Re: [CentOS] How to mount a remote file system to another linux box

[Tomasz Napierała]

On Wednesday 19 September 2007 06:34:58 Indunil Jayasooriya wrote:
> I have a web server running CentOS 4.4 @ LAN. I can view those graphs via
> this web server , if I can mount those graphs to this web server.
>
> my firewall has 3 nics. eth2 is 192.168.101.254 connected to the LAN. my
> web server @ LAN is 192.168.101.35
>
>
> How can I achieve this ?
Some ideas comes to my mind:
- export folder containing graphs via NSF on desired net interface, but IMHO 
it's bit over the top. 
- look at running httpd only on internal interface (but that would limit 
access to the graphs to your LAN only)
- use rsync 
But to keep security tight I would simply schedule cron job transfering those 
files to web server.

Regards,
-- 
Tomasz Napierala
System Administrator
Allegro Team
http://www.allegro.pl/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to mount a remote file system to another linux box

[Indunil Jayasooriya]

On 9/19/07, Tomasz Napierała <[EMAIL PROTECTED]> wrote:
>
> On Wednesday 19 September 2007 06:34:58 Indunil Jayasooriya wrote:
> > I have a web server running CentOS 4.4 @ LAN. I can view those graphs
> via
> > this web server , if I can mount those graphs to this web server.
> >
> > my firewall has 3 nics. eth2 is 192.168.101.254 connected to the LAN. my
> > web server @ LAN is 192.168.101.35
> >
> >
> > How can I achieve this ?
> Some ideas comes to my mind:
> - export folder containing graphs via NSF on desired net interface, but
> IMHO
> it's bit over the top.


I think I expect something like exporting  folder containing graphs via NSF.


I have never used NSF. I think it may be someting easy.

below is the location of graphs (these graphs are on my firewall - ip is
192.168.101.254 ) i want to export it to webserver @ 192.168.101.35

/opt/polltc/polltc-1.05/eth1-1-tc.png
/opt/polltc/polltc-1.05/eth1-24-tc.png

can U help me for the above.



- look at running httpd only on internal interface (but that would limit
> access to the graphs to your LAN only)

I also thoght it. Then, World can not see this.

- use rsync

> But to keep security tight I would simply schedule cron job transfering
> those
> files to web server.
>
I thought this one as well. garphs are upated every 10 seconds. cronjob
is not so helpful.



-- 
Thank you
Indunil Jayasooriya
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] reading vmcore files

[Tomasz Napierała]

On Wednesday 19 September 2007 02:35:59 Mag Gam wrote:
> I have several RHEL AS 4 systems, and when we get a vmcore, I would like to
> view them in my centos box..
>
> How can I do that? Is that even possible?
>
crash.x86_64 4.0-3.9installed
Matched from:
crash
crash utility for live systems; netdump, diskdump, LKCD or mcore dumpfiles

It's installed by default (CentOS pretty much follows RH policies)

regards,
-- 
Tomasz Napierala
System Administrator
Allegro Team
http://www.allegro.pl/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to mount a remote file system to another linux box

[Tomasz Napierała]

On Wednesday 19 September 2007 09:22:49 Indunil Jayasooriya wrote:
[snip]
> I think I expect something like exporting  folder containing graphs via
> NSF.
>
>
> I have never used NSF. I think it may be someting easy.
>
> below is the location of graphs (these graphs are on my firewall - ip is
> 192.168.101.254 ) i want to export it to webserver @ 192.168.101.35
>
> /opt/polltc/polltc-1.05/eth1-1-tc.png
> /opt/polltc/polltc-1.05/eth1-24-tc.png
>
> can U help me for the above.

As you wish ;)
On the server (firewall in your case) edit /etc/exports and add:
/opt/polltc/polltc-1.05/192.168.101.35(ro)

(ro) will prevent NFS clients from writing to that location at server level 

On the client (webserver) simply add similar line to /etc/fstab
192.168.101.254:/opt/polltc/polltc-1.05/ /graphs nfs defaults 0 0

/graphs must exist on clinet machine. Then point youd httpd to /graphs.

[snip]

Regards,
-- 
Tomasz Napierala
System Administrator
Allegro Team
http://www.allegro.pl/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filtering ssh regardless of the port

[Bazy]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jason Pyeron wrote:
> Not going to happen for telnet
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> -   -
> - Jason Pyeron  PD Inc. http://www.pdinc.us -
> - Sr. Consultant10 West 24th Street #100-
> - +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
> -   -
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you
> have received it in error, purge the message from your system and
> notify the sender immediately.  Any other use of the email by you
> is prohibited. 
> 
>  
> 
>> -Original Message-
>> From: [EMAIL PROTECTED] 
>> [mailto:[EMAIL PROTECTED] On Behalf Of Bazy
>> Sent: Tuesday, September 18, 2007 16:23
>> To: CentOS mailing list
>> Subject: [CentOS] filtering ssh regardless of the port
>>
> Hello gentlemen and lady's,
> 
> 
> I am trying to filter ssh traffic regardless of the port the 
> connection
> is opened on. I want to do the same for rlogin and telnet. I know it
> would be easier to use a proxy server and only allow users to 
> access the
> web... but it's more complicated... they also need other ports open...
> and they use public IP addresses.
> 
> Is there any way that I can do it with iptables without 
> having to patch
> the kernel and iptables with l7-filter.sourceforge.net?
> 
> Thank you for your time.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
>>

> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


And yes... I will use layer 7 filtering.
http://l7-filter.sourceforge.net/protocols

Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto
ssh -j DROP" ;)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG8NTg7nEMcIvWOSIRAqJwAKCNPWCOShzNVcnZrDisbVodr5xjLQCfY9Xf
Tl8whtvWUJ84sKunnYLVf3A=
=kmYe
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to mount a remote file system to another linux box

[Indunil Jayasooriya]

> I have never used NSF. I think it may be someting easy.>

> > below is the location of graphs (these graphs are on my firewall - ip is
> > 192.168.101.254 ) i want to export it to webserver @ 192.168.101.35
> >
> > /opt/polltc/polltc-1.05/eth1-1-tc.png
> > /opt/polltc/polltc-1.05/eth1-24-tc.png
> >
> > can U help me for the above.
>
> As you wish ;)
> On the server (firewall in your case) edit /etc/exports and add:
> /opt/polltc/polltc-1.05/192.168.101.35(ro)

 YES, I did it.

(ro) will prevent NFS clients from writing to that location at server level




On the client (webserver) simply add similar line to /etc/fstab
> 192.168.101.254:/opt/polltc/polltc-1.05/ /graphs nfs defaults 0 0


YES, I did it.

/graphs must exist on clinet machine. Then point youd httpd to /graphs.


YES, I created it  as below

[EMAIL PROTECTED] ~]# mkdir /graphs

Now, The question is how to mount it. Do i need to reboot both machines?

Or without rebooting, How to get it worked.



-- 
Thank you
Indunil Jayasooriya
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filtering ssh regardless of the port

[<[EMAIL PROTECTED]>]

Bazy napsal(a):
> And yes... I will use layer 7 filtering.
> http://l7-filter.sourceforge.net/protocols
> 
> Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto
> ssh -j DROP" ;)

Yes, the only way.
D.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filtering ssh regardless of the port

[ArcosCom Linux User]

No, there is another way.
Using the l7filter user-space daemon.

You need to NFQUEUE target with IPTABLES and configure de L7 daemon to do
the work.

I don't use it, but in http://l7-filter.sourceforge.net/HOWTO-userspace
there is more information about it.

Regards

El Mie, 19 de Septiembre de 2007, 9:57, David Hrbác( escribió:
> Bazy napsal(a):
>> And yes... I will use layer 7 filtering.
>> http://l7-filter.sourceforge.net/protocols
>>
>> Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto
>> ssh -j DROP" ;)
>
> Yes, the only way.
> D.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filtering ssh regardless of the port

[Bazy]

ArcosCom Linux User wrote:
> No, there is another way.
> Using the l7filter user-space daemon.
> 
> You need to NFQUEUE target with IPTABLES and configure de L7 daemon to do
> the work.
> 
> I don't use it, but in http://l7-filter.sourceforge.net/HOWTO-userspace
> there is more information about it.
> 
> Regards
> 
> El Mie, 19 de Septiembre de 2007, 9:57, David Hrbác( escribió:
>> Bazy napsal(a):
>>> And yes... I will use layer 7 filtering.
>>> http://l7-filter.sourceforge.net/protocols
>>>
>>> Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto
>>> ssh -j DROP" ;)
>> Yes, the only way.
>> D.
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


Thank you, your are right, I used l7-filter before and I compiled it
into the kernel and iptables and I didn't take the time to read the
HOWTO-userspace...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to mount a remote file system to another linux box

[Tomasz Napierała]

On Wednesday 19 September 2007 09:54:42 Indunil Jayasooriya wrote:

> Now, The question is how to mount it. Do i need to reboot both machines?
>
> Or without rebooting, How to get it worked.

No reboot needed, it's Linux. You can easily convert fstab entry to mount 
arguments:
mount -t nfs 192.168.101.254:/opt/polltc/polltc-1.05/ /graphs

Regards,
-- 
Tomasz Napierala
System Administrator
Allegro Team
http://www.allegro.pl/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to mount a remote file system to another linux box (SLOVED)

[Indunil Jayasooriya]

>
>
> [EMAIL PROTECTED] ~]# mkdir /graphs
>
> Now, The question is how to mount it. Do i need to reboot both machines?
>
> Or without rebooting, How to get it worked.
>
> Thnaks ALL,
>

I got it up and running.




-- 
Thank you
Indunil Jayasooriya
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to mount a remote file system to another linux box

[Indunil Jayasooriya]

SOLVED

On 9/19/07, Tomasz Napierała <[EMAIL PROTECTED]> wrote:
>
> On Wednesday 19 September 2007 09:54:42 Indunil Jayasooriya wrote:
>
> > Now, The question is how to mount it. Do i need to reboot both machines?
> >
> > Or without rebooting, How to get it worked.
>
> No reboot needed, it's Linux. You can easily convert fstab entry to mount
> arguments:
> mount -t nfs 192.168.101.254:/opt/polltc/polltc-1.05/ /graphs
>
> Regards,
> --
> Tomasz Napierala
> System Administrator
> Allegro Team
> http://www.allegro.pl/
>



-- 
Thank you
Indunil Jayasooriya
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 31, Issue 7

[centos-announce-request]

Send CentOS-announce mailing list submissions to
[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2007:0848 Important CentOS 3 i386openoffice.org -
  security update (Tru Huynh)
   2. CESA-2007:0848 Important CentOS 3 x86_64  openoffice.org -
  security update (Tru Huynh)


--

Message: 1
Date: Tue, 18 Sep 2007 18:25:22 +0200
From: Tru Huynh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CESA-2007:0848 Important CentOS 3 i386
openoffice.org - security update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2007:0848

openoffice.org security update for CentOS 3 i386:
https://rhn.redhat.com/errata/RHSA-2007-0848.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/openoffice.org-1.1.2-40.2.0.EL3.i386.rpm
updates/i386/RPMS/openoffice.org-i18n-1.1.2-40.2.0.EL3.i386.rpm
updates/i386/RPMS/openoffice.org-libs-1.1.2-40.2.0.EL3.i386.rpm

source:
updates/SRPMS/openoffice.org-1.1.2-40.2.0.EL3.src.rpm

You may update your CentOS-3 i386 installations by running the command:

yum update openoffice.org\*

Tru
-- 
Tru Huynh (CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20070918/2bfc0c41/attachment-0001.bin

--

Message: 2
Date: Tue, 18 Sep 2007 18:26:22 +0200
From: Tru Huynh <[EMAIL PROTECTED]>
Subject: [CentOS-announce] CESA-2007:0848 Important CentOS 3 x86_64
openoffice.org - security update
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2007:0848

openoffice.org security update for CentOS 3 x86_64:
https://rhn.redhat.com/errata/RHSA-2007-0848.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

x86_64:
updates/x86_64/RPMS/openoffice.org-1.1.2-40.2.0.EL3.i386.rpm
updates/x86_64/RPMS/openoffice.org-i18n-1.1.2-40.2.0.EL3.i386.rpm
updates/x86_64/RPMS/openoffice.org-libs-1.1.2-40.2.0.EL3.i386.rpm

source:
updates/SRPMS/openoffice.org-1.1.2-40.2.0.EL3.src.rpm

You may update your CentOS-3 x86_64 installations by running the command:

yum update openoffice.org\*

Tru
-- 
Tru Huynh (CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20070918/d927df9f/attachment-0001.bin

--

___
CentOS-announce mailing list
[EMAIL PROTECTED]
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 31, Issue 7
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] A special kernel for linux as guest os

[Akemi Yagi]

On 9/14/07, Yuji Tsuchimoto <[EMAIL PROTECTED]> wrote:
> Dear all,
>
> Somebody are using CentOS as GUEST OS on Xen or VMWare.
> CONFIG_HZ=100 of kernel configuration is better for the guest OS.
> How about release another kernel specified for the guest os in CentOSPlus?
> ( other guest-specified configuration can be included, too. )
> It may spend some of disk space, but make us happy.

Tsuchimoto-san,

I heard from the horse's mouth that the CentOS team is working on the
100Hz centosplus kernel. I think your request triggered the action :-)
 They want make people happy.

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Disabling shutdown and suspend for normal users

[Henk van Lingen]

Hi,

[CentOS 5]

What is the best way to remove the shutdown and suspend options
from menu's for normal users?

After googling around, I added "SystemMenu=false" to the greeter
section in /etc/gdm/custom.conf. After that the GDM login screen
still shows the options, but 'restart' indeed doesn't work anymore.
However, the gnome menu's when logged in, still have the 'suspend'
options, which still leads to a hanging (unwakeble) machine.

BTW: I prefer editing  config files instead of stupid gui's, as I have to
 change a lot of machines :-)

Regards,
-- 
Henk van Lingen, Systems Administrator & DBA  (o-  -+
Dept. of Computer Science, Utrecht University./\|
phone: +31-30-2534107v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: rebuilding rpmdevtools from epel5 SRC has fc7 dependent

[Rex Dieter]

mark pryor wrote:

> I'm suprised that an SRC.RPM from the rhel5 repo needs a file from FC7.

Your build environment is likely faulty (likely missing defining epel
macro), the built binaries in epel-5 are fine.

-- Rex

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-4.5 and LG cd-rom/dvd burner

[James B. Byrne]

I would like to burn the cd-rom iso's of CentOS-5.0 on my desktop machine,
which is running CentOS-4.5.  Is there a site or other reference that can
provide me with a detailed, hand held, step-by-step, blow-by-blow
description on how to do this for my installation?

Regards,

-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:[EMAIL PROTECTED]
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disabling shutdown and suspend for normal users

[Bernhard Gschaider]

> On Wed, 19 Sep 2007 15:20:37 +0200
> "HvL" == Henk van Lingen <[EMAIL PROTECTED]> wrote:

HvL> Hi,

HvL> [CentOS 5]

HvL> What is the best way to remove the shutdown and suspend
HvL> options from menu's for normal users?

HvL> After googling around, I added "SystemMenu=false" to the
HvL> greeter section in /etc/gdm/custom.conf. After that the GDM
HvL> login screen still shows the options, but 'restart' indeed
HvL> doesn't work anymore.  However, the gnome menu's when logged
HvL> in, still have the 'suspend' options, which still leads to a
HvL> hanging (unwakeble) machine.

Just set HaltCommand to nothing:

HaltCommand=

Same for Reboot and Suspend (Havn't tried suspend yet) but my machines
allow Reboot and Halt neither from the user menus nor the Login-Screen

I think in the [daemon]-section of the config-file

HvL> BTW: I prefer editing config files instead of stupid gui's,
HvL> as I have to change a lot of machines :-)

Of course


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filtering ssh regardless of the port

[David G. Miller]

David Hrb?c( <[EMAIL PROTECTED]> wrote:


Bazy napsal(a):

> And yes... I will use layer 7 filtering.
> http://l7-filter.sourceforge.net/protocols
> 
> Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto
> ssh -j DROP"  ;) 



Yes, the only way.
D.
Silly question.  If you're just going to drop all ssh connection 
attempts, wouldn't it be easier to just not start sshd?  Ditto for 
telnet, etc?  No service means nothing to connect to.


Cheers,
Dave

--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disabling shutdown and suspend for normal users

[Henk van Lingen]

On Wed, Sep 19, 2007 at 03:49:34PM +0200, Bernhard Gschaider wrote:

  > Just set HaltCommand to nothing:
  > 
  > HaltCommand=
  > 
  > Same for Reboot and Suspend (Havn't tried suspend yet) but my machines
  > allow Reboot and Halt neither from the user menus nor the Login-Screen

  For Reboot and Halt this works. Setting SuspendCommand= does nothing.
  Suspend still shows up in the menu, and hangs the machine.

  regards,

-- 
Henk van Lingen, Systems Administrator & DBA  (o-  -+
Dept. of Computer Science, Utrecht University./\|
phone: +31-30-2534107v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Choosing VPN Server

[Wei Yu]

Hi,

I am facing a task of choosing vpn server. I do not know which is better.
The one distributed with CentOS4.5 only supports pppd (or maybe pptp but I
cannot find it).
If* *I want to use PPTP or L2TP, which one should I choose? OpenVPN? Poptop?

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Server Virtualization

[Ross S. W. Walker]

Paul Heinlein wrote:
> 
> On Tue, 18 Sep 2007, Flaherty, Patrick wrote:
> 
> > If I had the time, I'd like to try using Xen with an 
> OpenSolaris ZFS 
> > iSCSI target as shared storage, but alas I do not have that time.
> 
> FWIW, I've had good luck compiling and running the iSCSI target from 
> http://iscsitarget.sourceforge.net/ on CentOS 5. There aren't all the 
> bells and whistles of ZFS, I suppose, but it's pretty simple to set 
> up. Also, given gigabit ethernet and a decent switch, its bonnie++ 
> numbers aren't bad at all.

IET is pretty much storage independant and can use either block device
or file for it's back-end. I use it with LVM, while it isn't ZFS it
does provide for more storage management then raw disks or sparse
files.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] best source for rpmdevtools RPM in C5

[mark pryor]

hello,

I'm going to try this question again. The first time I botched it and the 
answers I got were useless.

I want to use rpmdevtools to help with some packaging chores. There is no C5 
version that I can find. I've located an SRC RPM in a location that is known to 
be C5 compatible. There are 2 versions of rpmdevtools:

http://download.fedora.redhat.com/pub/fedora/linux/extras/6/SRPMS/rpmdevtools-6.1-0.1.fc6.src.rpm
http://download.fedora.redhat.com/pub/fedora/linux/extras/6/SRPMS/rpmdevtools-5.3-1.fc6.src.rpm

naturally I grabbed the highest version (6.1) and rebuilt it for EL5. The 
installation halted, missing a version of rpm-build higher than the base 
version in C5. It seems that rpm-build 4.4.2.1+ comes from FC7. This is the 
first time that I've seen an FC6 repo package that depended on something from 
FC7.

rpmdevtools 5.3.1 builds, installs, and works fine on C5. 

I think I made the right decisions here (balking at trying to install a higher 
version of rpm-build).

If you need to use rpmdevtools, how would you approach the problem? What source 
repo would you use? Is there an rhel5 SRC RPM? Where is it?

thanks,
Mark

   
-
Got a little couch potato? 
Check out fun summer activities for kids.___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Server Virtualization

[Paul Heinlein]

On Tue, 18 Sep 2007, Flaherty, Patrick wrote:

If I had the time, I'd like to try using Xen with an OpenSolaris ZFS 
iSCSI target as shared storage, but alas I do not have that time.


FWIW, I've had good luck compiling and running the iSCSI target from 
http://iscsitarget.sourceforge.net/ on CentOS 5. There aren't all the 
bells and whistles of ZFS, I suppose, but it's pretty simple to set 
up. Also, given gigabit ethernet and a decent switch, its bonnie++ 
numbers aren't bad at all.


--
Paul Heinlein <> [EMAIL PROTECTED] <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] filtering ssh regardless of the port

[Bazy]

David G. Miller wrote:
> David Hrb?c( <[EMAIL PROTECTED]> wrote:
> 
>> Bazy napsal(a):
>>> > And yes... I will use layer 7 filtering.
>>> > http://l7-filter.sourceforge.net/protocols
>>> > > Patch my kernel, my iptables, and "iptables -A INPUT -m layer7
>>> --l7proto
>>> > ssh -j DROP"  ;) 
>>
>> Yes, the only way.
>> D.
> Silly question.  If you're just going to drop all ssh connection
> attempts, wouldn't it be easier to just not start sshd?  Ditto for
> telnet, etc?  No service means nothing to connect to.
> 
> Cheers,
> Dave
> 

Sorry, I ment -A FORWARD. My Linux box is a router.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Choosing VPN Server

[Brian Mathis]

On 9/19/07, Wei Yu <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am facing a task of choosing vpn server. I do not know which is better.
> The one distributed with CentOS4.5 only supports pppd (or maybe pptp but I
> cannot find it).
> If I want to use PPTP or L2TP, which one should I choose? OpenVPN? Poptop?
>
> Thanks.
>

I suggest OpenVPN.  It's modern, very secure, and had a wide range of
options and usage scenarios.  PPTP / L2TP is a pain to get working,
and it has some security issues.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-4.5 and LG cd-rom/dvd burner

[Steve Huff]

On Sep 19, 2007, at 9:32 AM, James B. Byrne wrote:

I would like to burn the cd-rom iso's of CentOS-5.0 on my desktop  
machine,
which is running CentOS-4.5.  Is there a site or other reference  
that can

provide me with a detailed, hand held, step-by-step, blow-by-blow
description on how to do this for my installation?


i don't have such a guide at my fingertips, but try this procedure  
first:


1) open the File Browser and navigate to the directory containing the  
ISOs.

2) right-click on the first ISO.
3) select "Write to Disc..."
4) Make sure that your LG drive is selected in the "Write disc to:"  
field.

5) Insert a blank CD.
6) Click "Write".
7) Repeat for other ISOs.

more documentation on CD burning is here:

http://www.centos.org/docs/4/html/rhel-sbs-en-4/s1-disks-cdrw.html

-steve

--
If this were played upon a stage now, I could condemn it as an  
improbable fiction. - Fabian, Twelfth Night, III,v




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: best source for rpmdevtools RPM in C5

[Rex Dieter]

mark pryor wrote:

> I'm going to try this question again. The first time I botched it and the
> answers I got were useless.
> 
> I want to use rpmdevtools to help with some packaging chores. There is no
> C5 version that I can find.

http://download.fedora.redhat.com/pub/epel/5/i386/rpmdevtools-5.3-1.el5.noarch.rpm

-- Rex

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: Choosing VPN Server

[Scott Silva]

Wei Yu spake the following on 9/19/2007 8:19 AM:

Hi,
 
I am facing a task of choosing vpn server. I do not know which is better.
The one distributed with CentOS4.5 only supports pppd (or maybe pptp but 
I cannot find it).

If/ /I want to use PPTP or L2TP, which one should I choose? OpenVPN? Poptop?
 
Thanks.


If you want PPTP because of Windows clients, you need some kernel patches and 
some firewall patches. You can use a CentOS spinoff like ClarkConnect for this 
as it already has the patches, and a decent web config to set things up. If 
you want something more secure, use OpenVPN, but you will have to set each 
client up manually.

--

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Choosing VPN Server

[Alain Spineux]

OpenVPN works with windows too (client or server).
The same configuration files works on both OS.
Very easy to enable multiple VPN connection at the same time.



On 9/19/07, Brian Mathis <[EMAIL PROTECTED]> wrote:
> On 9/19/07, Wei Yu <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I am facing a task of choosing vpn server. I do not know which is better.
> > The one distributed with CentOS4.5 only supports pppd (or maybe pptp but I
> > cannot find it).
> > If I want to use PPTP or L2TP, which one should I choose? OpenVPN? Poptop?
> >
> > Thanks.
> >
>
> I suggest OpenVPN.  It's modern, very secure, and had a wide range of
> options and usage scenarios.  PPTP / L2TP is a pain to get working,
> and it has some security issues.
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
Alain Spineux
aspineux gmail com
May the sources be with you
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: best source for rpmdevtools RPM in C5

[Karanbir Singh]

Guys,

Rex Dieter wrote:

I want to use rpmdevtools to help with some packaging chores. There is no
C5 version that I can find.


http://download.fedora.redhat.com/pub/epel/5/i386/rpmdevtools-5.3-1.el5.noarch.rpm


Is it worth talking to the pkg maintainers at Fedora and getting 
rpmdevtools included in mirror.centos.org along with the mock we already 
have there ?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: best source for rpmdevtools RPM in C5

[Rex Dieter]

Karanbir Singh wrote:

> Guys,
> 
> Rex Dieter wrote:
>>> I want to use rpmdevtools to help with some packaging chores. There is
>>> no C5 version that I can find.
>> 
>>
http://download.fedora.redhat.com/pub/epel/5/i386/rpmdevtools-5.3-1.el5.noarch.rpm
> 
> Is it worth talking to the pkg maintainers at Fedora and getting
> rpmdevtools included in mirror.centos.org along with the mock we already
> have there ?

Absolutely, it's worth it.

-- Rex

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disabling shutdown and suspend for normal users

[Bernhard Gschaider]

> On Wed, 19 Sep 2007 16:51:42 +0200
> "HvL" == Henk van Lingen <[EMAIL PROTECTED]> wrote:

HvL> On Wed, Sep 19, 2007 at 03:49:34PM +0200, Bernhard Gschaider
HvL> wrote:
>> Just set HaltCommand to nothing:
>> 
>> HaltCommand=
>> 
>> Same for Reboot and Suspend (Havn't tried suspend yet) but my
>> machines allow Reboot and Halt neither from the user menus nor
>> the Login-Screen

HvL>   For Reboot and Halt this works. Setting SuspendCommand=
HvL> does nothing.  Suspend still shows up in the menu, and hangs
HvL> the machine.

You have also tried it with a lowercase S? Stupid question, but the
relevant section in /usr/share/gdm/defaults.conf says:

# Reboot, Halt and suspend commands, you can add different commands separated
# by a semicolon.  GDM will use the first one it can find.
RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r 
now;/usr/bin/reboot
HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h 
now;/usr/bin/poweroff

It may be typo ...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Re: Choosing VPN Server

[Ross S. W. Walker]

Scott Silva wrote:
> 
> Wei Yu spake the following on 9/19/2007 8:19 AM:
> > Hi,
> >  
> > I am facing a task of choosing vpn server. I do not know 
> which is better.
> > The one distributed with CentOS4.5 only supports pppd (or 
> maybe pptp but 
> > I cannot find it).
> > If/ /I want to use PPTP or L2TP, which one should I choose? 
> OpenVPN? Poptop?
> >  
> > Thanks.
> > 
> If you want PPTP because of Windows clients, you need some 
> kernel patches and 
> some firewall patches. You can use a CentOS spinoff like 
> ClarkConnect for this 
> as it already has the patches, and a decent web config to set 
> things up. If 
> you want something more secure, use OpenVPN, but you will 
> have to set each 
> client up manually.

For pptp clients I've used 'poptop' with good success.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disabling shutdown and suspend for normal users

[Erik Laxdal]

Henk van Lingen wrote:

Hi,

[CentOS 5]

What is the best way to remove the shutdown and suspend options
from menu's for normal users?

After googling around, I added "SystemMenu=false" to the greeter
section in /etc/gdm/custom.conf. After that the GDM login screen
still shows the options, but 'restart' indeed doesn't work anymore.
However, the gnome menu's when logged in, still have the 'suspend'
options, which still leads to a hanging (unwakeble) machine.

BTW: I prefer editing  config files instead of stupid gui's, as I have to
 change a lot of machines :-)


To remove the reboot/shutdown options from the login screen (after 
setting SystemMenu=False) two small modifications are needed to:

 /usr/share/gdm/themes/CentOSCubes/CentOSCubes.xml

The two modifications are:

1. Change line 102 from:
  
to:
  


2. Change line 118 from:
  
to:
  

The lines above both of these should have an item tag refering to the 
appropriate reboot/halt button.  Then restart the gdm.  The shutdown and 
reboot buttons should no longer appear.



I use the following command:

gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory 
-s -t bool /apps/gnome-power-manager/can_suspend false


to remove the suspend option from the gnome system menu.  Also, deleting 
the symbolic links for halt, poweroff, and reboot in /usr/bin appears to 
remove the respective options from the menu as well as from the command 
line.


Erik

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Disabling shutdown and suspend for normal users

[Ken Godee]

  For Reboot and Halt this works. Setting SuspendCommand= does nothing.
  Suspend still shows up in the menu, and hangs the machine.



Create your own GDM theme and customize exactly how
you want it. Here's ours, users have no access to
anything but logging in.

http://www.perfect-image.com/images/scrn.gif


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Reconfiguring gnome desktop

[Andrew Allen]

Please - how do I reconfigure my gnome desktop (CentOS 4.4) to get back
my application icons and workspaces? Something's changed in the settings
so that there are no workspaces shown in the panel and applications
"disappear" off the screen when applications (eg Evolution, Mozilla etc)
are minimized! When I log in as root, it's all still there OK!

Any help appreciated - thanks

Andy

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Reconfiguring gnome desktop

[Alfred von Campe]

Please - how do I reconfigure my gnome desktop (CentOS 4.4) to get  
back
my application icons and workspaces? Something's changed in the  
settings

so that there are no workspaces shown in the panel and applications
"disappear" off the screen when applications (eg Evolution, Mozilla  
etc)

are minimized!


Just right click on the lower panel (the grey area at the bottom of  
the screen) and select "Add to Panel...".  The items you are looking  
for are named "Window List" and "Workspace Switcher".  If you don't  
even have the lower panel, right click on the top panel and select  
"New Panel".


Alfred

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Reconfiguring gnome desktop

[Andrew Allen]

Hi Alfred,
Thanks for your prompt and very helpful reply - so easy when you know
how, but I've struggled for ages over this!

Best regards,
Andy

On Wed, 2007-09-19 at 14:52 -0400, Alfred von Campe wrote:
> > Please - how do I reconfigure my gnome desktop (CentOS 4.4) to get  
> > back
> > my application icons and workspaces? Something's changed in the  
> > settings
> > so that there are no workspaces shown in the panel and applications
> > "disappear" off the screen when applications (eg Evolution, Mozilla  
> > etc)
> > are minimized!
> 
> Just right click on the lower panel (the grey area at the bottom of  
> the screen) and select "Add to Panel...".  The items you are looking  
> for are named "Window List" and "Workspace Switcher".  If you don't  
> even have the lower panel, right click on the top panel and select  
> "New Panel".
> 
> Alfred
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 4.5: Print on custom paper size?

[Brad Beyenhof]

I'd like to print on an index card. My printer (an HP LaserJet 2100) 
supports it, but I can't figure out how to get a 3x5 inch option in 
CentOS's "Printer Properties" dialog.


Thanks for any help or direction that can be provided!

--
Brad Beyenhof
Systems Administrator
UC San Diego, Laboratory of Cognitive Imaging
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] A special kernel for linux as guest os

[Karanbir Singh]

Akemi Yagi wrote:

On 9/14/07, Yuji Tsuchimoto <[EMAIL PROTECTED]> wrote:

Dear all,

Somebody are using CentOS as GUEST OS on Xen or VMWare.
CONFIG_HZ=100 of kernel configuration is better for the guest OS.
How about release another kernel specified for the guest os in CentOSPlus?
( other guest-specified configuration can be included, too. )
It may spend some of disk space, but make us happy.


Tsuchimoto-san,

I heard from the horse's mouth that the CentOS team is working on the
100Hz centosplus kernel. I think your request triggered the action :-)
 They want make people happy.



not for a Xen guest though, thats already a 250Mhz kernel in the distro

--
Karanbir Singh : http://www.karan.org/ : [EMAIL PROTECTED]
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 2 nics, 2 networks, 2 switches

[Kanwar Ranbir Sandhu]

On Wed, 2007-09-19 at 13:52 -0700, John R Pierce wrote:
> are there OTHER networks on the WAN accessed via B's gateway/router ?   
> network A's gateway is the internet route?

I suppose I should have mentioned that both networks are internal.  They
can each get out to the Internet, though.

network A's gateway is the route to the rest of the network.  It's
fairly complicated, and I don't know it all.  Basically, network B's
gateway is to get to everything else in B and other networks accessible
from B.  network A's gateway is to get to everything in A, and other
networks accessible from A (which isn't a lot since it's in a DMZ).

> if B's gateway has routes to the rest of 10.x.x.x, I'd just define a 
> static route like 10.0.0.0/8 -> B's gateway/router's IP, and leave the 
> DEFAULT gateway as network A's internet/DMZ router.

Yes, B's gateway has routes to the rest of 10.x.x.x, and more.  Leaving
the default gateway as network A's should be okay.  I'll have to try
this.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.22.2-42.fc6 i686 GNU/Linux 
17:20:35 up 19 days, 15:44, 4 users, load average: 1.51, 0.51, 0.18 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems building LPRng src RPM

[James A. Peltier]

Hi All

I know this is not a LPRng list but I'm trying to build the latest SRPM from

http://lprng.sourceforge.net/DISTRIB/LPRng/LPRng-3.8.27-1.src.rpm

so that I may use it on my CentOS 5 box, but it fails with the following 
errors



+ make MAKEPACKAGE=YES
if [ "UTILS" = po ] ; then \
   for i in po/Makefile* ; do \
   if [ -f "$i" ] ; then \
   if grep '^mkinstalldirs.*=.*case' $i ; then \
   echo "fixing broken $i which causes wrong path 
to mkinstalldirs to be used"; \
   perl -spi -e 
's:^mkinstalldirs\s*=\s*.*:mkinstalldirs = \$(SHELL) \$(MKINSTALLDIRS):' 
$i; \

   fi \
   fi \
   done \
   fi
/bin/sh: -c: line 1: syntax error: unexpected end of file
/bin/sh: line 1: for i in po/Makefile* ; do \: No such file or directory
/bin/sh: line 2:if [ -f "$i" ] ; then \: command not found
/bin/sh: line 3:if grep '^mkinstalldirs.*=.*case' $i ; then 
\: command not found
/bin/sh: line 4:echo "fixing broken $i which causes 
wrong path to mkinstalldirs to be used"; \: command not found
/bin/sh: line 5:perl -spi -e 
's:^mkinstalldirs\s*=\s*.*:mkinstalldirs = \$(SHELL) \$(MKINSTALLDIRS):' 
$i; \: command not found

/bin/sh: line 6:fi \: command not found
/bin/sh: line 7:fi \: command not found
/bin/sh: line 8: done \: command not found
/bin/sh: -c: line 9: syntax error near unexpected token `fi'
/bin/sh: -c: line 9: `fi'
make: *** [UTILS] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.93721 (%build)


It looked like it went through the ./configure portion OK. Any ideas?  
Has someone else gotta LPRng to work on CentOS 5?


--
James A. Peltier
Technical Director, RHCE
SCIRF | GrUVi @ Simon Fraser University - Burnaby Campus
Phone   : 604-291-3610
Fax : 604-291-3045
Mobile  : 778-840-6434
E-Mail  : [EMAIL PROTECTED]
Website : http://gruvi.cs.sfu.ca | http://scirf.cs.sfu.ca

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server Virtualization

[Mark D. Foster]

Paul Heinlein wrote:
> On Tue, 18 Sep 2007, Flaherty, Patrick wrote:
>
>> If I had the time, I'd like to try using Xen with an OpenSolaris ZFS
>> iSCSI target as shared storage, but alas I do not have that time.
>
> FWIW, I've had good luck compiling and running the iSCSI target from
> http://iscsitarget.sourceforge.net/ on CentOS 5. There aren't all the
> bells and whistles of ZFS, I suppose, but it's pretty simple to set
> up. Also, given gigabit ethernet and a decent switch, its bonnie++
> numbers aren't bad at all.
>
Apples and oranges, though.  iSCSI is networked block storage. It does
not case what filesystem you lay on it. As someone who learned this the
hard way, it is not enough to have iSCSI to support live vm migration.
If you are look to setup 2+ xen hosts and live migrate amongst them
(known as vmotion in vmware-land) you need _shared_ storage filesystem,
and ext3 is not that nor is zfs. See
http://en.wikipedia.org/wiki/List_of_file_systems#Shared_disk_file_systems
for a list of FS that would suitable to lay on iSCSI for this purpose.

-- 
Said one park ranger, 'There is considerable overlap between the 
 intelligence of the smartest bears and the dumbest tourists.'
Mark D. Foster, CISSP <[EMAIL PROTECTED]>  http://mark.foster.cc/

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 2 nics, 2 networks, 2 switches

[Kanwar Ranbir Sandhu]

On Fri, 2007-09-14 at 12:16 -0400, Ken Price wrote:
> What you're asking can be done a number of ways with different levels  
> of complexity, the simplest using routing tables and IPTABLES.   
> Instead of asking this list how to technically do this, I'd suggest  
> that first you describe what you're trying to accomplish at a higher  
> level.  And be very specific.  Then you will/should receive technical  
> advice better suited to your problem.

I'll do my best to explain in more detail.

The server is running CentOS 5, and it has two NICs on it.  NIC 1 is
currently active, and plugged into network A - let's say it's
10.1.1.0/255.255.255.224.  NIC 2 is currently disabled.  I want to
enable it, but on a different network - let's say it's
10.1.2.0/255.255.255.0.

Network A is in a fairly well locked down DMZ.  I can get to only some
devices on network B from network A.  Network B has full access to
Network A.

Network A and Network B each use different gateways, so I can't use
network A's gateway (which is in the DMZ) for NIC 2.  NIC 2 would have
to use network B's gateway.

I need to activate both NICs because services running on the box need to
access devices on network B, and that's only possible from within
network B itself.

So, is that enough detail?  I'm not sure if I've cleared things up or
just made more of a mess.

Thanks for any help.

Regards,

Ranbir

-- 
Kanwar Ranbir Sandhu
Linux 2.6.22.2-42.fc6 i686 GNU/Linux 
15:58:18 up 19 days, 14:22, 4 users, load average: 0.28, 0.20, 0.09 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] LDAP / PAM -- Invalid Credentials Error

[Von Landfried]

Hello,

I am having a small issue with LDAP, and I hope someone here might be  
able to provide a few tips.


I am unable to authenticate as user 'testuser' on server 'storage'  
and the following errors appear in /var/log/messages on server 'storage'


Sep 19 16:56:17 storage sshd(pam_unix)[3124]: check pass; user unknown
	Sep 19 16:56:17 storage sshd(pam_unix)[3124]: authentication  
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=test-kja1
	Sep 19 16:56:17 storage sshd[3124]: pam_ldap: error trying to bind  
as user "uid=testuser,ou=People,dc=example,dc=local" (Invalid  
credentials)


I am also unable to issue this command:

# passwd testuser
passwd: Unknown user name 'testuser'.

but this command works fine:

# finger testuser
Login: testuserName: Test User
Directory: /home/testuser  Shell: /bin/bash
Never logged in.
No mail.
No Plan.

The server 'storage' is the LDAP host server, and there are about 9  
other servers configured to use 'storage' to authenticate users. All  
9 of them allow 'testuser' to login and also for him to change his  
password.


Issuing this command:

# ldapsearch -x -b 'uid=testuser,ou=People,dc=example,dc=local'  
'(objectclass=*)'



# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# testuser, People, example.local
dn: uid=testuser,ou=People,dc=example,dc=local
uid: testuser
cn: Sean Cook
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 547
gidNumber: 500
homeDirectory: /home/testuser

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


I think the issue might be with PAM, because comparing all files I  
can think of doesnt point me to any differences except /etc/pam.d/ 
system-auth


The LDAP server 'storage' has WINBIND turned on, as follows:

authrequired  /lib/security/$ISA/pam_env.so
authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
authsufficient/lib/security/$ISA/pam_ldap.so use_first_pass
authsufficient/lib/security/$ISA/pam_winbind.so  
use_first_pass

authrequired  /lib/security/$ISA/pam_deny.so

account required  /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient/lib/security/$ISA/pam_succeed_if.so uid <  
100 quiet
account [default=bad success=ok user_unknown=ignore] /lib/ 
security/$ISA/pam_ldap.so
account [default=bad success=ok user_unknown=ignore] /lib/ 
security/$ISA/pam_winbind.so

account required  /lib/security/$ISA/pam_permit.so

passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3
passwordsufficient/lib/security/$ISA/pam_unix.so nullok  
use_authtok md5 shadow

passwordsufficient/lib/security/$ISA/pam_ldap.so use_authtok
passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok
passwordrequired  /lib/security/$ISA/pam_deny.so

session required  /lib/security/$ISA/pam_limits.so
session required  /lib/security/$ISA/pam_unix.so
session optional  /lib/security/$ISA/pam_ldap.so


And the server 'phoenix' (which allows 'testuser' to login fine) does  
not;


# User changes will be destroyed the next time authconfig is run.
authrequired  /lib/security/$ISA/pam_env.so
authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
authsufficient/lib/security/$ISA/pam_ldap.so use_first_pass
authrequired  /lib/security/$ISA/pam_deny.so

account required  /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient/lib/security/$ISA/pam_succeed_if.so uid <  
100 quiet
account [default=bad success=ok user_unknown=ignore] /lib/ 
security/$ISA/pam_ldap.so

account required  /lib/security/$ISA/pam_permit.so

passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3
passwordsufficient/lib/security/$ISA/pam_unix.so nullok  
use_authtok md5 shadow

passwordsufficient/lib/security/$ISA/pam_ldap.so use_authtok
passwordrequired  /lib/security/$ISA/pam_deny.so

session required  /lib/security/$ISA/pam_limits.so
session required  /lib/security/$ISA/pam_unix.so
session optional  /lib/security/$ISA/pam_ldap.so


I tried disabling WINBIND but the issue still occurs even after  
restarting ldap and sshd.


Please help!!


--
Von Landfried | System Administrator
Eye Street Software Corporation
1-888-252-2085 x 3052
[EMAIL PROTECTED]



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Server Virtualization

[Ross S. W. Walker]

Mark D. Foster wrote:
> 
> Paul Heinlein wrote:
> > On Tue, 18 Sep 2007, Flaherty, Patrick wrote:
> >
> >> If I had the time, I'd like to try using Xen with an 
> OpenSolaris ZFS
> >> iSCSI target as shared storage, but alas I do not have that time.
> >
> > FWIW, I've had good luck compiling and running the iSCSI target from
> > http://iscsitarget.sourceforge.net/ on CentOS 5. There 
> aren't all the
> > bells and whistles of ZFS, I suppose, but it's pretty simple to set
> > up. Also, given gigabit ethernet and a decent switch, its bonnie++
> > numbers aren't bad at all.
> >
> Apples and oranges, though.  iSCSI is networked block storage. It does
> not case what filesystem you lay on it. As someone who 
> learned this the
> hard way, it is not enough to have iSCSI to support live vm migration.
> If you are look to setup 2+ xen hosts and live migrate amongst them
> (known as vmotion in vmware-land) you need _shared_ storage 
> filesystem,
> and ext3 is not that nor is zfs. See
> http://en.wikipedia.org/wiki/List_of_file_systems#Shared_disk_
> file_systems
> for a list of FS that would suitable to lay on iSCSI for this purpose.

There is a configuration though that doesn't need a cluster file
system to perform live migrations and that is where the Xen VMs
write directly to a block device which is an iSCSI target.

-Ross

__
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] Choosing VPN Server

[Robert Becker Cope]

"Brian Mathis" <[EMAIL PROTECTED]> wrote:

> I suggest OpenVPN. It's modern, very secure, and had a wide range of
> options and usage scenarios. PPTP / L2TP is a pain to get working,
> and it has some security issues.

I want to second this suggestion. Another strong advantage of OpenVPN is that
it is SSL based. This means it can listen on port TCP/443, which means your
odds of actually connecting to it at very good as compared to IPsec and other
solutions, which often find themselves getting filtered, not NATed well, etc.

robert

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 2 nics, 2 networks, 2 switches

[John R Pierce]

Kanwar Ranbir Sandhu wrote:

The server is running CentOS 5, and it has two NICs on it.  NIC 1 is
currently active, and plugged into network A - let's say it's
10.1.1.0/255.255.255.224.  NIC 2 is currently disabled.  I want to
enable it, but on a different network - let's say it's
10.1.2.0/255.255.255.0.

Network A is in a fairly well locked down DMZ.  I can get to only some
devices on network B from network A.  Network B has full access to
Network A.

Network A and Network B each use different gateways, so I can't use
network A's gateway (which is in the DMZ) for NIC 2.  NIC 2 would have
to use network B's gateway.

I need to activate both NICs because services running on the box need to
access devices on network B, and that's only possible from within
network B itself.
  


are there OTHER networks on the WAN accessed via B's gateway/router ?   
network A's gateway is the internet route?


if B's gateway has routes to the rest of 10.x.x.x, I'd just define a 
static route like 10.0.0.0/8 -> B's gateway/router's IP, and leave the 
DEFAULT gateway as network A's internet/DMZ router.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] reading vmcore files

[Mag Gam]

So,
If I have a vmcore file from systemX (AMD 64), and I have a test box (Intel
32bit), can I still read the vmcore file on Intel32 bit box?
Also, where can I find a guide to system crash handling (like, find the root
cause of a problem), i guess backtrack...

TIA

On 9/19/07, Tomasz Napierała <[EMAIL PROTECTED]> wrote:
>
> On Wednesday 19 September 2007 02:35:59 Mag Gam wrote:
> > I have several RHEL AS 4 systems, and when we get a vmcore, I would like
> to
> > view them in my centos box..
> >
> > How can I do that? Is that even possible?
> >
> crash.x86_64 4.0-3.9installed
> Matched from:
> crash
> crash utility for live systems; netdump, diskdump, LKCD or mcore dumpfiles
>
> It's installed by default (CentOS pretty much follows RH policies)
>
> regards,
> --
> Tomasz Napierala
> System Administrator
> Allegro Team
> http://www.allegro.pl/
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] xorg-x11

[Barton Callender]

Greetings,
 
Are there any xorg-x11-devel or xorg-server-devel rpm for centos 5?
 
Thanks,
Barton
_
Kick back and relax with hot games and cool activities at the Messenger Café.
http://www.cafemessenger.com?ocid=TXT_TAGLM_SeptWLtagline___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] xorg-x11

[Matthew Miller]

On Wed, Sep 19, 2007 at 10:08:50PM -0400, Barton Callender wrote:
> Are there any xorg-x11-devel or xorg-server-devel rpm for centos 5?

Not precisely, but in a sense yes, dozens. There's no longer a big
monolithic package but rather dozens of individual ones.

-- 
Matthew Miller   [EMAIL PROTECTED]  
Boston University Linux  -->  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] xorg-x11

[Jim Perrin]

On 9/19/07, Barton Callender <[EMAIL PROTECTED]> wrote:
>
>  Greetings,
>
>  Are there any xorg-x11-devel or xorg-server-devel rpm for centos 5?

Yes and no. The packages for xorg have been renamed slightly (a change
inherited from upstream) and the number of packages involved in the
xorg suite has exploded.
You probably want the xorg-x11-server-sdk package, though there are
some others which you may also need.

You can run the following command to see them all:
yum list xorg-x11\*

-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

RE: [CentOS] RE: Setting up RAID using mdadm on a proliant DL320 G4

[William L. Maltby]

On Mon, 2007-09-03 at 20:33 -0400, Ross S. W. Walker wrote:
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of William L. Maltby
> > 
> > On Mon, 2007-09-03 at 10:42 -0400, William L. Maltby wrote:
> > > On Sun, 2007-09-02 at 17:27 -0400, Ross S. W. Walker wrote:
> > > > From: [EMAIL PROTECTED] 
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of William L. Maltby
> > > > > 
> > > > > On Wed, 2007-08-29 at 16:38 -0400, Ross S. W. Walker wrote:
> > > > > > >
> > > 
> > 
> > > Right now, I'm trying to figure out how to get decent graphic
> > > performance on that node. I recently installed the nvidia 
> > driver (tried
> > > to use the Rpmforge rpm, but the graphic card demanded the .96xx
> > > driver). Regardless, my 4.5 AMD 2200XP unit with a Radeon 
> > gets appx. 670
> > > FPS, while the AMD 3200XP with the nvidia (and matching driver from
> > > nvidia's site) gets about 300 FPS. It's the same with the 
> > nv driver. I
> > > cured this on the 4.5 by using frame buffer, dri and some 
> > other things
> > > in the Xorg.conf. I've got to resolve this for the faster system.
> > 
> > BTW, on the slower system, IIRC, the FPS was in the mid 30s, not 300.
> > 
> 
> I believe with the nvidias you can't have compositing and glx at the
> same time unless you add this option:
> 
> Option  "AllowGLXWithComposite" "True"
> 
> In your graphics card section. I believe it is the GL off-loading that
> is giving you the premo FPS.

Thanks. I'll give that a try this weekend (I hope). Been doing some long
hours at work and all my recreational time seems to be spent sleeping!

> 
> -Ross
> 

--
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LDAP / PAM -- Invalid Credentials Error

[Craig White]

you can't bind as a user that doesn't have a password

you don't have users until you have configured /etc/ldap.conf properly

1 - use 'system-config-authentication' and don't
edit /etc/pam.d/system-auth
uncheck Windows authentication and winbindd goes away

2 - edit /etc/ldap.conf to properly match your ldap setup, when you get
it
set up properly, the command 'getent passwd' will first list the
contents of /etc/passwd and then list whatever you have setup for
nss_base_passwd in /etc/ldap.conf

3 - you really need better understanding of LDAP...try a book

   I'll recommend a really old one but really good for basic LDAP
knowledge...
   LDAP System Administration by Gerald Carter

   or

OpenLDAP v 2.3 (included with CentOS-5)
http://www.openldap.org/doc/admin23/

OpenLDAP v 2.2 (included with CentOS-4)
http://www.openldap.org/doc/admin22/

a hint here...you don't say whether you're using CentOS-4 or CentOS-5

man ldap.conf # refers to ldap.conf supplied by openldap - the file
located at /etc/openldap/ldap.conf and man 8 ldap.conf (CentOS-4 IIRC)
or man pam_ldap (CentOS-5) refers to /etc/ldap.conf (supplied as part of
padl's nss)

good luck

Craig

On Wed, 2007-09-19 at 18:19 -0400, Von Landfried wrote:
> Hello,
> 
> I am having a small issue with LDAP, and I hope someone here might be  
> able to provide a few tips.
> 
> I am unable to authenticate as user 'testuser' on server 'storage'  
> and the following errors appear in /var/log/messages on server 'storage'
> 
>   Sep 19 16:56:17 storage sshd(pam_unix)[3124]: check pass; user unknown
>   Sep 19 16:56:17 storage sshd(pam_unix)[3124]: authentication  
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=test-kja1
>   Sep 19 16:56:17 storage sshd[3124]: pam_ldap: error trying to bind  
> as user "uid=testuser,ou=People,dc=example,dc=local" (Invalid  
> credentials)
> 
> I am also unable to issue this command:
> 
>   # passwd testuser
>   passwd: Unknown user name 'testuser'.
> 
> but this command works fine:
> 
>   # finger testuser
>   Login: testuserName: Test User
>   Directory: /home/testuser  Shell: /bin/bash
>   Never logged in.
>   No mail.
>   No Plan.
> 
> The server 'storage' is the LDAP host server, and there are about 9  
> other servers configured to use 'storage' to authenticate users. All  
> 9 of them allow 'testuser' to login and also for him to change his  
> password.
> 
> Issuing this command:
> 
> # ldapsearch -x -b 'uid=testuser,ou=People,dc=example,dc=local'  
> '(objectclass=*)'
> 
> 
> # extended LDIF
> #
> # LDAPv3
> # base  with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # testuser, People, example.local
> dn: uid=testuser,ou=People,dc=example,dc=local
> uid: testuser
> cn: Sean Cook
> objectClass: account
> objectClass: posixAccount
> objectClass: top
> objectClass: shadowAccount
> shadowMax: 9
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 547
> gidNumber: 500
> homeDirectory: /home/testuser
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 2
> # numEntries: 1
> 
> 
> I think the issue might be with PAM, because comparing all files I  
> can think of doesnt point me to any differences except /etc/pam.d/ 
> system-auth
> 
> The LDAP server 'storage' has WINBIND turned on, as follows:
> 
> authrequired  /lib/security/$ISA/pam_env.so
> authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
> authsufficient/lib/security/$ISA/pam_ldap.so use_first_pass
> authsufficient/lib/security/$ISA/pam_winbind.so  
> use_first_pass
> authrequired  /lib/security/$ISA/pam_deny.so
> 
> account required  /lib/security/$ISA/pam_unix.so broken_shadow
> account sufficient/lib/security/$ISA/pam_succeed_if.so uid <  
> 100 quiet
> account [default=bad success=ok user_unknown=ignore] /lib/ 
> security/$ISA/pam_ldap.so
> account [default=bad success=ok user_unknown=ignore] /lib/ 
> security/$ISA/pam_winbind.so
> account required  /lib/security/$ISA/pam_permit.so
> 
> passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3
> passwordsufficient/lib/security/$ISA/pam_unix.so nullok  
> use_authtok md5 shadow
> passwordsufficient/lib/security/$ISA/pam_ldap.so use_authtok
> passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok
> passwordrequired  /lib/security/$ISA/pam_deny.so
> 
> session required  /lib/security/$ISA/pam_limits.so
> session required  /lib/security/$ISA/pam_unix.so
> session optional  /lib/security/$ISA/pam_ldap.so
> 
> 
> And the server 'phoenix' (which allows 'testuser' to login fine) does  
> not;
> 
> # User changes will be destroyed the next time authconfig is run.
> authrequired  /lib/security/$ISA/pam_env.so
> authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
> a

[CentOS] Linux groups and policies

[umair shakil]

Dear All Salam,

Does anyone work on Linux groups and policies like;

I have squid.conf, i want to run it by my user and for starting and
restarting services only sudo can be command
but we want to totally eleminate ROOT password.

Regards,

Umair Shakil
ETD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Linux groups and policies

[John R Pierce]

umair shakil wrote:

Dear All Salam,

Does anyone work on Linux groups and policies like;

I have squid.conf, i want to run it by my user and for starting and 
restarting services only sudo can be command

but we want to totally eleminate ROOT password.



when a user is in the sudoers list, and they use the sudo command to 
execute predefined commands as root, sudo prompts for the USERS 
password, not the root password.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Linux groups and policies

[umair shakil]

Dear,

Thanks for help, i need a proper link or documentation. i dont only need to
excute the command but needs to edit the file too. I made some attempt but
not effected,

i m using ubunto as desktop, put my site in /var/www/umair. i made the group
data. put
user alpacino in it and chown root:data to /var/www/umair. when i edit
index.html through
user alpacino it says changing Readonly file.

Regards,

Umair Shakil
ETD



On 9/20/07, John R Pierce <[EMAIL PROTECTED]> wrote:
>
> umair shakil wrote:
> > Dear All Salam,
> >
> > Does anyone work on Linux groups and policies like;
> >
> > I have squid.conf, i want to run it by my user and for starting and
> > restarting services only sudo can be command
> > but we want to totally eleminate ROOT password.
>
>
> when a user is in the sudoers list, and they use the sudo command to
> execute predefined commands as root, sudo prompts for the USERS
> password, not the root password.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems building LPRng src RPM

[Mogens Kjaer]

James A. Peltier wrote:
...
> It looked like it went through the ./configure portion OK. Any ideas? 
> Has someone else gotta LPRng to work on CentOS 5?
> 

Yes. With difficulty. :-)

This problem is fixed by:

1. installing the LPRng src rpm
2. cd /usr/src/redhat/SOURCES
3. mkdir unpack
4. cd unpack
5. tar zxf ../LPRng-3.8.27.tgz
6. vi LPRng-3.8.27/Makefile.in
7. Change line 45 from:

SHELL="@SHELL@"

to:

[EMAIL PROTECTED]@

8. tar zcf ../LPRng-3.8.27.tgz LPRng-3.8.27
9. cd /usr/src/redhat/SPECS
10.rpmbuild -bb LPRng.spec

There are other errors later on; I can't recall how I fixed this,
maybe disabling kerberos support?

Mogens

-- 
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Linux groups and policies

[John R Pierce]

umair shakil wrote:

Dear,

Thanks for help, i need a proper link or documentation. i dont only 
need to excute the command but needs to edit the file too. I made some 
attempt but not effected,




I'd recommend jsut about any introduction to unix administration book, 
that should explain the file access rights.


i m using ubunto as desktop, put my site in /var/www/umair. i made the 
group data. put
user alpacino in it and chown root:data to /var/www/umair. when i edit 
index.html through

user alpacino it says changing Readonly file.



why would root own your website?  far more common for the user to own 
his own website files.


anyways, does group 'data' have write privileges to the file 
/var/www/umair/index.html ?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos