Re: [CentOS] You do not appear to have the sources for the 2.6.18-128.1.1.el5.028stab062.3PAE kernel installed.

2010-10-29 Thread Sharon Kimble 
On 29 October 2010 07:56, Thuo Wilson  wrote:

> Where do i get the kernel sources for the installed version to work?
>
>
>
> Wilson.
>
>
> From the vault where all out of date rpms go, but you'll be lucky to get
support from here as we only support what we ship! And please don't top
post, it breaks the flow of conversation.

Sharon.

>
>
>
> On 29 October 2010 09:45, Arturas Skauronas  wrote:
>
>> it is openvz kernel, and you have openvz container.
>> and with very old kernel...
>> http://www.openvz.org
>>
>> but your software might not to work...
>>
>> On Fri, Oct 29, 2010 at 09:38, Thuo Wilson  wrote:
>> > Hello Guys,
>> >
>> > This is a virtual server hosted by some guys in UK.
>> >
>> > Please help me out here, i dont seem to get the required sources. Where
>> do i
>> > get the sources required to compile dahdi?
>> > I have searched to no avail.
>> >
>> > 2.6.18-128.1.1.el5.028stab062.3PAE
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


-- 
A taste of linux http://www.sharons.org.uk/taste/index.html
efever http://www.efever.blogspot.com/
Centos 5.5, KDE 3.5.4-25, OpenOffice 3.2.1
Registered Linux user 334501
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] You do not appear to have the sources for the 2.6.18-128.1.1.el5.028stab062.3PAE kernel installed.

2010-10-29 Thread John R. Dennison 
On Fri, Oct 29, 2010 at 09:56:23AM +0300, Thuo Wilson wrote:
> Where do i get the kernel sources for the installed version to work?

It's not a matter so much of where to get the sources as it is
that since it is an OpenVZ container you don't have direct
access to the hardware, nor the ability to load kernel modules
as the kernel is shared between everyone on the host node.

Your provider can, if they are willing, load the module for the
host, but many are not willing to do so.

The OpenVZ kernel sources should be available on the OpenVZ web
site in RPM format, and you can get them there, download them
and install them, for what it's worth.




John

-- 
To do just the opposite is also a form of imitation.

-- Georg Christoph Lichtenberg (1742-1799), German scientist,
   satirist and philosopher, Notebook D (1773-1775)


pgpHN2SCkLatQ.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] You do not appear to have the sources for the 2.6.18-128.1.1.el5.028stab062.3PAE kernel installed.

2010-10-29 Thread Thuo Wilson 
On 29 October 2010 10:14, John R. Dennison  wrote:

> On Fri, Oct 29, 2010 at 09:56:23AM +0300, Thuo Wilson wrote:
> > Where do i get the kernel sources for the installed version to work?
>
> It's not a matter so much of where to get the sources as it is
>that since it is an OpenVZ container you don't have direct
>access to the hardware, nor the ability to load kernel modules
>as the kernel is shared between everyone on the host node.
>
>Your provider can, if they are willing, load the module for the
>host, but many are not willing to do so.
>
>The OpenVZ kernel sources should be available on the OpenVZ web
>site in RPM format, and you can get them there, download them
>and install them, for what it's worth.
>
>
>
>
>John
>
> --
> To do just the opposite is also a form of imitation.
>
> -- Georg Christoph Lichtenberg (1742-1799), German scientist,
>   satirist and philosopher, Notebook D (1773-1775)
>



Thanks Guys.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 5.5: bind config is missing the slave zone definitions

2010-10-29 Thread Lorenzo Quatrini 
Boris Epstein ha scritto:
> Hi all,
> 
> I have two near identical CentOS 5.5 machines; both are running named
> server (DNS). On one using system-config-bind I can easily define a
> slave zone; on the other, it is a no go: it says the definition is
> there, etc. but there is no corresponding file in
> /var/named/chroot/var/named/slaves . Any idea why that would be? What
> gives?
> 
> I use the simplest possible zone definitions - forward IN slave, one 
> forwarder.
> 
> Thanks.
> 
> Boris.

Maybe you miss the bind-chroot package on the second server?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How to access one machine behind iptables, on different subnet?

2010-10-29 Thread Rudi Ahlers 
Hi all,

I wonder if someone can help me with this: The setup is as follows:

192.168.1.254 - wireless ADSL modem, with DHCP pool on 192.168.100 - 192.168.200
192.168.1.250 - Linux firewall RED interface
192.168.2.250 - Linux firewall GREEN interface.

There are some normal LAN clients behind the Linux firewall's GREEN
interface, which can all access each other's shared services and also
all the clients behind the RED interface. i.e. those clients connected
to the 192.168.1.254 ADSL wifi APP directly.

Now I want the clients on the "outside" to connect to one specific
host on the inside, behind the GREEN interface, on IP 192.168.1.20.
How would I do that? I know I can do this with port fowarding, but
need many ports forwarded. How do I give full access to all ports on
this IP, instead of forwarding every port? Does that make sense?

Currently no clients on the 192.168.1.0 subnect can access any client
on the 192.168.2.0 subnet.



[r...@intranet ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination
ACCEPT udp  --  anywhere anywhereudp dpt:domain
ACCEPT tcp  --  anywhere anywheretcp dpt:domain
ACCEPT udp  --  anywhere anywhereudp dpt:bootps
ACCEPT tcp  --  anywhere anywheretcp dpt:bootps
ACCEPT tcp  --  anywhere anywheretcp dpt:tftp
ACCEPT tcp  --  anywhere anywheretcp dpt:http
ACCEPT tcp  --  anywhere anywheretcp dpt:25151

Chain FORWARD (policy ACCEPT)
target prot opt source   destination
ACCEPT all  --  anywhere 192.168.122.0/24state
RELATED,ESTAB
   LISHED
ACCEPT all  --  192.168.122.0/24 anywhere
ACCEPT all  --  anywhere anywhere
REJECT all  --  anywhere anywhere
reject-with icmp-po
 rt-unreachable
REJECT all  --  anywhere anywhere
reject-with icmp-po
 rt-unreachable
ACCEPT all  --  192.168.2.0/24   anywhere
ACCEPT all  --  anywhere 192.168.2.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination
[r...@intranet ~]# route -nv
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
192.168.2.0 0.0.0.0 255.255.255.0   U 0  00 eth1
192.168.1.0 0.0.0.0 255.255.255.0   U 0  00 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0  00 eth1
0.0.0.0 192.168.1.254   0.0.0.0 UG0  00 eth0


The Linux firewall runs CentOS 5.5. x64

[r...@intranet ~]# cat /etc/redhat-release
CentOS release 5.5 (Final)

[r...@intranet ~]# iptables -V
iptables v1.3.5

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] faster fsck ?

2010-10-29 Thread przemolicc 

Hi,

we have CentOS ftp server (vsftpd) which has a lot of users who are writing and 
reading
a lot of small files from/into its own accounts (and other servers - using 
samba client - are
reading these files and putting them into outside database).
Since this server is under heavy load its availability is important.
>From time to time we "crash" this server (don't ask why ...) but then fsck is 
>running for over 20-30 minuts.
The question is: is there any other _stable_ filesystem (xfs ?, jfs ?) which we 
can use instead of ext3
which is (quite) immune to crashes and whose fsck is "faster" (by design) then 
in ext3 ?

Regards
Przemek


--
Chcesz więcej zarabiać? Zmień pracę na lepszą!
http://linkint.pl/f2822

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] heads up - on latest rpmforge perl-NetAddr-IP update and spamassassin 3.3.1 conflict on Centos4

2010-10-29 Thread David Hrbáč 
Dne 28.10.2010 20:32, Ned Slider napsal(a):
> It's a known issue with perl-NetAddr-IP-4.034
> 
> https://rt.cpan.org/Public/Bug/Display.html?id=62521
> 
> As you've discovered, downgrading is the temporary fix.

I have just committed update to perl-NetAddr-IP-4.035.
Regards,
DH
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] firefox problems

2010-10-29 Thread Paul Bijnens 

I had that too some half year ago or so.
I fixed it by changing the file /etc/X11/xorg.conf.
The one that is generated by nvidia omits most of the modules

bad:
   Section "Module"
   Load "glx"
   EndSection

good:
   Section "Module"
   Load "dbe"
   Load "extmod"
   Load "type1"
   Load "freetype"
   Load "glx"
   Load "fbdevhw"
   Load "record"
   EndSection

I'm not sure which combination of modules actually fixed it; but this
is what I'm running now since June, without crash of Firefox or other window.



On 2010-10-28 01:52, James A. Peltier wrote:
> Just wondering if anyone might be seeing any similar frequent crashes of 
> Firefox/GNOME/Nautilus lately.  I have a couple of users who have reported a 
> problem like this.  Any ideas are welcome.  Latest CentOS 5.5 w/patches, 
> latest nVidia graphics driver, firefox from repos.
> 
> | ###!!! ABORT: Request 0.0: BadRequest (invalid request code or no such
> | operation): file nsX11ErrorHandler.cpp, line 182
> | _XError+0x0116 [/usr/lib64/libX11.so.6 +0x00049E46]
> | _XReply+0x0199 [/usr/lib64/libX11.so.6 +0x0004B8C9]
> | UNKNOWN [/usr/lib64/libX11.so.6 +0x0004BCE4]
> | UNKNOWN [/usr/lib64/libX11.so.6 +0x0004BF5E]
> | XRenderCreatePicture+0x00EE [/usr/lib64/libXrender.so.1
> | +0x4DFE]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x000338FF]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x000354E3]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001AC4D]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001AE45]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001D7FB]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001DDD2]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001BAB0]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001C207]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001F444]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001F787]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x00034FB2]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001AB01]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001DA70]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001CE2F]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001D75B]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001DB6C]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x0001B87F]
> | UNKNOWN [/usr/lib64/libcairo.so.2 +0x000100C0]
> | cairo_stroke_preserve+0x001D [/usr/lib64/libcairo.so.2
> | +0xBF9D]
> | cairo_stroke+0x0009 [/usr/lib64/libcairo.so.2 +0xBFB9]
> | UNKNOWN [/usr/lib64/gtk-2.0/2.10.0/engines/libclearlooks.so
> | +0xC2C3]
> | UNKNOWN [/usr/lib64/gtk-2.0/2.10.0/engines/libclearlooks.so
> | +0x4FC6]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00D60F68]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00D61E1B]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00D82BD9]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00F47576]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00F2CBD7]
> | _ZN20gfxGdkNativeRenderer4DrawEP10gfxContextiijPNS_10DrawOutputE+0x00C4
> | [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00F47488]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00D8485B]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x0066A736]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x0066B29F]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x0067403E]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00672948]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00673E8F]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00672948]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00673E8F]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00672948]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00686438]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x006905CA]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x0093A507]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x0093A7E5]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x0093BD9B]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x009363EF]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00D62721]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00D6A796]
> | UNKNOWN [/usr/lib64/xulrunner-1.9.2/libxul.so +0x00D6CC9A]
> | UNKNOWN [/usr/lib64/libgtk-x11-2.0.so.0 +0x0012FFBD]
> | g_closure_invoke+0x010A [/lib64/libgobject-2.0.so.0 +0xB08A]
> | UNKNOWN [/lib64/libgobject-2.0.so.0 +0x0001B2ED]
> | g_signal_emit_valist+0x0626 [/lib64/libgobject-2.0.so.0
> | +0x0001C516]
> | g_signal_emit+0x0083 [/lib64/libgobject-2.0.so.0 +0x0001C923]
> | UNKNOWN [/usr/lib64/libgtk-x11-2.0.so.0 +0x0022D78E]
> | gtk_main_do_event+0x03D2 [/usr/lib64/libgtk-x11-2.0.so.0
> | +0x0012A772]
> | UNKNOWN [/usr/lib64/libgdk-x11-2.0.so.0 +0x0003210A]
> | gdk_window_process_all_updates+0x008B
> | [/usr/lib64/libgdk-x11-2.0.so.0 +0x0003234B]
> | UNKNOWN [/usr/lib64/libgdk-x11-2.0.so.0 +0x000323BA]
> | g_main_context_dispatch+0x01B4 [/lib64/libglib-2.0.so.0
> | +0x0002CDB4]
> | UNKNOWN [/lib64/libglib-2.0.so.0 +0x0002FC0D]
> | g_main_context_iteration+0x006E [/lib64/libglib-2.0.so.0

Re: [CentOS] How to access one machine behind iptables, on different subnet?

2010-10-29 Thread Jorge Fábregas 
On Friday 29 October 2010 04:22:52 Rudi Ahlers wrote:
> How do I give full access to all ports on  this IP, instead of forwarding
> every port?

Sure. That's called One-to-One NAT.  You'll do something like this:

iptables -t nat -I PREROUTING -d 192.168.1.20 -j DNAT --to-destination $GREEN

...where $GREEN is one ip on your 192.168.2.x network.  Then make sure you 
have the proper "allow" rules on the INPUT chain for your LAN ip ($GREEN).

The above was for ingress traffic.  Now, for egress traffic (for this internal 
LAN 
ip) you'll need to perform NAT as well:

iptables -t nat -A POSTROUTING -s $GREEN -j SNAT --to-source 192.168.1.20

Check out: 

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables


HTH,
Jorge
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] faster fsck ?

2010-10-29 Thread Peter Kjellström 
On Friday 29 October 2010 11:42:38 przemol...@poczta.fm wrote:
> Hi,
> 
> we have CentOS ftp server (vsftpd) which has a lot of users who are writing
> and reading a lot of small files from/into its own accounts (and other
> servers - using samba client - are reading these files and putting them
> into outside database).
> Since this server is under heavy load its availability is important.
> 
> >From time to time we "crash" this server (don't ask why ...) but then fsck
> >is running for over 20-30 minuts.
> 
> The question is: is there any other _stable_ filesystem (xfs ?, jfs ?)
> which we can use instead of ext3 which is (quite) immune to crashes and
> whose fsck is "faster" (by design) then in ext3 ?

The idea with ext3/ext4 is that you don't have to run a full fsck after a 
system crash (only a fully automated journal replay).

XFS uses the same idea (no fsck only journal replay). But if you really want 
to fsck an xfs filesystem then that too will take a lot of time.

/Peter


signature.asc
Description: This is a digitally signed message part.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] faster fsck ?

2010-10-29 Thread Les Mikesell 
On 10/29/10 7:31 AM, Peter Kjellström wrote:
> On Friday 29 October 2010 11:42:38 przemol...@poczta.fm wrote:
>> Hi,
>>
>> we have CentOS ftp server (vsftpd) which has a lot of users who are writing
>> and reading a lot of small files from/into its own accounts (and other
>> servers - using samba client - are reading these files and putting them
>> into outside database).
>> Since this server is under heavy load its availability is important.
>>
>> > From time to time we "crash" this server (don't ask why ...) but then fsck
>>> is running for over 20-30 minuts.
>>
>> The question is: is there any other _stable_ filesystem (xfs ?, jfs ?)
>> which we can use instead of ext3 which is (quite) immune to crashes and
>> whose fsck is "faster" (by design) then in ext3 ?
>
> The idea with ext3/ext4 is that you don't have to run a full fsck after a
> system crash (only a fully automated journal replay).
>
> XFS uses the same idea (no fsck only journal replay). But if you really want
> to fsck an xfs filesystem then that too will take a lot of time.

The question is, are the fsck's happening because the journal is corrupted, 
because something is wrong with it, or because a journal isn't configured or 
the 
'time to check' has expired.  In the latter case you can adjust with tune2fs.

-- 
   Les Mikesell
lesmikes...@gmail.com

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] migrating users to openldap

2010-10-29 Thread Tim Dunphy 
I noticed that when I migrated my users with the migrate_passwd.pl
tool from PADL it didn't migrate the actual passwords (just the rest
of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
variable and then try running the tool again. does anyone know what
this should be?

 I actually thought there might be a migrate_shadow.pl tool that could
accomplish this, but there doesn't appear to be anything like that
among the PADL migration tools.

 So in short the user info is there in LDAP but no one can log in
because all the password fields look like this: userPassword: {crypt}*

Here is a more complete user entry that is currently in the system:


73 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P.
givenName: Timothy P.
sn: Dunphy
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
loginShell: /usr/local/bin/bash
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P.
userPassword: {crypt}*



thanks in advance for any tips you can share that will get this working!

-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] You do not appear to have the sources for the 2.6.18-128.1.1.el5.028stab062.3PAE kernel installed.

2010-10-29 Thread R P Herrold 
On Fri, 29 Oct 2010, Thuo Wilson and John Dennison wrote:

>> It's not a matter so much of where to get the sources as it is
>>that since it is an OpenVZ container you don't have direct
>>access to the hardware, nor the ability to load kernel modules
>>as the kernel is shared between everyone on the host node.
>>
>>Your provider can, if they are willing, load the module for the
>>host, but many are not willing to do so.
>>
>>The OpenVZ kernel sources should be available on the OpenVZ web
>>site in RPM format, and you can get them there, download them
>>and install them, for what it's worth.

> Thanks Guys.

There are very active female folks as well in CentOS kernel 
space ...

To follow on what John has said -- the CentOS project does not 
build a kernel emitting the uname containing: 
2.6.18-128.1.1.el5.028stab062.3PAE , nor HAVE the patched 
sources for "2.6.18-128.1.1.el5.028stab062.3PAE"

Only the person providing it to you has it (or, at least 
SHOULD have access to them) -- as the kernel is GPL(2) 
licensed, they are perhaps under an obligation to make it 
available to you

-- Russ herrold
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] migrating users to openldap

2010-10-29 Thread Adam Tauno Williams 
On Fri, 2010-10-29 at 09:00 -0400, Tim Dunphy wrote: 
> I noticed that when I migrated my users with the migrate_passwd.pl
> tool from PADL it didn't migrate the actual passwords (just the rest
> of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
> variable and then try running the tool again. does anyone know what
> this should be?
>  I actually thought there might be a migrate_shadow.pl tool that could
> accomplish this, but there doesn't appear to be anything like that
> among the PADL migration tools.

I'd *strongly* recommend *not* using the PADL migration scripts.
Morphing your system data into LDAP is pretty simple if you are familiar
with any scripting language.  You should carefully think through what
you want in the DSA and how you want it represented, then make the LDIF
files accordingly.

See

 for some simple example (slides 27 - 29)

> So in short the user info is there in LDAP but no one can log in
> because all the password fields look like this: userPassword: {crypt}*
> Here is a more complete user entry that is currently in the system:

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] migrating users to openldap

2010-10-29 Thread Scott Robbins 
On Fri, Oct 29, 2010 at 10:15:32AM -0400, Adam Tauno Williams wrote:

> On Fri, 2010-10-29 at 09:00 -0400, Tim Dunphy wrote: 
> > I noticed that when I migrated my users with the migrate_passwd.pl
> > tool from PADL it didn't migrate the actual passwords (just the rest
> > of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
> > variable and then try running the tool again. does anyone know what
> > this should be?
> >  I actually thought there might be a migrate_shadow.pl tool that could
> > accomplish this, but there doesn't appear to be anything like that
> > among the PADL migration tools.

I wonder if you did it as root.  If not, it doesn't include the
passwords.  (That is, the script will run as regular user, but will not
include passwords.)


> 
> I'd *strongly* recommend *not* using the PADL migration scripts.
> Morphing your system data into LDAP is pretty simple if you are familiar
> with any scripting language.  You should carefully think through what
> you want in the DSA and how you want it represented, then make the LDIF
> files accordingly.

I would have argued that two years ago, but I've come to the conclusion
that this is true. I might use it to create a sample ldif when I forget
some syntax, but I find myself using the padl scripts less and less.
This is not to say that (IMNSKO, not so knowledgeable--the rest I'm sure
you folks  know), they're bad per se, just that as one gets more
experienced, there are better ways of doing it. 

> 
> See
> 
>  for some simple example (slides 27 - 29)
> 
Excellent link, thank you, even though I'm not the OP.

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Kendra: I call it Mr. Pointy.
Buffy: You named your stake?
Kendra: Yes.
Buffy: Remind me to get you a stuffed animal.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] migrating users to openldap

2010-10-29 Thread Alexander Dalloz 
> I noticed that when I migrated my users with the migrate_passwd.pl
> tool from PADL it didn't migrate the actual passwords (just the rest
> of the posixAccount info). I think I need to set the EXTENDED_SCHEMA
> variable and then try running the tool again. does anyone know what
> this should be?

$EXTENDED_SCHEMA = 1;

>  I actually thought there might be a migrate_shadow.pl tool that could
> accomplish this, but there doesn't appear to be anything like that
> among the PADL migration tools.

Correct, just the migrate_passwd.pl script.

>  So in short the user info is there in LDAP but no one can log in
> because all the password fields look like this: userPassword: {crypt}*

That's a result when there is no password set for the user to be migrated
(see man 5 shadow).

> Here is a more complete user entry that is currently in the system:
>
>
> 73 uid=bluethundr,ou=summitnjops,ou=staff,dc=summitnjhome,dc=com
> uid: bluethundr
> cn: Timothy P.
> givenName: Timothy P.
> sn: Dunphy
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> loginShell: /usr/local/bin/bash
> uidNumber: 1001
> gidNumber: 1002
> homeDirectory: /home/bluethundr
> gecos: Timothy P.
> userPassword: {crypt}*

The PADL script blindly uses {crypt}, although the password encryption
mechanism may be very different.

> thanks in advance for any tips you can share that will get this working!

Alexander



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] migrating users to openldap

2010-10-29 Thread jleafey 
On Fri, 29 Oct 2010 16:42:41 +0200 (CEST) "Alexander Dalloz"
 wrote

> 
> 
> The PADL script blindly uses {crypt}, although the password encryption
> mechanism may be very different.
> 
> > thanks in advance for any tips you can share that will get this working!
> 
> Alexander
> 

I think Alexander is onto something here.  I just checked my default CentOS 5
installation and /etc/sysconfig/authconfig specifies that the passwords are
hashed using MD5, so there's a good chance yours is too.  We ran into a problem
with this when we migrated users to the Sun directory server (not my choice!). 
The {?} part of the userPassword field value specifies the hash method used, so
if OpenLDAP supports MD5 you may be able to just do a global search-and-replace
of '{crypt}' with '{MD5}'.  

OTOH, if the "*" you showed in the message was literal, you'll probably have to
do some additional work to retrieve the user's password from /etc/shadow and
plug that in instead.  You could just cobble up a script to generate a simple
LDIF file just to change the passwords if you don't want to alter the output of
the PDL scripts.  The format is pretty simple, just look at the ldapmodify man
page for hints.  Just scan through /etc/shadow and look for something with a
pasword <> "!!" and generate the LDIF to change that user's password.

Just my $.02!
--
Jay Leafey - Memphis, TN
jay.lea...@mindless.com


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 68, Issue 14

2010-10-29 Thread centos-announce-request 
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2010:0810 Critical CentOS 3 i386 seamonkey - security
  update (Tru Huynh)
   2. CESA-2010:0810 Critical CentOS 3 x86_64 seamonkey - security
  update (Tru Huynh)
   3. CESA-2010:0808 Critical CentOS 4 i386 firefox -   security
  update (Tru Huynh)
   4. CESA-2010:0808 Critical CentOS 4 x86_64 firefox - security
  update (Tru Huynh)
   5. CESA-2010:0810 Critical CentOS 4 i386 seamonkey - security
  update (Tru Huynh)
   6. CESA-2010:0810 Critical CentOS 4 x86_64 seamonkey - security
  update (Tru Huynh)
   7. CESA-2010:0809 Critical CentOS 5 i386 xulrunner   Update (Tru Huynh)
   8. CESA-2010:0809 Critical CentOS 5 x86_64 xulrunner Update
  (Tru Huynh)


--

Message: 1
Date: Fri, 29 Oct 2010 00:32:32 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CESA-2010:0810 Critical CentOS 3 i386
seamonkey - security update
To: centos-annou...@centos.org
Message-ID: <20101028223232.ga28...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2010:0810

seamonkey security update for CentOS 3 i386:
https://rhn.redhat.com/errata/RHSA-2010-0810.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

i386:
updates/i386/RPMS/seamonkey-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-chat-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-devel-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-dom-inspector-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-js-debugger-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-mail-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-nspr-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-nspr-devel-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-nss-1.0.9-0.62.el3.centos3.i386.rpm
updates/i386/RPMS/seamonkey-nss-devel-1.0.9-0.62.el3.centos3.i386.rpm

source:
updates/SRPMS/seamonkey-1.0.9-0.62.el3.centos3.src.rpm

You may update your CentOS-3 i386 installations by running the command:

yum update seamonkey

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 
http://lists.centos.org/pipermail/centos-announce/attachments/20101029/5818f760/attachment-0001.bin
 

--

Message: 2
Date: Fri, 29 Oct 2010 00:33:46 +0200
From: Tru Huynh 
Subject: [CentOS-announce] CESA-2010:0810 Critical CentOS 3 x86_64
seamonkey   - security update
To: centos-annou...@centos.org
Message-ID: <20101028223346.gb28...@sillage.bis.pasteur.fr>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2010:0810

seamonkey security update for CentOS 3 x86_64:
https://rhn.redhat.com/errata/RHSA-2010-0810.html

The following updated file has been uploaded and is currently syncing to
the mirrors:

x86_64:
updates/x86_64/RPMS/seamonkey-1.0.9-0.62.el3.centos3.i386.rpm
updates/x86_64/RPMS/seamonkey-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-chat-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-devel-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-dom-inspector-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-js-debugger-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-mail-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-nspr-1.0.9-0.62.el3.centos3.i386.rpm
updates/x86_64/RPMS/seamonkey-nspr-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-nspr-devel-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-nss-1.0.9-0.62.el3.centos3.i386.rpm
updates/x86_64/RPMS/seamonkey-nss-1.0.9-0.62.el3.centos3.x86_64.rpm
updates/x86_64/RPMS/seamonkey-nss-devel-1.0.9-0.62.el3.centos3.x86_64.rpm

source:
updates/SRPMS/seamonkey-1.0.9-0.62.el3.centos3.src.rpm

You may update your CentOS-3 x86_64 installations by running the command:

yum update seamonkey

Tru
-- 
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
-- next pa

Re: [CentOS] How to access one machine behind iptables, on different subnet?

2010-10-29 Thread Dan Carl 
On 10/29/2010 3:22 AM, Rudi Ahlers wrote:
> Hi all,
>
> I wonder if someone can help me with this: The setup is as follows:
>
> 192.168.1.254 - wireless ADSL modem, with DHCP pool on 192.168.100 - 
> 192.168.200
> 192.168.1.250 - Linux firewall RED interface
> 192.168.2.250 - Linux firewall GREEN interface.
>
> There are some normal LAN clients behind the Linux firewall's GREEN
> interface, which can all access each other's shared services and also
> all the clients behind the RED interface. i.e. those clients connected
> to the 192.168.1.254 ADSL wifi APP directly.
>
> Now I want the clients on the "outside" to connect to one specific
> host on the inside, behind the GREEN interface, on IP 192.168.1.20.
> How would I do that? I know I can do this with port fowarding, but
> need many ports forwarded. How do I give full access to all ports on
> this IP, instead of forwarding every port? Does that make sense?

Not much of a firewall if you allow everything, unless you're limiting 
the "outside" IPs.

Other solutions would be to allow either a range of ports.
Ex
--dport 5000:5500
--dport 1024:65535 (all unassigned ports)

or define the ports you wish to allow with a variable
Ex
FORWARDPORTS="1024 1025 1026"

even a hybred like this should work
Ex
FORWARDPORTS="1024 1025 1026 5000:5500"
Then call the variable in your forward rules.

Dan


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Projects.centos.org down?

2010-10-29 Thread Glenn Eychaner 
I have been trying to get to the CentOS LiveCD site at 
projects.centos.org
the last couple of days, but have been unable to reach it.  Is it down, and is 
there
any info on when it might be back up?

Thanks,
-G.
--
Glenn Eychaner (geycha...@lco.cl)
Telescope Systems Programmer, Las Campanas Observatory



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux with samba

2010-10-29 Thread David McGuffey 
I just set up samba to support some Win7 VMs on top of CentOS 5.5.

Recommend you read the first page or so of the smb.conf file
in /etc/samba.  It gives guidance on what to do to ensure SELinux
doesn't get in the way.

I try to place my shares in something like /var/local/share and avoid
any system directories or /home. One can place shares there, but they
can be a pita to maintain and can present security risks.

Dave M

On Fri, 2010-09-17 at 09:22 -0400, Phil Schaffner wrote:
> Geert Batsleer wrote on 09/17/2010 09:14 AM:
> > I'm having problems setting up a samba server with sellinux in centos 
> > 5.6 (x64).
> > 
> > My samba config works flawlessly when selinux is disabled but fails to 
> > access shares when selinux is  enabled. Wich command makes it possible 
> > to run samba with selinux without disabling it, now I've done: "set 
> > sebool -P smbd_disable_trans 1" but doesn't really solve my problem.
> 
> See the SELinux Wiki article, Section 7:
> 
> http://wiki.centos.org/HowTos/SELinux
> 
> Phil
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] migrating users to openldap

2010-10-29 Thread Tim Dunphy 
hey guys, nice suggestions.. it looks like PADL did not cover shadow
entries for some reason.. this will likely have to be a custom script
i will have to write...


in the meantime I made sure I was root and then ran the scripts:

Hey guys,

 The script definitely ran as root:

LBSD2# whoami
root



LBSD2# ./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif


This is an ldif entry that resulted:

dn: uid=bluethundr,ou=People,dc=summitnjhome,dc=com
uid: bluethundr
cn: Timothy P.
givenName: Timothy P.
sn:
mail: bluethu...@padl.com
mailRoutingAddress: bluethu...@mail.padl.com
mailHost: mail.padl.com
objectClass: inetLocalMailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
userPassword: {crypt}*
krbName: bluethu...@padl.com
loginShell: /usr/local/bin/bash
uidNumber: 1001
gidNumber: 1002
homeDirectory: /home/bluethundr
gecos: Timothy P.


so no mater if you are root passwords are not transferred...



On Fri, Oct 29, 2010 at 11:24 AM, jleafey  wrote:
> On Fri, 29 Oct 2010 16:42:41 +0200 (CEST) "Alexander Dalloz"
>  wrote
>
>> 
>>
>> The PADL script blindly uses {crypt}, although the password encryption
>> mechanism may be very different.
>>
>> > thanks in advance for any tips you can share that will get this working!
>>
>> Alexander
>>
>
> I think Alexander is onto something here.  I just checked my default CentOS 5
> installation and /etc/sysconfig/authconfig specifies that the passwords are
> hashed using MD5, so there's a good chance yours is too.  We ran into a 
> problem
> with this when we migrated users to the Sun directory server (not my choice!).
> The {?} part of the userPassword field value specifies the hash method used, 
> so
> if OpenLDAP supports MD5 you may be able to just do a global 
> search-and-replace
> of '{crypt}' with '{MD5}'.
>
> OTOH, if the "*" you showed in the message was literal, you'll probably have 
> to
> do some additional work to retrieve the user's password from /etc/shadow and
> plug that in instead.  You could just cobble up a script to generate a simple
> LDIF file just to change the passwords if you don't want to alter the output 
> of
> the PDL scripts.  The format is pretty simple, just look at the ldapmodify man
> page for hints.  Just scan through /etc/shadow and look for something with a
> pasword <> "!!" and generate the LDIF to change that user's password.
>
> Just my $.02!
> --
> Jay Leafey - Memphis, TN
> jay.lea...@mindless.com
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Here's my RSA Public key:
gpg --keyserver pgp.mit.edu --recv-keys 5A4873A9

Share and enjoy!!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Projects.centos.org down?

2010-10-29 Thread Garry Dale 
Glenn Eychaner wrote:
>   I have been trying to get to the CentOS LiveCD site at 
> projects.centos.org
> the last couple of days, but have been unable to reach it.  Is it down, and 
> is there
> any info on when it might be back up?
> 

Likewise, I'm unable to get content back from projects.centos.org.  I 
can make an HTTP connection, but it just hangs.

There is an open bug report from 2009-09-21 with a similar summary [1]. 
Since bug 3858 was never closed, I've updated the notes.

Thanks.

gd

[1] http://bugs.centos.org/view.php?id=3858
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Projects.centos.org down?

2010-10-29 Thread Garry Dale 
Garry Dale wrote:
> There is an open bug report from 2009-09-21 with a similar summary [1]. 
> Since bug 3858 was never closed, I've updated the notes.

Per updates to bug tracker, the projects.centos.org site is back online.

Should bug 3858 [1] now be closed, or is it acting as a placeholder for 
events such as this?  Just curious...

gd

[1] http://bugs.centos.org/view.php?id=3858
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos