Discuss June 2008

discuss@lists.centos.org

353 participants
415 discussions

/usr/bin/id behavior since CentOS 5.2 upgrade
by kfx 25 Jun '08

25 Jun '08

Hi list, Since the upgrade to 5.2, when I log into my server with a ldap account I have these 2 errors messages: -bash: [: =: unary operator expected -bash: [: -le: unary operator expected After investigation, the trouble come from two scripts in /etc/profile.d: /etc/profile.d/krb5-workstation.sh /etc/profile.d/vim.sh The problem is with the test where the command "id" is involved, like: if [ `/usr/bin/id -u` = 0 ] ; If I add double quotes ("`/usr/bin/id -u`"), it will work again. Indeed, as a connected ldap user, the id command returns nothing when quoted: [ldapUser@server ~]$ /usr/bin/id -u 12345 [ldapUser@server ~]$ `/usr/bin/id -u` [ldapUser@server ~]$ As a normal user, the command behaves normally: [user@server ~]$ `/usr/bin/id -u` -bash: 1302: command not found [user@server ~]$ /usr/bin/id -u 1302 I have modified theses two scripts but I am afraid it will break something in the future. Any idea on how to resolve this cleanly ? Best regards, kfx PS: Linux server 2.6.18-92.1.1.el5xen #1 SMP Sat Jun 21 19:21:20 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

3 2

udevd can't reach LDAP-server during boot
by Bernhard Gschaider 25 Jun '08

25 Jun '08

Hi! I'm using CentOS 5.1 (x86_64) machines which authenticate using LDAP. At the start of booting I get messages like this: udevd[1158]: nss_ldap: failed to bind to LDAP server ldaps://ldap.server.example.com/: Can't contact LDAP server udevd[1158]: nss_ldap: reconnecting to LDAP server... udevd[1158]: nss_ldap: could not connect to any LDAP server as (null) - Can't contact LDAP server udevd[1158]: nss_ldap: failed to bind to LDAP server ldaps://ldap.server.example.com/: Can't contact LDAP server udevd[1158]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)... This escaletes to 2, 4, 8, 16, 32, 64 seconds. After that (==timeouting for 2 minutes) booting continues without problem, so this is not really a showstopper, but inconvenient. Googling around revealed some fixes for Debian/Ubuntu. The bottom line i that udevd needs some user/group that is not in the local files but on the LDAP-server. The fix usually was adding this user (nvram, scanner ...) or group locally. The problem is, that on these systems after the last attempt something like udevd[1158]: lookup_group: error resolving group 'rdma': Illegal seek is printed out, makeing it easy to find the right group/user. Is there a way to get CentOS to a similar behaviour, making it easier to find the culprit? Bernhard

3 3

PHP 5.2 for CentOS 5.x
by Gerald Balzer 25 Jun '08

25 Jun '08

Hi, has the CentOS version of php 5.2.x also been released yet? I couldn't find it. Thanks Gerald -- Gerald Balzer, Senior Partner T: +41 44 440 55 13 E: g.balzer(a)unicum-consulting.ch E: gerald(a)crbm.ch ****************************************** Unicum Consulting & Marketing GmbH Luzernerstrasse 51a, CH-6010 Kriens Business Solutions to suit your needs http://www.unicum-consulting.ch ******************************************

8 14

Kernel panic since CentOS 5.2 upgrade
by Olaf Mueller 25 Jun '08

25 Jun '08

Hello, since upgrading to CentOS 5.2 my notebook hangs while booting with a "Kernel panic - not syncing: Fatal exception" error. Here is a screenshot: http://www.istari.de/olaf/centos/r0013878.jpg # uname -a Linux beutelsend.istari.de 2.6.18-53.1.21.el5 #1 SMP Tue May 20 09:34:18 EDT 2008 i686 i686 i386 GNU/Linux # grep kernel /etc/grub.conf kernel /vmlinuz-2.6.18-92.1.1.el5 ro root=/dev/VolGroup00/LogVol00 acpi=off noapic apm=power-off # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 5 model name : Pentium II (Deschutes) stepping : 2 cpu MHz : 266.637 cache size : 512 KB fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 mtrr pge mca cmov pat pse36 mmx fxsr up bogomips : 533.80 Ok, that toshiba tecra 8000 notebook is very old, but I use it as a thin client. And for that it makes a great job. I have had no such problem under CentOS 5 and 5.1. Should I stay with kernel 2.6.18-53.1.21.el5 or is there a workaround? Thank you very much. Olaf

2 2

Problem with evolution while upgrading to CentOS 5.2
by Bernhard Gschaider 25 Jun '08

25 Jun '08

Hi! When trying to prepare a workstation with (so that the real "yum upgrade" doesn't have to download the packages) yum upgrade --upgradeonly it fails with these messages: Error: Missing Dependency: libegroupwise-1.2.so.12 is needed by package evolution Error: Missing Dependency: libgtkhtml-3.8.so.15 is needed by package evolution Error: Missing Dependency: libexchange-storage-1.2.so.2 is needed by package evolution Error: Missing Dependency: libexchange-storage-1.2.so.2()(64bit) is needed by package evolution Error: Missing Dependency: libegroupwise-1.2.so.12()(64bit) is needed by package evolution On the test-machine I solved this by deinstalling evolution (I don't use it anyway), but this is not an option for the other machines Could anyone give me a hint what is wrong? Bernhard

3 3

Suggestions for a plug and play CA certificate manager?
by James B. Byrne 25 Jun '08

25 Jun '08

I have played with self-signed end-use PKI certificates for about a decade now and would really like to set up a proper, albeit private, PKI using some sort of OFS CA management software. I have looked at OpenCA and found a few packages on sourceforge but they all seem to fall short of my desires in one form or another (rpm install, multiple subordinate CAs, certificate revocation and extension management, web-based or linux/microsoft GUI) . I have even tried to use the scripts that come with OpenSSL with very limited success. What I would like to do is to set up a self-signed root CA certificate, then use that to issue one or more signing CA's, each possibly limited as to what type of certificate that they can sign. These issuing CAs would then sign certificate requests for end-use certificates for hosts, email accounts, document provenance, objects, etc. | -- root_CA | | -- issuer_hosts_a_CA | | -- certs | | | -- cert_issued_index | | ` -- cert_revoked_list | | -- csrs | ` -- private | ` -- issuer_hosts_a_CA+key.pem | | -- issuer_services_a_CA | | -- certs | | | -- cert_issued_index | | ` -- cert_revoked_list | | -- csrs | ` -- private | ` -- issuer_services_a_CA+key.pem | ` -- issuer_email_a_CA | -- certs | | -- cert_issued_index | ` -- cert_revoked_list | -- csrs ` -- private ` -- issuer_email_a_CA+key.pem What software do people use to manage a PKI on CentOS5? Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

3 2

Centos 5.2 and Xen
by centos＠911networks.com 24 Jun '08

24 Jun '08

Hi, 1. I am NOT asking when it will be out. It will be when it's ready, very soon. 2. Is there a good tutorial on how to use Xen with Windows? I have googled and have not found some nice clear such as step 1,2,3... and why use this configuration. -- Thanks http://www.911networks.com When the network has to work

17 35

rsh issue/update (access denied)...
by bruce 24 Jun '08

24 Jun '08

hi... i've got an "access denied" issue with rsh on one of my boxes (and before we start, no "use ssh" comments.. rsh is what i'm dealing with for now!!) i've got a few boxes in my network, and i can successfully rsh into them with no issue. however, on one box, i can't access it using rsh, and i'm running out of things to try... kind of curious. i can login using rlogin. i've modifed the /etc/pam.d/rsh,rlogin files, along with the /etc/securetty file. i've also changed the /etc/xinetd.d/(rsh,rlogin)files. as far as i can tell, nothing else has been changed... the curious thing. as far as i can tell... the files on the system that doesn't work, are the same as the files on the systems that are allowing rsh to occur... the err i'm getting in the /var/log/secure is: Jun 23 22:16:09 lserver5 userhelper[2186]: pam_timestamp(system-config-services:session): updated timestamp file `/var/run/sudo/root/unknown' Jun 23 22:16:09 lserver5 userhelper[2189]: running '/usr/sbin/system-config-services' with root privileges on behalf of 'root' Jun 23 22:16:28 lserver5 xinetd[2227]: START: shell pid=2239 from=192.168.1.45 Jun 23 22:16:28 lserver5 rshd[2239]: pam_rhosts_auth(rsh:auth): denied to root(a)192.168.1.45 as test1: access not allowed Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session opened for user test1 by (uid=0) Jun 23 22:16:28 lserver5 rshd[2239]: pam_unix(rsh:session): session closed for user test1 etc/pam.d/rsh #%PAM-1.0 # For root login to succeed here with pam_securetty, "rsh" must be # listed in /etc/securetty. auth required pam_nologin.so auth sufficient pam_rhosts_auth.so promiscuous auth required pam_securetty.so auth required pam_env.so account include system-auth session include system-auth etc/pam.d/rlogin #%PAM-1.0 # For root login to succeed here with pam_securetty, "rlogin" must be # listed in /etc/securetty. auth required pam_nologin.so auth sufficient pam_rhosts_auth.so promiscuous auth required pam_securetty.so auth required pam_env.so auth include system-auth account include system-auth password include system-auth session include system-auth /etc/securetty rsh rlogin rlogind rexec console vc/1 vc/2 vc/3 vc/4 vc/5 . . . /etc/xinetd.d/rexec:: # description: Rexecd is the server for the rexec(3) routine. The server \ # provides remote execution facilities with authentication based \ # on user names and passwords. service exec { socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rexecd disable = no } /etc/xinetd.d/rsh:: # default: on # description: The rshd server is the server for the rcmd(3) routine and, \ # consequently, for the rsh(1) program. The server provides \ # remote execution facilities with authentication based on \ # privileged port numbers from trusted hosts. service shell { disable = no socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rshd } /etc/xinetd.d/rlogin:: # default: on # description: rlogind is the server for the rlogin(1) program. The server \ # provides a remote login facility with authentication based on \ # privileged port numbers from trusted hosts. service login { socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rlogind disable = no } i've been searching across the net for the last day or so, so i suspect that the solution is staring at me and i'm missing it! is there a way to debug this from the server side? is there a way to turn off authentication.. Is there a way to turn off/disable securetty... so... any thoughts/comments/things to check would be greatly appreciated.... thanks

2 1

problem with telnet
by fabian dacunha 24 Jun '08

24 Jun '08

Dear All i have a centos 5 server running as a backup PC server and is working perfect for abt 3 months jus a couple of days back when i tried to telnet to the server it gave me connection refused i go to the server and when i say telnet localhost it says getaddrinfo: localhost Name or service not known the /etc/hosts file has the loopback entry and the actuall ip address of the server firewall is disabled selinux disbled no /etc/hosts.allow or /etc/hosts.deny telnet is enabled in /etc/xident.d/telnet file now when i do a nmap on this sserver i dont see the telnet service open but i hav another 3 centos 5 servers n when i do a nmap on these there is telnet open also services file has telnet no errors in /var/log/secure or /var/log/messages i also removed telnet server n resinstalled it but the same wondering whts wrong apprecite your help -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

4 3

DNS query
by fabian dacunha 24 Jun '08

24 Jun '08

Dear All, i have the following setup CentOS 5 server running as a primary DNS server for a long time and is working perfectly fine the server is on public IP and we have abt 5 zones apart from the reverse n local zone now our sister company have recently setup their own DNS and we are supposed to use it. earlier our cleints were using a host file now on my master dns server in /etc/named.conf i created a new zone with the following statement zone "cse.net.kw" IN { type slave; masters { 172.31.1.240; }; file "cse.db"; allow-query { any; }; // the default allow-transfer { none; }; }; and when i reload the dns server the file cse.db is not created also in /var/log/messages i c the following Jun 24 18:17:41 kmdns1 named[1771]: loading configuration from '/etc/named.conf' Jun 24 18:17:41 kmdns1 named[1771]: zone cse.net.kw/IN: refresh: non-authoritative answer from master 172.31.1.240#53 (source 0.0.0.0#0) actually i would want all the cleints to query the 172.31.1.240 DNS server without adding this IP in their configurtion . all the cleint hav our master dns server in their own setup so actually query 172.31.1.240 DNS server through our DNS apprecite your help or cd i have contitional forwarding something like when a client queries the 172.31.1.240 our master DNS jus forwards the queries to 172.31.1.240 instead of sending it out on the internet since 172.31.1.0 network is connected directly and is a part of out intranet really wd apprecite your help and ideas with examples regards fabian -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

3 3

← Newer
1
...
11
12
13
14
15
16
17
...
42
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss June 2008