Re: [gentoo-user] New project in perl? {OT}
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/01/2011, at 09:04, Grant wrote: I'm sorry this is OT but I really value the opinion of many people subscribed to this list. I'm starting a new project that is quite straightforward and will interface with an old project. The only point of contact between the two projects might be both of them having access to the same database table. The old project is written in a language that is related to perl so I can imagine there would be some benefit to using perl for the new project. Am I foolish to start a new project in perl at this stage in its lifecycle? I won't be doing the coding myself and I wonder if I would be better off with PHP since more coders seem to be familiar with PHP than perl. TBH use neither, most people are jumping away from PHP and Perl. There is no issue with a change to your language now. SQL is a standard so using python, or ruby to interact with it will have no issues. Just make sure that you copy the database to a dev box first so that you avoid mangling your important data. - Grant William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJNH8QuAAoJEHF16AnLoz6Jj3kP/Rb+2kRj3CYzfp9sO3EgTnfw b7SHcz/wJaHPyK+fHftWJRAfpa7+8ymNmSLuQj/9/lBnn5/7OOw0GhGLC1zHJ96u nQLdToRXreSDd4ci6k9uVdlNP9qjrSSjBG3jAP5ZWnDwq7vNhAPD4M67i03uLCYC B1hJv+ZtFk98U6HivkJv9wO6GoE/QRNVtX1BS6y6ZvjiRF3qx5PPDRxAmqfgbDzk E04xBUOsXH1+yJKewZdoM3bIHUNxYpDK9IaSjDQVPJK8/TFn7ImNRP0aDbuUIpuH b95Ujq3ugbmE4ZD8hysD6oIgc8iGnEpmGuBCWuA3a/1VVx+e1p+qyPSriDVeFh15 gWKuxS6lAlqwlpXKrqnKMTfKzHivPTkw2/muMKAB09nC8lVEUvrj+K2es3rFfUI8 ZbiBIAVSJThgFLJfbWOQoh6AB6qqP5BMCAYtVTuuzKDVtc6ww5lipX4dejRooDl/ P9uAF1Yv8q9X3DNIF3LjVpPxEjzqUMFCKIUXQ1BDCUhST7YNPAyjxbbf5gTEcDN8 7XVBcCaT/fjtF/gxq2KKP/jlJLwgzuMxsmxON9snK8rUgODfGz1yutZOH70u7Gmg irC4V8uE1lNZVJgl/MQ2qXIBwcEtH+/+5eRvMHxSwtigNUqZcr0Re1h8Csk/rSuX XFGWRO4tas3sH+ReOB0e =QxHa -END PGP SIGNATURE-
Re: [gentoo-user] About interpreting output of df -h
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/12/2010, at 08:23, Harry Putnam wrote: Can anyone tell me how determine what these kind of useless names really mean? From df -h FilesystemSize Used Avail Use% Mounted on rootfs1.9G 283M 1.6G 15% / /dev/root 1.9G 283M 1.6G 15% / How are you supposed to tell what actual device these things are on. rootfs is a symlink to the device will...@xerxes / $ ls -al /dev/root lrwxrwxrwx 1 root root 4 Oct 31 18:26 /dev/root - sda3 will...@xerxes / $ df -h FilesystemSize Used Avail Use% Mounted on rootfs829G 803G 27G 97% / /dev/root 829G 803G 27G 97% / rc-svcdir 1.0M 132K 892K 13% /lib64/rc/init.d udev 10M 304K 9.8M 3% /dev shm 3.0G 24K 3.0G 1% /dev/shm /dev/sdb2 250G 234G 17G 94% /mnt/larry.1 /dev/sdb3 682G 614G 68G 91% /mnt/larry.2 /dev/sda1 31M 26M 3.3M 89% /boot will...@xerxes / $ for example, when using UUID devices, the same is true will...@xerxes / $ ls -al /dev/disk/by-uuid/ total 0 drwxr-xr-x 2 root root 160 Nov 27 10:35 . drwxr-xr-x 6 root root 120 Nov 5 00:10 .. lrwxrwxrwx 1 root root 10 Oct 31 18:26 42f0c22c-dde5-4fbb-9d79-158b14d1faf8 - ../../sdb2 lrwxrwxrwx 1 root root 10 Oct 31 18:26 7ca26cca-04aa-4fe7-8b1b-5d9b059648a0 - ../../sda1 lrwxrwxrwx 1 root root 10 Oct 31 18:26 8a444308-a234-4c97-bd91-6e4ead0c5273 - ../../sda3 lrwxrwxrwx 1 root root 10 Oct 31 18:26 b5af92b2-0e55-4b08-9c7f-ff2124c53921 - ../../sdb1 lrwxrwxrwx 1 root root 10 Oct 31 18:26 cc02ce4e-3761-4084-ba82-d78b0c2cb636 - ../../sda2 lrwxrwxrwx 1 root root 10 Oct 31 18:26 edf30a91-be1a-47ce-9c4a-d6ad89f94ee9 - ../../sdb3 will...@xerxes / $ They are all just symlinks that are generated by udev. I know I can look in fstab... but that is something of a crap shoot since it is user configured. So? It should not be touchable by human hands unless they have root. The only way this would change is if someone changed it, and you can easily track who with sudo and modification times etc. So what commands will show real devices not makebelieve baloney, and allow me to see the usage devices are put to? Next time ask nicely. What is so hard about saying Im a bit lost, how do i find the device that this points to. Why do we use these kind of names anyway? It allows for dynamic configurations of things, and some other voodoo that can be done. For example, you can if using UUID's move all your disks in their sata ports, and not affect your system's mounts because root will point at the device as listed in the UUID section. fdisk yes, but you can't tell what usage the devices are put to with that. William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQIcBAEBAgAGBQJM+BymAAoJEHF16AnLoz6J/CYP/A06DsfleMXwQubQRpnqpAPH kVD4s8a2rI1RSLodf1hoZt1jo3JH3AivKX0LwRX2u2VWN2qu3blOApT5Tn5m4wBp fU4YZTmZlJfVsZg4TsJttOa2tCssy5m4o0WXFJs1cwqNRn5CpnXrGNysG+a4/a6J nbhG3da0dG5nAyUJ0ySnGwgAzq99vd9Fw/RWAResRgf8xeptHFzNJ7VSjRhi+BaK mqEg8+neD3qCJX/n3qg/PFcZ4DV3/SY1cH8BCiNdnOqHQD9aNw5A0B2DhPfwZVFB vPLkjWrQi4oOi6wVZcze5pwHZyXteHPwIAfJ9y/LS7CEUz0hDwX1FUUcH3kHdjiS DqDrMepmTCZFJWitQcgEdKOowpDJvNs0upMS31de0l1O0iKyk1fFIheiStWw7O9y KJcEacOPjFE6qtLAmPlDjK2xpgNRG6ciF5Ct8Nktp67S8OJa7UhKMMW6YTlVRQEG MEKJvw3DrUtxDuSIHyrAtdKd2jhX352pDxRAVyD6W/4Zt7gMk0zOEXkXnaIqBG/h hlWSk+mTxlws6svE9ElhBFLk00aHYp//LPdQStQgijVAjX2hR/tvaVWr8NTsUEdb 8Mzm6Jj7AgdOl4KUxwbk/Yj1j5KubbI/P1M8T1dOroiZ8K1L5VFFufh8n3Siz/U3 qvdZ8nIhHqqaiy3yb8es =Aiw8 -END PGP SIGNATURE-
Re: [gentoo-user] Re: When ls command fails but only on $HOME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Another thing to check, is that the folder is marked +x in chmod. It may be that on reboot some automated cleaning script re-added that flag. Folders can only be listed if they are +x btw On 06/11/2010, at 01:37, Grant Edwards wrote: On 2010-11-05, Harry Putnam rea...@newsguy.com wrote: Alex Schuster wo...@wonkology.org writes: Am 01.11.2010 11:28, schrieb Harry Putnam: I can view the directory with emacs in dired mode but `ls' simply will not complete... never shows anything and stays hung indefinitely. [...] It only seem to happen on $HOME how very odd. Anyone else seen that or have an idea what might be the cause? No. But maybe 'strace ls' will show something? Is /home on a separate partition? I'd do a fsck on it. touch /forcefsck or use a live cd for this. Good luck, Just to close this thread... a reboot swept away all `ls' problems so still not sure what caused it, but am happily having normal experience with `ls' once again. The reboot was strictly unplanned, as the machine locked up overnight... no console access or by ssh, resulting in a hard manual reboot. When the machine came up, the `ls' problem had disappeared as well as sendmail problems discussed in a different thread. It sounds to me like you've got hardware problems. I'd at least run memtest86 overnight if I were you. -- Grant Edwards grant.b.edwardsYow! I feel partially at hydrogenated! gmail.com William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJM1JirAAoJEHF16AnLoz6J9JgP/1JkcLdsdqsDAgt3IJE/BDhz S3/8e7IghJ75t/fPMoVqZKrgDt264hx6Paj5Qr4HLeEVNlFVV6Xm4+AjsHauHbZa P8qoFkE7G/yAsCXxwFQG4LGUOSHL6uRj3MZX1lJTQiN9h4qNqnl1rkwl045YLEdY ZXcIwqebwbtfGPDWFqbWeam4Dd14G/F2l/IxfiOZwD6G9Qcm9B1d8gZt3HnsvbAx GnQTSEG0KAa/e3XPV2V8Z+V9MNeJ+rForBtvAy5QRmk3cRMxdEF6AGkTmEyYwnUB SVoocBmtdxSMw3IZETpkW8r0Hq78OJMjzszrHrs6cVFVlNZHMh1aCkpuBh7hNz4K fQORkPoeHrgxzkwEq30RLlADY+PMn10hGBEfhZuI3VSBtUqv6yY4eNO7kAF3az2R MDE9W+ek8D4RDAjXZq/zdogg6WYN2Qi3fpRqpnE1iCsh4eWkQElUQ1BtoPh876wK 6o7MvGKB389DvG6Snsrjs+A/XaNayIL0zR4dtdwdNXFN6tdmNyVhaGdhE3J/OuKK 9bfXiDybdwr/JoAhw0UZCpv5ZiS/+8n7KuENUpLUzVSoAUl5S1FAF75AsKgf8mzZ Zz3ofz3d8BG2+pBcxSJtgLOrsPC2xwd2yyWzfP68HC39sb5WDgvH4Zocnzr9d5rL bF7chWDhEaVWePnchRf6 =3ufH -END PGP SIGNATURE-
Re: [gentoo-user] Handbrake: Is it is or is it ain't in portage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, I'm a newb in video, but it was suggested to me by someone who uses it, so I wanted to try. Mplayer comes with a program called mencoder, which will do your video encoding. Its a bit more hands on but it is excellent once you learn it. My underling thing, if anyone can make other suggestions, is that my camera broke, and I had to get one in a hurry, and didn't really know what to look for. I wound up with a fairly good Sanyo 1080p camera and video recorder that's super light, and not too expensive. The problem is that its videos are MP4s, which are definitely not ready to put on a web site, and I know nothing about transcoding. My previous camera took acceptable .avi videos, which had worked with most folks browsers. The MP4s are huge and in a weakly supported format. IIRC, isnt MP4 just a container? what are the video codecs and audio codecs in the file? If they are 264 and mp3, you should be able to use HTML5 for them natively. MP4 is actually gaining alot of support in many OSes due to it being part of the HTML5 spec. If you need help with video transcoding, i'm happy to assist you as it makes up a small part of what i do in the work place. Just send me an email. (inde...@internode.on.net) The basic run down is that you have a container format, that holds an audio and video stream. the container, has no part to play in what the video or audio codecs are, only the storage of subtitles and other metadata. Generally, with a program like mencoder you would use mencoder -vo video codec -ao audio codec -o file.container extension In the majority of cases, it is the video codec, not the container that holds the issues, especially with the use of weird video codecs. (such as myself who is fighting with someone convinced they want to use real video still .) Thus if your camera is producing MP4, you should find out what video and audio codecs it is outputting. This can be done with mplayer from the command line, as when it opens a file it gives output similar to this bash-3.2$ mplayer /Volumes/Storage/Videos/Butterfly_Total_Remix_Pro.flv MPlayer UNKNOWN-4.2.1 (C) 2000-2009 MPlayer Team 141 audio 304 video codecs Playing /Volumes/Storage/Videos/Butterfly_Total_Remix_Pro.flv. libavformat file format detected. [lavf] Video stream found, -vid 0 [lavf] Audio stream found, -aid 1 VIDEO: [FLV1] 320x240 0bpp 24.000 fps 336.4 kbps (41.1 kbyte/s) Clip info: duration: 229 videodatarate: 329 lastkeyframetimestamp: 229 lastkeyframelocation: 9435531 creator: YouTube, Inc. metadatacreator: YouTube Metadata Injector. haskeyframes: true hasmetadata: true == Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family Selected video codec: [ffflv] vfm: ffmpeg (FFmpeg Flash video) == == Opening audio decoder: [mp3lib] MPEG layer-2, layer-3 AUDIO: 22050 Hz, 2 ch, s16le, 8.0 kbit/1.13% (ratio: 1000-88200) Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3) == AO: [coreaudio] 22050Hz 2ch s16le (2 bytes per sample) Starting playback... VDec: vo config request - 320 x 240 (preferred colorspace: Planar YV12) Could not find matching colorspace - retrying with -vf scale... Opening video filter: [scale] VDec: using Planar YV12 as output csp (no 0) Movie-Aspect is undefined - no prescaling applied. SwScaler: reducing / aligning filtersize 1 - 4 SwScaler: reducing / aligning filtersize 1 - 4 SwScaler: reducing / aligning filtersize 1 - 1 SwScaler: reducing / aligning filtersize 5 - 4 [swscaler @ 0x100838a00]BICUBIC scaler, from yuv420p to yuyv422 using MMX2 [swscaler @ 0x100838a00]using 4-tap MMX scaler for horizontal luminance scaling [swscaler @ 0x100838a00]using 4-tap MMX scaler for horizontal chrominance scaling [swscaler @ 0x100838a00]using n-tap MMX scaler for vertical scaling (BGR) [swscaler @ 0x100838a00]320x240 - 320x240 VO: [corevideo] 320x240 = 320x240 Packed YUY2 [ASPECT] Warning: No suitable new res found! A: 3.2 V: 3.2 A-V: -0.007 ct: 0.184 0/ 0 2% 5% 2.2% 0 0 MPlayer interrupted by signal 2 in module: sleep_timer A: 3.3 V: 3.2 A-V: 0.050 ct: 0.188 0/ 0 2% 5% 2.2% 0 0 Exiting... (Quit) The sections you are interested in, are between the signs. They tell you it is a Flash video, with MP3 audio. You can also see it is a flash container. It may be worth running one of your videos with mplayer to find what codecs they are using. I'm somewhere on the learning curve, obviously, but having trouble getting coherent advice. Yes, its always difficult to work out the good from the bad. Im sure we have all been at that stage, and its why email lists like this are here to
Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/08/2010, at 11:44 AM, Frank Steinmetzger wrote: Am Dienstag, 10. August 2010 schrieb Paul Hartman: Typing that long password into sudo every time I ran a command was a hassle I’ve never used sudo, and never really liked the idea of it. In fact I’m always amused and slightly annoyed by the sheer amount of sudo one can find in your typical ubuntu howto. ;-) It’s one reason why I abstained from installing Truecrypt 6, because it requires sudo (Yes I know, in default setup you can’t do much with it. It is but an issue of principle). However, because I need root commands regularly (for example to initiate the VPN to my uni’s WiFi), I usually have one tab in Yakuake where I do a normal su once after login. And for more safety on my part, I also use different prompts: red hostname for root console, green u...@hostname for nonroot. -- Gruß | Greetings | Qapla' What’s right is right, otherwise it’d be wrong. I hope you realise the use of sudo -i will give you a root shell just like su. The reason sudo is preferred is that it means between multiple administrators, you can eliminate the need for a shared password. sudo can also control who and what groups can access sudo, and even subsets of commands. sudo also has a grace timer in which once you prove your identity with your password once, you can use sudo without a password for a period of time after that. This can also be canceled with sudo -k In terms of system administration best practices, sudo is the way to go. You will see it used in all server administration tasks to escalate privileges, in a secure manner. William Brown pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMYLhgAAoJEHF16AnLoz6JhJ8QAL5SO5DRmcQ3wXLdtMZooACu WT4qyfKBnfMqakLJlSWYOH6tuIoK/mVYpeCpQmjpTuKaE90tnLnngCOVnG7puyqG LkPBNew3iOsO0JJcNzCcMiwWQ1C7d2hkSyNl48FVwBwaVgbPmWL6flPLxwHxdbU1 O2Kke8ku2dAVRTg9NdnPnTcc7y1h2/VYLwqSY10ybHS4I6a7YuhEIeGZtCqfEZ6d 0WkbUaU2IJFEVskR2pRV3Oh8FOgjW1XpYPzGrzQgpByghVgDxalFpC89g3xVw2ue bbRZNcn6NfZnfS/ltsCLr0mzSkV9xUXtYJkSQWN2jZbXM5rr+5gQXk1CqYLeDkjS 4HFST6bFfUUl7KMlo/mfH7PSD3Coa1J/DwcZFM9xkMx/sTy/TDsQhG1Qgb5jSn4u /TVYRwkvNj/KXBolDPcEQkZ6h35R8h9gGFRaW9u1+O2YyLC8uOyFUhd0iHNo0+s0 r4Q0wiwnY7I5CI2ZQ5h2blbYzqyvgSa43rYp3rho9cp4LktDKO2qfoIW/CV/0Q6r NmWcuzaU17QTAQn8VL2SUfG0zqXgCI4NlQcU8iNnYFRGUTvdx4crjzrgIqYm2rc+ PbpFuLl4Uz000hsQYXWfy9hwIMbxilT4F9AOpKmyU392GZ/22WUvoMk2uhzt8aCf w44gvZvW1e44buFM2L/z =AR4J -END PGP SIGNATURE-
Re: [gentoo-user] [SOLVED] Phonon + PulseAudio Problem
On 23/05/2010, at 8:51 PM, Etaoin Shrdlu wrote: On Sunday 23 May 2010, Fabian Köster wrote: I WANT TO UNSUBSCRIBE Maybe you should just do it and stop making noise: gentoo-user+unsubscr...@lists.gentoo.org It would be great if mailing list software could be configured so that only users who demonstrate they know how to unsubscribe could subscribe in the first place. Example: - user subscribes - mailing list replies: please unsubscribe and subscribe again - if user fails to do so within a configurable amount of time, forcibly unsubscribe him - if user succeeds, leave him subscribed after the second subscription. Just saying... You may as well attach an IQ test as well. The fact is that it is easy to read how to unsubscribe, as well as that it is simple to not click and open every piece of email you recieve, so complaints like this are rather baseless.
Re: [gentoo-user] Cannot start Slapd (OpenLDAP)
On 23/05/2010, at 2:09 AM, Robin Atwood wrote: On Saturday 22 May 2010, Christopher Kurtis Koeber wrote: When I go to /var/log/messages nothing is logged there. Anything I can do to fix this? Oh wait, /var/log/ldaplog is my customisation of syslog-ng. But slapd messages should be written with facility local4. Trying it with the --debug option on the command line. The easiest way to find why your ldap server wont start is to run the command slapd -4 -d 256 which translates to run in ipv4 only with debug level of 256. If the server wont start the first few messages should highlight your error. William
Re: [gentoo-user] Which bluetooth USB key ?
On 21/05/2010, at 4:15 PM, alain.didierj...@free.fr wrote: I have to get a bluetooth USB key. Which one is known to work under gentoo (amd64) ? With which driver ? Experience and knowhow welcome... Most bluetooth usb keys will work with the drivers in the kernel, iirc it is called bluetooth usb, in .config it is CONFIG_BT_HCIBTUSB=y and in the make menuconfig it is Networking - Bluetooth subsystem -Blue tooth device drivers - HCI USB driver William
Re: [gentoo-user] Which bluetooth USB key ?
On 21/05/2010, at 5:36 PM, alain.didierj...@free.fr wrote: Selon Indexer inde...@internode.on.net: On 21/05/2010, at 4:15 PM, alain.didierj...@free.fr wrote: I have to get a bluetooth USB key. Which one is known to work under gentoo (amd64) ? With which driver ? Experience and knowhow welcome... Most bluetooth usb keys will work with the drivers in the kernel, iirc it is called bluetooth usb, in .config it is CONFIG_BT_HCIBTUSB=y and in the make menuconfig it is Networking - Bluetooth subsystem -Blue tooth device drivers - HCI USB driver William Thanks for the fast efficient answer... Any time
Re: [gentoo-user] Ldap authentication issues.
I have solved this issue late last night. I took my inspiration from fedora, who has a really nice automatic tool for adding ldap servers, and i looked at their changes. The issue was that pam_unix was set as required, not sufficient / optional. I also found that in fedora they do includes in their pam, and my setup did not have it so you need to modify the correct module for the system, you are using. Find below my corrected pam config, and i will do a write up of this process. I have also found that when the user logs in it takes a long tine for commands to execute, and in this time it sends alot of requests to the slapd server, using anonymous binds. Any idea how i make anonymous binds return attrs such as groupUid etc? On 05/05/2010, at 7:00 AM, Daniel Troeder wrote: # auth authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn use_first_pass auth sufficientpam_unix.so no_warn try_first_pass # account account requiredpam_nologin.so #accountrequiredpam_krb5.so account requiredpam_login_access.so account sufficientpam_unix.so accountsufficient/usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user # session #sessionoptionalpam_ssh.so session requiredpam_permit.so session optional /usr/local/lib/pam_ldap.so # password #password sufficient pam_krb5.so no_warn try_first_pass passwordsufficientpam_unix.so no_warn try_first_pass passwordsufficient /usr/lib/local/pam_ldap.so
[gentoo-user] Ldap authentication issues.
I am currently trying to make a ldap server which i can use to authenticate users. Sadly a large number of how to's are incomplete and don't work, so after reading alot of how to's and manuals I have got 99.9% of the way. On attempting to authenticate a user it denies the user access with a error from auth.log May 4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for william from 172.20.0.1 I can succesfully search the ldap with this user binding to the ldap ldapsearch -x -D uid=william,ou=Admin,dc=chocolate,dc=lan -W '(uid=william)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base dc=chocolate,dc=lan (default) with scope subtree # filter: (uid=william) # requesting: ALL # # william, Admin, chocolate.lan dn: uid=william,ou=Admin,dc=chocolate,dc=lan uid: william cn: william objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: top loginShell: /bin/bash uidNumber: 1 gidNumber: 1 homeDirectory: /home/william userPassword:: e1NTSEF9Z3BQd05Lc3JUMWwxSVNhOVQvN1dPb3ZOcnVBSXJwVTE= gecos: William Brown description: William Brown shadowLastChange: 1 shadowMax: 0 shadowExpire: 0 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Slapd when trying to authenticate shows this. /usr/local/libexec/slapd -4 -d 256 slapd starting conn=0 fd=10 ACCEPT from IP=127.0.0.1:28629 (IP=0.0.0.0:389) conn=0 op=0 BIND dn= method=128 conn=0 op=0 RESULT tag=97 err=0 text= connection_input: conn=0 deferring operation: binding conn=0 op=1 SRCH base=ou=Nemo,ou=Group,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixGroup)) conn=0 op=1 SRCH attr=cn userPassword memberUid uniqueMember gidNumber conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=0 op=2 SRCH base=ou=Marvin,ou=Group,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixGroup)) conn=0 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=0 fd=10 closed (connection lost) conn=1 fd=10 ACCEPT from IP=127.0.0.1:43475 (IP=0.0.0.0:389) conn=1 op=0 BIND dn= method=128 conn=1 op=0 RESULT tag=97 err=0 text= connection_input: conn=1 deferring operation: binding conn=1 op=1 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=1 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire = bdb_equality_candidates: (uid) not indexed conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=2 fd=12 ACCEPT from IP=127.0.0.1:15318 (IP=0.0.0.0:389) conn=2 op=0 BIND dn= method=128 conn=2 op=0 RESULT tag=97 err=0 text= connection_input: conn=2 deferring operation: binding conn=2 op=1 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=2 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire = bdb_equality_candidates: (uid) not indexed conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=2 op=2 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=2 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire = bdb_equality_candidates: (uid) not indexed conn=2 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=2 fd=12 closed (connection lost) conn=3 fd=12 ACCEPT from IP=127.0.0.1:63485 (IP=0.0.0.0:389) conn=3 op=0 BIND dn= method=128 conn=3 op=0 RESULT tag=97 err=0 text= connection_input: conn=3 deferring operation: binding conn=3 op=1 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=3 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire = bdb_equality_candidates: (uid) not indexed conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=3 op=2 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=3 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire = bdb_equality_candidates: (uid) not indexed conn=3 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=3 fd=12 closed (connection lost) conn=1 fd=10 closed (connection lost) Here is my /etc/ldap.conf base dc=chocolate,dc=lan suffix dc=chocolate,dc=lan uri ldap://ldap.srv.chocolate.lan ldap_version 3 rootbinddn cn=Manager,dc=chocolate,dc=lan scope one timelimit 3 bind_timelimit 3 bind_policy soft pam_filter objectclass=posixAccount pam_login_attribute uid pam_check_host_attr no pam_member_attribute memberuid pam_password exop nss_reconnect_tries 4 # number
Re: [gentoo-user] Ldap authentication issues.
On 03/05/2010, at 9:16 PM, Daniel Troeder wrote: I haven't set this up on gentoo, only on debian-server with ubuntu-clients... Does NSS work already? Do you see the LDAP users/group after the passwd-users when you run $ getent passwd $ getent group Both show the correct user and group as defined in the ldap attributes passwd william:*:1:1:William Brown:/home/william:/bin/bash and group login:*:2:william Assuming you have configured /etc/nsswitch.conf: passwd: compat ldap group: compat ldap shadow: compat ldap (files ldap is OK too.) As long as that does not work, it doesn't make sense to continue to PAM. Is the password in /etc/ldap.secret OK? Mode should be 400. Try to see if the password for cn=Manager,dc=chocolate,dc=lan in there does have possibly problematic characters. The password is in there, and it does bind successfully (I accidentally posted the wrong output from slapd, I have been documenting my success / failures to try and piece this together) slapd starting conn=0 fd=10 ACCEPT from IP=127.0.0.1:39936 (IP=0.0.0.0:389) conn=0 op=0 BIND dn=cn=Manager,dc=chocolate,dc=lan method=128 conn=0 op=0 BIND dn=cn=Manager,dc=chocolate,dc=lan mech=SIMPLE ssf=0 conn=0 op=0 RESULT tag=97 err=0 text= connection_input: conn=0 deferring operation: binding conn=0 op=1 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=0 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=1 fd=13 ACCEPT from IP=127.0.0.1:23394 (IP=0.0.0.0:389) conn=1 op=0 BIND dn=cn=Manager,dc=chocolate,dc=lan method=128 conn=1 op=0 BIND dn=cn=Manager,dc=chocolate,dc=lan mech=SIMPLE ssf=0 conn=1 op=0 RESULT tag=97 err=0 text= connection_input: conn=1 deferring operation: binding conn=1 op=1 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=1 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=1 op=2 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=1 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=1 fd=13 closed (connection lost) conn=2 fd=13 ACCEPT from IP=127.0.0.1:38351 (IP=0.0.0.0:389) conn=2 op=0 BIND dn=cn=Manager,dc=chocolate,dc=lan method=128 conn=2 op=0 BIND dn=cn=Manager,dc=chocolate,dc=lan mech=SIMPLE ssf=0 conn=2 op=0 RESULT tag=97 err=0 text= connection_input: conn=2 deferring operation: binding conn=2 op=1 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=2 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=2 op=2 SRCH base=ou=Admin,dc=chocolate,dc=lan scope=1 deref=0 filter=((objectClass=posixAccount)(uid=william)) conn=2 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass shadowLastChange shadowMax shadowExpire conn=2 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= I need to use nscd on the clients. BTW: I use MDS/MMC (http://mds.mandriva.org/) on all debian servers for User/Samba/DNS/DHCP/Mail management with LDAP. It's really good. Ill take a look at it, thank you for the hint. The most trickiest part of setting up LDAP-clients is always PAM :( Fortunately for debian/ubuntu there are good guides. If you find out how to do it with gentoo, that info would be appreciated (gentoo-wiki?). I agree, and i most likely will do a write up if i get it to work happily Good luck, Daniel -- PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887op=get # gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887 William
Re: [gentoo-user] Ldap authentication issues.
On 03/05/2010, at 9:41 PM, Ward Poelmans wrote: On Mon, May 3, 2010 at 09:41, Indexer inde...@internode.on.net wrote: I am currently trying to make a ldap server which i can use to authenticate users. Sadly a large number of how to's are incomplete and don't work, so after reading alot of how to's and manuals I have got 99.9% of the way. On attempting to authenticate a user it denies the user access with a error from auth.log May 4 02:21:08 nemo sshd[1271]: error: PAM: authentication error for william from 172.20.0.1 What does you ssh file in /etc/pam.d look like? # auth authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth sufficient /usr/local/lib/pam_ldap.so no_warn use_first_pass authrequiredpam_unix.so no_warn try_first_pass # account account requiredpam_nologin.so #accountrequiredpam_krb5.so account requiredpam_login_access.so account requiredpam_unix.so #accountrequired/usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user # session #sessionoptionalpam_ssh.so session requiredpam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass passwordrequiredpam_unix.so no_warn try_first_pass Ward I was under the impression that SSH was able to use pam from the system module? I will try this out now uncommenting the ldap settings.
Re: [gentoo-user] Frozen after Upgrade
On 03/05/2010, at 11:01 PM, Colleen Beamer wrote: Hi, Yesterday, I updated my system. On reboot, I get to my login screen, but then everything is frozen - the cursor blinks in the box where I am supposed to enter my password, but the keyboard doesn't work and my mouse is frozen. I don't know if this has something do do with the xorg update that happened in connection with my nvidia driver. I can't even kill X because, stupid me didn't configure the Ctrl-Alt-Backspace when it was no longer automatically configured. Right now, I have booted from a Kubuntu live CD so was able to get into the system to write this. Is there a way I can fix this without having to do a complete reinstall? I would be checking my Xorg.conf to see if you have evdev enabled, set evdev in your make.conf just in case, and make sure you have hald set to start on boot as xorg now needs it for keyboard and mouse. William
Re: [gentoo-user] Frozen after Upgrade
On 03/05/2010, at 11:17 PM, Colleen Beamer wrote: On 5/3/10, Indexer inde...@internode.on.net wrote: On 03/05/2010, at 11:01 PM, Colleen Beamer wrote: Hi, Yesterday, I updated my system. On reboot, I get to my login screen, but then everything is frozen - the cursor blinks in the box where I am supposed to enter my password, but the keyboard doesn't work and my mouse is frozen. I don't know if this has something do do with the xorg update that happened in connection with my nvidia driver. I can't even kill X because, stupid me didn't configure the Ctrl-Alt-Backspace when it was no longer automatically configured. Right now, I have booted from a Kubuntu live CD so was able to get into the system to write this. Is there a way I can fix this without having to do a complete reinstall? I would be checking my Xorg.conf to see if you have evdev enabled, set evdev in your make.conf just in case, and make sure you have hald set to start on boot as xorg now needs it for keyboard and mouse. This would be good if I could get to a terminal seesion, but I can't. The keyboard doesn't work and I can't login. Right now, I am using a Kubuntu live CD and mounting is disabled. How do you mean mounting is disabled? Open a terminal and type sudo mount /dev/sdblah ??? From there you can either chroot in, or you can manually stop xdm by removing the file /etc/runlevels/default/xdm (instead of using rc-update) William
Re: [gentoo-user] Constraining X display resolutions
On 27/04/2010, at 8:48 AM, Frank Steinmetzger wrote: Am Montag, 26. April 2010 schrieb Peter Humphrey: Hello list, My monitor is 1600 x 1200 but I like to run it at 1400 x 1050 (anno domini etc.). So far, though, KDE 4 doesn't remember the resolution at shutdown so it restarts at 1600 x 1200. I have to go through the rigmarole of setting it again every time I log in. I have raised a bug report but I don't suppose it's very high on anyone's list. Meanwhile, is there an entry I can make in xorg.conf, or elsewhere, to force KDE to display just the single resolution, 1400 x 1050? You haven't told us what kind of monitor that is, but it sounds like it's a flatscreen. In that case you should definitely run it on its native resolution, or else your display will be blurry and strain your eyes far more. However, Linux GUIs are very good at geometric upscaling, so I suggest increasing font and icon sizes. -- Gruß | Greetings | Qapla' What do you call a dead bee? - A was. The best way to achieve this would be to set your resolution manually in xorg.conf, rather than using the KDE4 tool. William
