Re: [389-users] Announcing 389 Directory Server 1.2.8 Alpha 1 for testing
2011/1/25 Rich Megginson rmegg...@redhat.com: The 389 team is pleased to announce the availability for testing of Alpha 1 of version 1.2.8. This release contains many bug fixes. On those platforms which have OpenLDAP built with Mozilla NSS crypto support (Fedora 14 and later), the packages are built with OpenLDAP instead of the Mozilla LDAP C SDK. 389-ds-base-1.2.8-0.1.a1.el5 will still hang randomly due to production LDAP traffic, though seems more resilient than the 1.2.7 version (and more prone never to shutdown when it does wedge? Still trying out variations of traffic load and backup runs (no MMR in the mix, yet)). Do you need more strace logs or maybe gdb dumps? https://bugzilla.redhat.com/show_bug.cgi?id=668548 https://bugzilla.redhat.com/show_bug.cgi?id=668619 Jeremy -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Announcing 389 Directory Server 1.2.8 Alpha 1 for testing
On 01/25/2011 05:07 PM, Jeremy A. Mates wrote: 2011/1/25 Rich Megginsonrmegg...@redhat.com: The 389 team is pleased to announce the availability for testing of Alpha 1 of version 1.2.8. This release contains many bug fixes. On those platforms which have OpenLDAP built with Mozilla NSS crypto support (Fedora 14 and later), the packages are built with OpenLDAP instead of the Mozilla LDAP C SDK. 389-ds-base-1.2.8-0.1.a1.el5 will still hang randomly due to production LDAP traffic, though seems more resilient than the 1.2.7 version (and more prone never to shutdown when it does wedge? Still trying out variations of traffic load and backup runs (no MMR in the mix, yet)). Do you need more strace logs or maybe gdb dumps? No. We haven't started working on those bugs yet. https://bugzilla.redhat.com/show_bug.cgi?id=668548 https://bugzilla.redhat.com/show_bug.cgi?id=668619 Jeremy -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] HOW TO INSTALL NEW INTERMEDIATE CA CERTIFICATES ON 389 DS
All, I have installed 389 servers and in the process of requesting new 4 year SSL certificates for my servers. To do so Verisign is only accepting 2048-bit and higher CSR's only for 3 year certificates. No problem I manually created a new CSR with 2048 bits using openssl, received my new cert from verisign and have installed it successfully. Now that I have the new cert installed and SSL configured and my pin.txt file in place I find that upon start-up of the directory service the certificate will not properly verify and the startup fails. Based on the VeriSign advisory AD220 (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=contentid=AD220) It appears that I need to update the directory servers VeriSign intermediate certificates in order to properly validate my new 2048 cert upon startup. My new certificate came with the notice also as follows: In order for your VeriSign SSL Certificate to function properly, NEW Primary and Secondary VeriSign Intermediate CA Certificates must be installed. So has anyone actually updated or installed the new primary and secondary intermediate CA certificates. The usual methods of certutil command and the Management Console wizard have all failed to install the provided intermediate CA bundle provided by VeriSign. Also I am not running Apache, I only have the 389 Management Console serving web for the servers. Thanks appreciate your assistance. Love the list server you guys ROCK!.Tim -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] HOW TO INSTALL NEW INTERMEDIATE CA CERTIFICATES ON 389 DS
On 01/25/2011 06:08 PM, Tim Weichel wrote: All, I have installed 389 servers and in the process of requesting new 4 year SSL certificates for my servers. To do so Verisign is only accepting 2048-bit and higher CSR's only for 3 year certificates. No problem I manually created a new CSR with 2048 bits using openssl, received my new cert from verisign and have installed it successfully. Now that I have the new cert installed and SSL configured and my pin.txt file in place I find that upon start-up of the directory service the certificate will not properly verify and the startup fails. Based on the VeriSign advisory AD220 (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=contentid=AD220 https://knowledge.verisign.com/support/ssl-certificates-support/index?page=contentid=AD220) It appears that I need to update the directory servers VeriSign intermediate certificates in order to properly validate my new 2048 cert upon startup. My new certificate came with the notice also as follows: In order for your VeriSign SSL Certificate to function properly, NEW Primary and Secondary VeriSign Intermediate CA Certificates must be installed. So has anyone actually updated or installed the new primary and secondary intermediate CA certificates. The usual methods of certutil command and the Management Console wizard have all failed to install the provided intermediate CA bundle provided by VeriSign. What exactly did you try and how exactly did it fail? Please provide the exact certutil command line arguments. Also I am not running Apache, I only have the 389 Management Console serving web for the servers. Thanks appreciate your assistance. Love the list server you guys ROCK!.Tim -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: after pre-upgrade my installation hangs, too
Maurizio Marini maumar at datalogica.com writes: ... Hi JB and others, before trying # yum distro-sync as you suggested me, i would try to understand the issue with preupgrade. I have restarted my nb and i see it hangs on infamous: waiting for hardware to initialize like in Ashley M. Kirchner thread. I would know if it makes any sense to insert these flags and the others you suggeted to Ashley ignore_loglevel enforcing=0 initcall_debug in grub.conf Upgrade line: title Upgrade to Fedora 14 (Laughlin) kernel /upgrade/vmlinuz preupgrade = here ... Yes, these are debugging statements. They may slow the process somewhat but should not have impact on hardware initialization. JB -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
iptables and NAT
Dear All I'm trying to configure iptables with Network Address Translation Scenario is like server 1 with IP address 192.168.131.131 is running httpd server 2 with two NIC, one is xx.xx.xx.xx ( live ip ) and another is 192.168.131.133, --- I run following command on server 2 ( which is going to be acting as firewall ) iptables -t NAT -A PREROUTING -d xx.xx.xx.xx -J DNAT --to-destination 192.168.131.131 but it ends with following error iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. --Following are some details of my server *uname -r * 2.6.18-194.32.1.el5 *lsmod | grep ip * ip_tables17029 0 x_tables 17349 1 ip_tables ipv6270561 19 xfrm_nalgo13381 1 ipv6 acpiphp 27089 0 dm_multipath 25421 0 scsi_dh 12097 1 dm_multipath dm_mod 63225 15 dm_multipath,dm_raid45,dm_snapshot,dm_zero,dm_mirror,dm_log Can anyone guide me ??? whats going wrong with it ? how to resolve this problem Thanx regards -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: native texlive and yum
On Mon, 24 Jan 2011, Mohamed El Morabity wrote: Le lundi 24 janvier 2011 à 13:55 +0100, Walter Cazzola a écrit : a solution could be to build an empty RPM that will simply contain a Provides: texlive 2007 or something like this to fool Fedora packages requiring a LaTeX distribution. Your idea looks interesting but doesn't work. I've just installed (as yum localinstall) the rpm generated by the attached rpm and when I try to install a2ps I get: Dependencies Resolved = Package = Installing: a2ps Installing for dependencies: html2ps kpathsea tex-preview texinfo-tex texlive texlive-dvips texlive-latex texlive-texmf texlive-texmf-dvips texlive-texmf-errata texlive-texmf-errata-dvips texlive-texmf-errata-fonts texlive-texmf-errata-latex texlive-texmf-fonts texlive-texmf-latex texlive-utils Transaction Summary = Install 17 Package(s) Total download size: 61 M Installed size: 159 M Is this ok [y/N]: n That is not what I desire. The fake rpm is correctly installed: yum list installed|grep texlive texlive2010-fake.noarch1.0-1.fc13 @/texlive2010-fake-1.0-1.fc13.noarch Any other suggestion? Walter -- Walter Cazzola, PhD - Associate Professor, DICo, University of Milano E-mail: cazz...@dico.unimi.it Ph.: +39 02 503 16300 Fax: +39 02 503 16253 · · · · · · · · · ... recursive: adjective, see recursive ... · · · · · · · · ·Name:texlive2010-fake Version: 1.0 Release: 1%{?dist} Summary: This is a fake TeXLive package Source0: fake.tgz Group: System Environment/Base License: GPLv2 and BSD and Public Domain and LGPLv2+ and GPLv2+ and LPPL BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XX) Provides: texlive 2007 %description This was necessary to have a tlmgr-based installation of texlive and all the rpm packages that requires texlive (e.g., a2ps and R-core) still installable. %prep %build %install rm -rf $RPM_BUILD_ROOT %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc %changelog -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: native texlive and yum
On Mon, 24 Jan 2011, suvayu ali wrote: On Mon, Jan 24, 2011 at 1:55 PM, Walter Cazzola cazz...@dico.unimi.it wrote: That has been a great idea except for a couple of issues on some *nonrelated packages. To remove texlive yum forced the remotion of a2ps and R-core (and few other but these are the most important for me) and I can't reinstall them without reinstalling texlive (at least in part). Although it might seem so, but they might not be entirely independent. yes I know they use LaTeX to render something but they can work also without LaTeX so if someone want these tools is forced to install LaTeX as well. Now I've already installed texlive but not through yum and I'm wondering why the rpm for these packages not really related to LaTeX and in any case working also without LaTeX can't check for the bins instead of the whole package. That is how rpm (or any other package manager works). Checking for binaries can be ambiguous as some package might not place the binaries in the path the package manager might check. uhm this is not convincing me, to avoid misplaced binaries there are several methods, where, which, the only mandatory point is to have the binaries you are looking for in the PATH that is not such a big issue since I'm supposing you want to use them. I think this is just an issue of laziness since it is easier to have hard dependencies and let the rpm dbms to deal with them rather than to check real dependencies thoroughly. Is there a way for forcing their installation without installing texlive? If you don't mind the disk space taken by the rpm version of texlive, you can solve the problem with setting your environment variables appropriately. This is how I get around this issue: I know about this possibility but I'd prefer to save 200Mb and to have a cleaner installation. Thanks for the advice Walter -- Walter Cazzola, PhD - Associate Professor, DICo, University of Milano E-mail: cazz...@dico.unimi.it Ph.: +39 02 503 16300 Fax: +39 02 503 16253 · · · · · · · · · ... recursive: adjective, see recursive ... · · · · · · · · ·-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: native texlive and yum
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 25/01/2011 11:46, Walter Cazzola a écrit : On Mon, 24 Jan 2011, Mohamed El Morabity wrote: Le lundi 24 janvier 2011 à 13:55 +0100, Walter Cazzola a écrit : a solution could be to build an empty RPM that will simply contain a Provides: texlive 2007 or something like this to fool Fedora packages requiring a LaTeX distribution. Your idea looks interesting but doesn't work. I've just installed (as yum localinstall) the rpm generated by the attached rpm and when I try to install a2ps I get: Dependencies Resolved Any other suggestion? Get the rpm package of a2ps and install it with rpm -ivh a2ps.xxx.rpm --nodeps And see if a2ps works. BTW why do you want a2ps it is quite obsolete now for it is unable to handle utf-8 encodage. - -- François Patte UFR de mathématiques et informatique Université Paris Descartes Tél. +33 (0)1 8394 5849 http://www.math-info.univ-paris5.fr/~patte -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0+rbkACgkQdE6C2dhV2JV1WwCfSvqHkbwTZ9Xs8zkYPQoHqfwC 5+gAn37r4bFQkKYMH0a5OQIOqxcFnCc1 =9/Xs -END PGP SIGNATURE- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On 01/25/2011 06:15 AM, Jatin K wrote: iptables -t NAT -A PREROUTING -d xx.xx.xx.xx -J DNAT --to-destination 192.168.131.131 but it ends with following error Hi, The names of the tables are case-sensitive. It should be nat instead of NAT. HTH, JOrge -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
Jatin K ssh.fedora at gmail.com writes: ... Dear All I'm trying to configure iptables with Network Address Translation ... iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. On F14. Kernel configuration: $ less /boot/config-* search for NAT If configured as modules, see kernel modules: $ less /lib/modules/2.6.*/modules.dep search for nat (or nf_nat) Test: # modprobe nf_nat Other config files: # less /etc/sysconfig/iptables-config Also /proc fs. JB -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
newbie wireless question
Hi users, I connect to wireless with network manager called HOME with wep key through NetworkManager. I don t find how to connect to the same network through CL with iwconfig and ifconfig. Could you help me please. Regards -- PhD candidate in Computer Science Address 3 avenue lamine, cité ezzahra, Sousse 4000 Tunisia tel: +216 97 246 706 (+33640302046 jusqu'au 15/6) fax: +216 71 391 166 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Help test extras installer
In case anyone's interested, please help me test the new Kororaa bash extras installer script for Fedora. Essentially, I’ve merged the original Flash and NVIDIA driver installers into a new bash script, which also handles AMD’s fglrx driver. It supports KDE, GNOME as well as console, and if you don't have the required repositories it can configure these for you too. It’s now ready for testing, so please test it out and let me know if you have any problems! wget http://kororaa.org/files/add-remove-extras.sh chmod a+x add-remove-extras.sh sudo ./add-remove-extras.sh And feel free to fix my horrible bash, if you feel so motivated! ;-) See http://ur1.ca/30a0g Thanks, Chris -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tuesday 25 January 2011 05:07 PM, Jorge Fábregas wrote: On 01/25/2011 06:15 AM, Jatin K wrote: iptables -t NAT -A PREROUTING -d xx.xx.xx.xx -J DNAT --to-destination 192.168.131.131 but it ends with following error Hi, The names of the tables are case-sensitive. It should be nat instead of NAT. HTH, JOrge Thnx I'got your point replaced NAT with nat ... saved iptables wiht service iptable save but server is not forwarding the packets to the web server if i try http://xx.xx.xx.xx ( live ip ) .. .. no page is displayed what it could be ??? -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: FC14 Installation Hangs
Ashley M. Kirchner ashley at pcraft.com writes: On 1/24/2011 4:33 PM, JB wrote: Read Lamar Owen's post. You may search Google and Bugzilla for problems related to your Broadcom CNB20LE board. There is a chance that Alan drops by and he is expert on hard disks. Tomorrow will try some more. JB Yep, I'm going to try and boot an FC13 install disk tomorrow morning, see how that fares ... Check the board's BIOS date. In Bugzilla 665109 they claim that this board can have old or incomplete BIOS. Does it seem to be outdated ? Is there any update on manufacturer's or reseller's web site ? I would look at the BIOS settings too (sometimes their automatic settings work better than our manual ones). JB -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
Hi , On the server where you have the web page you have iptables up and blocking the 80 port ? the service is up and running ? it's accepting connection from all interfaces , not only on localhost ? On Tue, Jan 25, 2011 at 2:17 PM, Jatin K ssh.fed...@gmail.com wrote: On Tuesday 25 January 2011 05:07 PM, Jorge Fábregas wrote: On 01/25/2011 06:15 AM, Jatin K wrote: iptables -t NAT -A PREROUTING -d xx.xx.xx.xx -J DNAT --to-destination 192.168.131.131 but it ends with following error Hi, The names of the tables are case-sensitive. It should be nat instead of NAT. HTH, JOrge Thnx I'got your point replaced NAT with nat ... saved iptables wiht service iptable save but server is not forwarding the packets to the web server if i try http://xx.xx.xx.xx ( live ip ) .. .. no page is displayed what it could be ??? -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tuesday 25 January 2011 06:16 PM, Jorge Fábregas wrote: On 01/25/2011 08:17 AM, Jatin K wrote: but server is not forwarding the packets to the web server Besides the NAT rule, you'll need a forward rule (as that traffic is not for the machine hosting the firewall). I think you'll need something like: iptables -A FORWARD -d 192.168.131.131 -p tcp --dport 80 -j ACCEPT ...and of course check the firewall on the web-server to allow incoming TCP/80. -- Jorge I've done the following [1]echo 1 /proc/sys/net/ipv4/ip_forward ( enabled ip forwarding ) [2]iptables -A FORWARD -d 192.168.131.131 -p tcp --dport 80 -j ACCEPT [3]iptables -t nat -A PREROUTING -d xx.xx.xx.xx -p tcp --dport 80 -j DNAT --to-destination 192.168.131.131 port 80 is opened on the web server I'm able to access the web -page from internal systems as well as from the firewall it self through elinks but not able to access the web-page from Internet ( means firewall system is not forwarding the packets to the web server ) I've also tried following rule in firewall for SNAT iptables -t nat -A POSTROUTING -s 192.168.131.131 -j SNAT --to-source xx.xx.xx.xx but it fails what do I need to check further what other configuration do I need ?? Thnx -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tue, 2011-01-25 at 17:47 +0530, Jatin K wrote: I'got your point replaced NAT with nat ... saved iptables wiht service iptable save but server is not forwarding the packets to the web server if i try http://xx.xx.xx.xx ( live ip ) .. .. no page is displayed what it could be ??? To test the NAT rule, you'd have to make an incoming connection through that network. You could use an outside proxy. Or, you could go to one of the HTML validator sites, and ask it to validate your homepage. That's a simple check, without having to set up anything special. e.g. Visit http://validator.w3.org/ and give it the address to your website (your IP address that you've not being telling us). -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tuesday 25 January 2011 07:08 PM, Tim wrote: On Tue, 2011-01-25 at 17:47 +0530, Jatin K wrote: I'got your point replaced NAT with nat ... saved iptables wiht service iptable save but server is not forwarding the packets to the web server if i try http://xx.xx.xx.xx ( live ip ) .. .. no page is displayed what it could be ??? To test the NAT rule, you'd have to make an incoming connection through that network. You could use an outside proxy. Or, you could go to one of the HTML validator sites, and ask it to validate your homepage. That's a simple check, without having to set up anything special. e.g. Visit http://validator.w3.org/ and give it the address to your website (your IP address that you've not being telling us). I've tested this function through other ISP ( from my other branch ) and also checked it from my phone on 3G network -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tue, 2011-01-25 at 19:33 +0530, Jatin K wrote: I've tested this function through other ISP ( from my other branch ) and also checked it from my phone on 3G network Then, you've got several things to think about: Firewall. Is it getting in the way, before or after the NAT rule? Is there something before your computer (e.g. a modem/router)? Does it need configuring to let it through. Is your webserver listening for connections on all interfaces? Once you get it going, I'd go back and refine your NAT rule. Do you want all ports to be NATed through, or just port 80? By way of example, I've just copied (below) a few rules that I have on an old Fedora box, back from when I was using dial-up. Those narrowed down connections to only TCP, particular TCP port numbers, particular interfaces, and/or particular source addresses. iptables --table nat --append PREROUTING --protocol tcp --destination-port 80 --jump DNAT --to-destination 192.168.1.1:80 iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --source 2.3.4.5 --destination-port 80 --jump DNAT --to-destination 192.168.1.1:80 iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --source 0.0.0.0/0 --destination-port 443 --jump DNAT --to-destination 192.168.1.6:443 -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [389-users] Sync AD with 389-DS Unable to parse response
On 01/25/2011 01:29 AM, remy d1 wrote: Hi Rich, I tried to raise the log level, but when I did it, I was not able to stop/restart my dirsrv service. What log level did you use? What error messages did you see when you attempted to stop/restart the service? Anything in the errors log? To stop it, I must kill the process and remove the pid file. Then I could start it. In my error logs, there is a lot of informations : [root@KingKong ~]# tail /var/log/dirsrv/slapd-KingKong/errors [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: could not get DB object for replica [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: no DB object found for database /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b2887.db4 [24/Jan/2011:16:18:30 +0100] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: could not get DB object for replica [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: no DB object found for database /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b2887.db4 [24/Jan/2011:16:18:40 +0100] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: could not get DB object for replica [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: no DB object found for database /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b2887.db4 [24/Jan/2011:16:18:41 +0100] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: could not get DB object for replica [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - changelog program - _cl5GetDBFile: no DB object found for database /var/lib/dirsrv/slapd-KingKong/changelogdb/1d934402-27b111e0-b651ef2e-02b602d3_4d0b2887.db4 [24/Jan/2011:16:18:42 +0100] NSMMReplicationPlugin - changelog program - cl5GetOperationCount: could not get DB object for replica [24/Jan/2011:16:24:18 +0100] NSMMReplicationPlugin - changelog program - cl5ExportLDIF: failed to locate changelog file for replica at (dc=mydomain,dc=com) This problem is very similar to this post : http://www.redhat.com/archives/fedora-directory-commits/2009-March/msg5.html Although I have the last version of 389-DS. Are you sure this is the correct post you wanted to refer to? Because this is a patch commit for a fix when moving the changelog directory - did you move the changelog directory? Because you did not mention it in your earlier post. I think I have also some troubleshooting with my hostname because bind is not configured. However, I have choosen to put it my /etc/hosts file [root@KingKong ~]# nl /etc/host.conf 1multi on 2order hosts,bind hostname command reply the full fqdn if I choose the option --all-fqdn, contrary to the option --fqdn. The reply is just my hostname without the domain. By the way, if I say #hostname KingKong.mydomain.com http://KingKong.mydomain.com Eveything is now good for my hostname but I can not launch my 389-console. I think the adress to connect is not ok... I do not know if this problem is linked to the previous problems... So, I do #hostname KingKong Then, I launch the console again. Now, if I try to initiate a full synchronization, I can see (and I am still stuck on it) the window please wait while data is being synchronized..., but nothing else... Data are not synchronized and I do not see anything in my Windows event viewer while replica agreement seems to be ok and PassSync service is installed... It is very difficult to change your hostname after you have configured the admin server and console. I suggest starting over from scratch, and first make sure your hostname is correct. I also suggest using http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#Windows_Sync to configure Windows Sync. Thanks for help, -Regards 2011/1/21 Rich Megginson rmegg...@redhat.com mailto:rmegg...@redhat.com Date: Fri, 21 Jan 2011 10:25:56 +0100 To: General discussion list for the 389 Directory server project. 389-us...@lists.fedoraproject.org mailto:389-us...@lists.fedoraproject.org Hi Rich, Thanks for this usefull link. I have successfully initiate replica between Windows AD and my server 389-DS. Ldapsearch is working. But even if everything seems to be ok, the update does not work and I do not see any error in the log files... So, my AD server stay empty, the accounts are not migrate... Here you have my access log file which is more verbose... (mydomain.com http://mydomain.com for the example) : snip Obviously I am connecting to the server 389-DS itself whereas it can resolve the DNS name of my Windows server... There is no error in the AD event viewer while I
Re: Desktop effects disable problem
On Mon, 2011-01-24 at 22:06 -0600, Daniel J. Celta wrote: Guys I need help By mistake I activate the desktop effects and now all I can see is a blank screen and the mouse, I reboot and nothing I get back to the blank screen. What desktopp ewffects do you activate? In f14 there at least 2 choices: standard and compiz. I am running FC10 on a X86_64 AMD machine. Can someone please help??? I know this is an older system but my machine would not accept any upgrades to any of the available releases. Also I have read some threads where they recommend renaming the .kde directory but no luck, the problem still remains. Any help would be greatly appreciated -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com -- === Use the Force, Luke. === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: newbie wireless question
On Tue, 2011-01-25 at 13:01 +0100, Adel ESSAFI wrote: Hi users, I connect to wireless with network manager called HOME with wep key through NetworkManager. I don t find how to connect to the same network through CL with iwconfig and ifconfig. Could you help me please. Regards -- PhD candidate in Computer Science Address 3 avenue lamine, cité ezzahra, Sousse 4000 Tunisia tel: +216 97 246 706 (+33640302046 jusqu'au 15/6) fax: +216 71 391 166 Have you tried: system-config-network -- === Q: How much does it cost to ride the Unibus? A: 2 bits. === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: [Fedora] Re: native texlive and yum
On Tue, 25 Jan 2011, François Patte wrote: Get the rpm package of a2ps and install it with rpm -ivh a2ps.xxx.rpm --nodeps And see if a2ps works. uhm, this is a solution but I don't like it for 2 reasons: - in this way I lose the automatic update that yum grants me - a2ps is just one of the packages affected by this problem to cite a few: R-core, html2ps, texinfo-tex, pidgin-latex ... So I'd prefer to find a way to fool yum instead BTW why do you want a2ps it is quite obsolete now for it is unable to handle utf-8 encodage. I'm a long time user of a2ps and I've several scripts that uses it and it is too much work to port them towards a new tool (which one?) especially considering that they was still working with texlive non native installed. Walter -- Walter Cazzola, PhD - Associate Professor, DICo, University of Milano E-mail: cazz...@dico.unimi.it Ph.: +39 02 503 16300 Fax: +39 02 503 16253 · · · · · · · · · ... recursive: adjective, see recursive ... · · · · · · · · ·-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tuesday, January 25, 2011 09:12:07 am Ian Pilcher wrote: What is the default gateway on the web server? It's possible that packets are getting through the gateway server just fine, but getting lost on the way back. Can the OP run wireshark and look for the packets? Also, if one does iptables -L -v -t nat -and- iptables -L -v before and after trying to send a packet from the Internet to his server, do the byte and packet counts for the nat iptables entries and the other iptables entries (for forwarding the packet) get incremented as expected? signature.asc Description: This is a digitally signed message part. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Desktop effects disable problem
Aaron thanks for the reply. On Mon, 2011-01-24 at 22:06 -0600, Daniel J. Celta wrote: Guys I need help By mistake I activate the desktop effects and now all I can see is a blank screen and the mouse, I reboot and nothing I get back to the blank screen. What desktopp ewffects do you activate? In f14 there at least 2 choices: standard and compiz. I am running FC10 on a X86_64 AMD machine. Can someone please help??? I know this is an older system but my machine would not accept any upgrades to any of the available releases. Also I have read some threads where they recommend renaming the .kde directory but no luck, the problem still remains. Any help would be greatly appreciated -- Daniel J Celta Main: 713 487 9307 email: dcelta at gmail.com -- === Use the Force, Luke. === Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam at sbcglobal.net To your question. I am not really sure, I activated it through the system pull down menu System Preferences Look and Feel Desktop Effects I was able to login as a different user, after creating a second user account, but I cannot login to the system under that user name without everything going blank... Any ideas -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
Guys I need help By mistake I activate the desktop effects and now all I can see is a blank screen and the mouse, I reboot and nothing I get back to the blank screen. If you are talking about compiz, try rebooting, and at the login prompt hit Ctrl+F2 to bring up a text login. Login as root, and do: yum remove compiz-gnome or yum remove compiz-kde as appropriate. Then logout as root, and hit Ctrl+F1 (or is it Ctrl+F7?) to return to the graphical login, and login as your normal user. I've had to do this on occasion (with compiz-gnome). - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
On Tue, 2011-01-25 at 11:53 -0500, Dr. Michael J. Chudobiak wrote: If you are talking about compiz, try rebooting, and at the login prompt hit Ctrl+F2 to bring up a text login. Login as root, and A reboot shouldn't be necessary, just CTRL+F2, now, to get to a console. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tuesday 25 January 2011 08:13 PM, Tim wrote: On Tue, 2011-01-25 at 19:33 +0530, Jatin K wrote: I've tested this function through other ISP ( from my other branch ) and also checked it from my phone on 3G network Then, you've got several things to think about: Firewall. Is it getting in the way, before or after the NAT rule? Is there something before your computer (e.g. a modem/router)? Does it need configuring to let it through. yes there is ADSL router . which forwards port 80 from wan to lan 80 ( means to port 80 on firewall ) setup is likeADSL NIC 1 of firewall NIC 2 connects to the webserver if any request arrives to live ip on ADSL Router it sends it to the firewall ( I've tested it by running httpd on firewall and it works fine ) Is your webserver listening for connections on all interfaces? yes Once you get it going, I'd go back and refine your NAT rule. Do you want all ports to be NATed through, or just port 80? I just want only port 80 to be NATed ( if request arrives on port 80 on my live ip it should be nated to the entire webserver through firewall ) By way of example, I've just copied (below) a few rules that I have on an old Fedora box, back from when I was using dial-up. Those narrowed down connections to only TCP, particular TCP port numbers, particular interfaces, and/or particular source addresses. iptables --table nat --append PREROUTING --protocol tcp --destination-port 80 --jump DNAT --to-destination 192.168.1.1:80 I've done the same thing like you said iptables -t nat -A PREROUTING -d xx.xx.xx.xx -t tpc --dport 80 -j DNAT --to-destination 192.168.131.131 iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --source 2.3.4.5 --destination-port 80 --jump DNAT --to-destination 192.168.1.1:80 iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --source 0.0.0.0/0 --destination-port 443 --jump DNAT --to-destination 192.168.1.6:443 -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Wed, 2011-01-26 at 01:13 +1030, Tim wrote: Then, you've got several things to think about: Another one: Does your ISP block remote access to port 80. I forgot about that, lots of ISPs do that. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: newbie wireless question
NO, However, I want to learn how to configure it with CL. Any input will help. Regards Adel 2011/1/25 Aaron Konstam akons...@sbcglobal.net On Tue, 2011-01-25 at 13:01 +0100, Adel ESSAFI wrote: Hi users, I connect to wireless with network manager called HOME with wep key through NetworkManager. I don t find how to connect to the same network through CL with iwconfig and ifconfig. Could you help me please. Regards -- PhD candidate in Computer Science Address 3 avenue lamine, cité ezzahra, Sousse 4000 Tunisia tel: +216 97 246 706 (+33640302046 jusqu'au 15/6) fax: +216 71 391 166 Have you tried: system-config-network -- === Q: How much does it cost to ride the Unibus? A: 2 bits. === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- PhD candidate in Computer Science Address 3 avenue lamine, cité ezzahra, Sousse 4000 Tunisia tel: +216 97 246 706 (+33640302046 jusqu'au 15/6) fax: +216 71 391 166 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
Mike, How would I know if I am talking about compiz or not??? Thanks On Tue, Jan 25, 2011 at 10:53, Dr. Michael J. Chudobiak m...@avtechpulse.com wrote: Guys I need help By mistake I activate the desktop effects and now all I can see is a blank screen and the mouse, I reboot and nothing I get back to the blank screen. If you are talking about compiz, try rebooting, and at the login prompt hit Ctrl+F2 to bring up a text login. Login as root, and do: yum remove compiz-gnome or yum remove compiz-kde as appropriate. Then logout as root, and hit Ctrl+F1 (or is it Ctrl+F7?) to return to the graphical login, and login as your normal user. I've had to do this on occasion (with compiz-gnome). - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- Daniel J Celta -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[389-users] Announcing 389 Directory Server 1.2.8 Alpha 1 for testing
The 389 team is pleased to announce the availability for testing of Alpha 1 of version 1.2.8. This release contains many bug fixes. On those platforms which have OpenLDAP built with Mozilla NSS crypto support (Fedora 14 and later), the packages are built with OpenLDAP instead of the Mozilla LDAP C SDK. WARNING: If you are upgrading from a previous 1.2.6 release candidate, you will need to run fixfiles to fix some SELinux AVCs, or directory server will not start. See bug https://bugzilla.redhat.com/show_bug.cgi?id=622882 To fix, run this: fixfiles -R 389-ds-base restore If you are upgrading from 1.2.5 or earlier, or a stable 1.2.6 or 1.2.7, there is no problem. WARNING: If you are upgrading from a 1.2.6 alpha or release candidate, you will need to manually fix your entryrdn index files. See http://port389.org/wiki/Subtree_Rename#warning:_upgrade_from_389_v1.2.6_.28a.3F.2C_rc1_.7E_rc6.29_to_v1.2.6_rc6_or_newer for more information. If you are upgrading from 1.2.5 or earlier, or a 1.2.6 or 1.2.7 stable release, there is no problem. The new packages and versions are: * 389-ds-base 1.2.8.a1 ***We need your help! Please help us test this software.*** It is an Alpha release, so it may have a few glitches, but it has been tested for regressions and for new feature bugs. The Fedora system requires that packages go into Testing until verified and pushed to Stable. The more testing we get, the faster we can release these packages to Stable. See the Release Notes for information about how to provide testing feedback (or just send an email to 389-us...@lists.fedoraproject.org). === Installation === yum install --enablerepo=[updates-testing|epel-testing] 389-ds setup-ds-admin.pl === Upgrade === yum upgrade --enablerepo=[updates-testing|epel-testing] 389-ds-base setup-ds-admin.pl -u === Bugs Fixed === This release contains many bug fixes. The complete list of bugs fixed is found at the link below. Note that bugs marked as MODIFIED have been fixed but are still in testing. * Bug List for 389 1.2.8 https://bugzilla.redhat.com/showdependencytree.cgi?id=656390hide_resolved=0 * Release Notes - http://port389.org/wiki/Release_Notes * Install_Guide - http://port389.org/wiki/Install_Guide * Download - http://port389.org/wiki/Download -- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: Desktop effects disable problem
On 01/25/2011 12:19 PM, Daniel J. Celta wrote: Mike, How would I know if I am talking about compiz or not??? I don't know. If it is compiz, then removing compiz-gnome and/or compiz-kde should force the desktop back to the standard mode. If it is not compiz that is being used, then it doesn't matter if you delete those rpms - so there's no harm in trying. - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tuesday 25 January 2011 10:44 PM, Tim wrote: On Wed, 2011-01-26 at 01:13 +1030, Tim wrote: Then, you've got several things to think about: Another one: Does your ISP block remote access to port 80. no they do not I'm very sure about that I forgot about that, lots of ISPs do that. -- °v° /(_)\ ^ ^ Jatin Khatri Registerd Linux user No #501175 www.counter.li.org No M$ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
Michael, Thank you very much Running the yum remove compiz-gnome did the trick.. :) Now, is this a permanent solution??? Also, I lost some of the settings, is this expected behavior??? Thanks On Tue, Jan 25, 2011 at 10:53, Dr. Michael J. Chudobiak m...@avtechpulse.com wrote: Guys I need help By mistake I activate the desktop effects and now all I can see is a blank screen and the mouse, I reboot and nothing I get back to the blank screen. If you are talking about compiz, try rebooting, and at the login prompt hit Ctrl+F2 to bring up a text login. Login as root, and do: yum remove compiz-gnome or yum remove compiz-kde as appropriate. Then logout as root, and hit Ctrl+F1 (or is it Ctrl+F7?) to return to the graphical login, and login as your normal user. I've had to do this on occasion (with compiz-gnome). - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- Daniel J Celta -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: newbie wireless question
NO, However, I want to learn how to configure it with CL. Any input will help. Regards Adel 2011/1/25 Aaron Konstam akons...@sbcglobal.net On Tue, 2011-01-25 at 13:01 +0100, Adel ESSAFI wrote: Hi users, I connect to wireless with network manager called HOME with wep key through NetworkManager. I don t find how to connect to the same network through CL with iwconfig and ifconfig. Could you help me please. Regards -- PhD candidate in Computer Science Address 3 avenue lamine, cité ezzahra, Sousse 4000 Tunisia tel: +216 97 246 706 (+33640302046 jusqu'au 15/6) fax: +216 71 391 166 Have you tried: system-config-network -- === Q: How much does it cost to ride the Unibus? A: 2 bits. === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- PhD candidate in Computer Science Address 3 avenue lamine, cité ezzahra, Sousse 4000 Tunisia tel: +216 97 246 706 (+33640302046 jusqu'au 15/6) fax: +216 71 391 166 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
On 01/25/2011 12:44 PM, Daniel J. Celta wrote: Running the yum remove compiz-gnome did the trick.. :) Now, is this a permanent solution??? I think that you've proven that compiz doesn't work on your system, so just leave it removed and you'll be fine. You can re-install it later if you feel like experimenting. But F15 is going to be totally different anyway (with gnome-shell providing a radical new default desktop), so I wouldn't worry about it. Also, I lost some of the settings, is this expected behavior??? Need more clues... Naturally, after removing compiz-gnome, compiz will no longer be shown as a choice in the desktop-effects dialog. Is that what you mean? - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
No, I lost the ability to display and switch between workspaces. ? If I reinstall the compiz-gnome the problem comes back.. On Tue, Jan 25, 2011 at 11:51, Dr. Michael J. Chudobiak m...@avtechpulse.com wrote: On 01/25/2011 12:44 PM, Daniel J. Celta wrote: Running the yum remove compiz-gnome did the trick.. :) Now, is this a permanent solution??? I think that you've proven that compiz doesn't work on your system, so just leave it removed and you'll be fine. You can re-install it later if you feel like experimenting. But F15 is going to be totally different anyway (with gnome-shell providing a radical new default desktop), so I wouldn't worry about it. Also, I lost some of the settings, is this expected behavior??? Need more clues... Naturally, after removing compiz-gnome, compiz will no longer be shown as a choice in the desktop-effects dialog. Is that what you mean? - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
On 01/25/2011 12:56 PM, Daniel J. Celta wrote: No, I lost the ability to display and switch between workspaces. ? Just right-click on the panel, select Add to panel..., and choose the workspace switcher applet. The panels sometimes get messed up when you play with the desktop effects settings. I don't know why. - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
systemd in f14 possible?
Hello, from this page http://fedoraproject.org/wiki/Features/systemd it seems systemd could be almost finished and usable for F14 too... Is this true? Any faq/drawback/limitations? Thanks, Gianluca -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
Now after removing compiz-gnome, now the windows manager is not working properly. All the windows get anchored to the upper left corner of the screen When I reinstall compiz-gnome, the windows are released from being anchored to that corner and I can see the windows properly. But If I reboot the computer reverts back to a blank screen.. Is there a way to revert back, and/or removing the setting desktop-effects, back to the default. On Tue, Jan 25, 2011 at 12:02, Dr. Michael J. Chudobiak m...@avtechpulse.com wrote: On 01/25/2011 12:56 PM, Daniel J. Celta wrote: No, I lost the ability to display and switch between workspaces. ? Just right-click on the panel, select Add to panel..., and choose the workspace switcher applet. The panels sometimes get messed up when you play with the desktop effects settings. I don't know why. - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
Daniel J. Celta wrote: Now after removing compiz-gnome, now the windows manager is not working properly. All the windows get anchored to the upper left corner of the screen Try: metacity --replace - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
Wait a minute. What did that command do??? On Tue, Jan 25, 2011 at 12:29, Dr. Michael J. Chudobiak m...@avtechpulse.com wrote: Daniel J. Celta wrote: Now after removing compiz-gnome, now the windows manager is not working properly. All the windows get anchored to the upper left corner of the screen Try: metacity --replace - Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: systemd in f14 possible?
On 01/25/2011 11:51 PM, Gianluca Cecchi wrote: Hello, from this page http://fedoraproject.org/wiki/Features/systemd it seems systemd could be almost finished and usable for F14 too... Is this true? Any faq/drawback/limitations? It is in the repo for Fedora 14 # yum install systemd Boot with init=/bin/systemd Caveat is that it is a older version of systemd and may not work as well as the one in Rawhide. Rahul -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tuesday, January 25, 2011 02:26:02 pm Tim did opine: On Wed, 2011-01-26 at 01:13 +1030, Tim wrote: Then, you've got several things to think about: Another one: Does your ISP block remote access to port 80. I forgot about that, lots of ISPs do that. Which is why I have a :85 in my web pages address. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Bore, n.: A guy who wraps up a two-minute idea in a two-hour vocabulary. -- Walter Winchell -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: newbie wireless question
On Tuesday, January 25, 2011 @17:14 zulu, Adel ESSAFI scribed: Any input will help. Any input? OK! 1) In GMail, after clicking Reply, please click the 'Plain Text' link above the text entry area. 2) please don't top post in replies. Both topics are covered in http://fedoraproject.org/wiki/Mailing_list_guidelines which you're asked to read before posting to the lists. 3) Instead of suggesting you peruse previous threads with a link like http://lmgtfy.com/?q=configure+wireless+site%3Alists.fedoraproject.org try http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch13_:_Linux_Wireless_Networking I'm partial to 'wl-assistant' (that's # yum install wl-assistant from the CL) to configure wireless connections, for what it's worth. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Finding programs (was: SELinux)
It's not hard to find PDF readers. All you have to do is a yum search using pdf as the keyword, either a command line or GUI yum tool, and it lists things related to PDF files. I'm not sure how new users are supposed to find evince. Yum isn't a command that newbies are likely to be familiar with. Old-timers from the BSD world might try man -k pdf but that doesn't find evnice either. Even on fedora-14 I can't seem to find it on the pull-down menus. Looking at the likely bin directories for things with pdf in their name isn't going to be fruitful in evince's case. The way I found it back when I started using a linux distribution (back in fc4 days) was to let firefox open up a pdf file, spawn the reader and then I opened a shell window and did a PS to see what the viewer was called. I recall having to do that a number of times because the name evince, just doesn't remind me of PDF. I can't expect a newbie to do that either. The unhelpful program names combined with 3 or more non-overlapping documentation systems (man, info, help), don't make things any easier. -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ (IPv6-only) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: FC14 Installation Hangs
On 1/25/2011 5:41 AM, JB wrote: Check the board's BIOS date. In Bugzilla 665109 they claim that this board can have old or incomplete BIOS. Does it seem to be outdated ? Is there any update on manufacturer's or reseller's web site ? I would look at the BIOS settings too (sometimes their automatic settings work better than our manual ones). JB Well, that was a major pain in the you-know-what. Sheesh. Intel only provides floppy BIOS updates for this board (considering how old it is, I don't blame them.) So I had to find a a floppy drive, find a floppy, and do all the run around with that just to update the BIOS from 1.7 to 1.13 ... Changes? Not on the surface, but about to go try and boot FC13 now. Stay tuned ... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
On Tue, 2011-01-25 at 10:27 -0600, Daniel J. Celta wrote: Aaron thanks for the reply. On Mon, 2011-01-24 at 22:06 -0600, Daniel J. Celta wrote: Guys I need help By mistake I activate the desktop effects and now all I can see is a blank screen and the mouse, I reboot and nothing I get back to the blank screen. What desktopp ewffects do you activate? In f14 there at least 2 choices: standard and compiz. I am running FC10 on a X86_64 AMD machine. Can someone please help??? I know this is an older system but my machine would not accept any upgrades to any of the available releases. Also I have read some threads where they recommend renaming the .kde directory but no luck, the problem still remains. Any help would be greatly appreciated -- Daniel J Celta Main: 713 487 9307 email: dcelta at gmail.com -- === Use the Force, Luke. === Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam at sbcglobal.net To your question. I am not really sure, I activated it through the system pull down menu System Preferences Look and Feel Desktop Effects I was able to login as a different user, after creating a second user account, but I cannot login to the system under that user name without everything going blank... Any ideas -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com Well it is a long time since I looked at FC 10 but in FC 14 you go to System-Preferences-Desktop Effects. Are you saying that on your machine Desktop effects is a atomic choice (i.e, clicking on it does not bring up another menu allowing you to choose between different Desktop Effects)? -- === Blutarsky's Axiom: Nothing is impossible for the man who will not listen to reason. === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
On Tue, 2011-01-25 at 12:22 -0600, Daniel J. Celta wrote: Now after removing compiz-gnome, now the windows manager is not working properly. All the windows get anchored to the upper left corner of the screen When I reinstall compiz-gnome, the windows are released from being anchored to that corner and I can see the windows properly. But If I reboot the computer reverts back to a blank screen.. Is there a way to revert back, and/or removing the setting desktop-effects, back to the default. On Tue, Jan 25, 2011 at 12:02, Dr. Michael J. Chudobiak m...@avtechpulse.com wrote: On 01/25/2011 12:56 PM, Daniel J. Celta wrote: No, I lost the ability to display and switch between workspaces. ? Just right-click on the panel, select Add to panel..., and choose the workspace switcher applet. The panels sometimes get messed up when you play with the desktop effects settings. I don't know why. - Mike Install thew rpm: ccsm Then run ccsm to configure compiz. -- === Fatal Error: Found [MS-Windows] System - Repartitioning Disk for Linux... (By cbbr...@io.org, Christopher Browne) === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
frequent X crashes, abrt?
Hello, my system crashes from time to time, now I am trying to find out the source of the problem looking over the logs I know of (xsession, Xorg, messages) but with no luck. Is there a way to use abrt to do its magic after X crash? Thanks in advance, YB. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
It brings up a window with a Enable Desktop Effects button and two check boxes below that If I remove yum remove compiz-gnome the problem goes away. But If I reinstall and bring up that same menu It does not allow me to disable it. If I reboot after reinstalling yum install compiz-gnome the blank screen comes back... Is there a way to revert this desktop effects setting On Tue, Jan 25, 2011 at 15:35, Aaron Konstam akons...@sbcglobal.net wrote: On Tue, 2011-01-25 at 10:27 -0600, Daniel J. Celta wrote: Aaron thanks for the reply. On Mon, 2011-01-24 at 22:06 -0600, Daniel J. Celta wrote: Guys I need help By mistake I activate the desktop effects and now all I can see is a blank screen and the mouse, I reboot and nothing I get back to the blank screen. What desktopp ewffects do you activate? In f14 there at least 2 choices: standard and compiz. I am running FC10 on a X86_64 AMD machine. Can someone please help??? I know this is an older system but my machine would not accept any upgrades to any of the available releases. Also I have read some threads where they recommend renaming the .kde directory but no luck, the problem still remains. Any help would be greatly appreciated -- Daniel J Celta Main: 713 487 9307 email: dcelta at gmail.com -- === Use the Force, Luke. === Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam at sbcglobal.net To your question. I am not really sure, I activated it through the system pull down menu System Preferences Look and Feel Desktop Effects I was able to login as a different user, after creating a second user account, but I cannot login to the system under that user name without everything going blank... Any ideas -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com Well it is a long time since I looked at FC 10 but in FC 14 you go to System-Preferences-Desktop Effects. Are you saying that on your machine Desktop effects is a atomic choice (i.e, clicking on it does not bring up another menu allowing you to choose between different Desktop Effects)? -- === Blutarsky's Axiom: Nothing is impossible for the man who will not listen to reason. === Aaron Konstam telephone: (210) 656-0355 e-mail: akons...@sbcglobal.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines -- Daniel J Celta Main: 713 487 9307 email: dce...@gmail.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
intrusion tracking
Once again I find myself trying to help someone piece together how an intruder managed to get into their system. The system was way out of date (FC6) so it is no surprise that they got compromised. What I can tell, the intruder managed to get root which allowed them to remove the iptables file and lower the protection on ssh to allow unix passwords. The attacker then installed an ssh-probing client that was installed in /root. That lowered ssh security allowed a second intrusion at user level (probably by password guessing) where an IRC bot was installed and run from cron with normal user permissions. I would have been nice to know when and how they initially got in. The site runs a handful of daemons (postix, named, ntp, apache, dovecot), so any of them could have allowed the initial intrution. They didn't have selinux enabled, so that compounded problems. Clearly the top level answer is to just impress upon them the fact that they need to stay current and keep selinux enabled. It still would be nice to know how the attackers got in though. The real issue is that there isn't a good activity log. While I can install tripwire to watch for changed files, it probably won't tell me how they got in. Is there something that addresses that problem? Some poor sucker always has to be the first victim of a new attack. It would be nice to know which service to disable or reconfigure until a fix is distributed. Is there some way to track intruders that I'm missing? -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ (IPv6-only) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Keyboard on some characters will not work on Sony Vaio
Fedora 14/KDE Live CD Some of the keys won't work on Sony Vaio PCG-7142L, like the L key and others if you try to type. I tried to type in lspci , and the l won't show but the s would. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
virsh and networking questions
Hi, I have an fc14 server with two interfaces -- one public, and one private. I've set it up without bridging, but now that I've created a virtual host using virt-manager, I think I should have created a bridge first. Currently, I have eth0 as the external interface, with eth1 configured as 192.168.1.10 and eth1:0 configured as 192.168.1.2. There is a default route to the gateway on eth0 (the public interface). virt-manager has configured networking for the virtual host to be 192.168.122.185 using nat to eth1, yet I can't route packets outside of the virtual host. If I were to restart the whole networking setup, what would be the best way to do this? Since there are two interfaces, I'm not sure which devices to make into a bridge. I've also seen references to bridges (ifcfg-br0) that contain the IP and network info, while other examples have the IP and network info in the ifcfg-ethN file. Which is correct? When a virtual host is using nat, it effectively acts like the IP specified for the translation, including the routing table, etc, correct? I'd eventually like to allow access to port 80 on the virtual host from the outside using port forwarding. An idea of the general approach I should use to design this network would be greatly appreciated. Thanks, Alex -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: FC14 Installation Hangs
Well, with the confetti guns at the ready, I tried FC13, no dice. Boot options were: ide=nodma noapic acpi=off ignore_loglevel initcall_debug It quit at the same point it has been lately, which is giving me garbage on screen like my image posted yesterday, and ata3 times out, same error as yesterday. By now I have tried: FC14 FC13 First CD install FC13 First CD install FC14 CD netinst FC14 FC13 DVD install FC14 FC13 DVD Live CD-Drive (at least 3 different ones) DVD-Drive (two different ones) Different IDE cables Nothing, it seems stuck at either 'waiting for the cows to come home' or it goes past it but then fails with ata3 timeouts which eventually bombs. I'm not willing to continue trying older versions. So, I'm giving up. CentOS boot disk worked, install worked, the system is up and running and stable, so far. It will remain like that till the day the hardware fails completely and I push the thing off of the back dock. Thank you everyone who tried helping. While there's been no solution to the problem, I'm glad for the help and learned that things don't always work. And when they don't, move on to something that will. In this case, CentOS won the battle. Oh, and that sharp piece of metal that left a nice gash in the palm of my hand while swapping drives for the umpteen times. The machine can now claim to have my DNA on it. Tomorrow is another day, and possibly another battle. Hopefully one with a much better outcome. Ashley -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On 01/25/2011 01:13 PM, Jatin K wrote: iptables -t nat -A PREROUTING -d xx.xx.xx.xx -t tpc --dport 80 -j DNAT --to-destination 192.168.131.131 Ok, assuming your default policy is to drop, I think you'll need this rule: iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT I'm assuming eth1 is your internal interface (and eth0 your external WAN iface). This rule will allow the responses from your web-server to pass-thru your firewal... Also, if you leave all like this it won't work as you need to perform Source NAT or Masquerade for your 192.168.131.131 ip (if you don't...then it will leave your external interface as coming from 192.168.131.131 which of course is not valid ip for the internet). In order for your webserver send responses to a machine on the internet you need to masquerade its ip. You can do this with this: iptables -A POSTROUTING -o eth0 -s 192.168.131.0/24 -j MASQUERADE That is, all traffic that will go out thru eth0, if the source network is 192.168.131.0/24, then change the source ip to that of your eth0 (your WAN ip). Try that and see if works. HTH, Jorge -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: FC14 Installation Hangs
Ashley M. Kirchner ashley at pcraft.com writes: Well, with the confetti guns at the ready, I tried FC13, no dice. Boot options were: ide=nodma noapic acpi=off ignore_loglevel initcall_debug ... Do not worry, be happy. You are a brave girl - the way you read all that extended output proves that your are a pro :-) I am afraid you have to give it a shot or two more. Firstly, the reason you updated BIOS was to potentially fix ACPI as well. But you tried F13 with acpi=off kernel parameter ... So, back to a drawing board :-) Once again, remove all parameters, except debugging-output: ignore_loglevel initcall_debug Run it. Secondly, as I asked you before, take a look at BIOS. Just for a kick, every menu (there may be some new stuff as well due to update), do not try to change anything, just get a sense of it all. Then consider if restoring all defaults would be an option, or selecting automatic (where available), or giving up any unnecessary/fancy manual option. Run it. As above. Thirdly, stick around the thread for many days (even weeks) - there is a good chance somebody will have time (like Lamar next week) and come up with a good idea. Or F15 devs will deliver new code that will fix these things in a few months. Do not expect wonders - yes, some of these guys are true pusycats, but these devs are heroes as well - they do not have access to specs, have to deal with proprietary code (like in your case) - but look Ma, they come up with a working software, again and again. JB -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Finding programs
On 01/26/2011 05:23 AM, Wolfgang S. Rupprecht wrote: I'm not sure how new users are supposed to find evince. Maybe it is the same method that many folks should use to find things. http://tinyurl.com/6ce2nvo :-) :-) -- Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats. -- Howard Aiken 葛 斯克 愛德華 / 台北市八德路四段 signature.asc Description: OpenPGP digital signature -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: intrusion tracking
On 01/25/2011 04:34 PM, Wolfgang S. Rupprecht wrote: Once again I find myself trying to help someone piece together how an intruder managed to get into their system. The system was way out of date (FC6) so it is no surprise that they got compromised. What I can tell, the intruder managed to get root which allowed them to remove the iptables file and lower the protection on ssh to allow unix passwords. The attacker then installed an ssh-probing client that was installed in /root. That lowered ssh security allowed a second intrusion at user level (probably by password guessing) where an IRC bot was installed and run from cron with normal user permissions. I would have been nice to know when and how they initially got in. The site runs a handful of daemons (postix, named, ntp, apache, dovecot), so any of them could have allowed the initial intrution. They didn't have selinux enabled, so that compounded problems. Clearly the top level answer is to just impress upon them the fact that they need to stay current and keep selinux enabled. It still would be nice to know how the attackers got in though. The real issue is that there isn't a good activity log. While I can install tripwire to watch for changed files, it probably won't tell me how they got in. Is there something that addresses that problem? Some poor sucker always has to be the first victim of a new attack. It would be nice to know which service to disable or reconfigure until a fix is distributed. Is there some way to track intruders that I'm missing? -wolfgang I like OSSEC. It's pretty good at detecting break in attempts and file system changes. At the very least, OSSEC would have said something as the intruder made changes that would disable it. -- -- Steve -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Finding programs
On 26 January 2011 00:07, Ed Greshko ed.gres...@greshko.com wrote: On 01/26/2011 05:23 AM, Wolfgang S. Rupprecht wrote: I'm not sure how new users are supposed to find evince. Maybe it is the same method that many folks should use to find things. http://tinyurl.com/6ce2nvo :-) :-) I appreciate your point, but I feel it only fair and balanced to point out that none of the top three links on that page actually contain any information on Evince and in the 4th page it is buried somewhere about 1/3rd of the way down. Basically, Evince need to do a bit of work on their SEO ;o) -- Sam -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: HELP!!! I Borked Java...
On Fri, 2011-01-14 at 20:29 -0700, Christopher A. Williams wrote: OK - I found a way to get the java plugin working. Instructions at: http://www.mjmwired.net/resources/mjm-fedora-f14.html Provided a workable solution. So for now I have reinstalled Sun Java based on these instructions and it appears to be working. I borked my Java and this was extremely helpful. Thank you. Here is your hero cookie. Enjoy. LG -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Finding programs
On 01/25/2011 07:07 PM, Ed Greshko wrote: On 01/26/2011 05:23 AM, Wolfgang S. Rupprecht wrote: I'm not sure how new users are supposed to find evince. Maybe it is the same method that many folks should use to find things. http://tinyurl.com/6ce2nvo :-) :-) ;-) Now that was Expletive deleted slick! Mark LaPierre -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
RE: [Fedora] Re: FC14 Installation Hangs
-Original Message- From: users-boun...@lists.fedoraproject.org [mailto:users- boun...@lists.fedoraproject.org] On Behalf Of JB Sent: Tuesday, January 25, 2011 4:43 PM To: users@lists.fedoraproject.org Subject: Re: [Fedora] Re: FC14 Installation Hangs Do not worry, be happy. You are a brave girl - the way you read all that extended output proves that your are a pro :-) I am afraid you have to give it a shot or two more. Firstly, the reason you updated BIOS was to potentially fix ACPI as well. But you tried F13 with acpi=off kernel parameter ... So, back to a drawing board :-) Once again, remove all parameters, except debugging-output: ignore_loglevel initcall_debug Run it. Secondly, as I asked you before, take a look at BIOS. Just for a kick, every menu (there may be some new stuff as well due to update), do not try to change anything, just get a sense of it all. Then consider if restoring all defaults would be an option, or selecting automatic (where available), or giving up any unnecessary/fancy manual option. Run it. As above. Thirdly, stick around the thread for many days (even weeks) - there is a good chance somebody will have time (like Lamar next week) and come up with a good idea. Or F15 devs will deliver new code that will fix these things in a few months. Do not expect wonders - yes, some of these guys are true pusycats, but these devs are heroes as well - they do not have access to specs, have to deal with proprietary code (like in your case) - but look Ma, they come up with a working software, again and again. Restoring the BIOS to default settings is something the update does by default. In fact, it completely clears the CMOS, updates the BIOS and upon reboot a message pops up saying the CMOS isn't set and it's reverting to default values. The only thing I changed after that was to set the power failure option to 'power on' when AC is restored. Everything else is at default. That was one of the things I tried early on too, just to make sure it wasn't me that messed something up. And I also did just boot up, with no parameters at all, after the update. Then slowly started adding stuff ... The acpi=off was one of the first parameters I added after the first boot failed. By now I've seen so many different iterations of the lock up, I couldn't tell you where exactly it locked up. There are other hardware quirks that I've discovered throughout all of this. For example, if I were to disable the on-board SCSI bus, it pegs the HDD light to on at all times. No clue why. Leaving the SCSI bus at the default 'enabled' state, the HDD light works as expected. I'd rather disable it since it's not being used at all but if I do that, someone else will inevitably call me at 3 in the morning just to tell me the machine is overloaded because the HDD light is pegged on. Not a phone call I'm willing to take and he or she who called will not want to face me the next morning. Floppy drive? What floppy drive? By default that's turned on in BIOS, as is the bus itself (yes, this board allows you to disable one or both) ... disabling the floppy is a two-step process: disable it on the main screen, exit out of it, go back in just to see it enabled again, select disable again and now it sticks. So you see, I know the motherboard has issues, issues I had hoped would eventually get fixed through BIOS updates. I gave Intel the benefit of the doubt and upgraded from 1.1 to 1.3, then 1.5, then 1.7 when I stopped. And then today to 1.13 ... the quirks are still there (and they know about them too because I have a rather lengthy thread from them about these problems.) With the machine now in full production, and having settled if you will, I'm more inclined to just say 'To hell with it.' And move on. I have other servers to tend to - like a second RH7.3, also from the same era, but completely different hardware. All in all, I have 9 servers that need an upgrade, some more urgent than others. This was the first one, and was supposed to take all of about 4 hours, not 4 days. :) Now as for sticking around, that I will. As you pointed out, there's a possibility that someone else might have a completely different take on the problem and suggest a different approach, like Lamar. Ash -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
On 01/25/2011 08:53 AM, Dr. Michael J. Chudobiak wrote: If you are talking about compiz, try rebooting, and at the login prompt hit Ctrl+F2 to bring up a text login. ITYM Ctrl-Alt-F2 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On 01/25/2011 11:36 AM, Gene Heskett wrote: They block only the incoming port 80's so that if Joe Judy Lunchbucket want a web page, they have to use the ISP's servers, which the ISP then wraps in advertising for additional revenue. Or do what I do: host it at a third-party webhosting service. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: intrusion tracking
On 01/25/2011 02:34 PM, Wolfgang S. Rupprecht wrote: That lowered ssh security allowed a second intrusion at user level (probably by password guessing) No need. Once they had root they could add a user and use that for their user-level work. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: intrusion tracking
On Tuesday 25 January 2011 22:34:16 Wolfgang S. Rupprecht wrote: Once again I find myself trying to help someone piece together how an intruder managed to get into their system. The system was way out of date (FC6) so it is no surprise that they got compromised. What I can tell, the intruder managed to get root which allowed them to remove the iptables file and lower the protection on ssh to allow unix passwords. The attacker then installed an ssh-probing client that was installed in /root. That lowered ssh security allowed a second intrusion at user level (probably by password guessing) where an IRC bot was installed and run from cron with normal user permissions. Shouldn't this be the other way around? I mean, ordinary user gets compromized first, and then root gets compromized later? If the intruder has root access, he has absolutely no need to brute-force the user passwords through ssh. It is enough to change the password interactively or by modifying /etc/shadow. That is, unless the intruder is just plain stupid. ;-) The real issue is that there isn't a good activity log. While I can install tripwire to watch for changed files, it probably won't tell me how they got in. Is there something that addresses that problem? Some poor sucker always has to be the first victim of a new attack. It would be nice to know which service to disable or reconfigure until a fix is distributed. Is there some way to track intruders that I'm missing? The only safe way to track and analyze intrusion details of a live system is to have the machine log all activities to another machine on the net. That way the logs are physically append-only, and even after the intrusion happens, the intruder has no way of deleting the logs and otherwise covering up how the machine got compromized. Other than that, once the intruder becomes root, all bets are off, there is no safe way to know anything about the intrusion and what exactly happened. The only thing you can do is wipe the hard disk and reinstall the system from scratch. Forensic research of a rooted system is (a) very painful and tough job (even for experts) and (b) almost impossible, in most cases. If you are into intrusion detection research, you can set up a honeypot machine, make an exact cloned copy of the hard disk, log all activity to another server, monitor all network traffic with a transparent machine-in-the- middle, and then sit and wait for the machine to get hacked. Then take it off the net, do a diff of the entire hard disk against the initial copy, analyze logs and network traffic, etc. Those are the laboratory conditions in which you can do proper forensics. Other than that, the only thing that can give you a trustworthy clue what happened is the remote log server, if you have one set up. If you don't, well, the only thing you can do is to keep guessing what happened... ;-) HTH, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Can't permanently disable SELinux warning for Wine.
I am running a flight simulator under Wine. Everything works OK, except that SELinux detects a problem when it starts up. == The source process: /usr/bin/wine-preloader Attempted this access: nmap_zero On this memprotect: nothing == OK. I'd like to disable this warning. In the SELinux Alert Browser, it tells me to === You must tell SELinux about this by enabling the wine_mmap_zero_ignore boolean. # setsebool -P wine_mmap_zero_ignore 1 == That is all well and good, but when I issue the command (as root), it hangs. Only Ctrl C will terminate the command. However, if I omit the -P, it works. However, I have to rerun it all the time. Why does the command hang ? Thanks ! -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Finding programs
I'm not sure how new users are supposed to find evince. The command line is my choice as well. I have a tiny shell script that gets run after each update that creates text files of whats installed and available: $ cat upd.sh yum list installed 21yum.installed yum list available 21yum.available then its just a matter of grep some_program_or_other yum.* to check to see what version of something is installed, whether its installed, or if its available via yum Mike -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Can't permanently disable SELinux warning for Wine.
On 01/25/2011 10:03 PM, Linuxguy123 wrote: That is all well and good, but when I issue the command (as root), it hangs. Only Ctrl C will terminate the command. However, if I omit the -P, it works. However, I have to rerun it all the time. It usually takes a couple of seconds. Did you leave it running (with -P) for about 15 seconds? -- Jorge -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Finding programs (was: SELinux)
On Tuesday 25 January 2011 21:23:24 Wolfgang S. Rupprecht wrote: It's not hard to find PDF readers. All you have to do is a yum search using pdf as the keyword, either a command line or GUI yum tool, and it lists things related to PDF files. I'm not sure how new users are supposed to find evince. Yum isn't a command that newbies are likely to be familiar with. Old-timers from the BSD world might try man -k pdf but that doesn't find evnice either. Even on fedora-14 I can't seem to find it on the pull-down menus. Looking at the likely bin directories for things with pdf in their name isn't going to be fruitful in evince's case. The way I found it back when I started using a linux distribution (back in fc4 days) was to let firefox open up a pdf file, spawn the reader and then I opened a shell window and did a PS to see what the viewer was called. I recall having to do that a number of times because the name evince, just doesn't remind me of PDF. I can't expect a newbie to do that either. The typical way a newbie would behave is to open a file manager (I guess nautilus in Gnome, dolphin in KDE), navigate to a pdf file and click on it. If the system is set up by default, in Gnome the file should be associated to (and thus opened by) evince, and in KDE by Okular. AFAIK, that is the default. If the system config was changed from default to something else, then the user who changed it was supposed to be aware what he was doing, and which other app has been configured to take care of the pdf files. In KDE, once you open the pdf file by clicking on it in the file manager, you can look up on the titlebar and see the word Okular, or go to help menu and find the Okular handbook and About Okular menu items. If that still isn't enough of a clue about the app's name, you can click on the About Okular item and read off a whole bunch of information including the name, description, version number, list of authors, licencing info, upstream website address, etc. As for Gnome, I don't use it so I cannot tell exactly, but I guess the equivalent information can be found in an equivalent place. If not, Gnome devs are probably living somewhere in some galaxy far, far away... ;-) HTH, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: [Fedora] Re: FC14 Installation Hangs
On Tue, Jan 25, 2011 at 14:26:00 -0700, Ashley M. Kirchner ash...@pcraft.com wrote: Well, that was a major pain in the you-know-what. Sheesh. Intel only provides floppy BIOS updates for this board (considering how old it is, I don't blame them.) So I had to find a a floppy drive, find a floppy, and do all the run around with that just to update the BIOS from 1.7 to 1.13 ... Changes? Not on the surface, but about to go try and boot FC13 now. Stay tuned ... It's possible to boot floppy images off a disk drive for some of these old boards. biosdisk is one tool to help with this. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Desktop effects disable problem
On this list we do not top-post. On Tue, 2011-01-25 at 12:22 -0600, Daniel J. Celta wrote: When I reinstall compiz-gnome, the windows are released from being anchored to that corner and I can see the windows properly. But If I reboot the computer reverts back to a blank screen.. Is there a way to revert back, and/or removing the setting desktop-effects, back to the default. The obvious approach, to me, considering what you've just described, would have been to configure compiz after you re-installed it, before you reboot again. In your case, I'd be tempted to configure it, then disable it. So it's there, but not in use. Then you can try playing with options. NB: It's rarely ever necessary to reboot on Linux. Usually, it's enough to just log out and back in again, to have personal settings re-read. And, as I outlined above your message. We do not top post on this list (top posting being replying above the quoted prior email). See the guidelines (link below). You'll find it annoys a great number of people, many of whom will simply delete your message, instead of helping you. You do yourself no favours by top posting. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: Finding programs (was: SELinux)
On Tue, 2011-01-25 at 13:23 -0800, Wolfgang S. Rupprecht wrote: I'm not sure how new users are supposed to find evince. Yum isn't a command that newbies are likely to be familiar with. Old-timers from the BSD world might try man -k pdf but that doesn't find evnice either. Various add/remove software helpers allow one to search through them using keywords, with those words being looked for in the package names and descriptions. Granted that Evince isn't a great example, as it just lists itself as a document reader. Instead of being more explicit, and saying that it can read PDFs and PostScript files. I'd call that a serious enough omission to warrant a bugzilla entry, as it stops people finding it when searching for a PDF application. I think such programs should have pdf viewer and pdf reader set as package search keywords. Though, that sort of find me a pdf application search should have returned several alternatives. On Fedora 9, I find at least these: epdfview.i386 : Lightweight PDF document viewer gsview.i386 : PostScript and PDF previewer pdfcube.i386 : PDF presentation viewer with a spinning cube Hmm, pdfcube sound intriguing! Even on fedora-14 I can't seem to find it on the pull-down menus. Yes, that's a bugbear with me, too. It's hidden, for some obscure reason. You have to edit the menus to unhide it. It's not the only useful app that's hidden, either. Then there's applications with weird names. The specs for the files the the menus are made from (.desktop) carry the following information in them: Program name, e.g. Evince. Generic name, e.g. PDF and PS document reader Descriptive comment, e.g. A program to read documents in the PDF and PS formats As far as I'm concerned, the default should be set to suit newcomers, and show both program name and generic name, in the menu, with the description as a hover-over pop-up information window. Particularly when it comes to obtusely named applications (e.g. Evince, Seahorse, Nautilus, Konqueror, k3b, et cetera). For my money, I see worse names in the kde desktop than the Gnome one. Let the more savvy users configure the menus to be shorter. I think that it should, also, be required that they're filled-in properly before the package is accepted into Fedora. I've always managed to find some applications which omit one or more of those attributes from the .desktop files, or the information is under the wrong attribute. There is a specification for how the .desktop files are supposed to be filled in, and they're not adhering to it. The way I found it back when I started using a linux distribution (back in fc4 days) was to let firefox open up a pdf file, spawn the reader and then I opened a shell window and did a PS to see what the viewer was called. I think the way most people open a file, now, is either when they try to open it with their filemanager, or read a file through their web browser. In either case, once the application has loaded up, most give their naming details in the about entry in their help menu. There's no need to grep through ps to find it. You can make a reasonable assumption that a program called Evince is probably going to be started by a binary called evince or Evince, and try the lazy typing all-lower-case first, since that's the long-term habit of Linux. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: iptables and NAT
On Tue, 2011-01-25 at 22:43 +0530, Jatin K wrote: setup is likeADSL NIC 1 of firewall NIC 2 connects to the webserver if any request arrives to live ip on ADSL Router it sends it to the firewall ( I've tested it by running httpd on firewall and it works fine ) Okay, I've done something similar in the past: dial-up modem to gateway box (firewall and NAT), with a webserver on another box further inside the LAN. Looking through my old firewall configuration file, I had, on the firewall: default input rules set to drop default output rules set to allow input accept rule for this traffic temporary input log rule for this traffic (for debugging) input nat table prerouting rule for this traffic input accept state rule for established related temporary input log state rule for established related And, on the internal webserver: default input rules set to drop default output rules set to allow input accept rule for this traffic input accept state rule for established related You can play around with putting log rules ahead of your accept and redirect rules, to see attempts that may or may not get through. And log rules after them, to show what did get through. And, since you're playing with NAT, the end of the firewall rule script would have something like: iptables --table nat --append POSTROUTING --out-interface ppp+ --jump MASQUERADE echo 1 /proc/sys/net/ipv4/ip_forward It's been a hell of a long time since I've had to do this, but I suspect your problem may be to do with firewall rules on the web server box, inside your LAN. External IP addresses disallowed through the LAN interface, perhaps? These days I do it all on the modem/router. Its firewall is up. It only allows through a webserver on occasions I'm temporarily running one (with a forwarding rule on the modem/router). All the client computers run their own firewalls. My public website is hosted externally. Where *they* have to deal with spam, security, uptime. And I don't have to keep a permanent IP, nor permanently running computer. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Re: newbie wireless question
On Tue, 2011-01-25 at 13:01 +0100, Adel ESSAFI wrote: I connect to wireless with network manager called HOME with wep key through NetworkManager. If you're able to use WPA2 instead of WEP, do it. WEP is as secure as a wet paper bag. It can take unskilled script kiddies mere moments to break it. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines