[CentOS-announce] CESA-2010:0742 Moderate CentOS 4 i386 postgresql - security update
CentOS Errata and Security Advisory CESA-2010:0742 postgresql security update for CentOS 4 i386: https://rhn.redhat.com/errata/RHSA-2010-0742.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/postgresql-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-contrib-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-devel-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-docs-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-jdbc-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-libs-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-pl-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-python-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-server-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-tcl-7.4.30-1.el4_8.1.i386.rpm updates/i386/RPMS/postgresql-test-7.4.30-1.el4_8.1.i386.rpm source: updates/SRPMS/postgresql-7.4.30-1.el4_8.1.src.rpm You may update your CentOS-4 i386 installations by running the command: yum update postgresql Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgph2NLH8UO5G.pgp Description: PGP signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-es] Mil disculpas
On 10/06/2010 09:06 AM, Rubén González wrote: Hoy he revisado el correo y me encontré con que había mensajes desde mi cuenta invitando a ser parte del servicio social Badoo hacia la lista y hacia todos mis contactos. Agradezco a los moderadores de la lista que no hayan bloqueado mi cuenta y que filtren los mensajes que provengan de este servicio y otros que seguro seguirán apareciendo y pido mil disculpas por las molestias ocasionadas. que casualidad, acabo de moderar tu cuenta, para filtrar mails que envíes.. la modero porque estas redes sociales se hacen pasar por tu email para enviar.. y como lentamente hemos ido desmoderando al que escribe a la lista.. pues tu estabas sin moderación ya... lamentablemente las personas no se dan cuenta que estas redes sociales en algún paso te escanean todos los mails que tengas guardados y envían invitaciones sin piedad, y lo peor es que ahora comienzan a repetirlas.. y no paran hasta que no te suscribas. mi opinión es que esto es spam.. no les parece? Acaba de llegar una de robertogonzalezla...@gmail.com desde facebook, también le moderé al usuario. E iré haciendo así con cuanta invitación llegue al sistema. La alternativa que quedaría es que nosotros filtráramos todos los mails que lleguen.. eso es un poco duro pero si no queda más remedio, le haré. particularmente, como protesta, me desuscribí de cuanta red social usaba no las considero útil y es mi forma de protestar contra esta invasión. saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS] LDAP authentication on a remote server (via ldaps://)
Hello, I have a central repository of users/groups based on OpenLDAP which is working on a remote LAN (servers share users credentials and mount their home directories via NFS). They use non-encrypted ldap restricted to the local network. Now, I have a few servers in our local office and I would like them to authenticate from the remote LDAP server using encryption via ldaps://. (at this stage, without using client-side certificate) I have run a similar command as I did on the remote servers, replacing ldap://localldapserver by ldaps://ldap.mycompany.com: authconfig --enableldap --enableldapauth --enablecache --enablemkhomedir --ldapserver=ldaps://ldap.mycompany.com --enableldaptls --ldapbasedn=dc=mycompany,dc=com --passalgo=sha256 --updateall and I put the CA certificate at the right place. (either explicitly pointing to it TLS_CACERT or downloading it to /etc/openldap/cacerts vi system-configuration-authentication) In all my various tests, ldapsearch -x returns the content of the remote LDAP, so I guess that at least openldap clients are properly configured. But when I try: getent passwd the command hangs. Same when I try to: su - myuser (I also tried configuring with the system-configuration-authentication UI from a box with GNOME, and also tried authconfig without --enableldaptls) So is there anything specific to authentication ldaps: that I should have done? (as I said, this approach systematically works with plain ldap on this same LDAP server) Thanks in advance for your help! Mathieu Note: all systems involved are running up to date CentOS 5.5 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenOffice or LibreOffice?
On 05/10/10 02:49, Yves Bellefeuille wrote: On Monday 04 October 2010 12:35, Mark wrote: I'll probably put LO beta on my laptop and play with it a little before I decide. There is a caveat that LO might install over OO in this beta, but future releases won't. The warning that LibreOffice overwrites OpenOffice only applies to Windows. On my system, LibreOffice installed itself neatly in /opt/libreoffice3. Indeed. :-) Redhat have stated they will support LibreOffice, but considering LibreOffice is merely a beta at the moment an early one at that, I highly doubt RH would put that into RHEL5/6, bearing in mind that RHEL is all about stability and reliability. Imagine 50 networked machines, using LibreOffice Beta, after they just added a new feature, and the new feature accidentally causes constant segfaults, it would be a disaster in an enterprise environment. :-O I'd expect Fedora 15/16 (Possibly 14, but I think it's too far it for them to change it now, not sure though) to see LibreOffice first. Then after it'll fall into RHEL, at which point I don't know, possibly 6.2? 6.4? All depends on stability of the product, however it may not ever make it into RHEL6 and end up only in RHEL7+. As for RHEL5? I'm not sure. But, of course all this is speculation, and could be wrong. I too checked out LibreOffice when it was released (F12 here at the moment) I soon switched back to OpenOffice.org 3.1 though :-( but, it's an early product, you can't expect it to be perfect just yet :-). (even if it is a fork) LibreOffice has the potential to be great, and the publicity/support they needed. Lets just hope they do just that. Anyhow, just my 2p :-) Sorry for any spelling/grammar issues, been up all night and am tired, only coffee keeping me going right now :D. -- Jake ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Colour laser printer
From: Timothy Murphy gayle...@eircom.net Anyone got a recommendation for a cheap (but good) colour laser printer that runs under CentOS-5.5 ? We are quite happy with our Epson C2800n... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EXT4 mount issue : update
Thanks Gordon .. a relief .. I am still inclined to move data and rebuild with all the current default EXT4 attributes. Steve On Tue, 5 Oct 2010, Gordon Messmer wrote: On 10/05/2010 12:50 PM, Steve Brooks wrote: tune4fs listed the filesystem state as not clean. I remounted them as read only while I decided what to do. The next day I check them again and tune4fs reports the filesystem state as clean. Could this be normal behaviour? Yes. not clean is fine. A mounted FS without a journal will always be not clean. not clean with errors is a cause for concern. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel.org kernel in CentOS respin.
From: Steve Clark scl...@netwolves.com I realize that uname is missing as well as /sbin/new-kernel-pkg. That is why I was asking if someone has a recipe for building a kernel from kernel.org that will install correctly from a respin. You need mkinitrd and coreutils packages... Not sure at which step it fails since you did not give details. Anyway, google says: http://wiki.centos.org/HowTos/Custom_Kernel Hope this helps... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] drbd update 8.3.8.1
On Sun, 3 Oct 2010, Dag Wieers wrote: On Thu, 30 Sep 2010, Shad L. Lords wrote: Can we get a refresh of the drbd packages to 8.3.8.1 There was a fix to the resync protocol. 8.3.8 would stall under certain circumstances. If you haven't tried the ELRepo DRBD packages yet, could you please test I investigated also why I didn't know about the newer DRBD 8.3.8.1 release and apparently it was never officially announced. Not on the announce mailinglist, not on freshmeat. So it's hard to keep track of items that are not announced through known channels :-/ I will take this up with upstream. So feel free to report future updates through the ELRepo bug tracker in case it happens again, I prefer one report too many, than no update :-) http://elrepo.org/bugs/ Thanks for your help ! -- -- dag wieers, d...@wieers.com, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] looking for a decent free / Open Source flash media server
Hi all, I hope someone can help me with this one. I am looking for a decent free / Open Source flash media server software which I can run on a Linux server. Adobe's Flash Media Server (http://www.adobe.com/products/flashmediaserver/) is very expensive and not within any reasonable cost range (R40K+). The Fladh Media Server uses the RMTP This is needed to run the following Joomla extension: http://www.joomplace.com/live-conference/live-conference.html which basically allows us to setup a Flash tutorial conference setup, similar to podcasts. We currently use CentOS Linux + cPanel, as well as CentOS + VirtualMin but I'm open to suggestion for other control panels as well if need be. Does anyone have any suggestions for me? -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://)
On Wed, Oct 06, 2010 at 10:24:44AM +0200, Mathieu Baudier wrote: Hello, Now, I have a few servers in our local office and I would like them to authenticate from the remote LDAP server using encryption via ldaps://. (at this stage, without using client-side certificate) I have run a similar command as I did on the remote servers, replacing ldap://localldapserver by ldaps://ldap.mycompany.com: authconfig --enableldap --enableldapauth --enablecache --enablemkhomedir --ldapserver=ldaps://ldap.mycompany.com --enableldaptls --ldapbasedn=dc=mycompany,dc=com --passalgo=sha256 --updateall Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap file's entry for SLAPD_LDAPS and restart the ldap service on the server? (It's documented in the CentOS wiki's FAQ, however, apparently no one at RH figured it merited mention.) -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: I laugh in the face of danger. Then I hide until it goes away ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
Quoting Rudi Ahlers r...@softdux.com: Hi all, I hope someone can help me with this one. I am looking for a decent free / Open Source flash media server software which I can run on a Linux server. Adobe's Flash Media Server (http://www.adobe.com/products/flashmediaserver/) is very expensive and not within any reasonable cost range (R40K+). The Fladh Media Server uses the RMTP This is needed to run the following Joomla extension: http://www.joomplace.com/live-conference/live-conference.html which basically allows us to setup a Flash tutorial conference setup, similar to podcasts. We currently use CentOS Linux + cPanel, as well as CentOS + VirtualMin but I'm open to suggestion for other control panels as well if need be. Does anyone have any suggestions for me? I was about to suggest Red5 to you (and start a rant about it's install documentation...), but then I saw this: http://www.joomplace.com/forum/joomla-components/live-conference/does-the-system-works-in-a-red5-server.html I wish you good luck, and hope that you find a reasonable solution and share it with us... :) Mário Barbosa ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
Rudi Ahlers wrote: Does anyone have any suggestions for me? http://www.wowzamedia.com/index.html -tgc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplex networkprinter for Linux
On 10/5/2010 9:18 AM, kim.gabriel...@get2net.dk wrote: Hi, does anybody know about a duplex (color) printer with linux support? either with centos as print server or - preferably - as a stand alone network printer? thanks. KIm ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Look at: http://www.office.xerox.com/printers/color-printers/phaser-8560/enus.html ; ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] GDM could not write to you authorization file ... Please contact your system adminstrator
This error sounds familiar. If it is the same problem I've had a couple of times, every time it happens, I forget what it was I did the last time to fix it. :-( After I remember, it seems almost obvious. Assuming you've got the same problem, you need to log into the account remotely, with out a GUI interface, or as another user. See if you have a file ~/.ICEauthority. If it is there, delete it and then try logging in again. I think that is the right file for the problem I've had. I just remember that some file got corrupted and I had to delete it before GUI logins would work. I hope this helps. Good luck. -- Brent L. Bates (UNIX Sys. Admin.) M.S. 912 Phone:(757) 865-1400, x204 NASA Langley Research CenterFAX:(757) 865-8177 Hampton, Virginia 23681-0001 Email: b.l.ba...@larc.nasa.govhttp://www.vigyan.com/~blbates/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplex networkprinter for Linux
Hi, Epson B-510DN network is included; linux driver available: I have not tested. Helmut Von: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Im Auftrag von Ed Westphal Gesendet: Mittwoch, 6. Oktober 2010 13:52 An: CentOS mailing list Betreff: Re: [CentOS] Duplex networkprinter for Linux On 10/5/2010 9:18 AM, kim.gabriel...@get2net.dk wrote: Hi, does anybody know about a duplex (color) printer with linux support? either with centos as print server or - preferably - as a stand alone network printer? thanks. KIm ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Look at: http://www.office.xerox.com/printers/color-printers/phaser-8560/enus.htm l ; ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
Is anyone using or played with wowza???looks interesting... On Wed, Oct 6, 2010 at 6:32 AM, Tom G. Christensen t...@statsbiblioteket.dkwrote: Rudi Ahlers wrote: Does anyone have any suggestions for me? http://www.wowzamedia.com/index.html -tgc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplex networkprinter for Linux
On Tue, Oct 5, 2010 at 9:18 AM, kim.gabriel...@get2net.dk wrote: Hi, does anybody know about a duplex (color) printer with linux support? either with centos as print server or - preferably - as a stand alone network printer? thanks. KIm ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos We've been using a Xerox Phaser 8560DN. Works just fine. The only complaint - the ink is sort of expensive. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://)
Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap file's entry for SLAPD_LDAPS and restart the ldap service on the server? This settings was indeed set to no. What is funny though is that I actually can connect to the ldaps port without it (since ldapsearch -x is working and I can also connect via ldaps using a graphical client, and the plain ldap port is closed by the firewall) I changed the settings to yes and restarted the service, but it did not change anything. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://)
On Wed, Oct 06, 2010 at 03:32:03PM +0200, Mathieu Baudier wrote: Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap file's entry for SLAPD_LDAPS and restart the ldap service on the server? This settings was indeed set to no. I changed the settings to yes and restarted the service, but it did not change anything. About the only other thing I can think of is an issue I ran into on later versions of Fedora. Now, /etc/openldap/ldap.conf needs TLS_REQCERT allow, but I think that's a Fedora thing. (On the other hand, we're only using CentOS as a server, not a client.) -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Cordelia: Everything has been taken away because Daddy made a little mistake on his taxes... for the last twelve years. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Duplex networkprinter for Linux
On Tue, Oct 5, 2010 at 9:19 AM, Adam Tauno Williams awill...@whitemice.org wrote: On Tue, 2010-10-05 at 15:18 +0200, kim.gabriel...@get2net.dk wrote: Hi, does anybody know about a duplex (color) printer with linux support? Brother MFC-9840CDW [it even supports IPv6] I recommend the Brother network series. The unix support and networking functions are excellent. Been recently using a color duplex, but also have been using bw laser with Linux for 5+ yrs. -- Mauriat Miranda http://www.mjmwired.net/linux ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel.org kernel in CentOS respin.
On 10/06/2010 06:05 AM, John Doe wrote: From: Steve Clarkscl...@netwolves.com I realize that uname is missing as well as /sbin/new-kernel-pkg. That is why I was asking if someone has a recipe for building a kernel from kernel.org that will install correctly from a respin. You need mkinitrd and coreutils packages... Not sure at which step it fails since you did not give details. Anyway, google says: http://wiki.centos.org/HowTos/Custom_Kernel Hope this helps... JD Thanks JD, I have looked at that page. It was my impression it was for building a kernel based on the released CentOS kernel for 5.x, 2.6.18... not for building a kernel from kernel.org such as 2.6.32-23 which is what I want. -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://)
On Wed, 6 Oct 2010, Mathieu Baudier wrote: Now, I have a few servers in our local office and I would like them to authenticate from the remote LDAP server using encryption via ldaps://. (at this stage, without using client-side certificate) I have run a similar command as I did on the remote servers, replacing ldap://localldapserver by ldaps://ldap.mycompany.com: authconfig --enableldap --enableldapauth --enablecache --enablemkhomedir --ldapserver=ldaps://ldap.mycompany.com --enableldaptls --ldapbasedn=dc=mycompany,dc=com --passalgo=sha256 --updateall and I put the CA certificate at the right place. (either explicitly pointing to it TLS_CACERT or downloading it to /etc/openldap/cacerts vi system-configuration-authentication) In all my various tests, ldapsearch -x returns the content of the remote LDAP, so I guess that at least openldap clients are properly configured. But when I try: getent passwd the command hangs. I've never done ldaps to port 636, only TLS to port 389, so some of my comments may be slightly off-base in your situtation. Here are the changes I'd review: 1. After installing the CA cert, did you create a hash link? E.g., /usr/sbin/cacertdir_rehash /etc/openldap/cacerts 2. Make sure you know the difference between /etc/ldap.conf and /etc/openldap/ldap.conf. The former is used by nss_ldap, the latter by openldap clients. 3. Does /etc/ldap.conf have all the correct TLS entries, e.g., ssl start_tls tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts Additionally, I've had trouble using the uri directive in /etc/ldap.conf, esp. with encrypted connections. The host and port directives have worked better for me. 4. Does /etc/pam.d/system-auth have pam_ldap.so entries for auth, account, password, and session? 5. Are you running nscd? (I've found it indispensable when working with network auth.) 6. Review the changes to /etc/nsswitch.conf to make sure that the passwd, shadow, and group entries all query ldap. -- Paul Heinlein heinl...@madboa.com http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
2010/10/6 Mário Barbosa mario.barb...@log.pt: Quoting Rudi Ahlers r...@softdux.com: Hi all, I hope someone can help me with this one. I am looking for a decent free / Open Source flash media server software which I can run on a Linux server. Adobe's Flash Media Server (http://www.adobe.com/products/flashmediaserver/) is very expensive and not within any reasonable cost range (R40K+). The Fladh Media Server uses the RMTP This is needed to run the following Joomla extension: http://www.joomplace.com/live-conference/live-conference.html which basically allows us to setup a Flash tutorial conference setup, similar to podcasts. We currently use CentOS Linux + cPanel, as well as CentOS + VirtualMin but I'm open to suggestion for other control panels as well if need be. Does anyone have any suggestions for me? I was about to suggest Red5 to you (and start a rant about it's install documentation...), but then I saw this: http://www.joomplace.com/forum/joomla-components/live-conference/does-the-system-works-in-a-red5-server.html I wish you good luck, and hope that you find a reasonable solution and share it with us... :) Mário Barbosa ___ I also looked at R5 and same this post which kinda put a spanner in the works for me. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
On Wed, Oct 6, 2010 at 1:32 PM, Tom G. Christensen t...@statsbiblioteket.dk wrote: Rudi Ahlers wrote: Does anyone have any suggestions for me? http://www.wowzamedia.com/index.html -tgc ___ $65 a month! That's a rip-off, but thanx for the suggestion :) -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
Here are the changes I'd review: 1. After installing the CA cert, did you create a hash link? E.g., /usr/sbin/cacertdir_rehash /etc/openldap/cacerts 2. Make sure you know the difference between /etc/ldap.conf and /etc/openldap/ldap.conf. The former is used by nss_ldap, the latter by openldap clients. 3. Does /etc/ldap.conf have all the correct TLS entries, e.g., ssl start_tls tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts Additionally, I've had trouble using the uri directive in /etc/ldap.conf, esp. with encrypted connections. The host and port directives have worked better for me. 4. Does /etc/pam.d/system-auth have pam_ldap.so entries for auth, account, password, and session? 5. Are you running nscd? (I've found it indispensable when working with network auth.) 6. Review the changes to /etc/nsswitch.conf to make sure that the passwd, shadow, and group entries all query ldap. Thanks a lot for this check-list (I recommend it for others in the future). I had already checked most of the points, but I still played around with your ideas, without success But, this remark: I've never done ldaps to port 636, only TLS to port 389, so some of my comments may be slightly off-base in your situtation. made me think of checking what should be the difference between a START_TLS on a plain ldap port and ldaps on the ssl port In /etc/ldap.conf: for ldap + START_TLS this is indeed ssl start_tls but for ldaps (my case) this should be: ssl on Changing the value of 'ssl' to 'on' solved my problem! (and this explains why my ldapsearch queries were working: as you pointed out, /etc/ldap.conf is for the configuration of nss_ldap) IMHO, the comments in /etc/ldap.conf could be a bit more explicit on the 'on' value: ... # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 #ssl start_tls #ssl on ... Thanks a lot for your help! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
Wowza development editiion is free for personal use and appears to have all of the beels and whisltes but is limited to 10 concurrent connections * Editions and Pricing http://www.wowzamedia.com/pricing.html * Wowza gives you the choice of licensing editions to fit your business model and your budget. From a FREE Wowza Server Developer edition On Wed, Oct 6, 2010 at 11:28 AM, Rudi Ahlers r...@softdux.com wrote: On Wed, Oct 6, 2010 at 1:32 PM, Tom G. Christensen t...@statsbiblioteket.dk wrote: Rudi Ahlers wrote: Does anyone have any suggestions for me? http://www.wowzamedia.com/index.html -tgc ___ $65 a month! That's a rip-off, but thanx for the suggestion :) -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
Are you aware that SSL on port 636 is now considered deprecated in favor of START_TLS on port 389? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
On Wed, Oct 6, 2010 at 7:42 PM, Tom Bishop bisho...@gmail.com wrote: Wowza development editiion is free for personal use and appears to have all of the beels and whisltes but is limited to 10 concurrent connections Editions and Pricing Wowza gives you the choice of licensing editions to fit your business model and your budget. From a FREE Wowza Server Developer edition I take it you work for Woza? We're a hosting company so I can't use the free version. and 10 connections won't cut it, so I understand we're going to have to fork out $65+/pm which is simply put ridicioulous. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
Naah I don't work for Wowza...not even close...first time I've ever heard of itbut you didn't include that you worked for a hosting companythat changes the perspective...I was thinking home environment ;) On Wed, Oct 6, 2010 at 1:17 PM, Rudi Ahlers r...@softdux.com wrote: On Wed, Oct 6, 2010 at 7:42 PM, Tom Bishop bisho...@gmail.com wrote: Wowza development editiion is free for personal use and appears to have all of the beels and whisltes but is limited to 10 concurrent connections Editions and Pricing Wowza gives you the choice of licensing editions to fit your business model and your budget. From a FREE Wowza Server Developer edition I take it you work for Woza? We're a hosting company so I can't use the free version. and 10 connections won't cut it, so I understand we're going to have to fork out $65+/pm which is simply put ridicioulous. -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for a decent free / Open Source flash media server
On Wed, Oct 6, 2010 at 8:26 PM, Tom Bishop bisho...@gmail.com wrote: I take it you work for Woza? We're a hosting company so I can't use the free version. and 10 connections won't cut it, so I understand we're going to have to fork out $65+/pm which is simply put ridicioulous. Sorry, I should have said that :) -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
On Wed, Oct 06, 2010 at 06:35:14PM +0200, Mathieu Baudier wrote: IMHO, the comments in /etc/ldap.conf could be a bit more explicit on the 'on' value: IMNSHO most docmentation on LDAP is laughable, and perhaps one of the main reasons Active Directory has become so much more popular. Say what you want about MS, but it does seem to me, that at least on the syadmin and user side that their documentation is usually quite good, at least since Windows 2000. RH in particular has some really poor docs--as mentioned earlier, they didn't feel it necessary to mention that they'd broken SSL and TLS. As the authors of the excellent ldap for rocket scientists page say. The bad news is that IOHO never has so much been written so incomprehensibly about a single topic with the possible exceptions of BIND. (That page is at http://www.zytrax.com/books/ldap/) Might as well spam my own page while at it. :) http://home.roadrunner.com/~computertaijutsu/ldap.html Grouchily yours (and REALLY sick of the low quality of so much Linux documentation) -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Gunn: Fair Cordelia. You still savin' my life? Cordelia: Every minute. Gunn: How's that workin' out? Cordelia: You're alive aren't you? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
Scott Robbins wrote: On Wed, Oct 06, 2010 at 06:35:14PM +0200, Mathieu Baudier wrote: IMHO, the comments in /etc/ldap.conf could be a bit more explicit on the 'on' value: IMNSHO most docmentation on LDAP is laughable, and perhaps one of the main reasons Active Directory has become so much more popular. Say what you want about MS, but it does seem to me, that at least on the syadmin and user side that their documentation is usually quite good, at least since Windows 2000. snip As the authors of the excellent ldap for rocket scientists page say. The bad news is that IOHO never has so much been written so incomprehensibly about a single topic with the possible exceptions of BIND. (That page is at http://www.zytrax.com/books/ldap/) snip Well, that's simply *not* true... says the guy who, 20-30 years ago, had to read IBM mainframe manuals mark this postfix left blank ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] system stuck with 2.6.18-128 kernel. how to move to 2.6.18-194.17?
Thank you very much for your replies and suggestions! Turns out I have a broken RAID. I checked the failed out drive by mounting read-only the /boot partition, and it is configured to boot the older kernel version (the one the system actually boots). Like Phil said, the OS is seeing one thing, and GRUB another. Questions: 1. How do I fix the array? (How do I put the failed out drive back in? (I hope it is a small failure that the software RAID can recover from, like a few bad blocks or something. Otherwise I am willing to replace the drive.) # mdadm /dev/md0 --add /dev/sda1 mdadm: Cannot open /dev/sda1: Device or resource busy # Maybe it's busy because the system really booted off it? Maybe I can edit grub.conf to change hd(0,0) to hd (1,0) and reboot. Where do I do that, in /dev/sda1 or /dev/sdb1? I guess I could do it in both places. What do you think? Note: I was able to add /dev/sda3 to /dev/md1, and it is resync'ing the array now. # mdadm /dev/md1 --add /dev/sda3 mdadm: re-added /dev/sda3 # 2. Is there a different configuration I should adopt, so that OS and GRUB agree on what device to boot from? Or is this the price I pay for using software RAID rather than HW RAID? Data: The /etc/grub.conf sym link is set up correctly: lrwxrwxrwx 1 root root 22 Mar 17 2009 /etc/grub.conf - ../boot/grub/grub.conf My /boot filesystem lives on a RAID 1 array: /dev/md0 on /boot type ext3 (rw) /proc/mdstat shows only /dev/sdb is still in the RAID 1 mirror: Personalities : [raid1] md0 : active raid1 sdb1[1] 104320 blocks [2/1] [_U] md1 : active raid1 sdb3[1] 275964480 blocks [2/1] [_U] unused devices: none For some reason, it does not show F for disk failure. I did reboot the system a couple of times, maybe it forgot about the failure. Older logwatch reports do have the F on both arrays. lshw and fdisk -l shows both /dev/sda and /dev/sdb. so does lsscsi: [1:0:0:0]diskIBM-ESXS ST337LC FN B26B /dev/sda [1:0:1:0]diskIBM-ESXS MAT3300NC FN B414 /dev/sdb [1:0:8:0]process IBM 39M6750a S320 0 1 - Thanks very much for the help! Best, Aleksey ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
Are you aware that SSL on port 636 is now considered deprecated in favor of START_TLS on port 389? No, I'm not (I actually thought that it was the other way round) I found it practical to have a port (389 or equivalent) that I could authorize via iptables only on the local network., and another one (636 or equivalent) that could be accessed from outside. What are the pro and cons of both approaches? Comments more than welcome! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] system stuck with 2.6.18-128 kernel. how to move to 2.6.18-194.17?
On 10/6/2010 2:36 PM, Aleksey Tsalolikhin wrote: Thank you very much for your replies and suggestions! Turns out I have a broken RAID. I checked the failed out drive by mounting read-only the /boot partition, and it is configured to boot the older kernel version (the one the system actually boots). Like Phil said, the OS is seeing one thing, and GRUB another. Questions: 1. How do I fix the array? (How do I put the failed out drive back in? (I hope it is a small failure that the software RAID can recover from, like a few bad blocks or something. Otherwise I am willing to replace the drive.) # mdadm /dev/md0 --add /dev/sda1 mdadm: Cannot open /dev/sda1: Device or resource busy # Maybe it's busy because the system really booted off it? Do you still have it mounted as you mentioned above? If so, unmount it. If it shows as 'failed' in /proc/mdstat you would have to use mdadm to remove it before adding it back. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] system stuck with 2.6.18-128 kernel. how to move to 2.6.18-194.17?
On Wed, Oct 6, 2010 at 12:48 PM, Les Mikesell lesmikes...@gmail.com wrote: On 10/6/2010 2:36 PM, Aleksey Tsalolikhin wrote: # mdadm /dev/md0 --add /dev/sda1 mdadm: Cannot open /dev/sda1: Device or resource busy # Do you still have it mounted as you mentioned above? If so, unmount it. *Facepalm* That was it. Thank you. /dev/sda1 is back in /dev/md0 and reconstruction is in process. If it shows as 'failed' in /proc/mdstat you would have to use mdadm to remove it before adding it back. Ah! Got it, thanks, Les! Aleksey ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Getting Wake on lan to work
My system is: Intel CC820 motherboard (which supports PME# wake up for wake on LAN) 3com 3C905C which also supports wake on LAN via PME# Linux 5.5 The motherboard BIOS is later than one that reports an issue with WOL and this particular network card was fixed. But when I turn off the PC (shutdown or poweroff commands or front panel button), it cannot be restarted via WOL. The network light on the Ethernet card goes off so it looks like power is not being retained on the card. Although both the card and the motherboard have WOL headers my understanding is that these are not necessary if using PME# - is that correct? (I don't happen to have a WOL cable so can't just try one to confirm). How can I make Linux shutdown and leave the Ethernet power on? The common suggestion on the 'net is to remove the -i switch from the shutdown script, but it was not present to start with. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Getting Wake on lan to work
At Wed, 06 Oct 2010 21:33:25 +0100 CentOS mailing list centos@centos.org wrote: My system is: Intel CC820 motherboard (which supports PME# wake up for wake on LAN) 3com 3C905C which also supports wake on LAN via PME# Linux 5.5 The motherboard BIOS is later than one that reports an issue with WOL and this particular network card was fixed. But when I turn off the PC (shutdown or poweroff commands or front panel button), it cannot be restarted via WOL. The network light on the Ethernet card goes off so it looks like power is not being retained on the card. Although both the card and the motherboard have WOL headers my understanding is that these are not necessary if using PME# - is that correct? (I don't happen to have a WOL cable so can't just try one to confirm). Wondering if there is a BIOS setting for enabling PME# (and/or a setting/jumper on the NIC for this as well -- maybe ethtools or the 3COM tool (I believe there is a Linux port available) can set this. How can I make Linux shutdown and leave the Ethernet power on? I believe you need configure the power management setting in the BIOS to leave the system in 'standby' mode or something like that, rather than 'power off'. That is, the ACPI 'power off' command yields 'standby' mode (or something like that). The common suggestion on the 'net is to remove the -i switch from the shutdown script, but it was not present to start with. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Robert Heller -- 978-544-6933 Deepwoods Software-- Download the Model Railroad System http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows hel...@deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://) [SOLVED]
Are you aware that SSL on port 636 is now considered deprecated in favor of START_TLS on port 389? No, I'm not (I actually thought that it was the other way round) (...) What are the pro and cons of both approaches? Comments more than welcome You can, as an example, consult the Wikipedia article on LDAP. It states: --- StartTLS The StartTLS operation establishes Transport Layer Security (the descendant of SSL) on the connection. It can provide data confidentiality (to protect data from being observed by third parties) and/or data integrity protection (which protects the data from tampering). During TLS negotiation the server sends its X.509 certificate to prove its identity. The client may also send a certificate to prove its identity. After doing so, the client may then use SASL/EXTERNAL. By using the SASL/EXTERNAL, the client requests the server derive its identity from credentials provided at a lower level (such as TLS). Though technically the server may use any identity information established at any lower level, typically the server will use the identity information established by TLS. Servers also often support the non-standard LDAPS (Secure LDAP, commonly known as LDAP over SSL) protocol on a separate port, by default 636. LDAPS differs from LDAP in two ways: 1) upon connect, the client and server establish TLS before any LDAP messages are transferred (without a StartTLS operation) and 2) the LDAPS connection must be closed upon TLS closure. LDAPS was used with LDAPv2, because the StartTLS operation had not yet been defined. The use of LDAPS is deprecated, and modern software should only use StartTLS . http://en.wikipedia.org/wiki/LDAP --- A quick search will provide plenty of articles about the subject. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] GDM could not write to you authorization file ... Please contact your system adminstrator
On Wed, Oct 6, 2010 at 6:16 AM, Brent L. Bates blba...@vigyan.com wrote: This error sounds familiar. If it is the same problem I've had a couple of times, every time it happens, I forget what it was I did the last time to fix it. :-( After I remember, it seems almost obvious. After some more googling I found the solution and it wasn't obvious: sudo chmod 1777 /tmp In the case I really think the error message needs some improvement. I can see where getting the permissions right on the mount points can be tricky. I hope the rest of my permissions are ok. I used the following to do the heavy lifting (cd src; tar cf - --xattrs .) | (cd dest; tar xf -) Don't remember why I chose this over a cp -R based solution, or a similar idiom using dump/restore instead of tar. -- Drew Einhorn You can see a lot by just looking. -- Yogi Berra ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] GDM could not write to you authorization file ... Please contact your system adminstrator
On Wed, Oct 06, 2010 at 04:46:44PM -0600, drew einhorn wrote: After some more googling I found the solution and it wasn't obvious: sudo chmod 1777 /tmp This is the default value for /tmp. If your permissions were not set to this then somehow you managed to change them. (cd src; tar cf - --xattrs .) | (cd dest; tar xf -) A beginner SA mistake is to untar stuff into /tmp as root. This can change permissions on /tmp and break your system. Don't do it. It's not obvious and an easy to make mistake. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://)
On Wed, 2010-10-06 at 09:49 -0400, Scott Robbins wrote: On Wed, Oct 06, 2010 at 03:32:03PM +0200, Mathieu Baudier wrote: Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap file's entry for SLAPD_LDAPS and restart the ldap service on the server? This settings was indeed set to no. I changed the settings to yes and restarted the service, but it did not change anything. About the only other thing I can think of is an issue I ran into on later versions of Fedora. Now, /etc/openldap/ldap.conf needs TLS_REQCERT allow, but I think that's a Fedora thing. (On the other hand, we're only using CentOS as a server, not a client.) TLS_REQCERT allow is not a Fedora thing but rather typically necessary when you use a self-signed cert because there is no chain to a recognized CA. Thus any client whether Fedora, Ubuntu or CentOS might very well need that configuration. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP authentication on a remote server (via ldaps://)
On Wed, 2010-10-06 at 08:32 -0700, Paul Heinlein wrote: On Wed, 6 Oct 2010, Mathieu Baudier wrote: Now, I have a few servers in our local office and I would like them to authenticate from the remote LDAP server using encryption via ldaps://. (at this stage, without using client-side certificate) I have run a similar command as I did on the remote servers, replacing ldap://localldapserver by ldaps://ldap.mycompany.com: authconfig --enableldap --enableldapauth --enablecache --enablemkhomedir --ldapserver=ldaps://ldap.mycompany.com --enableldaptls --ldapbasedn=dc=mycompany,dc=com --passalgo=sha256 --updateall and I put the CA certificate at the right place. (either explicitly pointing to it TLS_CACERT or downloading it to /etc/openldap/cacerts vi system-configuration-authentication) In all my various tests, ldapsearch -x returns the content of the remote LDAP, so I guess that at least openldap clients are properly configured. But when I try: getent passwd the command hangs. I've never done ldaps to port 636, only TLS to port 389, so some of my comments may be slightly off-base in your situtation. Here are the changes I'd review: 1. After installing the CA cert, did you create a hash link? E.g., /usr/sbin/cacertdir_rehash /etc/openldap/cacerts 2. Make sure you know the difference between /etc/ldap.conf and /etc/openldap/ldap.conf. The former is used by nss_ldap, the latter by openldap clients. 3. Does /etc/ldap.conf have all the correct TLS entries, e.g., ssl start_tls tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts Additionally, I've had trouble using the uri directive in /etc/ldap.conf, esp. with encrypted connections. The host and port directives have worked better for me. 4. Does /etc/pam.d/system-auth have pam_ldap.so entries for auth, account, password, and session? 5. Are you running nscd? (I've found it indispensable when working with network auth.) 6. Review the changes to /etc/nsswitch.conf to make sure that the passwd, shadow, and group entries all query ldap. tls_checkpeer yes could cause problems - always depends nscd makes things harder to troubleshoot uri ldap://some_fqdn/ or uri ldaps://some_fqdn/ Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
