Re: [CentOS] Centos6 Migration glitch - Samba
On Mon, 8 Aug 2011, Craig White wrote: On Aug 8, 2011, at 12:46 PM, david wrote: Folks My experiments have shown that Samba behaves differently in Centos 5.6 and Centos 6 (updated). In Centos 5, service smb restart restarts both smb and nmb. In Centos 6, however, it restarts only smb. REMEDY: a) Make sure that both services running b) Issue chkconfig smb on chkconfig nmb on IS THIS THE DESIRED BEHAVIOR I have no idea if this difference is a bug or a feature, and leave it to others to determine that. feature - been that way in Fedora for many versions now. It is also that way in Centos 5 if you run samba3x. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up bare minimal CentOS VM
On Tue, 9 Aug 2011, Craig White wrote: On Aug 9, 2011, at 3:40 PM, John R Pierce wrote: On 08/09/11 3:10 PM, Rudi Ahlers wrote: Does anyone know where (if?) I can get a list of applications which gets installed with CentOS 6 if every option is deselected in the installer so that I can see what I can remove which isn't really necessary once installed? rpm -qa (after doing that minimal install) really isn't neccessary is highly subjective, noone else can make that call for you. sheesh... after doing that minimal install, you have a complete kickstart script written for you already... /root/anaconda-ks.cfg I can't believe that no one actually picked up on that In C6 this is very broken!! It is not useful. Sometimes it shows the packages that were installed and most of the time it does not. In addition, it does not even get the disk layout right. If I take what is in anaconda-ks.cfg and paste it into a kickstart file. It blows chunks. Sometimes I can figure out what is wrong but other times I cannot get it to work. I fought with a software raid 1 setup yesterday and never did get it to work. At some point I need to file a bug wrt this but I have not taken the time to do it yet. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] setting up bare minimal CentOS VM
On Tue, 9 Aug 2011, John R Pierce wrote: On 08/09/11 4:02 PM, Craig White wrote: you have a complete kickstart script written for you already... /root/anaconda-ks.cfg speaking of kickstart... I may need to setup a portable kickstart server for CentOS 6 , and I've never really messed with it... how do you supply the ks.cfg file when you're PXE booting and have no CD or floppy? is there a good how-to on setting up kickstart servers for EL6 ? redhat can't be serious when they say... http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-netboot-pxe-config.html 30.2. PXE Boot Configuration The next step is to copy the files necessary to start the installation to the tftp server so they can be found when the client requests them. The tftp server is usually the same server as the network server exporting the installation tree. (end of section) like, *WHAT* files?? does anyone PROOF READ this stuff ?!? (yeah, I know, this is upstream's problem, not CentOS...) You might want to look at https://fedorahosted.org/cobbler/ Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two Samba Servers and Rsync
On Tue, 9 Aug 2011, John R Pierce wrote: On 08/09/11 12:50 PM, Railic Njegos wrote: I plan to use rsync to sync data from second to first server. It is OK ? Any suggestion ? rsync doesn't much tolerate network glitches in my experience. its also a incremental file backup/copy, and won't be doing a 'snapshot' so if any of these files you're copying are things that are randomly updated like a database, its quite possible for the copy to be useless. as a backup strategy, having a single copy that you overwrite when you make a new copy is weak. you have no history, you can't recover the file that the user overwrote 2 days ago and forgot to tell you until today, as you just overwrote your backup with his mistake last night. There is also rdiff-backup if you need history. Of course it is not a perfect solution either. Any solution is going to have trade offs. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.0 and freenx
On Tue, 2 Aug 2011, Helmut Drodofsky wrote: Hi, http://wiki.centos.org/HowTos/FreeNX says: NX and FreeNX are only available for Centos 4 and 5 Alternative? I stopped using freenx when I found xrdp. yum install xrdp will do it. I find it much easier to setup and maintain. here is what the rpm says: Name : xrdp Arch : x86_64 Version: 0.5.0 Release: 0.13.el6 Size : 240 k Repo : epel Summary: Open source remote desktop protocol (RDP) server URL: http://xrdp.sourceforge.net/ License: GPLv2+ with exceptions Description: The goal of this project is to provide a fully functional Linux terminal : server, capable of accepting connections from rdesktop and Microsoft's own : terminal server / remote desktop clients. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anaconda install groups vs yumgroups?
Switching the list to centos as requested. On Tue, 12 Jul 2011, Marcus Moeller wrote: Hi. In looking at the C6 installer there are several types of installs listed. In the past I could do an install and anaconda would tell me what yumgroups it installed via the anaconda.cfg that was dropped in /root. with c6 anaconda still drops this file but none of the yumgroups are listed. Is there a way to determine what yumgroups a particular install group installs? For instance if I do a server install which groups actually get installed? I am thinking there is something in the anaconda source but so far I am unable to find it and Google is not useful. Is this info listed anywhere? This is driven by comps.xml. There is no magic behind. yum grouplist lists all available and installed groups (sorted) This does not appear to be true. If it was I would not have posted at all or maybe I am just confused. For example, in anaconda there is an install group called Minimal Desktop If I look in the comps.xml in the centos repo there is no such group. There is also a Minimal group that does not appear in comps. All I am trying to do is understand the relationship between the groups listed in anaconda and in comps.xml. Does anaconda use a different comps.xml? Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 CDs isos...
On Mon, 11 Jul 2011, John Doe wrote: Hey, just wondering if CentOS 6 CDs isos are also planned, or if there will be only the DVDs ones...? You might want to read the announcement @ http://www.centos.org? You will find the answer to your question there. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Where can I download centos 6
On Fri, 8 Jul 2011, Brian Mathis wrote: PLEASE STOP. WE DO NOT NEED THIS AGAIN, ESPECIALLY SO CLOSE TO RELEASE. +1 FWIW, traffic on the mirror list says C6 is being rsync'd to the external mirrors as I type this. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com -☙ Brian Mathis ❧- On Fri, Jul 8, 2011 at 5:48 PM, Ron Blizzard rb4cen...@gmail.com wrote: On Fri, Jul 8, 2011 at 3:59 PM, Steven Crothers steven.croth...@gmail.com wrote: Thankfully some good things have come of this complete disaster that is CentOS 6. * Scientific Linux 6 * Oracle Enterprise 6 (Which is free to download folks) * Clear-OS Core (Which is ran by a professional organization instead of a group if you're into that) Uh... Scientific Linux didn't come from CentOS. It's been in existence since 2004. Oracle Linux? Go for it, if supporting a parasitical, ungrateful corporation is your thing and if you like to pay for updates to them (I would just use Red Hat, if it were me). Clear-OS Core? Strange, I don't see its 6.0 version available for download yet. They've got an alpha out there, but it remains to be seen how will they'll rebuild Red Hat and how long their rebuilding project will last. I'm guessing they'll find it's a lot of work, go back to using CentOS and put their time back into their main product line. But we'll see. -- RonB -- Using CentOS 5.6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NTLM auth fails after upgrade to centos 5.6
Hi, I upgraded a working centos5.5 with squid using ntlm auth to centos 5.6 today. After doing so squid failed to authenticate. Downgrading samba3x to samba3x-3.3.8-0.52.el5_5.2 got things working again. In the squid config I have, auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp in the squid config and this was working until the upgrade. testparm shows no errors and the logs do not indicate a problem except that authentication fails. With samba3x-3.5.4-0.70.el5_6.1.x86_64 installed the following command fails: /usr/bin/ntlm_auth --username=myuser with the following error: [2011/06/09 10:21:19.538041, 2] winbindd/winbindd_pam.c:2001(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [mydomain]\[myuser] returned NT_STATUS_INVALID_HANDLE (PAM: 4) with samba3x-3.3.8-0.52.el5_5.2 I get the following: (indy pts3) # /usr/bin/ntlm_auth --username=myuser password: NT_STATUS_OK: Success (0x0) (indy pts3) # [2011/06/09 18:18:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(571) init_sam_from_ldap: Entry found for user: myuser [2011/06/09 18:18:30, 2] auth/auth.c:check_ntlm_password(308) check_ntlm_password: authentication for user [myuser] - [myuser] - [myuser] succeeded Has anyone else seen this behavior? Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Monitoring power consumption
On Wed, 13 Apr 2011, Peter Peltonen wrote: Hi, On Wed, Apr 13, 2011 at 6:11 PM, compdoc comp...@hotrodpc.com wrote: How about an external device? I own one of those killawatt devices. You can program in your local power cost, and it displays how much it actually costs to run the server. (along with lots of other info) An external device would be fine if I could somehow transfer the information to my centos server where I want to remotely access / process this information. Since killawatt was brought up, how about http://www.ladyada.net/make/tweetawatt/ Regards, Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.6 - SRPM's
Hi, On Sun, 10 Apr 2011, Kai Schaetzl wrote: Ljubomir Ljubojevic wrote on Sun, 10 Apr 2011 12:53:54 +0200: Just to be sure there is no misunderstanding. I add that line in any *.repo file in /etc/yum.repos.d/ folder, as an option for every repository definition in those files where repository has releases rpms. I don't understand the problem. If you edit a .repo file it is usually not overwritten, the new repo file is saved as .rpmnew. So, I think this creates only a problem in the case that you completely remove a .repo file. What am I misunderstanding? (Sorry for the pun, I think I'm mostly talking to Tom ;-) I cannot speak for the other Tom but in my case I rebuild the centos-release rpm and add my own repo files so that all of my machines pull from my local repos. Yes, I know that the modified repo files do not get overwritten but that does not help for new machines nor does it help when I change my local configuration. When I rebuild the centos-release rpm I actually modify it so that a new version of the rpm overwrites any existing .repo files. That way I know all of the machines under my control are only pulling updates I have approved and placed into my local repos. It would be nice if this srpm was released with the main distro. Rebuilding other packages can come later when all of the srpms are available but this particular package is important for me being able to update the machines. In fact I usually end up hacking up the first cut of the centos-release rpm for a new release based on the previous version (in this case 5.5) so that I can do my upgrades. It is not all that hard to do but it would be easier if I had the official srpm. Regards, -- Tom Diehl ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installing php-mcrypt
On Sun, 27 Mar 2011, Todd Cary wrote: It has been 6 years since I set up my Linux server and have hardly had to touch it in all of those years other than running yum update, so I ma rusty in some of the fine details (especially at 72). I located a source for the php-mcrypt rpm (php-mcrypt-5.1.6-15.el5.centos.1.i386.rpm), however, isn't there an easier method to get and install the appropriate rpm - other than downloading it then running rpm? And when should I use yum rather than rpm? For those of you that use Linux daily, these are very simple question, and for that please accept my apologies. How about yum install php-mcrypt? Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rssh / scponly
On Sun, 27 Mar 2011, Nico Kadel-Garcia wrote: On Sun, Mar 27, 2011 at 10:12 PM, Gregory P. Ennis po...@pomec.net wrote: Am 27.03.2011 um 22:57 schrieb John R Pierce: On 03/27/11 1:03 PM, Rainer Duffner wrote: If you use sftp, it can be chroot'ed by default (see man-page). (In reasonably recent version of sshd) I gather thats a sshd somewhat newer than the one included in CentOS 5 ? I don't know. ;-) I only used it in FreeBSD - but it's included there since at least 7.2. That was released in May 2009. OpenSSH 5.1p1 Looking, sshd in my latest CentOS shows v 4.6p2 rhel / centos contains openssh with backported chroot: rpm -q --changelog openssh-server | grep chroot - minimize chroot patch to be compatible with upstream (#522141) - tiny change in chroot sftp capability into openssh-server solve ls speed problem (#440240) - add chroot sftp capability into openssh-server (#440240) - enable the subprocess in chroot to send messages to system log Only by recompiling and backporting OpenSSH 5.x from RHEL 6, or by getting Centrify and their tools from www.centrify.com. Centrify also includes good tools for integration with Active Directory based authentication, very useful in a mixed environment where you don't have the political pull to get the AD administratiors in the same room to discuss how LDAP and Kerberos actually work and why Linux can cooperate with it. Being able to wave that magic commercially supported wand seems to help with those meetings, and it's actually a pretty good toolkit. The above appears to be wrong wrt to chrooting sftp on C5. According to https://bugzilla.redhat.com/show_bug.cgi?id=440240 and http://rhn.redhat.com/errata/RHSA-2009-1287.html the ability to chroot was backported into rhel/centos 5 back in 2009-09-02. In addition sshd_config(5) says the following: Subsystem Configures an external subsystem (e.g., file transfer daemon). Arguments should be a subsystem name and a command (with optional arguments) to execute upon subsystem request. The command sftp-server(8) implements the sftp file transfer subsystem. Alternately the name internal-sftp implements an in-process sftp server. This may simplify configurations using ChrootDirectory to force a different filesystem root on clients. By default no subsystems are defined. Note that this option applies to protocol version 2 only. http://undeadly.org/cgi?action=articlesid=20080220110039 might be useful in setting this up. Of course I could be wrong since I have not tried this yet but it is on my short list for this week. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mounting an external USB drive
On Fri, 25 Mar 2011, Todd Cary wrote: With Centos 5.5, my external USB drive appears to self mount in that the icon appears on the desktop and when I double click on it, the files are there. However, I recall that I need to make an entry in the fstab as well as some other changes. When I do a # /sbin/fdisk -l I learn that the device is /dev/sda1 and the system is HPFS/NTFS I am not sure what to enter into the file system table, fstab and if other entries/directories need to be made. If it is mounted, why would you need to make fstab entries? The system already knows enough to make it useful. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install source rpm on centos
On Sun, 13 Mar 2011, sync wrote: Hi to all. I'm having a problem with the rpm command on centos 5.5; I am used to recompile a source rpm with the following command: root@test ~: rpmbuild --rebuild pssh-1.2.2-1.rf.src.rpm Installing pssh-1.2.2-1.rf.src.rpm error: cannot create %sourcedir /home/test/rpm/SOURCES Just a guess but try creating the %sourcedir above. Most likely you will need other directories as well. You could also use mock but that will need to be setup as well. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Resize iscsi partitions?
Hi, I have a c5 machine with a 3ware controller in it that I am using for iscsi targets. The iscsi target is built on lvm. The client then sees it as /dev/sdb1. If I put a gpt partition on it and try to shrink it I loose the partition table. If I expand it gparted complains with the following warning: Not all of the space available to /dev/sda appears to be used, you can fix the GPT to use all of the space (an extra 70688768 blocks) or continue with the current setting? The data is still there but as the warning says I can fix the issue. I am wondering if there is a way to be able to both grow and shrink the gpt partitions on iscsi? The machine is not in production yet so at this time I am just experimenting so that when I have live data on it, I can be reasonably sure that I can resize the iscsi partitions without data loss. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos Installation on Multiple machines
On Wed, 24 Mar 2010, premr...@digilink.in wrote: Hi, I want to install customized centos on multiple systems. Can PXE boot do that ? Apart from this is there any other way of doing image copy of centos OS and installing it on several client machines through network. I used clonezilla, but after image cloning, i will again have to use the clonezilla LIVE CD on client machine to do a image restore. I want to make a clone of centos OS and store it in a server and keeping installing it on multiple machines with same hardware features from network. Is this possible ? You should look at https://fedorahosted.org/cobbler/ and kickstart. This will give repeatable automated installs over a variety of hardware. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to rebuild srpm from fedora....
On Sun, 31 Jan 2010, Tom Bishop wrote: So I am trying to rebuild this source rpm from fedora 10, shutter-0.85.1-1.fc10.src.rpm -its a screen capture application ( http://shutter-project.org/ ) that I have been unable to find in any repos, although it is in the fedora repos. Thought I would give it a go and try to rebuild the rpm, so here is the error that I am getting: + desktop-file-install --delete-original --dir /var/tmp/shutter-0.85.1-1-root-itsupport//usr/share/applications /var/tmp/shutter-0.85.1-1-root-itsupport//usr/share/applications/shutter.desktop Must specify the vendor namespace for these files with --vendor error: Bad exit status from /var/tmp/rpm-tmp.38313 (%install) Anyone have any tips or 2x4 :) to point me in the right direction I would appreciate it, thanks. Oh yeah, running centos 5.4 i386 arch, thanks again. As someone else said, at the very least you need to edit the spec to define a vendor. IMO the better way is to setup mock and use it to (re)build all of your rpms. That way you can for the most part, use the fedora specs out of the box. I have numerous rpms that are not found in CentOS that are in fedora. Most of them rebuild without modification in mock on CentOS. Hope this helps. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos-release srpm
Hi, Does anyone know where I can get centos-release-5-4.el5.centos.1.src.rpm? I have looked on several mirrors and that one seems to be MIA. Even Google does not seem to know where it is. I need it so I can rebuild it with my local yum repos in it. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos-release srpm
On Sat, 31 Oct 2009, Karanbir Singh wrote: On 10/31/2009 02:33 PM, Tom Diehl wrote: Hi, Does anyone know where I can get centos-release-5-4.el5.centos.1.src.rpm? there are a couple of srpms that are still pending out, I'll get these done over the weekend. Thanks!! Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 5.3 update do RHEL 5.3
On Sun, 7 Jun 2009, Albert wrote: Hi, If I now installed centos 5.3 and for 6 month I buying support from RHEL I can change 5.3 to rhel 5.3? It's possible? No. The versions for Centos are always higher then RHEL. Therefore unless the updates RHEL versions happen to be greater then the existing centos versions you will never get the updates. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos-release-5-3.el5.centos.1.src.rpm
On Wed, 8 Apr 2009, Jeff Fisher wrote: Hi, I'm just wondering when centos-release-5-3.el5.centos.1.src.rpm will be pushed out to the mirrors as it is currently missing. I just looked and it is at http://mirrors.kernel.org/centos/5.3/os/SRPMS/centos-release-5-3.el5.centos.1.src.rpm Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] 5.2-5.3 Xen upgrade weirdness
Hi, Has anyone tried upgrading xen domu's from 5.2 to 5.3? I just did a yum upgrade glibc yum upgrade yum. All appeared to go well but when I rebooted and tried to connect to the network, I could not. Looking at /etc/sysconfig/network-scripts I see that the that there is now an ifcfg-eth0 and an ifcfg-eth0.bak. ifcfg-eth0 now contains configuration for a dynamically configured interface and ifcfg-eth0.bak has the old static config information. In addition, the mac address of the interface has also been changed. I can put everything back but I would like to know if this behavior is deliberate? If so how do I revert whatever is making the changes so that this does not happen. I have software on some of my domu's that requires me to go get new license keys when mac addresses or ip addresses change. So far in my limited testing this only seems to happen on the domu. The dom0 seems to be OK, although I have not yet rebooted it. I did not see anything in the release notes. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.2-5.3 Xen upgrade weirdness
Hi Timo, On Wed, 1 Apr 2009, Timo Schoeler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thus Tom Diehl spake: | Hi, | | Has anyone tried upgrading xen domu's from 5.2 to 5.3? I just did a | yum upgrade glibc yum upgrade yum. All appeared to go well but when I | rebooted and tried to connect to the network, I could not. Looking at | /etc/sysconfig/network-scripts I see that the that there is now an ifcfg-eth0 | and an ifcfg-eth0.bak. ifcfg-eth0 now contains configuration for a dynamically | configured interface and ifcfg-eth0.bak has the old static config information. | | In addition, the mac address of the interface has also been changed. I can put | everything back but I would like to know if this behavior is deliberate? If so | how do I revert whatever is making the changes so that this does not happen. | I have software on some of my domu's that requires me to go get new license | keys when mac addresses or ip addresses change. | | So far in my limited testing this only seems to happen on the domu. The dom0 | seems to be OK, although I have not yet rebooted it. | | I did not see anything in the release notes. | | Regards, Hi Tom, you can nail the MAC addresses of the domU's in /etc/xen/auto/config-file: http://wiki.xensource.com/xenwiki/XenNetworking#head-d5446face7e308f577e5aee1c72cf9d156903722 (see 'Additional Notes', also). If not set here, they will change every reboot (create, destroy) of domU. I probably should have mentioned that I manage my domU's with cobbler and virt-manager. Doesn't everybody? :-) It hard codes the mac addresses in the config files when I setup the domU. Your reply did get me to look at the config file though and I see that the date stamp on the config file is from Dec. It looks like something else changed the mac address and the upgrade just made an ifcfg-eth0 file to match. Since this machine is a sandbox it does not run very much. It is possible I missed a previous change. FWIW, I just upgraded another domU and it went flawlessly. Sorry for the noise and thanks for the info. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lame server errors on my DNS server
Next time start a new thread instead of replying to another thread. On Sun, 8 Mar 2009, fabian dacunha wrote: Dear Sir, i m not a professional in DNS but have setup my DNS server with centos 5 running for almost a year ( before the same server had centos 4) and was working fine But just i receive a mail from ripe stating that my there r lame server errors on my DNS server i have bind ver 9.3 running the errors were Our checks revealed the following error(s) : Zone: xx.xx.xx.in-addr.arpa Nameserver: ns1.kmun.gov.kw (IP address unknown) Error: Unable to resolve nameserver Nameserver: ns2.kmun.gov.kw (IP address unknown) Error: Unable to resolve nameserver appreciate if someone could help me as to which file could have misconfiguration errors . You do not give enough info to help. If kumn.gov.kw is the domain we are talking about then go fix the errors shown here: http://www.intodns.com/kmun.gov.kw no file has been modifies for long time So that just means that it has been broken for a long time. :-) FWIW, a lame server means that it is not authoritative for the domain that you are requesting info for. Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Email/GroupWare Suite
On Fri, 9 Jan 2009, Kevin Thorpe wrote: Bo Lynch wrote: Just wanted to get some thoughts from the list. We are a public k-12 school and are looking to migrate to a groupware style system for out staff to collaborate better. Currently we are using Squirrelmail/postfix for email. Does anyone have any recommendations/opinions. Any input would be greatly appreciated. Thank you I would stick in a suggestion to look at Scalix. Not free at 300 users, but it does run nicely on CentOS. Integrates well with Outlook and has a very nice webmail front end. I would be careful with Scalix. My son used to work at a place where they went with Scalix for 300+ users. The day to day maintenance on it can be a real bear. When you have a real problem that requires support, Scalix support is less than helpful. He left that job for another but still keeps in touch with his old boss. The old boss has told him that due to the Scalix problems they are budgeting for replacing Scalix with Exchange. On the other side of the coin, when it works, it works well and integrates well with Outlook. It is just overly complex under the hood. FWIW, they had Scalix running for 3+ years. -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vim helpfile tag issues
On Tue, 16 Dec 2008, Filipe Brandenburger wrote: Hi, On Tue, Dec 16, 2008 at 22:12, Spiro Harvey sp...@knossos.net.nz wrote: Just wondering if anyone can replicate this issue if I try and access the help files direct (as root), such as :help tutor I get: If I press enter, it shows me what appears to be the output of a binary. This is a bug long known to me (I never bothered to open a bug report for it though). vim has a plug-in to open compressed files, however in compatible mode (which is the mode used when you call vi or if you don't have the alias set) the plug-in is not loaded, so it cannot open the helpfiles properly. Never found a good workaround other than using vim explicitely. I just set the alias. Yes I understand all of the don't work as root stuff but when you have to work as root you might as well have all of the best tools for the job. The easiest way to set the alias is to comment out the following 2 lines in /etc/profile.d/vim.sh #[ -x //usr/bin/id ] || return #[ `//usr/bin/id -u` -le 100 ] return They are lines 2 and 3 in the file as shipped by Red Hat and Centos. HTH, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: CentOS 5.2 with IBM SERVERAID 6i
Ralph Angenendt wrote: Fabian Arrotin wrote: If you use the hw raid, you can easily manager your raid array with either ipssend cli or ServeRAID manager gui (both are downloadable from IBM support website) Faultdetection sucks with that, but you can use ipmitool for that: [EMAIL PROTECTED] ~]# ipmitool sdr|grep Drive Drive 1 Status | 0x01 | ok Drive 2 Status | 0x01 | ok Drive 3 Status | Not Readable | ns Drive 4 Status | Not Readable | ns [EMAIL PROTECTED] ~]# I installed the OpenIPMI packages but when I run the above command I get the following: (geppetto pts5) # ipmitool sdr Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory Get Device ID command failed Unable to open SDR for reading (geppetto pts6) # rpm -qa | grep -i ipmi OpenIPMI-libs-2.0.6-6.el5 OpenIPMI-2.0.6-6.el5 OpenIPMI-tools-2.0.6-6.el5 (geppetto pts6) # lsmod | grep -i ipmi (geppetto pts6) # Is there something special that needs to be done to enable ipmitool? lsmod shows that none of the ipmi modules are loaded. Do I need some magic incantation in /etc/modules.conf or is there some other package I need? the machine is an ibm X3655 with C5 installed on it. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: CentOS 5.2 with IBM SERVERAID 6i
Ralph Angenendt wrote: Tom Diehl wrote: I installed the OpenIPMI packages but when I run the above command I get the following: (geppetto pts5) # ipmitool sdr Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory Get Device ID command failed Unable to open SDR for reading service ipmi start And turn it on: chkconfig ipmi on That will do it. I did not realize it was a daemon. DUH!! Thanks for the help. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] Re: how do I access an LV on a xen dom0?
On Tue, 23 Sep 2008, Luke S Crawford wrote: Tom Diehl [EMAIL PROTECTED] writes: Hi, I have a machine running several domU's. It has an LV that is currently mounted on dom0, that I would like to access from one of the domU's. If I umount the LV and remove it from the fstab on the dom0, is there a way I can mount it in one of the domU's? to do it live, the keywords you want are xm block-attach but hotplug doesn't always work. in that case you will need to put it in the xm config file as a phy:/ device and restart the DomU. YES!! That was the pointer I needed!! Thank You. I had actually figured out how to do most of this in virt-manager but I did not fully understand what I needed until I read the block-attach section of the xm man page. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] Re: Is there a way to save the routing table permanently?
On Tue, 19 Aug 2008, ABBAS KHAN wrote: I'm adding the default gateway to the route through route add default gw 10.10.10.10 which is also shown in route -n but the problem is that as soon as I restart the network through /etc/init.d/network restart; the route sets to default one...! SO, my question is there any way to save the modified route permanently by hardcoding the changes? There are several ways, actually. System-config-network is one way, or if like me you prefer to edit the config files by hand you can edit the files in /etc/sysconfig/network-scripts/ifcfg-eth* or the file /etc/sysconfig/network. There needs to be a GATEWAY= line in one of those files. If you have an existing GATEWAY line modify it to taste. If you have no default gateway I would suggest putting it in /etc/sysconfig/ifcfg-eth?. Where the ? corresponds to the interface that points to the gateway. Hope this helps. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: NetBSD on CentOS 5.2 Xen 3
On Wed, 13 Aug 2008, white list wrote: hi all good people, can someone direct me to a solution i get the following error # xm create -c vm03 Using config file ./vm03. Error: (2, 'Invalid kernel', 'xc_dom_compat_check: guest type xen-3.0-x86_32 not supported by xen kernel, sorry\n') Have you actually tried to solve this problem yourself? I know nothing about your problem but http://mail-index.netbsd.org/port-xen/2008/01/29/msg003223.html sounds a lot like what you describe. Hint, if you put, Error: (2, 'Invalid kernel', 'xc_dom_compat_check: guest type xen-3.0-x86_32 in google you might just get the info you need. Do not forget to include the quotes in your google search. Hope this helps. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: OT: [centos] open source inventory system with invoicing and serial no tracking
On Fri, 11 Jul 2008, david chong wrote: Dear All, Sorry, cause this is OT. I am asking this for my client, they hope to find a simple open source web base software with invoicing and serial no tracking, preferably if can generate continuous serial no by its own. Look at http://www.sql-ledger.com. I am not sure about the serial numberi generation part but it rusn on a web server, does inventory and invoicing and is licensed under the GPL. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: kernels and irc
On Thu, 5 Jun 2008, James Bunnell wrote: On Thu, 2008-06-05 at 18:36 +0200, Ralph Angenendt wrote: James Bunnell wrote: On Thu, 2008-06-05 at 17:00 +0100, Anne Wilson wrote: On May 22 it was estimated that it would take 3 weeks. Did you really need an update on that? i only asked. an answer such as what was given here earlier would have sufficed. is that so hard? But it is the same answer you already had! ok, let's look at this differently. if i were looking for a answer to these things from a standpoint of wanting to help, or pointing out something that may be perceived differently somewhere else such as the 'well they are updating 3-4, why not 5'...how is that to be construed? i think that deserves more than an aggressive response such as what happened on irc. Not for nothin but I thought about 200 messages ago you said you were done? PLEASE do not answer that. Silence would be the best answer. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: samba question
On Fri, 23 May 2008, Dennis McLeod wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David chong Sent: Thursday, May 22, 2008 3:21 AM To: CentOS mailing list Subject: [CentOS] samba question Hi, I am running Centos5.1, trying to configure samba now. I am quite new in this area and hope help from the list. I could not connect to it from a windows xp pc You should really look into the Samba Mailing list.. https://lists.samba.org/mailman/listinfo/samba I only use two mailing lists (Linux that is...) Centos and Samba.. Following your thread, you likely need to add the server to the hosts and lmhosts files on your XP boxes, as was already mentioned Or simply fix DNS. If your DNS is broken, it will cause all kinds of problems. Maintaining hosts or lmhosts files for more than 1 or 2 machines is insanity. Setting up an internal DNS server is trivial compared to setting up samba. I would suggest you take the time to learn how. Hope this helps. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: clustered mail server?
On Sun, 18 May 2008, Guy Boisvert wrote: Ruslan Sivak wrote: David G. Mackay wrote: I'm not sure why nobody has asked this yet, but why not try hosted GMail instead? It's free and you can use it with your domain name. We currently run a linux based mail server, but are thinking of migrating over to hosted GMail, and have one so for a few clients already with no problems. Russ Well, i just hope you don't have anything secret or sensitive... With their search power, it's very easy to automate the info harvesting! If you are sending secret or sensitive information via unencrypted email you already have a bigger problem then weather or not google is harvesting info. Email by design is insecure. Why anyone would believe otherwise is unclear to me. If you are encrypting it than I would argue that it does not matter if google tries to harvest information from it. Regards, Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: OT: YUM, RPM and PGP keys
On Mon, 12 May 2008, Cliff Nadler wrote: on 5-12-2008 5:54 AM Jason Pyeron spake the following: -Original Message- Behalf Of Ralph Angenendt Jason Pyeron wrote: I was just about to ask the same, but for packages I just rolled. Is there a cmd line swith or env var? Why not sign packages you roll? It really isn't that hard. RPM does have It's a throw away project on a throwaway vm instance. issues with large keys, though - Key on the top1000 list aren't usable :) - I think 64kb is the maximum size. And: Setting gpgcheck to 0 in yum.conf should disable global gpg checking, you can turn it on for each repository in the .repo files under /etc/yum.repos.d/. So the choice of how you shoot yourself in the foot with unsigned packages is up to you :) But there are no (temporary) options from the command line? I haven't found any. Something like --nosign or --ignore-nokey would be great. I generally copy /etc/yum.conf to /etc/yum.localinstall.conf and change the gpgcheck flag to 0, then use yum -c /etc/yum.localinstall.conf localinstall package to install any unsigned packages. I've only used it with packages from a know good source (mostly locally built). Ummm, from the yum man page: --nogpgcheck Run with gpg signature checking disabled. Configuration Option: gpgcheck Does that do what you want? Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: FOSS Inventory Managment and Invoicing Application
On Thu, 8 May 2008, Joseph L. Casale wrote: I am trying to help a small shop migrate off an old DOS sales application and was hoping to find a Linux alternative. Anyone have any experience with these types of applications, it would likely be a 2-3 user setup. Not sure what you mean by invoicing application but sql-ledger http://sql-ledger.org/ and its fork Ledger-SMB http://www.ledgersmb.org/node/8 will do inventory and double entry accounting, including invoicing. Both are GPL but the documentation and support for sql-ledger is by subscription only. I have never actually used Ledger-SMB but it was forked from sql-ledger as a result of a religious war between the Ledger-SMB people the sql-ledger author [1]. I have used sql-ledger for the past 4 years. It is not perfect and I do pay for support because I think the documnetation available for it is better then what was available for Ledger-SMB the last time I looked. I need someone to ping on when I get into a bind with the program. Fortunately now days I rarely have problems I cannot resolve myself but I have needed this support in the past and Dieter was very responsive and helpful. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] 1. I know there are people here who are VERY familiar with the actual situation. PLEASE do not turn this thread into LedgerSMB is better than sql-ledger flame fest. Google has the details and if one needs more info the mailing lists for each program is a better place to ask constructive questions. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: SSl Certificate problem (SOLVED)
Hi Michel, On Sat, 29 Mar 2008, Michel van Deventer wrote: Hi Tom, the location of SSL certificates changed from C4 to C5, certificates are located in /etc/pki/tls on C5. Apache is also a newer version on C5 (2.2 , 2.0 in C4). You should check your configs manually and change them accordingly. I can help you if you post your C4 config. Thanks for the offer. I figured out the problem after a few more hours. A while back I was trying to get Koji working on the same machine but I never succeeded. I gave up on it but forgot to nuke the broken ssl configs. Once I nuked the broken Koji configs, the ssl enabled virtual hosts started working. It turns out that with the exception of the ssl cert locations, the same settings I used on the C4 box will also work on the C5 box. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] Regards, Michel van Deventer On Fri, 2008-03-28 at 18:37 -0400, Tom Diehl wrote: Hi, I have a c4 server that I am trying to migrate an ssl site over to a new C5 machine with all of the updates. The certificate is an equifax cert and works as advertised on the C4 server. When I move it over to the C5 machine I get error in firefox that says error code -12227 which http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says is an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means that SSL peer was unable to negotiate an acceptable set of security parameters. If I try to open the site in IE, it prompts for a client certificate. This fails because I am not using client certs. In the apache config for ssl.conf I have SSLVerifyClient none. I have also tried setting it to optional with the same results. In the past moving these sites to a different machine was as simple as copying the certs and the config files over to the new machine, reloading httpd and everyting just worked. Is there something different about ssl on C5? Does anyone know a good way to troubleshoot this. Google and the docs are not helping. What am I missing? Regards, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SSl Certificate problem
Hi, I have a c4 server that I am trying to migrate an ssl site over to a new C5 machine with all of the updates. The certificate is an equifax cert and works as advertised on the C4 server. When I move it over to the C5 machine I get error in firefox that says error code -12227 which http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html says is an SSL_ERROR_HANDSHAKE_FAILURE_ALERT. In addition it says that this means that SSL peer was unable to negotiate an acceptable set of security parameters. If I try to open the site in IE, it prompts for a client certificate. This fails because I am not using client certs. In the apache config for ssl.conf I have SSLVerifyClient none. I have also tried setting it to optional with the same results. In the past moving these sites to a different machine was as simple as copying the certs and the config files over to the new machine, reloading httpd and everyting just worked. Is there something different about ssl on C5? Does anyone know a good way to troubleshoot this. Google and the docs are not helping. What am I missing? Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Colors in vi for user root
On Fri, 7 Mar 2008, Mário Gamito wrote: Hi, How can I have vi with syntax hilghting for root ? Regular users have it, but not root's. I've seen the hidden files of a regular user home, but found nothing. In /etc/profile.d/vim.sh, comment out the line which contains the following: [ `//usr/bin/id -u` -le 100 ] return In my version, it is line 3. Logout and log back in and presto you have colors, assuming you have the proper packages installed. Make sure you understand the implications of doing this before you do this. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Backport uncertainty
On Wed, 13 Feb 2008, Erek Dyskant wrote: On Wed, 2008-02-13 at 12:54 -0700, Joseph L. Casale wrote: I need to know of my version of Postfix supports a feature, given rh version numbers donÿÿt really tell you much I was trying to find an errata on postfix or anything to let me know the real version of it. For the most part if it's a feature it's not added, and if it's a bug/security issue it is. How does one deal with this scenario? Is there a source of info to determine this info? The way that I'd do it is download the srpm, and read the spec file's changelog. Also, looking at the upstream's errata for postfix may tell you. Instead of downloading the srpm why not just run rpm -q --changelog postfix | less and read that? If the rpm is not installed, do rpm -qp --changelog /path/to/postfix-blah.rpm | less Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Centos 5 on i586
On Fri, 8 Feb 2008, MHR wrote: On Feb 8, 2008 1:19 PM, Ralph Angenendt [EMAIL PROTECTED] wrote: I don't think so. i586 (ViA C5/6, AMD K-III) won't even run an i686 kernel - and definitely no 64bit kernel. Correct - my mistake (see? I do that...). Is this what you are talking about: (hepa pts0) # cat /proc/cpuinfo processor : 0 vendor_id : CentaurHauls cpu family : 6 model : 9 model name : VIA Nehemiah stepping: 5 cpu MHz : 1002.292 cache size : 64 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu de pse tsc msr cx8 mtrr pge cmov mmx fxsr sse up rng rng_en bogomips: 2005.94 (hepa pts0) # CentOS release 5 (Final) (hepa pts0) # rpm -qa | grep release centos-release-5-0.0.el5.centos.2 centos-release-notes-5.1.0-2 epel-release-5-2 centos-release-notes-5.0.0-2 centos-release-5-1.0.el5.centos.1 rpmforge-release-0.3.6-1.el5.rf (hepa pts0) # uname -a Linux hepa 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 00:45:16 EST 2007 i686 i686 i386 GNU/Linux (hepa pts0) # If this is what you are talking about, I have to tell you, C5 runs on these better than I could ever get C4 or C3 to run. They have been rock solid and I am using a flash card for the disk mounted noatime. The box is one of those mini-itx things. C4 and C3 would randomly panic. Usually within the first 24 hours. If this is not what you are talking about, feel free to ignore me. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: using nfs in kickstart post section
On Fri, 8 Feb 2008, Jerry Geis wrote: I am trying to mount an nfs drive in the post kickstart section. I am getting an error on service nfs start about cannot register service RPC What do I need to start first? Make sure the nfs-utils package and any other packages needed for nfs to work are installed before you get to %post. I do not remember needing to worry about this in C4 and earlier but it bit me when I did my first kickstart install of C5. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Definitive HowTo for CENTOS 5 Winbind - Samba - Active Directory Integration
On Mon, 21 Jan 2008, Christopher Butler wrote: Hi all, I have been out of the linux / unix loop for a good three years now, and a lot has changed.. I have a windows 2003 server on my home office lan as my domain controller. I would like to know if there is a good how-to that applies to Centos5 to achieve the following: Joining the centos machine to the AD domain (I believe I have done this already) Sharing files from it using the AD user object credentials (don't know how to do this yet, using system-config-samba-1.2.39, it does not show the domain users yet) Allowing login to centos using ssh or NX client (got the NX client working for root user and a local tesuser) using the DOMAIN\windowsusername credentials Correct configuration of the pam related files etc so that centos automatically creates and populates a user home directory for any first time logins I found the following article: http://www.nixadmins.net/modules.php?page=0%2C0 http://www.nixadmins.net/modules.php?page=0%2C0name=Newsfile=articlesid= 14 name=Newsfile=articlesid=14 You might want to look at samba.org. In particular http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ and http://us4.samba.org/samba/docs/man/Samba-Guide/ They will tell you more than you ever wanted to know. But I am a bit wary of editing files that I don't fully understand yet. Make a copy of any files you are going to edit BEFORE you edit them. That way if you make a mistake you can revert the changes. I installed CENTOS5 with just about every option enabled, all the services, so they should all be there already, I just need to configure them without breaking anything. It is not really a good idea to have everything enabled. You could be creating security problems down the road if you have services enabled that you do not need. HTH, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Out of disk space at 2 GB?
On Sun, 13 Jan 2008, Sean Carolan wrote: Scott Ehrlich wrote: On an ext3 filesystem, what would cause the system to claim it is out of disk space for a program writing information to disk, when df -h shows ample GB available and the file is being written to local disk rather than an nfs-mounted filesystem? Are you out of inodes?? df -i to see Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Firewall frustration
On Mon, 31 Dec 2007, Robert Moskowitz wrote: Well FWbuilder is NOT easy. I disagree but to each his own. The documentation does not match the current GUI. I have not looked at the docs lately, but Vadam used to be pretty good at keeping the docs updated. There is also a mailing list you can subscribe to. As long as you ask intelligent questions you will usually get good answers. Now the box is locked up. I will have to pull it again, hook it up to a kybd/VGA and reset iptables To prevent that in the future set the managment ip address on the firewall object. That way fwbuilder will always allow ssh access from that machine no matter how bad you hose the rules. Keep in mind that any of the firewall managment systems mentioned can/will also lock you out if misconfigured. Maybe Shoreline with webmin Problem is I want a REAL router/firewall with little work. Both public and private nets have routable addresses. No NATing for me! I just help write the RFC ;) And all the templates for fwbuilder want you to be using NATing. Perhaps I should just set up another Astaro firewall. I have been using Astaro since v3, so I am comfortable with it Why reinvent the wheel? Use what you are comfortable with. For me that is fwbuilder but for you that sounds like it is Astaro. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: CentOS-5 Need Help With Serial Ports
On Sat, 22 Dec 2007, James B. Byrne wrote: First stupid question by me :D 1. Do you really need to be running xen? (ie, are you doing a DomU also on that machine) If not, boot the real kernel and you will be set :D There are no silly questions, only silly walks No. I do not require, or desire, a Xen VM or HVM machine. This is what the install of CentOS-5 from CD gave me and as far as I can recall I did not have an option to do otherwise. I will gladly boot to the real kernel to bypass this nonsense if some kind soul will tell me how to do this. I do not see any non-xen images in /boot, how do I get them? Most likely yum install kernel will get you a regular kernel. If you do yum list kernel\* you will see a list of all of the available kernel packages. From there you can pick the one you want. Once you have the regular kernel running I would do yum erase kernel-xen if you are not going to use the xen stuff. Warning, only erase the xen kernel AFTER you have the machine running the normal kernel, otherwise you will have a machine that will not boot. In addition you should edit /etc/grub.conf to make the normal kernel the default. That way you will not have to select it each time you reboot. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Torrent: reminder to use it folks!
On Mon, 17 Dec 2007, Kenneth Porter wrote: On Monday, December 17, 2007 7:05 PM -0800 Robert Arkiletian [EMAIL PROTECTED] wrote: Also don't forget that many mirrors offer rsync. If you rename your 5.0 DVD to the 5.1 version and do an rsync it will save lots of bandwidth. That surprises me. Won't similar RPM's in the two images likely be at different offsets in the iso? Can rsync deal with that? I didn't realize it could handle shifted differences. Rsync has no concept of the contents of files within an iso. It only knows about blocks of data. Rsync is real good at fixing/updating iso's. It will only transfer the blocks of data that have changed. Typically you get a large bandwidth savings when using a previous iso as a seed. Just make sure you get the name correct AND you do not abort the download midstream. If you abort the download midstream rsync will delete your seed iso and leave you with whatever it has succeeded in downloading and running a checksum against. If you are really curious about all of this magic have a look here: http://rsync.samba.org/how-rsync-works.html Most people do not realize just how cool rsync is. Hope this helps. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: ****Re: [CentOS] CentOS 5 and removing sendmail
On Sun, 2 Dec 2007, Joseph L. Casale wrote: pls try rpm -e sendmail --nodeps sounds like an easy way to kill a perfectly good running server Craig Lol, boy oh boy, am I in for long journey ;) What is it you are trying to accomplish? --nodeps is almost always the WRONG answer. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Boot Log Problems
On Sun, 28 Oct 2007, Robert Slade wrote: On Sun, 2007-10-28 at 16:33 +0100, Alain Spineux wrote: On 10/28/07, Robert Slade [EMAIL PROTECTED] wrote: On Sun, 2007-10-28 at 13:02 +0100, Alain Spineux wrote: I have this in my syslog.conf : # Save boot messages also to boot.log local7.* Mine says: # Save boot messages also to boot.log local7.*/var/log/boot.log Yes my cutpaste was a little lazy ! But did you check dmesg for kernel messages ? regards dmesg only lists messages from prior to update too :-(. dmesg display the kernel internal buffer. It should be emptied when rebooting ! It is impossible to see messages prior the last reboot ! What about your other log file ? /var/log/messages is filled normaly ? Thanks for the reply Rob On 10/28/07, Robert Slade [EMAIL PROTECTED] wrote: Hi, I have just updated from CentOS 4 to 5 and I am seeing a problem with udev during booting, but I am unable to track it down as it looks like the boot.log is not working. The file is there but empty and the previous log only lists events up to the point at which I upgraded. syslog.conf looks ok to me in so much as there is an entry pointing to /var/log/boot.log. Any suggestions as to what I should be looking at? Rob Both dmesg and boot.log do not have any entries from before the update. /var/log/messages appears to have normal entries ie from today but there are no error messages. I have checked syslog it is running Just a thought, rpm -V sysklogd. See what you get. Also have you run ckrootkit or similar on the machine? I know you said this started after an update and most likely you are correct but it is just a thought. You never know what kind of coincidence you might run into. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] self signed ssl cert on C5
Hi, Does anyone have a pointer to correct documantation for generating and installing a self signed ssl cert for use on httpd on a C-5 machine? The docs say to use genkey but AFAIK upstream rm'd crypto-utils from the distro and as such it is not available. I tried generating the cert on a C-4 machine using genkey and installing on the C-5 machine but I get the following error when I try to connect: [Thu Oct 25 12:48:03 2007] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client certificate B [Thu Oct 25 12:48:03 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Oct 25 12:48:03 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Oct 25 12:48:03 2007] [info] [client 192.168.0.25] SSL library error 1 in handshake (server roadrunner.tntechs.com:443) [Thu Oct 25 12:48:03 2007] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:func(137):reason(199) [Thu Oct 25 12:48:03 2007] [info] [client 192.168.0.25] Connection closed to child 0 with abortive shutdown (server roadrunner.tntechs.com:443) Can anyone tell me where I am going wrong here? Google is not being helpful and I am getting frustrated. I wish I better understood open ssl. :-( Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: self signed ssl cert on C5
On Thu, 25 Oct 2007, Brian Mathis wrote: On 10/25/07, Tom Diehl [EMAIL PROTECTED] wrote: Hi, Does anyone have a pointer to correct documentation for generating and installing a self signed ssl cert for use on httpd on a C-5 machine? The docs say to use genkey but AFAIK upstream rm'd crypto-utils from the distro and as such it is not available. I tried generating the cert on a C-4 machine using genkey and installing on the C-5 machine but I get the following error when I try to connect: [...] Can anyone tell me where I am going wrong here? Google is not being helpful and I am getting frustrated. I wish I better understood open ssl. :-( Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] You might find a bunch of guides online that give you ways to do it using openssl, but C5 has a Makefile already set up to do this for you. Steps: 1. cd /etc/pki/tls/certs 2. make testcert 3. restart apache The default ssl.conf file points to the localhost.* files that are generated by this command. Ok, So I changed the Makefile from localhost to match the actual hostname of the machine. I then ran make testcert as suggested above and answered the questions as appropriate. It then generated the cert without errors. I then modified ssl.conf to point to the .key file and the .crt file, restarted apache. Everything looked OK in the logs. I then pointed a browser at the machine and I got the following errors in the ssl error log: [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client certificate B [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Oct 25 14:31:25 2007] [info] [client 192.168.0.3] SSL library error 1 in handshake (server roadrunner.example.com:443) [Thu Oct 25 14:31:25 2007] [info] SSL Library Error: 336105671 error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate No CAs known to server for verification? [Thu Oct 25 14:31:25 2007] [info] [client 192.168.0.3] Connection closed to child 0 with abortive shutdown (server roadrunner.example.com:443) In addition I catted the key and crt together to make a .pem and ran verify on the cert. I got the following output: (roadrunner pts1) # openssl verify roadrunner.example.com.pem roadrunner.example.com.pem: /C=US/ST=Pennsylvania/L=Mytown/O=TN Techs LLC/CN=roadrunner.example.com/[EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate OK (roadrunner pts1) # Am I correct that the above error is normal for a self signed cert? Obviously I am missing something. Can anyone point me at a solution to this problem? Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: self signed ssl cert on C5
On Thu, 25 Oct 2007, Paul Heinlein wrote: On Thu, 25 Oct 2007, Tom Diehl wrote: Ok, So I changed the Makefile from localhost to match the actual hostname of the machine. I then ran make testcert as suggested above and answered the questions as appropriate. It then generated the cert without errors. I then modified ssl.conf to point to the .key file and the .crt file, restarted apache. Everything looked OK in the logs. I then pointed a browser at the machine and I got the following errors in the ssl error log: [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSLv3 read client certificate B [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B [Thu Oct 25 14:31:25 2007] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client certificate B Is SELinux enabled? Does your cert have the correct security context type (probably httpd_config_t)? I set SELinux to permissive to be sure it was out of the way before I posted. In addition the context on the certs is root:object_r:cert_t which looks correct to me. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: self signed ssl cert on C5
On Thu, 25 Oct 2007, Kai Schaetzl wrote: Tom Diehl wrote on Thu, 25 Oct 2007 14:54:19 -0400 (EDT): error 18 at 0 depth lookup:self signed certificate OK (roadrunner pts1) # Am I correct that the above error is normal for a self signed cert? Seems so, yes. I get the same. I think your cert is okay. Your errors are all about *client* certificates, so the problem is with the certificate the client presents, not with the one you configured for the server. You seem to require a client certificate and either the client doesn't present you one or one that can't get verified. My knowledge about client certificates is limited, so I'm not sure about the exact reason. I do not understand this either. I have done this a bunch of times on el3 and el4 machines and it just works. Something seems to be fubar on the el5 machine. I even tried several different client machines and browsers with the same result. FWIW, the machine is a new install, so this is the first time I tried to activate ssl. rpm -V on mod_ssl shows nothing. Could this be some kind of multiarch problem? FWIW, I have the following openssl packages installed on the machine: (roadrunner pts1) # yum list openssl\* ... Installed Packages openssl.x86_64 0.9.8b-8.3.el5_0.2 installed openssl-devel.x86_64 0.9.8b-8.3.el5_0.2 installed openssl-perl.x86_64 0.9.8b-8.3.el5_0.2 installed openssl097a.x86_64 0.9.7a-9 installed Available Packages openssl.i686 0.9.8b-8.3.el5_0.2 updates openssl-devel.i386 0.9.8b-8.3.el5_0.2 updates (roadrunner pts1) # I am really at a loss on this one. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: self signed ssl cert on C5
On Thu, 25 Oct 2007, Kenneth Porter wrote: --On Thursday, October 25, 2007 2:54 PM -0400 Tom Diehl [EMAIL PROTECTED] wrote: SSL3_GET_CLIENT_CERTIFICATE Isn't that for when you need the client to prove who he his? Are you requiring client SSL certs? It looks like the client is failing to provide a good cert. Well not on purpose!! I set SSLVerifyClient to optional and it now works. It looks like the default is different between c-4 and c-5. I looked at my ssl.conf on a c-4 machine and the line is commented out. It was also commented out on the c-5 machine and I was getting the errors above. When I changed it to optional things started working. The documentation states that the default is none but it looks like the default is require. Is there a way to verify what the defaults are? Thanks for the help. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: hardware raid vs fake raid
On Thu, 13 Sep 2007, Ross S. W. Walker wrote: Tom Diehl wrote: Hi Tim, On Thu, 13 Sep 2007, Tim Verhoeven wrote: On 9/13/07, Tom Diehl [EMAIL PROTECTED] wrote: Does anyone know how I can find out if an ibm serveraid 8k sas storage controller (zero channel RAID) is a real hardware RAID controller and supported in the standard CentOs kernel or is it a fake raid controller. I am trying to decide if I should get the serveraid controller or go get a 3ware controller. Tom, The ServeRAID 8k s a real hardware raid controller, is has 256 MB of cache I think and a battery backup. So in this case there is no need for a 3ware controller. On the IBM website you can also find a commandline tool (called arcconf) that allows you monitor and configure the controller inside Linux. Is there a place where this kind of thing is documented? I looked through Google for about 3 hrs yesterday and I could not find anything definitive. Thank You, for the info. I hate to be the stater of the obvious... but doesn't IBM's website provide product specs along with a compatibility guide? They do but nothing I can find in there tells me if it is real hardware raid or fake raid. Adaptec for example, also says that their fake raid cards are comaptable with Linux but they do not clearly specify if it is fake raid or true hardware Raid. AFAIK the Adaptec cards are all fake Raid. and some of ServeRaid cards were also based on the Adaptec chipset and hence Fake Raid. When I looked at the IBM specs for the ServerRaid cards I did not see anything that indicated if the were real hardware raid or Fake Raid. If I am missing something please enlighten me. I am always willing to learn. IMO this type of thing is ambigious at best. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: hardware raid vs fake raid
On Thu, 13 Sep 2007, Mogens Kjaer wrote: Tom Diehl wrote: ... They do but nothing I can find in there tells me if it is real hardware raid or fake raid. Adaptec for example, also says that their fake raid cards are comaptable with Linux but they do not clearly specify if it is fake raid or true hardware Raid. AFAIK the Adaptec cards are all fake Raid. and some of ServeRaid cards were also based on the Adaptec chipset and hence Fake Raid. My IBM x3500 machines have this card: This is the exact machine I am talking about. # lspci ... 03:00.0 RAID bus controller: Adaptec AAC-RAID (Rocket) (rev 02) ... Hu, Interesting!! Maybe my information about Adaptec is wrong. I'm not quite sure if this also has an IBM serveraid name. According to the specs I have it is branded as ServeRaid 8k SAS. I do not have the machine yet. I don't think it is fakeraid; setting up raid devices can take place at bios level, the buildup of the RAID5 or RAID6 volumes can run without any drivers loaded. It does not sound like fake raid. If this is fakeraid I would like a clear definition of the term fakeraid. There is a pretty good explaination of fake raid here: http://thebs413.blogspot.com/2005/09/fake-raid-fraid-sucks-even-more-at.html And some more info here: http://linuxmafia.com/faq/Hardware/sata.html All of it is a bit old but mostly still revelent as far as I can tell. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: hardware raid vs fake raid
On Thu, 13 Sep 2007, Ross S. W. Walker wrote: Tom Diehl wrote: On Thu, 13 Sep 2007, Ross S. W. Walker wrote: Tom Diehl wrote: Hi Tim, On Thu, 13 Sep 2007, Tim Verhoeven wrote: On 9/13/07, Tom Diehl [EMAIL PROTECTED] wrote: Does anyone know how I can find out if an ibm serveraid 8k sas storage controller (zero channel RAID) is a real hardware RAID controller and supported in the standard CentOs kernel or is it a fake raid controller. I am trying to decide if I should get the serveraid controller or go get a 3ware controller. Tom, The ServeRAID 8k s a real hardware raid controller, is has 256 MB of cache I think and a battery backup. So in this case there is no need for a 3ware controller. On the IBM website you can also find a commandline tool (called arcconf) that allows you monitor and configure the controller inside Linux. Is there a place where this kind of thing is documented? I looked through Google for about 3 hrs yesterday and I could not find anything definitive. Thank You, for the info. I hate to be the stater of the obvious... but doesn't IBM's website provide product specs along with a compatibility guide? They do but nothing I can find in there tells me if it is real hardware raid or fake raid. Adaptec for example, also says that their fake raid cards are comaptable with Linux but they do not clearly specify if it is fake raid or true hardware Raid. AFAIK the Adaptec cards are all fake Raid. and some of ServeRaid cards were also based on the Adaptec chipset and hence Fake Raid. When I looked at the IBM specs for the ServerRaid cards I did not see anything that indicated if the were real hardware raid or Fake Raid. If I am missing something please enlighten me. I am always willing to learn. IMO this type of thing is ambigious at best. Ok, if a card has an IO processor then it will definitely be a true RAID card, as the fake ones don't have IO processors and use the system processor as it's processor and thus why they are fake. AAH!! That makes sense. I did not think about that but I should have. :-( So look for a mention of an Intel/LSI/Broadcom on-board processor in the specs and take note of the IO processor model # as that will determine it's performance. Again, that makes perfect sense. I feel stupid for not figuring it out on my own. Sometimes one just cannot see the forest for the trees. :-) Thanks for the education. This list is great!! Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] hardware raid vs fake raid
Hi, Does anyone know how I can find out if an ibm serveraid 8k sas storage controller (zero channel RAID) is a real hardware RAID controller and supported in the standard CentOs kernel or is it a fake raid controller. I am trying to decide if I should get the serveraid controller or go get a 3ware controller. Regards, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: setroubleshoot w/o X?
On Fri, 27 Jul 2007, drew einhorn wrote: Hi, I recently discovered setroubleshoot, a wonderful tool that helps diagnose and resolve selinux problems, even if you really do not understand selinux. I need to read up on selinux and get to where I understand it much better. I'm wondering if there is a text only version of setroubleshoot that runs on a minimal server configuration without X installed? Not that I am aware of but there is sealert -l in C5. Avc messages show up in the logs like the following: Jul 27 13:04:23 calamari setroubleshoot: SELinux is preventing samba (/usr/sbin/smbd) search to bin (bin_t). For complete SELinux messages. run sealert -l ca16f5d1-dd8a-4c9f-a535-1ff823c14583 The sealert thing displays information similar to setroubleshootd. Hope this helps, -- Tom Diehl [EMAIL PROTECTED] Spamtrap address [EMAIL PROTECTED]___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
