date:20210416

[389-users] Re: How do I change the root password storage scheme to CRYPT-SHA512 through dsconf?

2021-04-16 Thread Chris Spike

> dsconf slapd-YOUR_INSTANCE directory_manager password_change --> this 
> will prompt you for the new password

That did the trick, thanks a lot!

It also made me curious how the actual format for 'nsslapd-rootpw' was and it 
turns out I wasn't off with '{crypt}$6$...':

# dsconf localhost config get | grep rootpw
nsslapd-rootpw: 
{crypt}.mR.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/
nsslapd-rootpwstoragescheme: CRYPT-SHA512

However, I noticed that the hash was not what I fed into dsconf. So it turns 
out that one _can_ set the rootpw through dsconf but it has to be in plain text:

# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 
nsslapd-rootpw="secret"
Successfully replaced "nsslapd-rootpwstoragescheme"
Successfully replaced "nsslapd-rootpw"
# dsconf localhost config get | grep rootpw
nsslapd-rootpw: 
{crypt}$6$bW$Gea8I1Xoi.zkkGWBvrIxIm41G3/90hX2L4H3hMt18js7VzkT14YNuNtY4Ueao181O/MfPuPn4TmyQFcGZIThI.
nsslapd-rootpwstoragescheme: CRYPT-SHA512

Since I'd like to change the password non-interactively this seems a bit easier 
than fiddling around with 'dsconf slapd-YOUR_INSTANCE directory_manager 
password_change' which doesn't seem to have an option to read the password from 
stdin?

I did some more research and switching from PBKDF2_SHA256 to CRYPT-SHA512 
probably has no significant security benefit anyway so in the end this was a 
bit of an academic exercise. If someone has an opinion on that, I'd be 
interested to hear that though.

Thanks again Mark for your quick help.

Cheers!
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread home user


On 4/16/21 8:51 PM, Tim via users wrote:

On Fri, 2021-04-16 at 11:27 -0500, Roger Heflin wrote:

given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a
while in gthumb and similar tools.


The file browsers on Gnome/MATE haven't been able to create thumbnails
for video files on my computers in many years.  Nothing that I tried
made it work again, and I gave up long ago.

It was a handy feature being able to see some image inside of a
stupidly named video file, to work out which was which.


My experience is that sometimes I do get images from the video, and 
sometimes I just get a right-pointing arrow centered in an old-fashioned 
CRT TV screen.  I haven't been able to discern a pattern as to when I 
get which.  I do notice that the odds of getting pictures is better when 
the display is in grid mode rather than list mode.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread Tim via users

On Fri, 2021-04-16 at 11:27 -0500, Roger Heflin wrote:
> given a video file and an png file to output it fails on my system
> also (and that is with selinux as permissive and as root, so it seems
> to have many issues and is simply broken in most if not all use
> cases), and I don't know that I have seen a video thumbnail in a
> while in gthumb and similar tools.

The file browsers on Gnome/MATE haven't been able to create thumbnails
for video files on my computers in many years.  Nothing that I tried
made it work again, and I gave up long ago.

It was a handy feature being able to see some image inside of a
stupidly named video file, to work out which was which.

-- 

uname -rsvp
Linux 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64

Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko


On 17/04/2021 03:51, Doug H. wrote:

Nice. That shows that the "glue" record*is*  there after all. The results from 
that site got me to realize that this will give the IP:


dig @b.gtld-servers.net ws.linuxlighthouse.com

[snip]
;; ADDITIONAL SECTION:
ns3.attdns.com. 172800  IN  A   144.160.20.47
ws.linuxlighthouse.com. 172800  IN  A   108.220.213.121


Yet, no matter what he does, if his NameServer is 108.220.213.121 then having 
this

PORT   STATE  SERVICE VERSION
53/udp closed domain
53/tcp  closed domain

is still a problem.

--
Remind me to ignore comments which aren't germane to the thread.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread home user

On 4/16/21 10:27 AM, Roger Heflin wrote:

That matches what Ed had called out that it was a GL* command.

I guess that also tells you why you did not notice the failing..

given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a while
in gthumb and similar tools.

And that tool seems to be very complicated for just creating a
thumbnail as it connects to X and pulseaudio and GLX, I am guessing
someone took a gui app and made it work to generate one.  I sure
whoever decided to use this tool only knew about the this way to
generate a thumbnail.   And the saying goes if the only tool you have
is a hammer then everything looks like a nail.

For creating a thumbnail ffmpeg and/or mplayer would seem better, but
maybe that is not default on the systems.  I might see if I can create
a script that would get used in gthumb as this tells me why I get no
thumbnails.

What I think you're saying, and my impression even apart from your post, 
is that we can't realistically solve this SELinux alert problem.  This 
problem really has had me baffled.  The SELinux alerts seem to be false 
alarms; caja does what I want to do, and I can do those things other 
ways also.  So I'm inclined to go with what Ed said Tuesday:

> But if you're not having any problems it would be something
> that I'd ignore.

For what it's worth:
* I saw no SELinux alerts when trying totem-video-thumbnailer in the 
command line.  I forgot to mention this in this morning's post.
* I found this morning that SELinux alerts can show up when doing file 
renaming after having run Files in the same login session.  So Files 
does not stop further caja SELinux alerts.

* I patched my workstation (dnf upgrade) yesterday.

On Fri, Apr 16, 2021 at 10:27 AM home user  wrote:

On 4/16/21 5:41 AM, Roger Heflin wrote:

It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.

It has an extension of .mkv so it thinks it is a video file or is it
something else?

It is a video file.

the command was:
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"

It truncated the filenames, but you could test run the command and see
what it does from the command line.  The first filename is the input
file, the 2nd one is the output of the thumbnail.

bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv
KhongWeeHo_20160327.png
X Error of failed request:  BadValue (integer parameter out of range for
operation)
Major opcode of failed request:  151 (GLX)
Minor opcode of failed request:  3 (X_GLXCreateContext)
Value in failed request:  0x0
Serial number of failed request:  63
Current serial number in output stream:  64
bash.3[~]:

I also tried an mp4 video file that I have.  Same result.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko


On 17/04/2021 02:12, Jack Craig wrote:

*
[jackc@ws ~ $ ping -c 3 ws.linuxlighthouse.com 
PING ws (10.0.0.101) 56(84) bytes of data.
64 bytes from ws (10.0.0.101): icmp_seq=1 ttl=64 time=0.083 ms
64 bytes from ws (10.0.0.101): icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from ws (10.0.0.101): icmp_seq=3 ttl=64 time=0.067 ms*

*wrong!!  let  me clean these up and see how far that gets me
*
*thanks again for all your help
*
*I am getting there slow but sure*


Why is that "wrong"?  I thought ws.linuxlighthouse.com had an internal ip 
adderss
of 10.0.0.101 and an external one of 108.220.213.121.  You bash prompt appears
to be on that host.  So, you are "internal".

Much meimei below which is internal to my network.

[egreshko@meimei ~]$ host meimei
meimei.greshko.com has address 192.168.1.18
meimei.greshko.com has IPv6 address 2001:b030:112f::140e

[egreshko@meimei ~]$ ping -4 meimei
PING  (192.168.1.18) 56(84) bytes of data.
64 bytes from meimei.greshko.com (192.168.1.18): icmp_seq=1 ttl=64 time=0.063 ms
64 bytes from meimei.greshko.com (192.168.1.18): icmp_seq=2 ttl=64 time=0.086 ms
64 bytes from meimei.greshko.com (192.168.1.18): icmp_seq=3 ttl=64 time=0.056 ms

But, when viewed from outside of my network.

[egreshko@acer ~]$ host meimei
meimei.greshko.com has address 211.75.128.214
meimei.greshko.com has IPv6 address 2001:b030:112f::140e

[egreshko@acer ~]$ ping -4 meimei
PING  (211.75.128.214) 56(84) bytes of data.
64 bytes from 211-75-128-214.HINET-IP.hinet.net (211.75.128.214): icmp_seq=1 
ttl=64 time=0.575 ms
64 bytes from 211-75-128-214.HINET-IP.hinet.net (211.75.128.214): icmp_seq=2 
ttl=64 time=0.598 ms
64 bytes from 211-75-128-214.HINET-IP.hinet.net (211.75.128.214): icmp_seq=3 
ttl=64 time=0.477 ms


--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Doug H.

On Fri, Apr 16, 2021, at 10:56 AM, Ed Greshko wrote:
> On 16/04/2021 17:19, Ed Greshko wrote:
> > On 16/04/2021 10:35, Jack Craig wrote:
> >> First I get my static IP from AT actually a block of eight addresses of 
> >> which only the first do they agree to pass through.
> >>
> >
> > BTW, if you are hosting the DNS server and if your DNS server has the IP 
> > address of 108.220.213.121 then
> > this could be a problem.
> >
> > Running nmap against that IP
> >
> > PORT   STATE  SERVICE VERSION
> > 53/udp closed domain
> > 53/tcp  closed domain
> >
> >
> 
> You should also check the output from here.
> 
> https://intodns.com/linuxlighthouse.com


Nice. That shows that the "glue" record *is* there after all. The results from 
that site got me to realize that this will give the IP:

>dig @b.gtld-servers.net ws.linuxlighthouse.com

[snip]
;; ADDITIONAL SECTION:
ns3.attdns.com. 172800  IN  A   144.160.20.47
ws.linuxlighthouse.com. 172800  IN  A   108.220.213.121
[snip]



-- 
Doug Herr
fedoraproject@wombatz.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Canon MF642Cdw works as expected on F32 but fails on F33

2021-04-16 Thread George N. White III

On Fri, 16 Apr 2021 at 12:22,  wrote:

> I was able to print and scan from Fedora 32 but when I upgraded to Fedora
> 33,
> cups shows "waiting for printer to become available".
>
> I am using the driver from Canon: linux-UFRII-drv-v520-usen-05.tar.gz.
>

> The install.sh that is included looks for the following packages:
> libjpeg-turbo
> beecrypt
> beecrypt-devel
> libglade2
> jbigkit-libs
> libgcrypt
> libgcrypt-devel
> which are installed and current, and all the above packages have had a
> point
> increase.
>
> The install.sh also states that Fedora is supported.
>
> Looking at the jobs page first message is "Rendering is complete", then
> "Waiting for printer to become available".
>
> I called Canon and was told that the driver was not 100% Canon code and
> that
> it was unknown when a updated driver would be available. The current driver
> was released in 09/2020.
>
> Any ideas on how to fix or work around,
>

From:
https://gdlp01.c-wss.com/gds/4/0300029834/08/linux-UFRII-drv-v530-ug-uken.pdf
Fedora 33.

The driver has been confirmed to operate in the following operating systems.

Debian 8.11 (Intel/AMD 32-bit/64-bit)
Debian 10.6 (Intel/AMD 32-bit/64-bit, ARM 64-bit)
Fedora 30 (Intel/AMD 32-bit/64-bit)
Fedora 33 (Intel/AMD 64-bit, ARM 64-bi
[...]

The newest driver software is posted on the Canon web site. Please verify
the operating
environment etc.and download the appropriate software as required.
Canon Global Site: https://global.canon/

-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: Forbidden uid?

2021-04-16 Thread Mark Reynolds

You can create aci's that restrict specific DN's from doing specific 
actions like ADD.  Is that what you mean?  If so, look at the Admin 
guide for more information:


https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control

HTH,

Mark

On 4/16/21 10:49 AM, Jan Tomasek wrote:

Hi,

is there a way how to provide 389DS with list of forbidden uid to 
prevent creating such user? For example 'root', 'sys', ...


Thanks

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure


--

389 Directory Server Development Team

___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Jack Craig

ok, now we are getting somewhere!

So of the two servers that are listed the primary one, mine, does not
respond


 the secondary from AT is not responsive

 finally as you'll see below pinging t

Internal DNS is being returned as the external DNS number, that's a third
thing I need to fix up.

So I need to find out what's the correct AT DNS reference that I should
be using and
second I need to fix my own DNS so that I return the external not the
internal IP

Retest with improved  DNS parsing  method, thx again..



ping -c 3 108.220.213.121
PING 108.220.213.121 (108.220.213.121) 56(84) bytes of data.
64 bytes from 108.220.213.121: icmp_seq=1 ttl=64 time=1.51 ms
64 bytes from 108.220.213.121: icmp_seq=2 ttl=64 time=0.850 ms
64 bytes from 108.220.213.121: icmp_seq=3 ttl=64 time=1.35 ms

--- 108.220.213.121 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.850/1.236/1.513/0.281 ms
[jackc@ws ~ $ ping -c 3 ns3.attdns.com
PING ns3.attdns.com (144.160.20.47) 56(84) bytes of data.

--- ns3.attdns.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2038ms





*[jackc@ws ~ $ ping -c 3 ws.linuxlighthouse.com
PING ws (10.0.0.101) 56(84) bytes of data.64
bytes from ws (10.0.0.101): icmp_seq=1 ttl=64 time=0.083 ms64 bytes from ws
(10.0.0.101): icmp_seq=2 ttl=64 time=0.062 ms64 bytes from ws (10.0.0.101):
icmp_seq=3 ttl=64 time=0.067 ms*


*wrong!!  let  me clean these up and see how far that gets me *

*thanks again for all your help *

*I am getting there slow but sure*

--- ws ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2038ms
rtt min/avg/max/mdev = 0.062/0.070/0.083/0.009 ms



On Fri, Apr 16, 2021 at 8:25 AM Doug H. 
wrote:

> On Thu, Apr 15, 2021, at 11:00 AM, Jack Craig wrote:
> > hi list,
> >
> > so my bind config has apparently not worked despite my dig'ing.
> >
> > an external config checker says it finds no valid IP' for
> > linuxlighthouse.com, i am failing http challenge.
>
> Others have given good answers, but let me show you how I parse it...
>
> >whois linuxlighthouse.com | grep ^Name
> Name Server: WS.LINUXLIGHTHOUSE.COM
> Name Server: NS3.ATTDNS.COM
>
> First one is not useful since it lives inside the domain. See:
> https://ns1.com/blog/glue-records-and-dedicated-dns
>
> So I check the other one:
>
> >dig @NS3.ATTDNS.COM linuxlighthouse.com any
>
> ; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM
> linuxlighthouse.com any
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 19251
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;linuxlighthouse.com.   IN  ANY
>
> ;; Query time: 110 msec
> ;; SERVER: 2001:1890:1c00:5323::c:3#53(2001:1890:1c00:5323::c:3)
> ;; WHEN: Fri Apr 16 07:59:10 PDT 2021
> ;; MSG SIZE  rcvd: 48
>
> Note the part "WARNING: recursion requested but not available", so it is
> saying that it is not authoritative for that domain.
>
> So I check to see that it is the auth for its own domain:
>
> >dig @NS3.ATTDNS.COM ATTDNS.COM any
>
> ; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM ATTDNS.COM
> any
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62918
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 9
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;ATTDNS.COM.IN  ANY
>
> ;; ANSWER SECTION:
> ATTDNS.COM. 28800   IN  SOA ns0.ATTDNS.COM.
> eiss-dns.att.COM. 2021033001 3600 1800 2592000 300
> ATTDNS.COM. 28800   IN  NS  ns1.ATTDNS.COM.
> ATTDNS.COM. 28800   IN  NS  ns3.ATTDNS.COM.
> ATTDNS.COM. 28800   IN  NS  ns4.ATTDNS.COM.
> ATTDNS.COM. 28800   IN  NS  ns2.ATTDNS.COM.
> ATTDNS.COM. 600 IN  MX  10
> mx0b-00191d01.pphosted.COM.
> ATTDNS.COM. 600 IN  MX  10
> mx0a-00191d01.pphosted.COM.
>
> ;; ADDITIONAL SECTION:
> ns1.ATTDNS.COM. 28800   IN  2001:1890:1286:320::c:2
> ns2.ATTDNS.COM. 28800   IN  2001:1890:1c00:3320::c:3
> ns3.ATTDNS.COM. 28800   IN  2001:1890:1c00:5323::c:3
> ns4.ATTDNS.COM. 28800   IN  2001:1890:1c00:6320::c:6
> ns1.ATTDNS.COM. 28800   IN  A   144.160.112.22
> ns2.ATTDNS.COM. 28800   IN  A   144.160.128.140
> ns3.ATTDNS.COM. 28800   IN  A   144.160.20.47
> ns4.ATTDNS.COM. 28800   IN  A   144.160.229.11
>
> ;; Query time: 97 msec
> ;; SERVER:

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko


On 16/04/2021 17:19, Ed Greshko wrote:

On 16/04/2021 10:35, Jack Craig wrote:

First I get my static IP from AT actually a block of eight addresses of which 
only the first do they agree to pass through.



BTW, if you are hosting the DNS server and if your DNS server has the IP 
address of 108.220.213.121 then
this could be a problem.

Running nmap against that IP

PORT   STATE  SERVICE VERSION
53/udp closed domain
53/tcp  closed domain




You should also check the output from here.

https://intodns.com/linuxlighthouse.com

--
Remind me to ignore comments which aren't germane to the thread.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread Roger Heflin

That matches what Ed had called out that it was a GL* command.

I guess that also tells you why you did not notice the failing..

given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a while
in gthumb and similar tools.

And that tool seems to be very complicated for just creating a
thumbnail as it connects to X and pulseaudio and GLX, I am guessing
someone took a gui app and made it work to generate one.  I sure
whoever decided to use this tool only knew about the this way to
generate a thumbnail.   And the saying goes if the only tool you have
is a hammer then everything looks like a nail.

For creating a thumbnail ffmpeg and/or mplayer would seem better, but
maybe that is not default on the systems.  I might see if I can create
a script that would get used in gthumb as this tells me why I get no
thumbnails.

On Fri, Apr 16, 2021 at 10:27 AM home user  wrote:
>
> On 4/16/21 5:41 AM, Roger Heflin wrote:
> > It seems to be running /usr/bin/totem-video-thumbnailer" so would be
> > something attempting to create a thumbnail for the file if it is a
> > video.
> >
> > It has an extension of .mkv so it thinks it is a video file or is it
> > something else?
>
> It is a video file.
>
> > the command was:
> > /usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
> > "/tmp/.mate_desktop_thumbnail.19V"
> >
> > It truncated the filenames, but you could test run the command and see
> > what it does from the command line.  The first filename is the input
> > file, the 2nd one is the output of the thumbnail.
>
> bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv
> KhongWeeHo_20160327.png
> X Error of failed request:  BadValue (integer parameter out of range for
> operation)
>Major opcode of failed request:  151 (GLX)
>Minor opcode of failed request:  3 (X_GLXCreateContext)
>Value in failed request:  0x0
>Serial number of failed request:  63
>Current serial number in output stream:  64
> bash.3[~]:
>
> I also tried an mp4 video file that I have.  Same result.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread home user


On 4/16/21 5:41 AM, Roger Heflin wrote:

It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.

It has an extension of .mkv so it thinks it is a video file or is it
something else?


It is a video file.


the command was:
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"

It truncated the filenames, but you could test run the command and see
what it does from the command line.  The first filename is the input
file, the 2nd one is the output of the thumbnail.


bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv 
KhongWeeHo_20160327.png
X Error of failed request:  BadValue (integer parameter out of range for 
operation)

  Major opcode of failed request:  151 (GLX)
  Minor opcode of failed request:  3 (X_GLXCreateContext)
  Value in failed request:  0x0
  Serial number of failed request:  63
  Current serial number in output stream:  64
bash.3[~]:

I also tried an mp4 video file that I have.  Same result.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Doug H.

On Thu, Apr 15, 2021, at 11:00 AM, Jack Craig wrote:
> hi list,
> 
> so my bind config has apparently not worked despite my dig'ing.
> 
> an external config checker says it finds no valid IP' for 
> linuxlighthouse.com, i am failing http challenge.

Others have given good answers, but let me show you how I parse it...

>whois linuxlighthouse.com | grep ^Name
Name Server: WS.LINUXLIGHTHOUSE.COM
Name Server: NS3.ATTDNS.COM

First one is not useful since it lives inside the domain. See:
https://ns1.com/blog/glue-records-and-dedicated-dns

So I check the other one:

>dig @NS3.ATTDNS.COM linuxlighthouse.com any

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM 
linuxlighthouse.com any
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 19251
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;linuxlighthouse.com.   IN  ANY

;; Query time: 110 msec
;; SERVER: 2001:1890:1c00:5323::c:3#53(2001:1890:1c00:5323::c:3)
;; WHEN: Fri Apr 16 07:59:10 PDT 2021
;; MSG SIZE  rcvd: 48

Note the part "WARNING: recursion requested but not available", so it is saying 
that it is not authoritative for that domain.

So I check to see that it is the auth for its own domain:

>dig @NS3.ATTDNS.COM ATTDNS.COM any

; <<>> DiG 9.11.28-RedHat-9.11.28-1.fc33 <<>> @NS3.ATTDNS.COM ATTDNS.COM any
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62918
;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 9
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ATTDNS.COM.IN  ANY

;; ANSWER SECTION:
ATTDNS.COM. 28800   IN  SOA ns0.ATTDNS.COM. 
eiss-dns.att.COM. 2021033001 3600 1800 2592000 300
ATTDNS.COM. 28800   IN  NS  ns1.ATTDNS.COM.
ATTDNS.COM. 28800   IN  NS  ns3.ATTDNS.COM.
ATTDNS.COM. 28800   IN  NS  ns4.ATTDNS.COM.
ATTDNS.COM. 28800   IN  NS  ns2.ATTDNS.COM.
ATTDNS.COM. 600 IN  MX  10 mx0b-00191d01.pphosted.COM.
ATTDNS.COM. 600 IN  MX  10 mx0a-00191d01.pphosted.COM.

;; ADDITIONAL SECTION:
ns1.ATTDNS.COM. 28800   IN  2001:1890:1286:320::c:2
ns2.ATTDNS.COM. 28800   IN  2001:1890:1c00:3320::c:3
ns3.ATTDNS.COM. 28800   IN  2001:1890:1c00:5323::c:3
ns4.ATTDNS.COM. 28800   IN  2001:1890:1c00:6320::c:6
ns1.ATTDNS.COM. 28800   IN  A   144.160.112.22
ns2.ATTDNS.COM. 28800   IN  A   144.160.128.140
ns3.ATTDNS.COM. 28800   IN  A   144.160.20.47
ns4.ATTDNS.COM. 28800   IN  A   144.160.229.11

;; Query time: 97 msec
;; SERVER: 2001:1890:1c00:5323::c:3#53(2001:1890:1c00:5323::c:3)
;; WHEN: Fri Apr 16 08:00:15 PDT 2021
;; MSG SIZE  rcvd: 409


Yup, good there. So you have two name servers listed. We need that glue record 
to figure out where one is and the other claims to not know who you are.


-- 
Doug Herr
fedoraproject@wombatz.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Canon MF642Cdw works as expected on F32 but fails on F33

2021-04-16 Thread dwoody5654

I was able to print and scan from Fedora 32 but when I upgraded to Fedora 33,
cups shows "waiting for printer to become available".

I am using the driver from Canon: linux-UFRII-drv-v520-usen-05.tar.gz.

The install.sh that is included looks for the following packages:
libjpeg-turbo
beecrypt
beecrypt-devel
libglade2
jbigkit-libs
libgcrypt
libgcrypt-devel
which are installed and current, and all the above packages have had a point
increase.

The install.sh also states that Fedora is supported.

Looking at the jobs page first message is "Rendering is complete", then 
"Waiting for printer to become available".

I called Canon and was told that the driver was not 100% Canon code and that
it was unknown when a updated driver would be available. The current driver
was released in 09/2020.

Any ideas on how to fix or work around,

Thanks,
David
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Forbidden uid?

2021-04-16 Thread Jan Tomasek


Hi,

is there a way how to provide 389DS with list of forbidden uid to 
prevent creating such user? For example 'root', 'sys', ...


Thanks
--
---
Jan Tomasek aka Semik
http://www.tomasek.cz/



smime.p7s
Description: S/MIME Cryptographic Signature
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: aegisub no more working after update...

2021-04-16 Thread Jerry James

On Fri, Apr 16, 2021 at 4:40 AM François Patte
 wrote:
> I just update my system (fc-32) and aegisub is no more working: I can
> open subtitlefiles but not the corresponding video...
>
> Here the message:
>
> (aegisub:347417): Gdk-ERROR **: 12:08:25.195: The program 'aegisub'
> received an X Window System error.
> This probably reflects a bug in the program.
> The error was 'BadValue (integer parameter out of range for operation)'.
>(Details: serial 37349 error_code 2 request_code 150 (GLX) minor_code 24)
>(Note to programmers: normally, X errors are reported asynchronously;
> that is, you will receive the error a while after causing it.
> To debug your program, run it with the GDK_SYNCHRONIZE environment
> variable to change this behavior. You can then get a meaningful
> backtrace from your debugger if you break on the gdk_x_error()
> function.)

The aegisub package is not distributed by Fedora, but rather by
rpmfusion.  You should file a bug and include the information above.
See here for how to do that:

https://rpmfusion.org/ReportingBugs

That will alert the package maintainer to the problem.  It's possible
that aegisub just needs to be rebuilt against the latest GTK library,
but the maintainer can help determine that.  Good luck!
-- 
Jerry James
http://www.jamezone.org/
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: How do I change the root password storage scheme to CRYPT-SHA512 through dsconf?

2021-04-16 Thread Mark Reynolds



On 4/16/21 3:04 AM, spike wrote:


Hi everyone,

I'd like to change the default root password storage scheme from 
PBKDF2_SHA256 to CRYPT-SHA512 but I'm not having much success. I'm 
using the RHDS 11 documentation 
(https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#change_directory_manager_storage_scheme-CLI) 
as a reference since the 389ds documentation page 
(https://directory.fedoraproject.org/docs/389ds/documentation.html) 
refers to that as "The best documentation for use and deployment". The 
389ds version is 1.4.4.15 which should correspond with RHDS 11.



Looks like we have a doc bug :-(

This is the procedure:

dsconf slapd-YOUR_INSTANCE config replace 
nsslapd-rootpwstoragescheme=CRYPT-SHA512


dsconf slapd-YOUR_INSTANCE directory_manager password_change --> this 
will prompt you for the new password


That should do it.

HTH,

Mark



What I've tried:

# mkpasswd -m sha512crypt secret
$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/ 

# dsconf localhost config replace 
nsslapd-rootpwstoragescheme=CRYPT-SHA512 
nsslapd-rootpw="{crypt}$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/"

selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpwstoragescheme"
selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpw"


Which results in me being unable to log in (bind non-anonymously). 
I've also tried:


# dsconf localhost config replace 
nsslapd-rootpwstoragescheme=CRYPT-SHA512 
nsslapd-rootpw="{CRYPT-SHA512}$6$gOiCU3fNsdrH9.mR$fVxs..."


and

# dsconf localhost config replace 
nsslapd-rootpwstoragescheme=CRYPT-SHA512 
nsslapd-rootpw="$6$gOiCU3fNsdrH9.mR$fVxs..."


which were also unsuccessful (login not possible).

Setting a `CRYPT-SHA512` password though the 389ds cockpit UI plugin 
works fine though, so I'm pretty sure I'm just not getting the syntax 
for `dsconf` correctly.


Any pointers are greatly appreciated.

Cheers!
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure


--

389 Directory Server Development Team
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: puzzling SELinux alert.

2021-04-16 Thread Roger Heflin

It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.

It has an extension of .mkv so it thinks it is a video file or is it
something else?

the command was:
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"

It truncated the filenames, but you could test run the command and see
what it does from the command line.  The first filename is the input
file, the 2nd one is the output of the thumbnail.


On Thu, Apr 15, 2021 at 9:31 PM home user  wrote:
>
> On 4/15/21 8:27 PM, home user wrote:
>
> > The grep for the process ID "2636" found lines.
>
> Correction:
>
> The grep for the process ID "2636" found 34361 lines.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Automount occasionally failing to auto-unmount

2021-04-16 Thread Patrick O'Callaghan

I use automount with systemd service units (not /etc/fstab) to mount an
external BTRFS filesystem (2 drives configured as RAID-1). There is a
timeout of 120 seconds of inactivity after which it should unmount.
This works *nearly* all the time, but sometimes it doesn't and I can't
figure out why. The drive is normally only used at 3am to run a backup
script, and logs show that this is working correctly, but when I check
in the morning I sometimes find the drive still mounted (shown by
'findmnt') even though nothing is accessing it, i.e. 'fuser' shows
nothing and 'umount' succeeds immediately.

If it matters, the actual timeout always seems to take 300 seconds. I
don't know if this is because BTRFS is keeping the drive alive,
flushing queues or whatever. It's not important in itself, just another
data point.

When I mount the drive manually, the timeout always succeeds (though
again after 300 seconds rather than 120).

Any ideas?

poc
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

aegisub no more working after update...

2021-04-16 Thread François Patte


Bonjour,

I just update my system (fc-32) and aegisub is no more working: I can 
open subtitlefiles but not the corresponding video...


Here the message:

(aegisub:347417): Gdk-ERROR **: 12:08:25.195: The program 'aegisub' 
received an X Window System error.

This probably reflects a bug in the program.
The error was 'BadValue (integer parameter out of range for operation)'.
  (Details: serial 37349 error_code 2 request_code 150 (GLX) minor_code 24)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the GDK_SYNCHRONIZE environment
   variable to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() 
function.)



I don't understand what it means and don't know what to do

Thank you for any help.

--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
FSF
https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-from-the-fsf



OpenPGP_signature
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Third level choosers for keyboard keys.

2021-04-16 Thread AV

On Thu, 2021-04-15 at 20:12 -0700, Samuel Sieb wrote:
> On 4/15/21 5:07 PM, AV wrote:
> > 
> > > You need to be using a layout that has keys defined in those
> > > levels.  What keys are you trying to access?
> > 
> > On the Logitech keyboard the 5 with % and €. Same for Lenovo
> > laptop. On the Dell XPS 13 laptop the 5 with % and € and the 4 with
> > $ and ₹ (Indian Rupee sign).
> 
> For those specific keyboards, you'll probably have to create your own
> layout  I tried switching to the English (UK) layout and it has lots
> of extra keys.  If you click on the eye beside the name, it will give
> you graphical view of the layout, so you can see what keys are
> available.

As I said earlier I do not need this functionality. I was just curious.
As long as the option to use a compose key keeps working for a standard
US keyboard I am happy as I just need the compose key for diacriticals
in the western European languages. A standard US keyboard works best
for me, NOT the US international or the UK one (I once tried the UK and
got some weird surprises). So I am certainly not 'going to create my
own layout'. My quest stops here. Thanks to everybody for replying.

This aside I am surprised these options are given in Gnome/KDE/etc 
without further explanation if it is so complicated and so dependent
on the choice of keyboard and/or it's layout.

And I don't understand the remarks about the keypad. I have never seen
a keypad with $/€/%/& signs (and I hate keypads (especially on laptops)
they make you sit "twisted" and on a loose keyboard they also take away
mouse room (and strain the upper arm muscles)). 
(And I have had enough occasion to use numbers: data analysis,
 simulation/research and such and the "top row" has always been
 sufficient for my needs).

This is in reply to Samuel Sieb but also to everybody who replied.

AV
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: 
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Ed Greshko


On 16/04/2021 10:35, Jack Craig wrote:

First I get my static IP from AT actually a block of eight addresses of which 
only the first do they agree to pass through.



BTW, if you are hosting the DNS server and if your DNS server has the IP 
address of 108.220.213.121 then
this could be a problem.

Running nmap against that IP

PORT   STATE  SERVICE VERSION
53/udp closed domain
53/tcp  closed domain


--
Remind me to ignore comments which aren't germane to the thread.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: on to letsencrypt

2021-04-16 Thread Tim via users

Tim:
>> The DNS records need to be fixed before all else.  They need to be
>> held on a public DNS server that propagates them to the other DNS
>> servers.


Jack Craig:
> First I get my static IP from AT actually a block of eight
> addresses of which only the first do they agree to pass through.  
> 
> 
> Second this used to work. I get my static IP from AT in a block of
> actually eight addresses only the first of which do they agree to
> pass through so I have been using DNS via name HTTP HTTPS for some
> time and only since I've upgraded to fedora 30 to have I had this dns
> battle .

Sounds ok.  One test would be to see if an outsider can ping your
public IP that's supposed to allow traffic through.  Though, that will
only work if your system responds to pings.  The other test is for
someone to try and browse your webserver at your public IP.

Your public IP has to route through to your own server.  You will
probably have to explain your network topology to us.  Which I've seen
you do, in general, further below.

But is your public IP in a range of "customer" addresses, or public
IPs?  If it's within the range allocated to an ISPs clients, other
networks around the world will consider your IP to be risky.  You'd
find doing mail a problem, at least.

> Networksolutions is my registrar, they provide to the world my domain
> name my primary and secondary DNS servers so I guess that's the
> external place where you were referring to?

Yes.

> So AT provides the internet road, networksolutions provides the
> signage along the road to my place .
> 
> isn't it the way it supposed to work?

Yes.

By the look of things you need to reconfigure your DNS records.  Point
the A record for your domain, and the www. subdomain at your
webserver's IP.  Point your MX record at whoever handles mail to your
domain name.  Point the NS record at the name servers for your domain.


>> If your plan is for you to run your webserver on your own computer
>> and for people to connect to it, you have to find out if that's
>> actually possible with your ISP.  Many will forbid it, or their
>> network structure makes it nearly impossible.  And you'll need to
>> be able to handle all the attacks you'll be under.  There probably
>> isn't a website on the planet that someone isn't trying to exploit.

> I was hoping that wireguard would provide that kind of coverage via
> vpn..
>  I have two routers in my access path the first one is the AT
> router and its firewall is set to forward packets only from ports 53
> for 43 and 80 those packets alone are forwarded to my internal server
> internal router which in turn contacts in my server on my 10.0.0 net

If you're also doing HTTPS, there will need to be port "443" passed
through, too.  I'm guessing "43" was a typo.  Both routers and your
computer will have to allow through the ports.  I see no point in
trying to be your own DNS server, though.

HTTPS *could* be a curly one to solve in your situation.  Certificates
can tied to an IP address.  While an outsider will be connecting to
your public IP forwarded through, your webserver will be using its
local IP, and the cert wouldn't match.  *If* the cert has to match your
public IP, you'd need to set your computer's IP to be your public one.

But that may not be the case with you.  Solve the DNS problem first.

> I thought that having two firewalls between me in the world would be
> a larger advantage but it sounds like what you're saying is that
> people can penetrate that no matter what.   that's depressing.  

While firewalls can prevent unwanted connections through a network,
they don't protect you from things that are done through the allowed
connections.  Your webserver will have to be able to handle people
trying to exploit it.

On my public website, the error logs are full of people trying to
connect to known exploits in wordpress and various other software
suites that people run on webservers.  I don't run those things, so
they just get errors.

You'll also need to be able to handle the legitimate traffic.  You'll
have multiple crawlers from search engines, including many you've never
heard of, as well as actual people browsing it.

That's why I don't run my public website on my own system.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] How do I change the root password storage scheme to CRYPT-SHA512 through dsconf?

2021-04-16 Thread spike



Hi everyone,

I'd like to change the default root password storage scheme from PBKDF2_SHA256 to 
CRYPT-SHA512 but I'm not having much success. I'm using the RHDS 11 documentation 
(https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#change_directory_manager_storage_scheme-CLI)
 as a reference since the 389ds documentation page 
(https://directory.fedoraproject.org/docs/389ds/documentation.html) refers to that as 
"The best documentation for use and deployment". The 389ds version is 1.4.4.15 
which should correspond with RHDS 11.

What I've tried:

# mkpasswd -m sha512crypt secret
$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/
# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 
nsslapd-rootpw="{crypt}$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/"
selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpwstoragescheme"
selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpw"


Which results in me being unable to log in (bind non-anonymously). I've also 
tried:

# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 
nsslapd-rootpw="{CRYPT-SHA512}$6$gOiCU3fNsdrH9.mR$fVxs..."

and

# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512 
nsslapd-rootpw="$6$gOiCU3fNsdrH9.mR$fVxs..."

which were also unsuccessful (login not possible).

Setting a `CRYPT-SHA512` password though the 389ds cockpit UI plugin works fine 
though, so I'm pretty sure I'm just not getting the syntax for `dsconf` 
correctly.

Any pointers are greatly appreciated.

Cheers!
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Third level choosers for keyboard keys.

2021-04-16 Thread Ed Greshko


On 16/04/2021 12:06, Samuel Sieb wrote:

On 4/15/21 8:52 PM, Doug McGarrett wrote:

On 4/15/21 8:07 PM, AV wrote:

On the Logitech keyboard the 5 with % and €. Same for Lenovo laptop.
On the Dell XPS 13 laptop the 5 with % and € and the 4 with $ and ₹
(Indian Rupee sign).


I believe that it has not become clear to all readers. In plain words, you need 
a keyboard
that has a number panel to the right of the letter keyboard. These number keys 
will also,
adjacent to them, on the right, have a - sign at the top right, and a + sign at 
the middle right.
These + and - keys have a DIFFERENT key code than the ones on the letter 
keyboard.
Laptops don't have a separate number panel, and many--perhaps most--of the k/b's
that come with new computers don't either. People who don't do numeric entry for
a living mostly don't need that facility, so it gets left off--and saves money 
for the
computer industry.


I'm very sure that he's referring to the regular number keys at the top.  The 
international ones tend to have extra characters on them for local currencies.
The most common reason for not having a number pad is because there isn't room. 
 I have two laptops beside me.  One has no number pad and the keyboard still 
goes from edge to edge.  It's not wide enough for more.  The other, much larger 
one, does have the keypad.  Almost all laptops that I've seen and that are wide 
enough do have the keypad.


FWIW, only have one laptop.  An old Acer.  It doesn't have a number pad because 
there isn't room.  However, if I press
Fn/F11 (The Fn on the key is blue, and in blue on F11 is Numlock) some keys are 
now the number pad.  For example
U,I,O becomes 4,5,6 and P becomes +.


--
Remind me to ignore comments which aren't germane to the thread.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Third level choosers for keyboard keys.

2021-04-16 Thread Joe Zeff


On 4/15/21 9:52 PM, Doug McGarrett wrote:

In plain words, you need a keyboard
that has a number panel to the right of the letter keyboard. These 
number keys will also,
adjacent to them, on the right, have a - sign at the top right, and a + 
sign at the middle right.


The term you're looking for is "numeric keypad."
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: How do I change the root password storage scheme to CRYPT-SHA512 through dsconf?

Re: puzzling SELinux alert.

Re: puzzling SELinux alert.

Re: on to letsencrypt

Re: puzzling SELinux alert.

Re: on to letsencrypt

Re: on to letsencrypt

Re: Canon MF642Cdw works as expected on F32 but fails on F33

[389-users] Re: Forbidden uid?

Re: on to letsencrypt

Re: on to letsencrypt

Re: puzzling SELinux alert.

Re: puzzling SELinux alert.

Re: on to letsencrypt

Canon MF642Cdw works as expected on F32 but fails on F33

[389-users] Forbidden uid?

Re: aegisub no more working after update...

[389-users] Re: How do I change the root password storage scheme to CRYPT-SHA512 through dsconf?

Re: puzzling SELinux alert.

Automount occasionally failing to auto-unmount

aegisub no more working after update...

Re: Third level choosers for keyboard keys.

Re: on to letsencrypt

Re: on to letsencrypt

[389-users] How do I change the root password storage scheme to CRYPT-SHA512 through dsconf?

Re: Third level choosers for keyboard keys.

Re: Third level choosers for keyboard keys.

27 matches

Site Navigation

Mail list logo

Footer information