[CentOS-announce] CESA-2007:1130-04: Moderate CentOS 2 i386 squid security update
The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHSA-2007:1130-04 Moderate: squid security update Files available: squid-2.4.STABLE7-1.21as.11.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0028-04: Low CentOS 2 i386 tzdata enhancement update
The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHEA-2008:0028-04 tzdata enhancement update Files available: tzdata-2007k-1.el2_1.noarch.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0003-05: Moderate CentOS 2 i386 e2fsprogs security update
The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHSA-2008:0003-05 Moderate: e2fsprogs security update Files available: e2fsprogs-1.26-1.73.i386.rpm e2fsprogs-devel-1.26-1.73.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0032-03: Important CentOS 2 i386 libxml2 security update
The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHSA-2008:0032-03 Important: libxml2 security update Files available: libxml2-2.4.19-7.ent.i386.rpm libxml2-devel-2.4.19-7.ent.i386.rpm libxml2-python-2.4.19-7.ent.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin Computer Systems Officer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2008:0001 CentOS 5 x86_64 fontconfig Update
CentOS Errata and Enhancement Advisory 2008:0001 Upstream details at : https://rhn.redhat.com/errata/RHEA-2008-0001.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 7723ffa0333f78b03ee270e4c57229e9 fontconfig-2.4.1-7.el5.i386.rpm 6149d6a3b62ba544a0f845e3ffd536af fontconfig-2.4.1-7.el5.x86_64.rpm c32a4d7fe895ca63e9e40e229a7df965 fontconfig-devel-2.4.1-7.el5.i386.rpm d02b8f5843d55a3eef23a62b9a5a6259 fontconfig-devel-2.4.1-7.el5.x86_64.rpm Source: f415495014a876e3ccd39a34effec5f1 fontconfig-2.4.1-7.el5.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0003 Moderate CentOS 5 x86_64 e2fsprogs Update
CentOS Errata and Security Advisory 2008:0003 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0003.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 9a3b8776930d6ce9bae8b30b84836f74 e2fsprogs-1.39-10.el5_1.1.x86_64.rpm a326ff26996e3cf0a5014e7012e6790c e2fsprogs-devel-1.39-10.el5_1.1.i386.rpm 814ac8457717cb743a2d21e3f5660f3a e2fsprogs-devel-1.39-10.el5_1.1.x86_64.rpm c1d6ef5917265f5f572167b13bfea4a2 e2fsprogs-libs-1.39-10.el5_1.1.i386.rpm 67a51e96c34bd742ff8f01cd7d313541 e2fsprogs-libs-1.39-10.el5_1.1.x86_64.rpm Source: f81ec4bdde5853f7f0106ca445bb1fce e2fsprogs-1.39-10.el5_1.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0032 Important CentOS 5 x86_64 libxml2 Update
CentOS Errata and Security Advisory 2008:0032 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0032.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: f6efc5dce99d242b0f391baad720b966 libxml2-2.6.26-2.1.2.1.i386.rpm 5a4af0735fe3783e476350849c860352 libxml2-2.6.26-2.1.2.1.x86_64.rpm b4fdd2c04696b8c87c9f5a3d1aca2bdc libxml2-devel-2.6.26-2.1.2.1.i386.rpm c11f3e4be92d89f4efd2c306d5ae0707 libxml2-devel-2.6.26-2.1.2.1.x86_64.rpm 757f9793bdaa79173e39583fc9c7353b libxml2-python-2.6.26-2.1.2.1.x86_64.rpm Source: ec2922f62487af48a6a6922919aebaff libxml2-2.6.26-2.1.2.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0032 Important CentOS 5 i386 libxml2 Update
CentOS Errata and Security Advisory 2008:0032 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0032.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 2cf1618957ce2d02a004f9a17f5a1d59 libxml2-2.6.26-2.1.2.1.i386.rpm 45c10b1482de34f7fc13df30bc4a01e1 libxml2-devel-2.6.26-2.1.2.1.i386.rpm 6b266d4fef785352d07c3b9fbb0163a4 libxml2-python-2.6.26-2.1.2.1.i386.rpm Source: ec2922f62487af48a6a6922919aebaff libxml2-2.6.26-2.1.2.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0038 Moderate CentOS 5 i386 postgresql Update
CentOS Errata and Security Advisory 2008:0038 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0038.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 09cec0fc2c094c1585c3b79f17369097 postgresql-8.1.11-1.el5_1.1.i386.rpm a09619af7d2fc838258cd265ab283557 postgresql-contrib-8.1.11-1.el5_1.1.i386.rpm 0b8db4c15c46e610f8d5a3ccf996af2c postgresql-devel-8.1.11-1.el5_1.1.i386.rpm f299f8e4e98a84ccec9ba8af68c5e9a6 postgresql-docs-8.1.11-1.el5_1.1.i386.rpm 7018bfa218822327992d3bcf1b60271b postgresql-libs-8.1.11-1.el5_1.1.i386.rpm 1d842d5ba6d1c7a4ae0adb8ca2a83a2b postgresql-pl-8.1.11-1.el5_1.1.i386.rpm e594c6b821c36591da4d79dc79a13453 postgresql-python-8.1.11-1.el5_1.1.i386.rpm f1a59fb86f89da1b1fb28297b0f132ec postgresql-server-8.1.11-1.el5_1.1.i386.rpm 7f7e855b5ba2e6d95d65f641a959d36c postgresql-tcl-8.1.11-1.el5_1.1.i386.rpm b40c0b1f3fb05ed27c9ab58d83b6fff9 postgresql-test-8.1.11-1.el5_1.1.i386.rpm Source: 096408b4fb846475be9d775b883ca25e postgresql-8.1.11-1.el5_1.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2008:0003 Moderate CentOS 5 i386 e2fsprogs Update
CentOS Errata and Security Advisory 2008:0003 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0003.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 79dac4eb326c0ee474f9392de0aac092 e2fsprogs-1.39-10.el5_1.1.i386.rpm 0d01c533405b991befbc8565e3fd55cc e2fsprogs-devel-1.39-10.el5_1.1.i386.rpm d078e0a54531cdba4e0f42aad184a003 e2fsprogs-libs-1.39-10.el5_1.1.i386.rpm Source: f81ec4bdde5853f7f0106ca445bb1fce e2fsprogs-1.39-10.el5_1.1.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, [EMAIL PROTECTED] ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS] md5 passwords?
On a C4.4 system, I want to add md5 passwords for the grub boot menu to prevent users from making selections other than the default boot options. I also want to add md5 passwords when attempting single user mode boots (may be answered by first request). The same for C5 systems. Thanks. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
a quick and dirty hack to 'fix' the problem in a large scale -- RE: [CentOS] Nic order detection
Les and Michael, There are a few ways to workaround the NIC detection issue. Each has its own advantages and limits. The first method is: suppose you or your team have full control of running kernel on your hundreds/thousands of boxes, your can then build some NIC drivers statically in the kernel -- these statically built NIC drivers will be detected as eth0 without glitches -- then leave other different NIC types on the same box still in dynamic kernel modules status. It works greatly if you know all the types of primary network NIC. Typically e100, tg3, etc. and you have already standardized the 2nd NIC on the boxes to one or two brands like e1000. The second method is: suppose you or your team can not control rebuilding of kernel, or at least you have no full control, but you really know the types of primary/secondary NICs combinations on all the Linux boxes in your kingdom. Then you can try the following hack: You can try to add/change lines in /lib/modules/`uname -r`/modules.dep file according to your NICs combinations -- always load the drivers according to your predefined order. For example: .../e1000.ko: .../tg3.ko .../3c59x.ko .../e100.ko .../forcedeth.ko .../forcedeth.ko: .../tg3.ko The above means to load the module at left, system will first load modules at right! So tg3|3c59x|e100|forcedeth always load before e1000, and tg3 load before forcedeth. The same idea can be applied to all NIC combination types your have and can be set only once and applied to all your linux boxes if you set it up correctly. The side-effect is: you have waste few hundreds Kilobytes memory, but who cares? There are also other tricks I tried before, some works and some not. But I think the above should probably work for most general cases. Have a good weekend. --Guolin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael D. Kralka Sent: Thursday, January 10, 2008 6:52 AM To: CentOS mailing list Subject: Re: [CentOS] Nic order detection Les Mikesell wrote: I do have the ifcfg-ethX files for the 2 interfaces that are currently active, but since the machines were built by image copies of a master disk, they do not have HWADDR address entries. A person on-site with access to the console adjusted them if they didn't come up right the first time, but they seem to shift around on each reboot. Will adding the HWADDR entry nail them down even if it doesn't match the nic type specified in modprobe.conf? Can someone point me to the code where this happens? Until recently the machines were running centos 3.x and this seems to be a difference in behavior. As already pointed out, yes adding HWADDR will nail them down and the entries in modprobe.conf don't mean much. If you (or a script) execute modprobe eth0 it will load the appropriate module. Unfortunately, this is not how CentOS 5 loads drivers. With CentOS 5, udev is used to load the drivers by looking at the modalias file found for each device under the /sys directory (search for them, there are many). For PCI devices, the modalias includes the 4 16-bit PCI ID values, the PCI device type, and some other information. Unfortunately, udev tries to be clever and loads drivers in parallel. As a result, if there are NICs that use different drivers, the order that the NICs are assigned ethX interfaces is left to the whim of the Linux scheduler (i.e. is non-deterministic). Devices using the same driver will always be assigned interface names in the same relative ordering. If they all use the same driver, they will always be assigned the same names, without having to fuss with the HWADDR option (this is due to how drivers enumerate PCI devices). In reality, HWADDR doesn't force the kernel to assign the desired interface to each device. It simply cleans up after udev by renaming the interfaces from what the kernel assigned to each NIC to the interfaces you expect. Search for rename_device in ifup-eth and network-functions, both found in the /etc/sysconfig/network-scripts directory. Cheers, Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] PHP 5.2.5 when ?
Hi When (some) expected rpm package for the upgrade php to version 5.2.5(CentOS4) ? ummm ... the answer is probably never. It is not clear why Red Hat (and CentOS too), so weak responds to changes of important packages. In this case the question: how to upgrade to PHP 5.2.5 correctly? 1. make ... etc. 2. or go search rpms/rpm in private repositories (for example: http://www.jasonlitka.com/2007/11/16/upgrading-to-php-525-on-rhel-and-centos/ )? -- wbr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 5.2.5 when ?
Santa Claus wrote: It is not clear why Red Hat (and CentOS too), so weak responds to changes of important packages. In this case the question: how to upgrade to PHP 5.2.5 correctly? If its really not clear, you're totally missing the whole *point* of RHEL. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 35, Issue 4
Send CentOS-announce mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2008:0032 Important CentOS 3 i386 libxml2 - security update (Tru Huynh) 2. CESA-2008:0032 Important CentOS 3 x86_64 libxml2 - security update (Tru Huynh) 3. CESA-2008:0039 Moderate CentOS 3 i386 postgresql - security update (Tru Huynh) 4. CESA-2008:0039 Moderate CentOS 3 x86_64 postgresql - security update (Tru Huynh) 5. CESA-2008:0032 Important CentOS 3 ia64 libxml2 - security update (Pasi Pirhonen) 6. CESA-2008:0039 Moderate CentOS 3 ia64 postgresql - security update (Pasi Pirhonen) 7. CESA-2008:0032 Important CentOS 4 ia64 libxml2 - security update (Pasi Pirhonen) 8. CESA-2008:0038 Moderate CentOS 4 ia64 postgresql - security update (Pasi Pirhonen) 9. CESA-2008:0032 Important CentOS 3 s390(x) libxml2 - security update (Pasi Pirhonen) 10. CESA-2008:0032 Important CentOS 4 s390(x) libxml2 - security update (Pasi Pirhonen) 11. CESA-2008:0039 Moderate CentOS 3 s390(x) postgresql - security update (Pasi Pirhonen) 12. CESA-2008:0038 Moderate CentOS 4 s390(x) postgresql - security update (Pasi Pirhonen) -- Message: 1 Date: Fri, 11 Jan 2008 15:30:01 +0100 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0032 Important CentOS 3 i386 libxml2 - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0032 libxml2 security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2008-0032.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/libxml2-2.5.10-8.i386.rpm updates/i386/RPMS/libxml2-devel-2.5.10-8.i386.rpm updates/i386/RPMS/libxml2-python-2.5.10-8.i386.rpm source: updates/SRPMS/libxml2-2.5.10-8.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update libxml2\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080111/5a983f77/attachment-0001.bin -- Message: 2 Date: Fri, 11 Jan 2008 15:31:07 +0100 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0032 Important CentOS 3 x86_64 libxml2 - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0032 libxml2 security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2008-0032.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/libxml2-2.5.10-8.i386.rpm updates/x86_64/RPMS/libxml2-2.5.10-8.x86_64.rpm updates/x86_64/RPMS/libxml2-devel-2.5.10-8.x86_64.rpm updates/x86_64/RPMS/libxml2-python-2.5.10-8.x86_64.rpm source: updates/SRPMS/libxml2-2.5.10-8.src.rpm You may update your CentOS-3 x86_64 installations by running the command: yum update libxml2 Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080111/00e0692c/attachment-0001.bin -- Message: 3 Date: Fri, 11 Jan 2008 15:31:56 +0100 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0039 Moderate CentOS 3 i386 postgresql - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0039 postgresql security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2008-0039.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/rh-postgresql-7.3.21-1.i386.rpm updates/i386/RPMS/rh-postgresql-contrib-7.3.21-1.i386.rpm updates/i386/RPMS/rh-postgresql-devel-7.3.21-1.i386.rpm
Re: [CentOS] md5 passwords?
Use grub-md5-crypt to generate the md5 hash. After edit /boot/grub/grub.conf and insert password --md5 your_hash_here With this option users couldn't edit grub options, so they couldn't neither boot in single user because they should provide the password in this case. On Jan 12, 2008 6:01 AM, Scott Ehrlich [EMAIL PROTECTED] wrote: On a C4.4 system, I want to add md5 passwords for the grub boot menu to prevent users from making selections other than the default boot options. I also want to add md5 passwords when attempting single user mode boots (may be answered by first request). The same for C5 systems. Thanks. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: a quick and dirty hack to 'fix' the problem in a large scale -- RE: [CentOS] Nic order detection
Guolin Cheng wrote: Les and Michael, I am going to bite my tongue and not ask to you refrain from top posting. As your subject suggests, you are proposing a quick and dirty hack to deal with interface assignment to physical NICs. Why bother with a quick and dirty hack when a sensible solution exists within the distribution? I see this a bad advice and hope no one follows it. There are a few ways to workaround the NIC detection issue. Each has its own advantages and limits. The first method is: suppose you or your team have full control of running kernel on your hundreds/thousands of boxes, your can then build some NIC drivers statically in the kernel -- these statically built NIC drivers will be detected as eth0 without glitches -- then leave other different NIC types on the same box still in dynamic kernel modules status. It works greatly if you know all the types of primary network NIC. Typically e100, tg3, etc. and you have already standardized the 2nd NIC on the boxes to one or two brands like e1000. Although this may work, I have just signed up for a lifetime of chasing kernel versions. Every time RHEL/CentOS release a new kernel to fix a bug or security vulnerability, I must recompile the kernel. How does this make sense if I have hundreds/thousands of boxes to to keep up to date? I'd rather yum update on all the boxes (which is easy to do) The second method is: suppose you or your team can not control rebuilding of kernel, or at least you have no full control, but you really know the types of primary/secondary NICs combinations on all the Linux boxes in your kingdom. Then you can try the following hack: You can try to add/change lines in /lib/modules/`uname -r`/modules.dep file according to your NICs combinations -- always load the drivers according to your predefined order. For example: .../e1000.ko: .../tg3.ko .../3c59x.ko .../e100.ko .../forcedeth.ko .../forcedeth.ko: .../tg3.ko Although this may work, it is another accident waiting to happen. This is a generated file and it is almost never a good idea to modify an generated file; one will get burned. I install a shiny new module that is not delivered as part of the kernel (drbd perhaps), and the post-install script runs depmod -a (a sensible thing to do); now I have just blown away the manual changes. Or ever time I install a new kernel (whether I am foolishly[1] building my own or using the distribution kernels), I have to remember to make this change. The worst part about this is that the effects will not be visible until the next time the server is rebooted (say 6 months when there is a power failure); the network interface assignment will be wrong. Good luck hunting down that problem in a pinch! [1] Don't get me wrong, there is a time and a place for building custom kernels; this is just not one of them. The above means to load the module at left, system will first load modules at right! So tg3|3c59x|e100|forcedeth always load before e1000, and tg3 load before forcedeth. The same idea can be applied to all NIC combination types your have and can be set only once and applied to all your linux boxes if you set it up correctly. The side-effect is: you have waste few hundreds Kilobytes memory, but who cares? The problem is not the wasted memory, it's the fragility of its design. There are also other tricks I tried before, some works and some not. But I think the above should probably work for most general cases. Why resort to tricks when there is a perfectly good solution supported by the distribution? I've learned that it never pays to be clever. When resorting to neat little tricks to get things to work, they get forgotten, or worse when someone else must look into a problem, they spend most of the time trying to understand the clever way things are set up. When stability is a main concern, boring is always better. Cheers, Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: a quick and dirty hack to 'fix' the problem in a large scale -- RE: [CentOS] Nic order detection
Michael D. Kralka wrote: Why resort to tricks when there is a perfectly good solution supported by the distribution? I've learned that it never pays to be clever. When resorting to neat little tricks to get things to work, they get forgotten, or worse when someone else must look into a problem, they spend most of the time trying to understand the clever way things are set up. When stability is a main concern, boring is always better. The problem is that the disk images are made in one location and swapped into place in others, by someone who knows hardware, not linux, so for a new machine we won't know the hardware address ahead of time. When I first realized that the NICs were detected in a different order I added a script that tried to bring them all up, look for link, assign an ip address and ping the associated router to figure out which 2 were in use and which address they should have. However I did not realize (and I still don't see this documented anywhere...) that the device names would be non-deterministic or that they could be renamed after the kernel assigns a name. I can probably tweak the script to pick up the mac address and include it in the ifcfg-ethX files to nail things down. But, I see something about adding udev rules for persistent names so this is probably going to change again. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Out of disk space at 2 GB?
On an ext3 filesystem, what would cause the system to claim it is out of disk space for a program writing information to disk, when df -h shows ample GB available and the file is being written to local disk rather than an nfs-mounted filesystem? I believe the hard drive is good. Ideas welcome. Thanks. Scott ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Out of disk space at 2 GB?
Scott Ehrlich wrote: On an ext3 filesystem, what would cause the system to claim it is out of disk space for a program writing information to disk, when df -h shows ample GB available and the file is being written to local disk rather than an nfs-mounted filesystem? I believe the hard drive is good. Ideas welcome. check that it is not out if inodes. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] service nfs start hangs on CentOS 4
On Fri, 2008-01-11 at 20:12 +0100, Frank Büttner wrote: Frank Büttner schrieb: Milton Calnek schrieb: Frank Büttner wrote: [EMAIL PROTECTED] schrieb: Hello when I try to start nfs the command hangs. I have found out, that the problem is, that I set an IP address at /etc/exports sample: /var/foo XXX.XXX.XXX(some rights) snip You might want to make sure that the portmap daemon is running. /etc/init.d/portmap status will tell you if it is runnning. If it is not..fire it up. snip After long waiting I get an RPC timeout error What's in your /etc/hosts.{allow | deny}? Even if portmap is running, these files need to have the correct contents. E.g. mine have # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: 192.168.2. 127.0.0. # hosts.denyThis file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In # particular you should know that NFS uses portmap! ALL: ALL snip sig stuff HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Out of disk space at 2 GB?
Scott Ehrlich wrote: On an ext3 filesystem, what would cause the system to claim it is out of disk space for a program writing information to disk, when df -h shows ample GB available and the file is being written to local disk rather than an nfs-mounted filesystem? I believe the hard drive is good. Ideas welcome. If the application is old it might not have been compiled with large file support. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [solved]service nfs start hangs on CentOS 4
William L. Maltby schrieb: snip these files need to have the correct contents. E.g. mine have # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: 192.168.2. 127.0.0. # hosts.denyThis file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In # particular you should know that NFS uses portmap! ALL: ALL snip sig stuff HTH This both files are empty. After long try I found the problem.:) I was an dead name server entry at /etc/resolv.conf. After remove it, nfs works how it shut do. Thanks for all help. smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
sure, I use webmin's LDAP Users and Groups module on every network server that I maintain. It's perfect for my needs. Yes, this is exactly what I'm trying to do. It would be perfect for our needs too. The first question that occurs to me is if you did all that. When you do 'getent passwd' does each user in LDAP show up? Remember that if you still have a user in /etc/passwd and in LDAP (which would be a fatal setup), they would actually appear twice. Yep, each user shows up one time when I run 'getent passwd'. I'm thinking that perhaps there is a problem in my /etc/ldap.conf since this is what it appears webmin is using to bind to the LDAP server. Here's a copy of that file if it's any help. #host 127.0.0.1 #base dc=domain,dc=com suffix dc=domain,dc=com #rootbinddn cn=Admin,dc=domain,dc=com uri ldap://127.0.0.1/ pam_password exop ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_passwd ou=People,dc=domain,dc=com nss_base_shadow ou=People,dc=domain,dc=com nss_base_group ou=Group,dc=domain,dc=com nss_base_hosts ou=Hosts,dc=domain,dc=com scope one ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] md5 passwords?
On a C4.4 system, I want to add md5 passwords for the grub boot menu to prevent users from making selections other than the default boot options. I also want to add md5 passwords when attempting single user mode boots (may be answered by first request). The same for C5 systems. http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-wstation-boot-sec.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos command to monitor a process for exit
On Fri, 2008-01-11 at 16:06 -0800, Bill Campbell wrote: On Sat, Jan 12, 2008, mouss wrote: Les Mikesell wrote: Jerry Geis wrote: Is there a command that will monitor a process for exiting (crash or normal exit) and then execute another command based on the said process no longer being active? Or is there a wrapper command that runs a process and when that process exists due to crashing or just exiting normally) that another process can be run. Why not use a shell script as a wrapper? If you don't put something in the background with an on the line, the next line will execute when/if the program started on the current line exits. There are nearly always other copies of the shell running anyway so you get shared-text efficiency. If you just want to keep restarting the same program, something like this should run forever. while : do my_program done This has two issues (at least): - if the program is a daemon, it returns immediately, so the scrpit will try to start the program again and again - if the script gets a signal, it will be killed. back to start. If you use ``kill -0 pid'' it shouldn't affect the running process, and will return success ($? = 0) if the process is running, and fail otherwise. A fairly standard way of checking things like this is: pidfile=/var/run/progname.pid progname_signal() { [ -f $progname_pidfile ] kill -$1 `cat $progname_pidfile` } if progname_signal 0 then echo is running else echo not running fi Bill ISTM that the trap command could be quite useful in this scenario. man bash, under built-in commands. One can analyze various returns, timestamp to prevent runaway restarting, etc. I've used it in the (far distant) past to great advantage. snip sig stuff HTH -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [solved]service nfs start hangs on CentOS 4
On Sat, 2008-01-12 at 16:07 +0100, Frank Büttner wrote: William L. Maltby schrieb: snip these files need to have the correct contents. E.g. mine have # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: 192.168.2. 127.0.0. # hosts.denyThis file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In # particular you should know that NFS uses portmap! ALL: ALL snip sig stuff HTH This both files are empty. After long try I found the problem.:) I was an dead name server entry at /etc/resolv.conf. After remove it, nfs works how it shut do. That is good to hear. If you have any exposure to the 'Net or some untrusted users on you local net, it would be good to have some rules in the /etc/hosts.{allow | deny}. snip sig stuff -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [solved]service nfs start hangs on CentOS 4
William L. Maltby schrieb: That is good to hear. If you have any exposure to the 'Net or some untrusted users on you local net, it would be good to have some rules in the /etc/hosts.{allow | deny}. snip sig stuff This was done by iptables:) Only allowed host can connect to the system, packages form other host are simply dropt. smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Out of disk space at 2 GB?
By default 5% of the disk is going to be allocated for use by the root user. If you are seeing as a non root user that the disk is full, but when you become root you are able to write files, then this could be your issue. You can change the amount of blocks that are allocated for root, but using the -m switch with tune2fs. Just a thought Joshua Gimer On Jan 12, 2008, at 7:49 AM, Les Mikesell wrote: Scott Ehrlich wrote: On an ext3 filesystem, what would cause the system to claim it is out of disk space for a program writing information to disk, when df -h shows ample GB available and the file is being written to local disk rather than an nfs-mounted filesystem? I believe the hard drive is good. Ideas welcome. If the application is old it might not have been compiled with large file support. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
On Sat, 2008-01-12 at 09:11 -0600, Sean Carolan wrote: sure, I use webmin's LDAP Users and Groups module on every network server that I maintain. It's perfect for my needs. Yes, this is exactly what I'm trying to do. It would be perfect for our needs too. The first question that occurs to me is if you did all that. When you do 'getent passwd' does each user in LDAP show up? Remember that if you still have a user in /etc/passwd and in LDAP (which would be a fatal setup), they would actually appear twice. Yep, each user shows up one time when I run 'getent passwd'. I'm thinking that perhaps there is a problem in my /etc/ldap.conf since this is what it appears webmin is using to bind to the LDAP server. Here's a copy of that file if it's any help. not really, have you run system-config-authentication ? That also configures pam nss which are necessary items. If each user shows only once AND they are in /etc/passwd and LDAP, then it would be a clear indication that the underlying system isn't configured to find users/groups/passwords in LDAP at all. If each user has been removed from /etc/passwd, then it may very well be working. Configuring Webmin's LDAP Users and Groups is only possible when you have configured the underlying system first, can actually do command line add/remove/delete ldap users and can authenticate as an LDAP user to various systems such as ssh. At that point, Webmin's configuration becomes obvious. It is not reasonable to expect Webmin to supply the understanding of LDAP that the administrator cannot accomplish without Webmin. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
not really, have you run system-config-authentication ? That also configures pam nss which are necessary items. Yes, I have and unfortunately when the 'ldap' tags are added to /etc/nsswitch.conf the system won't allow me to authenticate, su or sudo at all! If each user shows only once AND they are in /etc/passwd and LDAP, then it would be a clear indication that the underlying system isn't configured to find users/groups/passwords in LDAP at all. If each user has been removed from /etc/passwd, then it may very well be working. I'm hesitant to remove users from /etc/passwd and rely on LDAP for authentication before I'm sure it is working. Can you not have the system attempt first to authenticate users via LDAP, then fall back to pam_unix if that doesn't work? Configuring Webmin's LDAP Users and Groups is only possible when you have configured the underlying system first, can actually do command line add/remove/delete ldap users and can authenticate as an LDAP user to various systems such as ssh. At that point, Webmin's configuration becomes obvious. It is not reasonable to expect Webmin to supply the understanding of LDAP that the administrator cannot accomplish without Webmin. This is where I'm stuck. As soon as I try to turn on the system authentication by editing /etc/pam.d/system_auth and /etc/nsswitch.conf the system becomes unusable. Try to run su - and it just sits there and hangs. I know it's my own fault for not configuring it right, I just wish the available documentation gave some detailed examples. There is so much incorrect and incomplete information out there on the web that I'm not sure what to try. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
On Sat, 2008-01-12 at 10:44 -0600, Sean Carolan wrote: not really, have you run system-config-authentication ? That also configures pam nss which are necessary items. Yes, I have and unfortunately when the 'ldap' tags are added to /etc/nsswitch.conf the system won't allow me to authenticate, su or sudo at all! If each user shows only once AND they are in /etc/passwd and LDAP, then it would be a clear indication that the underlying system isn't configured to find users/groups/passwords in LDAP at all. If each user has been removed from /etc/passwd, then it may very well be working. I'm hesitant to remove users from /etc/passwd and rely on LDAP for authentication before I'm sure it is working. Can you not have the system attempt first to authenticate users via LDAP, then fall back to pam_unix if that doesn't work? Configuring Webmin's LDAP Users and Groups is only possible when you have configured the underlying system first, can actually do command line add/remove/delete ldap users and can authenticate as an LDAP user to various systems such as ssh. At that point, Webmin's configuration becomes obvious. It is not reasonable to expect Webmin to supply the understanding of LDAP that the administrator cannot accomplish without Webmin. This is where I'm stuck. As soon as I try to turn on the system authentication by editing /etc/pam.d/system_auth and /etc/nsswitch.conf the system becomes unusable. Try to run su - and it just sits there and hangs. I know it's my own fault for not configuring it right, I just wish the available documentation gave some detailed examples. There is so much incorrect and incomplete information out there on the web that I'm not sure what to try. #1 - Don't hand edit system-auth and nsswitch.conf by hand and also run system-config-authentication...the processes are mutually defeating. Just use system-config-authentication as it is designed to make the changes to both of those files and also /etc/ldap.conf as it sees fit. It works. #2 - You probably need to add the following lines to /etc/ldap.conf to smooth things... timelimit 30 bind_timelimit 30 bind_policy soft nss_initgroups_ignoreusers root,ldap This will solve your issues with 'su -' and the length of time it takes. I previously gave you links to CentOS documentation (which was lifted from RHEL) which discusses Red Hat's integration for using LDAP to authenticate. I also gave you the link to openldap.org administrator guide for using LDAP and I think I directed you to Gerald Carter's book which simplifies it. There also is information on TLDP web site. If you are dismayed by the lack of detailed information on the web, it's only because: - LDAP wasn't designed to do authentication in the first place - There is no one way to do authentication via LDAP, but rather a lot of methodologies. - LDAP is a tool that merely seeks to provide responsive usage to an ever increasing set of RFC's. Authentication is but one of thing that LDAP provides. The expectation that the usage of LDAP to accomplish a task should be apparent is like expecting GIMP to make you an artist. Start with 'test' users that don't exist in /etc/passwd until you get confidence. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos command to monitor a process for exit
On 1/10/08, Jerry Geis [EMAIL PROTECTED] wrote: Is there a command that will monitor a process for exiting (crash or normal exit) and then execute another command based on the said process no longer being active? If you want something simple, the wait(1) command can block until some process specified by its PID terminates. -- Daniel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Sendmail and the $h (solved)
I feel dirty after trolling throught the .cf file. Plussed addresses will not work w/ procmail if there is a typo in the sendmail.mc Works: /etc/mail/sendmaill.mc Addr 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 2 4 6 8 A C E 0610 --0a 4645 4154 5552 4528 6d61 -.FEATURE(ma 0620 7371 7565 7261 6465 5f65 6e76 656c 6f70 squerade_envelop 0630 6529 0a-- e).- Does not work (note the space before the new line): /etc/mail/sendmaill.mc.bad Addr 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 2 4 6 8 A C E 0600 0a46 4541 5455 5245 286d --.FEATURE(m 0610 6173 7175 6572 6164 655f 656e 7665 6c6f asquerade_envelo 0620 7065 2920 0a-- pe) .--- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Sr. Consultant10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail and the $h (solved)
On Sat, 2008-01-12 at 13:32 -0500, Jason Pyeron wrote: I feel dirty after trolling throught the .cf file. Plussed addresses will not work w/ procmail if there is a typo in the sendmail.mc Does not work (note the space before the new line): Yeah, m4 is psychotic that way. -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] PLEASE don't CC me; I'm already subscribed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
Thanks for your patience, Craig. So I took your advice and started with a fresh install of CentOS 5, and followed the instructions in the documentation exactly as they are written. I got this far: [EMAIL PROTECTED] migration]# ./migrate_all_online.sh Enter the X.500 naming context you wish to import into: [dc=domain,dc=com] Enter the hostname of your LDAP server [ldap]: server.domain.com Enter the manager DN: [cn=manager,dc=domain,dc=com]: Enter the credentials to bind with: Do you wish to generate a DUAConfigProfile [yes|no]? no Importing into dc=domain,dc=com... Creating naming context entries... Migrating groups... Migrating hosts... Migrating networks... Migrating users... Migrating protocols... Migrating rpcs... Migrating services... Migrating netgroups... Migrating netgroups (by user)... Migrating netgroups (by host)... ldap_bind: Invalid credentials (49) Importing into LDAP... ldap_bind: Invalid credentials (49) /usr/bin/ldapadd: returned non-zero exit status: saving failed LDIF to /tmp/nis.ldif.Hh9210 I will go and read all of the links you sent me, but it's very frustrating to follow even a simple tutorial for the OS and have it not work. Because I have little experience with LDAP I don't know whether it's a problem with the documentation, or human error. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
On Sat, 2008-01-12 at 17:00 -0600, Sean Carolan wrote: Thanks for your patience, Craig. So I took your advice and started with a fresh install of CentOS 5, and followed the instructions in the documentation exactly as they are written. I got this far: [EMAIL PROTECTED] migration]# ./migrate_all_online.sh Enter the X.500 naming context you wish to import into: [dc=domain,dc=com] Enter the hostname of your LDAP server [ldap]: server.domain.com Enter the manager DN: [cn=manager,dc=domain,dc=com]: Enter the credentials to bind with: Do you wish to generate a DUAConfigProfile [yes|no]? no Importing into dc=domain,dc=com... Creating naming context entries... Migrating groups... Migrating hosts... Migrating networks... Migrating users... Migrating protocols... Migrating rpcs... Migrating services... Migrating netgroups... Migrating netgroups (by user)... Migrating netgroups (by host)... ldap_bind: Invalid credentials (49) Importing into LDAP... ldap_bind: Invalid credentials (49) /usr/bin/ldapadd: returned non-zero exit status: saving failed LDIF to /tmp/nis.ldif.Hh9210 I will go and read all of the links you sent me, but it's very frustrating to follow even a simple tutorial for the OS and have it not work. Because I have little experience with LDAP I don't know whether it's a problem with the documentation, or human error. Just so we're clear here, you are actually trying to learn two distinct things simultaneously, how to use LDAP and how to use LDAP to authenticate. They are not the same thing. If you knew how to use LDAP, adding authentication to the knowledge base would be relatively trivial. Likewise, if you knew how to use LDAP, configuring Webmin would be relatively trivial. I can tell you that Gerald Carter's book makes the entire process painless but you are going to do it your way and I respect that to a point...but ask that you recognize that you do so at the peril of massive frustration. invalid credentials (error 49) is what you get when the binddn you are using doesn't work. To do a live add, it presumes that you have already created the password with the slappasswd command and entered that value for the password as rootbinddn in slapd.conf and that you are telling migrate_all_online.sh to use that exact same rootbinddn. Make sense? Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Is there any problem with updates repo ?????
when I tried to update my centos i got this message why??? Setting up repositories base 100% |=| 1.1 kB 00:00 updates 100% |=| 951 B 00:00 addons100% |=| 951 B 00:00 extras100% |=| 1.1 kB 00:00 Determining fastest mirrors Reading repository metadata in from local files primary.xml.gz100% |=| 834 kB 00:00 ## 2400/2400 primary.xml.gz100% |=| 87 kB 00:00 http://mirror.centos.org/centos/5/updates/i386/repodata/primary.xml.gz: [Errno -1] Metadata file does not match checksum Trying other mirror. Error: failure: repodata/primary.xml.gz from updates: [Errno 256] No more mirrors to try. -- Nuestra recompensa se encuentra en el esfuerzo y no en el resultado. Un esfuerzo total es una victoria completa. Mahatma Gandhi (@ @) |--o00o-(_)-o00o--| |Manuel Enrique Chávez Manzano| |[EMAIL PROTECTED] | |[EMAIL PROTECTED] | |GNU/LINUX User | |#424754 | |Using CentOS 5 | |---ooo--ooo--| signature.asc Description: Esta parte del mensaje está firmada digitalmente ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
Just so we're clear here, you are actually trying to learn two distinct things simultaneously, how to use LDAP and how to use LDAP to authenticate. They are not the same thing. If you knew how to use LDAP, adding authentication to the knowledge base would be relatively trivial. Likewise, if you knew how to use LDAP, configuring Webmin would be relatively trivial. Thank you for the info. I understand that LDAP and authentication are not the same thing. We use LDAP within our organization for storing other types of data but most of the staff do not like to deal with it. In fact some team members were opposed to using LDAP for authentication, now I understand why! It seems to be a pain in the ass to learn how to use and configure. I can tell you that Gerald Carter's book makes the entire process painless but you are going to do it your way and I respect that to a point...but ask that you recognize that you do so at the peril of massive frustration. At this point I am leaning toward using kerberos instead. It took me 20 minutes to get a working kerberos server installation up and running, and I can now easily add new users and authenticate them, manage tickets, etc. Now I understand what you meant about LDAP not being designed for authentication. Thank you again for your time, Craig. This was a good learning experience for me. thanks Sean ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
On Sat, 2008-01-12 at 17:49 -0600, Sean Carolan wrote: Just so we're clear here, you are actually trying to learn two distinct things simultaneously, how to use LDAP and how to use LDAP to authenticate. They are not the same thing. If you knew how to use LDAP, adding authentication to the knowledge base would be relatively trivial. Likewise, if you knew how to use LDAP, configuring Webmin would be relatively trivial. Thank you for the info. I understand that LDAP and authentication are not the same thing. We use LDAP within our organization for storing other types of data but most of the staff do not like to deal with it. In fact some team members were opposed to using LDAP for authentication, now I understand why! It seems to be a pain in the ass to learn how to use and configure. I can tell you that Gerald Carter's book makes the entire process painless but you are going to do it your way and I respect that to a point...but ask that you recognize that you do so at the peril of massive frustration. At this point I am leaning toward using kerberos instead. It took me 20 minutes to get a working kerberos server installation up and running, and I can now easily add new users and authenticate them, manage tickets, etc. Now I understand what you meant about LDAP not being designed for authentication. Thank you again for your time, Craig. This was a good learning experience for me. sure but for less than $20 and 2-3 hours, you can master LDAP and be the envy of all the guys in your office and the object of affection for all the ladies. ;-) kerberos is actually a more secure authentication system because passwords don't continually cross the network. Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ERROR during HTTP install from a Centos mirror
Hi! I'm trying to install centos 5.1 as a http installation from a centos mirror. i've done it before with Fedora, figured I could do it with Centos, too, but every time I try it, it goes all the way thru Anaconda to the point of entering the root password, then I get an error about not being able to find the repodata. I note that the section in the upstream manuals about network installs imply (without ever being extremely specific) that you would have your own server with the files on it. Is this some limitation that prevents us from using a centos mirror instead? Anyway, I've tried with two mirrors. when it asked me for the system name and the path to the directory, I entered this (for one of the tries): www.gtlib.gatech.edu /pub/centos/5.1/os/i386 and for the other mirror mirror.rhsmith.umd.edu /pub/centos/5.1/os/i386 in the two lines of the form. Is this right? (the manuals aren't really really terribly explicit). Thanks! -- Fred Smith -- [EMAIL PROTECTED] - The Lord is like a strong tower. Those who do what is right can run to him for safety. --- Proverbs 18:10 (niv) - pgpmeLUVZMTvk.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ERROR during HTTP install from a Centos mirror
On Jan 12, 2008 5:03 PM, fred smith [EMAIL PROTECTED] wrote: www.gtlib.gatech.edu /pub/centos/5.1/os/i386 and for the other mirror mirror.rhsmith.umd.edu /pub/centos/5.1/os/i386 in the two lines of the form. Is this right? (the manuals aren't really really terribly explicit). They both look correct to me. But you may be having some network / connection issue to the servers. Take a look at the mirror list and find the one that gives you a stable and fast connection. It may not necessarily be physically closest to you. http://www.centos.org/modules/tinycontent/index.php?id=13 Another thing you might want to consider as an option is to try a minimal type install and later yum install other packages as needed. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ERROR during HTTP install from a Centos mirror
On Sat, 2008-01-12 at 20:03 -0500, fred smith wrote: Hi! I'm trying to install centos 5.1 as a http installation from a centos mirror. i've done it before with Fedora, figured I could do it with Centos, too, but every time I try it, it goes all the way thru Anaconda to the point of entering the root password, then I get an error about not being able to find the repodata. I note that the section in the upstream manuals about network installs imply (without ever being extremely specific) that you would have your own server with the files on it. Is this some limitation that prevents us from using a centos mirror instead? Anyway, I've tried with two mirrors. when it asked me for the system name and the path to the directory, I entered this (for one of the tries): www.gtlib.gatech.edu /pub/centos/5.1/os/i386 and for the other mirror mirror.rhsmith.umd.edu /pub/centos/5.1/os/i386 in the two lines of the form. Is this right? (the manuals aren't really really terribly explicit). I would expect it to work as you had it though... - I would use /pub/centos/5/os/i386 - I would use the same boot disc, i.e. http://www.gtlib.gatech.edu/pub/centos/5/isos/i386/CentOS-5.1-i386-bin-1of6.iso to boot the computer but either way, it should have worked though I thought that the Georgia Tech web server was quite slow to respond...perhaps anaconda is just timing out. as with your path (5.1), the repodata directory is indeed there... http://www.gtlib.gatech.edu/pub/centos/5/os/i386/repodata/ Craig ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
In fact Kerberos and LDAP are two great tastes that go well together. Keep user information and authorization information in LDAP while keep user authentication information in Kerberos. Later you could try to keep Kerberos authentication information in LDAP with Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this compromises the whole Kerberos security principal. Maybe it does, but it sure makes for easy redundancy. -Ross - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: CentOS mailing list centos@centos.org Sent: Sat Jan 12 18:49:31 2008 Subject: Re: [CentOS] Howto for LDAP authentication with replication Just so we're clear here, you are actually trying to learn two distinct things simultaneously, how to use LDAP and how to use LDAP to authenticate. They are not the same thing. If you knew how to use LDAP, adding authentication to the knowledge base would be relatively trivial. Likewise, if you knew how to use LDAP, configuring Webmin would be relatively trivial. Thank you for the info. I understand that LDAP and authentication are not the same thing. We use LDAP within our organization for storing other types of data but most of the staff do not like to deal with it. In fact some team members were opposed to using LDAP for authentication, now I understand why! It seems to be a pain in the ass to learn how to use and configure. I can tell you that Gerald Carter's book makes the entire process painless but you are going to do it your way and I respect that to a point...but ask that you recognize that you do so at the peril of massive frustration. At this point I am leaning toward using kerberos instead. It took me 20 minutes to get a working kerberos server installation up and running, and I can now easily add new users and authenticate them, manage tickets, etc. Now I understand what you meant about LDAP not being designed for authentication. Thank you again for your time, Craig. This was a good learning experience for me. thanks Sean ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
On 1/13/08, Ross S. W. Walker [EMAIL PROTECTED] wrote: In fact Kerberos and LDAP are two great tastes that go well together. Keep user information and authorization information in LDAP while keep user authentication information in Kerberos. Later you could try to keep Kerberos authentication information in LDAP with Heimdel (spelling?) Kerberos (like MS AD does) though many purists feel this compromises the whole Kerberos security principal. Maybe it does, but it sure makes for easy redundancy. -Ross - Original Message - From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: CentOS mailing list centos@centos.org Sent: Sat Jan 12 18:49:31 2008 Subject: Re: [CentOS] Howto for LDAP authentication with replication Just so we're clear here, you are actually trying to learn two distinct things simultaneously, how to use LDAP and how to use LDAP to authenticate. They are not the same thing. If you knew how to use LDAP, adding authentication to the knowledge base would be relatively trivial. Likewise, if you knew how to use LDAP, configuring Webmin would be relatively trivial. Thank you for the info. I understand that LDAP and authentication are not the same thing. We use LDAP within our organization for storing other types of data but most of the staff do not like to deal with it. In fact some team members were opposed to using LDAP for authentication, now I understand why! It seems to be a pain in the ass to learn how to use and configure. I can tell you that Gerald Carter's book makes the entire process painless but you are going to do it your way and I respect that to a point...but ask that you recognize that you do so at the peril of massive frustration. At this point I am leaning toward using kerberos instead. It took me 20 minutes to get a working kerberos server installation up and running, and I can now easily add new users and authenticate them, manage tickets, etc. Now I understand what you meant about LDAP not being designed for authentication. Thank you again for your time, Craig. This was a good learning experience for me. thanks Sean ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto for LDAP authentication with replication
sure but for less than $20 and 2-3 hours, you can master LDAP and be the envy of all the guys in your office and the object of affection for all the ladies. ;-) kerberos is actually a more secure authentication system because passwords don't continually cross the network. I do plan to get some books and read up on this some more. Thank you again for all the suggestions. The centos mailing list seems like a good resource with some smart people on it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Can TFTPD run in a chroot jail?
Hi, I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. I downloaded the atftp-server package and tried to set up my own tftpd jail. I copied over the linked libs to the proper place, the /etc/passwd, /etc/groups, /etc/hosts, /etc/nsswitch.conf, /etc/resolv, /etc/services files. I even created the dev/null device and set up syslog to read from the jail/dev/log device. However, I can't seem to launch it from within the jail. It works fine when I try from the regular prompt, but when I try to launch from within the jail, I doesn't want to start: [EMAIL PROTECTED] tftpd]# /usr/sbin/chroot /chroot/tftpd/ /usr/sbin/atftpd --daemon --no-fork in /var/log/messages: Jan 12 23:09:02 apollo atftpd[17479]: atftpd: udp/tftp, unknown service So it apparently is unable to read my /chroot/tftpd/etc/services file. If I set the port number manually: [EMAIL PROTECTED] tftpd]# /usr/sbin/chroot /chroot/tftpd/ /usr/sbin/atftpd --daemon --no-fork --port 69 -user eric.eric Jan 12 23:16:05 apollo atftpd[17556]: atftpd: can't change identity to eric.eric, exiting. I know the tftpd daemon is able to read the /chroot/tftpd/etc/ directory as it is properly reading my /etc/localtime file (if i remove /etc/localtime the logged timestamp changes). Can anyone point me in the right direction as to things to try? I've tried everything I can think of, and even then some things, but just can't figure it out... Thanks! Eric ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Out of disk space at 2 GB?
On Saturday 12 January 2008 21:23:13 Scott Ehrlich wrote: On an ext3 filesystem, what would cause the system to claim it is out of disk space for a program writing information to disk, when df -h shows ample GB available and the file is being written to local disk rather than an nfs-mounted filesystem? It's a long shot, maybe the impossing filesize limit is the program itself such as apache's 2GB limit? -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 10:02:09 up 1 day, 14:00, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] find switch to find files of a certain size?
On Thursday 10 January 2008 23:21:55 [EMAIL PROTECTED] wrote: Is there a switch in find (or some other command besides find) that'll let you find files larger than a specified size? My file system is 88% full and I'd like to see where the biggest space hoggers are. I also found this on the net: du /path/to/anywhere/* -hs | grep [0-9]M | sort -rn | head -20 It will sort the space usage of each directories. HTH, -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 10:15:48 up 1 day, 14:14, 2.6.22-14-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org The real challenge of teaching is getting your students motivated to learn. signature.asc Description: This is a digitally signed message part. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ERROR during HTTP install from a Centos mirror
On Sat, Jan 12, 2008 at 06:18:51PM -0700, Craig White wrote: On Sat, 2008-01-12 at 20:03 -0500, fred smith wrote: Hi! I'm trying to install centos 5.1 as a http installation from a centos mirror. i've done it before with Fedora, figured I could do it with Centos, too, but every time I try it, it goes all the way thru Anaconda to the point of entering the root password, then I get an error about not being able to find the repodata. I note that the section in the upstream manuals about network installs imply (without ever being extremely specific) that you would have your own server with the files on it. Is this some limitation that prevents us from using a centos mirror instead? Anyway, I've tried with two mirrors. when it asked me for the system name and the path to the directory, I entered this (for one of the tries): www.gtlib.gatech.edu /pub/centos/5.1/os/i386 and for the other mirror mirror.rhsmith.umd.edu /pub/centos/5.1/os/i386 in the two lines of the form. Is this right? (the manuals aren't really really terribly explicit). I would expect it to work as you had it though... - I would use /pub/centos/5/os/i386 - I would use the same boot disc, i.e. http://www.gtlib.gatech.edu/pub/centos/5/isos/i386/CentOS-5.1-i386-bin-1of6.iso to boot the computer but either way, it should have worked though I thought that the Georgia Tech web server was quite slow to respond...perhaps anaconda is just timing out. as with your path (5.1), the repodata directory is indeed there... http://www.gtlib.gatech.edu/pub/centos/5/os/i386/repodata/ Craig Well. tried it yet again, using the rhsmith.edu site (for not the first time) and it's working this time. I followed your suggestion of using centos/5 instead of centos/5.1. Thanks! -- Fred Smith -- [EMAIL PROTECTED] - The Lord detests the way of the wicked but he loves those who pursue righteousness. - Proverbs 15:9 (niv) - pgptxqKoyrseC.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: a quick and dirty hack to 'fix' the problem in a large scale-- RE: [CentOS] Nic order detection
Michael, There are no points to argue about which are the best 'official' ways which just like a war between vi or Emacs before. I may be stupid but any methods fix users' problem are the best ones. I've tried the official 'rename' or udev ways before, but finally I gave up and end up the two ways I've mentioned. Espectially the seconds, it works perfectly when I rerolled my Centos 5.0 and 5.1 initrd.img files for custom Kickstart installation in a really large scale. Good luck and have a new year. --Guolin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael D. Kralka Sent: Saturday, January 12, 2008 5:41 AM To: CentOS mailing list Subject: Re: a quick and dirty hack to 'fix' the problem in a large scale-- RE: [CentOS] Nic order detection Guolin Cheng wrote: Les and Michael, I am going to bite my tongue and not ask to you refrain from top posting. As your subject suggests, you are proposing a quick and dirty hack to deal with interface assignment to physical NICs. Why bother with a quick and dirty hack when a sensible solution exists within the distribution? I see this a bad advice and hope no one follows it. There are a few ways to workaround the NIC detection issue. Each has its own advantages and limits. The first method is: suppose you or your team have full control of running kernel on your hundreds/thousands of boxes, your can then build some NIC drivers statically in the kernel -- these statically built NIC drivers will be detected as eth0 without glitches -- then leave other different NIC types on the same box still in dynamic kernel modules status. It works greatly if you know all the types of primary network NIC. Typically e100, tg3, etc. and you have already standardized the 2nd NIC on the boxes to one or two brands like e1000. Although this may work, I have just signed up for a lifetime of chasing kernel versions. Every time RHEL/CentOS release a new kernel to fix a bug or security vulnerability, I must recompile the kernel. How does this make sense if I have hundreds/thousands of boxes to to keep up to date? I'd rather yum update on all the boxes (which is easy to do) The second method is: suppose you or your team can not control rebuilding of kernel, or at least you have no full control, but you really know the types of primary/secondary NICs combinations on all the Linux boxes in your kingdom. Then you can try the following hack: You can try to add/change lines in /lib/modules/`uname -r`/modules.dep file according to your NICs combinations -- always load the drivers according to your predefined order. For example: .../e1000.ko: .../tg3.ko .../3c59x.ko .../e100.ko .../forcedeth.ko .../forcedeth.ko: .../tg3.ko Although this may work, it is another accident waiting to happen. This is a generated file and it is almost never a good idea to modify an generated file; one will get burned. I install a shiny new module that is not delivered as part of the kernel (drbd perhaps), and the post-install script runs depmod -a (a sensible thing to do); now I have just blown away the manual changes. Or ever time I install a new kernel (whether I am foolishly[1] building my own or using the distribution kernels), I have to remember to make this change. The worst part about this is that the effects will not be visible until the next time the server is rebooted (say 6 months when there is a power failure); the network interface assignment will be wrong. Good luck hunting down that problem in a pinch! [1] Don't get me wrong, there is a time and a place for building custom kernels; this is just not one of them. The above means to load the module at left, system will first load modules at right! So tg3|3c59x|e100|forcedeth always load before e1000, and tg3 load before forcedeth. The same idea can be applied to all NIC combination types your have and can be set only once and applied to all your linux boxes if you set it up correctly. The side-effect is: you have waste few hundreds Kilobytes memory, but who cares? The problem is not the wasted memory, it's the fragility of its design. There are also other tricks I tried before, some works and some not. But I think the above should probably work for most general cases. Why resort to tricks when there is a perfectly good solution supported by the distribution? I've learned that it never pays to be clever. When resorting to neat little tricks to get things to work, they get forgotten, or worse when someone else must look into a problem, they spend most of the time trying to understand the clever way things are set up. When stability is a main concern, boring is always better. Cheers, Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] LIMITING NUMBER OF KERNEL VERSIONS RETAINED
Hi Some time ago there was a discussion on the above subject. I have scanned the past few month's mailing list archives and cannot find the relevant mail(s). Could somebody please repost the solution or point me at the correct resource. I would also appreciate advice on how to do this on a RHEL4 server being updated with up2date. Is it safe just to delete the old kernel and initrd files from the boot partition and the grub conf file? TIA ChrisG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos