Hi all,
I have set up nscd on my CentOS 5 box with nss_ldap. getent shows all
LDAP groups correctly but 'id' only shows the users primary group.
Best Regards
Marcus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/cento
2010/3/8 Marcus Moeller :
> Hi Christoph,
>
>>> is there an easy way to kickstart a system using DHCP, but then use
>>> the obtained settings to define static network configurations on the
>>> installed system?
>>>
>>> Best Regards
>>>
Hi Christoph,
>> is there an easy way to kickstart a system using DHCP, but then use
>> the obtained settings to define static network configurations on the
>> installed system?
>>
>> Best Regards
>> Marcus
>
>
> A simple %post script comes to mind.
And also to this list ?-)
Marcus
_
Hi all.
is there an easy way to kickstart a system using DHCP, but then use
the obtained settings to define static network configurations on the
installed system?
Best Regards
Marcus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mail
Hi.
[1] http://wiki.centos.org/ArtWork/Style/Promo/Posters
I have reworked the page for poster mockups and just added one:
http://wiki.centos.org/ArtWork/Poster
Best Regards
Marcus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org
Hi.
>> I am a bit confused about the usage of pam_mount.
>>
>> Here is my /etc/pam.d/system-auth:
>>
>> auth required pam_env.so
>> auth required pam_mount.so
>>
>
> add use_first_pass to this??
In auth stage the pam_mount requests it's passwd from stdin and passes
it to t
Hi all,
I am a bit confused about the usage of pam_mount.
Here is my /etc/pam.d/system-auth:
authrequired pam_env.so
authrequired pam_mount.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid >= 500 quiet
auth
Dear Karan,
>> I am personally not that big fan of Puppet, as things are getting quite
>> complex in large scenarios and as Puppet does not scale well (this has
>> been improved in the latest version if you are using passenger instead
>> of webrick).
>
> Puppet is actually easier to scale beyond a
Hi.
At that point I pass it over to puppet personally. Used to use
cfengine, but there are aspects I prefer when it comes to puppet; your
mileage may of course vary.
well, refer back to my initial email on the subject. Its how you split
state and policy - puppet isnt all that great at state m
Dear Mark,
>> ...
>>> So, what I am looking for really is feedback on what people are using in
>>> the wild on multiple machines, and bonus points for people who only use
>>> tools and mechanisms already built into the CentOS [base] repo.
>>
>> We are using Spacewalk to manage /etc/sysconfig/iptab
Hi again.
>> and I have some examples from my own personal experience. So I don't
>> believe that you can say there is a "best" method, for all situations.
>
> Yes I can. Host information can be spoofed. So can IP Addresses. Here is
> the point you are missing, if he is going to connect to yo
Dear Karan.
...
> So, what I am looking for really is feedback on what people are using in
> the wild on multiple machines, and bonus points for people who only use
> tools and mechanisms already built into the CentOS [base] repo.
We are using Spacewalk to manage /etc/sysconfig/iptables files. Th
Dear James.
>> is there a way to combine iptables parameters like: iptables
>> -A OUTPUT -p UDP & -p TCP -d $IP1 & -d $IP2 ?
I should have better written something like:
-A OUTPUT -p UDP OR -p TCP -d $IP1 OR -d $IP2
as that's what I was looking for. Sorry.
Best Regards
Marcus
_
Dear Ryan.
>>> iptables -A OUTPUT -p UDP -d $IP1-j DROP
>>> iptables -A OUTPUT -p TCP -d $IP1 -j DROP
>>> iptables -A OUTPUT -p UDP -d $IP2 -j DROP
>>> iptables -A OUTPUT -p TCP -d $IP2 -j DROP
>>
>> That's what I am doing atm. Thanks for the update.
>
> BTW, if you have some complex chain of
Hi all,
does it work to define iptables rules with a fqdn as destination
instead of an IP address? Or is it useful to resolve the name first
using e.g. nslookup, writing the result to a variable which is then
used within the -d statement?
Best Regards
Marcus
__
Dear Ryan.
>> is there a way to combine iptables parameters like: iptables -A OUTPUT
>> -p UDP & -p TCP -d $IP1 & -d $IP2 ?
>
> Each of those parameters is called a "match", in IPTables-speak. You
> can specify multiple matches in one rule, but all matches are combined
> with an implicit logical A
Hi all,
is there a way to combine iptables parameters like: iptables -A OUTPUT
-p UDP & -p TCP -d $IP1 & -d $IP2 ?
Best Regards
Marcus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Hi,
> One option would be to comment out the make_resolv_conf() function in
> /sbin/dhclient-script.
btw. a more common way would be to create a /etc/dhclient-enter-hooks
with the following content:
make_resolv_conf(){
:
}
Best Regards
Marcus
_
Dear Niki.
> What's wrong with fr.centos.org? Any news? Site's been dead for quite
> some time now.
I think, yes. There was a hardware failure on the server, and no
restorable backup available. We hope to get the new forums (based on
the updated WebInfrastructure) up soon.
Best Regards
Marcus
__
Dear John,
>> I want to mirror a Centos box, not having done this before, I'm looking
>> for guidance.
>>
>> What is the best way to perform this task, I have a running webserver, a
>> single external IP address to the website, and wanted to protect myself
>> should the server go down. My though w
2009/9/16 Karanbir Singh :
> On 09/16/2009 06:27 PM, Johnny Hughes wrote:
>> If we were having wild beer parties every week .
>
> *WHAT* beer parties ? Where ? When ? will there be food as well ?
They are all located in Texas, so we have to cover traveling costs first :)
Best Regards
Marcus
_
Hi again.
> alias net-pf-24 # PPPoE
Sorry, typo in pf-24.
grep -q '^alias net-pf-3 off' /etc/modprobe.conf || \
echo 'alias net-pf-3 off' >> /etc/modprobe.conf
grep -q '^alias net-pf-4 off' /etc/modprobe.conf || \
echo 'alias net-pf-4 off' >> /etc/modprobe.conf
grep -q '^alias net-pf-5 off' /et
Hi again,
>> The only workaroud that is known to me atm is to disable the affected
>> kernel modules (which should be handled with care as some of them may
>> provide necessary functionality in your operating environment):
>
> If vm.mmap_min_addr is > 0 you are also not affected, at least not by t
Hi all.
Julien Tinnes and Tavis Ormandy from the Google Security Team have
recently found a Linux kernel vulnerability which affects all 2.4 and
2.6 kernels since 2001 on all architectures. Please read the
announcement on LWM: http://lwn.net/Articles/347006/ for further
information about the vulne
Dear Bob,
> All I want is something that doesn't reach end of life so rapidly for
> this application. I should have checked more carefully.
>
> I will try Scientific Linux which is supposed to install from the cd.
>
> Thanks for the help.
Patrice has created an installable 5.2 LiveCD, containing
Hi all,
> Well, I know I have benefited from the discussion because I understand the
> challenges that face the CentOS team with regards to security updates whilst
> they are rebuilding a point release. As has been pointed out to me, we're
> between a rock and a hard-place and it isn't just a simp
Dear Russ.
>>> You don't like reputational vetting and a meritocracy, or how
>>> it is run by the people in charge who have as one goal: not
>>> distributing malware. I get it. Thank you.
>
>> Hey Russ, it's open source. You can just review the spec and
>> comment it until it's ready for release
2009/8/7 R P Herrold :
> On Fri, 7 Aug 2009, Marcus Moeller wrote:
>
>> Then you should not perhaps not call it 'Contrib' repository
>> if no one that you do not personally know can add content to
>> it.
>
> You don't like reputational vetting and a mer
Dear Johnny,
> Well, if something is going to be released as part of CentOS (contrib
> repo or not), then it is going to be correct and it is going to be
> vetted by someone that I PERSONALLY trust ... or it is going to be
> personally tested by me prior to release. Otherwise, it is not going to
Dear Andrew.
>> (like the Contrib repo) are getting a bit clearer so I
>> guess we are on the right track.
>
> Contib repo !!! What Contrib repo ? The last time i tried to
> contribute i was told to head on to Fedora or rpmforge.
The Contrib repository has been re-invented in CentOS 5.3 but it's
Dear Russ,
>>> Don't misunderstand. I think you have done and are doing a great job
>>> but some things are out of any single person's control. All I'm
>>> suggesting is that it would be nice if there were an easy answer to the
>>> question of "what if" those things happen to a few of you. I th
Dear Kai,
> I think the community would benefit from opening a new mailing list for
> these issues. There's already a promo list, but a discussion like this
> doesn't really fit on it. I also think it doesn't fit here.
> So, I think everyone interested about CentOS management should be able to
> d
here longtime
developers take care about new maintainers.
Best Regards
Marcus Moeller
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Hi,
>> My 'dream' OS has always been one where the base install was extremely
>> minimal - just enough to install the rest over the network. Then there
>> would be a way that anyone could 'publish' their installed list of
>> repositories and packages and anyone else could duplicate that machine's
Good Evening.
2009/7/20 David Hrbáč :
> Karanbir Singh napsal(a):
>> yup. We have already looked into the possibility of getting updates out
>> during a point release cycle, and will prolly be moving to that process
>> with the next point release ( 5.4 ).
>>
> Karanbir,
> glad to hear this. We hav
Hi all,
> I have been using RPMforge much longer than EPEL and only have a few
> packages from EPEL on my 5.3 (32 bit) desktop. When I added the EPEL
> Repository to Priorities, the number of packages excluded went from
> approximately 400 to 1705. My belief is that had I not given EPEL a
> very l
Dear Glenn,
> This may be of interest to you: http://wiki.centos.org/HowTos/ManualInstall
>
>
> I haven't gotten around to fixing up some of the remarks made by others, but
> you should get the general idea.
Thanks for that. I am going to check and maybe fix some of the topics
if it's okay for y
Good Morning,
I want to update my CF-Microdrive for my router with CentOS (currently
there is Slacky on it). I have attached the microdrive to my notebook
using a pcmcia CF adapter. Within my CentOS installation the drive is
detected correctly as ide_cf and all partitions are shown.
But as the in
Good Evening.
I spend some time to create a more 'classic' CentOS theme.
# Wallpaper
You can find the 4:3 wallpaper here:
http://www.marcus-moeller.de/share/classic/wallpaper.png
Widescreen will follow
# GRUB
Download the matching GRUB Splash here:
http://www.marcus-moeller.de/share/classic
Dear Robert.
> I have decided to give SME a go. It provides Qmail on Centos 4.7, with
> Centos 5.2 in beta.
>
> I chose SME because I also have to replace an NT server here as well, so
> it makes a good fit.
>
> I have a test system working and building the mailserver replacement
> system now. The
Dear Florian,
> So far, OpenVPN has been working very well for me. Unfortunately, the
> iPhone doesn't have (yet?) an OpenVPN client, so I'm forced to work with
> what's available.
>
> The options are: L2TP, PPTP and IPSec. If you were to install a VPN
> endpoint on CentOS, which protocol would yo
Dear Ned.
>
> You may also need to manually change the context first:
>
> chcon -v --type=samba_share_t /srv/samba
chcon did the trick.
Thanks a lot
Marcus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Hi all,
I have created a directory /srv with the following SELinux context:
system_u:object_r:var_t
Now I want to create a subdirectory within /srv which should get a
different context. So I tried to set e.g.:
semanage fcontext -a -t samba_share_t /srv/samba
/sbin/restorecon -v /srv/samba
but
Good Evening,
There seems to be a bug in iproute caused by nla policy introduction
to the kernel:
http://mailman.ds9a.nl/pipermail/lartc/2007q1/020493.html
So I was not able to set ip rules using e.g.:
ip rule add from all fwmark 3 table TONLINE1
which lead to an error:
RTNETL
Good Evening,
I am trying to set up port based routing on a CentOS 5.2 box as described
here:
http://www.linuxhorizon.ro/iproute2.html (second example)
Therefor I have set up the following mangle and routing rules:
$IPTABLES -A OUTPUT -t mangle -p tcp --dport 1100 -j MARK --set-mark 1
$IPTABLES
Dear Nataraj,
>> > You are going to have to add rules to both your INPUT and OUTPUT
>> > chains to allow this traffic through. Could you send on a copy of
>> > /etc/sysconfig/iptables, if that is how your are loading these rules?
>> > I could then send you the exact commands to run.
>
> One thing
Good Evening.
>> LAN1 -> LINUX_ROUTER -> LAN2
>>
>> Response:
>>
>> LAN2 -> CORE-ROUTER(with LINUX_ROUTER as default Gateway) ->
>> LINUX_ROUTER | BLOCKED | LAN1
>>
>> This may be the case as the CORE-ROUTER was not part of the network in
>> good ol' slacky times.
>
> You do have all your Rou
Good Evening,
>> The strange thing is that it seems to be blocked by netfilter. I am
>> using exactly the same rules on a Slackware Box without any problems.
>
> Slackware is the Key here Marcus. The two distros have different modules
> built into the kernel by default and maybe a cause for w
Dear Michael,
> The system you are trying to forward with has at least two nics on
> different networks?
> However you are trying to forward between aliases on one nic that is
> located on your internal network?
> And the other nic connects to a DMZ or gateway network?
> This system is not a decic
Hi,
>> iptables -L -v now shows:
>>
>> 0 0 ACCEPT all -- eth0 eth0anywhere
>> anywherestate NEW,RELATED,ESTABLISHED
>>
>> But the packages are still dropped:
>>
>> Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
>> SRC=192.168.100.192 DST=172.28.2.161 LEN
Hi again,
> Yes that would be correct Marcus echo it into /proc or in /etc/sysctl.conf
> would be
> # Controls IP packet forwarding
> net.ipv4.ip_forward = 1
This is what I have done already. sysctl -p gives me:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.ac
Good Morning,
iptables -L -v now shows:
0 0 ACCEPT all -- eth0 eth0anywhere
anywherestate NEW,RELATED,ESTABLISHED
But the packages are still dropped:
Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
SRC=192.168.100.192 DST=172.28.2.161 LEN=44 TOS=0x00 P
2009/2/7 Robert Spangler :
> On Friday 06 February 2009 15:57, Marcus Moeller wrote:
>
>> Hi Again.
>>
>> > Iptables -nL
>> >
>> > Show?
>>
>> Here is the complete output (there are a lot of other rules active on
>> that machine
Dear Filipe,
> On Fri, Feb 6, 2009 at 13:13, Marcus Moeller wrote:
>> I am trying to forward packages on an internal device using iptables:
>>
>> /sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
>> NEW,RELATED,ESTABLISHED -j ACCEPT
>
> What is y
not sure why I schould add input and output rules if I want to
forward packages through a device but I can give it a try.
Btw. I am using service iptables save at the bottom of my script to
store the rules.
Best Regards
Marcus
> Josh
>
>
> On Fri, Feb 6, 2009 at 1:57 PM, Marcus
Hi Again.
> Iptables -nL
>
> Show?
Here is the complete output (there are a lot of other rules active on
that machine):
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/00.0.0.0/0
my_dropall -- 10.0.0.0/8 0.0.0.
Dear Josh,
> What does your input and output chains show?
>
> Josh
I guess you mean the forward rules:
ACCEPT all -- eth0 eth0anywhere anywhere
state NEW,RELATED,ESTABLISHED
Best Regards
Marcus
___
CentOS mailing list
Cent
Good Evening,
I am trying to forward packages on an internal device using iptables:
/sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
but the packages are still blocked, e.g.:
Feb 6 20:58:28 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
SRC=192.168.100.1
Hi all,
I have set up an encrypted partition on a usb key and can now
successfully mount it using:
cryptsetup luksOpen /dev/DEVICENODE cryptousb
mount /dev/mapper/cryptousb /mountpoint
My aim is now to do this using HAL and GNOME's Luks integration. I am
already asked for the pass phrase after p
Dear John.
> AFAIK, that is the only to do it. Unless your willing to switch to MSDHCP
Maybe I file a bug report on that.
> (win$). Just currious, why do you need to have 2 different ips with from a
> different subnet assigned to one client?.
As mentioned before, one is a private LAN and the ot
> >From the dhcp.conf.5 manual. This seems like it would skin the cat for your
> needs Specify this in each Scope and you should be set. It will allow you to
> have the two different addresses from two different SNs. That is as Per the
As I have already mentioned in my initial post, that's what I
Dear John,
> Marcus, I do not think what your trying to do is going to work. Why?
> "failover peer "intra-net"" . You will need a dhcp.master configuration file
> on both servers. You running two dhcp servers? Debug with only one server.
Of course, the failover is set up and working correctly. Pl
Dear John.
> The two commands I posted for you to set it up that way can be done in a
> Single File Configuration. The last config file I posted for you was for two
> NICS on two different Subnets.
I am not yet sure if we are talking about the same problem, so here is
my current configuration. Un
Dear John,
>> Subnet A (192.168.2.x) <-> DHCP Server with 2 NICs <-> Subnet B (10.1.0.0)
>>
>> Clients on Subnet A should get a static IP from the host declaration.
>> Clients on Subnet B should obtain dynamic IP addresses from a range.
>> The two subnets are not physically connected but a CLIENT s
>>This I am not sure can be done with dhcpd. However you can specify NIC to
>> fixed static addys and the nic harware address in the dhcp.conf file.
>
>>How does that work?
>
> JohnStanley Writes:
> This is what I am talking about at the end of the ".conf" file below. That
> is what you are trying
Dear John,
> In reading your post a couple more times, I think I see what you are after.
> Elaborate a little more on what you want exactly.
> You want the NIC to get an addy from the dhcpd server from the Subnet A
> address pool and then want to also obtain an addy from the Subnet B Fixed
> addy
Dear Paul.
> You can assign multiple host blocks for the same NIC, using a fixed-address
> directive in one but not in other. dhcpd will try for the best match. If the
> request arrives from subnet-B, and the fixed address is on that net, then
> that's the block that gets used. Otherwise, the less
Hi all.
I have set up a DHCP server with multiple subnet configurations (let's
say subnet A and B). Within that I have declared pools and static
hosts addresses.
Now, if I have set up a static host entry (with fixed-address) in
Subnet B for a specific machine and try to connect to Subnet A with
t
Good Evening.
>>> I believe what Dag is saying is that, if you wish to use audacity, you
>>> cannot update wxGTK. Conversely, if you update wxGTK, you cannot use
>>> audacity. I'm sure he will eventually resolve the issue.
>>
>> In the meantime, how are we supposed to go about to install AMule,
Dear Niki
>> Anybody running CentOS on Eee PC 1000H? In CentOS wiki[0] there is a draft
>> about Eee PC 900 from Fabian Arrotin. Does the same howto work for Eee PC
>> 1000H?
>>
>
> Dunno, but I successfully managed to install CentOS 5.2 on a similar piece
> of hardware, the MSI Wind U100 netbook.
Dear Tom.
> > # Do not remove the following line, or various programs
> > # that require network functionality will fail.
> > 127.0.0.1 localhost.localdomain localhost
> > 127.0.0.1 calimero.local calimero
> > ::1 localhost6.localdomain6 localhost6
> >
>
> Lots of replies
Dear Bob.
> /etc/sysconfig/network
> Hostname=server1.mydomain.com
> (where the domain is one of my websites on the server, actually my name
> server too)
As mentioned before, I cannot see that this variable is used in any form.
> Change /etc/hosts
> First of all, leave all the original stuff an
Good Evening.
> Hit that nail on the head and exactly what I was describing.
>
> Thing is, why does upstream and/or other distros do that?
>
> What is the reasoning?
The reason for setting a hostname on loopback is simple. Major
distributions want to brand their installs even if the box has not
n
Dear Robert.
> Per "man hostname"
>
> FILES
> /etc/hosts /etc/sysconfig/network
>
> NOTE
> Note that hostname doesnât change anything permanently. After reboot
> original names from /etc/hosts are used again.
That's clear.
> Do you really think one should tie the hostname to the loop
2008/9/13 Niki Kovacs <[EMAIL PROTECTED]>:
> Marcus Moeller a écrit :
>>
>>> From Slackwares /etc/hosts:
>>
>> ...
>> # By the way, Arnt Gulbrandsen <[EMAIL PROTECTED]> says that 127.0.0.1
>> # should NEVER be named with the name of the mach
Dear Niki.
>> It should look like this:
>>
>> 127.0.0.1 localhost.localdomainlocalhost calimero.local
>> calimero
>>
>
> I slightly altered it:
>
> [EMAIL PROTECTED] ~]$ cat /etc/hosts
> # Do not remove the following line, or various programs
> # that require network functionality wil
Dear Niki.
> 2) add a line to /etc/hosts like this:
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1 localhost.localdomain localhost
> 127.0.0.1 calimero.local calimero
> ::1 localhost6.localdomain6
77 matches
Mail list logo
