDS5ReplicationAgreement. I see this message on C for the agreement C-to-B. The start-time of the last update is 01:08:33. When I check the status on B, it looks fine for B-to-C and B-to-A, however, the start-time of the last update is stuck at 01:08:36 for B-to-C, whereas A gets updated afterwards as well. I don't have the values for A! When, I check errors and access on the boxes, I see the following: Errors on A: [10/Nov/2012:01:19:31 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Warning: unable to receive endReplication extended operation response (Timed out) [10/Nov/2012:01:25:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:01:25:05 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:26:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:02:31:55 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:02:31:59 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:43:36 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:03:00 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:08:24 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:03:11:35 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:11:35 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:14:45 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:14:52 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:03:33:29 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:33:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:43:29 -0300] slapi_ldap_bind - Error: timeout after [0.0] seconds reading bind response for [cn=replication,cn=config] mech [SIMPLE] [10/Nov/2012:03:43:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 85 (Timed out) ((null)) [10/Nov/2012:03:46:39 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:46:39 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:46:42 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:05:12:02 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:06:16:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:06:21:27 -0300]
Re: [389-users] MMR issue ...
On 11/13/2012 11:15 AM, Rich Megginson wrote: You would expect that you saw this issue in different deployments, but I only saw it in one instance. If it turns out that the issue I see is identical the issue, you mentioned, I’d like to know, when it was fixed. Upon further investigation, this does not appear to be the same as https://fedorahosted.org/389/ticket/374 I'm not sure what the problem is. I've seen timeouts when servers crash or there are network issues. That bug can be triggered by a bogged down server where one repl operation takes so long to execute that the supplier times out and sends another. Then if you're unlucky you can get the race condition between the two concurrently executing operations in the consumer. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] MMR issue ...
On 11/13/2012 11:21 AM, Reinhard Nappert wrote: The 3 servers do not crash. I am not sure about the network, though. My first assumption was that the firewall (between A and B) might cause the issue. The latest occurrence (the one, I described) had the firewall removed. I see quite some TCP Retransmissions in the packet captures. Could that be the issue? That could be, although that would mean there are so many tcp retransmissions that take such a long time to process that it causes the application to think the network connection has timed out. -Reinhard *From:*Rich Megginson [mailto:rmegg...@redhat.com] *Sent:* Tuesday, November 13, 2012 1:15 PM *To:* General discussion list for the 389 Directory server project. *Cc:* Reinhard Nappert *Subject:* Re: [389-users] MMR issue ... On 11/13/2012 11:02 AM, Reinhard Nappert wrote: Rich, Do you know what the cause of this issue is? No, I don't know. You would expect that you saw this issue in different deployments, but I only saw it in one instance. If it turns out that the issue I see is identical the issue, you mentioned, I’d like to know, when it was fixed. Upon further investigation, this does not appear to be the same as https://fedorahosted.org/389/ticket/374 I'm not sure what the problem is. I've seen timeouts when servers crash or there are network issues. Thanks, -Reinhard *From:*389-users-boun...@lists.fedoraproject.org mailto:389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Reinhard Nappert *Sent:* Tuesday, November 13, 2012 12:22 PM *To:* Rich Megginson; General discussion list for the 389 Directory server project. *Subject:* Re: [389-users] MMR issue ... I use 1.2.8.2 *From:*Rich Megginson [mailto:rmegg...@redhat.com] *Sent:* Tuesday, November 13, 2012 12:18 PM *To:* General discussion list for the 389 Directory server project. *Cc:* Reinhard Nappert *Subject:* Re: [389-users] MMR issue ... On 11/13/2012 09:24 AM, Reinhard Nappert wrote: Hi, I’ve encountered issues with a MMR setup, which looks like the following: A --- B \ / \ / \ / C The replication works for approximately 24 hours. There are not many changes to the content anyway. After about 1 day, the attribute value of the type “nsds5replicaLastUpdateStatus” changes to “1 Can't acquire busy replica “ of the replication agreement object from type “nsDS5ReplicationAgreement”. I see this message on C for the agreement “C-to-B”. The start-time of the last update is 01:08:33. When I check the status on B, it looks fine for “B-to-C” and “B-to-A”, however, the start-time of the last update is stuck at 01:08:36 for “B-to-C”, whereas A gets updated afterwards as well. I don’t have the values for A! When, I check errors and access on the boxes, I see the following: Errors on A: [10/Nov/2012:01:19:31 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Warning: unable to receive endReplication extended operation response (Timed out) [10/Nov/2012:01:25:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:01:25:05 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:26:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:02:31:55 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:02:31:59 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:43:36 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:03:00 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:08:24 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:03:11:35 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:11:35 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null))
Re: [389-users] MMR issue ...
On 11/13/2012 11:53 AM, Reinhard Nappert wrote: How would you proceed to figure out what is going on there? Since it doesn't appear that the replication logs are giving enough information, and you don't see any disconnects or TCP resets happening in the packet capture, then I guess you have no choice but to familiarize yourself with the source code and use gdb. You see that I ran out of ideas! Thanks *From:*Rich Megginson [mailto:rmegg...@redhat.com] *Sent:* Tuesday, November 13, 2012 1:32 PM *To:* Reinhard Nappert *Cc:* General discussion list for the 389 Directory server project. *Subject:* Re: [389-users] MMR issue ... On 11/13/2012 11:21 AM, Reinhard Nappert wrote: The 3 servers do not crash. I am not sure about the network, though. My first assumption was that the firewall (between A and B) might cause the issue. The latest occurrence (the one, I described) had the firewall removed. I see quite some TCP Retransmissions in the packet captures. Could that be the issue? That could be, although that would mean there are so many tcp retransmissions that take such a long time to process that it causes the application to think the network connection has timed out. -Reinhard *From:*Rich Megginson [mailto:rmegg...@redhat.com] *Sent:* Tuesday, November 13, 2012 1:15 PM *To:* General discussion list for the 389 Directory server project. *Cc:* Reinhard Nappert *Subject:* Re: [389-users] MMR issue ... On 11/13/2012 11:02 AM, Reinhard Nappert wrote: Rich, Do you know what the cause of this issue is? No, I don't know. You would expect that you saw this issue in different deployments, but I only saw it in one instance. If it turns out that the issue I see is identical the issue, you mentioned, I’d like to know, when it was fixed. Upon further investigation, this does not appear to be the same as https://fedorahosted.org/389/ticket/374 I'm not sure what the problem is. I've seen timeouts when servers crash or there are network issues. Thanks, -Reinhard *From:*389-users-boun...@lists.fedoraproject.org mailto:389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Reinhard Nappert *Sent:* Tuesday, November 13, 2012 12:22 PM *To:* Rich Megginson; General discussion list for the 389 Directory server project. *Subject:* Re: [389-users] MMR issue ... I use 1.2.8.2 *From:*Rich Megginson [mailto:rmegg...@redhat.com] *Sent:* Tuesday, November 13, 2012 12:18 PM *To:* General discussion list for the 389 Directory server project. *Cc:* Reinhard Nappert *Subject:* Re: [389-users] MMR issue ... On 11/13/2012 09:24 AM, Reinhard Nappert wrote: Hi, I’ve encountered issues with a MMR setup, which looks like the following: A --- B \ / \ / \ / C The replication works for approximately 24 hours. There are not many changes to the content anyway. After about 1 day, the attribute value of the type “nsds5replicaLastUpdateStatus” changes to “1 Can't acquire busy replica “ of the replication agreement object from type “nsDS5ReplicationAgreement”. I see this message on C for the agreement “C-to-B”. The start-time of the last update is 01:08:33. When I check the status on B, it looks fine for “B-to-C” and “B-to-A”, however, the start-time of the last update is stuck at 01:08:36 for “B-to-C”, whereas A gets updated afterwards as well. I don’t have the values for A! When, I check errors and access on the boxes, I see the following: Errors on A: [10/Nov/2012:01:19:31 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Warning: unable to receive endReplication extended operation response (Timed out) [10/Nov/2012:01:25:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:01:25:05 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:26:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:02:31:55 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:02:31:59 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:43:36 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:03:00 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later.
[389-users] 389ds + modrdn + NSMMReplicationPlugin - Consumer failed to replay change
Good evening, I am requesting some help from the community, I have an issue that I can not seem to resolve. Yesterday I committed a change on a users DN and today I noticed replication issues in my logs. The logs told me the uniqueid # and CSN # So I used cl-dump to dump the changelog into a file. Here are the results of what I grep'ed out: [root@ds]# grep 50a150a40002 -B2 -A13 /var/tmp/change.dump changetype: modrdn replgen: 4ff8a4c1 csn: 50a150a40002 nsuniqueid: 754ce981-e4d411e1-b828c127-7d7e145e dn: uid=auser,ou=threataa,ou=ops,ou=groups,dc=company,dc=net newrdn: uid=auser deleteoldrdn: false newsuperiordn: ou=threatbb,ou=ops,ou=groups,dc=company,dc=net change:: replace: modifiersname modifiersname: cn=directory manager - replace: modifytimestamp modifytimestamp: 20121112194019Z - So now that I know what entry NSMReplicationPlugin is complaining about, I don't know what to do in order to fix it and get replication back on track. I really appreciate any help on this matter, Thank you -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Password + anything works ?
On 11/13/2012 03:51 AM, Ali Jawad wrote: *LDAP password information update failed: Confidentiality required* PAM is attempting to use the password change extended operation. I believe that only happens when /etc/ldap.conf contains pam_password exop. If you don't care at all about security, you can configure pam_password clear, which should work. You're a lot better off creating a certificate and adding it to the client as a CA, though. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: Using mock with --scm-enable and external spec file
Hi dex, On Tue, Nov 13, 2012 at 12:28:53AM +, dexter wrote: On 11 November 2012 01:38, Suvayu Ali fatkasuvayu+li...@gmail.com wrote: Hello again, I mentioned in another thread that I have been trying to build git snapshots for a few packages I use. I tried mock's --scm-enable option to get the packages from git. The spec file in the repository is buggy, so I would like to use the spec file used for Fedora builds with small modifications, however that seems to be not possible. Am I wrong, or did I miss something? Errm you missed something :-) man mock should be your first point of call this should point you to /etc/mock/site-defaults.cfg from there you can concoct a command like: mock --scm-enable --scm-option git_get='git clone SCM_BRN git://localhost/SCM_PKG.git SCM_PKG' \ --scm-option spec=path/to/my.spec more options are in the cfg file oh btw I ain't tried it :-) The man page is rather sparse, for example no description of the SCM_* macros recognised by mock. In any case I did look at site-defaults.cfg, for testing I decided to provide everything on the command line and the following is what I came up with. $ mock --buildsrpm --scm-enable \ --scm-option spec=/path/to/outoftree/SCM_PKG.spec \ --scm-option method=git \ --scm-option package=notmuch \ --scm-option git_get='git clone SCM_BRN /localpath/SCM_PKG SCM_PKG' \ --scm-option branch=master \ --scm-option write_tar=True -v And I get an error message like this: [...] DEBUG: Preparing SCM sources ERROR: Can't find spec file /tmp/tmpHd0D2H.mock-scm.notmuch/notmuch//path/to/outoftree/notmuch.spec DEBUG: Clean SCM checkout directory DEBUG: remove tree: /tmp/tmpHd0D2H.mock-scm.notmuch Now instead if I put the relative path of the buggy spec file in the repository like this: --scm-option spec=relative/path/to/intree/SCM_PKG.spec then the srpm build is finished correctly. What this tells me, mock can either get everything from scm, or everything locally but there is no way of using an out-of-tree spec file with a snapshot from an scm. Do you think there can be any other possibilities? If not, would this be a valid feature request? Thanks for your opinion. -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Understanding rpmbuild check-rpath error
Hi dex, On Mon, Nov 12, 2012 at 11:27:45PM +, dexter wrote: On 11 November 2012 01:21, Suvayu Ali fatkasuvayu+li...@gmail.com wrote: I came across this: http://www.rootninja.com/rpmbuild-check-rpaths-can-break-spec-files/ I guess that means in my case working around by setting QA_RPATHS is the best bet? Alternatively you could try in your install section: chrpath --delete %{buildroot}%{_bindir}%{name} or patch the configure script around line 491 to not include the rpath linker flags. Thanks for this pointers. I however find it strange that I run into this problem with the spec file I got from the fedora srpm! Thanks for the help. :) -- Suvayu Open source is the future. It sets us free. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
Am 13.11.2012 02:31, schrieb Robert Moskowitz: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. I could get another APC 1400, but part of the reason it died was I was not monitoring it to note a battery had failed. And I was not monitoring it because it uses serial connection for the monitoring system. So I am looking at what I might get with a USB monitoring port, either APC or TrippLite and what software would work on Fedora. Can anyone give me the benefit of their experiences? APC, they have usually a USB connector yum install apcupsd for mointoring software signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 12 Nov 2012, Robert Moskowitz wrote: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. Are you sure is not only the battery dead? I could get another APC 1400, but part of the reason it died was I was not monitoring it to note a battery had failed. And I was not monitoring it because it uses serial connection for the monitoring system. So I am looking at what I might get with a USB monitoring port, either APC or TrippLite and what software would work on Fedora. nut can monitor either APC (serial/usb) or TrippLite (serial - not sure about usb). apcupsd can monitor APC (serial/usb). Sincerely, Gabriel - -- // Gabriel VLASIU // // OpenGPG-KeyID : 44952F15 // OpenGPG-Fingerprint: 4AC5 7C26 2FE9 02DA 4906 24B2 D32B 7ED7 4495 2F15 // OpenGPG-URL: http://www.vlasiu.net/public.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJQohBpAAoJENMrftdElS8VdPYP/07UX2oLfQnyEk1bMKbOpa0d 76gW/tgrY6+FOIya3DG/13gHF/zs3VnULfO5M71zB/NP2zat+nGzmUN7/eNL3tJ3 NcFfumjXLfa5BfCSzKgNNIdZoZKuNjeIHBbJf4EXvUSJM3e4Arnyh96RgsvKORp6 BRGFao2kEm8go87oLYy+ZWVREDiysqUr3QI1mrHviFPwHjelGib7PzX7IvWlnbE1 u2XWhKogRiijG1DG4PM6y4yh5oFBKgnrxWo5d+R2/zEhqWyYvX3J9l3IiLzFUwn7 rviapMEvwn3UQbDSGdHnXVfVSV4s1nw3dUIWRtkJS92JevB9n31+0FYnPehfrknO fDW+d+gYQ7vIzd+1WDDm5Kf0g6i8nLi6qNp6Gbrk9evy5c5KAdaS8FEH5SqiS1I0 YGoNGaCb+WE0EoS1y9mEcSda8WEdCYjzjmpAmwpPvy8chhOzee3F/Sdvd7LMMUnU b02WhLsGPJlr93323YdjY/ETIGyshKhh9F5ht6OzAk8UOOldahFgUz5m7aSwEHzT ZWa1jy+dS/TjY1zc89KtZa8dNOcRuu9LSzawjjd7Ykg8AXfLPlJF0ihcjUE2IvED l3jhDjaoJkNxq6sa555ENmw0RpnmDex+BfLBzbrunz8/5DxisqSVwOuWdKwZSFIc JmjFxpcJ56HRFxl/JRba =6ELZ -END PGP SIGNATURE- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
On Mon, Nov 12, 2012 at 10:31 PM, Robert Moskowitz r...@htt-consult.comwrote: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. And replacing the battery is impossible because? FC -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: network manager has gone crazy
jarmo oh1...@nic.fi writes: Mon, 12 Nov 2012 17:27:22 +0100 lee l...@yun.yagibdah.de kirjoitti: Tim ignored_mail...@yahoo.com.au writes: Tim: _EXACTLY_ how are you giving it the data? Lee: I was using system-config-network and editing some files when it didn't work. Well, unless things have changed, then you're fighting two things against each other. System-config-network directly controls the network settings. NetworkManager does whatever it does, dynamically. NetworkManager will clobber settings set elsewhere, unless you specifically configure NetworkManager to leave them alone. You'd need to that through NetworkManager's own interface, or through the configuration files that it pays attention to. Yes and where is this interface and where are the files? How about /etc/NetworkManager ?? Thanks, that looks good :) I'd never have thought: Why would I look for files the names of which start with capital letters? It should be /etc/networkmanager instead. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: network manager has gone crazy
Timothy Murphy gayle...@eircom.net writes: lee wrote: As I understand it, you have asked NM to manage your ethernet connection (in /etc/sysconfig/network-scripts/ifcfg-em1). I believe that NM over-writes /etc/resolv.conf if it cannot establish the specified connection. In my opinion this is silly; but that is what NM does. What it probably does is managing em2 which doesn't exist anymore because I turned off the network adapter in the BIOS. Since em1 wasn't used before, it perhaps tries to keep it disabled by overwriting resolv.conf. Isn't there any way to configure networkmanager? If you don't want NM to manage your connection you should say so in the above ifcfg file. Or at least that is my understanding of the setup. It's better to disable networkmanager when you don't want it to do anything. Why keep a service running that isn't supposed to do anything? Well, I would do both - if you don't want NM to manage any interface why say you do (in /etc/sysconfig/network-scripts/ifcfg-em1)? Why change it when networkmanager is disabled anyway? And I don't see any point in running the NM service if you don't want to use it. I'm not convinced you have shown there is any kind of bug in NM. I don't think I have. It's more Fedora being silly having two different and conflicting things installed by default at the same time without giving users a choice which one to use, without sufficient documentation about any of them and with dependencies on networkmanager that need to be fixed. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
On 11/13/2012 04:06 AM, Reindl Harald wrote: Am 13.11.2012 02:31, schrieb Robert Moskowitz: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. I could get another APC 1400, but part of the reason it died was I was not monitoring it to note a battery had failed. And I was not monitoring it because it uses serial connection for the monitoring system. So I am looking at what I might get with a USB monitoring port, either APC or TrippLite and what software would work on Fedora. Can anyone give me the benefit of their experiences? APC, they have usually a USB connector yum install apcupsd for mointoring software Get a USB to serial adapter Email addresses of ITT Exelis employees have changed from itt.com to exelisinc.com. Please update your favorites and contact information to reflect these changes. This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Exelis Inc. The recipient should check this e-mail and any attachments for the presence of viruses. Exelis Inc. accepts no liability for any damage caused by any virus transmitted by this e-mail. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
[OT] Microsoft Bashing
Hello all, I was sitting in a dentist's waiting room and I came across this article from the August 2012 (really!) edition of Vanity Fair. http://www.vanityfair.com/business/2012/08/microsoft-lost-mojo-steve-ballmer I know we all love to hate Microsoft, but after reading this I *almost* felt sorry for them. I guess many of you know all this, but I found it quite interesting reading. Good ammunition for all you Microsoft bashers... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
Am 13.11.2012 13:10, schrieb Raymond Pittigher: Get a USB to serial adapter Email addresses of ITT Exelis employees have changed from itt.com to exelisinc.com. Please update your favorites and contact information to reflect these changes. This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Exelis Inc. The recipient should check this e-mail and any attachments for the presence of viruses. Exelis Inc. accepts no liability for any damage caused by any virus transmitted by this e-mail. can you please remove your footer / disclaimer if posting to a mailing-list? this is ridiculous for a one-line reply especially if this does not start with a seperator line -- to make the mail-client able display it in another color these disclaimers are generally useless because they say hey now you have to forgot what you did read before signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
KDE dilogs in Firefox
Hi Folks, Surely it's a repeated question, but I don't remember how to do it. How can I set up kde dialogs based on Firefox in Fedora 17. I don't find the packages. Thanks in advance! -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
On 11/13/2012 03:21 AM, Fernando Cassia wrote: On Mon, Nov 12, 2012 at 10:31 PM, Robert Moskowitz r...@htt-consult.com mailto:r...@htt-consult.com wrote: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. And replacing the battery is impossible because? I suspect the charging circuit is fried. The spot where the board is is very hot! Like burn hand hot. I WAS able to pry out the battery tray, and it is running in line conditioner mode (something I really need) for now. But I can't see spending the money for new batteries only to have find out that the ups continues to overheat and reset itself. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [OT] Microsoft Bashing
And now they've ejected the guy responsible for foisting Windows 8 on the world. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Multiple default routes, same subnet
Hi other Fernando, I have two internet links, from different ISPs for my office network, each one with it's own router (which is a linux PC) so I don't loose internet connectivity easily. One ISP has a much higher bandwitch, so usually all my computers use it as the default gateway. The other one is intended as a contingency link. Another point of view for your problem. As one router/link is master and the other is backup and both are linux PC, you can configure VRRP in the LAN side of both of them using as virtual IP the IP configured as default gateway in all your computers. You can have in the master router a script that monitors the internet link and change the priority of the VRRP config according with the status of the internet link. I though of that and found a few howtos on google, but I also found those scripts a but unreliable and taking too long to switch from the primary link to the contingency one. It looks to me a reliable setup would be a real failover cluster, using LVS or pacemaker, something I'd like to avoid. I'm having trouble finding info about VRRP, and iproute2 (policy routing) is proving to be a complex subject. Are they related, or can I use VRRP without iproute2? My routers are not running Fedora. They run IPcop, a very nice trimmed-down Linux distro. I hoped Linux computers would be able to detect a broken default gateway and use another one with a higher metric, bust this just dosen't work, no matter how many pages on the net say it should. :-( []s, Fernando Lozano []s, Fernando Lozano -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fedora support for laplets
On 11/11/2012 09:53 AM, Bill Davidsen wrote: I see a lot of vendors are putting out hybrid tablet-laptops with a touch screen which flips, and traditional keyboard, which can be used in a number of ways, including as a tablet. Has anyone gotten experience with using Fedora on such a machine, and if so how (if at all) was the touch feature supported? I am running Fedora 17 on a Dell Duo that is a couple years old. It shipped with Windows and it sucked. I installed Fedora (15?) on it and it came to life. Its a really nice machine with it. As far as the touch functionality, I had to install drivers manually back then, but I believe that the kernel now ships with them natively. Touch just works in F17, but it ceases to work if I put my Duo to sleep and then resume. Whether it works on your device depends on what hardware it has. I don't know a whole lot about touch functionality in Fedora 17. I haven't played around with it much. The problem with a touchscreen device is that as soon as you want to do real work, it is s slow compared to a keyboard. So what I do is use touch for general browsing and such, but as soon as I want to get serious about something I find myself flipping the keyboard open and typing and using the mouse. I've seen reasonably nice units from Dell and Lenovo, but no nice salespeople who would let me boot them from thumb drive. If you are referring to the new Dell Duo, I think that is one sweet machine. I'd go for it. If I didn't have an Android tablet, I'd go for the new Duo myself. If you are looking for advanced tablet functionality, check out the new Plasma Active release. Rex put a build in the testing repository. I haven't had a chance to test it yet. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Any RPi people on here ?
Is anyone playing around with Fedora on a Raspberry Pi ? How are you finding it ? What are you doing with it ? Thanks -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: System fonts are all messed up ????
On 11/10/2012 10:11 AM, Steve wrote: F16 install, KDE, fully up to date. Did an upgrade to F17 via the F17 DVD. Now all the system fonts are messed up, size wise. All of them are way too large. On the session login screen, for example, the font size in the Username and Password fields are so big that the letters overflow the height of the box. This problem exists everywhere in the session where system fonts are used. Application fonts seem to be fine and are easily adjusted with KDE-System Settings- Application Appearance - Fonts. I cannot figure out where to adjust the size of the system fonts. I have half a dozen Linux systems running F17, all upgraded via the DVD and this is the only one with this problem. What do I do to fix this issue ? Thanks in advance. Does anyone have ANY ideas on this issue ? Thanks -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Any RPi people on here ?
On Tue, 13 Nov 2012 07:41:53 -0700 Steve linuxguy...@gmail.com wrote: Is anyone playing around with Fedora on a Raspberry Pi ? How are you finding it ? What are you doing with it ? Thanks The arm list may be a better bet: https://lists.fedoraproject.org/pipermail/arm/2012-November/004366.html -- Regards, Frank Mary had a little lamb, in a sandwich -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Amarok
Hi Just tried to testplay one mp3 with Amarok. No worky. Require MPEG 1 layer 3 plugin. I have installed all good, bad and ugly :) plugins for Gstreamer, but when trying to play, poup says, that it can't find MPEG 1 layer 3 decoder. Trying to use packagekit to install it, no worky. F17 and all possible updates done. Any idea? Jarmo -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Bob Goodwin: I always naively assumed they were used in the order listed, now you've introduced an element of doubt, I used to presume that, especially when you're presented with a configuration gadget that asked you to enter primary and secondary name server addresses. But that naming has disappeared, and others have described how their systems worked in the ways that I mentioned (I mean various OSs, not just Linux). So, when using different OSs, as I am. And when using OSs that get updated, from time to time, it's best to test, rather than presume they all work the way you expected them to. If it was I could give others the local and then the outside dns addresses, but no that may not work as expected. It may well work fine, if all you ever ask the name servers to do is resolve outside internet addresses. But, if you have a LAN that communicates with things within the LAN, by name, then *all* name queries need to be answered by your LAN DNS server, as no external DNS server can answer any queries about your internal LAN addresses, and there's no way for you to say resolve this name from here, and the rest from anywhere. Your only solution to that conundrum is putting LAN addresses in the hosts file, because that will be queried before asking a DNS server. Which rapidly becomes a nuisance on largish, or expanding networks. And doesn't work on networks with dynamically changing addresses. I suppose I could test that scheme using two of my computers, one getting dns service from the other and see what happened when I shut down the dns of the pair. Yes, all you can do is test, test, test. Then hope that if things are favourable, that they don't change in the next Fedora update. My own tests have always seemed to indicate that Fedora tries the first on the list, first; and only progresses down the list if there's no response to the first name server; and will always try the first server first, on each subsequent query. But my test isn't definitive, I've only done the following test, which isn't an exhaustive test of all the possibilities. 1. Run two name servers on different machines 2. Have them both listed in /etc/resolv.conf 3. Do numerous domain name queries 4. Observe that all answers came from the first server 5. Halt the first name server 6. Do numerous domain name queries 7. Observe that all answers came from the second server, with a slightly longer delay (noticeably slightly delayed, but the returned results only showed 16mS versus 5mS, and I don't think I should be able to observe such a difference, to the degree that I did) 8. Restart the first name server 9. Do numerous domain name queries 10. Observer that all answers came from the first server On point 7: When the first server is answering, the results are virtually instantaneous. i.e. There's a result as soon as I hit the enter key. But when it has to wait for the second server to respond, there's a noticeable wait after hitting enter, before anything comes back. I suspect the times returned in the results (in mS), are actually the speed of the server being queried, ignoring the time waited before attempting the second query. I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. The delay could be quite noticeable if trying to browse websites, and pages incorporated content from other domain names. You'd see content slowly coming in, chunk by chunk. I'm curious about the other person (in this thread) to mention the same name server ordering issues, whether they've tested how their systems worked, and if they knew which other ones worked in the ways they mentioned. Particularly, if they knew of one that randomly used any server listed as one of your name servers. Whatever the problem yesterday it seems to be fixed today. The ISP dns appears to be working normally. However I am still interested in doing anything that improves operation. ISP behaviour changes all the time. Some of them will fiddle with their equipment as much as you might fiddle with your own computer settings. One of my prior ISPs was only one I'd ever seen admit any problems. If I wrote to them and said I had X type of troubles when I logged in at a certain time, and said what IP I'd be assigned, but things worked fine when I logged out and back in again, I'd get a reply back saying that they'd had a look at the appropriate equipment and reset it, sometimes mentioned that they'd noticed a problem with it. Of course I don't know if they were just placating me, but they didn't tell me to do something to my computer, and blame me, like every other ISP has done. They were also, actually helpful
Re: Any RPi people on here ?
2012/11/13 Frank Murphy frankl...@gmail.com On Tue, 13 Nov 2012 07:41:53 -0700 Steve linuxguy...@gmail.com wrote: Is anyone playing around with Fedora on a Raspberry Pi ? How are you finding it ? What are you doing with it ? Thanks The arm list may be a better bet: https://lists.fedoraproject.org/pipermail/arm/2012-November/004366.html -- Regards, Frank Mary had a little lamb, in a sandwich -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org planning to work on it in a few days -- Antonio Montagnani Skype : amontag52 Linux Fedora 17 Beefy Miracle -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [OT] Microsoft Bashing
The best article I've ever read on the change at Microsoft was a memoir by Joel Spolsky (the Joel on Software blog) written in 2006. He wrote about having to pitch a project to Bill Gates, and how important it was that Gates had a technical background. See: http://www.joelonsoftware.com/items/2006/06/16.html billo On Tue, 13 Nov 2012, Arthur Dent wrote: Hello all, I was sitting in a dentist's waiting room and I came across this article from the August 2012 (really!) edition of Vanity Fair. http://www.vanityfair.com/business/2012/08/microsoft-lost-mojo-steve-ballmer I know we all love to hate Microsoft, but after reading this I *almost* felt sorry for them. I guess many of you know all this, but I found it quite interesting reading. Good ammunition for all you Microsoft bashers... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Amarok
On Tue, 13 Nov 2012 16:55:32 +0200 jarmo oh1...@nic.fi wrote: Hi Just tried to testplay one mp3 with Amarok. No worky. Require MPEG 1 layer 3 plugin. I have installed all good, bad and ugly :) plugins for Gstreamer, but when trying to play, poup says, that it can't find MPEG 1 layer 3 decoder. Trying to use packagekit to install it, no worky. F17 and all possible updates done. Any idea? Jarmo Try this: http://www.fluendo.com/shop/product/fluendo-mp3-decoder/ -- Regards, Frank Mary had a little lamb, in a sandwich -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: genkey segfaults when creating new cert
Alex wrote: What are the steps to create a self-signed certificate for apache? These are my notes for CentOS 5, but they should still apply. The view/verify steps are not strictly necessary, but they are useful for checking your work as you go along. Create a Self-Signed SSL Certificate * Create an RSA Private Key # openssl genrsa -des3 -rand /dev/urandom -out www.example.com.key 2048 Enter pass phrase for www.example.com.key: Verifying - Enter pass phrase for www.example.com.key: * Create a Decrypted PEM Version of the RSA Private Key # openssl rsa -in www.example.com.key -out www.example.com.key.unsecure Enter pass phrase for www.example.com.key: * View the Details of the RSA Private Key # openssl rsa -noout -text -in www.example.com.key # cat www.example.com.key.unsecure * Create a PEM Formatted Certificate Signing Request (CSR) # openssl req -new -key www.example.com.key -out www.example.com.csr Enter pass phrase for www.example.com.key: - Country Name (2 letter code) [GB]:GB State or Province Name (full name) [Berkshire]:Berkshire Locality Name (eg, city) [Newbury]:Newbury Organization Name (eg, company) [My Company Ltd]:My Company Ltd Organizational Unit Name (eg, section) []:Secure Server Common Name (eg, your name or your server's hostname) []:www.example.com Email Address []:. Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: * View the Details of the CSR # openssl req -noout -text -in www.example.com.csr # cat www.example.com.csr * Self-Sign the Certificate * Note: A self-signed certificate will cause browsers to generate a security warning. # openssl x509 -req -days 365 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -in www.example.com.csr -signkey www.example.com.key -out www.example.com.crt Enter pass phrase for www.example.com.key: * Verify and View the Signed Certificate * The results of the following two commands should be identical: # openssl x509 -noout -modulus -in www.example.com.crt | openssl sha1 # openssl rsa -noout -modulus -in www.example.com.key | openssl sha1 # openssl x509 -noout -text -in www.example.com.crt # cat www.example.com.crt Regards, Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: network manager has gone crazy
Tim: If using Gnome, there's a desktop taskbar icon for NetworkManager, it lets you pick a network out of a list of available networks (if there are several to choose from), and there's an edit connections menu item to customise particular choices. They could be fully automatic (the client is remotely set by a DHCP server), or you can choose to allow some things to be set by a DHCP server, other things to be manually set, or everything manually set. lee: I'm not using gnome. These so-called desktop-environments aren't doing anything for me but getting in the way. Well, what are you using? Command line, a light weight GUI, something else? Letting us know will help you get better replies. There does appear to be some NetworkManager interface through the command line. Dunno whether it's going to be of any use to you, though. As may have been pointed out in this thread, but definitely in the past, NetworkManager is probably not be suitable for servers. It is geared towards having something else configure your network, usually a server is self-configured, or at least the central server is (the one everything else relies on). I have to admit I'm intrigued to find out what would happen if you ran a DHCP server on a machine with NetworkManager handling the network interfaces. But not sufficiently to try it out, at 2:30 in the morning. Regarding trying to find its configuration files, I would have tried something like: locate -i networkmanager |grep etc -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Make an existing user part of Administrators
From the documentation, (http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/sn-firstboot-systemuser.html ) it seems that checking on administrator just puts the user in the wheel group. Odd -- I thought wheel had been deprecated years ago, and was kept in only for backwards compatibility. Who knew. billo On Tue, 13 Nov 2012, Gianluca Cecchi wrote: Hello, during install of F17 and F18 you are required to create a user. Also, you can flag if you want to make it part of administrator group. What is the command that runs under the scenes? What are the GUI steps to reproduce the same effects for an existing user after install? perhaps: - uncomment the %wheel line in sudoers - make the user part of wheel group ? thanks in advance gianluca -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
firewall configuring
Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? In older versions, system-config-firewall was in the menus, and readily apparent as the thing you went to, to adjust your firewall. But there's nothing, obvious as the way to adjust it, now. You'd have to know about the old tool, or manually write iptables rules. But in this, modern everything is done in the GUI, system, there's nothing showing. I became particularly peeved about this, when CUPS didn't find any printers (or print servers) on my LAN, when it should. And the first port of call, in the past, would be to open up the firewall and allow IPP printing/serving options, as appropriate. But there being no apparent way to the newbie to do this. Gnome developers may well think there's no need for users to fiddle with their firewall, but when the printing doesn't work because the default rules forbid it, not providing any configurator, nor even any clues, smacks of incompetence. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
On Wed, Nov 14, 2012 at 02:47:33AM +1030, Tim wrote: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? I'm not sure about F17, but there's a new tool called firewalld, which includes a new GUI, as a feature for F18. See https://fedoraproject.org/wiki/Features/firewalld-default I think this addresses the rest of your rant. :) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
Il giorno mer, 14/11/2012 alle 02.47 +1030, Tim ha scritto: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? [cut] Try: $ firewall-config Cheers. Gabri -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
On 11/13/2012 10:17 AM, Tim wrote: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? In older versions, system-config-firewall was in the menus, and readily apparent as the thing you went to, to adjust your firewall. But there's nothing, obvious as the way to adjust it, now. You'd have to know about the old tool, or manually write iptables rules. But in this, modern everything is done in the GUI, system, there's nothing showing. I became particularly peeved about this, when CUPS didn't find any printers (or print servers) on my LAN, when it should. And the first port of call, in the past, would be to open up the firewall and allow IPP printing/serving options, as appropriate. But there being no apparent way to the newbie to do this. Gnome developers may well think there's no need for users to fiddle with their firewall, but when the printing doesn't work because the default rules forbid it, not providing any configurator, nor even any clues, smacks of incompetence. Gosh, is it so hard to type system-config-firewall? I'm not sure about Gnome, but on XFCE, it's APPS - Administration - Firewall. -- -- Steve -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fedora support for laplets
El lun, 12-11-2012 a las 16:29 -0600, Robert Moskowitz escribió: On 11/12/2012 07:55 AM, Lailah wrote: El dom, 11-11-2012 a las 11:53 -0500, Bill Davidsen escribió: I see a lot of vendors are putting out hybrid tablet-laptops with a touch screen which flips, and traditional keyboard, which can be used in a number of ways, including as a tablet. Has anyone gotten experience with using Fedora on such a machine, and if so how (if at all) was the touch feature supported? I've seen reasonably nice units from Dell and Lenovo, but no nice salespeople who would let me boot them from thumb drive. Oh, I will explain a little bit more. I have a netbook that, originally, came with an Ubuntu 10.04. I try other Linux distributions until I choose Fedora 16. In this Fedora, Verne, battery life was fine. Not the better but fine. But when I installed Fedora 17, was other story. My battery life was markedly shorter. To install Jupiter improved energy consumption. That's all. May be I failed finding tools to save energy... I hope this clarified your doubts. Regards, Lailah signature.asc Description: This is a digitally signed message part -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
On Wed, 2012-11-14 at 02:47 +1030, Tim wrote: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? Not sure about a gui - lokkit is the tool I use. Commandline yes, but it's a lot easier to use than editing /etc/sysconfig/iptables. -- Best Regards Peter Larsen Wise words of the day: A Linux machine! Because a 486 is a terrible thing to waste! -- Joe Sloan, j...@wintermute.ucr.edu signature.asc Description: This is a digitally signed message part -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
On Tue, 13 Nov 2012 10:29:18 -0600 Steven Stern subscribed-li...@sterndata.com wrote: On 11/13/2012 10:17 AM, Tim wrote: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? In older versions, system-config-firewall was in the menus, and readily apparent as the thing you went to, to adjust your firewall. But there's nothing, obvious as the way to adjust it, Gosh, is it so hard to type system-config-firewall? I'm not sure about Gnome, but on XFCE, it's APPS - Administration - Firewall. To be fair, Steven, I think Tim's annoyance is that, system-config--firewall in not default in Gno me. -- The opulence of the front office door varies inversely with the fundamental solvency of the firm. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 13/11/12 09:59, Tim wrote: I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. It looks like there is a way. From man resolv.conf: options Options allows certain internal resolver variables to be modified. The syntax is options option ... where option is one of the following: timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see resolv.h). The value for this option is silently capped to 30. attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see resolv.h). The value for this option is silently capped to 5. It's not clear to me how to type the command though. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Any RPi people on here ?
On 11/13/2012 07:45 AM, Frank Murphy wrote: The arm list may be a better bet: https://lists.fedoraproject.org/pipermail/arm/2012-November/004366.html Already subscribed, thanks. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Make an existing user part of Administrators
On Tue, Nov 13, 2012 at 04:10:02PM +, Bill Oliver wrote: Odd -- I thought wheel had been deprecated years ago, and was kept in only for backwards compatibility. Who knew. reference? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Make an existing user part of Administrators
On Tue, Nov 13, 2012 at 04:10:02PM +, Bill Oliver wrote: From the documentation, (http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/sn-firstboot-systemuser.html ) it seems that checking on administrator just puts the user in the wheel group. It just does that, *but*, many things in the distribution, including sudo, consolehelper, and policykit, are configured to understand that this means that the user is an admin. Odd -- I thought wheel had been deprecated years ago, and was kept in only for backwards compatibility. Who knew. Many people? :) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On Wed, Nov 14, 2012 at 01:29:31 +1030, Tim ignored_mail...@yahoo.com.au wrote: It may well work fine, if all you ever ask the name servers to do is resolve outside internet addresses. But, if you have a LAN that communicates with things within the LAN, by name, then *all* name queries need to be answered by your LAN DNS server, as no external DNS server can answer any queries about your internal LAN addresses, and there's no way for you to say resolve this name from here, and the rest from anywhere. Your only solution to that conundrum is putting LAN addresses in the hosts file, because that will be queried before asking a DNS server. Which rapidly becomes a nuisance on largish, or expanding networks. And doesn't work on networks with dynamically changing addresses. You can use tinydns and dnscache to work around this. I think there are also ways to do it with bind, but I don't use it and can't say for sure. dnscache allows you to specify that certain domains (the local LAN domain in this case) are handled by dns servers at specific IP addresses rather than starting at the root for discovery. You can use tinydns to provide DNS information for your local domain name. Machines on your LAN just need to point to the dnscache server(s) to resolve both public and local domain information. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Make an existing user part of Administrators
Hi, I don't directly get ml e-mails in my inbox and I see that Bill Oliver post is empty at archive link: http://lists.fedoraproject.org/pipermail/users/2012-November/426712.html I only see some references to his reply (such as install doc link) in other users' replies... It would also be good to see the other things as written by Matthew Miller: ... many things in the distribution, including sudo, consolehelper, and policykit, are configured to understand that this means that the user is an admin. The sudo part is simple but the other ones? Any graphical way after install to make the same thing? Gianluca -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: genkey segfaults when creating new cert
Hi, What are the steps to create a self-signed certificate for apache? These are my notes for CentOS 5, but they should still apply. The view/verify steps are not strictly necessary, but they are useful for checking your work as you go along. Create a Self-Signed SSL Certificate * Create an RSA Private Key # openssl genrsa -des3 -rand /dev/urandom -out www.example.com.key 2048 Enter pass phrase for www.example.com.key: Verifying - Enter pass phrase for www.example.com.key: It won't accept an empty password. How do I create a key without a password so I don't have to enter it every time I restart apache? Thanks, Alex -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [389-users] MMR issue ...
On 11/13/2012 09:24 AM, Reinhard Nappert wrote: Hi, I’ve encountered issues with a MMR setup, which looks like the following: A --- B \ / \ / \ / C The replication works for approximately 24 hours. There are not many changes to the content anyway. After about 1 day, the attribute value of the type “nsds5replicaLastUpdateStatus” changes to “1 Can't acquire busy replica “ of the replication agreement object from type “nsDS5ReplicationAgreement”. I see this message on C for the agreement “C-to-B”. The start-time of the last update is 01:08:33. When I check the status on B, it looks fine for “B-to-C” and “B-to-A”, however, the start-time of the last update is stuck at 01:08:36 for “B-to-C”, whereas A gets updated afterwards as well. I don’t have the values for A! When, I check errors and access on the boxes, I see the following: Errors on A: [10/Nov/2012:01:19:31 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Warning: unable to receive endReplication extended operation response (Timed out) [10/Nov/2012:01:25:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:01:25:05 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:26:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:02:31:55 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:02:31:59 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:43:36 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:03:00 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:08:24 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:03:11:35 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:11:35 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:14:45 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:14:52 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:03:33:29 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:33:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:43:29 -0300] slapi_ldap_bind - Error: timeout after [0.0] seconds reading bind response for [cn=replication,cn=config] mech [SIMPLE] [10/Nov/2012:03:43:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 85 (Timed out) ((null)) [10/Nov/2012:03:46:39 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:46:39 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:46:42 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:05:12:02 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:06:16:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a
Re: [389-users] MMR issue ...
I use 1.2.8.2 From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Tuesday, November 13, 2012 12:18 PM To: General discussion list for the 389 Directory server project. Cc: Reinhard Nappert Subject: Re: [389-users] MMR issue ... On 11/13/2012 09:24 AM, Reinhard Nappert wrote: Hi, I’ve encountered issues with a MMR setup, which looks like the following: A --- B \ / \ / \ / C The replication works for approximately 24 hours. There are not many changes to the content anyway. After about 1 day, the attribute value of the type “nsds5replicaLastUpdateStatus” changes to “1 Can't acquire busy replica “ of the replication agreement object from type “nsDS5ReplicationAgreement”. I see this message on C for the agreement “C-to-B”. The start-time of the last update is 01:08:33. When I check the status on B, it looks fine for “B-to-C” and “B-to-A”, however, the start-time of the last update is stuck at 01:08:36 for “B-to-C”, whereas A gets updated afterwards as well. I don’t have the values for A! When, I check errors and access on the boxes, I see the following: Errors on A: [10/Nov/2012:01:19:31 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Warning: unable to receive endReplication extended operation response (Timed out) [10/Nov/2012:01:25:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:01:25:05 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:26:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:02:31:55 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:02:31:59 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:43:36 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:03:00 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:08:24 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:03:11:35 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:11:35 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:14:45 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:14:52 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:03:33:29 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:33:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:43:29 -0300] slapi_ldap_bind - Error: timeout after [0.0] seconds reading bind response for [cn=replication,cn=config] mech [SIMPLE] [10/Nov/2012:03:43:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 85 (Timed out) ((null)) [10/Nov/2012:03:46:39 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:46:39 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:46:42 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:05:12:02 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication
Re: Make an existing user part of Administrators
On Tue, Nov 13, 2012 at 05:54:50PM +0100, Gianluca Cecchi wrote: I only see some references to his reply (such as install doc link) in other users' replies... It would also be good to see the other things as written by Matthew Miller: ... many things in the distribution, including sudo, consolehelper, and policykit, are configured to understand that this means that the user is an admin. The sudo part is simple but the other ones? Any graphical way after install to make the same thing? I'm sorry, I don't understand what you're asking here. You can use the graphical users and groups tool to add people to the wheel group. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim: It may well work fine, if all you ever ask the name servers to do is resolve outside internet addresses. But, if you have a LAN that communicates with things within the LAN, by name, then *all* name queries need to be answered by your LAN DNS server, as no external DNS server can answer any queries about your internal LAN addresses, and there's no way for you to say resolve this name from here, and the rest from anywhere. Your only solution to that conundrum is putting LAN addresses in the hosts file, because that will be queried before asking a DNS server. Which rapidly becomes a nuisance on largish, or expanding networks. And doesn't work on networks with dynamically changing addresses. Bruno Wolff III: You can use tinydns and dnscache to work around this. I think there are also ways to do it with bind, but I don't use it and can't say for sure. BIND allows you to do all sorts of magic tricks about how it answers queries, but you don't have to do anything fancy to make BIND handle local and external addresses properly. You just put your local addresses in as normal records, and it answers them fine. It goes out to the root servers, as a DNS server should to, to answer queries about addresses it doesn't know about. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [389-users] segfault while moving entry to non-existent LDAP container
(2012/11/13 05:22), Rich Megginson wrote: On 11/13/2012 03:30 AM, Vladimir Elisseev wrote: Hello, First of all I'd say that most likely this segfault is a result of badly designed application and/or bad coding. The segfault occurs while this application tries to move an entry to non-existing LDAP container. Unfortunately I don't have access to the source code of this app. The segfault is below with backtrace from dgb: ns-slapd[4983]: segfault at 18 ip 7f2ed4a60759 sp 7f2e955e13e0 error 4 in libback-ldbm.so[7f2ed4a34000+8f000] #0 0x7f2ed4a60759 in id2entry_add_ext () from /usr/lib64/dirsrv/plugins/libback-ldbm.so #1 0x7f2ed4a8a34c in modify_update_all () from /usr/lib64/dirsrv/plugins/libback-ldbm.so #2 0x7f2ed4a8eb4f in ldbm_back_modrdn () from /usr/lib64/dirsrv/plugins/libback-ldbm.so #3 0x7f2eddbecdaa in ?? () from /usr/lib64/dirsrv/libslapd.so.0 #4 0x7f2eddbed66c in do_modrdn () from /usr/lib64/dirsrv/libslapd.so.0 #5 0x00413904 in ?? () #6 0x7f2edc0369e3 in ?? () from /lib64/libnspr4.so #7 0x7f2edb9d9851 in start_thread () from /lib64/libpthread.so.0 #8 0x7f2edb72711d in clone () from /lib64/libc.so.6 I'd appreciate any thoughts regarding what kind of (bad) things this application is doing. Is it possible to have a kind of protection in this case on directory server? rpm -q 389-ds-base Can you provide a full stack trace based on the instructions at http://port389.org/wiki/FAQ#Debugging_Crashes ? Also, can we have the modrdn operation you executed? Command line history and/or the snippet of the access log would be helpful. I tried these modrdns, but it failed with the expected errors... And the server is up and running after that. $ ldapmodify ... dn: cn=HR,ou=Groups,dc=example,dc=com changetype: modrdn newrdn: cn=HR deleteoldrdn: 1 newsuperior: ou=bogus,dc=example,dc=com modifying rdn of entry cn=HR,ou=Groups,dc=example,dc=com ldap_rename: No such object (32) matched DN: dc=example,dc=com $ ldapmodify ... dn: cn=HR,ou=Groups,dc=example,dc=com changetype: modrdn newrdn: cn=HR deleteoldrdn: 1 newsuperior: o=bogus.com modifying rdn of entry cn=HR,ou=Groups,dc=example,dc=com ldap_rename: Operation affects multiple DSAs (71) additional info: Cannot move entries across backends -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: DNS problems this morning -
Tim wrote: I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. Bob Goodwin: It looks like there is a way. As I mentioned further down in my prior message... (the same details, and the strange lack of a resolv.conf man file on my installation). From man resolv.conf: options Options allows certain internal resolver variables to be modified. The syntax is options option ... where option is one of the following: timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see resolv.h). The value for this option is silently capped to 30. The default timeout on my system is definitely not 5 seconds, so it's been reset /somewhere/. attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see resolv.h). The value for this option is silently capped to 5. It's not clear to me how to type the command though. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 08:38 AM, Bob Goodwin - Zuni, Virginia, USA issued this missive: On 13/11/12 09:59, Tim wrote: I seem to recall that there is a way to set the timeout delay before abandoning the first query, and querying the next server, but I don't recall the details, and there's no man file for resolv.conf on this installation of F17. I don't know if there's configuration options about always trying the first server, first. It looks like there is a way. From man resolv.conf: options Options allows certain internal resolver variables to be modified. The syntax is options option ... where option is one of the following: timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see resolv.h). The value for this option is silently capped to 30. attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see resolv.h). The value for this option is silently capped to 5. It's not clear to me how to type the command though. You don't. You put the entries in the /etc/resolv.conf file and the resolver library picks them up. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... If you've ever run a big network (or a really popular one) you can watch the DNS servers get pummeled--especially if you have short TTLs set on the records. That being said, even a busy name server should respond in 5 seconds or less, so that seems reasonable. The default retry count is 2 (not 5) so the defaults as stated would result in a 10 second delay before the second DNS server is consulted. Yes, that seems an eternity, but not everyone has fast Internet access. There are still people with dial-up service (hard to believe, but they're out there). The standards were set up to accommodate these older environments. If you want a true giggle, look up RFC 1149, Transmission of IP Datagrams on Avian Carriers and be glad that it never caught on. :-) You can put in as long a timeout or as many retries as you want, but the library will limit timeouts to no more than 30 seconds (even if you specify 45) and no more than 5 retries (even if you specify 10). That's what the silently capped bit means. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - To err is human. To forgive, a large sum of money is needed.- -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: genkey segfaults when creating new cert
Alex wrote: It won't accept an empty password. How do I create a key without a password so I don't have to enter it every time I restart apache? Use the decrypted key in your Apache configuration as follows: # Point to the PEM-encoded certificate and private key SSLCertificateFile /etc/httpd/conf/ssl.crt/www.example.com.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.example.com.key.unsecure Regards, Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 10:04 AM, Tim issued this missive: snip My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? That's the right syntax, but since you only have one name server specified the timeout would be essentially ignored. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - I'd explain it to you, but your brain might explode. - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
Allegedly, on or about 13 November 2012, Steven Stern sent: Gosh, is it so hard to type system-config-firewall? I'm not sure about Gnome, but on XFCE, it's APPS - Administration - Firewall. The point being that new users will not know about it. There's no mention of firewall in any of the control options in the control configurator. There is no-longer a menu. And if you do switch to the fallback desktop option that does give you a menu, there's nothing that mentions a firewall in there, either. It's, now, most definitely a GUI system. Users are expected not to have to resort to the command line. Why the hell isn't such a basic thing in the system preferences? Not to mention that the error messages in the printer configurator aren't of any help, either: Firewalld isn't running (what the hell is that?). It says mdns needs to be allowed in the firewall. Really? Why would I want that allowed if I'm not using avahi? It's wrong advice to blandly say I must allow that. And it says Samba must be allowed. Again, unless I'm actually using Samba, and the printing aspects of it, it's wrong to advise that the firewall must allow that through. Geez, but it's badly handled. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
Tim: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? Gabriele Trombini: Try: $ firewall-config Nup, nothing other than firefox begins with fire on this system, even as the root user. Another blunder for the Gnome desktop installation. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [389-users] MMR issue ...
On 11/13/2012 11:02 AM, Reinhard Nappert wrote: Rich, Do you know what the cause of this issue is? No, I don't know. You would expect that you saw this issue in different deployments, but I only saw it in one instance. If it turns out that the issue I see is identical the issue, you mentioned, I’d like to know, when it was fixed. Upon further investigation, this does not appear to be the same as https://fedorahosted.org/389/ticket/374 I'm not sure what the problem is. I've seen timeouts when servers crash or there are network issues. Thanks, -Reinhard *From:*389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] *On Behalf Of *Reinhard Nappert *Sent:* Tuesday, November 13, 2012 12:22 PM *To:* Rich Megginson; General discussion list for the 389 Directory server project. *Subject:* Re: [389-users] MMR issue ... I use 1.2.8.2 *From:*Rich Megginson [mailto:rmegg...@redhat.com] *Sent:* Tuesday, November 13, 2012 12:18 PM *To:* General discussion list for the 389 Directory server project. *Cc:* Reinhard Nappert *Subject:* Re: [389-users] MMR issue ... On 11/13/2012 09:24 AM, Reinhard Nappert wrote: Hi, I’ve encountered issues with a MMR setup, which looks like the following: A --- B \ / \ / \ / C The replication works for approximately 24 hours. There are not many changes to the content anyway. After about 1 day, the attribute value of the type “nsds5replicaLastUpdateStatus” changes to “1 Can't acquire busy replica “ of the replication agreement object from type “nsDS5ReplicationAgreement”. I see this message on C for the agreement “C-to-B”. The start-time of the last update is 01:08:33. When I check the status on B, it looks fine for “B-to-C” and “B-to-A”, however, the start-time of the last update is stuck at 01:08:36 for “B-to-C”, whereas A gets updated afterwards as well. I don’t have the values for A! When, I check errors and access on the boxes, I see the following: Errors on A: [10/Nov/2012:01:19:31 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Warning: unable to receive endReplication extended operation response (Timed out) [10/Nov/2012:01:25:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:01:25:05 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:26:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:02:31:55 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:02:31:59 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:43:36 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:03:00 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:08:24 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:03:11:35 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:11:35 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:14:45 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:14:52 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:03:33:29 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:33:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:43:29 -0300] slapi_ldap_bind -
Qalc interprets 1,000 as a vector
I've been very happy with the desk calculator Qalc, except for one thing. If you enter a comma separated number, say 1,000 (easy to do if you paste it in from a financial web site), qalc interprets it as a vector. Is there any way to suppress this? The documentation indicates that it should be possible by setting the locale correctly, but I haven't been able to get it to work. Here's the situation: My locale $ locale LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 LC_NUMERIC=en_US.UTF-8 LC_TIME=en_US.UTF-8 LC_COLLATE=POSIX LC_MONETARY=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 LC_PAPER=en_US.UTF-8 LC_NAME=en_US.UTF-8 LC_ADDRESS=en_US.UTF-8 LC_TELEPHONE=en_US.UTF-8 LC_MEASUREMENT=en_US.UTF-8 LC_IDENTIFICATION=en_US.UTF-8 LC_ALL= A short session using the command line interface to qalc (empty lines edited out for brevity): $ qalc 1,234 [1, 234] = [1, 234] $1,234 [dollar * 1, 234] = [$1, 234] 1,1 [1, 1] = [1, 1] 2,3 [2, 3] = [2, 3] + [1, 1] + [2, 3] = [3, 4] quit Qalculate! 0.9.7 (Using KDE 3.5.10-38-fc17 Fedora) Running on x86_64 hardware -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
GDM has wrong monitor resolution, with a bit of a howto
For some reason, my installation picks the wrong monitor resolution, by default. In my case, less resolution than it could manage, and results in a weird aspect ratio. So I have to manually configure each user to use the correct one, which is a bit annoying. That leaves gdm with the wrong resolution, and not quite so easily resolved. However, copying a working ~/.config/monitors.xml file over to the gdm homespace in /var/lib/gdm/.config/monitors.xml fixes that up. Also copying it into /etc/skel/.config/monitors.xml ought to preset any new users with a working screen resolution, but I haven't tested that, yet. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: [389-users] MMR issue ...
The 3 servers do not crash. I am not sure about the network, though. My first assumption was that the firewall (between A and B) might cause the issue. The latest occurrence (the one, I described) had the firewall removed. I see quite some TCP Retransmissions in the packet captures. Could that be the issue? -Reinhard From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Tuesday, November 13, 2012 1:15 PM To: General discussion list for the 389 Directory server project. Cc: Reinhard Nappert Subject: Re: [389-users] MMR issue ... On 11/13/2012 11:02 AM, Reinhard Nappert wrote: Rich, Do you know what the cause of this issue is? No, I don't know. You would expect that you saw this issue in different deployments, but I only saw it in one instance. If it turns out that the issue I see is identical the issue, you mentioned, I’d like to know, when it was fixed. Upon further investigation, this does not appear to be the same as https://fedorahosted.org/389/ticket/374 I'm not sure what the problem is. I've seen timeouts when servers crash or there are network issues. Thanks, -Reinhard From: 389-users-boun...@lists.fedoraproject.orgmailto:389-users-boun...@lists.fedoraproject.org [mailto:389-users-boun...@lists.fedoraproject.org] On Behalf Of Reinhard Nappert Sent: Tuesday, November 13, 2012 12:22 PM To: Rich Megginson; General discussion list for the 389 Directory server project. Subject: Re: [389-users] MMR issue ... I use 1.2.8.2 From: Rich Megginson [mailto:rmegg...@redhat.com] Sent: Tuesday, November 13, 2012 12:18 PM To: General discussion list for the 389 Directory server project. Cc: Reinhard Nappert Subject: Re: [389-users] MMR issue ... On 11/13/2012 09:24 AM, Reinhard Nappert wrote: Hi, I’ve encountered issues with a MMR setup, which looks like the following: A --- B \ / \ / \ / C The replication works for approximately 24 hours. There are not many changes to the content anyway. After about 1 day, the attribute value of the type “nsds5replicaLastUpdateStatus” changes to “1 Can't acquire busy replica “ of the replication agreement object from type “nsDS5ReplicationAgreement”. I see this message on C for the agreement “C-to-B”. The start-time of the last update is 01:08:33. When I check the status on B, it looks fine for “B-to-C” and “B-to-A”, however, the start-time of the last update is stuck at 01:08:36 for “B-to-C”, whereas A gets updated afterwards as well. I don’t have the values for A! When, I check errors and access on the boxes, I see the following: Errors on A: [10/Nov/2012:01:19:31 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Warning: unable to receive endReplication extended operation response (Timed out) [10/Nov/2012:01:25:01 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:01:25:05 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:26:29 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:02:31:55 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:02:31:59 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth resumed [10/Nov/2012:02:43:36 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:03:00 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Timed out). Will retry later. [10/Nov/2012:03:08:24 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Unable to receive the response for a startReplication extended operation to consumer (Can't contact LDAP server). Will retry later. [10/Nov/2012:03:11:35 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:11:35 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B (B:389): Replication bind with SIMPLE auth failed: LDAP error 91 (Can't connect to the LDAP server) ((null)) [10/Nov/2012:03:14:45 -0300] slapi_ldap_bind - Error: could not send bind request for id [cn=replication,cn=config] mech [SIMPLE]: error 91 (Can't connect to the LDAP server) -5961 (TCP connection reset by peer.) 115 (Operation now in progress) [10/Nov/2012:03:14:52 -0300] NSMMReplicationPlugin - agmt=cn=A-to-B
Re: firewall configuring
On 11/13/2012 10:47 AM, Gabriele Trombini wrote: Il giorno mer, 14/11/2012 alle 02.47 +1030, Tim ha scritto: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? [cut] Try: $ firewall-config Cheers. Gabri yum search firewall-config Warning: No matches found for: firewall-config No Matches found -- -- Steve -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
locale settings
Is anyone else using Fedora in Australia and noticed that locale settings aren't what they ought to be? Specifically that the system locale, despite being set up during post-installation, was on a US setting. And that personal locales inherit that, and each logon needs manually setting to Australian. And that applications that print need manually setting to A4, instead of already being preset to A4 by the locale (or even not preselecting from the printer settings). -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
On Tue, 13 Nov 2012 17:47:43 +0100 Gabriele Trombini mai...@fedoraonline.it wrote: Try: $ firewall-config That is one of the firewalld pkgs, not available in F17, F18+ -- The greatest warriors are the ones who fight for peace. -- Holly Near -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Tim: My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? Rick Stevens: That's the right syntax, but since you only have one name server specified the timeout would be essentially ignored. When tried on my actual settings, which did have two nameservers, it didn't appear to change anything. Well, not to the dig or nslookup commands. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
Il giorno 13/nov/2012, alle ore 19:27, Steven Stern subscribed-li...@sterndata.com ha scritto: yum search firewall-config Warning: No matches found for: firewall-config No Matches found -- -- Steve -- Yes you're right, i'm on F18. I thought it was also on f17. Cheers Gabri -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
On 11/13/2012 10:30 AM, Frank Murphy issued this missive: On Tue, 13 Nov 2012 17:47:43 +0100 Gabriele Trombini mai...@fedoraonline.it wrote: Try: $ firewall-config That is one of the firewalld pkgs, not available in F17, F18+ firewalld is available for F17: Available Packages firewalld.noarch 0.2.5-1.fc17 fedora -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - To err is human, to moo bovine. - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 10:31 AM, Tim issued this missive: Tim: My reading of the man file suggested that one would add the options into the resolv.conf file. Else why else are they mentioned in the man file for it? e.g. /etc/resolv.conf domain lan.example.com. search lan.example.com. nameserver 192.168.1.2 options timeout:1 But what would the syntax be? Like I've tried, above? Are there any samples in your man file? Rick Stevens: That's the right syntax, but since you only have one name server specified the timeout would be essentially ignored. When tried on my actual settings, which did have two nameservers, it didn't appear to change anything. Well, not to the dig or nslookup commands. It may have to be above the nameserver specifications: domain blah search blah options attempts:1 timeout:2 nameserver blah nameserver blah In other words, it may only take effect from the time it's seen in the file. If you put it at the end, it has no effect. Not sure about that, but give it a whirl. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 13/11/12 13:06, Rick Stevens wrote: You don't. You put the entries in the /etc/resolv.conf file and the resolver library picks them up. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... If you've ever run a big network (or a really popular one) you can watch the DNS servers get pummeled--especially if you have short TTLs set on the records. That being said, even a busy name server should respond in 5 seconds or less, so that seems reasonable. The default retry count is 2 (not 5) so the defaults as stated would result in a 10 second delay before the second DNS server is consulted. Yes, that seems an eternity, but not everyone has fast Internet access. There are still people with dial-up service (hard to believe, but they're out there). The standards were set up to accommodate these older environments. If you want a true giggle, look up RFC 1149, Transmission of IP Datagrams on Avian Carriers and be glad that it never caught on. :-) You can put in as long a timeout or as many retries as you want, but the library will limit timeouts to no more than 30 seconds (even if you specify 45) and no more than 5 retries (even if you specify 10). That's what the silently capped bit means. I've tried the following: # Generated by NetworkManager nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 timeout:1 attempts:1 I moved 127.0.0.1 to the first line and added the last two limitations. The only way I have to judge time is watching the bottom of the Firefox display where it tells me it's Looking up an address and doing a number of reloads on a complex page, e.g. http://www.weather.com/weather/tenday/23898. It appears to moving through rapidly, I don't see it dwelling on Looking up but for a fraction of a second, spending more time transferring data. Is there a better way to test? -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 11:12 AM, Bob Goodwin - Zuni, Virginia, USA issued this missive: On 13/11/12 13:06, Rick Stevens wrote: You don't. You put the entries in the /etc/resolv.conf file and the resolver library picks them up. The 5 second timeout seems much to long when combined with 5 tries, perhaps fewer tries would be better? However I imagine there were good reasons for the defaulsts ... If you've ever run a big network (or a really popular one) you can watch the DNS servers get pummeled--especially if you have short TTLs set on the records. That being said, even a busy name server should respond in 5 seconds or less, so that seems reasonable. The default retry count is 2 (not 5) so the defaults as stated would result in a 10 second delay before the second DNS server is consulted. Yes, that seems an eternity, but not everyone has fast Internet access. There are still people with dial-up service (hard to believe, but they're out there). The standards were set up to accommodate these older environments. If you want a true giggle, look up RFC 1149, Transmission of IP Datagrams on Avian Carriers and be glad that it never caught on. :-) You can put in as long a timeout or as many retries as you want, but the library will limit timeouts to no more than 30 seconds (even if you specify 45) and no more than 5 retries (even if you specify 10). That's what the silently capped bit means. I've tried the following: # Generated by NetworkManager nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 timeout:1 attempts:1 I moved 127.0.0.1 to the first line and added the last two limitations. The only way I have to judge time is watching the bottom of the Firefox display where it tells me it's Looking up an address and doing a number of reloads on a complex page, e.g. http://www.weather.com/weather/tenday/23898. It appears to moving through rapidly, I don't see it dwelling on Looking up but for a fraction of a second, spending more time transferring data. Is there a better way to test? Format is options timeout:1 attempts:1, and I'd move it above the nameserver lines. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - Grabel's Law: 2 is not equal to 3--not even for large values of 2. - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 13/11/12 14:32, Rick Stevens wrote: Is there a better way to test? Format is options timeout:1 attempts:1, and I'd move it above the nameserver lines. Good, I've changed resolv.conf: [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager options timeout:1 attempts:1 nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 It appears to be working very well observing the information in the Firefox display. Certainly no trace of the problems I had this weekend, but then it appears Viasat has fixed whatever broke. -- http://www.qrz.com/db/W2BOD box7 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
Tim ignored_mail...@yahoo.com.au writes: Allegedly, on or about 13 November 2012, Steven Stern sent: Gosh, is it so hard to type system-config-firewall? I'm not sure about Gnome, but on XFCE, it's APPS - Administration - Firewall. The point being that new users will not know about it. There's no mention of firewall in any of the control options in the control configurator. There is no-longer a menu. And if you do switch to the fallback desktop option that does give you a menu, there's nothing that mentions a firewall in there, either. It's, now, most definitely a GUI system. Users are expected not to have to resort to the command line. Why the hell isn't such a basic thing in the system preferences? That is the problem, with Fedora you don't start with a minimal install as it should be, and the documentation is insufficient. Nowadays users are expected to know everything out of nothing, and forcing them into GUIs is taken as an excuse for the lack of documentation. The result is incompetence, which is encountered with GUIs that are more intuitively to use. People need to realize that this is the wrong way to go. Not to mention that the error messages in the printer configurator aren't of any help, either: Firewalld isn't running (what the hell is that?). It says mdns needs to be allowed in the firewall. Really? Why would I want that allowed if I'm not using avahi? It's wrong advice to blandly say I must allow that. And it says Samba must be allowed. Again, unless I'm actually using Samba, and the printing aspects of it, it's wrong to advise that the firewall must allow that through. Geez, but it's badly handled. Perhaps they refer to the outgoing traffic through the firewall without making that sufficiently clear, trying to get away with insufficient documentation ... -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Fedora support for laplets
Lailah lailah...@gmail.com writes: El lun, 12-11-2012 a las 16:29 -0600, Robert Moskowitz escribió: On 11/12/2012 07:55 AM, Lailah wrote: El dom, 11-11-2012 a las 11:53 -0500, Bill Davidsen escribió: I see a lot of vendors are putting out hybrid tablet-laptops with a touch screen which flips, and traditional keyboard, which can be used in a number of ways, including as a tablet. Has anyone gotten experience with using Fedora on such a machine, and if so how (if at all) was the touch feature supported? I've seen reasonably nice units from Dell and Lenovo, but no nice salespeople who would let me boot them from thumb drive. Oh, I will explain a little bit more. I have a netbook that, originally, came with an Ubuntu 10.04. I try other Linux distributions until I choose Fedora 16. In this Fedora, Verne, battery life was fine. Not the better but fine. But when I installed Fedora 17, was other story. My battery life was markedly shorter. To install Jupiter improved energy consumption. That's all. May be I failed finding tools to save energy... I hope this clarified your doubts. There is some documentation on http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/Power_Management_Guide/index.html which might be interesting for you. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
Robert Moskowitz r...@htt-consult.com writes: On 11/13/2012 03:21 AM, Fernando Cassia wrote: On Mon, Nov 12, 2012 at 10:31 PM, Robert Moskowitz r...@htt-consult.com mailto:r...@htt-consult.com wrote: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. And replacing the battery is impossible because? I suspect the charging circuit is fried. The spot where the board is is very hot! Like burn hand hot. I WAS able to pry out the battery tray, and it is running in line conditioner mode (something I really need) for now. But I can't see spending the money for new batteries only to have find out that the ups continues to overheat and reset itself. If cells of the batteries are shorted out, they might draw a strong current which might be causing the UPS to get hot. BTW, do I need to set up something to monitor my UPS, or is that all covered by default after installing Fedora? I can see upowerd running, but its manpage doesn't tell me much, so I don't know what it actually does. Is there a way to get some information from the UPS like there was with nut? If something is configured to happen when the power fails (and the battery runs low), where are the configuration files for this? -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
Matthew Miller mat...@fedoraproject.org writes: On Wed, Nov 14, 2012 at 02:47:33AM +1030, Tim wrote: Why isn't there a thingy for configuring the firewall in the system settings collection of configurators for Fedora 17? I'm not sure about F17, but there's a new tool called firewalld, which includes a new GUI, as a feature for F18. See https://fedoraproject.org/wiki/Features/firewalld-default I think this addresses the rest of your rant. :) Great, that is going to conflict with my shorewall configuration when I update. And running another daemon process all the time for something that rarely ever changes once it's set up? Adding even more dependencies with networkmanager? Involving d-bus which is something nobody understands? That just sucks. I still haven't even found a way to disable the DVD-drive polling. Where is the configuration for that? Or what makes the light flash all the time? -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Multiple default routes, same subnet
Fernando Lozano ferna...@lozano.eti.br writes: Hi, I have two internet links, from different ISPs for my office network, each one with it's own router (which is a linux PC) so I don't loose internet connectivity easily. One ISP has a much higher bandwitch, so usually all my computers use it as the default gateway. The other one is intended as a contingency link. Today I have to manually change the default gateway on all computers when the main link goes down. I want an automated way to do this. All how-to's I could find on google were such as: http://www.generationip.com/documentation/network-documentation/93-howto-setup-multiple-default-gateway-on-linux Where they use iproute2 so a single router/computer can switch between two internet links. While I can undersand this scenario, the single computer becomes a single point of failure. I don't want to setup a cluster using heartbeat, cluster suite and similars just to provide a router failover. It looks overkill. Other problem, all iproute2 samples I find thave those two gateways on different subnets and use the source address to route properly and avoid problems like onion routing. I'd like to have two routers/computers on the same subnet, each one connected to it's own internet link, and have the network computers switch from the main one to the contingency one when needed. So a computer would have two default gateways on the same subnet. I can't find how to change the iproute2 samples setup so the gateways can be on the same subnet and everything works. I allways end up having all traffic going though one link and when it fails I loose internet connectivity. Each of your routers is a single point of failure at the moment because both the internet connection and the router connected to it can go down at the same time. To avoid a single point of failure, you would need to connect each router to each internet connection. Add to that a way to remotely configure which gateway to use on the computers on the LAN. Then establish communication between the routers so that they can agree upon which of them configures itself as the gateway for the computers on the LAN, considering that either of the routers and either of the internet connections my be down. Such a solution probably already exists ... For a simple solution, you could set up each of the routers to be connected to both internet connections and to be able to switch between between them, and to act as a gateway. In case the router goes down (How often does that happen?), just manually plug the spare one in instead. The shorewall documentation describes a setup that might be useful for you, see http://www.shorewall.net/MultiISP.html -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: System fonts are all messed up ????
Steve linuxguy...@gmail.com writes: On 11/10/2012 10:11 AM, Steve wrote: F16 install, KDE, fully up to date. Did an upgrade to F17 via the F17 DVD. Now all the system fonts are messed up, size wise. All of them are way too large. On the session login screen, for example, the font size in the Username and Password fields are so big that the letters overflow the height of the box. This problem exists everywhere in the session where system fonts are used. Application fonts seem to be fine and are easily adjusted with KDE-System Settings- Application Appearance - Fonts. I cannot figure out where to adjust the size of the system fonts. I have half a dozen Linux systems running F17, all upgraded via the DVD and this is the only one with this problem. What do I do to fix this issue ? Thanks in advance. Does anyone have ANY ideas on this issue ? Not really, only I've seen today that there is /etc/X11/Xresources which has some entries towards font sizes: , | ! This is the global resources file that is loaded when | ! all users log in, as well as for the login screen | | ! Fix the Xft dpi to 96; this prevents tiny fonts | ! or HUGE fonts depending on the screen size. | ! Xft.dpi: 96 | | ! hintstyle: medium means that (for Postscript fonts) we | ! position the stems for maximum constrast and consistency | ! but do not force the stems to integral widths. hintnone, | ! hintslight, and hintfull are the other possibilities. | ! Xft.hintstyle: hintmedium | ! Xft.hinting: true ` I commented them out because I'm using fontconfig settings and the X server seems to figure out the DPI correctly by default. I haven't tested yet what difference it makes. Anyway, the DPI setting might make a difference for you. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: network manager has gone crazy
Tim ignored_mail...@yahoo.com.au writes: Tim: If using Gnome, there's a desktop taskbar icon for NetworkManager, it lets you pick a network out of a list of available networks (if there are several to choose from), and there's an edit connections menu item to customise particular choices. They could be fully automatic (the client is remotely set by a DHCP server), or you can choose to allow some things to be set by a DHCP server, other things to be manually set, or everything manually set. lee: I'm not using gnome. These so-called desktop-environments aren't doing anything for me but getting in the way. Well, what are you using? Command line, a light weight GUI, something else? Letting us know will help you get better replies. I'm running an X-session started with 'startx' and either fvwm or i3 as window manager. There does appear to be some NetworkManager interface through the command line. Dunno whether it's going to be of any use to you, though. Hm I didn't find out what it is yet. As may have been pointed out in this thread, but definitely in the past, NetworkManager is probably not be suitable for servers. It is geared towards having something else configure your network, usually a server is self-configured, or at least the central server is (the one everything else relies on). It's a very strange idea that something else should configure the network. Anyway, I still want to know, even with networkmanager disabled. It doesn't hurt to learn something new :) I have to admit I'm intrigued to find out what would happen if you ran a DHCP server on a machine with NetworkManager handling the network interfaces. But not sufficiently to try it out, at 2:30 in the morning. It probably won't work because there won't be any network interfaces configured the DHCP server could use to receive broadcasts and send answers so that networkmanager could configure such interfaces. Regarding trying to find its configuration files, I would have tried something like: locate -i networkmanager |grep etc Of course I used tab comletion in the shell for /etc/network at first, and that doesn't show up anything about networkmanager. Like I said before, it's just braindead to name it /etc/NetworkManager rather than /etc/networkmanager. I don't use 'locate' a lot because it's hard to say what it can possibly find --- I made that experience a long time ago. I did use find, and I'd never have thought that someone would use capital letters when naming the files. I can't help it, I always underestimate peoples stupidity. -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: locale settings
Tim ignored_mail...@yahoo.com.au writes: Is anyone else using Fedora in Australia and noticed that locale settings aren't what they ought to be? Specifically that the system locale, despite being set up during post-installation, was on a US setting. And that personal locales inherit that, and each logon needs manually setting to Australian. And that applications that print need manually setting to A4, instead of already being preset to A4 by the locale (or even not preselecting from the printer settings). What is the equivalent of Debians 'dpkg-reconfigure locale' in Fedora? And btw, what's Fedoras equivalent of apt-file? -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: genkey segfaults when creating new cert
Hi, It won't accept an empty password. How do I create a key without a password so I don't have to enter it every time I restart apache? Use the decrypted key in your Apache configuration as follows: # Point to the PEM-encoded certificate and private key SSLCertificateFile /etc/httpd/conf/ssl.crt/www.example.com.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.example.com.key.unsecure Awesome, thanks. it works great. Not sure how I missed that. I remembered it having been done another way. Thanks again, Alex -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
Robert Moskowitz r...@htt-consult.com writes: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. THe other problem you have with your UPS is that it doesn't take standard size batteries. The more modern units take standard 9ah 12v cells that can be had mail order for around $25 per cell. My APC Backups RS-1500 takes two of them. I could get another APC 1400, but part of the reason it died was I was not monitoring it to note a battery had failed. And I was not monitoring it because it uses serial connection for the monitoring system. So I am looking at what I might get with a USB monitoring port, either APC or TrippLite and what software would work on Fedora. I'm happy with my unit. It has a USB connection and it works well with Fedora and BSD using apcupsd. The ~865 watts is 3x more than I need, but it is nice not to beat on the batteries too much. At 1/3 load the unit runs like 10x longer. The modern version of what looks like the same product is APC Backups Pro 1500. Just like my version, if you need more runtime you can add an external battery pack (BR24BPG) which triples your battery capacity for an ungodly amount of run time. (I have this unit and it is a blast to continue to work for close to two hours after a power failure.) -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
On 11/13/2012 11:54 AM, Bob Goodwin - Zuni, Virginia, USA issued this missive: On 13/11/12 14:32, Rick Stevens wrote: Is there a better way to test? Format is options timeout:1 attempts:1, and I'd move it above the nameserver lines. Good, I've changed resolv.conf: [bobg@box7 ~]$ cat /etc/resolv.conf # Generated by NetworkManager options timeout:1 attempts:1 nameserver 127.0.0.1 nameserver 192.168.1.1 nameserver 184.63.128.68 It appears to be working very well observing the information in the Firefox display. Certainly no trace of the problems I had this weekend, but then it appears Viasat has fixed whatever broke. Glad to help. Yes, it's not clear, but the resolv.conf is read each time the library is invoked and I think the options line affects things after it in the file. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - Let us think the unthinkable. Let us do the undoable. Let us - - prepare to grapple with the ineffable itself, and see if we may - - not eff it up after all. - - -- Douglas Adams - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: UPS monitoring software and APC and Tripp lite UPSs
Fernando Cassia fcas...@gmail.com writes: On Mon, Nov 12, 2012 at 10:31 PM, Robert Moskowitz r...@htt-consult.com wrote: Well my APC smart1400 has died, shorted battery. So I am in the market for a new unit. And replacing the battery is impossible because? I was about to suggest a replacement battery too. The problem is those old APC units used weird batteries and the replacement cost of that battery is ~$150. It is cheaper to just get a more modern unit that uses 2x $25 replacement batteries. The difference between a USB unit and a serial unit is significant. The serial control is very limited and a controlled automatic shutdown with an automatic reboot is problematic. I used to have a serial unit and unattended use was problematic. -wolfgang -- g+: https://plus.google.com/114566345864337108516/about -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: locale settings
On 11/13/2012 06:27 PM, lee wrote: Tim ignored_mail...@yahoo.com.au writes: Is anyone else using Fedora in Australia and noticed that locale settings aren't what they ought to be? Specifically that the system locale, despite being set up during post-installation, was on a US setting. And that personal locales inherit that, and each logon needs manually setting to Australian. And that applications that print need manually setting to A4, instead of already being preset to A4 by the locale (or even not preselecting from the printer settings). What is the equivalent of Debians 'dpkg-reconfigure locale' in Fedora? And btw, what's Fedoras equivalent of apt-file? F18 has changed in this regard, now it uses localectl. In F17 I think it was setup with system-config-something What's apt-file? -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: firewall configuring
On Tue, 13 Nov 2012 11:00:39 -0800 Rick Stevens ri...@alldigital.com wrote: On 11/13/2012 10:30 AM, Frank Murphy issued this missive: On Tue, 13 Nov 2012 17:47:43 +0100 Gabriele Trombini mai...@fedoraonline.it wrote: Try: $ firewall-config That is one of the firewalld pkgs, not available in F17, F18+ firewalld is available for F17: Available Packages firewalld.noarch 0.2.5-1.fc17 fedora I said one of the firewalld pkgs. There's 3 of them. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: locale settings
On 11/13/2012 07:42 PM, Sergio wrote: On 11/13/2012 06:27 PM, lee wrote: Tim ignored_mail...@yahoo.com.au writes: Is anyone else using Fedora in Australia and noticed that locale settings aren't what they ought to be? Specifically that the system locale, despite being set up during post-installation, was on a US setting. And that personal locales inherit that, and each logon needs manually setting to Australian. And that applications that print need manually setting to A4, instead of already being preset to A4 by the locale (or even not preselecting from the printer settings). What is the equivalent of Debians 'dpkg-reconfigure locale' in Fedora? And btw, what's Fedoras equivalent of apt-file? F18 has changed in this regard, now it uses localectl. In F17 I think it was setup with system-config-something What's apt-file? If apt-file is to search for a file in a package then have a look at rpm's options. Also 'repoquery -l' (yum-utils). -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Multiple default routes, same subnet
pfSense is an excellent solution for your needs. We've used it for years with multiple ISPs (some years back and it worked very well for us. pfSense is free and runs FreeBSD at its core with pf from OpenBSD. Nice GUI for setting everthing up and can even run in redundant mode if you have multiple pfSense boxes. Hope this helps, Frank On Tue, Nov 13, 2012 at 1:59 PM, lee l...@yun.yagibdah.de wrote: Fernando Lozano ferna...@lozano.eti.br writes: Hi, I have two internet links, from different ISPs for my office network, each one with it's own router (which is a linux PC) so I don't loose internet connectivity easily. One ISP has a much higher bandwitch, so usually all my computers use it as the default gateway. The other one is intended as a contingency link. Today I have to manually change the default gateway on all computers when the main link goes down. I want an automated way to do this. All how-to's I could find on google were such as: http://www.generationip.com/documentation/network-documentation/93-howto-setup-multiple-default-gateway-on-linux Where they use iproute2 so a single router/computer can switch between two internet links. While I can undersand this scenario, the single computer becomes a single point of failure. I don't want to setup a cluster using heartbeat, cluster suite and similars just to provide a router failover. It looks overkill. Other problem, all iproute2 samples I find thave those two gateways on different subnets and use the source address to route properly and avoid problems like onion routing. I'd like to have two routers/computers on the same subnet, each one connected to it's own internet link, and have the network computers switch from the main one to the contingency one when needed. So a computer would have two default gateways on the same subnet. I can't find how to change the iproute2 samples setup so the gateways can be on the same subnet and everything works. I allways end up having all traffic going though one link and when it fails I loose internet connectivity. Each of your routers is a single point of failure at the moment because both the internet connection and the router connected to it can go down at the same time. To avoid a single point of failure, you would need to connect each router to each internet connection. Add to that a way to remotely configure which gateway to use on the computers on the LAN. Then establish communication between the routers so that they can agree upon which of them configures itself as the gateway for the computers on the LAN, considering that either of the routers and either of the internet connections my be down. Such a solution probably already exists ... For a simple solution, you could set up each of the routers to be connected to both internet connections and to be able to switch between between them, and to act as a gateway. In case the router goes down (How often does that happen?), just manually plug the spare one in instead. The shorewall documentation describes a setup that might be useful for you, see http://www.shorewall.net/MultiISP.html -- Fedora 17 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Make an existing user part of Administrators
Heh. I just remember back when I was a grad student using UNIX, wheel *was* root, was in the /etc/passwd file, and there was no such thing as root. I swear I distinctly remember running an IRIX network back in the 90s when root was no longer wheel but suddenly became root, and wheel was all passe. In all these years, I never had occasion to notice that while wheel disappeared from /etc/passwd, it stayed in /etc/group. Now that I think about it, I guess I never set up a user account with root privileges. There was just root and users who could sudo. But then, a lot of things have changed. When I started grad school, I remember the Chair advising the first year students on how to learn good programming. He told us Find a PhD student you really admire and poke around in his home account to find stuff he is coding. Copy it to your home directory and study it. It's OK, anything anybody doesn't want looked at should be copied to the personal directory. And, sure enough, *all* of the student, staff, and faculty home directories were globally readable. You could change your permissions on your home acct, but it was considered antisocial. If I looked hard enough, I could probably find old code by a bunch of nowadays-senior NVIDIA folk in my backups from when we were in grad school together -- if I could find a 9-track tape reader somewhere. I guess the wheel group was of those old-timey things I assumed had changed, but never did. billo On Tue, 13 Nov 2012, Matthew Miller wrote: On Tue, Nov 13, 2012 at 04:10:02PM +, Bill Oliver wrote: From the documentation, (http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/sn-firstboot-systemuser.html ) it seems that checking on administrator just puts the user in the wheel group. It just does that, *but*, many things in the distribution, including sudo, consolehelper, and policykit, are configured to understand that this means that the user is an admin. Odd -- I thought wheel had been deprecated years ago, and was kept in only for backwards compatibility. Who knew. Many people? :) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: network manager has gone crazy
On Tue, 13 Nov 2012 20:44:04 +0100 lee l...@yun.yagibdah.de wrote: Tim ignored_mail...@yahoo.com.au writes: There does appear to be some NetworkManager interface through the command line. Dunno whether it's going to be of any use to you, though. Hm I didn't find out what it is yet. man nmcli man nm-tool man nm-online man NetworkManager man NetworkManager.conf If you prefer a GUI to control NetworkManager, you probably want to yum install NetworkManager-gnome and start nm-applet utility, which should land in your system-tray/dock/whatever, and from where you can do everything else. As may have been pointed out in this thread, but definitely in the past, NetworkManager is probably not be suitable for servers. It is geared towards having something else configure your network, usually a server is self-configured, or at least the central server is (the one everything else relies on). It's a very strange idea that something else should configure the network. Why do you consider such a scenario to be strange? The dhcp was invented for precisely this purpose. It is widely used on laptops and other mobile devices, in homeoffice environments for desktops, etc. Typically only servers need to have a static IP. And even that can be remote-configured by the dhcp server. In fact, the dhcp server itself is the only one requiring a static manually-configured IP. Everything else can be configured by a remote dhcp server. Anyway, I still want to know, even with networkmanager disabled. It doesn't hurt to learn something new :) I have to admit I'm intrigued to find out what would happen if you ran a DHCP server on a machine with NetworkManager handling the network interfaces. But not sufficiently to try it out, at 2:30 in the morning. It probably won't work because there won't be any network interfaces configured the DHCP server could use to receive broadcasts and send answers so that networkmanager could configure such interfaces. The dhcp server requires a NIC with a static IP (it cannot serve itself). If NetworkManager is configured so that it assigns a static IP to that particular interface, dhcp will be happy, and everything will work well. It can even serve the IPs for other NICs on the same machine (if any are present), and NetworkManager will pick those up and configure them, if they are set up to use dhcp... ;-) Regarding trying to find its configuration files, I would have tried something like: locate -i networkmanager |grep etc I doubt that in normal circumstances one would ever need to manually edit files in /etc/NetworkManager/. All configuration files that are related to the actual network interfaces (used by NM) are in /etc/sysconfig/network-scripts/, among which the most interesting are the ifcfg-* files. Those are probably the only files that one could be motivated to hand-edit. At least in normal circumstances, and in the absence of a GUI utility. HTH, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: network manager has gone crazy
Oops, sorry, I forgot to answer this part... On Tue, 13 Nov 2012 20:44:04 +0100 lee l...@yun.yagibdah.de wrote: Of course I used tab comletion in the shell for /etc/network at first, and that doesn't show up anything about networkmanager. Like I said before, it's just braindead to name it /etc/NetworkManager rather than /etc/networkmanager. I don't use 'locate' a lot because it's hard to say what it can possibly find --- I made that experience a long time ago. I did use find, and I'd never have thought that someone would use capital letters when naming the files. I can't help it, I always underestimate peoples stupidity. The most famous traditional capital-lettered files are (IMHO): /usr/bin/Xorg /etc/X11/ /var/log/Xorg.0.log Next on the list are /etc/ImageMagick/, /etc/NetworkManager/, /etc/PackageKit/, and so on... By the way, I find it very braindead to search for documentation or configuration on NetworkManager, and not ever try the obvious man networkmanager. And the man is even case-insensitive, for your convenience. In addition, in the SEE ALSO section it points you to read the man networkmanager.conf, which in turn tells you the exact path to the configuration files at the very top of the document. HTH, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Amarok
On Tue, 2012-11-13 at 16:55 +0200, jarmo wrote: Hi Just tried to testplay one mp3 with Amarok. No worky. Require MPEG 1 layer 3 plugin. I have installed all good, bad and ugly :) plugins for Gstreamer, but when trying to play, poup says, that it can't find MPEG 1 layer 3 decoder. Trying to use packagekit to install it, no worky. F17 and all possible updates done. Any idea? Jarmo Are you sure you're using the Gstreamer backend in Phonon? Look at System Settings-Multimedia-Phonon-Backend poc -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Bob Goodwin: The only way I have to judge time is watching the bottom of the Firefox display where it tells me it's Looking up an address and doing a number of reloads on a complex page It's hard to test DNS activity using Firefox, as it does its own caching. To make it look up the same address, again, you need to completely quit all instances of the browser program (i.e. close *all* Firefox windows, not just the one you're looking at). -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Fedora 17: Auto configuring wireless networks in Network Manager on first boot
Hi, How do i configure wireless networks in NetworkManager during install time so that the user don't have to configure it manually. I tried to drop in the file ifcfg-networkname in /etc/sysconfig/network-scripts/, but Network Manager keeps asking me to configure the network myself despite the presence of the configuration file. Here is my ifcfg-networkname file looks like HWADDR=xx:xx:xx:xx:xx ESSID=networkname MODE=Managed KEY_MGMT=WPA-EAP SECURITYMODE=open TYPE=Wireless IEEE_8021X_EAP_METHODS=PEAP IEEE_8021X_IDENTITY=username IEEE_8021X_PASSWORD_FLAGS=ask IEEE_8021X_INNER_AUTH_METHODS=GTC BOOTPROTO=dhcp DEFROUTE=yes PEERDNS=yes PEERROUTES=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPV6_FAILURE_FATAL=no IPV6_PRIVACY=rfc3041 NAME=mynetworkname UUID=cbb10c64-e609-4dcf-b554-7343cb791eae ONBOOT=yes Does network manager do anything other than generating this file when the user configures a wireless network? PS: Reposing in users list -- Arun S A G http://zer0c00l.in/ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: DNS problems this morning -
Allegedly, on or about 13 November 2012, Rick Stevens sent: It may have to be above the nameserver specifications: domain blah search blah options attempts:1 timeout:2 nameserver blah nameserver blah In other words, it may only take effect from the time it's seen in the file. If you put it at the end, it has no effect. Not sure about that, but give it a whirl. I was only trying out the rotate option, but it makes no difference where it is in the file, as far my tests with the dig and nslookup commands, go. It may well be that *they* read the resolv.conf file in their own manner, only looking for nameserver lines. Short of reading through the nameserver logs, I can't think of another tool to test with that tells me which nameserver answered its query. I'll try that later on. -- [tim@localhost ~]$ uname -rsvp Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org