date:20131017

[CentOS] CentOS-announce Digest, Vol 104, Issue 7

2013-10-17 Thread centos-announce-request

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2013:1426 Important CentOS 6 xorg-x11-server Update
  (Karanbir Singh)
   2. CEEA-2013:1432  CentOS 6 tzdata Update (Karanbir Singh)
   3. CEBA-2013:1431  CentOS 6 libqb Update (Karanbir Singh)


--

Message: 1
Date: Wed, 16 Oct 2013 15:48:08 +
From: Karanbir Singh 
Subject: [CentOS-announce] CESA-2013:1426 Important CentOS 6
xorg-x11-server Update
To: centos-annou...@centos.org
Message-ID: <20131016154808.ga53...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2013:1426 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-1426.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
6317e0dcc71903e61bde63f964935c1450d5d062db164cb0e81b22de541bf812  
xorg-x11-server-common-1.13.0-11.1.el6.centos.2.i686.rpm
d04921946cdb13c0ea5feb7251d1c24d2aecbb624f036fdce8c0374eba0d86a0  
xorg-x11-server-devel-1.13.0-11.1.el6.centos.2.i686.rpm
48487bcb570408b3d1cc642a0535049517ad52892c209ab41fdafd93397e113c  
xorg-x11-server-source-1.13.0-11.1.el6.centos.2.noarch.rpm
e5fe9545be16a238baa7d16b18ab7f16289458ba4b7ba797eff2eaab09ecf724  
xorg-x11-server-Xdmx-1.13.0-11.1.el6.centos.2.i686.rpm
3e8a42a23fbce843fcd5511380818d7fb774689946429b3621acaa6a67967f9c  
xorg-x11-server-Xephyr-1.13.0-11.1.el6.centos.2.i686.rpm
205a99c5964f2259973eecc6a30a1cd1b680b7d1327ac5d683a1bcd462c7a8e5  
xorg-x11-server-Xnest-1.13.0-11.1.el6.centos.2.i686.rpm
f9a55c9c71c5be2a4ba97c9902311011586f0cfb504142919d368a09bcc502c9  
xorg-x11-server-Xorg-1.13.0-11.1.el6.centos.2.i686.rpm
db3c50df03e713b0eb1d86e940f69744222dc7d54705fd31525eaddbe514967e  
xorg-x11-server-Xvfb-1.13.0-11.1.el6.centos.2.i686.rpm

x86_64:
84b6dbe7b98af0c0a3603f1b7589869a2207b1e9d135101540ce91d672e540a8  
xorg-x11-server-common-1.13.0-11.1.el6.centos.2.x86_64.rpm
d04921946cdb13c0ea5feb7251d1c24d2aecbb624f036fdce8c0374eba0d86a0  
xorg-x11-server-devel-1.13.0-11.1.el6.centos.2.i686.rpm
86ef0f5d130f16d06db7e4ed091845b13599c223f65429b3fad63de9a03046e9  
xorg-x11-server-devel-1.13.0-11.1.el6.centos.2.x86_64.rpm
48487bcb570408b3d1cc642a0535049517ad52892c209ab41fdafd93397e113c  
xorg-x11-server-source-1.13.0-11.1.el6.centos.2.noarch.rpm
d3f127c50ac44303d633457b70737986978a6db07cd90f5f3c259b6343d8d93d  
xorg-x11-server-Xdmx-1.13.0-11.1.el6.centos.2.x86_64.rpm
5ccfa85c6bf215a74b80e6f9a0510a001837ba2a65e6cb312ab21cab91b3b9b9  
xorg-x11-server-Xephyr-1.13.0-11.1.el6.centos.2.x86_64.rpm
b0db143f41cd7ac61aa7c91f8ce36252de2cad06f3a45c744aacc7803d01f59e  
xorg-x11-server-Xnest-1.13.0-11.1.el6.centos.2.x86_64.rpm
8aae885bc63ba92d8d656c5d20ed2add36d520af6b8e7feb3aeb4545433f045f  
xorg-x11-server-Xorg-1.13.0-11.1.el6.centos.2.x86_64.rpm
2028447c8ec5210ca97db791bf43468728887a1538e588350ed36fb4e13c711d  
xorg-x11-server-Xvfb-1.13.0-11.1.el6.centos.2.x86_64.rpm

Source:
ac222b687d19cfd7e90008add1141b6dabe5d264f787dc2f5c4207c700c50e74  
xorg-x11-server-1.13.0-11.1.el6.centos.2.src.rpm



-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 2
Date: Wed, 16 Oct 2013 18:33:26 +
From: Karanbir Singh 
Subject: [CentOS-announce] CEEA-2013:1432  CentOS 6 tzdata Update
To: centos-annou...@centos.org
Message-ID: <20131016183326.ga13...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Enhancement Advisory 2013:1432 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2013-1432.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
678b13393e47bf241bf872470658374ad45ef5f4f1b249e52153976a23f2d71c  
tzdata-2013g-1.el6.noarch.rpm
270e2570594f65f34ee8b6e2817c40416df74deda963f27e6632a7b1239a6f52  
tzdata-java-2013g-1.el6.noarch.rpm

x86_64:
678b13393e47bf241bf872470658374ad45ef5f4f1b249e52153976a23f2d71c  
tzdata-2013g-1.el6.noarch.rpm
270e2570594f65f34ee8b6e2817c40416df74deda963f27e6632a7b1239a6f52  
tzdata-java-2013g-1.el6.noarch.rpm

Source:
1b9c55358153e7376fe22c6737575bd5e371f03c74ca72b6763ad263f9aced41  
tzdata-2013g-1.el6.src.rpm



-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 3
Date: Wed, 16 Oct 2013 18:33:43 +
From: Karanbir Singh 
Subject: [CentOS-anno

[CentOS] Authenticating sudo with ipa.

2013-10-17 Thread Andrew Holway

Hello,
I have set up IPA on a private network and have hit some bumps
configuring sudo access for the clients.
kinit seems to work fine for both client and server, user and root.

When I run sudo on the server I see the following in /var/log/messages:

Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt
integrity check failed
Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt
integrity check failed

Thanks,
Andrew


## I see the following in my clients /var/log/messages after starting
sssd on the client.

Oct 17 17:35:46 zabbix sssd: Starting up
Oct 17 17:35:46 zabbix sssd[be[192-168-0-100.local]]: Starting up
Oct 17 17:35:46 zabbix sssd[nss]: Starting up
Oct 17 17:35:46 zabbix [sssd[ldap_child[6659]]]: Error processing
keytab file [default]: Principal [host/192-168-0-100.local@LOCAL] was
not found. Unable to create GSSAPI-encrypted LDAP connection.
Oct 17 17:35:46 zabbix sssd[sudo]: Starting up
Oct 17 17:35:46 zabbix sssd[ssh]: Starting up
Oct 17 17:35:46 zabbix sssd[pac]: Starting up
Oct 17 17:35:46 zabbix [sssd[ldap_child[6659]]]: Error writing to key table
Oct 17 17:35:46 zabbix sssd[pam]: Starting up

## And the following when user "andrew" tries to sudo on the client.

Oct 17 17:37:10 zabbix [sssd[ldap_child[6667]]]: Error processing
keytab file [default]: Principal [host/192-168-0-100.local@LOCAL] was
not found. Unable to create GSSAPI-encrypted LDAP connection.
Oct 17 17:37:10 zabbix [sssd[ldap_child[6667]]]: Error writing to key table

## The user and sudo rules in ipa.

[root@192-168-0-100 ~]# ipa sudorule-show add_sudo
  Rule name: add_sudo
  Enabled: TRUE
  Host category: all
  Command category: all
  RunAs User category: all
  RunAs Group category: all
  Users: andrew
[root@192-168-0-100 ~]# ipa user-show andrew
  User login: andrew
  First name: Andrew
  Last name: Holway
  Home directory: /home/andrew
  Login shell: /bin/bash
  Email address: and...@local.com
  UID: 187663
  GID: 187663
  Account disabled: False
  Password: True
  Member of groups: admins, ipausers, trust admins
  Member of Sudo rule: add_sudo
  Kerberos keys available: True
  SSH public key fingerprint:
35:08:9D:5E:F7:96:2A:FA:E4:60:76:4E:8A:12:FE:15 (ssh-dss)

## /etc/sssd/sssd.conf on the client


[domain/192-168-0-100.local]

cache_credentials = True
krb5_store_password_if_offline = True
krb5_realm = LOCAL
ipa_domain = 192-168-0-100.local
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = 192-168-0-110.local
chpass_provider = ipa
ipa_server = _srv_, 192-168-0-100.local
dns_discovery_domain = 192-168-0-100.local

sudo_provider = ldap
ldap_uri = ldap://192-168-0-100.local
ldap_sudo_search_base = ou=sudoers,dc=local
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/192-168-0-100.local@LOCAL
ldap_sasl_realm = local
krb5_server = 192-168-0-100.local

[sssd]
services = nss, pam, ssh, sudo
config_file_version = 2

domains = 192-168-0-100.local
[nss]

[pam]

[sudo]

[autofs]

[ssh]

[pac]


## /etc/nsswitch.conf on client

#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:db files nisplus nis
#shadow:db files nisplus nis
#group: db files nisplus nis

passwd: files sss
shadow: files sss
group:  files sss

#hosts: db files nisplus nis dns
hosts:  files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks:   files
networks:   files
protocols:  files
rpc:files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files
aliases:files nisplus
sudoers: files sss

## selinux

SELinux status: disabled on both client and server

## /etc/krb5.conf on the client

#File modified by ipa-client-install

includedir /var/lib/sss/pubconf/krb5.include.d/

[libdefaults]
  default_realm = LOCAL
  dns_lookup_realm = false
  dns_lookup_k

Re: [CentOS] Authenticating sudo with ipa.

2013-10-17 Thread Andrew Holway

> Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt
> integrity check failed
> Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt
> integrity check failed

Please ignore these. This was a false password entry :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] dell poweredge 2950

2013-10-17 Thread Michel Donais

Do somebody have experience wiit a Dell Poweredge 2950 Xeon quad 2.5 with 
Centos 6.4

---
Michel Donais 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dell poweredge 2950

2013-10-17 Thread Laurent CREPET




Michel Donais  a écrit :
>Do somebody have experience wiit a Dell Poweredge 2950 Xeon quad 2.5
>with 
>Centos 6.4

In the past (more than 2 years ago), I've used CentOS 5 on Poweredge 2950 
without any issues. Dell OpenManage Server Administrator was installed on the 
system. I've also regularly upgraded firmwares using the Dell Server Update 
Utility (SUU).
--
Laurent CREPET
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dell poweredge 2950

2013-10-17 Thread me

On Thu, 17 Oct 2013, Michel Donais wrote:

> Do somebody have experience wiit a Dell Poweredge 2950 Xeon quad 2.5 with
> Centos 6.4

I still have 3 2950 gen 3's running. They "just work" however keep in mind
that they are getting old. On the plus side they are cheap enough that you
can keep a spare machine around for parts. Having said that I will not touch
any of them that are not gen 3. They are just too old.

Regards,

-- 
Tom m...@tdiehl.org Spamtrap address
me...@tdiehl.org
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dell poweredge 2950

2013-10-17 Thread Jason Pyeron

> From: m...@tdiehl.org
> Sent: Friday, October 18, 2013 1:10
> 
> On Thu, 17 Oct 2013, Michel Donais wrote:
> 
> > Do somebody have experience wiit a Dell Poweredge 2950 Xeon 
> quad 2.5 
> > with Centos 6.4

Is there a problem you have observed?

> 
> I still have 3 2950 gen 3's running. They "just work" however 
> keep in mind that they are getting old. On the plus side they 
> are cheap enough that you can keep a spare machine around for 
> parts. Having said that I will not touch any of them that are 
> not gen 3. They are just too old.
> 

We run on Dell 2970, the AMD equivalent. No problems.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 104, Issue 7

[CentOS] Authenticating sudo with ipa.

Re: [CentOS] Authenticating sudo with ipa.

[CentOS] dell poweredge 2950

Re: [CentOS] dell poweredge 2950

Re: [CentOS] dell poweredge 2950

Re: [CentOS] dell poweredge 2950

7 matches

Site Navigation

Mail list logo

Footer information