[CentOS] sssd - ldap host attribute ignored
Dear all, i have a problem with sssd in conjunction with ldap on a centos 7 x86_64 box. ldap works fine. I can login there as an usual user registred in ldap. I want now restrict the access with ldap's host attribute. This is beeing ignored. Still every ldap user can login, no matter what the host attribute says. I googled around and only found that sssd.conf need two lines: access_provider = ldap ldap_access_order = host So i do not understand why it is not working. I append to this e-mail: /etc/sssd/sssd.conf /etc/ldap.conf /etc/pamd.d/ssh Can somebody give me hints what could be wrong? With kind reagards and thanks a lot in advance, Ulrich /etc/sssd/sssd.conf: [sssd] config_file_version = 2 services = nss, pam, autofs domains = default # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/NAME] sections, and # then add the list of domains (in the order you want them to be # queried) to the domains attribute below and uncomment it. # domains = LDAP [nss] filter_groups = root filter_users = root [pam] [domain/default] ldap_uri = ldap://myldapserver.mydomain ldap_search_base = o= ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = ou=,o= ldap_group_search_base = ou=,o= access_provider = ldap ldap_access_filter = memberOf=ou=,o= ldap_access_order = host /etc/ldap.conf: -- # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URIldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/cacerts # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANONon URI ldap://myldapserver.mydomain BASE ou=,o= /etc/pam.d/sshd: -- #%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin accountrequired pam_nologin.so accountinclude password-auth password include password-auth # pam_selinux.so close should be the first session rule sessionrequired pam_selinux.so close sessionrequired pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context sessionrequired pam_selinux.so open env_params sessionoptional pam_keyinit.so force revoke sessioninclude password-auth sessioninclude postlogin session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-announce] CESA-2015:0249 Critical CentOS 5 samba3x Security Update
CentOS Errata and Security Advisory 2015:0249 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0249.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b959846c0238d89a90f96b590e8bdb318c5b38e8321f5081adfaad5a5624cbd7 samba3x-3.6.23-9.el5_11.i386.rpm d7604514670b2afb38a0b31bc97e20f4311eea118480ae84b85626ce03f61a0d samba3x-client-3.6.23-9.el5_11.i386.rpm 0515570a56ea776a94fdb11e9af7f72506f2a0d4d8e4cc8ab05a36c710d1de50 samba3x-common-3.6.23-9.el5_11.i386.rpm 127822fc09b56cbe6607b30db17a853f3a25b4c21157beb66b3b8688bf2b8908 samba3x-doc-3.6.23-9.el5_11.i386.rpm f7b284da9d8a6e43885c6496b4481744067b77e41ad247a9a122347810fd9e68 samba3x-domainjoin-gui-3.6.23-9.el5_11.i386.rpm e0de99a8568b1189d38aa115492e37543f811f19c825db275b02335749944c39 samba3x-swat-3.6.23-9.el5_11.i386.rpm 2b82e29d62a05f36e1dbe0648062cf741e601fa4a6d0fe778801ff1336af62a2 samba3x-winbind-3.6.23-9.el5_11.i386.rpm b7639167c18e9774b66bd3f5cf502e56a23750c9fd845de6d0a6de675fd83c41 samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm x86_64: cc507bb501036ed64c4a66105e11432e859c2646124623b8a6363378e8bf0954 samba3x-3.6.23-9.el5_11.x86_64.rpm a480cb7320101ba2745f070cd241b5ad7f6f821d21bb3c158a4d51dc855f34ef samba3x-client-3.6.23-9.el5_11.x86_64.rpm f705e620f1ab4ca626745ef95db06ae78fb84661fe0583d3cd55d661dd2571bc samba3x-common-3.6.23-9.el5_11.x86_64.rpm 8b41a5f0dd88338a04afc19c6acbfbe2ce1ccd345a1c651d63693e877e9fc269 samba3x-doc-3.6.23-9.el5_11.x86_64.rpm b5c497acddbb0e008982df05bf789b085912820d9f5c8bcec006bd8d4d3e709a samba3x-domainjoin-gui-3.6.23-9.el5_11.x86_64.rpm 78a8f55d5fbd76350f959696da4931ba047b1c88f3b404ff88da3c29d11637db samba3x-swat-3.6.23-9.el5_11.x86_64.rpm 2b82e29d62a05f36e1dbe0648062cf741e601fa4a6d0fe778801ff1336af62a2 samba3x-winbind-3.6.23-9.el5_11.i386.rpm 8a38703cf8d831ca806b5d86d4e308f0d5dd3cb7b91be6b12b813c3f9418bf29 samba3x-winbind-3.6.23-9.el5_11.x86_64.rpm b7639167c18e9774b66bd3f5cf502e56a23750c9fd845de6d0a6de675fd83c41 samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm c713a79c036c1c96327dc8f67a9916d5f13c865e3e84f6e45fc505c2c122196f samba3x-winbind-devel-3.6.23-9.el5_11.x86_64.rpm Source: 294a27552595bb76be5c48e13a2971ae0216d4c7dce26c0fa251031db170ef4d samba3x-3.6.23-9.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2015:0251 Critical CentOS 6 samba Security Update
CentOS Errata and Security Advisory 2015:0251 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0251.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 15a1cf88865a386b4641c0c0733f3b4a3ef069ddb4a64bdd373d05c737fe7218 libsmbclient-3.6.23-14.el6_6.i686.rpm 581127efd855ae9f48596869efc0b968d1a07493e2072b4c51610d8ea734f709 libsmbclient-devel-3.6.23-14.el6_6.i686.rpm 5304185a24d9177ac994c80dc979c3e01094b8eae5e878ffbd831536d476c023 samba-3.6.23-14.el6_6.i686.rpm 831a070f77bae7bd8d27ea1c3f9a28857a8ca72b733318961134ad0c7a2006f0 samba-client-3.6.23-14.el6_6.i686.rpm 38c3afb0bff3a798a9fc9145396f397e873b43e25116bce933f64568d2504111 samba-common-3.6.23-14.el6_6.i686.rpm e734d422feb9bbfdbfcaad386327bc6348fbaf5a5daa07def2ef03fcebd2dd80 samba-doc-3.6.23-14.el6_6.i686.rpm 036dd4357445ce96f0073f238ca065a8d3fefedba4f8bbfd2c37a9d272866013 samba-domainjoin-gui-3.6.23-14.el6_6.i686.rpm b3f8d7de5cc738fc8e50f68ccbd45b3823704ad3be9479f069cf088798666db2 samba-swat-3.6.23-14.el6_6.i686.rpm 81dc77fba66b55425a4f5fd4e5e991d87254a0b1603b72230a4321a3c535a12e samba-winbind-3.6.23-14.el6_6.i686.rpm 7b90b64bf7884354cbf42458b1ecc852aaf98e6e7b1dea15c16dfdb49e1ffac7 samba-winbind-clients-3.6.23-14.el6_6.i686.rpm d58b325641edd0b4f0652a058ce46a74cf253381981bbac6b5d0c7d31886c6d3 samba-winbind-devel-3.6.23-14.el6_6.i686.rpm c3ed74ca74e29de0d8a8d8d3da47ad0174509dca737bf7ba02f6e72558e01a1d samba-winbind-krb5-locator-3.6.23-14.el6_6.i686.rpm x86_64: 15a1cf88865a386b4641c0c0733f3b4a3ef069ddb4a64bdd373d05c737fe7218 libsmbclient-3.6.23-14.el6_6.i686.rpm b484ab49ea15120453035ef48a54905301b3acbf4ed4a5dff0d43b22a8c9b40f libsmbclient-3.6.23-14.el6_6.x86_64.rpm 581127efd855ae9f48596869efc0b968d1a07493e2072b4c51610d8ea734f709 libsmbclient-devel-3.6.23-14.el6_6.i686.rpm 03284d79cb4483e998cd8fea9792ed36504e8bd6a9444de564f770028f3b8f65 libsmbclient-devel-3.6.23-14.el6_6.x86_64.rpm e19d3cddba865d317fe4c318b0c78d4e4cc7c95e3946f9c4ac57b04aac882e7a samba-3.6.23-14.el6_6.x86_64.rpm f9a1ce622fc06d47860f9c14d31d543982975888e325fdaba0cd54089427a2a7 samba-client-3.6.23-14.el6_6.x86_64.rpm 38c3afb0bff3a798a9fc9145396f397e873b43e25116bce933f64568d2504111 samba-common-3.6.23-14.el6_6.i686.rpm 4778d83ac995759aced82c362dd2e9d1fb3e3bf110e758e2ea42da62ec80f22f samba-common-3.6.23-14.el6_6.x86_64.rpm 44621c64c34d9c88240e0b0dee1be7bebe5be3e9ae7b08a780e8606bced2 samba-doc-3.6.23-14.el6_6.x86_64.rpm d2f449bba0dffa889ad83e36d5aad1c85273cbea41378760171ab3910a3f42dc samba-domainjoin-gui-3.6.23-14.el6_6.x86_64.rpm 60bf3dae01e9c79c3980ad2fd9c3a590317ebdd6d4889dc171beff1d7a0f3d40 samba-glusterfs-3.6.23-14.el6_6.x86_64.rpm 84dbe3c4002fd7c4de8eaafe0280f2dae280ef61dc6343bbfdb37da25e7173ab samba-swat-3.6.23-14.el6_6.x86_64.rpm 857e6c80a014b72b2f3d50ba409feb2ef5b1dc6f929bccf612247d9920c806cf samba-winbind-3.6.23-14.el6_6.x86_64.rpm 7b90b64bf7884354cbf42458b1ecc852aaf98e6e7b1dea15c16dfdb49e1ffac7 samba-winbind-clients-3.6.23-14.el6_6.i686.rpm 52e41de1abb0962a6d4b0059833b1ffdd4cd9ebf0f7368767227a75cecf4e83c samba-winbind-clients-3.6.23-14.el6_6.x86_64.rpm d58b325641edd0b4f0652a058ce46a74cf253381981bbac6b5d0c7d31886c6d3 samba-winbind-devel-3.6.23-14.el6_6.i686.rpm af7e8292ecd67ba31e11b75f035c903bd0fa958da1dac3561c331735691a5928 samba-winbind-devel-3.6.23-14.el6_6.x86_64.rpm ee6f96afabf76a2371f6ad7794094007794abced49c15fc264f9ad89d105637e samba-winbind-krb5-locator-3.6.23-14.el6_6.x86_64.rpm Source: 8546e15a497917367389ff0c88c8f98d1a8bbd415f13693d4005b06cb547041f samba-3.6.23-14.el6_6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2015:0250 Critical CentOS 6 samba4 Security Update
CentOS Errata and Security Advisory 2015:0250 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0250.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 100fe5b533cc33de42032d0f79f0f585b08e1ec39c443378bec41c3d49fdd958 samba4-4.0.0-66.el6_6.rc4.i686.rpm d011f2eaddbfbf48bfa6201bb6d54de09e4480f4b5e0ca00259468657d30e20d samba4-client-4.0.0-66.el6_6.rc4.i686.rpm a3b9936143830374f537260271001a7653dc957a259f7169a71f9d4307d831e4 samba4-common-4.0.0-66.el6_6.rc4.i686.rpm 8fbc8ab2a42720c7e00ca5a01ee8dfd250ffb773cd988b170eaccefb6ae92411 samba4-dc-4.0.0-66.el6_6.rc4.i686.rpm e284c5ea2d1e4eb2ec5959839a8c16b8f1752187b5b2c3e7ddfa9f1b9d19d61f samba4-dc-libs-4.0.0-66.el6_6.rc4.i686.rpm 4ad116ad815e9d42849d24b688a32deacf77072cc9ba56bed100d234b00795e7 samba4-devel-4.0.0-66.el6_6.rc4.i686.rpm 236a0fdbf428a1791641c6c5d0ca1a848ce6a6cd8c5f54afba80193cc4032ea6 samba4-libs-4.0.0-66.el6_6.rc4.i686.rpm be4763bee3d9286ba1f24b7c45b259a9977fbd4a8650366b59b0c0254512e232 samba4-pidl-4.0.0-66.el6_6.rc4.i686.rpm af7f9f6b15b2784bce7db824dfa1fc73118d770b766b098b8baafa2d900b4dc7 samba4-python-4.0.0-66.el6_6.rc4.i686.rpm 8ee1068d04cfc1444975dd1bf76547a967488207616685783a97940ee63805a5 samba4-swat-4.0.0-66.el6_6.rc4.i686.rpm 885fd63c7b9659b95a79c2bece7d8c6a141f712ab3132286ec312bd0acdb1e7b samba4-test-4.0.0-66.el6_6.rc4.i686.rpm 2f999fe21b086dfaced614fb70abc4d20974732a8c9330c9064fcaf4920a8344 samba4-winbind-4.0.0-66.el6_6.rc4.i686.rpm 91ad13df0940d332d4e0094158096a3e553586e0c0a4588e5575ee4e5063060a samba4-winbind-clients-4.0.0-66.el6_6.rc4.i686.rpm 9d50496c0c5370b6df15d1362b3630f2007c97fb889d6f4cfa0004483fa5f55d samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.i686.rpm x86_64: 5bd86d9cea51edc0e115f3be534af6a5234474340942c1166c1365b672a5fa81 samba4-4.0.0-66.el6_6.rc4.x86_64.rpm 3e59d105ad4146cc9a95164b7a3e7f3e2f2a4de7b7de93251e7a7b0e6d523ea7 samba4-client-4.0.0-66.el6_6.rc4.x86_64.rpm 751d8b48d4db18ea158848f0aef0111ffa6b764a4897f482a5347384f431b60a samba4-common-4.0.0-66.el6_6.rc4.x86_64.rpm d8113365d9e7c45a60f4b6686de135adc1cc51dc0277a3a21fca71cb068591ef samba4-dc-4.0.0-66.el6_6.rc4.x86_64.rpm 130e4445ae2e1d8c7c9bbcc341fb62d9dc2db71360bcc7eea31bd05807879d4a samba4-dc-libs-4.0.0-66.el6_6.rc4.x86_64.rpm 49466a31583629e48085a1b7f4ebd309760556dc34089b135ebd28da626024c0 samba4-devel-4.0.0-66.el6_6.rc4.x86_64.rpm 7e31280325c51e222963625dd0fdaf496e08be51ac884c0861f2def5a2b55d18 samba4-libs-4.0.0-66.el6_6.rc4.x86_64.rpm ca0c8b5c32820b49ad50efcd29bffec758465f89cff4b525e322b24d90ebadb8 samba4-pidl-4.0.0-66.el6_6.rc4.x86_64.rpm 71ced907834c077d17ee4e529c41057a96ad821d136b087bc3f90aa67af876c2 samba4-python-4.0.0-66.el6_6.rc4.x86_64.rpm d602b602ce3febc716efb948b495bff56267fe521b0d6f338eb2f54cc37ecd5a samba4-swat-4.0.0-66.el6_6.rc4.x86_64.rpm 7b87849d93ca8624b26b9d0c48afd1de9f82d048d5f0ef789965e9db7650e1df samba4-test-4.0.0-66.el6_6.rc4.x86_64.rpm ae80eead7a811265e4a01441a4696dc2e9d1c838edbc7f37749ea2e3d2e93dee samba4-winbind-4.0.0-66.el6_6.rc4.x86_64.rpm cb7e0946d977b0273f1920d2ad8622afe9e2cc70de220150ffcebef8f59d00a9 samba4-winbind-clients-4.0.0-66.el6_6.rc4.x86_64.rpm 5ab7957a835b5f6b2e1e4e469fdf759ddc0d00c0c5d718aa87ad9b15d20f0a6b samba4-winbind-krb5-locator-4.0.0-66.el6_6.rc4.x86_64.rpm Source: a5e01f21eed4408fe5c9c774d92b8e6ba66d4728cb0c92005f3d0a947729a96f samba4-4.0.0-66.el6_6.rc4.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2015:0252 Important CentOS 7 samba Security Update
CentOS Errata and Security Advisory 2015:0252 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0252.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 9087d932e6a4026e0a5946920296d37faa06592703683b7305ed230145520b20 libsmbclient-4.1.1-38.el7_0.i686.rpm 966514ea9b08a8eea938804bde0d37cc0b991bbe93f74a7b38daaced90a6ac99 libsmbclient-4.1.1-38.el7_0.x86_64.rpm ce8c82950790ca929f5b6cbc88419bceb6fae4647ea05d89480f67a1d0b53998 libsmbclient-devel-4.1.1-38.el7_0.i686.rpm 0cb68488638ea1080880541ba8a9eb102162451b5c8fd2758d52694eb48ac7bd libsmbclient-devel-4.1.1-38.el7_0.x86_64.rpm 1e44d2231a5680c4ea4d0894e11498dd5f48a514206c18e4f7a087ba7f389794 libwbclient-4.1.1-38.el7_0.i686.rpm 6bf7a113e1f723f537ed364a313b0f546e2a8bd94335270d6a0a67ed47429a60 libwbclient-4.1.1-38.el7_0.x86_64.rpm e8108ba4ffa59a1e11a3126f402d5bf67284df59d05a8d540f451d320cd5534b libwbclient-devel-4.1.1-38.el7_0.i686.rpm 0a2d2aafd4588e735ef389210abca164dd7be3950f4d43a5c51ffe1131c8134b libwbclient-devel-4.1.1-38.el7_0.x86_64.rpm 735bdda9c62a3527a048c8a65c7fae9c521b39563c24f9ba7b80af397c847fd7 samba-4.1.1-38.el7_0.x86_64.rpm 5a8e853368d2ed81c977b8d1383214487fe4af2d080a4feb728fefa53b34520b samba-client-4.1.1-38.el7_0.x86_64.rpm 5968a13985c8f27970edf0d37067a703d2c7092b8f548473f456bb4818905fb6 samba-common-4.1.1-38.el7_0.x86_64.rpm 63934256095cfc6f623b2702ec5af5d1cb656dd379d5c94e0e2529337076f6f0 samba-dc-4.1.1-38.el7_0.x86_64.rpm de13c6419cec02810b21750e45bb4a3378dc2e862ec41d7b983af7a0711f8e0f samba-dc-libs-4.1.1-38.el7_0.x86_64.rpm 8bb0ffe3565690d48ed6edb63a26f38aaa0d0206a7090c418950c3806330e8eb samba-devel-4.1.1-38.el7_0.i686.rpm ca0b206a63a7b5ef14694023f11d55cddefcdd2e5b81f566561aecc8153ad7ef samba-devel-4.1.1-38.el7_0.x86_64.rpm 6d383c28b0cf3afd3575ec272bf5b4e1d3186b2f742bf8d560a259a9e21b811f samba-libs-4.1.1-38.el7_0.i686.rpm b7ad1c2b059d44f549c5c516e6b6f233fa72f147e5964591d6b361d96511bbd2 samba-libs-4.1.1-38.el7_0.x86_64.rpm 2bad32437a07288bdfe4e32d1bbe395199e0484a001959c9a76c0f1f4d7a9a29 samba-pidl-4.1.1-38.el7_0.x86_64.rpm 4a462a154f2df99c92c91b32d7fb9f90028afb72bf183f80320082f60cce8395 samba-python-4.1.1-38.el7_0.x86_64.rpm 42a2b58bcf4ed5c58bdf421dcfb817a92bf21dc3523db4ba5330c2e9435ae83a samba-test-4.1.1-38.el7_0.x86_64.rpm 1c4f811d04297845329faf3014e9509918c973c8eb31731efc0c9f9caa5e51c1 samba-test-devel-4.1.1-38.el7_0.x86_64.rpm a452975a0a7f6a283da6f29f7e20b47695594a080baa66d92ccf7830428ffd3f samba-vfs-glusterfs-4.1.1-38.el7_0.x86_64.rpm 5ea4d820a1a88fd9be361618f73e126b4d9044c2f2ac46b67baf62fdf1c7e447 samba-winbind-4.1.1-38.el7_0.x86_64.rpm c3f06f953507dfcd2c2a34a12641813acbccc25bd7a93ffa44171c0b254e9aaa samba-winbind-clients-4.1.1-38.el7_0.x86_64.rpm a7c8f5c732c214ecd92482f171ac68e6b39f324ff78a1cb12ac50fe1be1f58ca samba-winbind-krb5-locator-4.1.1-38.el7_0.x86_64.rpm eb72206754c2570a6202721d29d8beb2a6d7e13ce30649a3b7d8b5fb3b747c87 samba-winbind-modules-4.1.1-38.el7_0.i686.rpm e4171a7a78365847bb7cf47077d23609a1fbc1fa50b0c8bb1ca602191a1a4e79 samba-winbind-modules-4.1.1-38.el7_0.x86_64.rpm Source: fa5f55a2000a3624256a251ab2004fa4231410890c8eb9f140b0feb504cb2513 samba-4.1.1-38.el7_0.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS] Replacement for NIS/NFS?
On Mon, Feb 23, 2015 at 11:22 AM, Niki Kovacs i...@microlinux.fr wrote: Hi, Over the last few years, I've been using a rather bone-headed solution to implement centralized authentication and roamin user profiles in Linux-based networks: a combination of NIS and NFS. I'm aware it's not ideal in terms of security, but it's been running in our local school since 2010, and it just works. The current setup is based on Slackware Linux on both server and desktop clients. Here's the relevant documentation (which I wrote): http://docs.slackware.com/howtos:network_services:roaming_profiles BTW, the first two years this solution worked perfectly with CentOS 5.x on the server and on the desktop clients. I'm currently migrating from Slackware to CentOS, and I'm looking for a business-grade replacement of this more or less obsolete configuration. I've read about various existing solutions, and I'm not quite sure in which direction to go from here: FreeIPA? 389 Directory Server? LDAP+LAM-Manager? Here's what I want: 1. Users should be manageable through a GUI, probably a web interface, so the client can create, manage and delete them eventually. 2. Home directories should be created/deleted automagically under the hood. 3. Every user should be able to login on any machines and find his or her files and preferences. What can you suggest? Is there some robust and well-documented solution that works more or less out of the box and doesn't make me jump through burning loops? I'm mainly using CentOS 7, but I'll also have to use CentOS 6.x since in our school we have some older hardware that won't run 7.x. IMHO, ldap(+kerberos) and nfsv4 with autofs should do the trick. You can tell NFSv4 to use kerberos not only to authenticate but also protect/encrypt the connection. Then, user logs in and homedir is automagically mounted. For ldap+kerberos in centos, freeipa might do what you want. It has a web-based gui and works rather well in centos. FYI freeip uses 389 directory server instead of openldap. Cheers from the sunny South of France, I haven't been in that corner of the world in ages. :( Niki Kovacs -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Replacement for NIS/NFS?
Hi, Over the last few years, I've been using a rather bone-headed solution to implement centralized authentication and roamin user profiles in Linux-based networks: a combination of NIS and NFS. I'm aware it's not ideal in terms of security, but it's been running in our local school since 2010, and it just works. The current setup is based on Slackware Linux on both server and desktop clients. Here's the relevant documentation (which I wrote): http://docs.slackware.com/howtos:network_services:roaming_profiles BTW, the first two years this solution worked perfectly with CentOS 5.x on the server and on the desktop clients. I'm currently migrating from Slackware to CentOS, and I'm looking for a business-grade replacement of this more or less obsolete configuration. I've read about various existing solutions, and I'm not quite sure in which direction to go from here: FreeIPA? 389 Directory Server? LDAP+LAM-Manager? Here's what I want: 1. Users should be manageable through a GUI, probably a web interface, so the client can create, manage and delete them eventually. 2. Home directories should be created/deleted automagically under the hood. 3. Every user should be able to login on any machines and find his or her files and preferences. What can you suggest? Is there some robust and well-documented solution that works more or less out of the box and doesn't make me jump through burning loops? I'm mainly using CentOS 7, but I'll also have to use CentOS 6.x since in our school we have some older hardware that won't run 7.x. Cheers from the sunny South of France, Niki Kovacs -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] pidgin on 6.6
Anyone out there using pidgin and jabber? Recently, there was a redo of the organization's jabber server, (probably a Windows thing), and suddenly, instead of my usernamte@address, I get username@address/looks like a socket id. For example, mine, after my username@jabberserver/f862437769a069c68119dc3068e2acbd5f0eaba6, so a line and a half of garbage. Any ideas? Googling isn't finding me anything... oh, and the tech on the other end, who's using Windows, isn't seeing that, he just sees username@jabberserver mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] lua-debuginfo for CentOS6?
Is there some reason http://debuginfo.centos.org/6/x86_64/ is missing a lua-debuginfo package? The /5/ and /7/ sections have it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pidgin on 6.6
On Mon, Feb 23, 2015 at 11:42 AM, m.r...@5-cent.us wrote: Anyone out there using pidgin and jabber? Recently, there was a redo of the organization's jabber server, (probably a Windows thing), and suddenly, instead of my usernamte@address, I get username@address/looks like a socket id. For example, mine, after my username@jabberserver/f862437769a069c68119dc3068e2acbd5f0eaba6, so a line and a half of garbage. That's a Resource ID most likely. If you do not want an auto-generated resource ID, you can set one in your account preferences. I prefer a static resource ID myself so I can set one as work, another for laptop, home or whatever. Not meant to be a replacement for a status message, but certainly helpful to know which resource/session is related to what device. Accounts Manage Accounts some_account Basic tab Resource field As to why your resource ID is so long, I don't know. I'm used to seeing them be say maybe 10 characters or so. What XMPP/Jabber server are you using? Any ideas? Googling isn't finding me anything... oh, and the tech on the other end, who's using Windows, isn't seeing that, he just sees That's probably just the way the client shows it. Is the Windows user also using Pidgin as their XMPP client? Any version difference and so forth? username@jabberserver mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Help with Driver Eth0
Dear Friends of the Community Here by I request some help, now Install Centos 5.0 in DELL 3020 one machine installation took correctly, but after installation I find that the network card that brings integrated computer does not recognize the eth0. 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 02) Subsystem: Giga-byte Technology Unknown device e000 Flags: bus master, fast devsel, latency 0, IRQ 50 I/O ports at b000 [size=256] Memory at e151 (64-bit, prefetchable) [size=4K] Memory at e150 (64-bit, prefetchable) [size=64K] [virtual] Expansion ROM at e152 [disabled] [size=64K] Capabilities: [40] Power Management version 3 Capabilities: [50] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable+ Capabilities: [70] Express Endpoint IRQ 1 Capabilities: [b0] MSI-X: Enable- Mask- TabSize=2 Capabilities: [d0] Vital Product Data Capabilities: [100] Advanced Error Reporting Capabilities: [140] Virtual Channel Capabilities: [160] Device Serial Number xx-xx-xx-xx-xx-xx-xx-xx I researched well into the problem in various forums, but the driver you need the equipment is Realtek RTL8111B / RTL8168B NIC. Someone may orient me well what I have to do to install the driver for usb Offline so ?? if you can clear regards *Kevin Mauricio Benavides Castro* *Integrador de Systemas* *Cel: +505 84478854 * *Skype: kevin.olpc.support* ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with Driver Eth0
Kevin Mauricio Benavides Castro wrote: Dear Friends of the Community Here by I request some help, now Install Centos 5.0 in First issue: why are you installing CentOS 5, and not 6, or 7? Second: why on *earth* are you doing 5.0, rather than the current 5.11? DELL 3020 one machine installation took correctly, but after installation I find that the network card that brings integrated computer does not recognize the eth0. 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B snip That looks like it's already got the correct driver. I researched well into the problem in various forums, but the driver you need the equipment is Realtek RTL8111B / RTL8168B NIC. Someone may orient me well what I have to do to install the driver for usb Offline so ?? if you can clear regards Sorry, install the driver for USB? Did you meant to install the driver from a flash drive, or install a USB driver? Please clarify. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with Driver Eth0
On February 23, 2015 2:50:18 PM EST, Kevin Mauricio Benavides Castro kmbc141...@gmail.com wrote: Dear Friends of the Community Here by I request some help, now Install Centos 5.0 in I hope you mean 5.10 here. Otherwise try the CentOS 5.11 installation media. -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lua-debuginfo for CentOS6?
There were some packages in the 6.0 time frame that had debuginfo packages lost. This seems to be one. On Feb 23, 2015 11:36 AM, Les Mikesell lesmikes...@gmail.com wrote: Is there some reason http://debuginfo.centos.org/6/x86_64/ is missing a lua-debuginfo package? The /5/ and /7/ sections have it. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with Driver Eth0
On 2/23/2015 11:50 AM, Kevin Mauricio Benavides Castro wrote: now Install Centos 5.0 why are you installing a completely unpatched release from 8 years ago?The updated/patched release of CentOS 5 is 5.11. also, EL 5 has a very short remaining life, its already off 'full support' as of Q1 2014, and in 'maintenance updates only', which will only last 2 more years (Q1 2017). Any new install now really should be CentOS 6 or 7. The RT8111 family of adapters are very common, I'd expect them to work with said updated release. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] Upgrading Xen 3 on SL 5 server with CentOS 5 and SL 5
On Sun, Feb 22, 2015 at 4:41 PM, Pasi Kärkkäinen pa...@iki.fi wrote: On Fri, Feb 20, 2015 at 10:07:54AM -0500, Nico Kadel-Garcia wrote: Sorry about the accidental bulky quoting! Boston public transit is still slow from storms, and I'm using my phone right now. Also, has Xen console access gotten any better for fully virtualized guests? I've just been forcibly reminded how awkward it was to access the Linux installation screens to manipulate kickstart setups. I haven't had problems accessing the graphical console of PV or HVM guests. I'm usually using virt-viewer to use the VNC console. -- Pasi I was referring to the TTY text console, the one that allows manipulation of boot options. It looks like it's still pretty awkward. Either way, I'm alive right now with fully virtualized CentOS 6 installations. I'd love to switch them to be paravirtualized for the performance benefits, especially since I can't do CD based installations of new hosts on para-virtualized setups, and I don't have a PXE server running for this setup. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Making systemd start a service after sshd?
On Feb 20, 2015, at 1:07 PM, Bryan Wright bk...@virginia.edu wrote: I put the original lightdm.service back to its pristine state, made /etc/systemd/system/display-manager.service a symlink to my modified lightdm.service file in /etc/systemd/system and rebooted, and things work as expected. Testing that it works on reboot is a good thing to test, but it is not the minimum necessary test. I wonder if you are forgetting “systemctl daemon-reload”? Unlike with SysV init, changes to /usr/lib/systemd/system don’t immediately take effect. You have to tell systemd to reload the configuration files when they change. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart with multiple eth devices
On 02/23/2015 05:34 PM, Ashley M. Kirchner wrote: I have a Dell server that has two built-in ethernet devices. When I kickstart the machine, they are correctly identified as eth0 and eth1 (correctly meaning they correspond to the physical device ports 1 and 2). I need a third one and want that to come up as eth2. After adding the hardware, kickstart now fails because for some reason it goes through a rename process where it makes the newly added card eth1 (or eth0, I forgot). Is there a way to stop this rename process so kickstart correctly uses the physical hardware the way they are, meaning physical port 1 = eth0, port 2 = eth1, and the additional ethernet card then becomes eth2? What version of CentOS are you trying to install? I would expect that a recent version would use the biosdevname interface naming scheme on a Dell server. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Consistent_Network_Device_Naming_Using_biosdevname.html -- Ian Pilcher arequip...@gmail.com I grew up before Mark Zuckerberg invented friendship ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart with multiple eth devices
On Feb 23, 2015, at 6:34 PM, Ashley M. Kirchner ash...@pcraft.com wrote: I have a Dell server that has two built-in ethernet devices. When I kickstart the machine, they are correctly identified as eth0 and eth1 (correctly meaning they correspond to the physical device ports 1 and 2). I need a third one and want that to come up as eth2. After adding the hardware, kickstart now fails because for some reason it goes through a rename process where it makes the newly added card eth1 (or eth0, I forgot). Is there a way to stop this rename process so kickstart correctly uses the physical hardware the way they are, meaning physical port 1 = eth0, port 2 = eth1, and the additional ethernet card then becomes eth2? Should I be using the device's MAC address when I set the 'network' option in the kickstart file? So instead of 'network --device=eth0' I make it 'network -device=aa;bb:cc:dd:eee:ff' ? kickstart has an option: ksdevice=bootif I think that'll let you accomplish what you are trying. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sssd - ldap host attribute ignored
On 02/23/2015 03:59 AM, Ulrich Hiller wrote: /etc/sssd/sssd.conf: [domain/default] access_provider = ldap ldap_access_filter = memberOf=ou=,o= ldap_access_order = host Because ldap_access_order doesn't include filter, ldap_access_filter will not be used. You can remove that. Aside from that, it would be helpful to see the entry for one of the users who can log in and should not be able to. Make sure you flush the cache before testing. /etc/ldap.conf: I don't think that file is relevant. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for NIS/NFS?
On 02/23/2015 08:22 AM, Niki Kovacs wrote: 1. Users should be manageable through a GUI, probably a web interface, so the client can create, manage and delete them eventually. FreeIPA is a good option, generally. As best I understand it, it's currently available in a Docker container for CentOS. http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos/ I haven't heard about more standard packaging, but that might come along later... 2. Home directories should be created/deleted automagically under the hood. You can use pam_mkhomedir to create them, but archiving or deleting home directories would be a manual process. 3. Every user should be able to login on any machines and find his or her files and preferences. You can continue using NFS for that. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart with multiple eth devices
Correction to my own post: I know it's not kickstart that's doing the renaming, it's the kernel that's booting up the system. On Feb 23, 2015 4:34 PM, Ashley M. Kirchner ash...@pcraft.com wrote: I have a Dell server that has two built-in ethernet devices. When I kickstart the machine, they are correctly identified as eth0 and eth1 (correctly meaning they correspond to the physical device ports 1 and 2). I need a third one and want that to come up as eth2. After adding the hardware, kickstart now fails because for some reason it goes through a rename process where it makes the newly added card eth1 (or eth0, I forgot). Is there a way to stop this rename process so kickstart correctly uses the physical hardware the way they are, meaning physical port 1 = eth0, port 2 = eth1, and the additional ethernet card then becomes eth2? Should I be using the device's MAC address when I set the 'network' option in the kickstart file? So instead of 'network --device=eth0' I make it 'network -device=aa;bb:cc:dd:eee:ff' ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart with multiple eth devices
6.6-x86_64 ... Keep in mind this is happening during the kickstart process. What I'm seeing is this: When the system first comes on, PXE kicks in and port 2 (or eth1) gets an IP from the network's dhcp and is configured properly. PXE grabs the necessary files to start installation. However, as soon as it the install image is uncompressed it does a rename on the devices and what should be eth3 is now configured as either eth0 or eth1 (I forgot which one) and what *should* be eth1 is effectively no longer configured. At that point kickstart stops because it can no longer fetch the kickstart file. I have to physically remove the additional ethernet card for it to work properly. On Mon, Feb 23, 2015 at 5:48 PM, Ian Pilcher arequip...@gmail.com wrote: On 02/23/2015 05:34 PM, Ashley M. Kirchner wrote: I have a Dell server that has two built-in ethernet devices. When I kickstart the machine, they are correctly identified as eth0 and eth1 (correctly meaning they correspond to the physical device ports 1 and 2). I need a third one and want that to come up as eth2. After adding the hardware, kickstart now fails because for some reason it goes through a rename process where it makes the newly added card eth1 (or eth0, I forgot). Is there a way to stop this rename process so kickstart correctly uses the physical hardware the way they are, meaning physical port 1 = eth0, port 2 = eth1, and the additional ethernet card then becomes eth2? What version of CentOS are you trying to install? I would expect that a recent version would use the biosdevname interface naming scheme on a Dell server. https://access.redhat.com/documentation/en-US/Red_Hat_ Enterprise_Linux/7/html/Networking_Guide/sec-Consistent_Network_Device_ Naming_Using_biosdevname.html -- Ian Pilcher arequip...@gmail.com I grew up before Mark Zuckerberg invented friendship ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Master - Slave Split DNS
Hi folks, After configure the iptables for masquerade the zone transfer traffic. I've found new issue, below the log on slave : zone domain.com/IN/external-view: serial number (2015022302) received from master 10.xx.xx.xx#53 ours (2015022303) The zone on the slave doesn't update. Thanks. On Fri, Feb 20, 2015 at 2:57 PM, Alexander Dalloz ad+li...@uni-x.org wrote: Am 20.02.2015 um 05:07 schrieb aditya hilman: 18-Feb-2015 09:00:59.176 notify: debug 2: zone domain.com/IN/external-view: notify to 202.xx.xx.xx#53 failed: timed out Can i redirect transfer zone the external-view using the local ip 10.xx.xx.xx ? That's just normal network handling: NATting / masquerading the RFC1918 address space for routing in the public address space. Nothing bind does itself. Thanks. Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Regards, Adit http://a http://simplyaddo.web.iddityahilman.com http://id.linkedin.com/in/adityahilman ym : science2rule ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] Video resolution for CentOS guest
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/02/15 11:11 PM, Robert Nichols wrote: Would someone please point me to some reasonably current instructions for getting greater than 1024x768 video resolution for a CentOS 6 guest on a CentOS 6 KVM/qemu host? When I search online I find stuff from 2009 and 2010 saying, For details see ..., and linking to a URL that no longer exists, or pages that say, You need to switch from VNC to Spice, and giving a long list of out-of-date instructions for doing so. (With virt-manager it takes 2 clicks to do that. Of course it doesn't help -- still maxes out at 1024x768.) I've found that I can just append vga=0x380 to the kernel command line and see Plymouth come up with the full graphical boot screen in the correct 1440x900 resolution, but as soon as gdm starts up, the display scrambles. I find suggestions to generate an xorg.conf file, but no mention of what to put in it. I can run Xorg -configure, but the resulting file contains nothing about video modes, so it's not apparent what needs to be added. I find it particularly annoying that a Windows 7 guest can set any resolution I want up to 2560x1600, but a Linux guest can't go higher than 1024x768. I played with this and found that, in fact, I had to switch the spice / qxl. With that change, I had no trouble pushing EL6 to much higher resolutions. - -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJU7APUAAoJECChztQA3mh0OCoP/jW8jmGWWVdIirc+4G+kvo+S LZrJxIxZVDfJHioICZink8JJOKm9m5k8k0FKB6YonoLNWOgk8HlHfTTzG9dToT/C Rk3oTrI8pDCsMwccngd0VSVR2EQtmzQBp/O/38JHPM0/VjKnum/I1NWli8g5Xoq2 Q1BqAbrYJ2SAhVht2G91DKsP/nPLq93hBU+UrJkhg5bi3aFCw/Da53v5G3oOZTfr 9qS0RoibthrrF2yCIiXW0kdsEtwk8m+RYFroKjGh/PWcYIKhJdU2Rn8a6gDwRYPg 90fVCYwrqir1HChWsYGc0q+p3DNh/0WmPHjbfbs5o66erD2MZkkm7tbyM8gTcl3F 03wKyhO8qoFcCcgbLRBDb/pYKMX3ChOw7b1RFrYah1xWlZCNAWaBCVYm7DUGMfrV zqb70dVEkUch6f+rVxEo6mrWlj4927Pnp9pefTJ6aVibLZZBA040cVCMTpAwpa7H VsR3QhCcwhOpsCdn0WRCZFJyWlGO88Ry5A0RMUHrceBh0wPdTPPDhMiSg1qTlqCT 0VtaBiYeLevEzoMqnqcRI/+wW0/ooJzp5KjkxjFVVVLqwpqNQkHhEMvUBNLuF5Ui 6O5pZSwFk4K1c5sgOfxWkGuvYjKYmUW/BlnsTpulOzHsOVcJwREUC+IrXIftytfI BJ+4n8EX52YmiORmmGRJ =SO1z -END PGP SIGNATURE- ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Replacement for NIS/NFS?
On 02/24/2015 01:15 AM, Gordon Messmer wrote: On 02/23/2015 08:22 AM, Niki Kovacs wrote: 1. Users should be manageable through a GUI, probably a web interface, so the client can create, manage and delete them eventually. FreeIPA is a good option, generally. As best I understand it, it's currently available in a Docker container for CentOS. http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos/ I haven't heard about more standard packaging, but that might come along later... ipa-server is available from the base repos in both EL6 (v3.0) and EL7 (v3.3). RHEL7.1 beta ships with version 4.1. EL6 clients are fully compatible with EL7 servers and vice versa. 2. Home directories should be created/deleted automagically under the hood. You can use pam_mkhomedir to create them, but archiving or deleting home directories would be a manual process. You should use pam_oddjob_mkhomedir for that, it requires fewer privileges and integrates nicely with SELinux. 3. Every user should be able to login on any machines and find his or her files and preferences. You can continue using NFS for that. FreeIPA also supports automount/autofs. You should check out the FreeIPA demo (v4.1): http://www.freeipa.org/page/Demo - Jitse ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] Video resolution for CentOS guest
Would someone please point me to some reasonably current instructions for getting greater than 1024x768 video resolution for a CentOS 6 guest on a CentOS 6 KVM/qemu host? When I search online I find stuff from 2009 and 2010 saying, For details see ..., and linking to a URL that no longer exists, or pages that say, You need to switch from VNC to Spice, and giving a long list of out-of-date instructions for doing so. (With virt-manager it takes 2 clicks to do that. Of course it doesn't help -- still maxes out at 1024x768.) I've found that I can just append vga=0x380 to the kernel command line and see Plymouth come up with the full graphical boot screen in the correct 1440x900 resolution, but as soon as gdm starts up, the display scrambles. I find suggestions to generate an xorg.conf file, but no mention of what to put in it. I can run Xorg -configure, but the resulting file contains nothing about video modes, so it's not apparent what needs to be added. I find it particularly annoying that a Windows 7 guest can set any resolution I want up to 2560x1600, but a Linux guest can't go higher than 1024x768. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Replacement for NIS/NFS?
+1 for freeipa. It is an extremely well integrated domain controller with a functionality similar to Microsoft Active Directory. I would highly recommend setting up an AWS Virtual Private Cloud or something similar and practice deploying freeipa a few times with a few clients. It takes some understanding of the caveats and implimentation before you will be able to deploy it successfully in a production environment. Good Luck! On 24 February 2015 at 01:40, Jitse Klomp jitsekl...@gmail.com wrote: On 02/24/2015 01:15 AM, Gordon Messmer wrote: On 02/23/2015 08:22 AM, Niki Kovacs wrote: 1. Users should be manageable through a GUI, probably a web interface, so the client can create, manage and delete them eventually. FreeIPA is a good option, generally. As best I understand it, it's currently available in a Docker container for CentOS. http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos/ I haven't heard about more standard packaging, but that might come along later... ipa-server is available from the base repos in both EL6 (v3.0) and EL7 (v3.3). RHEL7.1 beta ships with version 4.1. EL6 clients are fully compatible with EL7 servers and vice versa. 2. Home directories should be created/deleted automagically under the hood. You can use pam_mkhomedir to create them, but archiving or deleting home directories would be a manual process. You should use pam_oddjob_mkhomedir for that, it requires fewer privileges and integrates nicely with SELinux. 3. Every user should be able to login on any machines and find his or her files and preferences. You can continue using NFS for that. FreeIPA also supports automount/autofs. You should check out the FreeIPA demo (v4.1): http://www.freeipa.org/page/Demo - Jitse ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] Upgrading Xen 3 on SL 5 server with CentOS 5 and SL 5
On Sat, 2015-02-21 at 13:20 -0500, Nico Kadel-Garcia wrote: ... Following up: I've gotten full virtualization of CentOS 6 on an SL 5 Xen server by using the virt-install command and avoiding manual editing of /etc/xen/ config files. I've also been reminded, forcibly, of why I hated the /etc/xen directory. The lack of distinction between a /etc/xen/myserfer, the example files there, and any other unqualified files there as valid configation files means making safe backups of the files such as myserver.hvm or myserver.old quite painful. I wound up putting /etc/xen/ under git source control, just for tracking changes. I use virsh list --all to get currently defined VMs and virsh dumpxml vm name to get domain definitions. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] unable to umount
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Resent after apparent failure to deliver. On 22/02/15 14:51, J Martin Rushton wrote: On 22/02/15 14:19, Leon Fauster wrote: Hi, on an EL5 XEN DOM0 system I have following volume $ df -h /srv FilesystemSize Used Avail Use% Mounted on /dev/sdc1 917G 858G 60G 94% /srv that partition was used by virtual machines but they were all halted. service xendomains stop $ xm list Name ID Mem(MiB) VCPUs State Time(s) Domain-0 0 3000 2 r-695.1 $ service xend stop nothing is using the partition $ lsof |grep srv empty Run as root: # lsof +D /srv $ fuser -m /srv empty Again, run this as root. Compare (test example from my system): $ fuser -m /boot 2/dev/null | wc 0 44 264 # fuser -m /boot 2/dev/null | wc 0 2231338 That's 180 processes I'd miss as an ordinary user. $ fuser -km /srv empty but i can not umount /srv $ umount /srv umount: /srv: device is busy umount: /srv: device is busy I'm sure you've checked, but where is your PWD? what could keeping the device busy ... ? __ Thanks, LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJU67ZpAAoJEAF3yXsqtyBlTLQQAOMoky5ML5KW6MfXTlGotANY 5Z17guXZSh3tqqL6qA/FxZIP+W/LMMNMdWDcFi7cPj10xvH1wZuifKTnWWbqzS2q gwiwh0IvXC5tlw66RcogHo9lao/8+jc+z4zYM2iUeLEQmXd35oqgR8A/3B6UHekO pJFPoNQJl5CkHPb396+YjYgD0dLVYwOiqogs4XcVke7V7GssrsqXFplGMJerD5BB fswfWX7e/KewzwG0ehSanJX5LPEUm25HGG75w8kaMNB+WFCv9fp650yrkgVXYBIJ j5Ule7pggRqeUj7VzEBAvkaznI/qbD/ndZbjhVas/ppqt3dkTEYh0lLLvPci5ONv ka6t91DrdEOzXwbXFH+Fd6Fx0sZMB5gx0b1clsTopnuS2rPJ6otxooYyLRvWODx9 74gEKOv5ixtPP5mSJV6qFH8K/A5TCctP9F5nyvB4SBD4ZMjEBMJpyWJU+uCIWy1O 3QGVWR9vXvWmrrdryvI2fTO8I+mf1cjk8dOR/7ZJyxB4ZyzrB60Ff/0ikS9bKx96 Wzr4NgHF3N3fHgBiJlfE5l1X41KieM2Et87mLMiCfcSYc5dxMrfomYabJVNIStdG wEAy9szwGFr+iI6Ggul9PHyTXt3Jg48RKtTKPrCUWzWzak+nI92dVm00tFKt1a+3 GwFc5B0UVID8qI5nW8f2 =cWme -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Kickstart with multiple eth devices
I have a Dell server that has two built-in ethernet devices. When I kickstart the machine, they are correctly identified as eth0 and eth1 (correctly meaning they correspond to the physical device ports 1 and 2). I need a third one and want that to come up as eth2. After adding the hardware, kickstart now fails because for some reason it goes through a rename process where it makes the newly added card eth1 (or eth0, I forgot). Is there a way to stop this rename process so kickstart correctly uses the physical hardware the way they are, meaning physical port 1 = eth0, port 2 = eth1, and the additional ethernet card then becomes eth2? Should I be using the device's MAC address when I set the 'network' option in the kickstart file? So instead of 'network --device=eth0' I make it 'network -device=aa;bb:cc:dd:eee:ff' ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos