Re: [CentOS] nmcli
Once upon a time, Peter Larsen said: > >how do I just remove the single ADDRESS I added as an alias ? not the whole > thing ? > > You first remove all ipv4.addresses and then add the one you want. Then you > save/activate. That's not necessary. For any setting that can be multi-valued (such as addresses and routes), you can prefix with + or - to add or remove just one entry. For example, to remove just address 10.1.1.2/24: nmcli con mod em1 -ipv4.address 10.1.1.2/24 nmcli con up em1 -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nmcli
>how do I just remove the single ADDRESS I added as an alias ? not the whole thing ? You first remove all ipv4.addresses and then add the one you want. Then you save/activate. On Tue, Mar 30, 2021 at 4:41 PM Jerry Geis wrote: > under CentOS 7 - I use "alias" like eth1:0 for an alias network. Remove the > file restart network - and back to normal. Now I am trying to us > NetworkManager. > > I can 'add' the network fine. however - when I remove the network > nmcli connection delete "Wired connection 2" ipv4.addr 192.168.1.58/22 > > it remove BOTH address and removes the "Wired connection 2" config file - > and it reverts to DHCP not the other static address I had associated with > "Wired connection 2". > > how do I just remove the single ADDRESS I added as an alias ? not the whole > thing ? > > Thanks > > Jerry > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Consulta migración
Ricardo J. Barberis: No es una promocion ni nada, es el plan Individual Developer, en el otro mail me olvide de pegar la URL de suscripcion: https://developers.redhat.com/register/ Mas info: https://developers.redhat.com/articles/faqs-no-cost-red-hat-enterprise-linux El Miércoles 17/02/2021 a las 14:51, David González Romero escribió: ya esta la ISO de Almalinux y hay script de migraciones -- === www.infoquil.com.ar Walter A. Jancich +54 11 3433 2617 ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
[CentOS] nmcli
under CentOS 7 - I use "alias" like eth1:0 for an alias network. Remove the file restart network - and back to normal. Now I am trying to us NetworkManager. I can 'add' the network fine. however - when I remove the network nmcli connection delete "Wired connection 2" ipv4.addr 192.168.1.58/22 it remove BOTH address and removes the "Wired connection 2" config file - and it reverts to DHCP not the other static address I had associated with "Wired connection 2". how do I just remove the single ADDRESS I added as an alias ? not the whole thing ? Thanks Jerry ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Cups - weird interaction with the Internet
I have Centos 6 machine that I use for a cups printer server. (Yes, I know, but it's working fine for what it's for at the moment.) My ISP lost its connection to the network that printer server is on. While the outside Internet service was unavailable I sent a print job to the printer on that server and nothing printed even though the print server and the machine I sent the job from are on the same lan and are actually connected to the same router. The job appeared to be sent from the originating machine (but timed out, as shown below), and running lpq and lpq -a on the server showed "no entries" (because it timed out for some reason). I did this a few times and even rebooted the server and always the same thing. Job sent, "no entries" on the server. The my ISP's connection came back and blammo! All of a sudden I got a ton of sheets printed, everything that I had been trying to print for the previous ten minutes. Here is what appears to be a relevant portion of the log on the machine that was sending the job to the print server: Mar 30 13:05:06 mutt cupsd[1443]: Started backend /usr/lib/cups/backend/implicit class (PID 951459) Mar 30 13:05:06 mutt cupsd[1443]: REQUEST localhost - root "POST /admin/ HTTP/1. 1" 200 245 CUPS-Add-Modify-Printer successful-ok Mar 30 13:05:07 mutt cupsd[1443]: Job completed. Mar 30 13:06:02 mutt cupsd[1443]: Job submission timed out. So what happened here? Why would cups care if it has a connection to the outside world when it's just printing a job sent to it from the local lan? The connection between the machine originating the print job and the print server timed out even though all of the relevant traffic was going over the lan. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "System error" when trying to logon via SSH to CentOS 8 joined to AD
Hi Konstantin, Debugging login issues between SSD, PAM, and AD is not for the faint of heart. In my case I set up Samba 4.3 as a primary AD DC. I could login with Windows 10 guests but not C8. I just did the following. 1. I spun up a fresh C8 VM, did not add any users, selected a graphical desktop. 2. I added a new user into my AD domain (the one being served by Samba4) 3. When my VM booted, the "first boot" screen appeared. As I went through the steps, when it prompted me to add a user, I clicked on "Configure Enterprise Login" 4. The system automatically found my domain name. I entered the username/password I created. 5. The system prompted for the Domain Admin password, which I entered it. 6. After a few seconds. everything was set up, and I could ssh in to the box in question using the following (keeping in mind that capitalization is important, especially when it comes to AD domain names!): ssh -l j...@my-domain.as authtest-el8 I was able to login using this procedure. You might try the same thing, and then compare your pam, sssd, and krb5 config files with the fresh VM and the VM you are trying to get working. -JK On Tue, Mar 30, 2021 at 7:01 AM Konstantin Boyandin via CentOS < centos@centos.org> wrote: > Do I understand correctly that this problem > - is too trivial > - isn't in fact CentOS-related > - never happened to anyone else ? > > There are no good explanations as far as I see, to such PAM behavior. I > would appreciate advice on where else to ask about this (the mentioned > quick fix doesn't look too good). > > Thanks. > > Sincerely, > Konstantin > > On 23.03.2021 13:09, Konstantin Boyandin via CentOS wrote: > > Hello, > > > > I joined a CentOS 8 box to an AD, using the below document as general > > guide: > > > > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory > > > (section 14.1) > > > > A problem: after I tried to log on via SSH (as an AD user) to the box, > > the journalctl gets the below records: > > > > March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:auth): > > authentication success; logname= uid=0 euid=0 tty=ssh ruser= > > rhost=10.10.0.55 user=username > > March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:account): Access > > denied for user username: 4 (System error) > > March 23 12:41:01 sandbox.lan sshd[2262]: Failed password for username > > from 10.10.0.55 port 57610 ssh2 > > March 23 12:41:01 sandbox.lan sshd[2262]: fatal: Access denied for user > > username by PAM account configuration [preauth] > > > > Quick and dirty fix: > > > > When I comment a line in /etc/pam.d/password-auth (the one commented > > below), error goes away: > > === /etc/pam.d/password-auth below > > auth > required pam_env.so > > authrequired pam_faildelay.so delay=200 > > auth[default=1 ignore=ignore success=ok] > pam_usertype.so > > isregular > > auth[default=1 ignore=ignore success=ok] pam_localuser.so > > auth > sufficient pam_unix.so > > nullok try_first_pass > > auth[default=1 ignore=ignore success=ok] > pam_usertype.so > > isregular > > auth > sufficient pam_sss.so > > forward_pass > > auth > required pam_deny.so > > > > account > required pam_unix.so > > account sufficient pam_localuser.so > > account > sufficient pam_usertype.so > > issystem > > #account [default=bad success=ok user_unknown=ignore] pam_sss.so > > account > required pam_permit.so > > > > passwordrequisite pam_pwquality.so try_first_pass local_users_only > > password > sufficient pam_unix.so > > sha512 shadow nullok try_first_pass use_authtok > > password > sufficient pam_sss.so > > use_authtok > > password > required pam_deny.so > > > > session > optional pam_keyinit.so > > revoke > > session > required pam_limits.so > > -session > optional pam_systemd.so > > session optional pam_oddjob_mkhomedir.so umask=0077 > > session [success=1 default=ignore] pam_succeed_if.so service in > > crond quiet use_uid > > session > required pam_unix.so > > session > optional pam_sss.so > > === /etc/pam.d/password-auth above > > > > If I understand correctly, the commented line means "account is invalid > > by default; if found in SSSD, it's good; if not found - ignore and > > proceed". Commenting it is not a good idea, but
[CentOS-docs] [centos/centos.org] branch master updated: Adding new WeHaveServers sponsor in sponsors section
This is an automated email from the git hooks/post-receive script. arrfab pushed a commit to branch master in repository centos/centos.org. The following commit(s) were added to refs/heads/master by this push: new a19f54b Adding new WeHaveServers sponsor in sponsors section new a064793 Merge branch 'master' of ssh://git.centos.org/centos/centos.org a19f54b is described below commit a19f54b86b2a3069fc5a23e9ba44501b688b135b Author: Fabian Arrotin AuthorDate: Tue Mar 30 15:40:31 2021 +0200 Adding new WeHaveServers sponsor in sponsors section Signed-off-by: Fabian Arrotin --- _sponsors/wehaveservers.md| 6 ++ assets/img/sponsors/wehaveservers.png | Bin 0 -> 4967 bytes 2 files changed, 6 insertions(+) diff --git a/_sponsors/wehaveservers.md b/_sponsors/wehaveservers.md new file mode 100644 index 000..9943e89 --- /dev/null +++ b/_sponsors/wehaveservers.md @@ -0,0 +1,6 @@ +--- +name: WeHaveServers +country: romania +logo: /assets/img/sponsors/wehaveservers.png +address: https://www.wehaveservers.com/ +--- diff --git a/assets/img/sponsors/wehaveservers.png b/assets/img/sponsors/wehaveservers.png new file mode 100644 index 000..e24a857 Binary files /dev/null and b/assets/img/sponsors/wehaveservers.png differ -- To stop receiving notification emails like this one, please contact the administrator of this repository. ___ CentOS-docs mailing list CentOS-docs@centos.org https://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] qemu-kvm images of old Windows XP SP3
On Sat, 2021-03-13 at 17:34 -0500, David McGuffey wrote: > On Mar 13, 2021, at 17:28, Jon LaBadie wrote: > > > > On Sat, Mar 13, 2021 at 10:03:54AM -0500, David McGuffey wrote: > > > I have a Nikon slide scanner (very high quality) for which the > > > software > > > has not been updated. It last ran on WinXP SP3 and I was not able > > > to > > > get it to run under Win 7 and certainly not Win 10. > > > > > > Anyone know where I can obtain images of this old OS to run in > > > CentOS 7 > > > under kvm? > > > > A search on DuckDuckGo (but not Google) led me to this .iso: > > > >https://archive.org/details/WinXPProSP3x86 > > > > -- > > Jon H. LaBadie j...@labadie.us > > Thank you. I’ll see if that loads as a VM. It doesn’t need to be > patched or be on the Internet. Just needs to load the Nikon software > and be able to pass-through the USB port to control the scanner. > > Will report back here once I’ve done that test. > > RESIST CENSORSHIP > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Thanks to all who responded. I had checked out VuScan a couple of years ago on Win7 but the capabilities to remove imperfections and control the RBG settings is not as rich. Found an old CD with WinXP SP3 on it but qemu-kvm would not pass the CD to the VM creation process. Ended up moving everything to a USB stick. Successfully created the VM and installed the software. Next step is to hook up the USB scanner, pass it to the VM and test. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "System error" when trying to logon via SSH to CentOS 8 joined to AD
Do I understand correctly that this problem - is too trivial - isn't in fact CentOS-related - never happened to anyone else ? There are no good explanations as far as I see, to such PAM behavior. I would appreciate advice on where else to ask about this (the mentioned quick fix doesn't look too good). Thanks. Sincerely, Konstantin On 23.03.2021 13:09, Konstantin Boyandin via CentOS wrote: > Hello, > > I joined a CentOS 8 box to an AD, using the below document as general > guide: > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory > (section 14.1) > > A problem: after I tried to log on via SSH (as an AD user) to the box, > the journalctl gets the below records: > > March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:auth): > authentication success; logname= uid=0 euid=0 tty=ssh ruser= > rhost=10.10.0.55 user=username > March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:account): Access > denied for user username: 4 (System error) > March 23 12:41:01 sandbox.lan sshd[2262]: Failed password for username > from 10.10.0.55 port 57610 ssh2 > March 23 12:41:01 sandbox.lan sshd[2262]: fatal: Access denied for user > username by PAM account configuration [preauth] > > Quick and dirty fix: > > When I comment a line in /etc/pam.d/password-auth (the one commented > below), error goes away: > === /etc/pam.d/password-auth below > auth required pam_env.so > auth required pam_faildelay.so delay=200 > auth [default=1 ignore=ignore success=ok] pam_usertype.so > isregular > auth [default=1 ignore=ignore success=ok] pam_localuser.so > auth sufficient pam_unix.so > nullok try_first_pass > auth [default=1 ignore=ignore success=ok] pam_usertype.so > isregular > auth sufficient pam_sss.so > forward_pass > auth required pam_deny.so > > account required pam_unix.so > account sufficient pam_localuser.so > account sufficient pam_usertype.so > issystem > #account [default=bad success=ok user_unknown=ignore] pam_sss.so > account required pam_permit.so > > password requisite pam_pwquality.so try_first_pass local_users_only > password sufficient pam_unix.so > sha512 shadow nullok try_first_pass use_authtok > password sufficient pam_sss.so > use_authtok > password required pam_deny.so > > session optional pam_keyinit.so > revoke > session required pam_limits.so > -session optional pam_systemd.so > session optional pam_oddjob_mkhomedir.so umask=0077 > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > session optional pam_sss.so > === /etc/pam.d/password-auth above > > If I understand correctly, the commented line means "account is invalid > by default; if found in SSSD, it's good; if not found - ignore and > proceed". Commenting it is not a good idea, but I can't figure out > what's wrong (according to first line from jornalctl authentication *is* > passed normally). > > Additional data (AD domain in this example is EXAMPLE.COM): > > $ realm list > realm list > example.com > type: kerberos > realm-name: EXAMPLE.COM > domain-name: example.com > configured: kerberos-member > server-software: active-directory > client-software: sssd > required-package: oddjob > required-package: oddjob-mkhomedir > required-package: sssd > required-package: adcli > required-package: samba-common-tools > login-formats: %U > login-policy: allow-realm-logins > > $ cat /etc/sssd/sssd.conf > [sssd] > domains = example.com > config_file_version = 2 > services = nss, pam, ssh > debug_level = 9 > > [domain/example.com] > ad_domain = example.com > krb5_realm = EXAMPLE.COM > realmd_tags = manages-system joined-with-adcli > cache_credentials = True > id_provider = ad > krb5_store_password_if_offline = True > default_shell = /bin/bash > ldap_sasl_authid = SANDBOX$ > ldap_id_mapping = True > use_fully_qualified_names = False > ad_gpo_ignore_unreadable = True > fallback_homedir = /home/%u > access_provider = ad > debug_level = 9 > === end of /etc/sssd/sssd.conf > > $ cat /etc/krb5.conf > includedir /etc/krb5.conf.d/ > > [logging] > default =
