[389-users] Re: password not expire 389
On Sun, 2017-02-26 at 17:53 +, tua...@gmail.com wrote: > I observer this one after the update of 389* > > Starting dirsrv: > NNIT...[26/Feb/2017:18:26:09 +0100] dse_read_one_file - The entry > cn=schema in file /etc/dirsrv/slapd-NNIT/schema/75ppolicy.ldif (lineno: 1) is > invalid, error code 20 (Type or value exists) - attribute type pwdMinAge: > Does not match the OID "1.3.6.1.4.1.42.2.27.8.1.2". Another attribute type is > already using the name or OID. > [26/Feb/2017:18:26:09 +0100] dse - Please edit the file to correct the > reported problems and then restart the server. >[FAILED] > *** Error: 1 instance(s) failed to start > [root@centos6 dirsrv]# > > notice: attribute type pwdMinAge: Does not match the OID > > I need to remove it before I can start dirsrv. > > that file is the same from here: > [root@centos6 dirsrv]# ll /etc/dirsrv/schema/75ppolicy.ldif > -rw-r--r-- 1 root root 4699 Feb 19 2013 /etc/dirsrv/schema/75ppolicy.ldif > [root@centos6 dirsrv]# > > So now my ldap slapd-NNIT doesn't had this schema 75ppolicy.ldif. I dont > know if it has any affect. > > Please help > br Tuan Hi, You may find that your schema has been corrupted or migrated from another server (ie sunds, or similar). 75ppolicy.ldif doesn't ship with directory server. We ship the password policy in 02common.ldif. It may be a good idea to backup your schema directory: # Stop directory server here, ie systemctl stop dirsrv@instance mv /etc/dirsrv/slapd-/schema /etc/dirsrv/slapd-/schema-backup cp -a /usr/share/dirsrv/schema /etc/dirsrv/slapd-/schema restorecon -r /etc/dirsrv/slapd- chown -R dirsrv: /etc/dirsrv/slapd-/schema # Start Directory Server here This should restore a "correct" 389-ds-base provided schema to your instance. Further issues from there are due to missing custom schema that you can extract from /etc/dirsrv/slapd-/schema-backup into /etc/dirsrv/slapd-/schema/99user.ldif as needed. As I mention in my steps, I advise HIGHLY you backup your server before performing any operation in the interest of safety. -- Sincerely, William Brown Software Engineer Red Hat, Australia/Brisbane signature.asc Description: This is a digitally signed message part ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On 02/27/17 04:42, Ed Greshko wrote: > On 02/26/17 23:15, Paul Smith wrote: >> Let me add that I am using Oracle VirtualBox (from >> http://www.virtualbox.org/): >> >> VirtualBox-5.1-5.1.14_112924_fedora25-1.x86_64 > As am I > > The procedure I gave you will get you going as I did me. > > I'll report this against selinux soon. > A bugzilla had already been created. https://bugzilla.redhat.com/show_bug.cgi?id=1426906 -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On 02/26/17 23:15, Paul Smith wrote: > Let me add that I am using Oracle VirtualBox (from > http://www.virtualbox.org/): > > VirtualBox-5.1-5.1.14_112924_fedora25-1.x86_64 As am I The procedure I gave you will get you going as I did me. I'll report this against selinux soon. -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: running ssh/remote cmd in the background
Hey Jon... You are absolutely correct.. if the parent ssh terminates.. the remote process would "die".. In my use case, the remote process being fired off is actually being run under a remote "Screen" session, so it had better survive the ssh terminating!! (In testing, this has worked, so I have no reason to think the background process would be any different! Thanks On Sun, Feb 26, 2017 at 2:17 PM, Jon LaBadiewrote: > On Sun, Feb 26, 2017 at 06:40:50PM +0100, Joachim Backes wrote: >> On 02/26/17 18:08, bruce wrote: >> > Morn guys... >> > >> > The following works as a test ssh to fire off a remote cmd. However it >> > waits for the cmd to complete befor returning. I'm looking to run th >> > cmd as a background on the local/calling instance. Ultimaely, I'll be >> > testing this from py/php scripts. >> > >> > ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' >> > >> > -would the following work? >> > >> > ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' & >> >> It runs the (complete) local ssh cmd (including it's parameters) locally in >> background. If you want to run the remote cmd in background >> (cat /cloud/hash2.dat | wc -l) you must add the "&" before the closing "'" >> and not after. >> >> But this means your ssh command likely may exit before the remote cmd >> finishes. Is this reasonable? >> >> Kind regards >> >> Joachim Backes > > Two other considerations: > > Where is the output from the pipeline sink (wc -l in this case) > going to go? Without the ssh connection, it will go to stdout, > either closed or set to /dev/null. > > When the ssh connection terminates, I suspect its children > processes on the remote to receive the "Hang UP" (your parent > has died) signal and will likely commit suicide. > > Jon > -- > Jon H. LaBadie jo...@jgcomp.com > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: running ssh/remote cmd in the background
On Sun, Feb 26, 2017 at 06:40:50PM +0100, Joachim Backes wrote: > On 02/26/17 18:08, bruce wrote: > > Morn guys... > > > > The following works as a test ssh to fire off a remote cmd. However it > > waits for the cmd to complete befor returning. I'm looking to run th > > cmd as a background on the local/calling instance. Ultimaely, I'll be > > testing this from py/php scripts. > > > > ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' > > > > -would the following work? > > > > ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' & > > It runs the (complete) local ssh cmd (including it's parameters) locally in > background. If you want to run the remote cmd in background > (cat /cloud/hash2.dat | wc -l) you must add the "&" before the closing "'" > and not after. > > But this means your ssh command likely may exit before the remote cmd > finishes. Is this reasonable? > > Kind regards > > Joachim Backes Two other considerations: Where is the output from the pipeline sink (wc -l in this case) going to go? Without the ssh connection, it will go to stdout, either closed or set to /dev/null. When the ssh connection terminates, I suspect its children processes on the remote to receive the "Hang UP" (your parent has died) signal and will likely commit suicide. Jon -- Jon H. LaBadie jo...@jgcomp.com ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
[389-users] Re: password not expire 389
I observer this one after the update of 389* Starting dirsrv: NNIT...[26/Feb/2017:18:26:09 +0100] dse_read_one_file - The entry cn=schema in file /etc/dirsrv/slapd-NNIT/schema/75ppolicy.ldif (lineno: 1) is invalid, error code 20 (Type or value exists) - attribute type pwdMinAge: Does not match the OID "1.3.6.1.4.1.42.2.27.8.1.2". Another attribute type is already using the name or OID. [26/Feb/2017:18:26:09 +0100] dse - Please edit the file to correct the reported problems and then restart the server. [FAILED] *** Error: 1 instance(s) failed to start [root@centos6 dirsrv]# notice: attribute type pwdMinAge: Does not match the OID I need to remove it before I can start dirsrv. that file is the same from here: [root@centos6 dirsrv]# ll /etc/dirsrv/schema/75ppolicy.ldif -rw-r--r-- 1 root root 4699 Feb 19 2013 /etc/dirsrv/schema/75ppolicy.ldif [root@centos6 dirsrv]# So now my ldap slapd-NNIT doesn't had this schema 75ppolicy.ldif. I dont know if it has any affect. Please help br Tuan ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Dual booting with external drive
I have a new USB3 drive and would like to install Windows on one partition of it for occasional dual booting. I already have F25 on my main drives (root on a 128GB SSD and /home on a 1TB internal SATA) so the usual advice of "install Windows first, then Linux" is not really what I want to hear unless there's no alternative. My mobo can support BIOS or UEFI. Any pointers to how to go about this would be appreciated, (including getting Windoze to run from a USB drive, and apologies for being OT with that part). poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: running ssh/remote cmd in the background
On 02/26/17 18:08, bruce wrote: Morn guys... The following works as a test ssh to fire off a remote cmd. However it waits for the cmd to complete befor returning. I'm looking to run th cmd as a background on the local/calling instance. Ultimaely, I'll be testing this from py/php scripts. ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' -would the following work? ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' & It runs the (complete) local ssh cmd (including it's parameters) locally in background. If you want to run the remote cmd in background (cat /cloud/hash2.dat | wc -l) you must add the "&" before the closing "'" and not after. But this means your ssh command likely may exit before the remote cmd finishes. Is this reasonable? Kind regards Joachim Backes Im not sure if the "&" would be applied to the remote or local side for the ssh. And yeah, I know I could run a few tests... but I thought I'd get the opinion of some of you guys as well...!! Thanks ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org -- Fedora release 25 (Twenty Five) Kernel-4.9.12-200.fc25.x86_64 Joachim Backeshttps://www-user.rhrk.uni-kl.de/~backes/ ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
running ssh/remote cmd in the background
Morn guys... The following works as a test ssh to fire off a remote cmd. However it waits for the cmd to complete befor returning. I'm looking to run th cmd as a background on the local/calling instance. Ultimaely, I'll be testing this from py/php scripts. ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' -would the following work? ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' & Im not sure if the "&" would be applied to the remote or local side for the ssh. And yeah, I know I could run a few tests... but I thought I'd get the opinion of some of you guys as well...!! Thanks ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
[389-users] password not expire 389
Hi with the new 1.2.2-1 389* the user can resure the same password Again & Again, the passwordhistory stop to Work and not showing anymore. see my test below. It is the first time i get this kind of issue [root@centos6 ~]# rpm -qa|grep 389 389-console-1.1.7-1.el6.noarch 389-adminutil-1.1.19-1.el6.x86_64 389-ds-console-1.2.6-1.el6.noarch 389-ds-1.2.2-1.el6.noarch 389-ds-base-libs-1.2.11.15-85.el6_8.x86_64 389-admin-1.1.35-1.el6.x86_64 389-admin-console-1.1.8-1.el6.noarch 389-ds-base-1.2.11.15-85.el6_8.x86_64 [root@centos6 scripts]# cat test_passwd_history.ksh #!/bin/ksh #Ldap test passwd if it is expired or not - tng 20170226 ldapsearch -xLLL -ZZ -b dc=nnit '(&(uid=tnng))' passwordRetryCount passwordExpWarned accountUnlockTime passwordExpirationTime passwordHistory createtimestamp modifytimestamp retryCountResetTime passwordAllowChangeTime nsRoleDN ldappasswd -s 123 -w 12345678 -x -ZZ -D cn='directory manager' cn='Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit' [root@centos6 scripts]# ./test_passwd_history.ksh dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit passwordExpWarned: 0 passwordExpirationTime: 1970010100Z createtimestamp: 20170114110541Z modifytimestamp: 20170226085143Z [root@centos6 scripts]# ./test_passwd_history.ksh dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit passwordExpWarned: 0 passwordExpirationTime: 1970010100Z createtimestamp: 20170114110541Z modifytimestamp: 20170226091223Z [root@centos6 scripts]# ./test_passwd_history.ksh dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit passwordExpWarned: 0 passwordExpirationTime: 1970010100Z createtimestamp: 20170114110541Z modifytimestamp: 20170226091224Z [root@centos6 scripts]# policy [root@centos6 scripts]# ldapsearch -xLLL -ZZ -b cn='cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyContainer,ou=Infrastructure,dc=nnit' -s base '(&(objectclass=passwordpolicy))' dn: cn=cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyCon tainer,ou=Infrastructure,dc=nnit passwordStorageScheme: ssha passwordGraceLimit: 1 passwordChange: on passwordWarning: 86400 passwordMinAge: 0 passwordExp: on passwordMustChange: on passwordMaxAge: 86400 objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,ou=Infrastructure,dc=nnit Policy settings from GUI: www.chezmoi.dk/389-passwd-not-expire.png ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Re: Boot F25 live media in text mode
On 26 February 2017 at 15:44, Ian Pilcherwrote: > On 02/25/2017 08:46 PM, Ed Greshko wrote: >> >> Sorry Forgot to mention, I think this only works with the "netinst" >> image and not the live one. > > > Yeah. I found various links on how to do a text mode install, but > bupkis on booting live media in text mode. Uugh! > > Ultimately, I ended up doing a VNC install (getting the IP address from > the DHCP server log). Once I had that done, I was able to SSH in, > create a file in /etc/modprobe.d to blacklist the gma500_gfx module, and > rebuild the initramfs. It worked, but it *really* seems like there > should be a way to boot the live media in text mode. > IIUC, you could have blacklisted that module by adding the following to the kernel cmdline at boot: module_blacklist=gma500_gfx I checked and that module isn't included in the initrd in the Live (workstation) image, so the above command should work. c.f. https://www.kernel.org/doc/Documentation/admin-guide/kernel-parameters.txt -- Ahmad Samir ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On Sun, Feb 26, 2017 at 2:27 PM, Paul Smithwrote: >>> After doing the updates of today (selinux included), virtualbox stopped working: # /usr/lib/virtualbox/vboxdrv.sh setup vboxdrv.sh: Building VirtualBox kernel modules. vboxdrv.sh: Starting VirtualBox services. vboxdrv.sh: Building VirtualBox kernel modules. vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why. # Any ideas? >>> >>> >>> Vbox running fine here on a fully updated F25 system. >>> >>> The message you're getting says to use dmesg for more info... Did you >>> do that? >> >> Thanks, Ed. However, >> >> dmesg | grep vboxdrv >> >> returns nothing. > > But after doing > > dnf --allowerasing downgrade selinux-policy selinux-policy-targeted > > the reported problem disappears. Let me add that I am using Oracle VirtualBox (from http://www.virtualbox.org/): VirtualBox-5.1-5.1.14_112924_fedora25-1.x86_64 Paul ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On 02/26/17 22:27, Paul Smith wrote: > But after doing > > dnf --allowerasing downgrade selinux-policy selinux-policy-targeted > > the reported problem disappears. I just wanted to add to what I just posted. The system I thought was fully updated wasn't. After updating to the latest selinux policy I ran into the same error you did. This is my process I went through after the update [root@meimei ~]# rmmod vboxdrv rmmod: ERROR: Module vboxdrv is in use by: vboxnetadp vboxnetflt vboxpci [root@meimei ~]# rmmod vboxpci [root@meimei ~]# rmmod vboxnetadp [root@meimei ~]# rmmod vboxnetflt [root@meimei ~]# rmmod vboxdrv [root@meimei ~]# lsmod | grep vbox [root@meimei ~]# modprobe vboxdrv modprobe: ERROR: could not insert 'vboxdrv': Permission denied [root@meimei ~]# ausearch -c 'modprobe' --raw | audit2allow -M my-modprobe IMPORTANT *** To make this policy package active, execute: semodule -i my-modprobe.pp [root@meimei ~]# semodule -X 300 -i my-modprobe.pp [root@meimei ~]# modprobe vboxdrv [root@meimei ~]# -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On 02/26/17 22:27, Paul Smith wrote: > But after doing > > dnf --allowerasing downgrade selinux-policy selinux-policy-targeted > > the reported problem disappears. OK Then, after upgrading the selinux again and rebooting or rmmod what is already loaded Try ausearch -c 'modprobe' --raw | audit2allow -M my-modprobe semodule -X 300 -i my-modprobe.pp and then modprobe vboxdrv -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On Sun, Feb 26, 2017 at 2:18 PM, Paul Smithwrote: >> >>> After doing the updates of today (selinux included), virtualbox stopped >>> working: >>> >>> # /usr/lib/virtualbox/vboxdrv.sh setup >>> vboxdrv.sh: Building VirtualBox kernel modules. >>> vboxdrv.sh: Starting VirtualBox services. >>> vboxdrv.sh: Building VirtualBox kernel modules. >>> vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out >>> why. >>> # >>> >>> Any ideas? >> >> >> Vbox running fine here on a fully updated F25 system. >> >> The message you're getting says to use dmesg for more info... Did you >> do that? > > Thanks, Ed. However, > > dmesg | grep vboxdrv > > returns nothing. But after doing dnf --allowerasing downgrade selinux-policy selinux-policy-targeted the reported problem disappears. Paul ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On Sun, Feb 26, 2017 at 12:32 PM, Ed Greshkowrote: > >> After doing the updates of today (selinux included), virtualbox stopped >> working: >> >> # /usr/lib/virtualbox/vboxdrv.sh setup >> vboxdrv.sh: Building VirtualBox kernel modules. >> vboxdrv.sh: Starting VirtualBox services. >> vboxdrv.sh: Building VirtualBox kernel modules. >> vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out >> why. >> # >> >> Any ideas? > > > Vbox running fine here on a fully updated F25 system. > > The message you're getting says to use dmesg for more info... Did you > do that? Thanks, Ed. However, dmesg | grep vboxdrv returns nothing. Paul ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Boot F25 live media in text mode
On 02/25/2017 08:46 PM, Ed Greshko wrote: Sorry Forgot to mention, I think this only works with the "netinst" image and not the live one. Yeah. I found various links on how to do a text mode install, but bupkis on booting live media in text mode. Uugh! Ultimately, I ended up doing a VNC install (getting the IP address from the DHCP server log). Once I had that done, I was able to SSH in, create a file in /etc/modprobe.d to blacklist the gma500_gfx module, and rebuild the initramfs. It worked, but it *really* seems like there should be a way to boot the live media in text mode. -- Ian Pilcher arequip...@gmail.com "I grew up before Mark Zuckerberg invented friendship" ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: VirtualBox does not work after selinux update
On 02/26/17 19:37, Paul Smith wrote: > After doing the updates of today (selinux included), virtualbox stopped > working: > > # /usr/lib/virtualbox/vboxdrv.sh setup > vboxdrv.sh: Building VirtualBox kernel modules. > vboxdrv.sh: Starting VirtualBox services. > vboxdrv.sh: Building VirtualBox kernel modules. > vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out > why. > # > > Any ideas? Vbox running fine here on a fully updated F25 system. The message you're getting says to use dmesg for more info... Did you do that? -- Fedora Users List - The place to go to get others to do the work for you ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
VirtualBox does not work after selinux update
Dear All, After doing the updates of today (selinux included), virtualbox stopped working: # /usr/lib/virtualbox/vboxdrv.sh setup vboxdrv.sh: Building VirtualBox kernel modules. vboxdrv.sh: Starting VirtualBox services. vboxdrv.sh: Building VirtualBox kernel modules. vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why. # Any ideas? Thanks in advance, Paul ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org