Re: Fedora 17: Auto configuring wireless networks in Network Manager on first boot

[Suvayu Ali]

On Wed, Nov 14, 2012 at 02:04:09PM +0100, lee wrote:
> 
> > Here is my ifcfg-networkname file looks like
> 
> Shouldn't the file be named for the interface, like ifcfg-em1?
> 

No, it is the network name.  You can have different network settings for
the same network device and save them with different network names.

> > HWADDR=xx:xx:xx:xx:xx
> > ESSID="networkname"
> > MODE=Managed
> > KEY_MGMT=WPA-EAP
> > SECURITYMODE=open
> > TYPE=Wireless
> > IEEE_8021X_EAP_METHODS=PEAP
> > IEEE_8021X_IDENTITY=
> > IEEE_8021X_PASSWORD_FLAGS=ask
> > IEEE_8021X_INNER_AUTH_METHODS=GTC
> > BOOTPROTO=dhcp
> > DEFROUTE=yes
> > PEERDNS=yes
> > PEERROUTES=yes
> > IPV4_FAILURE_FATAL=no
> > IPV6INIT=yes
> > IPV6_AUTOCONF=yes
> > IPV6_DEFROUTE=yes
> > IPV6_PEERDNS=yes
> > IPV6_PEERROUTES=yes
> > IPV6_FAILURE_FATAL=no
> > IPV6_PRIVACY=rfc3041
> > NAME=
> > UUID=cbb10c64-e609-4dcf-b554-7343cb791eae
> > ONBOOT=yes
> >
> > Does network manager do anything other than generating this file when the
> > user configures a wireless network?
> 
> Networkmanager seems to have and to use its own configuration in
> /etc/NetworkManager and may disagree with the ifcfg-* files, so if you
> want to use networkmanager, you're better off using its configuration
> tools rather than editing the files used by the network.service.
> 

I believe what you say above is wrong.  NM respects the ifcfg-* scripts
as it should.  What the OP is missing is this line:

  USERCTL=no

When using the gui, this can be enabled by ticking the box "Available to
all users" at the bottom left.

The keys for excrypted connections are also kept in the same directory
in a file named keys-.

> Networkmanager also messes with /etc/resolv.conf.  Just dropping an
> ifcfg-* file into /etc/sysconfig/network-scripts or editing one isn't
> sufficient because networkmanager doesn't understand from that what you
> are trying to achieve.
> 

I have seen several posts about this lately, and it is all because users
are complaining prematurely before looking.  I have setup OpenDNS in the
past rather easily.  You have to add the DNS server information to the
"Additional DNS servers" field when using DHCP or the "DNS servers"
field when using "DHCP for addresses only".  I do not remeber the exact
lines for the ifcfg scripts but it should be something like this:

  DNS1=208.67.222.222
  DNS2=208.67.220.220

Hope this helps.

-- 
Suvayu

Open source is the future. It sets us free.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

nVidia support and due diligence failure

[Ed Greshko]

I had to replace my video card as it was causing system crashes and finally 
died.  My old card had a GT 230 chip.  I check and brought 
http://nouveau.freedesktop.org/wiki/CodeName with me shopping.  I noted that my 
card was in the NV50 family.  This seems to have good support and I had not 
problems.  So, I figured I'd a new card in the same family.

I got a GT215/GT240.  Imagine my surprise when it hung on booting into 
graphical mode with the Fedora Icon displayed.  The /var/log/messages file 
shows lots of

Nov 15 13:55:26 meimei kernel: [   69.226738] [drm] nouveau :01:00.0: 
PGRAPH TLB flush idle timeout fail: 0x011fde03 0x00145b4d 0x002d 0x0034db40
Nov 15 13:55:34 meimei kernel: [   75.562699] [drm] nouveau :01:00.0: 
Failed to idle channel 2.

messages.

Anyway, I really need to get my system up and running so I just installed 
kmod-nvidia from rpmfusion and had done with it.

I thought I did all I needed to do to come out with a working system running 
nouveau.  Either I missed something or buying the right nVidia card supported 
by nouveau is hit or miss.  Yes, I know there is no love lost between "Linux" 
and nVidia.


-- 
Programming today is a race between software engineers striving to build bigger 
and better idiot-proof programs, and the Universe trying to produce bigger and 
better idiots. So far, the Universe is winning. -- Rick Cook, The Wizardry 
Compiled
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: NetworkManager-resolv.conf -

[Zind]

On Wed, Nov 14, 2012 at 10:20:37AM -0500, Bob Goodwin - Zuni, Virginia, USA 
wrote:
> 
>How can I tell NetworkManager not to change my /etc/resolv.conf file
>or do I need to just stop using NM? These are fixed F-17/64
>computers and I use NM simply because it's there and works, however
>I want to change the dns settings and not have them over written. I
>don't see how it can be done with the edit GUI menu that comes up
>when I click on the NM icon.
> 

Well, I just simply:
sudo chattr +i /etc/resolv.conf
So far so good.

P.S.
I have already seen quite a lot posts about this NetworkManager issue
on serveral mailing lists.
So, maybe NetworkManager should change the way it works? I'm not sure.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Bridge LAN and WiFi interfaces

[Frank Pikelner]

Hello,

I'm running a couple of Lenovo T410 with Fedora 16 and 17. The laptops are
generally connected via LAN or WiFi to the same subnet (typically same DHCP
address).

Is there a way to bridge both the LAN and Wifi interfaces so that the
communication is done using the bridge and serviced by either interface
that is currently active?

I'm using the default Network Manager and mostly use the laptops for
working and testing KVM with virtual hosts.

Thanks,

Frank
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: NetworkManager-resolv.conf -

[Jorge Fábregas]

On 11/14/2012 03:11 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
>   I am open to advice ...

You need to specify these in /etc/sysconfig-network-scripts/ifcfg-eth0
(or your interface):

DNS1="xx.xx.xx.xx"
DNS2="xx.xx.xx.xx"
SEARCH="yourdomain.com"

Then you'll see them in /etc/resolv.conf once you restart the network
service. (make sure you have  BOOTPROTO=NONE)

HTH,
Jorge

p.d. I'm using rusty F14 (hope it's still the same these days).
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: OT: Apple patents rectangle

[Jack Craig]

it has us scratching full time and worse, ...  [?]

On Wed, Nov 14, 2012 at 1:49 PM, Christopher Svanefalk <
christopher.svanef...@gmail.com> wrote:

> I love you Americans, but your legal system has us poor Europeans doing a
> whole lot of headscratching some times.
>
> Best,
>
> Christopher Svanefalk
> mob: +46762628251
> skype: csvanefalk
>
>
>
> On Wed, Nov 14, 2012 at 10:26 PM, Frank Murphy wrote:
>
>> Rectangle sounded more outrageous though.
>>
>> I actually have an android tabled in that shape.
>>
>> Frank
>>
>> --
>> Karlson's Theorem of Snack Food Packages:
>> For all P, where P is a package of snack food, P is a
>> SINGLE-SERVING package of snack food.
>>
>> Gibson the Cat's Corrolary:
>> For all L, where L is a package of lunch meat, L is Gibson's
>> package of lunch meat.
>>  --
>> users mailing list
>> users@lists.fedoraproject.org
>> To unsubscribe or change subscription options:
>> https://admin.fedoraproject.org/mailman/listinfo/users
>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>> Have a question? Ask away: http://ask.fedoraproject.org
>>
>
>
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
>
<<1B2.png>>-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: OT: Apple patents rectangle

[Christopher Svanefalk]

I love you Americans, but your legal system has us poor Europeans doing a
whole lot of headscratching some times.

Best,

Christopher Svanefalk
mob: +46762628251
skype: csvanefalk



On Wed, Nov 14, 2012 at 10:26 PM, Frank Murphy  wrote:

> Rectangle sounded more outrageous though.
>
> I actually have an android tabled in that shape.
>
> Frank
>
> --
> Karlson's Theorem of Snack Food Packages:
> For all P, where P is a package of snack food, P is a
> SINGLE-SERVING package of snack food.
>
> Gibson the Cat's Corrolary:
> For all L, where L is a package of lunch meat, L is Gibson's
> package of lunch meat.
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: OT: Apple patents rectangle

[Frank Murphy]

Rectangle sounded more outrageous though.

I actually have an android tabled in that shape.

Frank

-- 
Karlson's Theorem of Snack Food Packages:
For all P, where P is a package of snack food, P is a
SINGLE-SERVING package of snack food.

Gibson the Cat's Corrolary:
For all L, where L is a package of lunch meat, L is Gibson's
package of lunch meat.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Can't change resolution in VNC on F17

[Thomas Cameron]

On 11/12/2012 05:17 AM, lee wrote:
> Thomas Cameron  writes:
> 
>> Howdy -
>>
>> Following the instructions at
>> http://zeusville.wordpress.com/2012/01/27/setting-up-vncserver-on-fedora-16/,
>> I changed my /usr/lib/systemd/system/vncserver@.service file so it looks
>> like:
>>
>> [Unit]
>> Description=Remote desktop service (VNC)
>> After=syslog.target network.target
>>
>> [Service]
>> Type=forking
>> ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
>> ExecStart=/sbin/runuser -l tcameron -c "/usr/bin/vncserver %i -geometry
>> 1024x768"
>> ExecStop=/sbin/runuser -l tcameron -c "/usr/bin/vncserver -kill %i"
>>
>> [Install]
>> WantedBy=multi-user.target
>>
>> But no matter what I do, the resolution seems to be stuck at the native
>> resolution of the laptop I'm connecting to, 1600x900.
>>
>> How the heck do I change the resolution to something else?
> 
> You probably need to change the resolution on the host you are
> connecting to, not on the client.

That's exactly what I said: "But no matter what I do, the resolution
seems to be stuck at the native resolution of the laptop I'm connecting
to, 1600x900." Note that I said the laptop I'm connecting *to* - not the
one I'm connecting from.

> You don't need a vnc server on the client. Just install tigervnc and run
> 'vncviewer' on the client to connect to the server on the laptop.

Yeah, I get that. As I said, the configuration file I modified above is
the one on the system to which I am connecting - the vnc server, if you
will.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: OT: Apple patents rectangle

[Christopher Svanefalk]

"The ornamental design for a portable display device, as shown and
described."

To be fair, I believe the actual patent is for the look-and-feel for the
tablet itself, not the shape.

Best,

Christopher Svanefalk
mob: +46762628251
skype: csvanefalk



On Wed, Nov 14, 2012 at 5:49 PM, Frank Murphy  wrote:

>
> http://www.uspto.gov/web/patents/patog/week45/OG/html/1384-1/USD0670286-20121106.html
>
> --
> I have a rock garden.  Last week three of them died.
> -- Richard Diran
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: NetworkManager-resolv.conf -

[Bob Goodwin - Zuni, Virginia, USA]

On 14/11/12 13:05, Rick Stevens wrote:

It's better to disable networkmanager then.  It seems to be more a tool
for ever changing connections used with dhcp.  In a fixed setup, you
don't need it, and disabling it saves you the process constantly
running.

Other than that, you could change the "NM_CONTROLLED=yes" entry to
"NM_CONTROLLED=no" in the ifcfg-* files for your interfaces. That
/should/ stop networkmanager from overwriting resolv.conf ... somehow I
have doubts that it actually would without further ado.


Actually, I think you can do "PEERDNS=no" in the /etc/sysconfig/network
file prevent overwriting the resolv.conf file. If you do that, then
remove any "PEERDNS" lines from the ifcfg-* files (or they'll override
the setting when they're invoked). 



   Before changing the immutable bit I was getting

   [bobg@box7 ~]$ cat /etc/resolv.conf
   # Generated by NetworkManager


   # No nameservers found; try putting DNS servers into
   your
   # ifcfg files in /etc/sysconfig/network-scripts like
   so:
   #
   # DNS1=xxx.xxx.xxx.xxx
   # DNS2=xxx.xxx.xxx.xxx
   # DOMAIN=lab.foo.com bar.foo.com

   With PEERDNS=no

   Since setting chattr +i /etc/resolv.conf I can set PEERDNS=no  and
   it holds through NM stop/start via the desktop icon menu.

   [root@box7 bobg]# cat /etc/resolv.conf
   # Generated by NetworkManager
   options timeout:1 attempts:1
   nameserver 127.0.0.1
   nameserver 192.168.1.1

   So setting PEERDNS=no alone is not enough. Certainly what I've done
   is the simplest, if it works, and so far it looks like it does. I
   didn't know how to put the options into
   /etc/sysconfig/network-scripts. Perhaps that's what should be done?
   I am open to advice ...

   Bob

--
http://www.qrz.com/db/W2BOD

box7

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Phonon GST/XINE (was Amarok)

[jarmo]

Wed, 14 Nov 2012 12:38:52 -0600
Rex Dieter  kirjoitti:


> 
> Or use rpmfusion.org, see also:
> http://amarok.kde.org/wiki/MP3_on_Fedora_Core
> http://www.fedorafaq.org/#mp3
> 
> assuming the matter was about codecs, which wasn't specifically
> mentioned in your original post.
> 
> -- rex
> 

They were mentioned, Good,Bad,UGLY, all what related to GST
And yes installed, all

Jarmo
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: genkey segfaults when creating new cert

[Matthew J. Roth]

Alex wrote:

> Awesome, thanks. it works great. Not sure how I missed that. I
> remembered it having been done another way.


I'm glad I could help.  There's probably more than one way to do it,
but that's the way I know.

There's one last thing I should point out.  Make sure that you protect
the certificate and private key by setting the file ownership and
access permissions as restrictive as possible.  Here's what works on
my servers:

  # tree -pug /etc/httpd/conf/ssl.{crt,key}/
  /etc/httpd/conf/ssl.crt
  `-- [-r--r- root apache  ]  www.example.com.crt
  /etc/httpd/conf/ssl.key
  |-- [-r root apache  ]  www.example.com.key
  `-- [-r root apache  ]  www.example.com.key.unsecure
  
  0 directories, 3 files

Regards,

Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Phonon GST/XINE (was Amarok)

[Rex Dieter]

Rex Dieter wrote:

> jarmo wrote:
> 
>> Wed, 14 Nov 2012 10:50:43 +0200
>> jarmo  kirjoitti:
>> 
>>> It seems, that problems leads into phonon-gst combination. Seem also,
>> 
>> OK, now solved with
>> http://www.fluendo.com/shop/product/fluendo-mp3-decoder/
> 
> Or use rpmfusion.org, see also:
> http://amarok.kde.org/wiki/MP3_on_Fedora_Core
> http://www.fedorafaq.org/#mp3
> 
> assuming the matter was about codecs, which wasn't specifically mentioned
> in your original post.

Ah, *did* find your other post outside of this thead, and mp3 indeed was the 
topic.  

-- rex

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Phonon GST/XINE (was Amarok)

[Rex Dieter]

jarmo wrote:

> Wed, 14 Nov 2012 10:50:43 +0200
> jarmo  kirjoitti:
> 
>> It seems, that problems leads into phonon-gst combination. Seem also,
> 
> OK, now solved with
> http://www.fluendo.com/shop/product/fluendo-mp3-decoder/

Or use rpmfusion.org, see also:
http://amarok.kde.org/wiki/MP3_on_Fedora_Core
http://www.fedorafaq.org/#mp3

assuming the matter was about codecs, which wasn't specifically mentioned in 
your original post.

-- rex

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

[Solved] System fonts are all messed up ????

[Steve]

On 11/10/2012 10:11 AM, Steve wrote:

F16 install, KDE, fully up to date.

Did an upgrade to F17 via the F17 DVD.

Now all the system fonts are messed up, size wise.  All of them are 
way too large.


On the session login screen, for example, the font size in the 
Username and Password fields are so big that the letters overflow the 
height of the box.


This problem exists everywhere in the session where system fonts are 
used.


Application fonts seem to be fine and are easily adjusted with 
KDE->System Settings-> Application Appearance -> Fonts.


I cannot figure out where to adjust the size of the system fonts.

I have half a dozen Linux systems running F17, all upgraded via the 
DVD and this is the only one with this problem.


What do I do to fix this issue ?

Thanks in advance.

The problem lie in my /etc/X11/xorg.conf file.

Initially it contained the following to use the proprietary nvidia driver.

# RPM Fusion - nvidia-xorg.conf
#
Section "Device"
Identifier  "Videocard0"
Driver  "nvidia"
EndSection

Adding   Option "DPI" "96 x 96"  fixed my font problem.   All is 
well again.




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: NetworkManager-resolv.conf -

[Rick Stevens]

On 11/14/2012 09:44 AM, lee issued this missive:

"Bob Goodwin - Zuni, Virginia, USA"  writes:


How can I tell NetworkManager not to change my /etc/resolv.conf file
or do I need to just stop using NM? These are fixed F-17/64
computers and I use NM simply because it's there and works, however
I want to change the dns settings and not have them over written. I
don't see how it can be done with the edit GUI menu that comes up
when I click on the NM icon.


It's better to disable networkmanager then.  It seems to be more a tool
for ever changing connections used with dhcp.  In a fixed setup, you
don't need it, and disabling it saves you the process constantly
running.

Other than that, you could change the "NM_CONTROLLED=yes" entry to
"NM_CONTROLLED=no" in the ifcfg-* files for your interfaces.  That
/should/ stop networkmanager from overwriting resolv.conf ... somehow I
have doubts that it actually would without further ado.


Actually, I think you can do "PEERDNS=no" in the /etc/sysconfig/network
file prevent overwriting the resolv.conf file. If you do that, then
remove any "PEERDNS" lines from the ifcfg-* files (or they'll override
the setting when they're invoked).
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 -
--
--
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: [389-users] segfault while moving entry to non-existent LDAP container

[Vladimir Elisseev]

Here is the full stacktrace of this segfault: http://pastebin.com/ReqQU3mM

Regards,
Vlad.




--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: NetworkManager-resolv.conf -

[Matthew Miller]

On Wed, Nov 14, 2012 at 10:20:37AM -0500, Bob Goodwin - Zuni, Virginia, USA 
wrote:
> How can I tell NetworkManager not to change my /etc/resolv.conf file or do
> I need to just stop using NM? These are fixed F-17/64 computers and I use
> NM simply because it's there and works, however I want to change the dns
> settings and not have them over written. I don't see how it can be done
> with the edit GUI menu that comes up when I click on the NM icon.

I think changing the IPv4 settings from "Method: Automatic (DHCP)" to
"Method: Automatic (DHCP) addresses only" should do it.

Unfortunately, I don't know of a simple way to make this the default.

-- 
Matthew Miller  ☁☁☁  Fedora Cloud Architect  ☁☁☁  
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: NetworkManager-resolv.conf -

[lee]

"Bob Goodwin - Zuni, Virginia, USA"  writes:

>How can I tell NetworkManager not to change my /etc/resolv.conf file
>or do I need to just stop using NM? These are fixed F-17/64
>computers and I use NM simply because it's there and works, however
>I want to change the dns settings and not have them over written. I
>don't see how it can be done with the edit GUI menu that comes up
>when I click on the NM icon.

It's better to disable networkmanager then.  It seems to be more a tool
for ever changing connections used with dhcp.  In a fixed setup, you
don't need it, and disabling it saves you the process constantly
running.

Other than that, you could change the "NM_CONTROLLED=yes" entry to
"NM_CONTROLLED=no" in the ifcfg-* files for your interfaces.  That
/should/ stop networkmanager from overwriting resolv.conf ... somehow I
have doubts that it actually would without further ado.


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: firewall configuring

[lee]

Tim  writes:

> Allegedly, on or about 14 November 2012, lee sent:
>> They are saying on the web page that it has the advantages of not
>> unloading the modules and being able to change FW configuration
>> without interrupting connections and while keeping the firewall up.
>> I've never had problems with that on Debian
>
> Nor I with Fedora.  I used to change rules while testing things, I don't
> recall connections being broken when I did that.

I haven't done any testing about it --- connections were not interrupted
on Debian, and I can't tell for Fedora yet.

>> A constantly running daemon that can quietly modify firewall rules
>> looks like a nice tool for creating security problems.
>
> Especially if controlled by applications, rather than the user.  It's
> for reasons like that, that I always disallowed UPnP in modem/routers.
> Allowing applications, especially on Windows, to just do what they
> wanted with the firewall negated the concept of having one.

Mmhm --- and with firewall rules, it likely won't show up unless you
actually check and monitor something like the output of 'iptables
--list'.  So upgrading the firewalling on Fedora will mean downgrading
on security, which is counter productive.

>> FTP isn't using random ports.  It's using two ports, and firewalls
>> need to be set up correctly to deal with that.  There's a kernel
>> module for this very purpose.
>
> There's two modes of FTP, active and passive.  With one of them, the
> traditional method of using FTP, the second connection was on a random
> port.  Sometimes you have to use a server that only works that way, and
> it can be a right pain.

Some routers have trouble with it ...

> I haven't used Shorewall, so I can't comment on its behaviour.

With shorewall, I've only been running an ftp server over ssh, and it
just worked with opening the appropriate ssh port.  I couldn't find out
what actually happened in the background and was worried if the
connection on one of the ports won't be encrypted or if everything goes
over the same port in that case ...


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: firewall configuring

[lee]

Reindl Harald  writes:

> Am 14.11.2012 12:24, schrieb lee:
>> FTP isn't using random ports.  It's using two ports, and firewalls need
>> to be set up correctly to deal with that.  There's a kernel module for
>> this very purpose.
>
> ftp is ALWAYS using random ports
>
> active:  on the client side
> passive: on the server side
>
> so on one side there must be a firewall rule or connection
> tracking for sure depending on the ftp-mode, how the tracking
> is made is a implementation detail

There isn't anything random about these ports, see
http://en.wikipedia.org/wiki/File_Transfer_Protocol

> _
>
> and if you read dmesg-messages with recent kernels you will see
> that this is in fact a topic in teh near future
>
> nf_conntrack: automatic helper assignment is deprecated and it will be 
> removed soon. Use the iptables CT target to
> attach helpers instead.

I don't know what you mean --- I haven't looked into it since a very
long time, and when I did, there was an extra kernel module to handle
ftp connections in combination with some firewall rules to allow traffic
on the data ports.  There wasn't anything random about it.  So what has
changed?


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: DNS problems this morning -

[lee]

Tim  writes:

> Tim:
>> > I was only trying out the "rotate" option, but it makes no difference
>> > where it is in the file, as far my tests with the dig and nslookup
>> > commands, go.  It may well be that *they* read the resolv.conf file in
>> > their own manner, only looking for nameserver lines.
>> >
>> > Short of reading through the nameserver logs, I can't think of another
>> > tool to test with that tells me which nameserver answered its query.
>> > I'll try that later on.
>
> lee:
>> When you use two name servers and turn on the query logging ('rndc
>> querylog on') on at least one of them, you can see if the one that
>> logs the requests has answered one or not.
>> 
>> Also, dig tells you which server answered and how long it took:
>
> Methinks you didn't read what I wrote.  I tested using dig and nslookup,
> I already knew that they tell which server answered, they told me that
> the same one kept answering.  Nor, noticed where I mentioned the timing
> of results, in an earlier message.

Sorry, I didn't realise that you actually said "another tool", so that
would exclude dig.

> So, either those tools behave differently than other things doing name
> lookups on the system, or the system ignores the directive to
> round-robin the lookups.
>
> Which means doing a test with another tool, and looking at the logs,
> which I haven't done yet as I've been otherwise occupied.
>
> -- 
> [tim@localhost ~]$ uname -rsvp
> Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64
>
> All mail to my mailbox is automatically deleted, there is no point
> trying to privately email me, I will only read messages posted to the
> public lists.

-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: [389-users] segfault while moving entry to non-existent LDAP container

[Vladimir Elisseev]

I wasn't able to reproduce this segfault using CentOS:
Name: 389-ds-base
Arch: x86_64
Version : 1.2.9.14
Release : 1.el6

However, when I updated to
Name: 389-ds-base
Arch: x86_64
Version : 1.2.10.2
Release : 20.el6_3

I've got the same segfault. I'll provide the full staketrace soon.

Regards,
Vlad.

On Wed, 2012-11-14 at 07:09 -0700, Rich Megginson wrote:
> On 11/14/2012 02:05 AM, Vladimir Elisseev wrote:
> > Obviously, I've tried ldapmodify and, as expected, it ends with an
> > error, no segfaults. However, I just tried
> > ldapmodrdn -r -h localhost -p 389 -D "cn=xxx" -W 
> > "cn=0207,ou=1,ou=Users,ou=132252,ou=Tenants,dc=CIDS" 
> > "cn=0207" -s "ou=DeletedUsers,ou=132245,ou=Tenants,DC=CIDS"
> > where the target superior entry doesn't exist, and, to my surprise, this
> > leads to the same segfault... I don't think it's normal, isn't it?
> > BTW, we've opened a case at Red Hat (we have RHDS subscription)
> > regarding this issue, so I suppose we have top stop discussing this
> > problem here, right?
> 
> No, we do not have to stop discussing this problem here, but the Red Hat 
> support team should be aware of this email thread so that they can 
> follow it.
> 
> 
> 
> >
> > Regards,
> > Vladimir.
> >
> > On Tue, 2012-11-13 at 09:58 -0800, Noriko Hosoi wrote:
> >> (2012/11/13 05:22), Rich Megginson wrote:
> >>> On 11/13/2012 03:30 AM, Vladimir Elisseev wrote:
>  Hello,
> 
>  First of all I'd say that most likely this segfault is a result of
>  badly designed application and/or bad coding. The segfault occurs while
>  this application tries to move an entry to non-existing LDAP container.
>  Unfortunately I don't have access to the source code of this app. The
>  segfault is below with backtrace from dgb:
> 
>  ns-slapd[4983]: segfault at 18 ip 7f2ed4a60759 sp
>  7f2e955e13e0 error 4 in libback-ldbm.so[7f2ed4a34000+8f000]
> 
> 
>  #0  0x7f2ed4a60759 in id2entry_add_ext () from
>  /usr/lib64/dirsrv/plugins/libback-ldbm.so
>  #1  0x7f2ed4a8a34c in modify_update_all () from
>  /usr/lib64/dirsrv/plugins/libback-ldbm.so
>  #2  0x7f2ed4a8eb4f in ldbm_back_modrdn () from
>  /usr/lib64/dirsrv/plugins/libback-ldbm.so
>  #3  0x7f2eddbecdaa in ?? () from /usr/lib64/dirsrv/libslapd.so.0
>  #4  0x7f2eddbed66c in do_modrdn () from
>  /usr/lib64/dirsrv/libslapd.so.0
>  #5  0x00413904 in ?? ()
>  #6  0x7f2edc0369e3 in ?? () from /lib64/libnspr4.so
>  #7  0x7f2edb9d9851 in start_thread () from /lib64/libpthread.so.0
>  #8  0x7f2edb72711d in clone () from /lib64/libc.so.6
> 
>  I'd appreciate any thoughts regarding what kind of (bad) things this
>  application is doing. Is it possible to have a kind of protection in
>  this case on directory server?
> >>> rpm -q 389-ds-base
> >>> Can you provide a full stack trace based on the instructions at
> >>> http://port389.org/wiki/FAQ#Debugging_Crashes ?
> >> Also, can we have the modrdn operation you executed?  Command line
> >> history and/or the snippet of the access log would be helpful.
> >>
> >> I tried these modrdns, but it failed with the expected errors... And the
> >> server is up and running after that.
> >> $ ldapmodify ...
> >> dn: cn=HR,ou=Groups,dc=example,dc=com
> >> changetype: modrdn
> >> newrdn: cn=HR
> >> deleteoldrdn: 1
> >> newsuperior: ou=bogus,dc=example,dc=com
> >>
> >> modifying rdn of entry "cn=HR,ou=Groups,dc=example,dc=com"
> >> ldap_rename: No such object (32)
> >>   matched DN: dc=example,dc=com
> >>
> >> $ ldapmodify ...
> >> dn: cn=HR,ou=Groups,dc=example,dc=com
> >> changetype: modrdn
> >> newrdn: cn=HR
> >> deleteoldrdn: 1
> >> newsuperior: o=bogus.com
> >>
> >> modifying rdn of entry "cn=HR,ou=Groups,dc=example,dc=com"
> >> ldap_rename: Operation affects multiple DSAs (71)
> >>   additional info: Cannot move entries across backends
> >>
> >> --
> >> 389 users mailing list
> >> 389-us...@lists.fedoraproject.org
> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> > --
> > 389 users mailing list
> > 389-us...@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/389-users
> 


--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: DNS problems this morning -

[Rick Stevens]

On 11/14/2012 06:45 AM, Tim issued this missive:

Tim:

I was only trying out the "rotate" option, but it makes no difference
where it is in the file, as far my tests with the dig and nslookup
commands, go.  It may well be that *they* read the resolv.conf file in
their own manner, only looking for nameserver lines.

Short of reading through the nameserver logs, I can't think of another
tool to test with that tells me which nameserver answered its query.
I'll try that later on.


lee:

When you use two name servers and turn on the query logging ('rndc
querylog on') on at least one of them, you can see if the one that
logs the requests has answered one or not.

Also, dig tells you which server answered and how long it took:


Methinks you didn't read what I wrote.  I tested using dig and nslookup,
I already knew that they tell which server answered, they told me that
the same one kept answering.  Nor, noticed where I mentioned the timing
of results, in an earlier message.

So, either those tools behave differently than other things doing name
lookups on the system, or the system ignores the directive to
round-robin the lookups.

Which means doing a test with another tool, and looking at the logs,
which I haven't done yet as I've been otherwise occupied.


If you're testing these options, you must disable nscd (if it's
running). nscd will interpose itself in the resolver library chain
and answer resolver queries from its cache first. I don't know if
nscd handles the options line(s) in the resolv.conf at all.
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 -
--
-  BASIC is the Computer Science version of `Scientific Creationism' -
--
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: NetworkManager-resolv.conf -

[Bob Goodwin - Zuni, Virginia, USA]

On 14/11/12 10:20, Bob Goodwin - Zuni, Virginia, USA wrote:


   How can I tell NetworkManager not to change my /etc/resolv.conf file
   or do I need to just stop using NM? These are fixed F-17/64
   computers and I use NM simply because it's there and works, however
   I want to change the dns settings and not have them over written. I
   don't see how it can be done with the edit GUI menu that comes up
   when I click on the NM icon.

   Bob

   --http://www.qrz.com/db/W2BOD

   box7



   I did:[root@box7 bobg]# chattr +i /etc/resolv.conf

   That seems to prevent the overwriting when I stop and start NM.



--
http://www.qrz.com/db/W2BOD

box7

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

OT: Apple patents rectangle

[Frank Murphy]

http://www.uspto.gov/web/patents/patog/week45/OG/html/1384-1/USD0670286-20121106.html

-- 
I have a rock garden.  Last week three of them died.
-- Richard Diran
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Make an existing user part of Administrators

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 11/14/2012 04:22 AM, Gianluca Cecchi wrote:
> On Tue Nov 13 17:25:14 UTC 2012 Matthew Miller wrote:
>> I'm sorry, I don't understand what you're asking here. You can use the 
>> graphical users and groups tool to add people to the wheel group.
> 
> I'll try to explain better. Tipically when I want to give my user admin
> privileges (on F16 and F17 for example), I simply do this: 1) add the user
> to the wheel group 2) uncomment one of these lines in pre-configured
> sudoers file
> 
> #%wheelALL=(ALL)ALL # %wheelALL=(ALL)NOPASSWD: ALL
> 
> depending if I want the user to always type their password or not This way
> of doing things comes from seeing that in sudoers already exists this
> pre-defined group "wheel", so I don't go through creating another group for
> the same target. So far so good.
> 
> During install phase for testing of F18 Beta TC7-8 I noticed this flag "Add
> to Administrators group" where you have to create a new user. (I remember
> it is there also at least in F17 but I didn't use it before...) So a
> natural question arose regarding what this flag does (only steps 1) and 2)
> above or other things such as selinux commands ecc?) to eventually learn
> other ways of reaching the same target, possibly also after the
> installation phase
> 
> Call it curiosity for better understanding.
> 
> Gianluca
> 
It does not do anything with SELinux.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCjuQsACgkQrlYvE4MpobPrXwCgmitIX+N9iQ0l5BbrYmAv/Piy
ot4AnR+ovA/RUsGyU7JPuzH4h/mk7t3I
=viHl
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

NetworkManager-resolv.conf -

[Bob Goodwin - Zuni, Virginia, USA]

   How can I tell NetworkManager not to change my /etc/resolv.conf file
   or do I need to just stop using NM? These are fixed F-17/64
   computers and I use NM simply because it's there and works, however
   I want to change the dns settings and not have them over written. I
   don't see how it can be done with the edit GUI menu that comes up
   when I click on the NM icon.

   Bob

   -- 
   http://www.qrz.com/db/W2BOD


   box7

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: DNS problems this morning -

[Chris Adams]

Once upon a time, Tim  said:
> Methinks you didn't read what I wrote.  I tested using dig and nslookup,
> I already knew that they tell which server answered, they told me that
> the same one kept answering.  Nor, noticed where I mentioned the timing
> of results, in an earlier message.

Those tools are really for debugging of DNS itself, and they do not use
the normal resolver library (or at least not in the normal way).  I
believe the "host" command does use the normal resolver (like any other
program).

-- 
Chris Adams 
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: [389-users] 389ds + modrdn + NSMMReplicationPlugin - Consumer failed to replay change

[Rich Megginson]

On 11/13/2012 07:21 PM, Derek Belcher wrote:
Here is the error message that I am receiving in 
/var/log/dirsrv/slap-/errors :


[13/Nov/2012:20:13:27 -0600] NSMMReplicationPlugin - agmt="cn=sync001" 
(AD1.company.net:636 ): Consumer failed to 
replay change (uniqueid 754ce981-e4d411e1-b828c127-7d7e145e, CSN 
50a150a40002): Server is unwilling to perform. Will retry later.


Thanks again for your time.

rpm -q 389-ds-base



On Tue, Nov 13, 2012 at 5:38 PM, Derek Belcher 
mailto:jderekbelc...@gmail.com>> wrote:


Good evening,

I am requesting some help from the community, I have an issue that
I can not seem to resolve.

Yesterday I committed a change on a users DN and today I noticed
replication issues in my logs. The logs told me the uniqueid # and
CSN #

So I used cl-dump to dump the changelog into a file. Here are the
results of what I grep'ed out:


[root@ds]# grep "50a150a40002" -B2 -A13 /var/tmp/change.dump
changetype: modrdn
replgen: 4ff8a4c1
csn: 50a150a40002
nsuniqueid: 754ce981-e4d411e1-b828c127-7d7e145e
dn: uid=auser,ou=threataa,ou=ops,ou=groups,dc=company,dc=net
newrdn: uid=auser
deleteoldrdn: false
newsuperiordn: ou=threatbb,ou=ops,ou=groups,dc=company,dc=net
change::
replace: modifiersname
modifiersname: cn=directory manager
-
replace: modifytimestamp
modifytimestamp: 20121112194019Z
-

So now that I know what entry NSMReplicationPlugin is complaining
about, I don't know what to do in order to fix it and get
replication back on track.

I really appreciate any help on this matter, Thank you




--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: firewall configuring

[Tim]

Allegedly, on or about 14 November 2012, lee sent:
> They are saying on the web page that it has the advantages of not
> unloading the modules and being able to change FW configuration
> without interrupting connections and while keeping the firewall up.
> I've never had problems with that on Debian

Nor I with Fedora.  I used to change rules while testing things, I don't
recall connections being broken when I did that.

> A constantly running daemon that can quietly modify firewall rules
> looks like a nice tool for creating security problems.

Especially if controlled by applications, rather than the user.  It's
for reasons like that, that I always disallowed UPnP in modem/routers.
Allowing applications, especially on Windows, to just do what they
wanted with the firewall negated the concept of having one.

> FTP isn't using random ports.  It's using two ports, and firewalls
> need to be set up correctly to deal with that.  There's a kernel
> module for this very purpose.

There's two modes of FTP, active and passive.  With one of them, the
traditional method of using FTP, the second connection was on a random
port.  Sometimes you have to use a server that only works that way, and
it can be a right pain.

I haven't used Shorewall, so I can't comment on its behaviour.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: DNS problems this morning -

[Tim]

Tim:
> > I was only trying out the "rotate" option, but it makes no difference
> > where it is in the file, as far my tests with the dig and nslookup
> > commands, go.  It may well be that *they* read the resolv.conf file in
> > their own manner, only looking for nameserver lines.
> >
> > Short of reading through the nameserver logs, I can't think of another
> > tool to test with that tells me which nameserver answered its query.
> > I'll try that later on.

lee:
> When you use two name servers and turn on the query logging ('rndc
> querylog on') on at least one of them, you can see if the one that
> logs the requests has answered one or not.
> 
> Also, dig tells you which server answered and how long it took:

Methinks you didn't read what I wrote.  I tested using dig and nslookup,
I already knew that they tell which server answered, they told me that
the same one kept answering.  Nor, noticed where I mentioned the timing
of results, in an earlier message.

So, either those tools behave differently than other things doing name
lookups on the system, or the system ignores the directive to
round-robin the lookups.

Which means doing a test with another tool, and looking at the logs,
which I haven't done yet as I've been otherwise occupied.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.



-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: [389-users] segfault while moving entry to non-existent LDAP container

[Rich Megginson]

On 11/14/2012 02:05 AM, Vladimir Elisseev wrote:

Obviously, I've tried ldapmodify and, as expected, it ends with an
error, no segfaults. However, I just tried
ldapmodrdn -r -h localhost -p 389 -D "cn=xxx" -W 
"cn=0207,ou=1,ou=Users,ou=132252,ou=Tenants,dc=CIDS" "cn=0207" -s 
"ou=DeletedUsers,ou=132245,ou=Tenants,DC=CIDS"
where the target superior entry doesn't exist, and, to my surprise, this
leads to the same segfault... I don't think it's normal, isn't it?
BTW, we've opened a case at Red Hat (we have RHDS subscription)
regarding this issue, so I suppose we have top stop discussing this
problem here, right?


No, we do not have to stop discussing this problem here, but the Red Hat 
support team should be aware of this email thread so that they can 
follow it.






Regards,
Vladimir.

On Tue, 2012-11-13 at 09:58 -0800, Noriko Hosoi wrote:

(2012/11/13 05:22), Rich Megginson wrote:

On 11/13/2012 03:30 AM, Vladimir Elisseev wrote:

Hello,

First of all I'd say that most likely this segfault is a result of
badly designed application and/or bad coding. The segfault occurs while
this application tries to move an entry to non-existing LDAP container.
Unfortunately I don't have access to the source code of this app. The
segfault is below with backtrace from dgb:

ns-slapd[4983]: segfault at 18 ip 7f2ed4a60759 sp
7f2e955e13e0 error 4 in libback-ldbm.so[7f2ed4a34000+8f000]


#0  0x7f2ed4a60759 in id2entry_add_ext () from
/usr/lib64/dirsrv/plugins/libback-ldbm.so
#1  0x7f2ed4a8a34c in modify_update_all () from
/usr/lib64/dirsrv/plugins/libback-ldbm.so
#2  0x7f2ed4a8eb4f in ldbm_back_modrdn () from
/usr/lib64/dirsrv/plugins/libback-ldbm.so
#3  0x7f2eddbecdaa in ?? () from /usr/lib64/dirsrv/libslapd.so.0
#4  0x7f2eddbed66c in do_modrdn () from
/usr/lib64/dirsrv/libslapd.so.0
#5  0x00413904 in ?? ()
#6  0x7f2edc0369e3 in ?? () from /lib64/libnspr4.so
#7  0x7f2edb9d9851 in start_thread () from /lib64/libpthread.so.0
#8  0x7f2edb72711d in clone () from /lib64/libc.so.6

I'd appreciate any thoughts regarding what kind of (bad) things this
application is doing. Is it possible to have a kind of protection in
this case on directory server?

rpm -q 389-ds-base
Can you provide a full stack trace based on the instructions at
http://port389.org/wiki/FAQ#Debugging_Crashes ?

Also, can we have the modrdn operation you executed?  Command line
history and/or the snippet of the access log would be helpful.

I tried these modrdns, but it failed with the expected errors... And the
server is up and running after that.
$ ldapmodify ...
dn: cn=HR,ou=Groups,dc=example,dc=com
changetype: modrdn
newrdn: cn=HR
deleteoldrdn: 1
newsuperior: ou=bogus,dc=example,dc=com

modifying rdn of entry "cn=HR,ou=Groups,dc=example,dc=com"
ldap_rename: No such object (32)
  matched DN: dc=example,dc=com

$ ldapmodify ...
dn: cn=HR,ou=Groups,dc=example,dc=com
changetype: modrdn
newrdn: cn=HR
deleteoldrdn: 1
newsuperior: o=bogus.com

modifying rdn of entry "cn=HR,ou=Groups,dc=example,dc=com"
ldap_rename: Operation affects multiple DSAs (71)
  additional info: Cannot move entries across backends

--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Re: firewall configuring

[Reindl Harald]

Am 14.11.2012 12:24, schrieb lee:
> FTP isn't using random ports.  It's using two ports, and firewalls need
> to be set up correctly to deal with that.  There's a kernel module for
> this very purpose.

ftp is ALWAYS using random ports

active:  on the client side
passive: on the server side

so on one side there must be a firewall rule or connection
tracking for sure depending on the ftp-mode, how the tracking
is made is a implementation detail
_

and if you read dmesg-messages with recent kernels you will see
that this is in fact a topic in teh near future

nf_conntrack: automatic helper assignment is deprecated and it will be removed 
soon. Use the iptables CT target to
attach helpers instead.




signature.asc
Description: OpenPGP digital signature
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: network manager has gone crazy

[lee]

Marko Vojinovic  writes:

> On Tue, 13 Nov 2012 20:44:04 +0100 lee  wrote:
>> Tim  writes:
>> > There does appear to be some NetworkManager interface through the
>> > command line.  Dunno whether it's going to be of any use to you,
>> > though.
>> 
>> Hm I didn't find out what it is yet.
>
> man nmcli
> man nm-tool
> man nm-online
> man NetworkManager
> man NetworkManager.conf

Ah, thank you, I'll look at them :)

Seems like it's even worse than I thought, considering this
inconsistancy in the naming.  It would have to be NMcli, etc. ...

> If you prefer a GUI to control NetworkManager, you probably want to
>
>   yum install NetworkManager-gnome
>
> and start nm-applet utility, which should land in your
> system-tray/dock/whatever, and from where you can do everything else.

Hm I don't have a tray or dock, never found that useful.  I've got
iconbox in fvwm because the icons need to go /somewhere/ where I can
find them, and it keeps getting in the way.  I3 has a better solution to
that ... thinking of which, maybe it's possible to configure fvwm to
have the same ...

>> > As may have been pointed out in this thread, but definitely in the
>> > past, NetworkManager is probably not be suitable for servers.  It
>> > is geared towards having something else configure your network,
>> > usually a server is self-configured, or at least the central server
>> > is (the one everything else relies on).
>> 
>> It's a very strange idea that something else should configure the
>> network.
>
> Why do you consider such a scenario to be strange?

It just feels strange, and I've seen it not working.

> The dhcp was
> invented for precisely this purpose. It is widely used on laptops and
> other mobile devices, in home&office environments for desktops, etc.
>
> Typically only servers need to have a static IP. And even that can be
> remote-configured by the dhcp server. In fact, the dhcp server itself
> is the only one requiring a static manually-configured IP. Everything
> else can be configured by a remote dhcp server.

DHCP has its advantages and disadvantages ...

>> Anyway, I still want to know, even with networkmanager disabled.  It
>> doesn't hurt to learn something new :)
>> 
>> > I have to admit I'm intrigued to find out what would happen if you
>> > ran a DHCP server on a machine with NetworkManager handling the
>> > network interfaces.  But not sufficiently to try it out, at 2:30 in
>> > the morning.
>> 
>> It probably won't work because there won't be any network interfaces
>> configured the DHCP server could use to receive broadcasts and send
>> answers so that networkmanager could configure such interfaces.
>
> The dhcp server requires a NIC with a static IP (it cannot serve
> itself). If NetworkManager is configured so that it assigns a static IP
> to that particular interface, dhcp will be happy, and everything will
> work well.
>
> It can even serve the IPs for other NICs on the same machine (if any
> are present), and NetworkManager will pick those up and configure
> them, if they are set up to use dhcp... ;-)

And you neither need networkmanager, nor DHPC when you just configure
static IPs :)

>> > Regarding trying to find its configuration files, I would have tried
>> > something like:  locate -i networkmanager |grep etc
>
> I doubt that in normal circumstances one would ever need to manually
> edit files in /etc/NetworkManager/. All configuration files that are
> related to the actual network interfaces (used by NM) are
> in /etc/sysconfig/network-scripts/, among which the most interesting
> are the ifcfg-* files. Those are probably the only files that one could
> be motivated to hand-edit. At least in normal circumstances, and in
> the absence of a GUI utility.

Well I did edit the ifcfg-* files, and networkmananger didn't agree and
destroyed /etc/resolv.conf.  Now I could say that networkmanager should
be able to detect when someone edits the relevant files and act
accordingly.  A simple flag-entry like "nm-touch: [yes | no]" in
resolv.conf might help a lot already; it could even be in form of a
comment which only networkmanager understands so it doesn't interfere
with anything else that uses the file.

It would still be a very ugly solution ... It would be better if the
installer gave you a choice whether to use networkmanager or not.  I
guess they need to fix the dependencies of it first ...

What is the procedure to make suggestions like that?  Create a bug
report for networkmanager?


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: locale settings

[lee]

Sergio  writes:

> On 11/13/2012 07:42 PM, Sergio wrote:
>> On 11/13/2012 06:27 PM, lee wrote:
>>> Tim  writes:
>>>
 Is anyone else using Fedora in Australia and noticed that locale
 settings aren't what they ought to be?

 Specifically that the system locale, despite being set up during
 post-installation, was on a US setting.  And that personal locales
 inherit that, and each logon needs manually setting to Australian.   And
 that applications that print need manually setting to A4, instead of
 already being preset to A4 by the locale (or even not preselecting from
 the printer settings).
>>>
>>> What is the equivalent of Debians 'dpkg-reconfigure locale' in Fedora?
>>> And btw, what's Fedoras equivalent of apt-file?
>>>
>>>
>>
>> F18 has changed in this regard, now it uses localectl. In F17 I think it
>> was setup with system-config-
>>
>> What's apt-file?

Thank you!

> If apt-file is to search for a file in a package then have a look at
> rpm's options.
> Also 'repoquery -l' (yum-utils).

Yes, it is a tool that can search for packages containing a given file.
It might be like 'repoquery -f', giving more useful results easier than
'repoquery -f' seems to do.  I need to learn more about the package
management; so far I just used it without much reading, so it was simple
enough :)


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Fedora 17: Auto configuring wireless networks in Network Manager on first boot

[lee]

Arun SAG  writes:

> Hi,
>
> How do i configure wireless networks in NetworkManager during install time
> so that the user don't have to configure it manually. I tried to drop in
> the file ifcfg-networkname in /etc/sysconfig/network-scripts/, but Network
> Manager keeps asking me to configure the network myself despite the
> presence of the configuration file.

As far as I understand, the interfaces should be configured
automatically by networkmanager if you're using DHCP.  For wireless,
you'll probably have to enter a key if it uses encryption.

> Here is my ifcfg-networkname file looks like

Shouldn't the file be named for the interface, like ifcfg-em1?

> HWADDR=xx:xx:xx:xx:xx
> ESSID="networkname"
> MODE=Managed
> KEY_MGMT=WPA-EAP
> SECURITYMODE=open
> TYPE=Wireless
> IEEE_8021X_EAP_METHODS=PEAP
> IEEE_8021X_IDENTITY=
> IEEE_8021X_PASSWORD_FLAGS=ask
> IEEE_8021X_INNER_AUTH_METHODS=GTC
> BOOTPROTO=dhcp
> DEFROUTE=yes
> PEERDNS=yes
> PEERROUTES=yes
> IPV4_FAILURE_FATAL=no
> IPV6INIT=yes
> IPV6_AUTOCONF=yes
> IPV6_DEFROUTE=yes
> IPV6_PEERDNS=yes
> IPV6_PEERROUTES=yes
> IPV6_FAILURE_FATAL=no
> IPV6_PRIVACY=rfc3041
> NAME=
> UUID=cbb10c64-e609-4dcf-b554-7343cb791eae
> ONBOOT=yes
>
> Does network manager do anything other than generating this file when the
> user configures a wireless network?

Networkmanager seems to have and to use its own configuration in
/etc/NetworkManager and may disagree with the ifcfg-* files, so if you
want to use networkmanager, you're better off using its configuration
tools rather than editing the files used by the network.service.

Networkmanager also messes with /etc/resolv.conf.  Just dropping an
ifcfg-* file into /etc/sysconfig/network-scripts or editing one isn't
sufficient because networkmanager doesn't understand from that what you
are trying to achieve.  And what about wpa_supplicant?


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: DVD drive polling

[lee]

Tim  writes:

> (I'm breaking this out into another thread, as it doesn't belong to the
> firewall one.)
>
> Allegedly, on or about 13 November 2012, lee sent:
>> I still haven't even found a way to disable the DVD-drive polling.
>> Where is the configuration for that?  Or what makes the light flash all
>> the time?
>
> I don't see that, here.  Fedora 17, kernel details in my signature,
> running Gnome in the fallback mode, mostly the default install from the
> live disk for 64-bit, with a few extra applications.  My DVD drive is
> PATA, you should say what yours is.  It may make a difference.

The DVDs are connected to SATA ports.  It's very (only) noticeable here
because none of the devices connected to the on-board SATA cotrollers is
mounted or otherwise in use by anything I'm doing/running.  I'm not
running gnome, just an X-session started with startx and i3 as WM, and
yet the light constantly flashes like once a second.  I can't see
anything in the output of PS that would indicate what is making the
light flash.

Uname says: Linux 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012
x86_64


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: firewall configuring

[lee]

Tim  writes:

> Allegedly, on or about 13 November 2012, lee sent:
>> Great, that is going to conflict with my shorewall configuration when I
>> update.  And running another daemon process all the time for something
>> that rarely ever changes once it's set up?  Adding even more
>> dependencies with networkmanager?  Involving d-bus which is something
>> nobody understands?  That just sucks.
>
> I tend to agree.
>
> However, I can see one need for a daemon, though wonder whether it does
> anything about it:  Things that actually require dynamic firewall
> configuration, such as the random port used by FTP, UPnP thingoes, et
> cetera.  If it doesn't actually provide a solution to problems like
> them, then what's the point?

They are saying on the web page that it has the advantages of not
unloading the modules and being able to change FW configuration without
interrupting connections and while keeping the firewall up.  I've never
had problems with that on Debian --- they are right though in that
restarting shorewall would take the firewall down during the restart.
I've never had issues with interrupted connections because of that.

These are particularities of the implementation, though.  There's no
need to unload the modules, so something on Fedora must be intentionally
unloading them.  That the firewall is taken down rather than acutally
modified when shorewall is stopped is shorewalls implementation.

A constantly running daemon that can quietly modify firewall rules looks
like a nice tool for creating security problems.

I'd vote for making shorewall the default firewall in Fedora instead.
Where can we make suggestions like that?


FTP isn't using random ports.  It's using two ports, and firewalls need
to be set up correctly to deal with that.  There's a kernel module for
this very purpose.

When starting shorewall, I'm getting messages like 'xt_CT: No such
helper "ftp-0"' in /var/log/messages.  I haven't looked into that yet
--- any idea what they are supposed to tell me and what to do about it?


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: DNS problems this morning -

[lee]

Tim  writes:

> Allegedly, on or about 13 November 2012, Rick Stevens sent:
>> It may have to be above the nameserver specifications:
>> 
>> domain blah
>> search blah
>> options attempts:1 timeout:2
>> nameserver blah
>> nameserver blah
>> 
>> In other words, it may only take effect from the time it's seen in
>> the file. If you put it at the end, it has no effect. Not sure about
>> that, but give it a whirl. 
>
> I was only trying out the "rotate" option, but it makes no difference
> where it is in the file, as far my tests with the dig and nslookup
> commands, go.  It may well be that *they* read the resolv.conf file in
> their own manner, only looking for nameserver lines.
>
> Short of reading through the nameserver logs, I can't think of another
> tool to test with that tells me which nameserver answered its query.
> I'll try that later on.

When you use two name servers and turn on the query logging ('rndc
querylog on') on at least one of them, you can see if the one that logs
the requests has answered one or not.

Also, dig tells you which server answered and how long it took:


,
| [~] dig 8.8.8.8
| [...]
| ;; Query time: 1 msec
| ;; SERVER: 127.0.0.1#53(127.0.0.1)
| ;; WHEN: Wed Nov 14 12:37:47 2012
| ;; MSG SIZE  rcvd: 111
| 
| [~] dig @8.8.8.8 8.8.8.8
| [...]
| ;; Query time: 40 msec
| ;; SERVER: 8.8.8.8#53(8.8.8.8)
| ;; WHEN: Wed Nov 14 12:37:53 2012
| ;; MSG SIZE  rcvd: 111
| 
| [~] 
`


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: network manager has gone crazy

[lee]

Marko Vojinovic  writes:

> By the way, I find it very braindead to search for documentation or
> configuration on NetworkManager, and not ever try the obvious
> "man networkmanager". And the man is even case-insensitive, for your
> convenience.
>
> In addition, in the SEE ALSO section it points you to read the
> "man networkmanager.conf", which in turn tells you the exact path to
> the configuration files at the very top of the document.

Yeah and why didn't I read the manpage?  It seems pretty obvious now.

Maybe I become braindead and stupid when the network connection doesn't
work ...  That's a bad sign.


-- 
Fedora 17
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Phonon GST/XINE (was Amarok)

[jarmo]

Wed, 14 Nov 2012 10:50:43 +0200
jarmo  kirjoitti:

> It seems, that problems leads into phonon-gst combination. Seem also,

OK, now solved with
http://www.fluendo.com/shop/product/fluendo-mp3-decoder/

Jarmo
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Re: Make an existing user part of Administrators

[Gianluca Cecchi]

On Tue Nov 13 17:25:14 UTC 2012 Matthew Miller wrote:
> I'm sorry, I don't understand what you're asking here. You can use the
> graphical users and groups tool to add people to the wheel group.

I'll try to explain better.
Tipically when I want to give my user admin privileges (on F16 and F17
for example), I simply do this:
1) add the user to the wheel group
2) uncomment one of these lines in pre-configured sudoers file

#%wheelALL=(ALL)ALL
# %wheelALL=(ALL)NOPASSWD: ALL

depending if I want the user to always type their password or not
This way of doing things comes from seeing that in sudoers already
exists this pre-defined group "wheel", so I don't go through creating
another group for the same target.
So far so good.

During install phase for testing of F18 Beta TC7-8 I noticed this flag
"Add to Administrators group" where you have to create a new user.
(I remember it is there also at least in F17 but I didn't use it before...)
So a natural question arose regarding what this flag does (only steps
1) and 2) above or other things such as selinux commands ecc?) to
eventually learn other ways of reaching the same target, possibly also
after the installation phase

Call it curiosity for better understanding.

 Gianluca
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org

Phonon GST/XINE (was Amarok)

[jarmo]

It seems, that problems leads into phonon-gst combination. Seem also,
that there's not backend for xine anymore in F17. Earlier didn't pay
any attention, because used vlc. Now granddaughter wanted to use amarok
with iPod. Something IS! totally going wrong, with this
phonon/pulseaudio crab. That's sure, that gst's good,bad,ugly has
something, that does not worky. Propably this is KDE related, but if it
comes with system, so expect to work anyway. Now, Gurus, is there any
change throw away Phonon ..etc and install working system instead?

Jarmo
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org