Re: [CentOS] CentOS 8 NIS
On 2020-04-12 21:49, John Pierce wrote: It appears that they just pasted a new name on an old horse. It's still LDAP. yes, its the standardized LDAP protocol... it is, however, a completely different implementation, so no, its not OpenLDAP, which is a specific implementation. Oh insert Deity here! This is going to take a semester of Computer Science to figure out. dscreate create-template creates a 9K file full of mostly obscure and unintelligible options. This where the hand holding I told you about comes into play. This is what I've got so far: config_version = 2 defaults = 9 The next option is full_machine_name which defaults to localhost.localdomain I need to give this machine a name other than localhost.localdomain. I guess that's my next bit of search engine exercise to learn how to do that without making a giant mess. I remember trying to do this with the last attempt at LDAP a year ago. It wasn't pretty and didn't turn out well. I guess that's my next step for tomorrow. I've got to go to bed if I'm going to be able to stay awake long enough to write any code at work tomorrow. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
On Sun, Apr 12, 2020 at 6:43 PM Mark LaPierre wrote: > On 2020-04-12 08:13, Jonathan Billings wrote: > > On Apr 12, 2020, at 05:47, Pete Biggs wrote: > >> There are other options than LDAP, and servers other than OpenLDAP, but > >> LDAP is the de facto standard. > > > > Unfortunately, OpenLDAP as a server is deprecated in C8, and isn’t > packaged anymore. Upstream they point customers to their directory > service, which is based on 389 directory service. > > > > Okay, I found > > https://directory.fedoraproject.org/docs/389ds/download.html. > > Thank you for the useful reply. > > It appears that they just pasted a new name on an old horse. It's still > LDAP. > > yes, its the standardized LDAP protocol... it is, however, a completely different implementation, so no, its not OpenLDAP, which is a specific implementation. -- -john r pierce recycling used bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
On 2020-04-12 08:13, Jonathan Billings wrote: On Apr 12, 2020, at 05:47, Pete Biggs wrote: There are other options than LDAP, and servers other than OpenLDAP, but LDAP is the de facto standard. Unfortunately, OpenLDAP as a server is deprecated in C8, and isn’t packaged anymore. Upstream they point customers to their directory service, which is based on 389 directory service. Okay, I found https://directory.fedoraproject.org/docs/389ds/download.html. Thank you for the useful reply. It appears that they just pasted a new name on an old horse. It's still LDAP. I'll follow the directions there. At least the directions say they are for CentOS 8.1+ I'll let you know what happens. I hope I don't end up having to reinstall to fix the mess this makes. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fail2ban firewalld problems with current CentOS 7
On 4/9/20 6:31 AM, Andreas Haumer wrote: ... I'm neither a fail2ban nor a SELinux expert, but it seems the standard fail2ban SELinux policy as provided by CentOS 7 is not sufficient anymore and the recent updates did not correctly update the required SELinux policies. I could report this as bug, but where does such a bugreport belong to in the first place? - andreas See https://bugzilla.redhat.com/show_bug.cgi?id=1777562 We're a bit stalled at the moment I'm afradi -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 https://www.nwra.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Display system logs in chroot ?
On 4/12/20 1:16 AM, kikinovak via CentOS wrote: In the meantime, I would be curious though : how*do* you read system logs in chroot ? As far as I know: the same way you do when you're not in a chroot. *Reading* logs doesn't seem to involve connecting to journald, so: less /var/log/messages (or another log file) journalctl ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
Dear P., NIS is out. Don’t ask me why. Ask the developer. On our cluster it is still in use, but for the next instance I must use LDAP or compile the packages by my self. Best wishes Andy > Am 12.04.2020 um 14:28 schrieb Pete Biggs : > > On Sun, 2020-04-12 at 08:13 -0400, Jonathan Billings wrote: >> On Apr 12, 2020, at 05:47, Pete Biggs wrote: >>> There are other options than LDAP, and servers other than OpenLDAP, but >>> LDAP is the de facto standard. >> >> Unfortunately, OpenLDAP as a server is deprecated in C8, and isn’t >> packaged anymore. Upstream they point customers to their directory >> service, which is based on 389 directory service. >> > Why on Earth is deprecated? I suppose they want people to use > FreeIPA, which is a bit of a steam-hammer-to-crack-wallnut type thing. > > P. > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
On Sun, 2020-04-12 at 08:13 -0400, Jonathan Billings wrote: > On Apr 12, 2020, at 05:47, Pete Biggs wrote: > > There are other options than LDAP, and servers other than OpenLDAP, but > > LDAP is the de facto standard. > > Unfortunately, OpenLDAP as a server is deprecated in C8, and isn’t > packaged anymore. Upstream they point customers to their directory > service, which is based on 389 directory service. > Why on Earth is deprecated? I suppose they want people to use FreeIPA, which is a bit of a steam-hammer-to-crack-wallnut type thing. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
On Apr 12, 2020, at 05:47, Pete Biggs wrote: > There are other options than LDAP, and servers other than OpenLDAP, but > LDAP is the de facto standard. Unfortunately, OpenLDAP as a server is deprecated in C8, and isn’t packaged anymore. Upstream they point customers to their directory service, which is based on 389 directory service. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
> Yes, let me validate Mr. Kovacs comment. I am aware of the shortcomings > of NIS in the area of security. Let me provide some information on the > topography of my network and my reasoning for choosing NIS/NFS. Perhaps > an alternative may be suggested to meet my needs without totally > confounding me when it comes to configuration. The good thing about YP/NIS is that it's simple - if all you want is for your clients to get user info it is ideal. Unfortunately it was designed in a time when passwords were hard to crack and "script kiddie" was a yet to be invented term. Some of my systems still use NIS+. but they are isolated and legacy. > > Now that I've bored you to tears, are there any suggestions as to what I > should use as a replacement for NIS/NFS for sharing and mounting of > /home directories on the other three machines on my network? Consider > that you are probably going to end up holding my hand in this endeavor > so choose something that you would want to configure and use. > I think your best bet is to see what's supported in sssd - that will at least give you some hope of getting some level of consistency. Pick something that takes your fancy and isn't too complex. TBH you are probably going to settle on some implementation of LDAP - probably OpenLDAP - yes, I know you've tried it before, but it should work. Configuring the clients to use LDAP via SSSD is not a problem; your issue is going to be setting up the LDAP server. It's a long time since I've done it so I'm not a person to hand hold, but your needs are simple and there will be plenty of tutorials and guides and how-to's out there to step you through the process. Once the LDAP server is setup you basically never have to touch it - all configuration is done through processes interacting with the server, including provisioning accounts and so on - even the initial configuration is done by talking to the server. There are other options than LDAP, and servers other than OpenLDAP, but LDAP is the de facto standard. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Display system logs in chroot ?
I'll answer that myself, since I just got to the root of the problem. I just got contacted by the hosting company, and they made a mistake. So tl;dr I just have to wait until things get back to normal. In the meantime, I would be curious though : how *do* you read system logs in chroot ? Cheers, Niki Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐ Original Message ‐‐‐ On Sunday, April 12, 2020 10:06 AM, kikinovak wrote: > Hi, > This morning my day began quite badly, since my main production server wasn't > responsive anymore. For public hosting I'm using a "Dedibox Pro" server at > the french provider Online that's recently been acquired by Scaleway. I'm > currently managing half a dozen public servers at that provider, all running > CentOS 7. > For debugging purposes, Online's web console enables you to boot the machine > into a live rescue system, in that case Ubuntu 18.04. > Once I managed to connect via SSH to the live system, here's what I did. > Mount the root partition : > # mount /dev/sda2 /mnt > Mount the /boot partition : > # mount /dev/sda1 /mnt/boot > Then : > # mount --rbind /proc /mnt/proc > # mount --rbind /dev /mnt/dev > # mount --rbind /sys /mnt/sys > And then I chroot into the system : > # chroot /mnt /bin/bash > I had networking in the chroot environment. I tried to disable a handful of > services like fail2ban and firewalld to begin with, but systemctl won't run > in a chroot. So what I did was simply remove everything related to fail2ban > and firewalld. > Next thing was to look at the system logs to know what went wrong on startup, > but I don't know how to do that from within a chroot. > Any suggestions? > Cheers, > Niki > PS : sorry for bad formatting. Since the unresponsive server is also running > all my mails, I had to setup a Protonmail account to post on this list. > > Sent with [ProtonMail](https://protonmail.com) Secure Email. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Display system logs in chroot ?
Hi, This morning my day began quite badly, since my main production server wasn't responsive anymore. For public hosting I'm using a "Dedibox Pro" server at the french provider Online that's recently been acquired by Scaleway. I'm currently managing half a dozen public servers at that provider, all running CentOS 7. For debugging purposes, Online's web console enables you to boot the machine into a live rescue system, in that case Ubuntu 18.04. Once I managed to connect via SSH to the live system, here's what I did. Mount the root partition : # mount /dev/sda2 /mnt Mount the /boot partition : # mount /dev/sda1 /mnt/boot Then : # mount --rbind /proc /mnt/proc # mount --rbind /dev /mnt/dev # mount --rbind /sys /mnt/sys And then I chroot into the system : # chroot /mnt /bin/bash I had networking in the chroot environment. I tried to disable a handful of services like fail2ban and firewalld to begin with, but systemctl won't run in a chroot. So what I did was simply remove everything related to fail2ban and firewalld. Next thing was to look at the system logs to know what went wrong on startup, but I don't know how to do that from within a chroot. Any suggestions? Cheers, Niki PS : sorry for bad formatting. Since the unresponsive server is also running all my mails, I had to setup a Protonmail account to post on this list. Sent with [ProtonMail](https://protonmail.com) Secure Email. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
