Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 15:39, Frédéric Bron wrote:
>> So, you've said you are using the nVidia driver.  How did you install it?
> dnf install kernel-devel kernel-headers gcc dkms acpid
> dnf install akmod-nvidia xorg-x11-drv-nvidia "kernel-devel-uname-r ==
> $(uname -r)"

Well, the nvidia modules should be in

/usr/lib/modules/4.9.11-200.fc25.x86_64/extra/nvidia/nvidia.ko

It should have been build automatically

Check /var/cache/akmods/akmods.log for any errors.

.

I'm sending this even though you've now said you're on the wrong
system  I figured I typed enough so don't want to waste the
keystrokes.   :-) :-)

-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 15:40, Frédéric Bron wrote:
>>> modprobe nvidia?
>> modprobe: FATAL: Module nvidia not found in directory
>> /lib/modules/4.9.11-200.fc25.x86_64
> sorry, I was on the wrong computer. This is the right output:
>
> modprobe: ERROR: could not insert 'nvidia': Permission denied

OK

That is a symptom of not having the selinux-policy-3.13.1-225.11
packages installed.

So you need to do that...

And, now that you are on the right computer, the

"ausearch -c 'modprobe' --raw"

will probably show the AVC


-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
>> modprobe nvidia?
>
> modprobe: FATAL: Module nvidia not found in directory
> /lib/modules/4.9.11-200.fc25.x86_64

sorry, I was on the wrong computer. This is the right output:

modprobe: ERROR: could not insert 'nvidia': Permission denied
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
> So, you've said you are using the nVidia driver.  How did you install it?

dnf install kernel-devel kernel-headers gcc dkms acpid
dnf install akmod-nvidia xorg-x11-drv-nvidia "kernel-devel-uname-r ==
$(uname -r)"
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
> modprobe nvidia?

modprobe: FATAL: Module nvidia not found in directory
/lib/modules/4.9.11-200.fc25.x86_64
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: password not expire 389

2017-02-27 Thread tuan88 
h
>>passwordHistory is not set in your policy config, thus it is not beingen 
>>forced:
yes it is, i had set it the last many years
pls see the screendump in my first thread

Policy settings from GUI:
www.chezmoi.dk/389-passwd-not-expire.png

bt Tuan
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 15:10, Frédéric Bron wrote:
>> If you do "ausearch -c 'modprobe' --raw" you would see something
>> *similar* to this
> ausearch -c 'modprobe' --raw
>
> outputs nothing.
>

OK

So, you've said you are using the nVidia driver.  How did you install it?

And you've said "lsmod | grep nvidia" shows nothing?  

What happens if you do

modprobe nvidia?


-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
> If you do "ausearch -c 'modprobe' --raw" you would see something
> *similar* to this

ausearch -c 'modprobe' --raw

outputs nothing.

Frédéric
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 14:12, Frédéric Bron wrote:
>> Updates to plasma 5.8.6-2 and 5.8.6-3  as well as kf5 16.12.2-1 has
>> cleared up the problem for most, if not all, who have run into it.
> How do I get those from -testing?
> When everything will be cleaned, how will I switch back to standard 
> repository?
> Regards,

First make sure it isn't an selinux issue before going this route.  See
if you have an AVC record as indicated in another post.

-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 14:02, Frédéric Bron wrote:
>>> I am using the nvidia driver.
>> You also may have been bitten by an selinux bug.  Check to see if the
>> nvidia module has been loaded...
>>
>> lsmod | grep nvidia
> lsmod | grep nvidia
> gives nothing...
> ___

OK  Sounds like you're getting the selinux issue

If you do "ausearch -c 'modprobe' --raw" you would see something
*similar* to this

type=AVC msg=audit(1488120127.660:812): avc:  denied  { module_load }
for  pid=19921 comm="modprobe"
path="/usr/lib/modules/4.9.11-200.fc25.x86_64/misc/vboxdrv.ko"
dev="sda2" ino=2508326
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=system_u:object_r:modules_object_t:s0 tclass=system permissive=0

but with nvidia instead of vboxdrv being flagged.

See my other post for where to download the latest selinux policy packages.

-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 14:06, Frédéric Bron wrote:
>> Are these the versions you have installed?
>> selinux-policy-devel-3.13.1-225.11.fc25.noarch
>> selinux-policy-targeted-3.13.1-225.11.fc25.noarch
>> selinux-policy-doc-3.13.1-225.11.fc25.noarch
>> selinux-policy-sandbox-3.13.1-225.11.fc25.noarch
>> selinux-policy-3.13.1-225.11.fc25.noarch
> not exactly: they are all 3.13.1-225.10.
>

OK

It is supposed to be in updates-testing but I don't see them there as of
yet.

You can manually download and then install from here

https://koji.fedoraproject.org/koji/buildinfo?buildID=862494

-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
> Updates to plasma 5.8.6-2 and 5.8.6-3  as well as kf5 16.12.2-1 has
> cleared up the problem for most, if not all, who have run into it.

How do I get those from -testing?
When everything will be cleaned, how will I switch back to standard repository?
Regards,

Frédéric
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
> Are these the versions you have installed?
> selinux-policy-devel-3.13.1-225.11.fc25.noarch
> selinux-policy-targeted-3.13.1-225.11.fc25.noarch
> selinux-policy-doc-3.13.1-225.11.fc25.noarch
> selinux-policy-sandbox-3.13.1-225.11.fc25.noarch
> selinux-policy-3.13.1-225.11.fc25.noarch

not exactly: they are all 3.13.1-225.10.

Frédéric
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
>> I am using the nvidia driver.
> You also may have been bitten by an selinux bug.  Check to see if the
> nvidia module has been loaded...
>
> lsmod | grep nvidia

lsmod | grep nvidia
gives nothing...
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 13:52, Alex Gurenko wrote:
>  I have similar issues, with all latest packages selinux still gives
> all kind of errors including error in building module, modprobe and
> switching to nvidia graphics with bumblebee.
>  setenforce 0 allows to do all these things, but when I set it back,
> it unloads module...
>
Are these the versions you have installed?


selinux-policy-devel-3.13.1-225.11.fc25.noarch
selinux-policy-targeted-3.13.1-225.11.fc25.noarch
selinux-policy-doc-3.13.1-225.11.fc25.noarch
selinux-policy-sandbox-3.13.1-225.11.fc25.noarch
selinux-policy-3.13.1-225.11.fc25.noarch

-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Alex Gurenko 
 I have similar issues, with all latest packages selinux still gives all
kind of errors including error in building module, modprobe and switching
to nvidia graphics with bumblebee.
 setenforce 0 allows to do all these things, but when I set it back, it
unloads module...

*---*

*Yours truly, Alex*


On Tue, Feb 28, 2017 at 4:31 AM, Ed Greshko  wrote:

> On 02/28/17 01:00, Frédéric Bron wrote:
> > I am using the nvidia driver.
>
>
> You also may have been bitten by an selinux bug.  Check to see if the
> nvidia module has been loaded...
>
> lsmod | grep nvidia
>
> If not...see https://bugzilla.redhat.com/show_bug.cgi?id=1426906 and get
> the latest selinux policy packages
>
> --
> Fedora Users List - The place to go to get others to do the work for you
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: running ssh/remote cmd in the background

2017-02-27 Thread bruce 
On Mon, Feb 27, 2017 at 2:56 PM, Rick Stevens  wrote:
> On 02/27/2017 11:35 AM, Jon LaBadie wrote:
>> On Mon, Feb 27, 2017 at 09:41:11AM -0800, Rick Stevens wrote:
>>> On 02/26/2017 12:34 PM, bruce wrote:
 Hey Jon...

 You are absolutely correct.. if the parent ssh terminates.. the remote
>> ...
>>>
>>> Jon, we try not to top-post here. Just a nudge.
>>
>> I didn't Rick, you attributed the above incorrectly.
>>
>>>
>>> If you are using ssh to spawn a remote screen session that runs a
>>> command in the background it should work just fine, e.g.:
>>>
>>>  ssh user@remote "screen command-to-run args &"
>>
>> I replied to the original post and the screen command was never mentioned.
>
> OOPS! My mistake. I should have poked Bruce. Sorry, Jon.

hey... no poking in here!!!

> --
> - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
> - AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
> --
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 01:00, Frédéric Bron wrote:
> I am using the nvidia driver.


You also may have been bitten by an selinux bug.  Check to see if the
nvidia module has been loaded...

lsmod | grep nvidia

If not...see https://bugzilla.redhat.com/show_bug.cgi?id=1426906 and get
the latest selinux policy packages

-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Ed Greshko 
On 02/28/17 01:00, Frédéric Bron wrote:
> I am using a fresh updated install with kernel 4.9.11.
> The system starts but comes to a black screen. I am only able to login
> in text mode with Ctrl+Alt+F2.
>
> I tried to start with older kernels since I started to have some
> issues with 4.9.9 but I have now only 4.9.9, 4.9.10 and 4.9.11 and all
> give the same black screen. I have not 4.9.8 anymore in the list.
>
> I am using the nvidia driver.
>
> What should I do?

What versions of the plasma-* and kf5-* packages are you running?

If you check over at the KDE mailing list you'll find a discussion on
the issue you describe. 

Updates to plasma 5.8.6-2 and 5.8.6-3  as well as kf5 16.12.2-1 has
cleared up the problem for most, if not all, who have run into it.

Not sure if these have been pushed to stable as of yet.  But you could
enable updates-testing and they should be there.

-- 
Fedora Users List - The place to go to get others to do the work for you
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[389-users] Re: password not expire 389

2017-02-27 Thread Mark Reynolds 


On 02/26/2017 10:57 AM, tua...@gmail.com wrote:
> Hi
> with the new 1.2.2-1 389* the user can resure the same password Again & 
> Again, the passwordhistory stop to Work and not showing anymore. 
passwordHistory is not set in your policy config, thus it is not being
enforced:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/User_Account_Management.html#Managing_the_Password_Policy-Configuring_a_Local_Password_Policy




> see my test below. It is the first time i get this kind of issue
>
> [root@centos6 ~]# rpm -qa|grep 389
> 389-console-1.1.7-1.el6.noarch
> 389-adminutil-1.1.19-1.el6.x86_64
> 389-ds-console-1.2.6-1.el6.noarch
> 389-ds-1.2.2-1.el6.noarch
> 389-ds-base-libs-1.2.11.15-85.el6_8.x86_64
> 389-admin-1.1.35-1.el6.x86_64
> 389-admin-console-1.1.8-1.el6.noarch
> 389-ds-base-1.2.11.15-85.el6_8.x86_64
>
>
> [root@centos6 scripts]# cat test_passwd_history.ksh
> #!/bin/ksh
> #Ldap test passwd if it is expired or not - tng 20170226
>  ldapsearch -xLLL -ZZ -b dc=nnit '(&(uid=tnng))' passwordRetryCount 
> passwordExpWarned accountUnlockTime passwordExpirationTime passwordHistory 
> createtimestamp modifytimestamp retryCountResetTime passwordAllowChangeTime 
> nsRoleDN
> ldappasswd -s 123 -w 12345678 -x -ZZ -D cn='directory manager' cn='Tuan 
> Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit'
>
> [root@centos6 scripts]# ./test_passwd_history.ksh
> dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit
> passwordExpWarned: 0
> passwordExpirationTime: 1970010100Z
> createtimestamp: 20170114110541Z
> modifytimestamp: 20170226085143Z
> [root@centos6 scripts]# ./test_passwd_history.ksh
> dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit
> passwordExpWarned: 0
> passwordExpirationTime: 1970010100Z
> createtimestamp: 20170114110541Z
> modifytimestamp: 20170226091223Z
> [root@centos6 scripts]# ./test_passwd_history.ksh
> dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit
> passwordExpWarned: 0
> passwordExpirationTime: 1970010100Z
> createtimestamp: 20170114110541Z
> modifytimestamp: 20170226091224Z
> [root@centos6 scripts]#
>
> policy
> [root@centos6 scripts]# ldapsearch -xLLL -ZZ -b 
> cn='cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyContainer,ou=Infrastructure,dc=nnit'
>  -s base '(&(objectclass=passwordpolicy))'
> dn: cn=cn\3DnsPwPolicyEntry\2Cou\3DInfrastructure\2Cdc\3Dnnit,cn=nsPwPolicyCon
>  tainer,ou=Infrastructure,dc=nnit
> passwordStorageScheme: ssha
> passwordGraceLimit: 1
> passwordChange: on
> passwordWarning: 86400
> passwordMinAge: 0
> passwordExp: on
> passwordMustChange: on
> passwordMaxAge: 86400
> objectClass: ldapsubentry
> objectClass: passwordpolicy
> objectClass: top
> cn: cn=nsPwPolicyEntry,ou=Infrastructure,dc=nnit
>
> Policy settings from GUI:
> www.chezmoi.dk/389-passwd-not-expire.png
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

[389-users] Re: password not expire 389

2017-02-27 Thread tuan88 
hi William
thanks

I try your suggestion, still the same issue. I can use the same password Again 
and Again. Ok we have another instance which doesn't had 75ppolicy.ldif, it 
might be one of my old test.

I expect a few lines like this, but still none. What can it be.

passwordHistory: 20120406112810Z{MD5}n4FvoktOtH67j1hq0pOE7A==
passwordHistory: 20120408114445Z{MD5}gHyopyulMLfEujDGXVT+Qg==
passwordHistory: 20120409073023Z{MD5}yJg78a58b3n+TOrb/vdG5w==
passwordHistory: 20120409150444Z{crypt}mpnaRmjC9mcbw 

export from the database
# entry-id: 35
dn: cn=Tuan Nguyen,cn=unixtek,ou=Infrastructure,dc=nnit
passwordExpWarned: 0
passwordExpirationTime: 1970010100Z
passwordGraceUserTime: 0
modifyTimestamp: 20170227211857Z
modifiersName: cn=server,cn=plugins,cn=config
userPassword:: e1NTSEF9cVRnVG5BU3hlY1F0S2VDeVYweVZGVDRMU0dnam1raHJrUzIza3c9PQ=
 =
cn: Tuan Nguyen
gidNumber: 804
homeDirectory: /home/tnng
loginShell: /bin/bash
objectClass: top
objectClass: posixaccount
uidNumber: 1234
uid: tnng
creatorsName: cn=directory manager
createTimestamp: 20170114110541Z
nsUniqueId: 449d3501-da4911e6-9d7ddec4-bc02e5f0

br Tuan
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Re: running ssh/remote cmd in the background

2017-02-27 Thread Rick Stevens 
On 02/27/2017 11:35 AM, Jon LaBadie wrote:
> On Mon, Feb 27, 2017 at 09:41:11AM -0800, Rick Stevens wrote:
>> On 02/26/2017 12:34 PM, bruce wrote:
>>> Hey Jon...
>>>
>>> You are absolutely correct.. if the parent ssh terminates.. the remote
> ...
>>
>> Jon, we try not to top-post here. Just a nudge.
> 
> I didn't Rick, you attributed the above incorrectly.
> 
>>
>> If you are using ssh to spawn a remote screen session that runs a
>> command in the background it should work just fine, e.g.:
>>
>>  ssh user@remote "screen command-to-run args &"
> 
> I replied to the original post and the screen command was never mentioned.

OOPS! My mistake. I should have poked Bruce. Sorry, Jon.
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: running ssh/remote cmd in the background

2017-02-27 Thread Jon LaBadie 
On Mon, Feb 27, 2017 at 09:41:11AM -0800, Rick Stevens wrote:
> On 02/26/2017 12:34 PM, bruce wrote:
> > Hey Jon...
> > 
> > You are absolutely correct.. if the parent ssh terminates.. the remote
...
> 
> Jon, we try not to top-post here. Just a nudge.

I didn't Rick, you attributed the above incorrectly.

> 
> If you are using ssh to spawn a remote screen session that runs a
> command in the background it should work just fine, e.g.:
> 
>   ssh user@remote "screen command-to-run args &"

I replied to the original post and the screen command was never mentioned.

Jon
-- 
Jon H. LaBadie  jo...@jgcomp.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: running ssh/remote cmd in the background

2017-02-27 Thread Tom Horsley 
On Mon, 27 Feb 2017 09:41:11 -0800
Rick Stevens wrote:

> If you are using ssh to spawn a remote screen session that runs a
> command in the background it should work just fine

Unless, of course, your ssh agent is being forwarded from way back
on the host system and you need the agent to be active so commands
that will be started during the background run will have access to
the keys (just one obscure complication that can happen with ssh :-).

Probably doesn't happen often, but it can be quite confusing when
it does.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
> Did you blacklist the nouveau drivers from the kernel argument?

I do not know how to do that.

Frédéric
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: [F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Earl A Ramirez 
>
>
>
> I am using the nvidia driver.
>
>
Did you blacklist the nouveau drivers from the kernel argument?
-- 
Kind Regards
Earl Ramirez
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Odd ping problem

2017-02-27 Thread Rick Stevens 
On 02/27/2017 08:01 AM, Gary Stainburn wrote:
> On Friday 24 February 2017 18:51:54 Rick Stevens wrote:
>> The most common issue with this sort of thing is ARP and/or route
>> confusion. You have a machine with two interfaces on the same network.
>> Try doing this as root on zeppo (the machine with two interfaces):
>>
>>  echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
>>  echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
>>
>> And try your pings again. If that solves your problem, add these lines
>> to your /etc/sysctl.conf file:
>>
>>  # needed for two NICs on the same network
>>  net.ipv4.conf.all.arp_ignore = 1
>>  net.ipv4.conf.all.arp_announce = 2
>>
>> That will make them effective on a reboot. If that doesn't fix your
>> issue, reset the values via:
>>
>>  echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
>>  echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
> 
> Thanks for the advice Rick. Unfortunately, that didn't work, but tidying up 
> the network settings did.  I changed the WiFi from DHCP to manual, and 
> removed the second LAN IP address, and the problem went away

That would clean it up, yes. What I recommended are settings we use
when we set up clusters of servers on load balancers using DSR (direct
server return). The main problem you had is that you had two different
physical NICs on the same network, without specifying a "master" NIC
that would respond to pings and such.

If you must have two NICs on the same network, have a look at this
kernel documentation:

arp_announce - INTEGER
Define different restriction levels for announcing the local
source IP address from IP packets in ARP requests sent on
interface:
0 - (default) Use any local address, configured on any interface
1 - Try to avoid local addresses that are not in the target's
subnet for this interface. This mode is useful when target
hosts reachable via this interface require the source IP
address in ARP requests to be part of their logical network
configured on the receiving interface. When we generate the
request we will check all our subnets that include the
target IP and will preserve the source address if it is from
such subnet. If there is no such subnet we select source
address according to the rules for level 2.
2 - Always use the best local address for this target.
In this mode we ignore the source address in the IP packet
and try to select local address that we prefer for talks with
the target host. Such local address is selected by looking
for primary IP addresses on all our subnets on the outgoing
interface that include the target IP address. If no suitable
local address is found we select the first local address
we have on the outgoing interface or on all other interfaces,
with the hope we will receive reply for our request and
even sometimes no matter the source IP address we announce.

The max value from conf/{all,interface}/arp_announce is used.

Increasing the restriction level gives more chance for
receiving answer from the resolved target while decreasing
the level announces more valid sender's information.

arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses

The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-   Let us think the unthinkable. Let us do the undoable. Let us -
-   prepare to grapple with the ineffable itself, and see if we may  -
-  not eff it up after all.  -
- -- Douglas Adams   -
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to

Re: running ssh/remote cmd in the background

2017-02-27 Thread Rick Stevens 
On 02/26/2017 12:34 PM, bruce wrote:
> Hey Jon...
> 
> You are absolutely correct.. if the parent ssh terminates.. the remote
> process would "die".. In my use case, the remote process being fired
> off is actually being run under a remote "Screen" session, so it had
> better survive the ssh terminating!! (In testing, this has worked, so
> I have no reason to think the background process would be any
> different!

Jon, we try not to top-post here. Just a nudge.

If you are using ssh to spawn a remote screen session that runs a
command in the background it should work just fine, e.g.:

ssh user@remote "screen command-to-run args &"

ssh should log in and start the screen command with the given command
and args in the background, although there's really no need to
background if you use screen. Just run screen with the detached options:

ssh user@remote "screen -d -m -S session-name command args"

that launches "command" in a detached screen session on the remote
machine and gives the session the name "session-name". This can be
attached to by logging into the remote machine and doing "screen -r"
(if that's the only screen session running" or
"screen -r session-name.pid" (if there are multiple screen sessions).

I use this method all the time. You might also look at pdsh/dshbak if
you're going to poke a bunch of machines at once (sorta like
clusterssh, but not interactive).

> On Sun, Feb 26, 2017 at 2:17 PM, Jon LaBadie  wrote:
>> On Sun, Feb 26, 2017 at 06:40:50PM +0100, Joachim Backes wrote:
>>> On 02/26/17 18:08, bruce wrote:
 Morn guys...

 The following works as a test ssh to fire off a remote cmd. However it
 waits for the cmd to complete befor returning. I'm looking to run th
 cmd as a background on the local/calling instance. Ultimaely, I'll be
 testing this from py/php scripts.

 ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l'

 -would the following work?

 ssh -t user1@67.205.151.05 'cat /cloud/hash2.dat | wc -l' &
>>>
>>> It runs the (complete) local ssh cmd (including it's parameters) locally in
>>> background. If you want to run the remote cmd in background
>>> (cat /cloud/hash2.dat | wc -l) you must add the "&" before the closing "'"
>>> and not after.
>>>
>>> But this means your ssh command likely may exit before the remote cmd
>>> finishes. Is this reasonable?
>>>
>>> Kind regards
>>>
>>> Joachim Backes
>>
>> Two other considerations:
>>
>> Where is the output from the pipeline sink (wc -l in this case)
>> going to go?  Without the ssh connection, it will go to stdout,
>> either closed or set to /dev/null.
>>
>> When the ssh connection terminates, I suspect its children
>> processes on the remote to receive the "Hang UP" (your parent
>> has died) signal and will likely commit suicide.
>>
>> Jon
>> --
>> Jon H. LaBadie  jo...@jgcomp.com
>> ___
>> users mailing list -- users@lists.fedoraproject.org
>> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> 


-- 
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-   What is a "free" gift?  Aren't all gifts free?   -
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: VirtualBox does not work after selinux update

2017-02-27 Thread Paul Smith 
On Sun, Feb 26, 2017 at 11:13 PM, Ed Greshko  wrote:
>
>>> Let me add that I am using Oracle VirtualBox (from 
>>> http://www.virtualbox.org/):
>>>
>>> VirtualBox-5.1-5.1.14_112924_fedora25-1.x86_64
>> As am I
>>
>> The procedure I gave you will get you going as I did me.
>>
>> I'll report this against selinux soon.
>>
> A bugzilla had already been created.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1426906

Thanks, Ed, for the information. The

selinux-policy

update mentioned in the bug report fixes the problem for me.

Paul
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

[F25, KDE] Cannot start login manager anymore

2017-02-27 Thread Frédéric Bron 
Hi,

I am using a fresh updated install with kernel 4.9.11.
The system starts but comes to a black screen. I am only able to login
in text mode with Ctrl+Alt+F2.

I tried to start with older kernels since I started to have some
issues with 4.9.9 but I have now only 4.9.9, 4.9.10 and 4.9.11 and all
give the same black screen. I have not 4.9.8 anymore in the list.

I am using the nvidia driver.

What should I do?

Frédéric
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Odd ping problem

2017-02-27 Thread Gary Stainburn 
On Friday 24 February 2017 18:51:54 Rick Stevens wrote:
> The most common issue with this sort of thing is ARP and/or route
> confusion. You have a machine with two interfaces on the same network.
> Try doing this as root on zeppo (the machine with two interfaces):
>
>   echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
>   echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
>
> And try your pings again. If that solves your problem, add these lines
> to your /etc/sysctl.conf file:
>
>   # needed for two NICs on the same network
>   net.ipv4.conf.all.arp_ignore = 1
>   net.ipv4.conf.all.arp_announce = 2
>
> That will make them effective on a reboot. If that doesn't fix your
> issue, reset the values via:
>
>   echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
>   echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce

Thanks for the advice Rick. Unfortunately, that didn't work, but tidying up 
the network settings did.  I changed the WiFi from DHCP to manual, and 
removed the second LAN IP address, and the problem went away
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

RE: automatically restart ethernet ?

2017-02-27 Thread J.Witvliet 


From: Greg Woods [mailto:wo...@ucar.edu]
Sent: zaterdag 25 februari 2017 20:45
To: Community support for Fedora users
Subject: Re: automatically restart ethernet ?


On Sat, Feb 25, 2017 at 11:39 AM, fred roller 
> wrote:
Look into "heartbeat".

"heartbeat" has been deprecated for several years now and is no longer 
supported. There are no longer heartbeat packages in the F25 repos. The 
supported way to do HA on Linux is now corosync with pacemaker. But this is a 
pretty big thing to swallow just for restarting a net connection. You might 
want to try a script that you can run more often than hourly that first checks 
to see if the net is up (maybe with a ping to your default gateway?), and only 
restarts NetworkManager if it's not. There are also other monitoring 
applications such as "monit", but that's a pretty complex beast as well.

I presume you've looked into why your server keeps losing the net connection? 
That could be a bad cable, a bad switch port, or a bad NIC. Hardware issues 
tend to get worse over time; if that's what it is, even a cron kludge may 
eventually not work any more.

--Greg
Pinging a local machine should tell you when machines become unreachable, 
probably because of a network failure.

But, as said before, it only treat consequences, not the real cause. Perhaps 
you should focus on that.
Why does restarting NM help? To bring the interface up again? Did it loose its 
IP-address for some reason? Duplications?
Did you consider / try a fixed IP-address?

Hans

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org