Re: [CentOS-es] (sin asunto)
Hola. Creo que alguien tiene un virus xD -- Oscar Osta Pueyo oostap.lis...@gmail.com _kiakli_ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Borré /boot ¿Podría reinstalarlo?
Buenos días a todos, en un grave error esta mañana borré el directorio /boot y con él la configuración del GRUP y los kernel instalados. Conretamente borré esto: removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Actualmente /boot está completamente vacío... ¿Alguien podría decirme algún modo de reinstalarlo de nuevo? ¿Podría hacerse esto sin necesidad de reiniciar la máquina desde un live-cd? De antemano, muchas gracias por sus respuestas. Miguel A. Velasco. Ing de Sistemas. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Miguel A. Velasco wrote: Buenos días a todos, en un grave error esta mañana borré el directorio /boot y con él la configuración del GRUP y los kernel instalados. Conretamente borré esto: bien! GRUB no sé cómo se logra pero se logra. A mi me pasó una vez pues formateé la partición incorrecta, por suerte era la de /boot y no la de / por ejemplo. NO APAGUES EL SERVIDOR, funcionará por toda una vida así.. mientras no lo apagues! No le actualices, hasta que tengas todo recuperado. Bien, vamos a lo serio: Le puedes recuperar desde respaldos. Bueno, es una ironía, pero seguro no tenías respaldos de /boot, ok. Cómo la recuperé? Pues además no quería apagar el servidor pues estaba a miles de kms al norte de donde vivo. Le copié el /boot de otro servidor que tenía el mismo sistema. Y después tuve que realizarle ajustes al grub.conf (menu.lst) para que al arrancar arrancara con el mismo root= y demás posibles diferencias. En realidad ambos servidores tenían el mismo particionamiento por lo que no tuve que cambiar nada, pero ten en cuenta esto. Después de dedicarle varios días aprendiendo durísimo grub, pero fortísimo pues no quería errores, después de pasar noches incontables probando aqui y allá con maquinas de prueba... me quedé complacido con el cómo quedó. Y así dejé el servidor muchas semanas más encendido y sin reiniciar hasta que vino una nueva actualización del kernel, ahi mandé a actualizar y verifiqué que el grub.conf quedó correctamente configurado, y entonces, una noche de un sábado, bien tarde, reinicié el servidor... después de varios minutos de tensión, arrancó solito. Quizá en tu caso tengas el server cerca y puedas manejar cualquier error con un CD si algo te fallara, pero yo no quería arriesgar que el server estuviera varias horas caído hasta que un técnico del datacentro se pudiera acercar, encontrar el error y tener la suficiente experiencia para arreglarlo... no no. suerte! saludos epe removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Actualmente /boot está completamente vacío... ¿Alguien podría decirme algún modo de reinstalarlo de nuevo? ¿Podría hacerse esto sin necesidad de reiniciar la máquina desde un live-cd? De antemano, muchas gracias por sus respuestas. Miguel A. Velasco. Ing de Sistemas. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] (sin asunto)
Creo que alguien usa Windows! xD From: Oscar Osta Pueyo oostap.lis...@gmail.com To: centos-es@centos.org Sent: Fri, 18 March, 2011 3:54:14 Subject: Re: [CentOS-es] (sin asunto) Hola. Creo que alguien tiene un virus xD -- Oscar Osta Pueyo oostap.lis...@gmail.com _kiakli_ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Repositorio PowerStack para CentOS
El 18/03/11, Santi Saez santis...@woop.es escribió: El 18/03/2011 4:47, Edg@r Rodolfo escribió: Hola Edgar! Hola, no habrá conflictos luego con phpmyadmin?, esta última la uso con repo epel, y me instala paquetes antiguos de php, no se si esté equivocado, aunque también podría usar phpmyadmin manualmente, pero si deseo usar desde yum?, algún conflicto? Aunque te he contestado por Facebook lo hago también por aquí ;-) Acabo de instalar el phpMyAdmin de EPEL junto a MySQL 5.5.9 + PHP 5.3.5 de PowerStack y funciona todo sin problemas, para muestra un pantallazo: http://filesocial.com/3o9k0ha Si alguien utiliza esta configuración en un servidor con Plesk el entrar a phpMyAdmin se encontrará con la siguiente alerta: Su versión de librería PHP MySQL 5.0.67 es distinta de aquella de su versión de servidor MySQL 5.5.9. Esto puede ocasionar un comportamiento impredecible. Se trata de un warning que se puede omitir, por si a alguien le interesa dejo un comentario que explica el motivo de esa alerta en Plesk + MySQL 5.5 + phpMyAdmin: http://goo.gl/8xYDu Saludos! Muchas gracias por responder, de ahora en adelante usaré el repositorio que me indicas, hasta ahora solo había usado: RPMforge, epel, Saludos lo probaré algún detalle lo comentaré por este medio, saludos. -- Santi Saez http://woop.es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Edguit@r http://cybernautape.blogspot.com ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Hola, 2011/3/18 Miguel A. Velasco miguel.suscripc...@gmail.com: Buenos días a todos, en un grave error esta mañana borré el directorio /boot y con él la configuración del GRUP y los kernel instalados. Conretamente borré esto: removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Y...¿no sería posible recuperar todo esto reinstalando los paquetes kernel-PAE y grub con yum reinstall? Luego sería cuestión de ver con otro equipo que no falta ningún fichero importante y comprobar que es correcto /boot/grub/menu.lst. -- Oscar Osta Pueyo oostap.lis...@gmail.com _kiakli_ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Gracias Ernesto por responder y además hacerlo tan rápido. La verdad es que leer tu correo me ha tranquilazado ya que comprobar que tú saliste de ésta anima. Estoy siguiendo tu consejo y he copiado todo el /boot de un servidor similar al que tiene el problema. De hecho tienen el mismo particionado y están al mismo nivel de actualización en el Kernel. La única diferencia que hay es que el servidor donde eliminé /boot tiene un Kernel-PAE para poder usar los 6Gb de RAM en su plataforma de 32bits y del que he copiado el /boot no lo tiene. Pero, tal y como has dicho voy a repasar detenidamente la estructura y esperaré a que salga una actualización nueva del Kernel-PAE para instalarla y posteriormente reiniciar el servidor. Por cierto, no lo dudes: no apagaré el servidor hasta que lo tenga MUY claro. Ah! y no ... no tenía copia del /boot :), lo cual me habría ahorrado esta mañana un mal trago pero desde luego lo incluiré en el plan de copias para la empresa. De nuevo gracias por tu ayuda, y si hay alguien que pueda aportarme otra experiencia será muy bienvenido. Un cordial saludo, Miguel A. Velasco Ing de Sistemas El 18/03/2011 13:29, Ing. Ernesto Pérez Estévez escribió: Miguel A. Velasco wrote: Buenos días a todos, en un grave error esta mañana borré el directorio /boot y con él la configuración del GRUP y los kernel instalados. Conretamente borré esto: bien! GRUB no sé cómo se logra pero se logra. A mi me pasó una vez pues formateé la partición incorrecta, por suerte era la de /boot y no la de / por ejemplo. NO APAGUES EL SERVIDOR, funcionará por toda una vida así.. mientras no lo apagues! No le actualices, hasta que tengas todo recuperado. Bien, vamos a lo serio: Le puedes recuperar desde respaldos. Bueno, es una ironía, pero seguro no tenías respaldos de /boot, ok. Cómo la recuperé? Pues además no quería apagar el servidor pues estaba a miles de kms al norte de donde vivo. Le copié el /boot de otro servidor que tenía el mismo sistema. Y después tuve que realizarle ajustes al grub.conf (menu.lst) para que al arrancar arrancara con el mismo root= y demás posibles diferencias. En realidad ambos servidores tenían el mismo particionamiento por lo que no tuve que cambiar nada, pero ten en cuenta esto. Después de dedicarle varios días aprendiendo durísimo grub, pero fortísimo pues no quería errores, después de pasar noches incontables probando aqui y allá con maquinas de prueba... me quedé complacido con el cómo quedó. Y así dejé el servidor muchas semanas más encendido y sin reiniciar hasta que vino una nueva actualización del kernel, ahi mandé a actualizar y verifiqué que el grub.conf quedó correctamente configurado, y entonces, una noche de un sábado, bien tarde, reinicié el servidor... después de varios minutos de tensión, arrancó solito. Quizá en tu caso tengas el server cerca y puedas manejar cualquier error con un CD si algo te fallara, pero yo no quería arriesgar que el server estuviera varias horas caído hasta que un técnico del datacentro se pudiera acercar, encontrar el error y tener la suficiente experiencia para arreglarlo... no no. suerte! saludos epe removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Actualmente /boot está completamente vacío... ¿Alguien podría decirme algún modo de reinstalarlo de nuevo? ¿Podría hacerse esto sin necesidad de reiniciar la máquina desde un live-cd? De antemano, muchas gracias por sus respuestas. Miguel A. Velasco. Ing de Sistemas. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Miguel A. Velasco wrote: Gracias Ernesto por responder y además hacerlo tan rápido. La verdad es que leer tu correo me ha tranquilazado ya que comprobar que tú saliste de ésta anima. Estoy siguiendo tu consejo y he copiado todo el /boot de un servidor similar al que tiene el problema. De hecho tienen el mismo particionado y están al mismo nivel de actualización en el Kernel. La única diferencia que hay es que el servidor donde eliminé /boot tiene un Kernel-PAE para poder usar los 6Gb de RAM en su plataforma de 32bits y bien, con el kernel no PAE podrás efectivamente arrancar y verificar que funcione pero con 3.9GB nada más... pero bueno: ya que tienes medio segura la cosa, intenta yum erase kernel-PAE (pues ahora el sistema se piensa que hay paquetes que faltan en partes) o rpm -e nombredelkernelpae y después yum install kernel-PAE. Una sugerencia: Realmente por dejar todo limpio, una vez verifiques pudiste arrancar con nuevo el kernel-PAE instalado, borra los otros kernels que eran del otro equipo lo más preocupante ahora es que cuando hagas yum install kernel-PAE quizá no actualicé el grub.conf, por lo demás uf qué suerte que no es en mis equipos Como comentario final: por eso me gusta virtualizar, porque trabajar una burrada así en una máquina virtual es definitivamente 100 veces más fácil. saludos epe del que he copiado el /boot no lo tiene. Pero, tal y como has dicho voy a repasar detenidamente la estructura y esperaré a que salga una actualización nueva del Kernel-PAE para instalarla y posteriormente reiniciar el servidor. Por cierto, no lo dudes: no apagaré el servidor hasta que lo tenga MUY claro. Ah! y no ... no tenía copia del /boot :), lo cual me habría ahorrado esta mañana un mal trago pero desde luego lo incluiré en el plan de copias para la empresa. De nuevo gracias por tu ayuda, y si hay alguien que pueda aportarme otra experiencia será muy bienvenido. Un cordial saludo, Miguel A. Velasco Ing de Sistemas El 18/03/2011 13:29, Ing. Ernesto Pérez Estévez escribió: Miguel A. Velasco wrote: Buenos días a todos, en un grave error esta mañana borré el directorio /boot y con él la configuración del GRUP y los kernel instalados. Conretamente borré esto: bien! GRUB no sé cómo se logra pero se logra. A mi me pasó una vez pues formateé la partición incorrecta, por suerte era la de /boot y no la de / por ejemplo. NO APAGUES EL SERVIDOR, funcionará por toda una vida así.. mientras no lo apagues! No le actualices, hasta que tengas todo recuperado. Bien, vamos a lo serio: Le puedes recuperar desde respaldos. Bueno, es una ironía, pero seguro no tenías respaldos de /boot, ok. Cómo la recuperé? Pues además no quería apagar el servidor pues estaba a miles de kms al norte de donde vivo. Le copié el /boot de otro servidor que tenía el mismo sistema. Y después tuve que realizarle ajustes al grub.conf (menu.lst) para que al arrancar arrancara con el mismo root= y demás posibles diferencias. En realidad ambos servidores tenían el mismo particionamiento por lo que no tuve que cambiar nada, pero ten en cuenta esto. Después de dedicarle varios días aprendiendo durísimo grub, pero fortísimo pues no quería errores, después de pasar noches incontables probando aqui y allá con maquinas de prueba... me quedé complacido con el cómo quedó. Y así dejé el servidor muchas semanas más encendido y sin reiniciar hasta que vino una nueva actualización del kernel, ahi mandé a actualizar y verifiqué que el grub.conf quedó correctamente configurado, y entonces, una noche de un sábado, bien tarde, reinicié el servidor... después de varios minutos de tensión, arrancó solito. Quizá en tu caso tengas el server cerca y puedas manejar cualquier error con un CD si algo te fallara, pero yo no quería arriesgar que el server estuviera varias horas caído hasta que un técnico del datacentro se pudiera acercar, encontrar el error y tener la suficiente experiencia para arreglarlo... no no. suerte! saludos epe removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Actualmente /boot está completamente vacío... ¿Alguien podría decirme algún modo de reinstalarlo de nuevo? ¿Podría hacerse esto sin
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Hola Oscar y gracias por tu ayuda. Creo que con yum reinstall no es posible reinstalar un Kernel. El man dice así: reinstall Will reinstall the identically versioned package as is currently installed. This does not work for installonly packages, like Kernels. reinstall operates on groups, files, provides and filelists just like the install command De hecho he probado el comando: (15:19:40)[root-boot]# yum reinstall kernel-PAE-2.6.18-194.32.1.el5 Loaded plugins: fastestmirror Setting up Reinstall Process Loading mirror speeds from cached hostfile * addons: centos.mirror.xtratelecom.es * base: centos.mirror.xtratelecom.es * extras: centos.mirror.xtratelecom.es * rpmforge: ftp-stud.fht-esslingen.de * updates: centos.mirror.xtratelecom.es Package kernel-PAE-2.6.18-194.32.1.el5.i686 is allowed multiple installs, skipping Nothing to do En cualquier caso, gracias por tu ayuda y saludos, Miguel A. Velasco Ing de Sistemas El 18/03/2011 15:05, Oscar Osta Pueyo escribió: Hola, 2011/3/18 Miguel A. Velascomiguel.suscripc...@gmail.com: Buenos días a todos, en un grave error esta mañana borré el directorio /boot y con él la configuración del GRUP y los kernel instalados. Conretamente borré esto: removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Y...¿no sería posible recuperar todo esto reinstalando los paquetes kernel-PAE y grub con yum reinstall? Luego sería cuestión de ver con otro equipo que no falta ningún fichero importante y comprobar que es correcto /boot/grub/menu.lst. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Hola de nuevo Ernesto y gracias por estar ahí. Hay una cosa que no terminé de entender correctamente en tu último correo: ¿qué es preferible, esperar a que salga una actualización del Kernel-PAE o bien hacer un yum erase Kernel-PAE de todos los kernel-PAE instalados en el Servidor e instalar uno nuevo con yum install Kernel-PAE? Además comentabas que quizás al actualizar el kernel no se reflejen los cambios en el grub.conf. ¿Te sucedió a ti eso? En ese caso, habrías que ponerlos a mano ¿no? Quizás la solución pase por montar una máquina virtual para simular el borrado del /boot y hacer las pruebas de restauración ... Gracias por tu tiempo. Saludos, Miguel A. Velasco Ing de Sistemas. Una sugerencia: Realmente por dejar todo limpio, una vez verifiques pudiste arrancar con nuevo el kernel-PAE instalado, borra los otros kernels que eran del otro equipo lo más preocupante ahora es que cuando hagas yum install kernel-PAE quizá no actualicé el grub.conf, por lo demás uf qué suerte que no es en mis equipos Como comentario final: por eso me gusta virtualizar, porque trabajar una burrada así en una máquina virtual es definitivamente 100 veces más fácil. saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
hacer un yum erase Kernel-PAE de todos los kernel-PAE instalados en el Servidor e instalar uno nuevo con yum install Kernel-PAE? no esperes, borra y reinstala... Además comentabas que quizás al actualizar el kernel no se reflejen los cambios en el grub.conf. ¿Te sucedió a ti eso? En ese caso, habrías que ponerlos a mano ¿no? no recuerdo, fue allá por el 2003 o algo así, y la memoria es borrosa.. pero simplemente al instalar mira en el grub.conf y verifica que se hayan puesto las lineas referentes al recien instalado kernel. Quizás la solución pase por montar una máquina virtual para simular el borrado del /boot y hacer las pruebas de restauración ... sí, no sería mala idea. saludos epe Gracias por tu tiempo. Saludos, Miguel A. Velasco Ing de Sistemas. Una sugerencia: Realmente por dejar todo limpio, una vez verifiques pudiste arrancar con nuevo el kernel-PAE instalado, borra los otros kernels que eran del otro equipo lo más preocupante ahora es que cuando hagas yum install kernel-PAE quizá no actualicé el grub.conf, por lo demás uf qué suerte que no es en mis equipos Como comentario final: por eso me gusta virtualizar, porque trabajar una burrada así en una máquina virtual es definitivamente 100 veces más fácil. saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Ok, seguiré tus consejos. Antes de lanzarme al vacío probaré en una máquina virtual. Informaré a la lista sobre los resultados positivos o no de lo que al final pase aunque me llevará tiempo reiniciar la máquina ya que quiero estar completamente seguro de la respuesta. Gracias Epe y saludos, Miguel A. Velasco Ing de Sistemas. El 18/03/2011 16:33, Ing. Ernesto Pérez Estévez escribió: hacer un yum erase Kernel-PAE de todos los kernel-PAE instalados en el Servidor e instalar uno nuevo con yum install Kernel-PAE? no esperes, borra y reinstala... Además comentabas que quizás al actualizar el kernel no se reflejen los cambios en el grub.conf. ¿Te sucedió a ti eso? En ese caso, habrías que ponerlos a mano ¿no? no recuerdo, fue allá por el 2003 o algo así, y la memoria es borrosa.. pero simplemente al instalar mira en el grub.conf y verifica que se hayan puesto las lineas referentes al recien instalado kernel. Quizás la solución pase por montar una máquina virtual para simular el borrado del /boot y hacer las pruebas de restauración ... sí, no sería mala idea. saludos epe Gracias por tu tiempo. Saludos, Miguel A. Velasco Ing de Sistemas. Una sugerencia: Realmente por dejar todo limpio, una vez verifiques pudiste arrancar con nuevo el kernel-PAE instalado, borra los otros kernels que eran del otro equipo lo más preocupante ahora es que cuando hagas yum install kernel-PAE quizá no actualicé el grub.conf, por lo demás uf qué suerte que no es en mis equipos Como comentario final: por eso me gusta virtualizar, porque trabajar una burrada así en una máquina virtual es definitivamente 100 veces más fácil. saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Saludos, hermano. Ok, seguiré tus consejos. Antes de lanzarme al vacío probaré en una máquina virtual. Informaré a la lista sobre los resultados positivos o no de lo que al final pase aunque me llevará tiempo reiniciar la máquina ya que quiero estar completamente seguro de la respuesta. Chama, avanza. Métele el pecho que muchos de nosotros hemos pasado por eso. Yo una vez accidentalmente borré a /boot y a /bin sin querer y me las vi negras, pero como siempre teníamos la posibilidad de jugar con los HDD de los servidores, pues, restauré a base de copia-pega. Aprenderse el formato del grub.conf no es difícil. Oye, el grub.conf de un hypervisor Xen sobre CentOS es un poquitico más feito que uno normal y se aprende, y si te tiras para Debian, es lo mismo, lo que con algunos cambios. :) Gracias Epe y saludos, Miguel A. Velasco Ing de Sistemas. El 18/03/2011 16:33, Ing. Ernesto Pérez Estévez escribió: hacer un yum erase Kernel-PAE de todos los kernel-PAE instalados en el Servidor e instalar uno nuevo con yum install Kernel-PAE? no esperes, borra y reinstala... Además comentabas que quizás al actualizar el kernel no se reflejen los cambios en el grub.conf. ¿Te sucedió a ti eso? En ese caso, habrías que ponerlos a mano ¿no? no recuerdo, fue allá por el 2003 o algo así, y la memoria es borrosa.. pero simplemente al instalar mira en el grub.conf y verifica que se hayan puesto las lineas referentes al recien instalado kernel. Quizás la solución pase por montar una máquina virtual para simular el borrado del /boot y hacer las pruebas de restauración ... sí, no sería mala idea. saludos epe Gracias por tu tiempo. Saludos, Miguel A. Velasco Ing de Sistemas. Una sugerencia: Realmente por dejar todo limpio, una vez verifiques pudiste arrancar con nuevo el kernel-PAE instalado, borra los otros kernels que eran del otro equipo lo más preocupante ahora es que cuando hagas yum install kernel-PAE quizá no actualicé el grub.conf, por lo demás uf qué suerte que no es en mis equipos Como comentario final: por eso me gusta virtualizar, porque trabajar una burrada así en una máquina virtual es definitivamente 100 veces más fácil. saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Chama, avanza. Métele el pecho que muchos de nosotros hemos pasado por eso. Yo una vez accidentalmente borré a /boot y a /bin sin querer y me las vi debe haber sido rm -rf /b* (por la B al inicio). aprende, y si te tiras para Debian, es lo mismo, lo que con algunos cambios. lo que pasa es que es una lista de CentOS. Ayudémosle en su problema no le confundamos más. saludos! epe :) Gracias Epe y saludos, Miguel A. Velasco Ing de Sistemas. El 18/03/2011 16:33, Ing. Ernesto Pérez Estévez escribió: hacer un yum erase Kernel-PAE de todos los kernel-PAE instalados en el Servidor e instalar uno nuevo con yum install Kernel-PAE? no esperes, borra y reinstala... Además comentabas que quizás al actualizar el kernel no se reflejen los cambios en el grub.conf. ¿Te sucedió a ti eso? En ese caso, habrías que ponerlos a mano ¿no? no recuerdo, fue allá por el 2003 o algo así, y la memoria es borrosa.. pero simplemente al instalar mira en el grub.conf y verifica que se hayan puesto las lineas referentes al recien instalado kernel. Quizás la solución pase por montar una máquina virtual para simular el borrado del /boot y hacer las pruebas de restauración ... sí, no sería mala idea. saludos epe Gracias por tu tiempo. Saludos, Miguel A. Velasco Ing de Sistemas. Una sugerencia: Realmente por dejar todo limpio, una vez verifiques pudiste arrancar con nuevo el kernel-PAE instalado, borra los otros kernels que eran del otro equipo lo más preocupante ahora es que cuando hagas yum install kernel-PAE quizá no actualicé el grub.conf, por lo demás uf qué suerte que no es en mis equipos Como comentario final: por eso me gusta virtualizar, porque trabajar una burrada así en una máquina virtual es definitivamente 100 veces más fácil. saludos epe ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
... Chama, avanza. Métele el pecho que muchos de nosotros hemos pasado por eso. Yo una vez accidentalmente borré a /boot y a /bin sin querer y me las vi debe haber sido rm -rf /b* (por la B al inicio). Exato. aprende, y si te tiras para Debian, es lo mismo, lo que con algunos cambios. lo que pasa es que es una lista de CentOS. Ayudémosle en su problema no le confundamos más. Hey, heym suave, Epe. No lo decía para confundirlo. Sorry. :) -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Realmente me cepillé el /boot y el /bin en una buena cagada al estilo de $rm -rfv VARIABLE_QUE_NO_EXISTE en el mismo / con un par :) mientras probaba la ejecución de un shell script que estoy haciendo ... En fin cagadas de esas en las que te quedas pálido y no sabes dónde meterte de lo pendejo que has sido... El /bin lo recuperé montando una partición por NFS desde otro server porque ni el ssh me iba. Luego copié el /bin a su lugar original. En cualquier caso, gracias por vuestros comentarior. Estoy instalando una máquina virtual y haré unas cuantas pruebas antes del temido reinicio. Una duda más, si el equipo no reiniciase, ¿hay modo desde el cd de instalación para instalar un nuevi boot? Gracias a todos y saludos, Miguel A.Velasco Ing de Sistemas El 18/03/2011 17:43, Hector Suarez Planas escribió: ... Chama, avanza. Métele el pecho que muchos de nosotros hemos pasado por eso. Yo una vez accidentalmente borré a /boot y a /bin sin querer y me las vi debe haber sido rm -rf /b* (por la B al inicio). Exato. aprende, y si te tiras para Debian, es lo mismo, lo que con algunos cambios. lo que pasa es que es una lista de CentOS. Ayudémosle en su problema no le confundamos más. Hey, heym suave, Epe. No lo decía para confundirlo. Sorry. :) -- ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Hola... Yo no soy experto pero se me ocurre que publiques las caracteristicas del servidor. ¿que tal si alguno de la lista tenemos uno igual? ¿seria factible pasarte esos archivos borrados? r.lara ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Poniendo mis barbas a remojar....
cuando vemos las del vecino cortar!..eso dice el refran Y mirando el problema que tiene Miguel A. Velasco me pregunto: ¿que se debo de hacer para resolver con mas facilidad un accidente asi? ¿una copia de todo el disco? ¿o solo de cietos directorios o particciones? ¿una imagen del disco? ¿un cd de inicializacion con mkbootdisk? ¿que sugieren o que hacen ustedes, los expertos? Saludos y agradezco que compartan su experiencia y opinion al respecto. René Lara ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
Hola de nuevo, en respuesta al comentario de René deciros que el servidor que sufrió los azotes de mi mano ligera en la mañana es un Dell PowerEdge 2950 con dos discos en Raid por Hardware con 250Gb y 6 Gb de RAM. Sobre el sistema se me ocurre que les pueda interesar esto: (22:25:06)[root-~]# uname -a Linux lorca.lycelet.local 2.6.18-164.11.1.el5PAE #1 SMP Wed Jan 20 08:16:13 EST 2010 i686 i686 i386 GNU/Linux (22:25:17)[root-~]# lvscan ACTIVE'/dev/vg_system/lv_root' [7.00 GB] inherit ACTIVE'/dev/vg_system/lv_datos' [119.00 GB] inherit ACTIVE'/dev/vg_system/lv_home' [55.00 GB] inherit ACTIVE'/dev/vg_system/lv_var' [8.00 GB] inherit ACTIVE'/dev/vg_system/lv_swap' [4.00 GB] inherit ACTIVE'/dev/vg_system/lv_iscsi' [35.12 GB] inherit (22:33:16)[root-~]# fdisk -l Disk /dev/sda: 249.3 GB, 249376538624 bytes 255 heads, 63 sectors/track, 30318 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 13 104391 83 Linux /dev/sda2 14 30318 243424912+ 8e Linux LVM Y como dije en mi mensaje inicial estos han sido los archivos borrados: removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Si alguien dispone de un servidor con estas características y con un centos 5.5 y el mismo nivel de Kernel le agradecería mucho su ayuda. Por cierto, ya estoy montando una máquina virtual con la que poder hacer algunas pruebas pero mientras tanto alguien podría resolverme la siguiente duda: el servidor del que he copiado el directorio /boot para suplir al eliminado es un equipo con el mismo centos 5.5 y el mismo nivel de kernel pero sin PAE como les comenté. Pero el hardware es completamente diferente, ¿valdría su /boot entonces para iniciar el servidor dañado?. Quizás algún experto en Linux se lleve las manos a la cabeza con semejante pregunta pero lo cierto es que no tengo ni idea ... Gracias a todos por su tiempo y un cordial saludo, Miguel A. Velasco Ing de Sistemas Hola... Yo no soy experto pero se me ocurre que publiques las caracteristicas del servidor. ¿que tal si alguno de la lista tenemos uno igual? ¿seria factible pasarte esos archivos borrados? r.lara ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
... Hola de nuevo, en respuesta al comentario de René deciros que el servidor que sufrió los azotes de mi mano ligera en la mañana es un Dell PowerEdge 2950 con dos discos en Raid por Hardware con 250Gb y 6 Gb de Dámelo, compadre Ese es uno de los servers que me hacen falta. :D RAM. Sobre el sistema se me ocurre que les pueda interesar esto: (22:25:06)[root-~]# uname -a Linux lorca.lycelet.local 2.6.18-164.11.1.el5PAE #1 SMP Wed Jan 20 08:16:13 EST 2010 i686 i686 i386 GNU/Linux (22:25:17)[root-~]# lvscan ACTIVE'/dev/vg_system/lv_root' [7.00 GB] inherit ACTIVE'/dev/vg_system/lv_datos' [119.00 GB] inherit ACTIVE'/dev/vg_system/lv_home' [55.00 GB] inherit ACTIVE'/dev/vg_system/lv_var' [8.00 GB] inherit ACTIVE'/dev/vg_system/lv_swap' [4.00 GB] inherit ACTIVE'/dev/vg_system/lv_iscsi' [35.12 GB] inherit (22:33:16)[root-~]# fdisk -l Disk /dev/sda: 249.3 GB, 249376538624 bytes 255 heads, 63 sectors/track, 30318 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 13 104391 83 Linux /dev/sda2 14 30318 243424912+ 8e Linux LVM Y como dije en mi mensaje inicial estos han sido los archivos borrados: removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Si alguien dispone de un servidor con estas características y con un centos 5.5 y el mismo nivel de Kernel le agradecería mucho su ayuda. Por cierto, ya estoy montando una máquina virtual con la que poder hacer algunas pruebas pero mientras tanto alguien podría resolverme la siguiente duda: el servidor del que he copiado el directorio /boot para suplir al eliminado es un equipo con el mismo centos 5.5 y el mismo nivel de kernel pero sin PAE como les comenté. Pero el hardware es completamente diferente, ¿valdría su /boot entonces para iniciar el servidor dañado?. Quizás algún experto en Linux se lleve las manos a la cabeza con semejante pregunta pero lo cierto es que no tengo ni idea ... Chama, mira, por lo que se ve ahí, ya ese kernel se ha actualizado varias veces. De momento te harían falta los paquetes RPM originales donde están esos archivos y ponerlos en el mismo lugar (evidentemente te hará falta el paquete de la versión normal y la PAE). Eso lo puedes hacer reinstalando los paquetes o haciendo eso a mano. De todas maneras, si pones un uname -r (o -a) para ver la versión del kernel instalada, ya tendrías un buen paso de avance. En el caso de /bin, ese lo puedes restaurar de un servidor que tenga casi las mismas aplicaciones instaladas. Ahora bien en el caso del /boot, tienes que recuperar esos archivos que están ahí desde los paquetes originales, de paso te digo que me preocupa el System.map y el initrd de la versión del kernel. Una vez que los recuperes, re-crea otra vez el grub.conf fijándote en uno ya existente y... la otra parte sería tuya --- reboot y cruzar los dedos. :| -- Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas Infomed: http://www.sld.cu/ ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo?
ok, lo siento, por mi parte tengo solo hp y sin raid - Original Message - From: Miguel A. Velasco miguel.suscripc...@gmail.com To: centos-es@centos.org Sent: Friday, March 18, 2011 3:43 PM Subject: Re: [CentOS-es] Borré /boot ¿Podría reinstalarlo? Hola de nuevo, en respuesta al comentario de René deciros que el servidor que sufrió los azotes de mi mano ligera en la mañana es un Dell PowerEdge 2950 con dos discos en Raid por Hardware con 250Gb y 6 Gb de RAM. Sobre el sistema se me ocurre que les pueda interesar esto: (22:25:06)[root-~]# uname -a Linux lorca.lycelet.local 2.6.18-164.11.1.el5PAE #1 SMP Wed Jan 20 08:16:13 EST 2010 i686 i686 i386 GNU/Linux (22:25:17)[root-~]# lvscan ACTIVE'/dev/vg_system/lv_root' [7.00 GB] inherit ACTIVE'/dev/vg_system/lv_datos' [119.00 GB] inherit ACTIVE'/dev/vg_system/lv_home' [55.00 GB] inherit ACTIVE'/dev/vg_system/lv_var' [8.00 GB] inherit ACTIVE'/dev/vg_system/lv_swap' [4.00 GB] inherit ACTIVE'/dev/vg_system/lv_iscsi' [35.12 GB] inherit (22:33:16)[root-~]# fdisk -l Disk /dev/sda: 249.3 GB, 249376538624 bytes 255 heads, 63 sectors/track, 30318 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 13 104391 83 Linux /dev/sda2 14 30318 243424912+ 8e Linux LVM Y como dije en mi mensaje inicial estos han sido los archivos borrados: removed `/boot/symvers-2.6.18-194.32.1.el5PAE.gz' removed `/boot/symvers-2.6.18-53.1.21.el5.gz' removed `/boot/initrd-2.6.18-92.1.10.el5.img' removed `/boot/config-2.6.18-53.1.21.el5' removed `/boot/config-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-53.1.21.el5' removed `/boot/symvers-2.6.18-92.1.10.el5.gz' removed `/boot/initrd-2.6.18-92.1.22.el5PAE.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5PAE' removed `/boot/System.map-2.6.18-92.1.22.el5PAE' removed `/boot/initrd-2.6.18-164.11.1.el5PAE.img' removed `/boot/vmlinuz-2.6.18-164.11.1.el5PAE' removed `/boot/vmlinuz-2.6.18-194.32.1.el5PAE' removed `/boot/initrd-2.6.18-92.1.22.el5PAE_old.img' removed `/boot/vmlinuz-2.6.18-92.1.22.el5' removed `/boot/.vmlinuz-2.6.18-194.32.1.el5PAE.hmac' removed `/boot/symvers-2.6.18-92.1.22.el5PAE.gz' Si alguien dispone de un servidor con estas características y con un centos 5.5 y el mismo nivel de Kernel le agradecería mucho su ayuda. Por cierto, ya estoy montando una máquina virtual con la que poder hacer algunas pruebas pero mientras tanto alguien podría resolverme la siguiente duda: el servidor del que he copiado el directorio /boot para suplir al eliminado es un equipo con el mismo centos 5.5 y el mismo nivel de kernel pero sin PAE como les comenté. Pero el hardware es completamente diferente, ¿valdría su /boot entonces para iniciar el servidor dañado?. Quizás algún experto en Linux se lleve las manos a la cabeza con semejante pregunta pero lo cierto es que no tengo ni idea ... Gracias a todos por su tiempo y un cordial saludo, Miguel A. Velasco Ing de Sistemas Hola... Yo no soy experto pero se me ocurre que publiques las caracteristicas del servidor. ¿que tal si alguno de la lista tenemos uno igual? ¿seria factible pasarte esos archivos borrados? r.lara ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] Cannot %include in CentOS 5.5 kickstart
whitivery co55-s...@dea.spamcon.org wrote: whitivery co55-s...@dea.spamcon.org wrote: Patrick Lists centos-l...@puzzled.xs4all.nl wrote: On 03/10/2011 08:14 AM, whitivery wrote: # This does not work %include /tmp/drvdisk # This works #driverdisk --source=nfs:10.0.4.157:/srv/cobbler/RHEL5.5_x86_402_409_410_DD.img %packages @base @core %pre --erroronfail echo driverdisk --source=nfs:10.0.4.157:/srv/cobbler/RHEL5.5_x86_402_409_410_DD.img /tmp/drvdisk Although lacking a good caffeine fix the only difference I notice with some examples is that they do this: %include /tmp/drvdisk.sh . . . %pre echo driverdisk --source=nfs:10.1.2.3:/foo/image.img /tmp/drvdisk.sh Notice the usage of .sh in the drvdisk.sh filename? Thanks for the idea - but it didn't make any difference. I even did chmod +x on the created file. I'm suspecting it's something specific to the driverdisk command, I'll play around if I get a chance and see if including other things works as expected - in my previous 4.4 work I never used a driver disk. Today I tried including something other than driverdisk (I put the partitioning commands in an include file), and it works fine. So it's something specific to the driverdisk command. Today I tried HTTP instead of NFS for driver disk access. It made no difference - works fine when directly in the kickstart file, fails when attempt to %include it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/Active Directory authentication
On Thu, Mar 17, 2011 at 6:18 AM, John Hodrien j.h.hodr...@leeds.ac.uk wrote: On Wed, 16 Mar 2011, Michael B Allen wrote: I don't know what the official view is on going through a CNAME but I think that is probably a dubious practice. The proper way to handle this scenario would be to add another servicePrincipalName value for HTTP/www.friendly and a corresponding keytab entry for HTTP/www.friendly@KRB-REALM. Dubious why? If I go with your method at the very least I now need more records in AD for machines that don't exist, and I'm guessing I'll be creating them by being a domain administrator, which is inconvenient in large organisations. I'm assuming I'll also be needing to add A records for these domains. Kerberos surely won't be a fan of there not being a PTR record, so I assume you'd need multiple PTR records. Is this really the path you're suggesting going down? I'm genuinely interested here, I'm not having a dig. Hi John, Arguably it's not the end-of-the-world to go though CNAMEs. If it works for you, then don't let me deter you. But you do realize that it requires the client to have logic to see ah, the record returned is a CNAME so let's use this name to build the principal instead? And I would not be surprised to see some scenario where the client actually tried to get a ticket with the supplied name and than fell-back to using the CNAME in which case you have extra DNS and Kerberos traffic. If at some point someone wants to use another HTTP client from a cron job or some Java app, is that client going to handle the CNAME correctly? What happends if the client application needs the original princpal name for some reason? It will get what the CNAME points to. That could be weird for the app or a developer. And then if you move the website to another server the principal name is now suddenly different? CNAMEs in general are dubious. And not just for Kerberos. Also short names are dubios. Is it a NetBIOS name or does the client have a proper DNS search suffix configured? And in the later case it takes extra DNS queries to get the name. Why have all this extra indirection on top of an already fickle protocol? Regarding PTR records, I don't think kerberos would have any problem without them. Actually I seem to recall that once upon a time old Kerberos clients used to automatically try PTR lookups to get the primary hostname first but that practice has long since been ruled bad and clients no longer do it. That might be what you're thinking of. If you're going to have user's trying to use a site with a certain hostname, IMO you should just have a proper A and PTR records. Yeah, it can work without. But not always and it can be a burden for users to figure out the problem and for admins to add the necessary SPN, A and PTR records, get rid of the CNAME, wait for the cache to clear, purge all the old tickets, etc. Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security updates?
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Timothy Murphy Sent: Friday, March 18, 2011 1:33 AM To: centos@centos.org Subject: Re: [CentOS] security updates? However, I don't think people who ask reasonable questions politely should be castigated for doing so. To my eyes it looked very much like a when will it be done-post yet again. Maybe I was too harsh, maybe not. I'll just ignore those posts in the future. Let's leave it at that. -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security updates?
Le 18/03/2011 01:32, Timothy Murphy a écrit : I don't think the OP did ask when 5.6 would be ready. What he/she said, IIRC, was that Karanbir had suggested that 5.6 would be out last week, and he/she was asking if there had been a problem. This is exactly the point. I can add that all my CentOS servers are on an internal network, that I can consider as secure, so the release of 5.6 is not critical for me. I can wait for next week, or the week after, or even after, no problem for me. But indeed, as Karanbir suggested that the release of 5.6 was almost ready, I was just asking for news a week after. This seems a perfectly reasonable question to me. To me too... However, I don't think people who ask reasonable questions politely should be castigated for doing so. Yes. And my opinion is that a Community project should inform its community on a regular basis, at least once a week. I don't ask for news every hours. Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/Active Directory authentication
On Fri, 18 Mar 2011, Michael B Allen wrote: Hi John, Arguably it's not the end-of-the-world to go though CNAMEs. If it works for you, then don't let me deter you. Indeed it does, and it was the only way I could see you /could/ do this. Especially if you're not a domain admin. I'm still not clear your method /can/ work. Are you saying you've done it this way and it does? With multiple A records if I do: ssh 10.0.0.1 Which kerberos credential will the remote side use? With the CNAME approach, there's no ambiguity. But you do realize that it requires the client to have logic to see ah, the record returned is a CNAME so let's use this name to build the principal instead? MIT kerberos suggests it uses this to figure out the SPN: gethostbyaddr(gethostbyname(host)) Surely that wouldn't care how I'd done it? That requires the PTR record, and that it points back to the name of the pricipal you want to use. With multiple PTR records to the same IP I can't work out how this is going to end. Will it round-robin and simply work because the remote end has all of them? Clearly sometimes there's not even a domain name to start with. You can quite merrily do ssh 10.0.0.1 and get a kerberised login. With multiple PTRs to a single IP, I can only assume you'll round-robin through the credentials. So when you add an A and PTR record and forget to add the principal, kerberos logins will fail 1/N of the time. And I would not be surprised to see some scenario where the client actually tried to get a ticket with the supplied name and than fell-back to using the CNAME in which case you have extra DNS and Kerberos traffic. If at some point someone wants to use another HTTP client from a cron job or some Java app, is that client going to handle the CNAME correctly? As far as I can tell, the client will be blissfully unaware. What happends if the client application needs the original princpal name for some reason? It will get what the CNAME points to. That could be weird for the app or a developer. And then if you move the website to another server the principal name is now suddenly different? Yes. But why would the developer care about the service principal name? It's not often you're that introspective, you're normally more interested in the client's principal. CNAMEs in general are dubious. And not just for Kerberos. I think that's a little harsh. CNAMEs seem to be unloved for reasons I'm not fully convinced by. What is so bad about CNAMEs? Also short names are dubios. Is it a NetBIOS name or does the client have a proper DNS search suffix configured? And in the later case it takes extra DNS queries to get the name. AD always creates both short and FQDN forms of principals, I assume it's as you guessed because of a NetBIOSism, or because it's a cruft that can often fix broken setups. I don't know, I only ever use the FQDN form. Why have all this extra indirection on top of an already fickle protocol? I haven't actually found kerberos to be too fickle at all. Regarding PTR records, I don't think kerberos would have any problem without them. As far as I knew MIT kerberos doesn't work at all without them, due to the way it calculates service principals. Certainly if you have a pair of A records for the same IP, and the PTR record points to the name that doesn't match the service principal it all will not work. Actually I seem to recall that once upon a time old Kerberos clients used to automatically try PTR lookups to get the primary hostname first but that practice has long since been ruled bad and clients no longer do it. That might be what you're thinking of. AD 2003 doesn't work correctly if the PTR record doesn't match the service principal, even if there's also an A record that does. As far as I'm aware the same is true for MIT kerberos. If you're going to have user's trying to use a site with a certain hostname, IMO you should just have a proper A and PTR records. Yeah, it can work without. But not always and it can be a burden for users to figure out the problem and for admins to add the necessary SPN, A and PTR records, get rid of the CNAME, wait for the cache to clear, purge all the old tickets, etc. But are you suggesting multiple PTR records for the same IP? That's normally considered bad DNS practice isn't it, never mind kerberos practice? I'm just not sure I see any advantage in using multiple A and PTR records. Thanks for the discussion though, it's really not something I'd overly thought about before. There never seems to be enough googlable advice on using kerberos out there. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] creating a htpasswd file for certain urls
H All I am in a kind of fix , i got a website ( beta.somesite.com ) .. that need to be password protected , however there are two URLs that should be allowed to all with out password access. Ona cent os box 5.5 i am running apache . the entire site needs passwd protection except for the Below Urls . http://beta.somesite.com/wp-content/uploads/2011/03/large_1990782-e1299229617964.jpg http://beta.somesite.com/?cat=592feed=rss2 Your advice will be of great help -- Regards Agnello D'souza ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Add repo for xfig package
Hi All We want to install packages like xfig and transfig on centos 5.5. We found rpms available but them but it seems there are lot of dependencies for these packages. So we would like to setup yum repo for this. Can anyone suggest trusted baseurl for yum repo? Regards Hersh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPV6 - request for info
On Fri, 2011-03-18 at 08:18 +0530, Rajagopal Swaminathan wrote: Greetings, I am trying to wrap my head around on this topic. Was wondering : Just as there is some scope for mapping ipv4 directly into IPV6 space, Is there a MAC ID or some kind of WWID has also been taken into consideration? http://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Replace NIS by Active Directory
Hi, I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid. How to move 1000 actual NIS users to AD ? How to keep the same id and gid for this 1000 users ? What's happen with nfs linux server and acess with gid and/id ? Use the same user/password for linux and Windows clients authentification? We test a solution who work very well. It's Centrify comercial software http://www.centrify.com/directcontrol/overview.asp . But we are looking a freeware solution. (kerberos ? openldap ? pam ? ...) Does someone has already successfully replace NIS by Ad authentification with freeware solution ? Regards. __ Notre adresse de messagerie évolue pour plus de simplicité vers : prenom@ifpen.fr. La racine @ifpenergiesnouvelles.fr reste néanmoins active. Our e-mail address is changing to firstname.surn...@ifpen.fr. Nevertheless, messages sent to the domain @ifpenergiesnouvelles.fr will still be delivered. Ce message (et toutes ses pièces jointes éventuelles) est confidentiel et établi à l'intention exclusive de ses destinataires. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message. Visitez notre site Web / Visit our web site : www.ifpenergiesnouvelles.fr / www.ifpenergiesnouvelles.com __ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
On Fri, 18 Mar 2011, MOKRANI Rachid wrote: Hi, I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid. How to move 1000 actual NIS users to AD ? Create matching accounts in AD. This is standard Active Directory stuff, there really aren't any gotchas I can think of. How to keep the same id and gid for this 1000 users ? Make sure the SFU attributes have the correct values. You can do all this through LDAP as far as I know. Alternatively remap all your UIDs/GIDs and switch to a RID mapping scheme instead. You need to think about how you're planning on working in the future. What's happen with nfs linux server and acess with gid and/id ? It works exactly the same as it does now. Use the same user/password for linux and Windows clients authentification? Feel free to use windbind or pam_krb5 for authentication, both easy to setup. You'll need nss_ldap with pam_krb5, but winbind can do the whole bag. Does someone has already successfully replace NIS by Ad authentification with freeware solution ? Probably the easiest it to use winbind, but we use nss_ldap and pam_krb5. There's plenty of documentation on how to do this out there. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
Le 18/03/2011 13:31, MOKRANI Rachid a écrit : Hi, I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid. Here is a very good blog, scott Lowe, where I f found precise informations how to set up ldap/kerberos authentication over Active Directory : http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/ If you have windows 2003 R2, the schema has already unix attibutes (id, gid, user's home...) compliant with POSIX. You have to add the windows component 'unix identity management', no more SFU. It will appear a tab in user properties (users and computers management console) for 'unix attributes'. How to move 1000 actual NIS users to AD ? How to keep the same id and gid for this 1000 users ? What's happen with nfs linux server and acess with gid and/id ? Use the same user/password for linux and Windows clients authentification? NFS will work if you add the windows component 'Microsoft Services for NFS'. If you still have NIS accounts on linux servers, the accounts should be indeed the same, with same id/gid. To create your 1000 accounts, you can use vbs scripts. See for example the very good book from O'Reilly 'Active Directory', or same author (Allen) 'Active Directory cookbook'. It is something in the lines : objUser.msSFU30NisDomain = AD_domain objUser.uidNumber = intUid objUser.gidNumber = intGid objUser.loginShell = strShell objUser.homeDirectory = strHome objUser.SetInfo We test a solution who work very well. It's Centrify comercial software http://www.centrify.com/directcontrol/overview.asp . But we are looking a freeware solution. (kerberos ? openldap ? pam ? ...) The solution outlined in Scott Lowe blog is both standard and free (use both kerberos and ldap + samba). Does someone has already successfully replace NIS by Ad authentification with freeware solution ? Yes, I did on CentOS. Regards, Alain Regards. -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
Hi, Check out Likewise open. I think this is what you are looking for. http://www.likewise.com/products/likewise_open/ Likewise Open is the open source foundation for Likewise Enterprise that joins Linux, UNIX, and Mac OS systems to Microsoft Active Directory to securely authenticate non-Windows users with AD credentials. Asya On Mar 18, 2011, at 8:31 AM, MOKRANI Rachid wrote: Hi, I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid. How to move 1000 actual NIS users to AD ? How to keep the same id and gid for this 1000 users ? What's happen with nfs linux server and acess with gid and/id ? Use the same user/password for linux and Windows clients authentification? We test a solution who work very well. It's Centrify comercial software http://www.centrify.com/directcontrol/overview.asp . But we are looking a freeware solution. (kerberos ? openldap ? pam ? ...) Does someone has already successfully replace NIS by Ad authentification with freeware solution ? Regards. __ Notre adresse de messagerie évolue pour plus de simplicité vers : prenom@ifpen.frmailto:prenom@ifpen.fr. La racine @ifpenergiesnouvelles.fr reste néanmoins active. Our e-mail address is changing to firstname.surn...@ifpen.frmailto:firstname.surn...@ifpen.fr. Nevertheless, messages sent to the domain @ifpenergiesnouvelles.fr will still be delivered. Ce message (et toutes ses pièces jointes éventuelles) est confidentiel et établi à l'intention exclusive de ses destinataires. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message. Visitez notre site Web / Visit our web site : www.ifpenergiesnouvelles.frhttp://www.ifpenergiesnouvelles.fr / www.ifpenergiesnouvelles.comhttp://www.ifpenergiesnouvelles.com __ ___ CentOS mailing list CentOS@centos.orgmailto:CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
Le 18/03/2011 14:06, Dvorkin, Asya a écrit : Hi, Check out Likewise open. I think this is what you are looking for. http://www.likewise.com/products/likewise_open/ Likewise Open is the open source foundation for Likewise Enterprise that joins Linux, UNIX, and Mac OS systems to Microsoft Active Directory to securely authenticate non-Windows users with AD credentials. Asya But the free edition use hash to generate id and gid, not the POSIX compliant id and gid already included in 2003 R2. The non free version do it. It is not in my opinion the solution you would like to use... Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
On Fri, Mar 18, 2011 at 8:31 AM, MOKRANI Rachid rachid.mokr...@ifpen.fr wrote: Hi, I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid. How to move 1000 actual NIS users to AD ? How to keep the same id and gid for this 1000 users ? What's happen with nfs linux server and acess with gid and/id ? Use the same user/password for linux and Windows clients authentification? We test a solution who work very well. It's Centrify comercial software http://www.centrify.com/directcontrol/overview.asp . But we are looking a freeware solution. (kerberos ? openldap ? pam ? ...) Does someone has already successfully replace NIS by Ad authentification with freeware solution ? The amount of time burned setting up the migration, which is otherwise done manually to configure uid's and gid's consistently, very much justifies the purchase of a single Centrify license for an adnisd server. Get *that* running, switch your NIS to point to that, and you've done all the hard integration work. That more than justifies the cost of a license or a pair of licenses. It can otherwise be done manually, but the data entry time wasted for your engineers well justifies the price of a Centrify license or two. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
On Mar 18, 2011, at 8:31 AM, MOKRANI Rachid rachid.mokr...@ifpen.fr wrote: Hi, I'm looking a wiki or share experience for replace NIS authentication by an existing Active directory Server (W2003). The problem is on the management of id and gid. How to move 1000 actual NIS users to AD ? How to keep the same id and gid for this 1000 users ? What's happen with nfs linux server and acess with gid and/id ? Use the same user/password for linux and Windows clients authentification? We test a solution who work very well. It's Centrify comercial software http://www.centrify.com/directcontrol/overview.asp . But we are looking a freeware solution. (kerberos ? openldap ? pam ? ...) Does someone has already successfully replace NIS by Ad authentification with freeware solution ? Instead of replacing NIS I extended it. I setup a winbind box that did RID mapping from AD and exported those into NIS maps, sans passwords. I then setup Kerberos on all boxes to authenticate against AD, samba managed the keytab files. With this I got auto UID/GID generation, my AD users and groups automatically appear and disappear from the NIS maps and I can use those maps for multiple platforms. Simple, yet effective. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Add repo for xfig package
hersh parikh wrote: Hi All We want to install packages like xfig and transfig on centos 5.5. We found rpms available but them but it seems there are lot of dependencies for these packages. So we would like to setup yum repo for this. Can anyone suggest trusted baseurl for yum repo? xfig and transfig are in centos 5, why don't you just use the regular centos repo? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rpm split
Hi, I have a custom rpm for our application. The problem is that it grew old and fat. It's about 30 MB. So i would like to split it into two parts. One big part that almost never changes and one smaller part that is changed more frequently. But i don't know how to write the spec file so a simple yum update will install both packages and it won't create any problems. Any suggestions? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
On Fri, 18 Mar 2011, Nico Kadel-Garcia wrote: It can otherwise be done manually, but the data entry time wasted for your engineers well justifies the price of a Centrify license or two. What do you mean by manually? Can't this all be done with ypcat, ldapmodify and a shell script? After which, you are entirely liberated from NIS. jh ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
On Fri, Mar 18, 2011 at 10:42 AM, John Hodrien j.h.hodr...@leeds.ac.uk wrote: On Fri, 18 Mar 2011, Nico Kadel-Garcia wrote: It can otherwise be done manually, but the data entry time wasted for your engineers well justifies the price of a Centrify license or two. What do you mean by manually? Can't this all be done with ypcat, ldapmodify and a shell script? After which, you are entirely liberated from NIS. jh In theory, yes. In practice I've done that. Getting the buy-in from the Active Directory owners to manually run ldapmodify against their hosts can be politically painful. The nice GUI from Centrify, that has the NIS import facility, does a pretty good job, and can be very helpful to remind you that mixed case groups and usernames are problematic, that some systems don't deal well with non-alphanumeric characters such as '_' or '-', that the default maximum group or username is 8 characters, that there's a maximum number of characters in an NIS or POSIX compatible line such as a group membership list and they need to be split up to multiple entries with the same gid, etc., etc., etc. It gets very expensive in engineering time, very fast, especially if people have been clever and already created correspondence between AD groups and NIS groups or users of various sorts, but weren't consistent about their naming schemes. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
Le 18/03/2011 16:07, Nico Kadel-Garcia a écrit : snip ... that the default maximum group or username is 8 characters,... snip It was the case with solaris, but fortunately not on Linux. I don't remember what is the maximum length, but I think it could be up to 128 characters... Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] creating a htpasswd file for certain urls
I am in a kind of fix , i got a website ( beta.somesite.com ) .. that need to be password protected , however there are two URLs that should be allowed to all with out password access. Ona cent os box 5.5 i am running apache . the entire site needs passwd protection except for the Below Urls . http://beta.somesite.com/wp-content/uploads/2011/03/large_1990782-e1299229 617964.jpg http://beta.somesite.com/?cat=592feed=rss2 With my limited knowledge could a ReWrite rule work here? Maybe if these 2 URL's are requested, ReWrite to a URL that isn't password protected that can get you to the same place these 2 could? Anything else, Rewrite to a URL that is password protected that could get you to a central point? I am just thinking out loud conceptually. Maybe others could shed some light as well. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] creating a htpasswd file for certain urls
the entire site needs passwd protection except for the Below Urls . http://beta.somesite.com/wp-content/uploads/2011/03/large_1990782-e1299229 617964.jpg http://beta.somesite.com/?cat=592feed=rss2 With my limited knowledge could a ReWrite rule work here? Take a look at the Location element in the apache configuration documentation. James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] modprobe :: not finding existing .ko
Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root@sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko but if i try : root@sevcenco: ~ # modprobe -v padlock-aes.ko FATAL: Module padlock_aes.ko not found. notice the change from - to _ Any idea about this? or more abstract: have anyone succeed to use padlock (via) hardware with openssl (or other software) in centos? Thanks, Adrian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] creating a htpasswd file for certain urls
On Fri, Mar 18, 2011 at 08:25:24AM -0700, Jason Slack-Moehrle wrote: I am in a kind of fix , i got a website ( beta.somesite.com ) .. that need to be password protected , however there are two URLs that should be allowed to all with out password access. Ona cent os box 5.5 i am running apache . the entire site needs passwd protection except for the Below Urls . http://beta.somesite.com/wp-content/uploads/2011/03/large_1990782-e1299229 617964.jpg http://beta.somesite.com/?cat=592feed=rss2 With my limited knowledge could a ReWrite rule work here? Maybe if these 2 URL's are requested, ReWrite to a URL that isn't password protected that can get you to the same place these 2 could? Anything else, Rewrite to a URL that is password protected that could get you to a central point? I don't think it needs to be so tricky. Just put the stuff that no password is required outside of the directory tree of the stuff that does have a password requirement. You may need an additional link to make it easy for your viewers to find it. Something like this directory tree: _Doc Root_ / \ /\ / \ htpasswd in here- _password required_ _no password required_ || _other pw required stuff__other no pw required stuff You don't have to have your whole Document_Root tree password controlled. Just decide what needs to go in where. jerry I am just thinking out loud conceptually. Maybe others could shed some light as well. -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modprobe :: not finding existing .ko
centos-boun...@centos.org wrote: Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root@sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko but if i try : root@sevcenco: ~ # modprobe -v padlock-aes.ko FATAL: Module padlock_aes.ko not found. notice the change from - to _ Any idea about this? or more abstract: have anyone succeed to use padlock (via) hardware with openssl (or other software) in centos? Thanks, Adrian Thought: Link your padlock-aes.ko to also exist as padlock_aes.ko Does modprobe now find the files? Are there aliases in modprobe.conf that (in effect) map - to _ in module names? Insert spiffy .sig here: Life is complex: it has both real and imaginary parts. //me *** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.Hubbell.com - Hubbell Incorporated** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modprobe :: not finding existing .ko
On Fri, Mar 18, 2011 at 9:03 AM, Adrian Sevcenco adrian.sevce...@cern.ch wrote: Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root@sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko but if i try : root@sevcenco: ~ # modprobe -v padlock-aes.ko FATAL: Module padlock_aes.ko not found. When using the modprobe command, you need to omit the .ko part. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modprobe :: not finding existing .ko
Adrian Sevcenco wrote: Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root@sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko but if i try : root@sevcenco: ~ # modprobe -v padlock-aes.ko FATAL: Module padlock_aes.ko not found. notice the change from - to _ Any idea about this? or more abstract: have anyone succeed to use padlock (via) hardware with openssl (or other software) in centos? Have you run 'modprobe -a' since installing the modules? James Pearson ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replace NIS by Active Directory
On Fri, Mar 18, 2011 at 11:19 AM, Alain Péan alain.p...@lpp.polytechnique.fr wrote: Le 18/03/2011 16:07, Nico Kadel-Garcia a écrit : snip ... that the default maximum group or username is 8 characters,... snip It was the case with solaris, but fortunately not on Linux. I don't remember what is the maximum length, but I think it could be up to 128 characters... Alain Well, yes. Centrify reasonably says are you sure about this when you try to set such long names, and can even mangle the names into the shorter structure for you. (I don't recommend this.) The boobytraps arise when someone's login in Active Directory is, for example, NKadel, and you have your NIS/LDAP/whatever mapping think that your home directory and username is NKadel, but your old NIS setup thought your login name was nkadel. This way lies mixed case support madness, which is why just write a shell script with ldapmodify gets. nastier than you might realize. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modprobe :: not finding existing .ko
On Fri, Mar 18, 2011 at 04:23:18PM +, James Pearson wrote: Have you run 'modprobe -a' since installing the modules? ITYM depmod -a -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modprobe :: not finding existing .ko
On 03/18/2011 06:22 PM, Akemi Yagi wrote: On Fri, Mar 18, 2011 at 9:03 AM, Adrian Sevcenco adrian.sevce...@cern.ch wrote: Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root@sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko but if i try : root@sevcenco: ~ # modprobe -v padlock-aes.ko FATAL: Module padlock_aes.ko not found. When using the modprobe command, you need to omit the .ko part. ufff ... i just copy pasted the file name :(( root@sevcenco: ~ # modprobe -v padlock-aes insmod /lib/modules/2.6.38-0.el5.elrepo/kernel/crypto/aes_generic.ko insmod /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko Thanks for help :) Adrian smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] creating a htpasswd file for certain urls
From: Jason Slack-Moehrle slackmoehrle.li...@gmail.com I am in a kind of fix , i got a website ( beta.somesite.com ) .. that need to be password protected , however there are two URLs that should be allowed to all with out password access. Ona cent os box 5.5 i am running apache . the entire site needs passwd protection except for the Below Urls . Google (apache protect pages except page) says: http://snipplr.com/view/28785/htaccess-password-protect-your-entire-site-except-certain-pages/ JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modprobe :: not finding existing .ko
Adrian Sevcenco wrote: Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root@sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko but if i try : root@sevcenco: ~ # modprobe -v padlock-aes.ko FATAL: Module padlock_aes.ko not found. snip Here's a question: what kernel are you running? The most current CentOS 5.5 is 2.6.18-194.32.1.el5, while you're pointing to 2.6.38-0, unless I misunderstand how the elrepo modules are installed. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] creating a htpasswd file for certain urls
On Fri, Mar 18, 2011 at 10:07 PM, John Doe jd...@yahoo.com wrote: From: Jason Slack-Moehrle slackmoehrle.li...@gmail.com I am in a kind of fix , i got a website ( beta.somesite.com ) .. that need to be password protected , however there are two URLs that should be allowed to all with out password access. Ona cent os box 5.5 i am running apache . the entire site needs passwd protection except for the Below Urls . Google (apache protect pages except page) says: http://snipplr.com/view/28785/htaccess-password-protect-your-entire-site-except-certain-pages/ i think the above link would of worked , but i was able to fix the first part of my problem : Directory /var/www/html/projects/beta.somesite.com DirectoryIndex index.php Options Indexes FollowSymLinks MultiViews AllowOverride None AuthType Basic AuthName beta.somesite.com AuthUserFile /var/www/html/projects/beta.somesite.com/.htpasswd Require valid-user SetEnvIf request_uri /wp-content allow_all # this works perfectly #SetEnvIf request_uriregex '/?cat=592feed=rss2' allow_all ## this does not work ??!! Satisfy any Order allow,deny Allow from env=allow_all /Directory but the other part of my problem ( http://beta.somesite.com/?cat=592feed=rss2 ) which is basically params , which i am unable to allow for rss feeds . -- Regards Agnello D'souza ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/Active Directory authentication
On Fri, Mar 18, 2011 at 6:25 AM, John Hodrien j.h.hodr...@leeds.ac.uk wrote: On Fri, 18 Mar 2011, Michael B Allen wrote: Hi John, Arguably it's not the end-of-the-world to go though CNAMEs. If it works for you, then don't let me deter you. Indeed it does, and it was the only way I could see you /could/ do this. Especially if you're not a domain admin. I'm still not clear your method /can/ work. Are you saying you've done it this way and it does? With multiple A records if I do: ssh 10.0.0.1 Which kerberos credential will the remote side use? With the CNAME approach, there's no ambiguity. But you do realize that it requires the client to have logic to see ah, the record returned is a CNAME so let's use this name to build the principal instead? MIT kerberos suggests it uses this to figure out the SPN: gethostbyaddr(gethostbyname(host)) Hi John, Actually I think this practice is now considered poor behavior. I look at a lot of packet captures and I don't recall seeing PTR lookups. At least not from Windows clients. Also I recall there was a discussion about this on the Kerberos list and the verdict from one of the MIT chaps was that it was actually not desirable to use PTR lookups. Surely that wouldn't care how I'd done it? That requires the PTR record, and that it points back to the name of the pricipal you want to use. With multiple PTR records to the same IP I can't work out how this is going to end. Will it round-robin and simply work because the remote end has all of them? True. You cannot have multiple PTR records for an IP. I did not mean to suggest that you could. Clearly sometimes there's not even a domain name to start with. You can quite merrily do ssh 10.0.0.1 and get a kerberised login. With multiple PTRs to a single IP, I can only assume you'll round-robin through the credentials. So when you add an A and PTR record and forget to add the principal, kerberos logins will fail 1/N of the time. Well you should not use an IP at all really because IPs change. But if the client is remotely sophisticated it should be able to do a PTR lookup and try that name. And I would not be surprised to see some scenario where the client actually tried to get a ticket with the supplied name and than fell-back to using the CNAME in which case you have extra DNS and Kerberos traffic. If at some point someone wants to use another HTTP client from a cron job or some Java app, is that client going to handle the CNAME correctly? As far as I can tell, the client will be blissfully unaware. What happends if the client application needs the original princpal name for some reason? It will get what the CNAME points to. That could be weird for the app or a developer. And then if you move the website to another server the principal name is now suddenly different? Yes. But why would the developer care about the service principal name? It's not often you're that introspective, you're normally more interested in the client's principal. For very simple scenarios you probably would not care. But here could be numerous reasons for wanting to know the name of the service you're talking to. CNAMEs in general are dubious. And not just for Kerberos. I think that's a little harsh. CNAMEs seem to be unloved for reasons I'm not fully convinced by. What is so bad about CNAMEs? Also short names are dubios. Is it a NetBIOS name or does the client have a proper DNS search suffix configured? And in the later case it takes extra DNS queries to get the name. AD always creates both short and FQDN forms of principals, I assume it's as you guessed because of a NetBIOSism, or because it's a cruft that can often fix broken setups. I don't know, I only ever use the FQDN form. Why have all this extra indirection on top of an already fickle protocol? I haven't actually found kerberos to be too fickle at all. Kerberos requires that clients have access to the KDC, it depends heavily on DNS, stale tickets can cause cryptic errors until clients purge credential caches, etc. It's a great protocol conceptually. But in practice it's not super robust. It can be difficult to track down the source of issues. We had a customer who couldn't figure a Kerberos issue for days. They had checked the time on the machine and thought it was correct but it was actually off by exactly 12 hours. Meaning it was set to like 2:43 AM when it was really 2:43 PM. Regarding PTR records, I don't think kerberos would have any problem without them. As far as I knew MIT kerberos doesn't work at all without them, due to the way it calculates service principals. Certainly if you have a pair of A records for the same IP, and the PTR record points to the name that doesn't match the service principal it all will not work. My business is all about integrating non-Windows systems into WIndows environments so I don't look at what MIT is doing much. Windows clients do not use PTR lookups to build
[CentOS] Apache/Active Directory authentication
On Fri, 18 Mar 2011, Michael B Allen wrote: True. You cannot have multiple PTR records for an IP. I did not mean to suggest that you could. Not saying you are wrong here, but have you an RFC reference to this effect? We previously held this belief from our prior practice, but cannot find a clear prohibition of such. As such our DNS zonefile management code does not enforce such a limitation presently Considering the issue from the other side, there is nothing that requires simplicity if implementation of a client that says it can accept only a single PTR, rather than an array of replies and then walking the reverses -- Russ herrold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] modprobe :: not finding existing .ko
On 18/03/11 16:49, m.r...@5-cent.us wrote: Adrian Sevcenco wrote: Hi! I try to load an module that it is found in curent /lib/modules/`uname -r` tree ... root@sevcenco: ~ # ls -l /lib/modules/`uname -r`/kernel/drivers/crypto/padlock-* -rwxr--r-- 1 root root 14296 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-aes.ko -rwxr--r-- 1 root root 10808 Mar 16 19:37 /lib/modules/2.6.38-0.el5.elrepo/kernel/drivers/crypto/padlock-sha.ko but if i try : root@sevcenco: ~ # modprobe -v padlock-aes.ko FATAL: Module padlock_aes.ko not found. snip Here's a question: what kernel are you running? The most current CentOS 5.5 is 2.6.18-194.32.1.el5, while you're pointing to 2.6.38-0, unless I misunderstand how the elrepo modules are installed. That's not an elrepo kmod, it's an elrepo kernel (kernel-ml) he is running: http://elrepo.org/tiki/kernel-ml http://elrepo.org/linux/kernel/el5/ Elrepo also provide the latest stable (currently 2.6.38) and latest long term (2.6.35.11) kernels from upstream built and packaged for RHEL5. These aren't recommended for production use but may prove useful for testing hardware and/or troubleshooting purposes. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/Active Directory authentication
On Fri, Mar 18, 2011 at 2:58 PM, R P Herrold herr...@owlriver.com wrote: On Fri, 18 Mar 2011, Michael B Allen wrote: True. You cannot have multiple PTR records for an IP. I did not mean to suggest that you could. Not saying you are wrong here, but have you an RFC reference to this effect? We previously held this belief from our prior practice, but cannot find a clear prohibition of such. As such our DNS zonefile management code does not enforce such a limitation presently Considering the issue from the other side, there is nothing that requires simplicity if implementation of a client that says it can accept only a single PTR, rather than an array of replies and then walking the reverses Hello R, No, I do not have a citation and theoretically having multiple PTR records for an IP might actually be quite reasonable. However, I would imagine it would be fairly limited to things like clusters or servers that should have the outward appearance of being identical. For something like kerberos with HTTP servers doing virtual hosting (like what John and I have been discussing in this thread), I suspect multiple PTRs for the web server would create quite a mess. Mike -- Michael B Allen Java Active Directory Integration http://www.ioplex.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rpm split
Tried sending this a while ago, but looks like mailman blocked it? But i don't know how to write the spec file so a simple yum update will install both packages and it won't create any problems. A few options here, create a %{name} .spec with: # This is part one, or the main component %description %files ... %package part_two Requires: %{name} ... %description part_two Smaller part of %{name} %files part_two ... Check an example out, one I was using recently to build another was: https://git.icinga.org/?p=icinga-core.git;a=blob_plain;f=icinga.spec;hb=HEAD Hth, jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Safe/sane tempfile creation?
I'm used to Debian-based distros which have a tempfile(1) utility for safely and sanely creating temporary files. There isn't a comperable utility for RHEL/CentOS systems. I've been exercising Google-fu looking for a good robust tempfile generation idiom, but haven't turned one up yet. Hence this appeal to the lazyweb. -- Dr. Ed Morbius, Chief Scientist /| Robot Wrangler / Staff Psychologist| When you seek unlimited power Krell Power Systems Unlimited| Go to Krell! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Safe/sane tempfile creation?
On Fri, Mar 18, 2011 at 06:33:14PM -0700, Dr. Ed Morbius wrote: I'm used to Debian-based distros which have a tempfile(1) utility for safely and sanely creating temporary files. There isn't a comperable utility for RHEL/CentOS systems. Sure there is. mktemp; contained within the package with the same name. John -- sxem trying to play sturgeon while it's under attack is apparently not fun. pgpTH3XP0QNs7.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/Active Directory authentication
On Fri, Mar 18, 2011 at 2:36 PM, Michael B Allen iop...@gmail.com wrote: On Fri, Mar 18, 2011 at 6:25 AM, John Hodrien j.h.hodr...@leeds.ac.uk wrote: Surely that wouldn't care how I'd done it? That requires the PTR record, and that it points back to the name of the pricipal you want to use. With multiple PTR records to the same IP I can't work out how this is going to end. Will it round-robin and simply work because the remote end has all of them? True. You cannot have multiple PTR records for an IP. I did not mean to suggest that you could. You *shouldn't*. But there's nothing in Bind or ther other common DNS architectures that enforces this practice, and I'm afraid that it's quite common for poorly configured systems that support dynamic DNS to permit this. It's why I give admins of Active Directory based systems such a hard time and try to insist that they allow me at least one location that I can do actual zone transfers, to detect multiple PTR's for one IP address, or the same hostname having multiple PTR's that point to it. The old mkrdns tool used to be fabulous for detecting, configuring, and correctly handling multiple A records and notifying you of their existence: I still appreciate its simplicity and robustness. Nico Kadel-Garcia nka...@gmail.com Clearly sometimes there's not even a domain name to start with. You can quite merrily do ssh 10.0.0.1 and get a kerberised login. With multiple PTRs to a single IP, I can only assume you'll round-robin through the credentials. So when you add an A and PTR record and forget to add the principal, kerberos logins will fail 1/N of the time. Well you should not use an IP at all really because IPs change. But if the client is remotely sophisticated it should be able to do a PTR lookup and try that name. And I would not be surprised to see some scenario where the client actually tried to get a ticket with the supplied name and than fell-back to using the CNAME in which case you have extra DNS and Kerberos traffic. If at some point someone wants to use another HTTP client from a cron job or some Java app, is that client going to handle the CNAME correctly? As far as I can tell, the client will be blissfully unaware. What happends if the client application needs the original princpal name for some reason? It will get what the CNAME points to. That could be weird for the app or a developer. And then if you move the website to another server the principal name is now suddenly different? Yes. But why would the developer care about the service principal name? It's not often you're that introspective, you're normally more interested in the client's principal. For very simple scenarios you probably would not care. But here could be numerous reasons for wanting to know the name of the service you're talking to. CNAMEs in general are dubious. And not just for Kerberos. I think that's a little harsh. CNAMEs seem to be unloved for reasons I'm not fully convinced by. What is so bad about CNAMEs? Also short names are dubios. Is it a NetBIOS name or does the client have a proper DNS search suffix configured? And in the later case it takes extra DNS queries to get the name. AD always creates both short and FQDN forms of principals, I assume it's as you guessed because of a NetBIOSism, or because it's a cruft that can often fix broken setups. I don't know, I only ever use the FQDN form. Why have all this extra indirection on top of an already fickle protocol? I haven't actually found kerberos to be too fickle at all. Kerberos requires that clients have access to the KDC, it depends heavily on DNS, stale tickets can cause cryptic errors until clients purge credential caches, etc. It's a great protocol conceptually. But in practice it's not super robust. It can be difficult to track down the source of issues. We had a customer who couldn't figure a Kerberos issue for days. They had checked the time on the machine and thought it was correct but it was actually off by exactly 12 hours. Meaning it was set to like 2:43 AM when it was really 2:43 PM. Regarding PTR records, I don't think kerberos would have any problem without them. As far as I knew MIT kerberos doesn't work at all without them, due to the way it calculates service principals. Certainly if you have a pair of A records for the same IP, and the PTR record points to the name that doesn't match the service principal it all will not work. My business is all about integrating non-Windows systems into WIndows environments so I don't look at what MIT is doing much. Windows clients do not use PTR lookups to build SPNs so our code does not either. Actually I seem to recall that once upon a time old Kerberos clients used to automatically try PTR lookups to get the primary hostname first but that practice has long since been ruled bad and clients no longer do it. That might be what
Re: [CentOS] Cannot %include in CentOS 5.5 kickstart
whitivery co55-s...@dea.spamcon.org wrote: whitivery co55-s...@dea.spamcon.org wrote: whitivery co55-s...@dea.spamcon.org wrote: Patrick Lists centos-l...@puzzled.xs4all.nl wrote: On 03/10/2011 08:14 AM, whitivery wrote: # This does not work %include /tmp/drvdisk # This works #driverdisk --source=nfs:10.0.4.157:/srv/cobbler/RHEL5.5_x86_402_409_410_DD.img %packages @base @core %pre --erroronfail echo driverdisk --source=nfs:10.0.4.157:/srv/cobbler/RHEL5.5_x86_402_409_410_DD.img /tmp/drvdisk Although lacking a good caffeine fix the only difference I notice with some examples is that they do this: %include /tmp/drvdisk.sh . . . %pre echo driverdisk --source=nfs:10.1.2.3:/foo/image.img /tmp/drvdisk.sh Notice the usage of .sh in the drvdisk.sh filename? Thanks for the idea - but it didn't make any difference. I even did chmod +x on the created file. I'm suspecting it's something specific to the driverdisk command, I'll play around if I get a chance and see if including other things works as expected - in my previous 4.4 work I never used a driver disk. Today I tried including something other than driverdisk (I put the partitioning commands in an include file), and it works fine. So it's something specific to the driverdisk command. Today I tried HTTP instead of NFS for driver disk access. It made no difference - works fine when directly in the kickstart file, fails when attempt to %include it. Today I found out that this has never worked, and will not be changed in any existing RHEL/CentOS version. See: http://www.redhat.com/archives/kickstart-list/2011-March/msg8.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Safe/sane tempfile creation?
on 20:35 Fri 18 Mar, John R. Dennison (j...@gerdesas.com) wrote: On Fri, Mar 18, 2011 at 06:33:14PM -0700, Dr. Ed Morbius wrote: I'm used to Debian-based distros which have a tempfile(1) utility for safely and sanely creating temporary files. There isn't a comperable utility for RHEL/CentOS systems. Sure there is. mktemp; contained within the package with the same name. My error. Thank you. -- Dr. Ed Morbius, Chief Scientist /| Robot Wrangler / Staff Psychologist| When you seek unlimited power Krell Power Systems Unlimited| Go to Krell! signature.asc Description: Digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos