date:20150224

Re: [CentOS] sssd - ldap host attribute ignored

2015-02-24 Thread Ulrich Hiller

Thanks a lot for the answer. I commented out ldap_access_filter.
I suppose with flush you mean 'sss-cache -E'. I did it. But it did not help.

The ldap entry of a user who can log in and should not be able to is
below. Note: The host 'another-node' is a different computer than the
CentOS 7 to which the USER1 can login but should not be able to. Even
without the host attribute he can login.

Thank you, ulrich

# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: uid=USER1
# requesting: ALL
#

# USER1, , 
dn: uid=USER1,ou=,o=
accountStatus: active
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: ibm-auxAccount
objectClass: qmailUser
objectClass: sambaSamAccount
uid: USER1
uidNumber: 
shadowFlag: 0
shadowInactive: -1
gidNumber: ***
shadowMin: -1
shadowMax: 99
homeDirectory: /home/USER1
sn: USER1
mail: us...@my.doma.in
mailHost: lmtp:unix:/var/lib/imap/socket/lmtp
shadowWarning: 7
sambaSID: *
shadowExpire: -1
mailAlternateAddress: USER1a
cn: surname lastname
gecos: surname lastname
loginShell: /bin/bash
host: another-node


On 02/24/2015 01:06 AM, Gordon Messmer wrote:
> On 02/23/2015 03:59 AM, Ulrich Hiller wrote:
>>
>> /etc/sssd/sssd.conf:
>> [domain/default]
>> access_provider = ldap
>> ldap_access_filter = memberOf=ou=,o=
>> ldap_access_order = host
> 
> Because ldap_access_order doesn't include "filter", ldap_access_filter
> will not be used.  You can remove that.
> 
> Aside from that, it would be helpful to see the entry for one of the
> users who can log in and should not be able to.
> 
> Make sure you flush the cache before testing.
> 
>> /etc/ldap.conf:
> 
> I don't think that file is relevant.
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 120, Issue 8

2015-02-24 Thread centos-announce-request

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2015:0249 Critical CentOS 5 samba3x Security Update
  (Johnny Hughes)
   2. CESA-2015:0251 Critical CentOS 6 samba Security   Update
  (Johnny Hughes)
   3. CESA-2015:0250 Critical CentOS 6 samba4 Security  Update
  (Johnny Hughes)
   4. CESA-2015:0252 Important CentOS 7 samba Security  Update
  (Johnny Hughes)


--

Message: 1
Date: Mon, 23 Feb 2015 14:18:15 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:0249 Critical CentOS 5 samba3x
SecurityUpdate
Message-ID: <20150223141815.ga10...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2015:0249 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0249.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
b959846c0238d89a90f96b590e8bdb318c5b38e8321f5081adfaad5a5624cbd7  
samba3x-3.6.23-9.el5_11.i386.rpm
d7604514670b2afb38a0b31bc97e20f4311eea118480ae84b85626ce03f61a0d  
samba3x-client-3.6.23-9.el5_11.i386.rpm
0515570a56ea776a94fdb11e9af7f72506f2a0d4d8e4cc8ab05a36c710d1de50  
samba3x-common-3.6.23-9.el5_11.i386.rpm
127822fc09b56cbe6607b30db17a853f3a25b4c21157beb66b3b8688bf2b8908  
samba3x-doc-3.6.23-9.el5_11.i386.rpm
f7b284da9d8a6e43885c6496b4481744067b77e41ad247a9a122347810fd9e68  
samba3x-domainjoin-gui-3.6.23-9.el5_11.i386.rpm
e0de99a8568b1189d38aa115492e37543f811f19c825db275b02335749944c39  
samba3x-swat-3.6.23-9.el5_11.i386.rpm
2b82e29d62a05f36e1dbe0648062cf741e601fa4a6d0fe778801ff1336af62a2  
samba3x-winbind-3.6.23-9.el5_11.i386.rpm
b7639167c18e9774b66bd3f5cf502e56a23750c9fd845de6d0a6de675fd83c41  
samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm

x86_64:
cc507bb501036ed64c4a66105e11432e859c2646124623b8a6363378e8bf0954  
samba3x-3.6.23-9.el5_11.x86_64.rpm
a480cb7320101ba2745f070cd241b5ad7f6f821d21bb3c158a4d51dc855f34ef  
samba3x-client-3.6.23-9.el5_11.x86_64.rpm
f705e620f1ab4ca626745ef95db06ae78fb84661fe0583d3cd55d661dd2571bc  
samba3x-common-3.6.23-9.el5_11.x86_64.rpm
8b41a5f0dd88338a04afc19c6acbfbe2ce1ccd345a1c651d63693e877e9fc269  
samba3x-doc-3.6.23-9.el5_11.x86_64.rpm
b5c497acddbb0e008982df05bf789b085912820d9f5c8bcec006bd8d4d3e709a  
samba3x-domainjoin-gui-3.6.23-9.el5_11.x86_64.rpm
78a8f55d5fbd76350f959696da4931ba047b1c88f3b404ff88da3c29d11637db  
samba3x-swat-3.6.23-9.el5_11.x86_64.rpm
2b82e29d62a05f36e1dbe0648062cf741e601fa4a6d0fe778801ff1336af62a2  
samba3x-winbind-3.6.23-9.el5_11.i386.rpm
8a38703cf8d831ca806b5d86d4e308f0d5dd3cb7b91be6b12b813c3f9418bf29  
samba3x-winbind-3.6.23-9.el5_11.x86_64.rpm
b7639167c18e9774b66bd3f5cf502e56a23750c9fd845de6d0a6de675fd83c41  
samba3x-winbind-devel-3.6.23-9.el5_11.i386.rpm
c713a79c036c1c96327dc8f67a9916d5f13c865e3e84f6e45fc505c2c122196f  
samba3x-winbind-devel-3.6.23-9.el5_11.x86_64.rpm

Source:
294a27552595bb76be5c48e13a2971ae0216d4c7dce26c0fa251031db170ef4d  
samba3x-3.6.23-9.el5_11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

Message: 2
Date: Mon, 23 Feb 2015 14:23:09 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:0251 Critical CentOS 6 samba
SecurityUpdate
Message-ID: <20150223142309.ga4...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2015:0251 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0251.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
15a1cf88865a386b4641c0c0733f3b4a3ef069ddb4a64bdd373d05c737fe7218  
libsmbclient-3.6.23-14.el6_6.i686.rpm
581127efd855ae9f48596869efc0b968d1a07493e2072b4c51610d8ea734f709  
libsmbclient-devel-3.6.23-14.el6_6.i686.rpm
5304185a24d9177ac994c80dc979c3e01094b8eae5e878ffbd831536d476c023  
samba-3.6.23-14.el6_6.i686.rpm
831a070f77bae7bd8d27ea1c3f9a28857a8ca72b733318961134ad0c7a2006f0  
samba-client-3.6.23-14.el6_6.i686.rpm
38c3afb0bff3a798a9fc9145396f397e873b43e25116bce933f64568d2504111  
samba-common-3.6.23-14.el6_6.i686.rpm
e734d422feb9bbfdbfcaad386327bc6348fbaf5a5daa07def2ef03fcebd2dd80  
samba-doc-3.6.23-14.el6_6.i686.rpm
036dd4357445ce96f0073f238ca065a8d3fefedba4f8bbfd2c37a9d272866013  
samba-domainjoin-gui-3.6.23-14.el6_6.i686.rpm

Re: [CentOS] Transparent GNOME Terminal in CentOS 7?

2015-02-24 Thread Jim Perrin

On 02/22/2015 11:10 PM, Niki Kovacs wrote:
> 
> 
> Le 22/02/2015 16:19, Johnny Hughes a écrit :
>> terminator in the Nux!dextop repo for C7 has transparent backgrounds.

Might also be worth mentioning that supposedly around the 7.2 timeframe,
gnome is scheduled to be bumped to a more modern version.
https://bugzilla.redhat.com/show_bug.cgi?id=1174442

In theory this should put transparent terminal support back in
gnome-terminal.

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Wiki links broken

2015-02-24 Thread lhecking


 http://wiki.centos.org/AdditionalResources/Repositories

 Under "CentOS-Fasttrack", the links to the Readme and CentOS6 repo are
 broken (again, if the list archives are anything to go by ...).

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Master - Slave Split DNS

2015-02-24 Thread James B. Byrne


On Mon, February 23, 2015 23:21, aditya hilman wrote:
> Hi folks,
>
> After configure the iptables for masquerade the zone transfer traffic.
> I've found new issue, below the log on slave :
>
> zone domain.com/IN/external-view: serial number (2015022302) received
> from
> master 10.xx.xx.xx#53 < ours (2015022303)
>
> The zone on the slave doesn't update.
>

The reason the zone does not update is given in the message. The
serial number on the slave copy of the zone file is greater than the
serial number on the master's copy. You need to figure out why that is
so and fix that issue.  Then the slave should update.


-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wiki links broken

2015-02-24 Thread Johnny Hughes

On 02/24/2015 08:26 AM, lheck...@users.sourceforge.net wrote:
> 
>  http://wiki.centos.org/AdditionalResources/Repositories
> 
>  Under "CentOS-Fasttrack", the links to the Readme and CentOS6 repo are
>  broken (again, if the list archives are anything to go by ...).

I do now believe that CentOS-fasttrack.repo is part of centos-release
and disabled by default .. at least it is for CentOS-7 now.

Let me check CentOS-5 and CentOS-6

in CentOS-6:
/etc/yum.repos.d/CentOS-fasttrack.repo

also it is in CentOS-5.

I will change the instructions  on the wiki to say to edit the files
that are included in the centos-release rpm.

signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wiki links broken

2015-02-24 Thread lhecking


> I will change the instructions  on the wiki to say to edit the files
> that are included in the centos-release rpm.

 Thanks, Johnny.

 That's not really my problem. My problem is that I now need to track an
 additional channel for updates, with associated local mirror and scripting.
 I was only vaguely aware of it until I was looking for an update I know I
 saw in the announce digest and it wasn't in updates.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart with multiple eth devices

2015-02-24 Thread Digimer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23/02/15 08:16 PM, Steven Tardy wrote:
> 
>> On Feb 23, 2015, at 6:34 PM, Ashley M. Kirchner
>>  wrote:
>> 
>> I have a Dell server that has two built-in ethernet devices. When
>> I kickstart the machine, they are correctly identified as eth0
>> and eth1 (correctly meaning they correspond to the physical
>> device ports 1 and 2). I need a third one and want that to come
>> up as eth2. After adding the hardware, kickstart now fails
>> because for some reason it goes through a rename process where it
>> makes the newly added card eth1 (or eth0, I forgot). Is there a
>> way to stop this rename process so kickstart correctly uses the
>> physical hardware the way they are, meaning physical port 1 = 
>> eth0, port 2 = eth1, and the additional ethernet card then
>> becomes eth2?
>> 
>> Should I be using the device's MAC address when I set the
>> 'network' option in the kickstart file? So instead of 'network
>> --device=eth0' I make it 'network -device=aa;bb:cc:dd:eee:ff' ?
>> 
> 
> kickstart has an option: ksdevice=bootif
> 
> I think that'll let you accomplish what you are trying.

Totally unrelated, but this is the reason I love discussions like this
getting into the archives. I had no idea this option existed and it
just solved an annoying problems I've been trying to think how to
solve for ages!

In PXE's 'default';

LABEL new-node1
MENU LABEL ^1) New Node 1 - RHEL 6
KERNEL boot/rhel6/x86_64/vmlinuz
IPAPPEND 2
APPEND initrd=boot/rhel6/x86_64/initrd.img
ks=http://10.20.4.1/rhel6/x86_64/ks/pxe-ccrs-node2.ks ksdevice=bootif

Then in kickstart;

network --bootproto dhcp --onboot yes --hostname node1.example.com

(not the lack of --device)

With this, my nodes with 6 NICs reliably boot without asking the user
to choose the NIC by MAC they want to install from.

Thanks!!

- -- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJU7SnDAAoJECChztQA3mh0+dEQAMWM705Tc9fWr/ODiLDQNQHk
5todiurUcM72zPn3NCwiLTb/ZEXbnkL74Zy7qQPf8zzFryLIuldGMDIVIgVp5k3m
LnkU9dW0zguXnCfde3gXJs8taYSAYA/ciwO9mE+M3V4+VU6TvzjPkVxKGkhTxjTL
5/DBz1N9V6IChRLbjcQbkHJD5gAPY0cloOoP6f0FC/k+Ojeo7oUibYQjVB8nDkwa
cfxxJ2yYIjOkTBm7vQuLnHf64jR8siqN9Zw5gZuuTBfbK2gIuMw99Fg7/QAEe85h
uQttjHloI1SfhYN4D5AuQzeXFXTUM3IIkRr4KzGCmKezGi4s+wDrhm4goNmsOuiH
ruf80gDjW+PZADx2Q4GHPpCRe2sCyLXDFPdUrvooCLrInXFK1AmisLVNKJlGbRs3
2qIhO8PAGP8Kli/Dff7NZ5bfBZob2nbZ6CEG0Qv/UHHcNzrBdzMA0gdGsuOpwjSW
oJjqtgu4jfXlNAkPZKIvUk1wYUhxAN/2AZ2kfriLOJCeT7QOxYawKXWTjhmcj/QM
mZfJTDhebDtqR/WLgjlISQ/pzyKl+lUl0sV0+6FNM1pycPQSrv1yKAD9dMaDpUFA
y0WU6MJ+nig6uIYVZ2W9DKGu7qJp6Ghdi+IcmqHFqu/XEnw2LuG0ox2D5NdEkbc9
Ulp4KQOLuU9gSwQKNrPh
=YRky
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sssd - ldap host attribute ignored

[CentOS] CentOS-announce Digest, Vol 120, Issue 8

Re: [CentOS] Transparent GNOME Terminal in CentOS 7?

[CentOS] Wiki links broken

Re: [CentOS] Master - Slave Split DNS

Re: [CentOS] Wiki links broken

Re: [CentOS] Wiki links broken

Re: [CentOS] Kickstart with multiple eth devices

8 matches

Site Navigation

Mail list logo

Footer information