|
I'm getting some funny time-out style errors on one of our Linux systems with LDAP authentication. Ubuntu Server 10.04 LTS If no one has logged in with their LDAP account for a while, the server seems to lose its connection or something. If I try to log in with my user account, it tells me permission denied. quote:$ssh -l username server The log has this line in it: /var/log/auth.log: "nscd: nss_ldap: could not search LDAP server - Server is unavailable" If I wait a few moments, log in as a local account, etc, then I can log in as the LDAP user. It uses Kerberos for authentication, but NSCD caches the username from the LDAP server. NSCD can't get the username, so no authentication can occur. How do I get NSCD or whatever to keep querying the LDAP server? The server is up, and it connects to it eventually. If I disable NSCD, the user can log right in, but I get the weird "I have no name!@server:~$" prompt.
|
# ? Mar 22, 2011 17:27 |
|
|
# ? May 17, 2024 20:15 |
|
Does anyone know if exim needs to be restarted in order to reflect changes in the mailips/mailhelo files?
|
# ? Mar 22, 2011 18:37 |
|
Xenomorph posted:I'm getting some funny time-out style errors on one of our Linux systems with LDAP authentication.
Basically, that's it. That's all it does. nscd doesn't have anything to do with name service lookup besides the fact that it's a dumb in-memory cache that happens to interface with glibc for the sole purpose of caching name service lookups. If this issue is intermittent, I'm inclined to believe one of two things:
I'm almost completely certain that something's up with your LDAP server or your network, and that's where you should be focusing your attention. If it helps in troubleshooting, disable nscd outright and see if you still experience the problem. It doesn't affect anything besides performance. Vulture Culture fucked around with this message at 18:49 on Mar 22, 2011 |
# ? Mar 22, 2011 18:45 |
|
(Just a heads up, I'm copying and pasting a big question I posted on some other Linux forums, I think you guys are a lot smarter though so I'll post it here and hope for the best) Hey ya'll, I hope this is the right place to post this but I'll give it a go. So (if all goes well at this interview), I'll be moving in with a few friends who have Internet access. Now, I like to rip my high definition movies because I'd rather have them on the HD and preserve my disks, and I like to stream them to my PS3. Obviously, this will take up a lot of bandwidth. In a house of three, and I'm sure they'd already be doing things like looking at YouTube HD videos and streaming HD Netflix, me being selfish on my media server would make things much worse. I have a solution. Kind of. This is where I need help. I can share my Internet connection to all of my wired and wireless devices via a wireless router I have lying around. In Windows, I can just enable ICS for the card accepting the Internet, and the next available card will have a static IP and take in new IPs for a new, local network. You can do this in Ubuntu (or with Network Manager in general, might switch to Debian soon) by going ahead and setting up your wireless connection to accept Internet access, and then set up the Ethernet (or other) card under the IPv4 settings to "Shared to other computers". Now, I have a netbook that will connect this way wirelessly and my PS3 will connect via a very long Ethernet cable I have to handle the HD movies on my hard drive. This should eliminate the problem of hogging the bandwidth to the main router. I have a few questions though: - I want to be able to play games online through this. I don't have Internet at my house currently to test this, so I'll ask in case someone else out there has done this before: Will this set up support NAT 2? Are there any huge problems? - With my very small network I tried, it looks like there is a DHCP service going which is fantastic, but are there any other packages I should install? I've read some guides and some people mention installing dnsmasq-base and the like. - Am I going to be forced with the IP given to me, or can it be changed? I think it turns out to be something like 10.42.43.x which is fine, but some day I might want to change it. - I know people like PS3MediaServer and admittedly I do too, but can anyone suggest any other media servers in case that one doesn't float my boat? I've heard about Mediatomb before but I'm not sure about it. I'd like something that I can direct all my traffic into one card, so my room mates can't pick up on my server unless I allow them. - What does the "Link-local only" option mean? Should I be using that instead? I have more than one machine though. Here's the outline to what I want to do, hopefully it will be a bit clearer this way: *-Internet-* | Wireless Modem (Room mates connect to this through their computers, I will connect my wireless card to this to get Internet access) | My Wireless Card (Again, gets Internet access) | My Ethernet Card (This will be connected to a wireless router I have, and have shared Internet access enabled to come through the Wireless card.) \ My Wireless Router - - Netbook wireless connection (Should be able to access Internet from this) - - PS3 (Should also be able to access Internet from this as well as media server and support NAT 2 to play games with other people)
|
# ? Mar 22, 2011 21:18 |
|
Why would you share your connection wireless with your other devices, and not just connect those devices to the same wireless modem you get your connection from? The only reason I can see is if the main modem has say 5 public IP's and each of your roomates gets one.
|
# ? Mar 22, 2011 21:28 |
|
Misogynist posted:Basically, that's it. That's all it does. nscd doesn't have anything to do with name service lookup besides the fact that it's a dumb in-memory cache that happens to interface with glibc for the sole purpose of caching name service lookups. I followed this guide: http://storg.org/2010/05/ubuntu-10-04-ad-authentication-via-ldap/ Just like the guide also mentions at the bottom, if I stop/disable nscd, then I can log on immediately, but my login prompt looks like this: quote:groups: cannot find name for group ID 10000 The "LDAP server" is a Windows Server 2003 R2 Active Directory install (with the schema updated with all the needed Unix information). We log into it from several Mac OS X 10.6 and 10.5 desktop clients, and a few Apple OS X Server 10.5 systems. We had another Linux system in the past that seemed to work just fine, and I don't recall any differences with the configuration files. This one just seems to "time out".
|
# ? Mar 22, 2011 21:29 |
|
I like to use emacs to generate colour-highed pdfs of code. Is there anyway for me to put the follow workflow in to an automated script? 1. emacs <code>.<extension> 2. enable syntax highlighting 3. alt-x, ps-spool-buffer-with-faces 4. switch to correct buffer, save-as, <code>.ps 5. exit emacs 6. ps2pdf <code>.ps Not being a emacs user, I have no idea if it's remotely possible to automated that side of it.
|
# ? Mar 22, 2011 21:44 |
|
Xenomorph posted:I followed this guide: Edit: What's the output of getent passwd when nscd isn't running? Vulture Culture fucked around with this message at 01:42 on Mar 23, 2011 |
# ? Mar 23, 2011 01:17 |
|
Misogynist posted:nscd doesn't query anything -- you may be confusing it with SSSD on RHEL6 and recent Fedoras. Here's what NSCD does: This is completely wrong -- nscd is a global cache for all users, so letting any user account populate that cache with results would be a gaping security hole. If nscd is running, glibc asks nscd to do the query, otherwise, glibc does the query directly. (It's actually a bit more complicated than that -- glibc will snoop through nscd's cache, and if it can't find a result in the cache, then it wil ask nscd to the query.) In no situation is anything ever added to nscd's cache by anything other than nscd itself.
|
# ? Mar 23, 2011 01:26 |
|
pseudorandom name posted:This is completely wrong -- nscd is a global cache for all users, so letting any user account populate that cache with results would be a gaping security hole. Edit: It looks like FreeBSD's nscd does behave the way I described, so maybe that's what I was thinking of. Weird. Vulture Culture fucked around with this message at 01:48 on Mar 23, 2011 |
# ? Mar 23, 2011 01:44 |
|
Green Puddin posted:I have a few questions though: Whatever bridging scheme you choose to use isn't going to give you more bandwidth to the internet; it's going to be something you have to deal with. You might get more support by seperating your questions into smaller chunks and asking some of this in the networking thread. A lot of modern routers will allow you to assign IP addresses statically based on MAC address. So everytime your PC for example connects to the router, it would get the same IP address of your choosing. That way if for example you need to ssh into your Mediastreamer you always know the IP. As far as Mediatomb goes, it is really great and I like it more than PS3MediaPlayer. It's nearly transparent after initial configuration. With that being said, I don't think there's a way to restrict access based on device, but you might be able to do some firewall/port-block fuckery to do that. When I was a CSR for Xbox, all the customers I talked to that had wireless access points didn't really have a problem with playing games online, I would figure it would be pretty similar on PS3. Sometimes bridging is simple and sometimes it takes some troubleshooting, though. darkhand fucked around with this message at 02:37 on Mar 23, 2011 |
# ? Mar 23, 2011 02:00 |
|
What would be the best way to clone one NFS share to another? I'm thinking just rsync but I'm sure there must be a better way.
|
# ? Mar 23, 2011 02:14 |
|
Misogynist posted:Long shot, but is ldap.conf world-readable? /etc/ldap.conf is word-readable. "getent passwd" does not list anyone from LDAP when ran as a regular user. When ran as root, "getent passwd" lists everyone in LDAP/AD. Edit, now that I notice that users can't even query the LDAP database, I think I found I know what the issue is. I didn't have a "binddn" specified in the ldap.conf (only rootbinddn) since ldap.conf is world-readable (I didn't want people to see the password used). I made an LDAP-only AD account with no access to anything, and then used it with bindnd. Xenomorph fucked around with this message at 06:02 on Mar 23, 2011 |
# ? Mar 23, 2011 05:31 |
|
Xenomorph posted:/etc/ldap.conf is word-readable. Did you give the binddn account a password? I'm currently doing the same thing you are, and used some guides at this site. That has you put binddn and bindpw in /etc/ldap.conf, but that file has to be world readable, so anybody can get the username and password. At that point I'm not sure why that's any better than allowing anonymous binds to the AD server (which I've done anyway for automount maps) and giving "anonymous login" (an AD builtin) read access to the appropriate entries. I've found another blog (don't remember the name, link is at work) that uses GSSAPI to bind to the directory. The linux machine joins the domain, then uses the host principal to authenticate to AD, but I can't get that to work either.
|
# ? Mar 23, 2011 07:58 |
|
Yeah, I'm not trying to capitalize on getting more bandwidth through all the crazy poo poo I'm trying to do, it's more of me having my own local network, within the households local network, connecting to the Internet, so within my own network I can stream poo poo and not hog up resources on the initial household network and still have Internet access. I'll probably lose some network quality in the process, but I just like making things hard for myself because I am a crazy person. I just consider it a fun project to learn from also.
|
# ? Mar 23, 2011 10:56 |
|
How do you shut off the thing in Fedora (bash) where it suggests you install a package, if you type it in and don't have it installed? $ nessus nessus, command not found Install package 'nessus' to provide command?
|
# ? Mar 23, 2011 14:43 |
|
Bob Morales posted:How do you shut off the thing in Fedora (bash) where it suggests you install a package, if you type it in and don't have it installed? A nice way to do this manually: yum provides "*bin/nessus" bort fucked around with this message at 17:16 on Mar 23, 2011 |
# ? Mar 23, 2011 15:26 |
|
Anjow posted:Does anyone know if exim needs to be restarted in order to reflect changes in the mailips/mailhelo files? The answer is apparently it doesn't.
|
# ? Mar 23, 2011 17:05 |
|
oops, edited
|
# ? Mar 23, 2011 19:01 |
|
Just wrassled with Fedora 14 trying to connect to a PPTP VPN with m0n0wall as the VPN server, the settings you want to use are: Force 128-bit encryption Require MPPE Refuse EAP Do not use BSD Compression
|
# ? Mar 24, 2011 00:52 |
|
My last issue was a poo poo graphics card that was overheating. On that same machine, I am now facing what appears to be another hardware issue. I have thoroughly scanned my lspci results, and the computer is not detecting the on-board sound chip, an ALC888. Does this mean the sound chip gave up the ghost? Is there any reason, other than it's just dead, that lspci would not detect it?
|
# ? Mar 24, 2011 20:37 |
|
hootimus posted:My last issue was a poo poo graphics card that was overheating. On that same machine, I am now facing what appears to be another hardware issue. I have thoroughly scanned my lspci results, and the computer is not detecting the on-board sound chip, an ALC888. Does this mean the sound chip gave up the ghost? Is there any reason, other than it's just dead, that lspci would not detect it? Is the BIOS up to date? This thread comes up in a google search and the card wouldn't show up in lspci without a bios update (on page 3).
|
# ? Mar 24, 2011 20:53 |
|
taqueso posted:Is the BIOS up to date? This thread comes up in a google search and the card wouldn't show up in lspci without a bios update (on page 3).
|
# ? Mar 24, 2011 22:22 |
|
Turns out the audio was disabled in the bios... blargh.
|
# ? Mar 25, 2011 04:39 |
|
Are there any decent graphical diff programs for comparing binary files? I an find plenty for text files, but almost nothing for binary.
|
# ? Mar 25, 2011 22:42 |
|
Pablo Bluth posted:Are there any decent graphical diff programs for comparing binary files? I an find plenty for text files, but almost nothing for binary. Haven't tried it but this looks kind of cool: http://meld.sourceforge.net/ I might try this out at work sometime. Not as GUI but would work over ssh: http://andrejk.blogspot.com/2008/04/vimdiff-howto.html EDIT: sorry you said binary files. Ignore those links even though they might be cool for text files. JHVH-1 fucked around with this message at 23:35 on Mar 25, 2011 |
# ? Mar 25, 2011 23:08 |
|
Maybe this will help, maybe it is your post? http://stackoverflow.com/questions/688504/binary-diff-tool
|
# ? Mar 25, 2011 23:31 |
|
Hey again, seems like I almost got a perfect Debian setup... It's just that, well, I run a 64 bit version of Gnome Debian (amd64 to be clear) and it seems like Flash support for Linux, especially amd64, is very lacking and shows on my box. I browse many Flash based websites and even need it for my job, but any time I need to run something via Flash it just stops, and if I scroll around on the page and view the element again it turns grayed out. With this bummer, is there any way this can be fixed or should I just go back to Windows?
|
# ? Mar 26, 2011 20:41 |
|
edit wrong click
|
# ? Mar 26, 2011 22:59 |
|
Green Puddin posted:Hey again, seems like I almost got a perfect Debian setup... Does IE+Flash run with WINE? Why not just keep a Windows VM around with Virtualbox?
|
# ? Mar 27, 2011 00:22 |
|
Green Puddin posted:Hey again, seems like I almost got a perfect Debian setup... There's a native 64-bit plugin available as a tech preview from Adobe. I've been using it for a while and it seems reliable, although it does crash once a week or so for me. Also, multiarch support is currently being implemented and when this is finished you'll be able to install the i386 flash plugin on your amd64 installation natively and it should Just Work. Finally, if flash support is that critical for you and my above suggestion isn't good enough then you could consider installing the i386 release if there's no major reason you need to be on amd64. Gotta be better than going back to Windows.
|
# ? Mar 27, 2011 01:26 |
|
The power management settings on my Slackware 12.1 machine are driving me crazy. I don't want any screen blanking, powersaving, or powering down, so at first I specified in /etc/rc.d/rc.M (the multi-user init script): /bin/setterm -blank 0 -powersave off -powerdown 0 , which didn't do the trick in X, so I added the same line to the xinitrc's for the various window managers on the system (I usually have different X sessions open for multiple user accounts). All to no avail. What am I missing here?
|
# ? Mar 27, 2011 15:36 |
|
Underflow posted:The power management settings on my Slackware 12.1 machine are driving me crazy. I don't want any screen blanking, powersaving, or powering down, so at first I specified in /etc/rc.d/rc.M (the multi-user init script): I don't know how you've set up your X server on slack officially, but normally like say in gnome, there is a separate process handling that. You need to tell that process you don't want it to time out (like in gnome in most distros, gnome-screensaver will blank/lock/power down a screen).
|
# ? Mar 27, 2011 17:14 |
|
That is one thing that has always frustrated me about linux workstations. There are no less than two programs attempting to handle the idle timeout stuff. More if you have a bunch of stuff installed. Sometimes one will do its thing and sometimes another will.
|
# ? Mar 27, 2011 17:27 |
|
ribena posted:Finally, if flash support is that critical for you and my above suggestion isn't good enough then you could consider installing the i386 release if there's no major reason you need to be on amd64. I actually use it more to test things out in different Debian releases (sid, squeeze, lenny, etc.), but it works fine for maintaining an i386 personality for the few things that just won't run in amd64. That said, I haven't had much issue with flashplugin-nonfree 1:2.8.3.
|
# ? Mar 27, 2011 17:57 |
|
enotnert posted:I don't know how you've set up your X server on slack officially, but normally like say in gnome, there is a separate process handling that. You need to tell that process you don't want it to time out (like in gnome in most distros, I'm used to configuring things manually, but I never had to disable powersaving before. I call multiple X sessions using "startx -- :*" where * is a different number for every user, but whatever I specify in the individual xinitrc's is ignored, and I can't see why. The wm's I use (mostly xfce) are pretty minimal and don't have any settings that might override the initial setterm commands. Comatoast posted:That is one thing that has always frustrated me about linux workstations. There are no less than two programs attempting to handle the idle timeout stuff. More if you have a bunch of stuff installed. Sometimes one will do its thing and sometimes another will. Yes, xscreensaver tries to do its thing too, but I never install it. As far as I know, the kernel has screenblanking set to 10m by default; don't know about power settings. Anyway, it's a loving nuisance, cause the screen I'm using at the moment has difficulties coming back from powersave.
|
# ? Mar 27, 2011 18:44 |
|
Underflow posted:I'm used to configuring things manually, but I never had to disable powersaving before. I call multiple X sessions using "startx -- :*" where * is a different number for every user, but whatever I specify in the individual xinitrc's is ignored, and I can't see why. The wm's I use (mostly xfce) are pretty minimal and don't have any settings that might override the initial setterm commands. I know xfwm has something similar to gnome-screensaver but can't remember what it is that has it's on settings that override .xinitrc. I had to gently caress around with it a while back when I was using nothing but xfce, but since so many of my end users use gnome, I transferred to using that to more easily troubleshoot their errors.
|
# ? Mar 27, 2011 20:51 |
|
Underflow posted:The power management settings on my Slackware 12.1 machine are driving me crazy. I don't want any screen blanking, powersaving, or powering down, so at first I specified in /etc/rc.d/rc.M (the multi-user init script): Should disable all those features IIRC.
|
# ? Mar 27, 2011 21:38 |
|
enotnert posted:I know xfwm has something similar to gnome-screensaver but can't remember what it is that has it's on settings that override .xinitrc. The adjustment option in xfce is just a simple frontend for xscreensaver as far as I can tell - any changes made there create/modify .Xscreensaver. I'm at a point where I'd be willing to switch to any wm to avoid my screen going dead (now I have to unplug the power cable and wait ~5m before it will switch on again), although I really prefer xfce. Got a feeling the problem is lower level than the wm, though. Zom Aur posted:Try 'xset -dpms' Thanks for the tip, but that doesn't work either. Whatever is causing those damned power settings to be totally ignored must be pretty low level, as the problem persists across the board. I tried blackbox, fluxbox, fvwm2, kde, windowmaker, xfce, and even twm. Result is always the same; screen blanks after 10m, goes on standby after 30 and won't come back unless left unplugged for a while.
|
# ? Mar 28, 2011 15:07 |
|
|
# ? May 17, 2024 20:15 |
|
Underflow posted:Thanks for the tip, but that doesn't work either. Whatever is causing those damned power settings to be totally ignored must be pretty low level, as the problem persists across the board. I tried blackbox, fluxbox, fvwm2, kde, windowmaker, xfce, and even twm. Result is always the same; screen blanks after 10m, goes on standby after 30 and won't come back unless left unplugged for a while. xset has a separate option for screen saver, you'll want to try 'xset s off'. It's possible you may need both that and 'xset -dpms'.
|
# ? Mar 28, 2011 15:48 |