When configuring CentOS 4 to authenticate (for all things, such as ssh and samba shares) against Active Directory is it necessary to check both the Kerberos and Winbind options under "Authentication," or is Winbind alone sufficient (since winbind uses kerberos)?
When I have attempted to get this working, I was only able to do it with both kerberos and winbind selected. The other problem I had was that I had to have a local account with the same username. I am sure it is something very small that I am missing, but I just can't figure it out.
Any comments or suggestions are highly appreciated.
Doug Long wrote:
When configuring CentOS 4 to authenticate (for all things, such as ssh and samba shares) against Active Directory is it necessary to check both the Kerberos and Winbind options under "Authentication," or is Winbind alone sufficient (since winbind uses kerberos)?
Only Winbind is required.
-- Rex
On Thu, 2005-12-22 at 11:35, Rex Dieter wrote:
When configuring CentOS 4 to authenticate (for all things, such as ssh and samba shares) against Active Directory is it necessary to check both the Kerberos and Winbind options under "Authentication," or is Winbind alone sufficient (since winbind uses kerberos)?
Only Winbind is required.
Is there a way to configure multiple machines to use AD authentication and get the same uids so NFS mounts will work across all of them?
Les Mikesell wrote:
Is there a way to configure multiple machines to use AD authentication and get the same uids so NFS mounts will work across all of them?
man smb.conf, look for "idmap backend". 2 options: idmap_ad or idmap_rid.
Unfortunately, stock redhat/fedora samba doesn't include those 2 optional modules (not until recently in development anyway): http://bugzilla.redhat.com/bugzilla/156810
-- Rex
On Thu, 2005-12-22 at 13:10, Rex Dieter wrote:
Is there a way to configure multiple machines to use AD authentication and get the same uids so NFS mounts will work across all of them?
man smb.conf, look for "idmap backend". 2 options: idmap_ad or idmap_rid.
Unfortunately, stock redhat/fedora samba doesn't include those 2 optional modules (not until recently in development anyway): http://bugzilla.redhat.com/bugzilla/156810
Thanks - would it work to use the fedora directory server set up to sync with AD? (Seems like a lot of work just for this effect...). Or maybe just add windows services for unix on the AD servers and use NIS on the Linux boxes instead? I'd think this would be a common problem these days. Up till now I've been creating the accounts manually but using smb authentication against a PDC to avoid dealing with passwords but the windows side of the house is just completing a move to AD.
find is giving me fits!
this command is really the heart of a backup script I am trying to get going.
here's the line:
if find / -mtime -1 -type f | xargs clamscan - l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1 > /usr/local/bin/changedfilelog; then
and the clamexcludes: clamexcludes="--exclude=/sys/bus/pci/drivers --exclude=/proc -- exclude=/sys/class/scsi_host --exclude=/usr/share/doc/clamav-0.87 -- exclude=/usr/lib/mailman/tests/msgs "
kk ...when it's all over...I have to have /var/log/clamav/clamscan-bu- daily.log to be w/out FOUND or ERROR words anywhere. if either of these words are in that file, the system will not back up but instead, email me.
the immediate problem is...no matter what I try, the find command does not perform as I want.
the file seems to load up like 280,000 files which seems like the total system etc.
thx
John Rose
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Dec 24, 2005 at 10:49:25AM -0600, rado wrote:
find is giving me fits!
this command is really the heart of a backup script I am trying to get going.
here's the line:
if find / -mtime -1 -type f | xargs clamscan - l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1 > /usr/local/bin/changedfilelog; then
and the clamexcludes: clamexcludes="--exclude=/sys/bus/pci/drivers --exclude=/proc -- exclude=/sys/class/scsi_host --exclude=/usr/share/doc/clamav-0.87 -- exclude=/usr/lib/mailman/tests/msgs "
kk ...when it's all over...I have to have /var/log/clamav/clamscan-bu- daily.log to be w/out FOUND or ERROR words anywhere. if either of these words are in that file, the system will not back up but instead, email me.
the immediate problem is...no matter what I try, the find command does not perform as I want.
the file seems to load up like 280,000 files which seems like the total system etc.
There are actually easier ways to do it, you know. You can first run clanscan, then check the logfile with either grep or sed to make sure it is what you want it to be, and based on that result decide what to do with an if statement.
Something like this:
find / -mtime -1 -type f --exec clanscan -l \ /var/log/camav/clanscan-bu-daily.log \ $clanexcludes -r --no-summary "{}" ; | \ cut -d: -f1 > /usr/local/bin/changedfilelog NOTOK=`cat /var/log/clamav/clamscan-bu-daily.log | sed -n -e '/FOUND/p;/ERROR/p'`
if [ "${NOTOK}" != "" ]; then ....
I can't actually test this here, since I don't use clanscan, but it is supposed to do what you want.
[]s
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
Rodrigo Barbosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Dec 24, 2005 at 10:49:25AM -0600, rado wrote:
find is giving me fits!
this command is really the heart of a backup script I am trying to get going.
here's the line:
if find / -mtime -1 -type f | xargs clamscan - l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1 > /usr/local/bin/changedfilelog; then
and the clamexcludes: clamexcludes="--exclude=/sys/bus/pci/drivers --exclude=/proc -- exclude=/sys/class/scsi_host --exclude=/usr/share/doc/clamav-0.87 -- exclude=/usr/lib/mailman/tests/msgs "
kk ...when it's all over...I have to have /var/log/clamav/clamscan-bu- daily.log to be w/out FOUND or ERROR words anywhere. if either of these words are in that file, the system will not back up but instead, email me.
the immediate problem is...no matter what I try, the find command does not perform as I want.
the file seems to load up like 280,000 files which seems like the total system etc.
There are actually easier ways to do it, you know. You can first run clanscan, then check the logfile with either grep or sed to make sure it is what you want it to be, and based on that result decide what to do with an if statement.
Something like this:
find / -mtime -1 -type f --exec clanscan -l \ /var/log/camav/clanscan-bu-daily.log \ $clanexcludes -r --no-summary "{}" ; | \ cut -d: -f1 > /usr/local/bin/changedfilelog NOTOK=`cat /var/log/clamav/clamscan-bu-daily.log | sed -n -e '/FOUND/p;/ERROR/p'`
if [ "${NOTOK}" != "" ]; then ....
I can't actually test this here, since I don't use clanscan, but it is supposed to do what you want.
[]s
Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDrf64pdyWzQ5b5ckRAuHbAJkBTw0AMYXRvafnoXdkt4XmawXcdACdGIst zMezfdBk2VnwhBQpzpJmK50= =zIME -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Speaking of the 'find' command, I believe I found an inconsistency just a few hours ago. In "man find", it states that when testing by size, the suffixes b, c, w, k, M and G are valid. However, the texinfo document makes no mention of the 'M' or 'G' suffixes. The command appears to work like the info file says. [rj@mavis download]$ find ~ -depth -type f -size +600M -print find: invalid -size type `M' [rj@mavis download]$ Using a size test "-size +600000k" instead works fine.
This is with CentOS 4.2, fully updated. [rj@mavis download]$ rpm -q findutils findutils-4.1.20-7
On Sun, 2005-12-25 at 00:06 -0200, Rodrigo Barbosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Dec 24, 2005 at 10:49:25AM -0600, rado wrote:
find is giving me fits!
this command is really the heart of a backup script I am trying to get going.
here's the line:
if find / -mtime -1 -type f | xargs clamscan - l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1 > /usr/local/bin/changedfilelog; then
and the clamexcludes: clamexcludes="--exclude=/sys/bus/pci/drivers --exclude=/proc -- exclude=/sys/class/scsi_host --exclude=/usr/share/doc/clamav-0.87 -- exclude=/usr/lib/mailman/tests/msgs "
kk ...when it's all over...I have to have /var/log/clamav/clamscan-bu- daily.log to be w/out FOUND or ERROR words anywhere. if either of these words are in that file, the system will not back up but instead, email me.
the immediate problem is...no matter what I try, the find command does not perform as I want.
the file seems to load up like 280,000 files which seems like the total system etc.
There are actually easier ways to do it, you know. You can first run clanscan, then check the logfile with either grep or sed to make sure it is what you want it to be, and based on that result decide what to do with an if statement.
Something like this:
find / -mtime -1 -type f --exec clanscan -l \ /var/log/camav/clanscan-bu-daily.log \ $clanexcludes -r --no-summary "{}" ; | \ cut -d: -f1 > /usr/local/bin/changedfilelog NOTOK=`cat /var/log/clamav/clamscan-bu-daily.log | sed -n -e '/FOUND/p;/ERROR/p'`
if [ "${NOTOK}" != "" ]; then ....
I can't actually test this here, since I don't use clanscan, but it is supposed to do what you want.
Rodrigo, thx for this! ...Christmas and all that's goin on...hopefully tonite or tomorrow nite I can get back and try your ideas of this...thx for them!
John Rose
On Sun, 2005-12-25 at 00:06 -0200, Rodrigo Barbosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sat, Dec 24, 2005 at 10:49:25AM -0600, rado wrote:
find is giving me fits!
this command is really the heart of a backup script I am trying to get going.
here's the line:
if find / -mtime -1 -type f | xargs clamscan - l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1 > /usr/local/bin/changedfilelog; then
and the clamexcludes: clamexcludes="--exclude=/sys/bus/pci/drivers --exclude=/proc -- exclude=/sys/class/scsi_host --exclude=/usr/share/doc/clamav-0.87 -- exclude=/usr/lib/mailman/tests/msgs "
kk ...when it's all over...I have to have /var/log/clamav/clamscan-bu- daily.log to be w/out FOUND or ERROR words anywhere. if either of these words are in that file, the system will not back up but instead, email me.
the immediate problem is...no matter what I try, the find command does not perform as I want.
the file seems to load up like 280,000 files which seems like the total system etc.
There are actually easier ways to do it, you know. You can first run clanscan, then check the logfile with either grep or sed to make sure it is what you want it to be, and based on that result decide what to do with an if statement.
Something like this:
find / -mtime -1 -type f --exec clanscan -l \ /var/log/camav/clanscan-bu-daily.log \ $clanexcludes -r --no-summary "{}" ; | \ cut -d: -f1 > /usr/local/bin/changedfilelog NOTOK=`cat /var/log/clamav/clamscan-bu-daily.log | sed -n -e '/FOUND/p;/ERROR/p'`
if [ "${NOTOK}" != "" ]; then ....
I can't actually test this here, since I don't use clanscan, but it is supposed to do what you want.
[]s
Rodrigo, kk...for the last days, when I had a few mins, I kept testing different things w/this find stuff:
kk this was/is the find following the paths I originally used w/new mods: find / -path /sys/bus/pci/drivers -prune -o -path /proc -prune -o -type f -mtime -1 | xargs clamscan -l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1
/usr/local/bin/changedfilelog
--------------------------------- kk this performs pretty well now...avg time to run is about 3-4 minutes...and logging about 6-7000 files to be rsynced and also clamav produces no "ERROR" or "FOUND" messages.
this is the find statement you kinda suggested using "-exec": find / -type f -mtime -1 -exec clamscan -l /var/log/clamav/clamscan- bu-daily.log $clamexcludes -r --no-summary "{}" ; | cut -d: -f1
/usr/local/bin/changedfilelog
although I did enjoy playing w/this as I had never any experience w/the "-exec" command...well, it produced about the same amt of files to send to rsync w/no clamscan errors that would stop it but it took approx 1 hr to complete.
I am msging bout this just FYI and out of respect that you did indeed try to help solve this problem...and, of course, if others might find this of any use.
also, it seems that no matter what I tried I cannot get find to stop looking in /proc lol
oh well at least I have the statement to a state where it produces no errors to block the back up for taking place.
thx for the comments
John Rose
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Dec 28, 2005 at 11:13:08AM -0600, rado wrote:
Something like this:
find / -mtime -1 -type f --exec clanscan -l \ /var/log/camav/clanscan-bu-daily.log \ $clanexcludes -r --no-summary "{}" ; | \ cut -d: -f1 > /usr/local/bin/changedfilelog NOTOK=`cat /var/log/clamav/clamscan-bu-daily.log | sed -n -e '/FOUND/p;/ERROR/p'`
if [ "${NOTOK}" != "" ]; then ....
I can't actually test this here, since I don't use clanscan, but it is supposed to do what you want.
kk this was/is the find following the paths I originally used w/new mods: find / -path /sys/bus/pci/drivers -prune -o -path /proc -prune -o -type f -mtime -1 | xargs clamscan -l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1
/usr/local/bin/changedfilelog
kk this performs pretty well now...avg time to run is about 3-4 minutes...and logging about 6-7000 files to be rsynced and also clamav produces no "ERROR" or "FOUND" messages.
this is the find statement you kinda suggested using "-exec": find / -type f -mtime -1 -exec clamscan -l /var/log/clamav/clamscan- bu-daily.log $clamexcludes -r --no-summary "{}" ; | cut -d: -f1
/usr/local/bin/changedfilelog
although I did enjoy playing w/this as I had never any experience w/the "-exec" command...well, it produced about the same amt of files to send to rsync w/no clamscan errors that would stop it but it took approx 1 hr to complete.
I am msging bout this just FYI and out of respect that you did indeed try to help solve this problem...and, of course, if others might find this of any use.
The main different is that -exec will execute clanscan once for each file, while your solution using xargs will provide the whole list of files as a parameter. Just be cause because the way you are doing it, you have 3 possible risks: 1) The command line will get too long, and the command won't execute 2) The command line will get too long, will be truncated, and you can get a different result 3) Filenames with special character, even a space, can give you small headaches
Both solutions are valid, and both have positive and negative aspects. Choosing between them should be done on a case by case basis.
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
On Wed, 2005-12-28 at 15:31 -0200, Rodrigo Barbosa wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Dec 28, 2005 at 11:13:08AM -0600, rado wrote:
Something like this:
find / -mtime -1 -type f --exec clanscan -l \ /var/log/camav/clanscan-bu-daily.log \ $clanexcludes -r --no-summary "{}" ; | \ cut -d: -f1 > /usr/local/bin/changedfilelog NOTOK=`cat /var/log/clamav/clamscan-bu-daily.log | sed -n -e '/FOUND/p;/ERROR/p'`
if [ "${NOTOK}" != "" ]; then ....
I can't actually test this here, since I don't use clanscan, but it is supposed to do what you want.
kk this was/is the find following the paths I originally used w/new mods: find / -path /sys/bus/pci/drivers -prune -o -path /proc -prune -o -type f -mtime -1 | xargs clamscan -l /var/log/clamav/clamscan-bu-daily.log $clamexcludes -r --no-summary | cut -d: -f1
/usr/local/bin/changedfilelog
kk this performs pretty well now...avg time to run is about 3-4 minutes...and logging about 6-7000 files to be rsynced and also clamav produces no "ERROR" or "FOUND" messages.
this is the find statement you kinda suggested using "-exec": find / -type f -mtime -1 -exec clamscan -l /var/log/clamav/clamscan- bu-daily.log $clamexcludes -r --no-summary "{}" ; | cut -d: -f1
/usr/local/bin/changedfilelog
although I did enjoy playing w/this as I had never any experience w/the "-exec" command...well, it produced about the same amt of files to send to rsync w/no clamscan errors that would stop it but it took approx 1 hr to complete.
I am msging bout this just FYI and out of respect that you did indeed try to help solve this problem...and, of course, if others might find this of any use.
The main different is that -exec will execute clanscan once for each file, while your solution using xargs will provide the whole list of files as a parameter. Just be cause because the way you are doing it, you have 3 possible risks:
- The command line will get too long, and the command won't execute
- The command line will get too long, will be truncated, and you can get a different result
- Filenames with special character, even a space, can give you small headaches
Rodrigo...
... earlier in the year, say may or even round april...I recall having this working somewhat...and experiencing the files w/spaces thing. then moving and then katrina hit us pretty good and knocked me out of power for a month and then getting back to this discovering that the whole backup system needed rewriting. Now, granted, I am not pleased w/the way that "-prune" acts and in clamav "--exclude" ...guess puzzled bout it is the word. yep still have it not solved there yet BUT, I feel I gotta go the way I am because of the time factor...3-4 mins vs 1 hr +-2-3mins. Although I want to move past this find deal I would rather know exactly what and why every detail works or doesn't. lol I'm in it too deep not to!!! hahaha but it's a whatever deal thx
John Rose
Both solutions are valid, and both have positive and negative aspects. Choosing between them should be done on a case by case basis.
On Wed, 2005-12-28 at 11:13, rado wrote:
although I did enjoy playing w/this as I had never any experience w/the "-exec" command...well, it produced about the same amt of files to send to rsync w/no clamscan errors that would stop it but it took approx 1 hr to complete.
For programs that take multiple filenames on the command line it is much more efficient to pipe the list to xargs instead of using exec which will start the program over again for every file. However, if you have filenames with embedded spaces, shell metacharacters or newlines, you can have problems as xargs presents them on a command line to the program. On GNU based systems you can use the -print0 argument to find and -0 to xargs to make them pass the filenames null-terminated and quote them correctly on the command line. When I saw your first post I wondered if you had filenames with *'s or spaces that made clamscan see directories after the shell parsing and then waste time with its own recursion.
also, it seems that no matter what I tried I cannot get find to stop looking in /proc lol
One way is to use the -mount argument and make separate runs for each filesystem. That also avoids the problem of wandering into isos/dvd's/nfs mounts, etc.
oh well at least I have the statement to a state where it produces no errors to block the back up for taking place.
You can also redirect the find output to a file and look at or edit the results before feeding it to xargs.
Les Mikesell lesmikesell@gmail.com wrote:
However, if you have filenames with embedded spaces, shell metacharacters or newlines, you can have problems as xargs presents them on a command line to the program.
With various editions of BASH 2.0x, 3.x, etc..., the behavior of how parameters with newlines versus other whitespace seems to be very inconsistent. Furthermore, changing the reserved IFS variable can lead to some rather interesting and unpredictable functionality which, again, seems to vary from BASH version to BASH version.
As much as I prefer the Bourne shell approach, when I know spaces are going to be reality, I use either Perl or, if it must be shell, TCSH. All versions of TCSH I've ever thrown at spaces seems to handle them properly, assuming that newline is the delimiter when the parameter list is enclosed in double quotes.
Although the Advanced Bash Scripting Guide (ABSG) says BASH acts the same, it is not true at all -- and the way it acts seems to vary between versions in some cases.
On GNU based systems you can use the -print0 argument to
find
and -0 to xargs to make them pass the filenames
null-terminated
and quote them correctly on the command line.
Yes, this is about the only way I can use FIND in a BASH script, to take BASH's variable delimiter handling completely out of the equation -- such as with xargs.
One way is to use the -mount argument and make separate runs for each filesystem. That also avoids the problem of wandering into isos/dvd's/nfs mounts, etc.
Yep. Use the "-mount" argument and accomodate correspondingly. A lot of people will tell you to use "-xdev" instead, but "-mount" is more universal across BSD, SysV, etc... than "-xdev".
You can also redirect the find output to a file and look at or edit the results before feeding it to xargs.
That's another way I deal with BASH's delimiting -- I output to a temporary file and then do readln's into variables.
oh, few days..maybe a week ago some of you might remember me posting about installing x86 64 or i386 on a new barebones 64 I just got. Anyway, I put it together...install the 64 bit..and yes, it did kinda act strange..first...strange color broadcasts during boot up like when it went thru "X". ...stayed up for bout 20 mins ... 1/2 hr and locked up...I do run off of a kvm switch and the signals I got I did think it was the memory so I took it out and rma back to tigerdirect right away and put a 512mb c3 in place of the 1024mb non buffered mem I THOUGHT was bad. :sigh: meanwhile for days It just seemed like this system was fighting me...I would try running the scripts I was testing on...it would lock up shut down or whatever..
well, this system consists of:
Mach Speed K8M8MS board 64 AMD 3700+ Clawhammer processor (It came with) 1gb pc3200 400mhz ddr mem
well I finally called Mach Speed...she connected me to level 2 support...nice guy "Tim" ...w/the random beeps that it was also putting out etc...he thought it most probably the processor... he did question mny power supply (500 watt brand new) as well. I called TigerDirect and got an RMA on the Processor as per Mach Speed's recomendations That's where it's at now. (sorry for being windy it will get better) lately...memory has been bugging me!!! kinda dwell on it...even thinking ecc registered even w/the new chipkill tech would be best... today I call Mach Speed Tech back and ask him bout which memory he suggests for that board...I told him I wanted ecc...He tells me nope! wow..He stated, only if the board is a rated "server" motherboard should I use ecc...I told him I say...I am using this board as a server ...didn't care...I guess this is a low end board or whatever...only thing I know is that Mach Speed is the only MB around that gives a lifetime warranty but so what... so that was my point and I thought maybe some of y'all might find that interesting as I did... Don't use ecc memory...Wow!!! blew me away!
I wanted y'all to hear this meanwhile I have lots of replies on a find command deal I am wrapped up in and noway I have time tonite lol
thx y'all
John Rose
rado rado@rivers-bend.com wrote:
lately...memory has been bugging me!!! kinda dwell on it...even thinking ecc registered even w/the new chipkill tech would be best... ... today I call Mach Speed Tech back and ask him bout which memory he suggests for that board...I told him I wanted ecc...He tells me nope! wow..He stated, only if the board is a rated "server" motherboard should I use ecc... I told him I say...I am using this board as a server ...
It's not the mainboard. It's the processor.
The memory controller is on the _CPU_, _not_ the mainboard or its chipsets. There are literally 368 traces on a Socket-939/940 mainboard to its DIMMs -- 2 sets of 184-pin DDR.
AMD Socket-939 uses Unregistered AMD Socket-940 uses Registered
AMD Athlon 64 are configured to use non-ECC AMD Opteron are configured to use non-ECC or ECC
So if you want unregistered ECC, get a Socket-939 Opteron If you want registered ECC, get a Socket-940 Opteron If you want to use unregistered, non-ECC, get Socket-939 A64
The BIOS/POST/ACPI is going to be so configured, respectively, on Socket-939 and 940 mainboards, depending on what CPU is inserted. There may be "hacks" to support otherwise on some mainboards, but I seriously doubt it is well supported/reliable.
AMD is very anal on this product alignment.
didn't care...I guess this is a low end board or
whatever...
No offense, but obviously. ;-> You don't use desktop mainboards for servers. It's the reason why I won't buy a Sun SunFire X2100 either.
only thing I know is that Mach Speed is the only MB around that gives a lifetime warranty but so what...
I typically _avoid_ TigerDirect for various reasons. Their overmarketing of crap is a big one. ;->
so that was my point and I thought maybe some of y'all
might
find that interesting as I did... Don't use ecc memory...Wow!!! blew me away!
Not if you know the first thing about how Athlon 64 and Opteron differ from AMD's strategy. ;->
Furthermore, many Intel desktop chipsets/CPUs do _not_ support ECC either. But with AMD, it's the CPU itself -- *NOT* the mainboard.
I wanted y'all to hear this
Actually, you're just introducing false assumptions/information.
For servers, use AMD Opteron. They have Socket-939 single socket (including dual-core) versions now that can use lower-costing, unregistered, ECC memory.
"Bryan J. Smith" thebs413@earthlink.net wrote:
The memory controller is on the _CPU_, _not_ the mainboard or its chipsets. There are literally 368 traces on a Socket-939/940 mainboard to its DIMMs -- 2 sets of 184-pin DDR.
Let me clarify this, I mean there are literally 368 traces from the CPU _directly_ to the DIMMs. The Socket-939/940 CPU handles all addressing, chip selects, etc... There is *0* logic on the mainboard itself for the memory -- the CPU defines the memory support.
[ On Socket-754, there are only 184 traces, as it has only 1 DDR bank. ]
I.e., there is _no_ "Memory Controller Hub" (MCH) for AMD Socket-754/939/940, which is Intel's term for the traditional "northbridge" in Front Side "Bottleneck" (FSB) architecture.
Intel Socket-423 (DR), 432 (DR MP), 478 (DDR), 603 (DDR MP), 604 (DDR/DDR2 MP) and LGA-775 (DDR2) all use a MCH. That means the MCH defines the memory support, _not_ the CPU.
On Wed, 2005-12-28 at 17:22 -0800, Bryan J. Smith wrote:
rado rado@rivers-bend.com wrote:
lately...memory has been bugging me!!! kinda dwell on it...even thinking ecc registered even w/the new chipkill tech would be best... ... today I call Mach Speed Tech back and ask him bout which memory he suggests for that board...I told him I wanted ecc...He tells me nope! wow..He stated, only if the board is a rated "server" motherboard should I use ecc... I told him I say...I am using this board as a server ...
It's not the mainboard. It's the processor.
The memory controller is on the _CPU_, _not_ the mainboard or its chipsets. There are literally 368 traces on a Socket-939/940 mainboard to its DIMMs -- 2 sets of 184-pin DDR.
AMD Socket-939 uses Unregistered AMD Socket-940 uses Registered
AMD Athlon 64 are configured to use non-ECC AMD Opteron are configured to use non-ECC or ECC
So if you want unregistered ECC, get a Socket-939 Opteron If you want registered ECC, get a Socket-940 Opteron If you want to use unregistered, non-ECC, get Socket-939 A64
The BIOS/POST/ACPI is going to be so configured, respectively, on Socket-939 and 940 mainboards, depending on what CPU is inserted. There may be "hacks" to support otherwise on some mainboards, but I seriously doubt it is well supported/reliable.
AMD is very anal on this product alignment.
didn't care...I guess this is a low end board or
whatever...
No offense, but obviously. ;-> You don't use desktop mainboards for servers.
you don't use desktops for servers...some of us are not that bigtime that we just like to feel the power of a Centos and play and learn the server bit. Does this mean we should run right out and spend 3-5000.00 for a bigtime server rig??? I guess not! IMHO of course.
It's the reason why I won't buy a Sun SunFire X2100 either.
only thing I know is that Mach Speed is the only MB around that gives a lifetime warranty but so what...
I typically _avoid_ TigerDirect for various reasons. Their overmarketing of crap is a big one. ;->
tend to agree w/you there for sure
so that was my point and I thought maybe some of y'all
might
find that interesting as I did... Don't use ecc memory...Wow!!! blew me away!
Not if you know the first thing about how Athlon 64 and Opteron differ from AMD's strategy. ;->
which I am in no way embarrassed to state that I don't know and will not know all the different mem configs of all the diff AMD processors... It's just not me but in the same breath, in this one post you cleared up all the real questions I had along these lines. That's all I really wanted to know...why that guy never even mentioned the proc is beyond me!
Furthermore, many Intel desktop chipsets/CPUs do _not_ support ECC either. But with AMD, it's the CPU itself -- *NOT* the mainboard.
I understand
I wanted y'all to hear this
Actually, you're just introducing false assumptions/information.
OMG! I was merely trying to relate an experience exactly as it was played out today. My gringo butt is no way any kind of a memory/proc/mb guru... ok, I intoduced false info...geez bad, bad me! I am so ashamed!
For servers, use AMD Opteron. They have Socket-939 single socket (including dual-core) versions now that can use lower-costing, unregistered, ECC memory.
it's a 754...can't afford that high dollar stuff
Brian...always w/attitude of course, I must learn to look over it but I do thank you for your insight here
John Rose
On Wednesday 28 December 2005 20:22, Bryan J. Smith wrote:
It's not the mainboard. It's the processor.
The memory controller is on the _CPU_, _not_ the mainboard or its chipsets. There are literally 368 traces on a Socket-939/940 mainboard to its DIMMs -- 2 sets of 184-pin DDR.
AMD Socket-939 uses Unregistered AMD Socket-940 uses Registered
AMD Athlon 64 are configured to use non-ECC AMD Opteron are configured to use non-ECC or ECC
Wrong. Several higher end boards for socket 939 chipsets can enable ECC. The only difference between Athlon64 and Opterons (940, not 939) is the registered part.
MSI K8N Diamond Plus (manual page 3-11 for enabling ECC) ASUS A8N32-SLI Deluxe - QVL and spec sheet list both ECC and non ECC. AMD Athlon64 spec sheet lists that both ECC and non-ECC modules are supported.
Most low end boards do not have a way to enable ECC. Many don't work if you insert ECC modules. Most higher end socket 939 boards allow you to use ECC
Peter.
On Wed, 2005-12-28 at 23:26 -0500, Peter Arremann wrote:
Wrong. Several higher end boards for socket 939 chipsets can enable ECC.
Peter, you have a continual, nasty habit of not reading my _entire_ post. Revisit ...
1) Socket-939 Opteron *DOES* support unregistered ECC ...
"So if you want unregistered ECC, get a Socket-939 Opteron If you want registered ECC, get a Socket-940 Opteron If you want to use unregistered, non-ECC, get Socket-939 A64
The BIOS/POST/ACPI is going to be so configured, respectively, on Socket-939 and 940 mainboards, depending on what CPU is inserted."
2) I'm sure there are _some_ mainboards that support ECC on A64 ...
"There may be "hacks" to support otherwise on some mainboards, but I seriously doubt it is well supported/reliable."
If AMD doesn't officially support it, please take that into consideration. In other words, if a mainboard sets up the APIC** and other registers to enable ECC for an Athlon 64, be wary that AMD does _not_ test for it.
[ **NOTE: In my previous post, I _incorrectly_ stated ACPI when I meant APIC. ]
The only difference between Athlon64 and Opterons (940, not 939) is the registered part.
That's _not_ a difference in processor type, but _socket_ type.
Again, there are *2* variables ...
1) Socket-940 = registered, Socket-939 = unregistered *AND* 2) Opteron = ECC (AMD tested) and Athlon 64 = non-ECC (typical)
Again, there _may_ be Socket-939 mainboards that will setup the APIC to enable ECC. But make no mistake, it's the CPU _itself_ that has the ECC logic -- and if it's doesn't work, then you don't get ECC.
You can typically use (stability is another story) ECC memory in a non- ECC system -- it just won't be ECC.
MSI K8N Diamond Plus (manual page 3-11 for enabling ECC) ASUS A8N32-SLI Deluxe - QVL and spec sheet list both ECC and non ECC.
Yes, I've noted most of the new nForce4 SLI x16, which is basically a commodity version of the workstation/server nForce Pro 2200+2050 combination, have this option. That's because they are AMD tested and approved for the new Socket-939 Opterons.
Remember, just because it is in the setup/POST, doesn't mean the CPU can support it. It wouldn't surprise me if all Athlon 64 processors have ECC logic. But whether the Socket-939 versions are tested for it is another story.
I've only seen ECC touted on the original Socket-940 Athlon 64/FX processors.
AMD Athlon64 spec sheet lists that both ECC and non-ECC modules are supported.
Again, be _careful_ on that statement, since there _are_ older Socket-940 Athlon 64/FX processors. It all depends on the _exact_revision_ and its features.
Remember, Socket-939 is _newer_ than Socket-754 and 940. And that includes various changes to the core to reduce transistor count and increase efficiency.
If you would be so kind to refer to which spec sheet/revision of the Athlon 64, I will verify this for you. ;->
Most low end boards do not have a way to enable ECC. Many don't work if you insert ECC modules. Most higher end socket 939 boards allow you to use ECC
The setup/POST may limit the APIC setup of ECC. But it's the CPU with the actual ECC logic. ;->
On Thursday 29 December 2005 00:02, Bryan J. Smith wrote:
On Wed, 2005-12-28 at 23:26 -0500, Peter Arremann wrote:
Wrong. Several higher end boards for socket 939 chipsets can enable ECC.
Peter, you have a continual, nasty habit of not reading my _entire_ post. Revisit ...
Sorry...
Peter.
On Thu, 2005-12-29 at 06:39 -0500, Peter Arremann wrote:
Sorry...
No need to apologize. I wasn't offended, just wanted you to note that I was aware of several things.
I know the various products, especially the original Socket-940 Athlon products, as well as the new Socket-939 Opterons, are making a lot of things guesswork and unclear. I was just trying to state the "well known" configurations as they are tested.
I think you all might find this useful:
http://www.short-media.com/review.php?r=247
Peter Arremann wrote:
On Wednesday 28 December 2005 20:22, Bryan J. Smith wrote:
It's not the mainboard. It's the processor.
The memory controller is on the _CPU_, _not_ the mainboard or its chipsets. There are literally 368 traces on a Socket-939/940 mainboard to its DIMMs -- 2 sets of 184-pin DDR.
AMD Socket-939 uses Unregistered AMD Socket-940 uses Registered
AMD Athlon 64 are configured to use non-ECC AMD Opteron are configured to use non-ECC or ECC
Wrong. Several higher end boards for socket 939 chipsets can enable ECC. The only difference between Athlon64 and Opterons (940, not 939) is the registered part.
MSI K8N Diamond Plus (manual page 3-11 for enabling ECC) ASUS A8N32-SLI Deluxe - QVL and spec sheet list both ECC and non ECC. AMD Athlon64 spec sheet lists that both ECC and non-ECC modules are supported.
Most low end boards do not have a way to enable ECC. Many don't work if you insert ECC modules. Most higher end socket 939 boards allow you to use ECC
Peter. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, 2005-12-29 at 09:07 +0000, Peter Farrow wrote:
I think you all might find this useful: http://www.short-media.com/review.php?r=247
What does 18 month old article this explain on the ECC front?
Page 2 (and the subsequent test pages) basically restates what I did, but names _no_ specifics on what supports what is for certain -- other than talking about and testing Socket-940 Athlon FX with ECC Registered.
The article predates not only the Socket-939 Athlon FX, but it predates the far more recent Socket-939 Opteron.
So, once again, I will re-iterate the _known_, _tested_ facts ...
1. For Registered ECC, go Socket-940 Opteron 2. For Unregistered ECC, go Socket-939 Opteron
There is absolutely _no_ guarantee that a Socket-939 Athlon 64 (much less a Socket-754 Athlon 64 or Sempron [64]) will support ECC at all -- in ECC mode. And in the majority of cases, it's not even an option if the BIOS/POST of the mainboard does not setup the registers and other support (such as APIC) with ECC. And even if it is, enabling it doesn't mean the CPU itself supports it -- that's where the new Socket-939 Opterons come in.
Much of the confusion over what the Athlon 64 can support revolves around the fact that there was _not_ a Socket-939 at the release of the Athlon 64 / Opteron -- only Socket-754 and 940. So all Athlon FX and 64 processors were either Socket-754 or 940, in addition to Opteron for Socket-940.
Now we not only have a Socket-939 Athlon 64, but a new Socket-939 Opteron designed and marketed explicitly with unregistered ECC support. Whether your Socket-939 mainboard has BIOS/POST setup support for ECC is one thing -- most don't, and the majority that do are the new nForce4 SLI 16x with 40 PCIe channels that is basically the 2-chip "commodity" version of the nForce Pro 2200 + 2050. But that doesn't mean it's designed for Socket-939 Athlon 64 processors at all -- it's designed for Socket-939 Opteron.
And the CPU defines the memory support. We all know all the 'Hammers are basically the same -- one or two DDR channels for memory, one to three HyperTransport channels for I/O and inter-CPU. But what is enabled and, more importantly yet, what is tested/support -- two very different things. ;->
On Wed, 2005-12-28 at 11:38 -0600, Les Mikesell wrote: On Wed, 2005-12-28 at 11:13, rado wrote:
although I did enjoy playing w/this as I had never any experience w/the "-exec" command...well, it produced about the same amt of files to send to rsync w/no clamscan errors that would stop it but it took approx 1 hr to complete.
For programs that take multiple filenames on the command line it is much more efficient to pipe the list to xargs instead of using exec which will start the program over again for every file. However, if you have filenames with embedded spaces, shell metacharacters or newlines, you can have problems as xargs presents them on a command line to the program. On GNU based systems you can use the -print0 argument to find and -0 to xargs to make them pass the filenames null-terminated and quote them correctly on the command line. When I saw your first post I wondered if you had filenames with *'s or spaces that made clamscan see directories after the shell parsing and then waste time with its own recursion.
also, it seems that no matter what I tried I cannot get find to stop looking in /proc lol
One way is to use the -mount argument and make separate runs for each filesystem. That also avoids the problem of wandering into isos/dvd's/nfs mounts, etc.
whoa...I run CentOS as generic and simply as possible. Only thing I am guilty of is bash shell lol. I don't even run nfs anywhere! ...my fstab: # This file is edited by fstab-sync - see 'man fstab-sync' for details /dev/md1 / ext3 defaults 1 1 /dev/md0 /boot ext3 defaults 1 2 none /dev/pts devpts gid=5,mode=620 0 0 none /dev/shm tmpfs defaults 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 /dev/hdc3 swap swap defaults 0 0 /dev/hda3 swap swap defaults 0 0
/dev/hdb /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0 /dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0
oh my, Les!!! as I was editing the spacing in this fstab, something hit me! ...the /proc line and the /sys line could they be the culprits that have been giving me fits???
ok...I'm too tired tonite...gonna stop right here...tomorrow nite first thing, I am gonna google around see if I can find some "proper syntax" for this -mount deal...I read the man...just bounced off me for now.
thx Les
John Rose
On Thu, 2005-12-29 at 23:30, rado wrote:
also, it seems that no matter what I tried I cannot get find to stop looking in /proc lol
One way is to use the -mount argument and make separate runs for each filesystem. That also avoids the problem of wandering into isos/dvd's/nfs mounts, etc.
whoa...I run CentOS as generic and simply as possible. Only thing I am guilty of is bash shell lol. I don't even run nfs anywhere! ...my fstab: # This file is edited by fstab-sync - see 'man fstab-sync' for details /dev/md1 / ext3 defaults 1 1 /dev/md0 /boot ext3 defaults 1 2 none /dev/pts devpts gid=5,mode=620 0 0 none /dev/shm tmpfs defaults 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 /dev/hdc3 swap swap defaults 0 0 /dev/hda3 swap swap defaults 0 0
/dev/hdb /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0 /dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0
oh my, Les!!! as I was editing the spacing in this fstab, something hit me! ...the /proc line and the /sys line could they be the culprits that have been giving me fits???
ok...I'm too tired tonite...gonna stop right here...tomorrow nite first thing, I am gonna google around see if I can find some "proper syntax" for this -mount deal...I read the man...just bounced off me for now.
If you don't have any mounted filesystems that you want scanned then you can't hurt anything. Just add -mount as an argument to find after the directory (/) and on general principles you should also add -print0 as the last argument to find and -0 as an argument to xargs.
On Fri, 2005-12-30 at 00:02 -0600, Les Mikesell wrote:
On Thu, 2005-12-29 at 23:30, rado wrote:
also, it seems that no matter what I tried I cannot get find to stop looking in /proc lol
One way is to use the -mount argument and make separate runs for each filesystem. That also avoids the problem of wandering into isos/dvd's/nfs mounts, etc.
whoa...I run CentOS as generic and simply as possible. Only thing I am guilty of is bash shell lol. I don't even run nfs anywhere! ...my fstab: # This file is edited by fstab-sync - see 'man fstab-sync' for details /dev/md1 / ext3 defaults 1 1 /dev/md0 /boot ext3 defaults 1 2 none /dev/pts devpts gid=5,mode=620 0 0 none /dev/shm tmpfs defaults 0 0 none /proc proc defaults 0 0 none /sys sysfs defaults 0 0 /dev/hdc3 swap swap defaults 0 0 /dev/hda3 swap swap defaults 0 0
/dev/hdb /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0 /dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0
oh my, Les!!! as I was editing the spacing in this fstab, something hit me! ...the /proc line and the /sys line could they be the culprits that have been giving me fits???
ok...I'm too tired tonite...gonna stop right here...tomorrow nite first thing, I am gonna google around see if I can find some "proper syntax" for this -mount deal...I read the man...just bounced off me for now.
If you don't have any mounted filesystems that you want scanned then you can't hurt anything. Just add -mount as an argument to find after the directory (/) and on general principles you should also add -print0 as the last argument to find and -0 as an argument to xargs.
kk, now this is exciting! I ended up w/the following:
clamexcludes=" --exclude=/usr/share/doc/clamav-0.87 -- \ exclude=/usr/lib/mailman/tests/msgs "
find / -mount -type f -mtime -1 -print0 | xargs -0 clamscan -l \ /var/log/clamav/clamscan-bu-daily.log $clamexcludes \ -r --no-summary | \ cut -d: -f1 > /usr/local/bin/changedfilelog
I was able to take all excludes from /sys and /proc from clamexcludes and the -prune options of find.
The total run time takes 2min 19 secs now (a couple mins. less) and the number of files logged is 2,067 compared to 6-7000 files before!
Wow, I am very pleased! Now I gotta go work!
thx for all,
John Rose
Quoting Les Mikesell lesmikesell@gmail.com:
Is there a way to configure multiple machines to use AD authentication and get the same uids so NFS mounts will work across all of them?
Instead of using winbind, you might look onto AD as combination of Kerberos and LDAP. You would configure Kerberos for authentication, and then use LDAP to fetch user information (UID, GID, and so on). You'd need AD 2k3, so that you can add posixAccount etc object classes. It should also be possible with AD 2k, but it is a bit more work to get it going. Microsoft has an excellent document on using AD with Unix. Go to Microsoft web site and search for something called "Windows Security and Directory Services for UNIX". It's a downloadable PDF document, something like 392 pages long.
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
-
Aleksandar Milivojevic -
Bryan J. Smith -
Doug Long -
Les Mikesell -
Peter Arremann -
Peter Farrow -
rado -
Rex Dieter -
Robert -
Rodrigo Barbosa