and analyzing the network traces to find some
workaround having to do with lousy Kerberos integration.
Guess whose messages went unanswered:
http://groups.google.com/group/linux.samba/browse_frm/thread/1c6c40a01a4e722f/172c54916c27e532?lnk=stq=guy+teverovsky+Samba3+and+forest+trustrnum=1hl=en
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Shachar Shemesh
Sent: Saturday, January 21, 2006 09:40
Cc: linux-il list
Subject: OT: MS pricing policy (was: Microsoft propaganda)
If I'm reading this table correctly, if I need a server that
Having visited lately the job market (it's upgrade time ;) ), and after
having some small-talks with the placement agents, I strongly recommend
writing the resume in Hebrew and making it one-page long (some will ask
to keep the resume without tables, as their applications have a hard
time parsing
On the other hand, as for people saying they have to go through
the Windows desktops one by one to update them - I'm not a
Windows expert but I heard the the really good Windows admins
are able to do such stuff over the network through central servers.
[Guy]
It's not about being good. It's
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Greg Pendler
Sent: Wednesday, September 28, 2005 8:27 AM
To: Linux-IL
Subject: Linux, Active Directory and TIMEZONES
Hi,
I've read previous posts on this issue, and tested the instructions,
On Wed, 2005-08-03 at 20:28 +0300, Shlomi Fish wrote:
On Wednesday 03 August 2005 18:54, Oron Peled wrote:
BTW: My normal reply is that those people cost more because
(on the average) they know more. If you'll get a
*realy good* windows admin -- he also won't work for the
Try:
find / * | xargs rpm -qf | grep not owned by
Will trash the sh#$t out the the box, but will do the job.
Cheers,
Guy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Michael Green
Sent: Wednesday, July 27, 2005 5:13 PM
To: ILUG
Subject: need
Take a good look at Lustre: http://www.lustre.org/
Guy
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Erez D
Sent: Wednesday, July 27, 2005
8:01 PM
To: ilug
Subject: distributed disk
hi
I have few machines, each with a small disk
i want to build one
Some comments/thoughts inline.
Cheers,
Guy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Ira Abramov
Sent: Monday, July 25, 2005 1:26 PM
To: IGLU Mailing list
Subject: can't su under kerberos from root to others (was: Active
Directory)
* On
Im trying to find a smart way to centrally manage the
Mosix/OpenMosix cluster nodes and after some google-ing have come up with Oscar
which looks like a good candidate for the task (http://oscar.sf.net).
I remember that the name has come up at this list, so some questions:
-
Does Oscar
Thanks, Orna. Very useful info.
Still some question/thoughts inline...
Cheers,
Guy
Regarding mosix/openmosix: After several years of considering and
convincing regarding this issue, I decided to avoid installing any of
them. It is not worth it. I send batch jobs via the batch queueing
system,
If you feel comfortable with patching the RHEL's kernel, you can
configure IPSec in so called opportunistic mode with pre-shared keys
when you do not establish an actual tunnel, but force encryption of the
traffic between the two boxes.
If you were running 2.6 kernel, that would probably be the
On Sun, 2005-07-03 at 20:27 +0300, Ira Abramov wrote:
to explain: when you use winbind and add a machine into the domain, the
first time you look up a user she will be mapped to a local UID in an
idmap database. the problem is, there is no hash function to map a
lanman object's SID, and the
On Tue, 2005-06-21 at 16:23 +0300, Ira Abramov wrote:
I wondered once or twice if people united their linux machine to
authenticate against an existing Active Directory. today I had the
chance to do it for a client. first we tried the old fashioned way -
install SFU (Seervices for Unix) on the
On Tue, 2005-06-21 at 16:40 +0300, Josh Zlatin-Amishav wrote:
and remember two important lessons:
1. when requesting a kerberos key with kinit the domain name is case
sensitive
This is Kerberos realm and not domain name. Kerberos realms are always
upper case.
2. make sure to update you
Evolution uses Outlook Web Acceess (OWA) to gain access to the content stored
on Exchange.
OWA is a web interface for the Exchange with the lookfeel of Outlook.
Evolution does not use the native MAPI protocol (the IIS translates the the
HTTP requests to native MAPI)
Guy
Or you can enroll to the Beta and instead of listening to the rummors, jusge it
for yourself.
I did... My first impressions have been blogged here:
http://guy.netguru.co.il/archives/6-Dazed-and-confused-Microsofts-MSH-shell-codename-Monad.html
And while I do admit that cmd.exe is quite a
From: [EMAIL PROTECTED] on behalf of Ira Abramov
Sent: Wed 6/15/2005 9:48 PM
To: linux-il@linux.org.il
Subject: Re: good news: evolution + exchange server
Quoting Guy Teverovsky, from the post of Wed, 15 Jun:
Evolution uses Outlook Web Acceess (OWA) to gain access
I'll second that.
Have just started deploying OpenSSI for our researchers and it looks
very promising (mainly for high volume image processing).
Couple of useful links:
http://www.gelato.org/pdf/Illinois/gelato_IL2004_openssi_walker.pdf
This one in Hebrew:
Shahar,
Your update is not sufficient. The data from HKLM\SOFTWARE\Microsoft
\Windows NT\CurrentVersion\Time Zones\Israel Standard Time is read ONLY
when the client *switches* the timezone. When updating you also need to
write to HKLM\System\CurrentControlSet\Control\TimeZoneInformation
directly.
It is incomplete on purpose:
1. You cannot change the setting while explorer is up. Changing the
registry directly like that creates inconsistency between the running
configuration and the stored configuration, resulting in confusion or worse.
We successfully updated several hundred hosts
Hello all,
I am designing a WiFi secure access solution at work based
on 802.1x protocol.
Because of the security requirements, I can use only
two-factor authentication or one time passwords (OTP).
After research and some pilots, I have an infrastructure
capable of doing
Now, to the technical question: is Mozilla configurable to pretend it
is IE, like Konqueror? Couldn't find anything fast enough (Mozilla
1.7.3 on RHEL WS3).
[Guy] Try this one:
http://extensionroom.mozdev.org/more-info/useragentswitcher
--
Oleg Goldshmidt | [EMAIL PROTECTED]
While reading the rules, several questions popped up in my head.
I have been working for a while on the subject of Linux Microsoft
interoperability and Single Sign-On (SSO) in middle to large scale
environments and was considering suggesting this topic as a lecture for
Haifux or any other body
http://techrepublic.com.com/5208-6239-0.html?forumID=54threadID=155468
The important lines in the vhost configuration are:
RequestHeader set Front-End-Https On (see
http://support.microsoft.com/kb/307347 for details)
ProxyPreserveHost On
Guy
-Original Message-
From: [EMAIL
[snip]
If merely adding keys is not enough, and removing keys is also
necessary, you can write an INF file to do that. If memory serves me
right, sufficient INF support is available in Wine to do most basic
stuff an INF can do. That is not always enough, however. For example,
INFs didn't used
You might want to do some reading about WPA and 802.1x protocols.
The idea is that a host trying to connect to wired or wireless network
needs to authenticate in order to enable the port it is connecting to
(we are talking here about layer 2 authentication).
The approach gives you a wide choice
On Wed, 2005-01-05 at 23:58 +0200, Dan Aloni wrote:
[snip]
Regarding Windows drivers on Linux, I'd also like to recommend
another great piece of work named ndiswrapper [1].
I ended up using ndiswrapper because the 3Com PCMCIA card 802.11g
card that I ordered turned out to be a
[EMAIL PROTECTED] antid0t]$ cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=aristo.antid0t.net
GATEWAY=192.168.0.1
Those variables are picked at boot time.
If you want to set domain name without rebooting:
# echo box.domain.com /proc/sys/kernel/hostname
For the wizard addicted:
$
W2K and up support caching of logon credentials.
As far as I know, if you want the same behavior on Linux, you will need
to pay for 3rd party software, like VAS from Vintela.
Guy
--
Smith Wesson - the original point and click interface
On Sat, 2004-08-21 at 20:10, Oded Arbel wrote:
Hi
Does anyone have any experience with the mentioned above ?
What I am looking in particular is whether anyone has managed to
configure OpenSSI and/or Lustre FS on relatively up-to-date free distro.
Any feedback is more than appreciated.
http://openssi.org/
http://www.lustre.org/
Thanks,
Guy
--
Actually UML is not that complicated considering the fact that
precompiled kernel rpms exist (both for host and for UML machines):
http://www.nrh-up2date.org/howto/uml/packages/
Guy
On Thu, 2004-05-27 at 18:06, Tzafrir Cohen wrote:
On Thu, May 27, 2004 at 04:14:43PM +0200, Uri Sharf wrote:
On Thu, 2004-04-29 at 01:00, Yonah Russ wrote:
Active directories is very heavy on kerberos- it's theoretically
possible to use the same kerberos for both the active directory and
linux- I've read you can even convince active directories to use a linux
kerberos server.
Heavy on kerberos ?
On Thu, 2004-04-29 at 01:08, Oron Peled wrote:
On Thursday 29 April 2004 01:00, Yonah Russ wrote:
Active directories is very heavy on kerberos- it's theoretically
possible to use the same kerberos for both the active directory and
linux- I've read you can even convince active directories
--=-X1DTPcYwJufIxwnwUEGL
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
See attached the cut-down version of the script I use.
It has port forwarding examples and a bunch of things I added.
Guy
On Mon, 2004-04-26 at 17:17, David Suna wrote:
Yes, the problem seems to be with the
echo 1 /proc/sys/net/ipv4/ip_forward
To make it permanent add the following line to /etc/sysctl.conf:
net.ipv4.ip_forward = 1
If you do not have static IP assigned by your ISP, you will also need:
echo 1 /proc/sys/net/ipv4/ip_dynaddr
The corresponding line in /etc/sysctl.conf is:
On Mon, 2004-04-19 at 11:55, Shlomi Fish wrote:
[snip]
Furthermore, I define _good_ Info-Tech Worker Hours as a 40-hours week
(8 work hours per day - 9 to 5 or something similar).
you must not have left the university walls lately.
Perhaps, but I still have learned a few things since
On Tue, 2004-04-13 at 17:02, Omer Zak wrote:
[snip]
Recently it was advertised that some models of Cisco routers have backdoor
with default passwords. I don't have the reference on hand.
http://www.cisco.com/en/US/products/products_security_advisory09186a00802119c8.shtml
Guy
--
Smith
On Fri, 2004-04-09 at 07:59, Shachar Shemesh wrote:
tzedit is only available through the Platform SDK, which in turn is only
truely available through MSDN, for which I payed full price. We tried to
get a discount for Hamakor members, but Microsoft didn't see us as an
interesting group to
On Thu, 2004-04-08 at 19:12, Shachar Shemesh wrote:
[snip]
tzedit is only available through the Platform SDK, which in turn is only
truely available through MSDN, for which I payed full price. We tried to
get a discount for Hamakor members, but Microsoft didn't see us as an
interesting
In the spirit of Know your enemy (well, actually I admit to be more MS
oriented), I will drop my couple of cents...
On Tue, 2004-02-10 at 13:41, Ez-Aton wrote:
Well then, I'm just not the type. I'll elaborate.
[snip]
This isn't against you specifically Ez, every Win* user I know thinks
the
On Wed, 2004-02-11 at 02:17, Oron Peled wrote:
On Tuesday 10 February 2004 23:49, Guy Teverovsky wrote:
AD in general is a bunch of bundled services. You can remove AD from
your server and can get it up and running back again.
Does it mean it only affect other applications? or does
Totally agree with every word. Yet my couple cents:
The reason behind enforcing PPTP/PPPoE/PPPoA/L2TP/whatever tunnels is
provisioning, accounting and QoS - all those can not be done to the
satisfying extent when you are connected directly through DHCP.
When on DHCP, the ISP has no ability to
On Sun, 2004-02-08 at 02:42, Ilya Konstantinov wrote:
Hi Guy,
Maybe it wasn't your point, but it's all in the best traditions of
driving a high level discussion into technicalities :)
As long as it's not a flame war, I'm with you on that one.
When on DHCP, the ISP has no ability to
On Sun, 2004-02-08 at 03:54, Ilya Konstantinov wrote:
[snip]
And what about the cases when you have a mail server spreading SPAM
which is spoofing it's source IP address ? You can easily block the
wrong customer if you are dealing only with source IP.
Cisco's source-verify feature
On Fri, 2004-01-16 at 08:12, Ori Idan wrote:
[snip]
Windows Live-CD... No there is not and it is impossible I think due to
both technical and marketing reasons windows is a propriatry operating
system and thus they would not want anyone to use it this way without
paying...
Another beuty
On Thu, 2003-12-18 at 23:07, Gil Freund wrote:
[snip]
I did that. I use LDAP now for authentication and mail routing for all 4
of my enterprise network users.
I also used PHPGroupware as a front end to enter contact information so
I can access it via Mozilla and such. I since dropped
Vote for the bug: http://bugzilla.mozilla.org/show_bug.cgi?id=140611
Guy
On Sun, 2003-12-14 at 17:01, Shlomi Fish wrote:
Hi!
In the document:
http://t2.technion.ac.il/~shlomif/rub-a-dub/rub-a-dub-dub-heb_final.html
In Mozilla, the numbers and bullets of ol and ul lists appear at the
On Wed, 2003-12-10 at 00:33, Shaul Karl wrote:
On Tue, Dec 09, 2003 at 11:07:37PM +0200, Dan Fruehauf wrote:
move to another ISP, Netvision Probably. (in short -
because they told me they can fix me a static ip and i wouldnt have to add
any $$).
I want
On Wed, 2003-12-10 at 08:27, Michael Sternberg wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dan Fruehauf
Sent: Tue, December 09, 2003 11:08 PM
To: [EMAIL PROTECTED]
Subject: Cable Internet, 012, and what's between it...
...
...
On Wed, 2003-12-10 at 10:00, Shachar Shemesh wrote:
[snip]
When you connect to the internet, you get an IP. The IP is marked, at
the ISP's side, as belonging to you. If that IP address does something
bad, it's your door the police are going to be knocking down on.
Now, how possible is
On Wed, 2003-12-10 at 22:15, Alex Chudnovsky wrote:
[snip]
I have a regular 6104. May you tell me how you configured your router to use
BOTH DHCP and PPTP? I've encountered only the option of using either this or
that.
You can't.
What you can do is to call your Cable company and ask for
On Thu, 2003-12-04 at 11:28, Geoffrey S. Mendelson wrote:
Guy Teverovsky wrote:
On Wed, 2003-12-03 at 22:51, Yedidyah Bar-David wrote:
http://www.netguru.co.il/files/manuals/eci/ECI_ROUTER_ADSL_270_400.pdf
The document has been contributed by ECI. Bezeq officially support the
router
On Wed, 2003-12-03 at 22:51, Yedidyah Bar-David wrote:
Hello all,
I got an ECI 270PR (the modem/router Bezeq offers for ADSL users), and
while it's being advertized as a router, specifically one that allows
Internet connection sharing, the documentation that comes with it
only explains how
On Sun, 2003-11-30 at 23:17, Shlomo Solomon wrote:
snip
In fact, I had ruled out a DNS problem earlier because the Win98s could reach
most URLs with no problem and there were only a few problematical URLs. I
still don't understand this. I would have thought that if the DNS server was
not
On Fri, 2003-11-21 at 05:06, Micha Feigin wrote:
Downloaded the file and tried accessing the modem as described, but
apparently my modem does think that its dumb since when I try to browse
to 192.168.1.1 I don't get any reply.
I belive it does think that that is its address, since it does
On Fri, 2003-11-21 at 09:13, Shlomo Solomon wrote:
OK - I tried Guy's advice and came up with 1372 + 28 = 1400 which is exactly
what was already suggested and didn't solve my problem. I had already set the
Win98 MTU to 1400 in the registry according to the instructions in the
ADSL-Bezeq
On Thu, 2003-11-20 at 16:42, Micha Feigin wrote:
If you take the 750 account you can get a eth modem from bezeq without
extra cost and they should work with linux.
I got the eci eth modem which is a dumb modem and it works great with
pppoe.
Actually, this is not a dumb modem. It is
On Tue, 2003-11-18 at 22:00, Shachar Tal wrote:
snip..
And how much did the time it took you to learn to do that, cost your
company?
One 2-day course at Rational and a crashburn accelerated course of
migrating Windows VOBs from NT domain to another AD domain, while
preserving all the
On Wed, 2003-11-19 at 11:33, Oleg Goldshmidt wrote:
Guy Teverovsky [EMAIL PROTECTED] writes:
It can be setup in ClearCase in 5 minutes. Create a bunch of dynamic
views each with it's own brunch and script the hourly/nightly builds
inside each view. Couple of one-liners will suffice.
I
November 2003 04:36, Guy Teverovsky wrote:
Do you have --clamp-mss-to-pmtu in your iptables script ?
Something like:
$IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
--clamp-mss-to-pmtu
Guy
On Mon, 2003-11-17 at 22:45, Shlomo Solomon wrote:
Hi,
My network
On Tue, 2003-11-18 at 18:58, Oleg Goldshmidt wrote:
Tal, Shachar [EMAIL PROTECTED] writes:
Easily doesn't mean a sysadmin for a day. Easily means not having to
invest considerable man-power into making cvs and diff and branches
and IDE integration and nightly building and whatnot work
Do you have --clamp-mss-to-pmtu in your iptables script ?
Something like:
$IPTABLES -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS \
--clamp-mss-to-pmtu
Guy
On Mon, 2003-11-17 at 22:45, Shlomo Solomon wrote:
Hi,
My network consists of my Mandrake 9.1 box and 3 Win98 machines. All 4
Reminder: to master the art of distinguishing between Reply and Reply to all
Guy
On Thu, 2003-11-13 at 10:46, Gilad Ben-Yossef wrote:
Now, what would have happend if this was a run of the mill closed source
security firm?
Closed source firms rarely use CVS (if ever). Big projects usually
On Tue, 2003-10-14 at 00:11, dittigas wrote:
See some more information here:
http://whatsup.org.il/article.php?sid=1661
more here: http://whatsup.org.il/article.php?sid=2030
and http://whatsup.org.il/article.php?sid=2060 about the subject.
all in Hebrew.
FYI, the topic has been
a way to make it do something useful
:-) )
Thanks,
Guy
On Wed, 2003-08-06 at 12:14, Gilad Ben-Yossef wrote:
Guy Teverovsky wrote:
Greetings all,
I did some hardware inventory in the warehouse debris at work and found
some 6-7 HP workstations (J200, J210, J280).
I would like
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Orna Agmon
Sent: Wednesday, August 06, 2003 7:42 PM
To: Gilad Ben-Yossef
Cc: Guy Teverovsky; [EMAIL PROTECTED]
Subject: Re: Linux cluster on HPPA (PA-RISC) architecture
On Wed, 6 Aug 2003, Gilad Ben
Greetings all,
I did some hardware inventory in the warehouse debris at work and found
some 6-7 HP workstations (J200, J210, J280).
I would like to bring some life to those and free their enslaved by
HP-UX souls. The big question is whether there is any chance running
some a Linux cluster on
On Wed, 2003-07-30 at 19:15, Beni Cherniavsky wrote:
Some time ago I had a very long battle with iptables only to discover
that they were fine all the time - turned out that
/proc/sys/net/ipv4/ip_forward was 0. I'm pretty sure I didn't setup
it like this but I didn't investigate the reasons.
On Tue, 2003-07-29 at 02:08, Guy Teverovsky wrote:
[snip]
Actually, in properly configured AD both W2K and Linux will be denied
access. Search the net for Enforce password history. The default on
W2K is to remember 1 old password.
It's the hour. This part is a total nonsense. Please
Take a look here for the background:
http://www.netguru.co.il/modules.php?op=modloadname=Newsfile=articlesid=19
The cable issue is mostly historical. All network equipment is devided
into 2 categories:
- DTE (Data Terminal Equipment: NICs)
- DCE (Data Communication Equipment: hubs, switches,
On Wed, 2003-07-16 at 19:06, Ben-Nes Michael wrote:
Hi All
I been asked if DHCPD on linux can pass to clients, domain names thrugh
Micorsoft active directory.
What do you mean by that ?
Are you asking whether DHCP clients will be able to dynamically register
in the DNS ?
If that is the
On Tue, 2003-07-08 at 21:09, Beni Cherniavsky wrote:
Shaul Karl wrote on 2003-07-08:
I still don't get something. Quoting section 7 of the IP Sub-Networking
Mini-Howto:
For the sake of this example, let us assume that you have decided to
subnetwork you C class IP network
As I have a local caching DNS server which uses my ISP DNS servers as
forwarders and I do not want the resolve.conf (which points to my DNS)
to be overwritten, I just did:
chattr +i /etc/resolve.conf
Guy
On Sat, 2003-06-21 at 23:36, Boaz Rymland wrote:
Except that it is an ugly patch. You
On Mon, 2003-06-16 at 17:17, Mix Sella wrote:
On Monday 16 June 2003 03:45, Stiven Andre wrote:
May be the post is OT but some weeks ago i wrote a latter about problems
connecting to rh8 httpd server that was connected by
internet zahav ADSL service. The problem was that some people simply
There is a small button (about a size of a pinhead) at the back of the
modem.
Use it to reset the modem to factory defaults. Reboot the modem
(disconnect/connect the power) and let it sync.After that it should work
with PPTP.
Guy
On Mon, 2003-06-16 at 09:26, [EMAIL PROTECTED] wrote:
Hello,
It looks like BezeqInt have one of their international lines way
overloaded. Their was a extesive discussion at Tapuz's broadband forum
regarding the issue [1]
Take a look at your IP. BezeqInt, as far as I recall, have 2 IP pools:
212.X.Y.Z and 81.X.Y.Z
If the user's IP is from the second pool,
Hi,
I've been running 3.0alpha2x for quite a while.
It successfuly authenticates against ADS (Kerberos) without any need for
defining local users or mappings.
The Hebrew works out of the box and files/directories created in Windows
show up correctly under KDE.
My impresion is that there is also
78 matches
Mail list logo