Re: (fedora) Re: sshd on F31 : strange problem with login with keys's

2019-11-26 Thread Jouk Jansen 
Tom Horsley wrote on 26-NOV-2019 19:05:50.24

>Try running the ssh command which is attempting to
>login with the -v -v -v options, then you can see what it

Does not learn me much (I added the log below). They are different from line
99 when a 1 or 0 is returned which enables/disables the key-login apparently.

>is trying and what didn't work.
>If it is an old enough system it may not share any
>ciphers with the new f31 system as they have disabled
>a lot of old ciphers by default.

This would be strange since I put all the needed cyphers in
/etc/ssh/sshd_config. And why would it work for running the command manually
and not for the one started with systemctl?


 Regards
 Jouk
 
 

= log with starting manually (connects OK )


tango-jj) ssh -v -v -v vleegert
debug(27-NOV-2019 08:11:00.58): Ssh2/SSH2.C:1896: CRTL version (SYS$SHARE:DECC$S
HR.EXE ident) is ELF
debug(27-NOV-2019 08:11:00.60): SshAppCommon/SSHAPPCOMMON.C:313: Allocating glob
al SshRegex context.
debug(27-NOV-2019 08:11:00.61): SshConfig/SSHCONFIG.C:3482: Metaconfig parsing s
topped at line 4.
debug(27-NOV-2019 08:11:00.61): SshConfig/SSHCONFIG.C:890: Setting variable 'Ver
boseMode' to 'FALSE'.
debug(27-NOV-2019 08:11:00.61): SshConfig/SSHCONFIG.C:3390: Unable to open ssh2/
ssh2_config
debug(27-NOV-2019 08:11:00.62): Connecting to vleegert, port 22... (SOCKS not us
ed)
debug(27-NOV-2019 08:11:00.62): Ssh2/SSH2.C:2881: Entering event loop.
debug(27-NOV-2019 08:11:00.64): Ssh2Client/SSHCLIENT.C:1655: Creating transport
protocol.
debug(27-NOV-2019 08:11:00.64): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added
"publickey" to usable methods.
debug(27-NOV-2019 08:11:00.64): SshAuthMethodClient/SSHAUTHMETHODC.C:104: Added
"password" to usable methods.
debug(27-NOV-2019 08:11:00.64): Ssh2Client/SSHCLIENT.C:1696: Creating userauth p
rotocol.
debug(27-NOV-2019 08:11:00.64): client supports 2 auth methods: 'publickey,passw
ord'
debug(27-NOV-2019 08:11:00.64): SshUnixTcp/SSHUNIXTCP.C:1758: using local hostna
me tango.nano.tudelft.nl
debug(27-NOV-2019 08:11:00.64): Ssh2Common/SSHCOMMON.C:541: local ip = 131.180.1
21.84, local port = 57056
debug(27-NOV-2019 08:11:00.64): Ssh2Common/SSHCOMMON.C:543: remote ip = 131.180.
116.49, remote port = 22
debug(27-NOV-2019 08:11:00.64): SshConnection/SSHCONN.C:2584: Wrapping...
debug(27-NOV-2019 08:11:00.64): SshReadLine/SSHREADLINE.C:3662: Initializing Rea
dLine...
debug(27-NOV-2019 08:11:00.66): Remote version: SSH-2.0-OpenSSH_8.1
debug(27-NOV-2019 08:11:00.66): OpenSSH: Major: 8 Minor: 1 Revision: 0
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:1857: All versions of O
penSSH handle kex guesses incorrectly.
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:1935: Using Client orde
r for common key exchange algorithms.
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 2 to connection
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 20 to connection
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:2832: >TR packet_type=2
0
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:2394: lang s to c: `',
lang c to s: `'
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:2459: c_to_s: cipher ae
s128-cbc, mac hmac-sha1, compression none
debug(27-NOV-2019 08:11:00.66): Ssh2Transport/TRCOMMON.C:2462: s_to_c: cipher ae
s128-cbc, mac hmac-sha1, compression none
debug(27-NOV-2019 08:11:00.67): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 2 to connection
debug(27-NOV-2019 08:11:00.67): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 30 to connection
debug(27-NOV-2019 08:11:00.68): Ssh2Transport/TRCOMMON.C:2832: >TR packet_type=3
1
debug(27-NOV-2019 08:11:00.69): Remote host key found from database.
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 2 to connection
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 21 to connection
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 2 to connection
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 5 to connection
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:2832: >TR packet_type=2
1
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:2832: >TR packet_type=6
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 2 to connection
debug(27-NOV-2019 08:11:00.70): Ssh2Transport/TRCOMMON.C:1139: Sending packet wi
th type 50 to connection
debug(27-NOV-2019 08:11:00.71): Ssh2Common/SSHCOMMON.C:342: Received SSH_CROSS_S
TARTUP packet from connection protocol.
debug(27-NOV-2019 08:11:00.71): Ssh2Common/SSHCOMMON.C:392: Received SSH_CROSS_A
LGORITHMS packet from connection protocol.
debug(27-NOV-2019 08:11:00.71): Ssh2Transport/TRCOMMON.C:2832: >TR packet_type=5
1
debug(27-NOV-2019 08:11:00.71):

Re: f31 : pkgconfig.exists( 'uuid-dev' ) false but installed

2019-11-26 Thread Adrian Sevcenco 

On 11/27/19 3:08 AM, Stephen Morris wrote:

On 27/11/19 04:56, Samuel Sieb wrote:

On 11/26/19 6:44 AM, Adrian Sevcenco wrote:

python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
 >>> import pkgconfig
 >>> print( pkgconfig.exists( 'uuid' ))
False

Can anybody else just do this simple test and post a feedback?
I would like to know if this is a fedora problem or just mine..


$ python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pkgconfig
>>> pkgconfig.exists('uuid')
True

Do you have 'libuuid-devel' installed?
Just following on from Samuel's email, both python and python3 return 
'false' for pkgconfig.exists('uuid') without libuuid-devel installed and 
return 'true' after I install libuuid-devel.

OMG what a blunder!!! I really do apologize for this!
I was so sure that i have the package installed because i checked for 
it's existence in the wrong terminal! :(


Many thanks and sorry for the noise!
Adrian





regards,
Steve


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org 


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org



--
--
Adrian Sevcenco, Ph.D.   |
Institute of Space Science - ISS, Romania|
adrian.sevcenco at {cern.ch,spacescience.ro} |
--



smime.p7s
Description: S/MIME Cryptographic Signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

[389-users] Converting OpenLdap ACL policies to 389-ds aci policies.

2019-11-26 Thread Dharmalingam S 
Hi,

Thanks for quick response in both IRC and forums.

Please find the following test ACL policies which am trying to convert.

olcAccess: to dn.subtree="dc=test,dc=com" attrs=userPassword
  by dn.exact="cn=repl,dc=test,dc=com" write
  by group.exact="cn=DirectoryAdmins,ou=Groups,dc=test,dc=com" write
  by dn.children="ou=DirectoryAdmins,dc=test,dc=com" write
  by self write
  by anonymous auth  (( need to find))
  by * none

I.   
 aci: (target = "ldap:///dc=test,dc=com;)(targetattr = "userPassword")(version 
3.0; acl "ACI for userPassword attribute";
  allow(write) (userdn = "ldap:///cn=repl,dc=test,dc=com;) OR
   (groupdn = 
"ldap:///cn=DirectoryAdmins,ou=Groups,dc=test,dc=com;) OR
   (groupdn = "ldap:///ou=DirectoryAdmins,dc=test,dc=com;) OR
   (userdn = "ldap:///self;);)
## TODO: 
##  read and search opeartions are there need to verify with auth
# aci: (targetattr = "userPassword")(version 3.0; acl "Enable only auth for 
anonymous";
#  allow(read, search) userdn= "ldap://anyone;) 
 aci: (targetattr = "userPassword")(version 3.0; acl "Disable for all other 
users";
  deny(all) (userdn= "ldap:///all;);)

II. With multiple allow in one rule:
 aci: (target = "ldap:///dc=test,dc=com;)(targetattr = "userPassword")(version 
3.0; acl "ACI for userPassword attribute";
  allow(write) (userdn = "ldap:///cn=repl,dc=test,dc=com;); 
allow(write)(groupdn = "ldap:///cn=DirectoryAdmins,ou=Groups,dc=test,dc=com;); 
allow(write)(groupdn = "ldap:///ou=DirectoryAdmins,dc=test,dc=com;); 
allow(write)(userdn = "ldap:///self;);)

Kindly can you review and let me know if i am wrong.

Thanks & Regards
Cooldharma06
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

[389-users] Re: Query about entryCSN and nsUniqueID in place of entryUUID

2019-11-26 Thread Dharmalingam S 
i will close this thread and i will open new one. It will be easy to follow up.

thanks & regards
Cooldharma06
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

Re: f31 : pkgconfig.exists( 'uuid-dev' ) false but installed

2019-11-26 Thread Stephen Morris 

On 27/11/19 04:56, Samuel Sieb wrote:

On 11/26/19 6:44 AM, Adrian Sevcenco wrote:

python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
 >>> import pkgconfig
 >>> print( pkgconfig.exists( 'uuid' ))
False

Can anybody else just do this simple test and post a feedback?
I would like to know if this is a fedora problem or just mine..


$ python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pkgconfig
>>> pkgconfig.exists('uuid')
True

Do you have 'libuuid-devel' installed?
Just following on from Samuel's email, both python and python3 return 
'false' for pkgconfig.exists('uuid') without libuuid-devel installed and 
return 'true' after I install libuuid-devel.


regards,
Steve


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: google cloud print ending

2019-11-26 Thread Stephen Morris 

On 24/11/19 05:58, George N. White III wrote:
On Sat, 23 Nov 2019 at 10:33, Neal Becker > wrote:


So what to do now?  On my android device, I installed a mopria
app, and it
finds my brother laser printer just fine.  But to print from my linux
desktop, I've never setup a system printer, just depended on
printing to
google cloud via chrome.

>From what info I found via google search, cups should just work
with mopria-
enabled printers (like mine). According to articles I found cups
should just
detect it as available network printers. So I tried it.  kde
printer config
and system-config-printers both detect nothing as available network
printers.
Mopria app on my android detects it just fine.  Both connected to
same wifi.


Debian has a decent document on CUPS Driverless Printing 



Driverless printing was designed for mobile devices that might encounter
many different printers so could not afford the overhead of setting up 
individual
printers.   The compromise is to have a small set of capabilities that 
was easy
for all the printer vendors to support.    I have a Mopria certified 
printer from
Canon that usually works with my wife's IOS devices, but on my desktop 
I use
the CUPS/Gutenprint PPD for the Mopria printer.  Some documents fail 
using

Mopria but do print from Fedora or Adobe Acrobat on Windows.

Any ideas how to debug this and/or fix it?


Does the printer appear using "avahi-browse -all | grep Printer"?  
Mine shows

up as both "Internet Printer" and "UNIX Printer".

My Mopria-capable printer didn't appear using the Gnome tool in Fedora 
31,
but CUPS Admin  gave me two options: Gutenprint 
and another that didn't
use Gutenprint. I thought that might not provide the full capabilities 
so went

with Gutenprint.

--
George N. White III
I've got another thread on this list around trying to set up my Google 
Cloud Printer in cups where at the moment I've been unable to activate 
Google Cloud Printing in cups. I'm using Fedora 30 in a VM under Windows 
10. In Windows 10 I have my network connected printer installed as a 
network printer and I also have a Google Cloud Printer in the printer 
device list, but cups doesn't see either as a network printer. I've 
installed a Goople Cloud Connector service for cups to use but so far I 
have been unable to get the service to start. Cups also doesn't seem to 
want to work with the url supplied by Google Cloud Printing, so I'm 
struggling to get the interface working. I'm using the Vmware Player to 
provide the VM's and it is indicating that printing uses the serial 
interface I think it said. I'm not sure if that is contributing the 
issues either.


regards,
Steve




___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: Sharing a USB drive with Samba ?

2019-11-26 Thread Ed Greshko 
On 2019-11-26 02:58, linux guy wrote:
> Hi people.
>
> I'm running Samba on Fedora 31.  It's working great.
>
> I want to share a USB drive using Samba.  I've tried mounting it to a 
> directory within a Samba share and it does work due to permission errors. 
>
> - I create the mount directory (USB) as a normal user, thus giving it 
> "normal" permissions.  Fore test purposes, I can r/w/x files to this 
> directory with no problems.
>
> - I mount the USB device to the mount directory using mount /dev/sdb1 USB.  
>
> - I can access the USB directory from the server and r/w/x everything just 
> fine.
>
> - When I try to access the share/USB directory from the client, like Dolphin, 
> it requests permission in the form of user and password.  The user and 
> password that I use to access the share do not work.  Nor does the user and 
> password I use to access the server.
>
> What am I missing ?
>
> How does one share a USB device via Samba ?
>

I am not really a "samba" person since we're Linux centric and rely on nfs and 
sshfs.

But I had a few moments and I did get a version of what I think you want to 
accomplish working.

The first thing is that my USB drive is an 8GB stick with one partition defined 
and formatted as ext4.
The mount point for the drive is in the userspace and a chown was done on the 
mounted drive to
ensure it was owned by the user.

[egreshko@f31k ~]$ ll -d flash
drwxr-xr-x. 3 egreshko egreshko 4096 Nov 26 14:56 flash

And df shows...

/dev/sda1    7653064   17232   7227360   1% /home/egreshko/flash

The smb.conf is rather simple

[global]
    workgroup = ASIA
    security = user

    passdb backend = tdbsam

[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = Yes
    read only = No
    inherit acls = Yes

Now, when connected to the home share I did so first with the drive *not* 
mounted.  I was able to exercise
the contents of the flash directory just like the any directory of the user. 

When I mounted the drive the flash directory became inaccessible.

I noted

[egreshko@f31k ~]$ ls -dZ /home/egreshko/flash
system_u:object_r:unlabeled_t:s0 /home/egreshko/flash

So I did

[egreshko@f31k ~]$ restorecon /home/egreshko/flash
[egreshko@f31k ~]$ ls -dZ /home/egreshko/flash
system_u:object_r:user_home_t:s0 /home/egreshko/flash

And now it works OK..

[egreshko@meimei ~]$ smbclient //f31k/egreshko -U egreshko
Unable to initialize messaging context
Enter SAMBA\egreshko's password:
Try "help" to get a list of possible commands.
smb: \> cd flash
smb: \flash\> ls
  .   D    0  Tue Nov 26 14:56:57 2019
  ..  D    0  Wed Nov 27 08:57:54 2019
  x   N    0  Tue Nov 26 14:56:57 2019

    7653064 blocks of size 1024. 7227360 blocks available
smb: \flash\> put wayne
putting file wayne as \flash\wayne (11.2 kb/s) (average 11.2 kb/s)
smb: \flash\> ls
  .   D    0  Wed Nov 27 08:59:38 2019
  ..  D    0  Wed Nov 27 08:57:54 2019
  wayne   A  161  Wed Nov 27 08:59:38 2019
  x   N    0  Tue Nov 26 14:56:57 2019

    7653064 blocks of size 1024. 7227352 blocks available
smb: \flash\>

And, just checking on the server

[egreshko@f31k flash]$ pwd
/home/egreshko/flash
[egreshko@f31k flash]$ ll
total 24
drwx--. 2 root root 16384 Oct  7 18:51 lost+found
-rwxr--r--. 1 egreshko egreshko   161 Nov 27 08:59 wayne
-rw-rw-r--. 1 egreshko egreshko 0 Nov 26 14:56 x



-- 
The key to getting good answers is to ask good questions.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

[389-users] Re: Query about entryCSN and nsUniqueID in place of entryUUID

2019-11-26 Thread William Brown 


> On 27 Nov 2019, at 03:25, Mark Reynolds  wrote:
> 
>> 
>> In my OpenLdap we have ACL policies is there any script available to convert 
>> OpenLDAP acl policies to 389-ds policies.? 
> There is no script that I am aware of for such things.  You will need to 
> recreate them manually.
> 
> As for your IRC question, you can not have a single ACI with allow and deny 
> rules.  You need two separate ACI's to do that.  If you give us some specific 
> examples we can help with the syntax, etc.

Thanks for following up Mark:

389's aci syntax is very different to OpenLDAP so you'll probably need to 
redesign your access controls in the migration. We're happy to help review,

In general you want allow-only rules, and it's the "lack of allow" that is a 
"deny".


> 
> 
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

Re: openssl : 1.0.2k-fips vs. 1.1.1d

2019-11-26 Thread Todd Zullinger 
Adrian Sevcenco wrote:
> Does anyone have a pointer or idea what changed in terms
> of ciphers or algos or curves between the two versions?
> 
> i have 2 pierces of software : the server which is java
> based and the client (python based, websockets)
> 
> on centos7 1.0.2.k-fips i can connect to the localhost but
> in fedora{30,31} i have an SSLV3_ALERT_CERTIFICATE_UNKNOWN
> error
> 
> Any idea whats is going on?

The error suggests that the application you're running
is using SSLv3 which is not supported.  The POODLE attack
effectively killed SSLv3.

I'm not sure if you can even enable SSLv3 with Fedora's
openssl anymore.  If you can, it's likely by using
update-crypto-policies to set to LEGACY or some other
profile which includes support for broken protocols like
SSLv3.

It's far better to fix the application to use a secure
protocol though.

If this app is only running on localhost and accessible
there, you might just be better off dropping TLS/SSL
entirely.  Obviously, that's not a reasonable solution if
this needs to be accessed outside of your local system.  But
then, neither is using SSLv3 in that case. :)

The openssl s_client command is useful for testing these
sort of things.  It can help you see what protocols are
being attempted.

-- 
Todd


signature.asc
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: Anyone using Anydesk or could test it ?

2019-11-26 Thread sixpack13 
bad reply from me, please ignore !
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Anyone using Anydesk or could test it ?

2019-11-26 Thread sixpack13 
Hallo

is anyone using Anydesk or could test it ?

https://anydesk.com/en/downloads/linux


since the F31-updates during the last week I'm unable to work with anydesk 
anymore.
I'm using Xorg not wayland.

Problem:
During the start of an connection a completely blank dialog box pops up.
Usually it's an dialog to allow the connection attempt on the remote box.


Connection  between F31 =>  Windows works.
Connection  between F31 <=  Windows does not !
Connections between F31 <=> F31 do not !


It is sufficing to try a F31 connection to the *same* machine to see to empty 
dialog box.


Does anyone know to debug this ?
Against which component should I fill a bug report ? 

P.S.
This comment may appear twice in this list, so please ignore.
The first one somehow seems to be got lost ?! 
it was created and send from thunderbird to users@lists.fedoraproject.org
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Anyone using Anydesk or could test it ?

2019-11-26 Thread sixpack13 

Hallo

is anyone using Anydesk or could test it ?

https://anydesk.com/en/downloads/linux


since the F31-updates during the last week I'm unable to work with 
anydesk anymore.


Problem:
During the start of an connection a completely blank dialog box pops up.
Usually it's an dialog to allow the connection attempt on the remote box.


Connection  between F31 =>  Windows works.
Connection  between F31 <=  Windows does not !
Connections between F31 <=> F31 do not !


It is sufficing to try a F31 connection to the *same* machine to see to 
empty dialog box.



Does anyone know to debug this ?
Against which component should I fill a bug report ?


--
sixpack13
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Fc30 -> FC31 : Can't rename interfaces. FC30 worked.

2019-11-26 Thread Sean Darcy 
Just upgraded to FC31. It's a multihomed machine used as a router. One
interface "external" goes to the cable modem. The other interface
"internal" goes to a switch.

cat /etc/sysconfig/network-scripts/ifcfg-external  | grep -v \#
TYPE=Ethernet
BOOTPROTO=dhcp
DEVICE=external
ONBOOT=yes
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
USERCTL=no
HWADDR=50:7B:9D:0B:8A:AB
NAME=external
UUID=02b123a7-baea-20e2-051e-8a9ec27cc44a

cat /etc/sysconfig/network-scripts/ifcfg-internal  | grep -v \#
DEVICE=internal
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.10.11.251
PREFIX=24
DEFROUTE=no
IPV4_FAILURE_FATAL=no
IPV6INIT=no
PEERDNS=no
USERCTL=no
UUID=ef5b0746-2604-b21f-c03e-00556aef68fc
HWADDR=00:0e:c6:dc:01:aa

But neither interface is found on boot:

enp0s20u3: flags=4163  mtu 1500
ether 00:0e:c6:dc:01:aa  txqueuelen 1000  (Ethernet)
RX packets 2573  bytes 172174 (168.1 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp1s0: flags=4163  mtu 1500
ether 50:7b:9d:0b:8a:ab  txqueuelen 1000  (Ethernet)
RX packets 2581  bytes 180221 (175.9 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10
loop  txqueuelen 1000  (Local Loopback)
RX packets 765  bytes 81440 (79.5 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 765  bytes 81440 (79.5 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

even though the MAC adresses match. As do the UUID's:

nmcli connection show | grep ernal

external 02b123a7-baea-20e2-051e-8a9ec27cc44a ethernet  --
System internal  ef5b0746-2604-b21f-c03e-00556aef68fc ethernet  --

enp0s20u3 is a USB interface that should be internal. If I unplug and
replug, naming works.

On boot:
kernel: asix 2-3:1.0 eth0: register 'asix' at usb-:00:14.0-3, ASIX
AX88772 USB 2.0 Ethernet, 00:0e:c6:dc:01:aa
kernel: usbcore: registered new interface driver asix
kernel: asix 2-3:1.0 enp0s20u3: renamed from eth0

then I unplug and plug:
kernel: asix 2-3:1.0 internal: renamed from enp0s20u3
kernel: asix 2-3:1.0 internal: link up, 100Mbps, full-duplex, lpa 0x45E1

That does not happen if I plug and unplug external, an ethernet cable.

BUT, what's really odd. I'm booting the Fc31 kernel:

kernel-5.3.11-300.fc31.x86_64

if I boot the same kernel, but FC30:

kernel-5.3.11-200.fc30.x86_64

IT WORKS !!

Any help appreciated.

sean
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: f31 : pkgconfig.exists( 'uuid-dev' ) false but installed

2019-11-26 Thread Samuel Sieb 

On 11/26/19 6:44 AM, Adrian Sevcenco wrote:

python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
 >>> import pkgconfig
 >>> print( pkgconfig.exists( 'uuid' ))
False

Can anybody else just do this simple test and post a feedback?
I would like to know if this is a fedora problem or just mine..


$ python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pkgconfig
>>> pkgconfig.exists('uuid')
True

Do you have 'libuuid-devel' installed?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: (fedora) Re: sshd on F31 : strange problem with login with keys's

2019-11-26 Thread Tom Horsley 
Try running the ssh command which is attempting to
login with the -v -v -v options, then you can see what it
is trying and what didn't work.

If it is an old enough system it may not share any
ciphers with the new f31 system as they have disabled
a lot of old ciphers by default.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

[389-users] Re: Query about entryCSN and nsUniqueID in place of entryUUID

2019-11-26 Thread Mark Reynolds 


In my OpenLdap we have ACL policies is there any script available to 
convert OpenLDAP acl policies to 389-ds policies.?


There is no script that I am aware of for such things.  You will need to 
recreate them manually.


As for your IRC question, you can not have a single ACI with allow and 
deny rules.  You need two separate ACI's to do that.  If you give us 
some specific examples we can help with the syntax, etc.



___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

openssl : 1.0.2k-fips vs. 1.1.1d

2019-11-26 Thread Adrian Sevcenco 
Does anyone have a pointer or idea what changed in terms of ciphers or 
algos or  curves between the two versions?


i have 2 pierces of software : the server which is java based and the 
client (python based, websockets)


on centos7 1.0.2.k-fips i can connect to the localhost but in 
fedora{30,31} i have an SSLV3_ALERT_CERTIFICATE_UNKNOWN error


Any idea whats is going on?
Thanks a lot!
Adrian



smime.p7s
Description: S/MIME Cryptographic Signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: Sharing a USB drive with Samba ?

2019-11-26 Thread linux guy 
I did the following:
sudo setsebool -P samba_export_all_rw on.

This should allow read/write to any directory without using samba_share_t.

I get the same behavior.  I can mount the drive to a shared directory and
read it on the server, but not on the client.  I don't get a permissions
error.   The directory just appears empty on the client.



On Mon, Nov 25, 2019 at 6:42 PM George N. White III 
wrote:

>
>
> On Mon, 25 Nov 2019 at 18:06, linux guy  wrote:
>
>> I never thought of selinux causing the issue.  I'm not getting an selinux
>> error ?
>>
>
> Where did you look?   You can use "sudo ausearch -m avc" to show the log
> entries.
>
> http://homepage.smc.edu/morgan_david//linux/selinux-demonstration.pdf explains
> that
> selinux is about what programs are allowed to do.
>
>
> https://wiki.gentoo.org/wiki/SELinux/Tutorials/Where_to_find_SELinux_permission_denial_details
> might be useful.
>
> https://fedoraproject.org/wiki/SELinux/samba is "man 8 selinux_samba"
> which used to come in
>  selinux-policy-devel but dnf can't find it for Fedora 31.
>
>
>> I did a setsebool -P samba_enable_home_dirs on
>>
>> I can't see why selinux would disallow remote users to access a device
>> mounted to a shared directory.   Am I wrong ?
>>
>
> The link I provides says "If you  want to share files other than home
> directories, those  files  must  be labeled samba_share_t."
> When I created a new samba share in Fedora 60 I had to label the files.
>
> If your external drive uses a low-rent filesystem you may not be able
> label files.
>
>
>> On Mon, Nov 25, 2019 at 2:17 PM George N. White III 
>> wrote:
>>
>>> On Mon, 25 Nov 2019 at 14:59, linux guy  wrote:
>>>
 Hi people.

 I'm running Samba on Fedora 31.  It's working great.

 I want to share a USB drive using Samba.  I've tried mounting it to a
 directory within a Samba share and it does work due to permission errors.

 - I create the mount directory (USB) as a normal user, thus giving it
 "normal" permissions.  Fore test purposes, I can r/w/x files to this
 directory with no problems.

 - I mount the USB device to the mount directory using mount /dev/sdb1
 USB.

 - I can access the USB directory from the server and r/w/x everything
 just fine.

 - When I try to access the share/USB directory from the client, like
 Dolphin, it requests permission in the form of user and password.  The user
 and password that I use to access the share do not work.  Nor does the user
 and password I use to access the server.

 What am I missing ?

 How does one share a USB device via Samba ?

>>>
>>> Have you checked to see if selinux is causing the permission denied
>>> issues?
>>> See https://fedoraproject.org/wiki/SELinux/samba
>>>
>>> --
>>> George N. White III
>>>
>>> --
> George N. White III
>
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: f31 : pkgconfig.exists( 'uuid-dev' ) false but installed

2019-11-26 Thread Michael Schwendt 
On Tue, 26 Nov 2019 15:44:21 +0100, Adrian Sevcenco wrote:

> > Why are you looking for 'uuid-dev'?  It's just "uuid".  
> sorry this is a typo .. yes i (they) check for uuid
> https://github.com/xrootd/xrootd/blob/master/packaging/wheel/setup.py#L61
> 
> python3
> Python 3.7.5 (default, Oct 17 2019, 12:16:48)
> [GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
> Type "help", "copyright", "credits" or "license" for more information.
>  >>> import pkgconfig
>  >>> print( pkgconfig.exists( 'uuid' ))  
> False
> 
> Can anybody else just do this simple test and post a feedback?
> I would like to know if this is a fedora problem or just mine..

$ rpm -q --provides uuid-devel
pkgconfig(ossp-uuid) = 1.6.2
uuid-devel = 1.6.2-45.fc31
uuid-devel(x86-64) = 1.6.2-45.fc31
$ rpmls uuid-devel|grep pkg
-rw-r--r--  /usr/lib64/pkgconfig/ossp-uuid.pc

According to the pkgconfig .pc files contained in that -devel package,
you need to check for "ossp-uuid". Don't guess pkgconfig dependency names.
Verify them by examining packaged files.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: f31 : pkgconfig.exists( 'uuid-dev' ) false but installed

2019-11-26 Thread Sjoerd Mullender 
On 26/11/2019 15.44, Adrian Sevcenco wrote:
> On 11/25/19 9:34 PM, Samuel Sieb wrote:
>> On 11/25/19 8:01 AM, Adrian Sevcenco wrote:
>>> [xrootdtest@c340sev xrootd]$ python3
>>> Python 3.7.5 (default, Oct 17 2019, 12:16:48)
>>> [GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
>>> Type "help", "copyright", "credits" or "license" for more information.
>>>  >>> import pkgconfig
>>>  >>> print( pkgconfig.exists( 'uuid-dev' ))
>>> False
>>
>> Why are you looking for 'uuid-dev'?  It's just "uuid".
> sorry this is a typo .. yes i (they) check for uuid
> https://github.com/xrootd/xrootd/blob/master/packaging/wheel/setup.py#L61
> 
> python3
> Python 3.7.5 (default, Oct 17 2019, 12:16:48)
> [GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
> Type "help", "copyright", "credits" or "license" for more information.
 import pkgconfig
 print( pkgconfig.exists( 'uuid' ))
> False
> 
> Can anybody else just do this simple test and post a feedback?
> I would like to know if this is a fedora problem or just mine..
> 
> Thank you!!
> Adrian

Returns True for me (after I installed python3-pkgconfig).  You need to
have libuuid-devel installed.


-- 
Sjoerd Mullender



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: f31 : pkgconfig.exists( 'uuid-dev' ) false but installed

2019-11-26 Thread Adrian Sevcenco 

On 11/25/19 9:34 PM, Samuel Sieb wrote:

On 11/25/19 8:01 AM, Adrian Sevcenco wrote:

[xrootdtest@c340sev xrootd]$ python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
 >>> import pkgconfig
 >>> print( pkgconfig.exists( 'uuid-dev' ))
False


Why are you looking for 'uuid-dev'?  It's just "uuid".

sorry this is a typo .. yes i (they) check for uuid
https://github.com/xrootd/xrootd/blob/master/packaging/wheel/setup.py#L61

python3
Python 3.7.5 (default, Oct 17 2019, 12:16:48)
[GCC 9.2.1 20190827 (Red Hat 9.2.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pkgconfig
>>> print( pkgconfig.exists( 'uuid' ))
False

Can anybody else just do this simple test and post a feedback?
I would like to know if this is a fedora problem or just mine..

Thank you!!
Adrian



smime.p7s
Description: S/MIME Cryptographic Signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: Prevent turning off external monitor when playing audio though HDMI

2019-11-26 Thread Rex Dieter 
Robert Mihaly wrote:


> I'll try to ask over at Spotify as well. Is this[1] the API you
> mentioned?
> 
> [1]: https://www.freedesktop.org/wiki/Software/systemd/inhibit/

I believe so, yes.

-- Rex
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: (fedora) Re: sshd on F31 : strange problem with login with keys's

2019-11-26 Thread Jouk Jansen 
George N. White III wrote on 26-NOV-2019 14:26:34.37

>On Tue, 26 Nov 2019 at 08:36, Jouk Jansen 
>wrote:
>
>> Hi All,
>>
>> I'm trying to setup an ssh-server on F31 which logs a user in without a
[snip]
>> Question : why does is work with just running "/usr/sbin/sshd" but not wi=
>th
>> "systemctl start sshd" ?
>>
>
>When your root ran /usr/sbin/sshd was the very long list of options used
>when sshd is started by systemd included?  I see:
>
>$ sudo systemctl status sshd |fold
>=E2=97=8F sshd.service - OpenSSH server daemon
>   [...]
>   CGroup: /system.slice/sshd.service
>   =E2=94=94=E2=94=80994 /usr/sbin/sshd -D -oCiphers=3Daes256-gcm@o=

On my machine I only get 
 /usr/sbin/sshd -D
here

 Jouk


Pax, vel iniusta, utilior est quam iustissimum bellum.
(free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.)
 Epistularum ad Atticum 7.1.4.3)


   Touch not the cat bot a glove

>--<

  Jouk Jansen
 
  jo...@hrem.nano.tudelft.nl

  Technische Universiteit Delfttt  uu uu  ddd
  Kavli Institute of Nanoscience   tt  uu uu  dddd
  Nationaal centrum voor HREM  tt  uu uu  dd dd
  Lorentzweg 1 tt  uu uu  dd dd
  2628 CJ Delfttt  uu uu  dd dd
  Nederlandtt  uu uu  dddd
  tel. 31-15-2782272   tt   uuu   ddd

>--<
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: (fedora) Re: sshd on F31 : strange problem with login with keys's

2019-11-26 Thread Jouk Jansen 
Sam Varshavchik wrote on 26-NOV-2019 14:09:36.69

>Jouk Jansen writes:
>
>> Hi All,
>>
>> I'm trying to setup an ssh-server on F31 which logs a user in without a
>> password, but with a key-exchange. I generated all the keys and placed them
>> in the right locations. It still asks for the password.
>>
>> Than comes the strange : I stoped the service by "systemctl stop sshd" and
>> did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
>> and start with systemctl again made the passwordless login fail again)
>>
>> Question : why does is work with just running "/usr/sbin/sshd" but not with
>> "systemctl start sshd" ?
>
>Perhaps the actual command and set up, from sshd.service, will offer a clue:
>
>EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
>EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
>EnvironmentFile=-/etc/sysconfig/sshd
>ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
>
>That's what systemctl start sshd does.

/etc/crypto-policies/back-ends/opensshserver.config is the default file of
the system.

/etc/sysconfig/sshd-permitrootlogin does not exists (and we do not try to
logon as root anyway.

/etc/sysconfig/sshd : In this file the CRYPTO_POLICY= line is uncommented to
allow for more cyphers. (I try to connect from a machine with not the newest
cyphers (yes I know the risk))

It used to work on a F30 system, which crashed and is now fresh installed
with F31. Can it be that I have to add more cyphers to the
/etc/ssh/sshd_conf files? (the public key from the client machine starts
with : ssh-rsa)

   Regards
   Jouk


Pax, vel iniusta, utilior est quam iustissimum bellum.
(free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.)
 Epistularum ad Atticum 7.1.4.3)


   Touch not the cat bot a glove

>--<

  Jouk Jansen
 
  jo...@hrem.nano.tudelft.nl

  Technische Universiteit Delfttt  uu uu  ddd
  Kavli Institute of Nanoscience   tt  uu uu  dddd
  Nationaal centrum voor HREM  tt  uu uu  dd dd
  Lorentzweg 1 tt  uu uu  dd dd
  2628 CJ Delfttt  uu uu  dd dd
  Nederlandtt  uu uu  dddd
  tel. 31-15-2782272   tt   uuu   ddd

>--<
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: sshd on F31 : strange problem with login with keys's

2019-11-26 Thread Ed Greshko 
On 2019-11-26 20:27, Jouk Jansen wrote:
> I'm trying to setup an ssh-server on F31 which logs a user in without a
> password, but with a key-exchange. I generated all the keys and placed them
> in the right locations. It still asks for the password.
>
> Than comes the strange : I stoped the service by "systemctl stop sshd" and
> did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
> and start with systemctl again made the passwordless login fail again)
>
> Question : why does is work with just running "/usr/sbin/sshd" but not with
> "systemctl start sshd" ?

One thing you should check is the permissions on the ~/.ssh on the machine 
you're trying to connect
to.  If it is not 700 you will get the behavior you cite.



-- 
The key to getting good answers is to ask good questions.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: sshd on F31 : strange problem with login with keys's

2019-11-26 Thread George N. White III 
On Tue, 26 Nov 2019 at 08:36, Jouk Jansen 
wrote:

> Hi All,
>
> I'm trying to setup an ssh-server on F31 which logs a user in without a
> password, but with a key-exchange. I generated all the keys and placed them
> in the right locations. It still asks for the password.
>
> Than comes the strange : I stoped the service by "systemctl stop sshd" and
> did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
> and start with systemctl again made the passwordless login fail again)
>
> Question : why does is work with just running "/usr/sbin/sshd" but not with
> "systemctl start sshd" ?
>

When your root ran /usr/sbin/sshd was the very long list of options used
when sshd is started by systemd included?  I see:

$ sudo systemctl status sshd |fold
● sshd.service - OpenSSH server daemon
   [...]
   CGroup: /system.slice/sshd.service
   └─994 /usr/sbin/sshd -D -oCiphers=aes256-...@openssh.com
,chacha20-pol
y1...@openssh.com,aes256-ctr,aes256-cbc,aes128-...@openssh.com
,aes128-ctr,aes128
-cbc -oMACs=hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com
,umac-128-etm
@openssh.com,hmac-sha2-512-...@openssh.com
,hmac-sha2-256,hmac-sha1,umac-128@open
ssh.com,hmac-sha2-512 -oGSSAPIKexAlgorithms=gss-gex-sha1-,gss-group14-sha1-
-oKe
xAlgorithms=curve25519-sha256,curve25519-sha...@libssh.org
,ecdh-sha2-nistp256,ec
dh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-
hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha5
12,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
-oHostKeyAlgor
ithms=rsa-sha2-256,rsa-sha2-256-cert-...@openssh.com
,ecdsa-sha2-nistp256,ecdsa-s
ha2-nistp256-cert-...@openssh.com
,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v
0...@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-...@openssh.com
,ecdsa-sha2-nistp52
1,ecdsa-sha2-nistp521-cert-...@openssh.com
,ssh-ed25519,ssh-ed25519-cert-v01@open
ssh.com,ssh-rsa,ssh-rsa-cert-...@openssh.com
-oPubkeyAcceptedKeyTypes=rsa-sha2-2
56,rsa-sha2-256-cert-...@openssh.com
,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cer
t-...@openssh.com,ecdsa-sha2-nistp384,
ecdsa-sha2-nistp384-cert-...@openssh.com,r
sa-sha2-512,rsa-sha2-512-cert-...@openssh.com
,ecdsa-sha2-nistp521,ecdsa-sha2-nis
tp521-cert-...@openssh.com,ssh-ed25519,ssh-ed25519-cert-...@openssh.com
,ssh-rsa,
ssh-rsa-cert-...@openssh.com
-oCASignatureAlgorithms=rsa-sha2-256,ecdsa-sha2-nis
tp256,ecdsa-sha2-nistp384,rsa-sha2-512,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa


-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Re: sshd on F31 : strange problem with login with keys's

2019-11-26 Thread Sam Varshavchik 

Jouk Jansen writes:


Hi All,

I'm trying to setup an ssh-server on F31 which logs a user in without a
password, but with a key-exchange. I generated all the keys and placed them
in the right locations. It still asks for the password.

Than comes the strange : I stoped the service by "systemctl stop sshd" and
did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
and start with systemctl again made the passwordless login fail again)

Question : why does is work with just running "/usr/sbin/sshd" but not with
"systemctl start sshd" ?


Perhaps the actual command and set up, from sshd.service, will offer a clue:

EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN

That's what systemctl start sshd does.



pgprI8n4Qiwoo.pgp
Description: PGP signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

sshd on F31 : strange problem with login with keys's

2019-11-26 Thread Jouk Jansen 
Hi All,

I'm trying to setup an ssh-server on F31 which logs a user in without a
password, but with a key-exchange. I generated all the keys and placed them
in the right locations. It still asks for the password.

Than comes the strange : I stoped the service by "systemctl stop sshd" and
did run "as root" /usr/sbin/sshd. And than it just worked. (tried to stop
and start with systemctl again made the passwordless login fail again)

Question : why does is work with just running "/usr/sbin/sshd" but not with
"systemctl start sshd" ?

regards
Jouk


Pax, vel iniusta, utilior est quam iustissimum bellum.
(free after Marcus Tullius Cicero (106 b.Chr.-46 b.Chr.)
 Epistularum ad Atticum 7.1.4.3)


   Touch not the cat bot a glove

>--<

  Jouk Jansen
 
  jo...@hrem.nano.tudelft.nl

  Technische Universiteit Delfttt  uu uu  ddd
  Kavli Institute of Nanoscience   tt  uu uu  dddd
  Nationaal centrum voor HREM  tt  uu uu  dd dd
  Lorentzweg 1 tt  uu uu  dd dd
  2628 CJ Delfttt  uu uu  dd dd
  Nederlandtt  uu uu  dddd
  tel. 31-15-2782272   tt   uuu   ddd

>--<
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

[389-users] Re: Query about entryCSN and nsUniqueID in place of entryUUID

2019-11-26 Thread cool dharma06 
hi,

On Mon, Nov 25, 2019 at 4:34 AM William Brown  wrote:

>
>
> > On 22 Nov 2019, at 19:11, cool dharma06  wrote:
> >
> > hi,
> >
> >
> > On Fri, Nov 22, 2019 at 4:41 AM William Brown  wrote:
> >>
> >>
> >>
> >>> On 21 Nov 2019, at 16:13, cool dharma06 
> wrote:
> >>>
> >>> Hi,
> >>>
> >>>
> >>> On Thu, Nov 21, 2019 at 7:48 AM William Brown  wrote:
> 
> 
> > On 21 Nov 2019, at 10:49, cool dharma06 
> wrote:
> >
> 
> > Hi William,
> >
> > Thanks for your reply.
> >
> > I want to enable 389ds to generate nsUniqueID, modifiedTimestamp,
> creators name for all enteries which is added/getting added to 389-ds. Any
> suggestions or reference link to enable this.
> 
>  They are all generated by default as part of the server - it may be
> the access controls preventing you from viewing them instead 
> >>>
> >>> Sure, I will verify the access policy. And I used following commands
> to retrieve the user information.
> >>>
> >>> $ dsidm ceenext-sles account get-by-dn
> >>> Enter dn to retrieve : cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
> >>> dn: cn=sudo,ou=Groups,dc=cee,dc=test,dc=com
> >>> cn: sudo
> >>> gidNumber: 1950
> >>> objectClass: posixGroup
> >>> objectClass: groupOfNames
> >>> objectClass: top
> >>
> >> You already have dsidm as a command ?! Which suse version are you on.
> > I am using SLES 15.1. I installed 389-ds-base from SUSE repo.
> > Lib386-XXX.rpm i took from Tumbleweed.
>
> There are some updates coming soon to this package I think which will make
> things better.
>
> >
> >> Anyway, trying looking at the entry as "cn=Directory Manager" instead
> of anonymous, as cn=dm bypasses aci's.
> >
> > Thanks for your suggestions, now i am able to view all the attributes.
>
> Great!
>
> >
> >>>
> >
> >
> > I have OpenLdap set up with replication enabled and I want to make
> one more 389-ds with replication in sles 15.1 machine . I am unable to find
> admin-console package.
> > So I installed lib389 rpm and I am using dsctl, dsidm, dsconf tools
> to experiment and add users in my local 389ds setup.
> 
>  SUSE does not ship admin-console, and never will - we are in the
> process of actually bringing the new ds* tools into SLE 15.0 and 15.1 which
> will make it much easier to administer the server. You can see these on the
> wiki or on Red Hat's correspending 389 docs
> 
>  http://www.port389.org/docs/389ds/howto/quickstart.html
> 
> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/
> 
>  We are also in the progress of releasing 389-ds docs for SUSE as well,
> >>>
> >>> It will be very helpful if you share the ds* tools and 389-ds docs
> release dates.
> >>
> >> I don't have a release date yet I'm sorry - not because I can't share,
> but because there is some administration going on with the packages and I'm
> not sure of when it will be done (but it's necessary steps :) )
> >
> > No issue and thanks for the information. If official SUSE packages are
> > there it will very useful.
>
> Happy to help, and feel free to ask questions anytime!
>
> >
> >>>
> >
> > Once it's done I am planning to enable sync and replication in
> 389-ds.
> >
> > It will be very helpful if u have any guidelines on this.
> 
>  389-ds can replicate with other 389-ds servers, but *not* openldap.
> So I think you need to do a datamigration 
> >>>
> >>> Yes, with multiple 389-ds i am planning for replication. Any
> guidelines or reference link to configure replication.
> >>
> >> In the red_hat_directory_server/11 link from redhat, look at their
> replication section :)
> >
> > Thank you, I will verify the redhat Guide links.
>
> As above, if you have any questions, please let us know.
>

In my OpenLdap we have ACL policies is there any script available to
convert OpenLDAP acl policies to 389-ds policies.?

>
>
> >
> >>>
> 
> >
> > Thanks & Regards
> > cooldharma06
> >
> >
> > On Thu, Nov 21, 2019, 4:33 AM William Brown  wrote:
> >
> >
> >> On 20 Nov 2019, at 15:41, cool dharma06 
> wrote:
> >>
> >> Hi all,
> >>
> >> i have OpenLDAP in my environment. And i am experimenting 389-ds
> and their functionalities. In my OpenLDAP, i have entries with following
> attributes:
> >> entryCSN, contextCSN, entryUUID.
> >>
> >> 1. For entryCSN and contextCSN - any equivalent attribute available
> in 389-ds
> >>
> >> 2. When i check for the above attributes in 389-ds, i am unable to
> find those attributes. From the  post link, its mentioned like we can use
> nsUniqueID in place of entryUUID. but we might face issue during Sync/repl.
> >>
> >> Is this issue got fixed.
> >> https://pagure.io/389-ds-base/issue/137
> >>
> >> Any suggestions for the above queries.
> >
> > OpenLDAP and 389-ds use a really different replication model. That's
> probably why you can't find the same types and datapoints.
> >
>

Re: USB wireless rtl8822b Driver strange

2019-11-26 Thread Samuel Sieb 

On 11/25/19 9:30 PM, Robert McBroom via users wrote:
Compiled driver from GitHub for USB wireless from FayTun.  The device is 
recognized and connects.  The console gets a stream as follows:


- WIFI-LPS_CTRL_PHYDM
[ 2664.623537] RTW: rtl8822b_set_FwPwrMode_cmd(wlp0s29f7u7): HW port id=0
[ 2664.623542] RTW: rtl8822b_set_FwPwrMode_cmd(wlp0s29f7u7): fw ps mode 
= ACTIVE, drv ps mode = 0, rlbm = 0 , smart_ps = 0, allQueueUAPSD = 0
[ 2664.633524] RTW: rtw_set_ps_mode(wlp0s29f7u7) Enter 802.11 power save 
- WIFI-LPS_CTRL_PHYDM

[ 2664.633530] RTW: rtl8822b_set_FwPwrMode_cmd(wlp0s29f7u7): HW port id=0
[ 2664.633535] RTW: rtl8822b_set_FwPwrMode_cmd(wlp0s29f7u7): fw ps mode 
= LPS, drv ps mode = 2, rlbm = 1 , smart_ps = 2, allQueueUAPSD = 0


This continues forever until the device is disabled, ifconfig doesn't 
show any errors.


What is this behavior?


Is it working otherwise?  It appears that the driver is logging every 
time it puts the device in or out of power save mode.  I would suggest 
filing a bug on the driver, but check if there is already an issue open 
for it.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org