|
Crush posted:I'm just trying to understand how to use the route object within the ip command Paste in a copy of your ifcfg-eth0 file, should be a simple issue to identify. Generally, you'd specify "IPADDR=192.168.1.48" and "BOOTPROTO=static". I think this would work even with NetworkManager enabled (I don't know for sure, I have NM turned off on my RHEL 6 vm's.) xdice fucked around with this message at 17:06 on Oct 13, 2012 |
# ? Oct 13, 2012 17:02 |
|
|
# ? May 16, 2024 06:27 |
|
ifcfg-$adapter is for the adapter. route-$adapter is for specific routes for said adapter. Example use: We have backup servers on a public subnet and with a switch side ACL we force that traffic over their private network so they are not billed for traffic of their backups. Client side we add route-eth1 with the public subnet via gateway of their eth1 (private) network.
|
# ? Oct 13, 2012 17:22 |
|
QPZIL posted:
check lmms, it can *be* buggy, but it tends to handle most vst/vstis alright. http://lmms.sourceforge.net/
|
# ? Oct 13, 2012 17:32 |
|
3spades posted:ifcfg-$adapter is for the adapter. route-$adapter is for specific routes for said adapter. xdice posted:Paste in a copy of your ifcfg-eth0 file, should be a simple issue to identify. Generally, you'd specify "IPADDR=192.168.1.48" and "BOOTPROTO=static". I think this would work even with NetworkManager enabled (I don't know for sure, I have NM turned off on my RHEL 6 vm's.) Thanks to everyone who helped out!
|
# ? Oct 14, 2012 07:09 |
|
Does anyone have any suggestion for setting up a multi-master LDAP server on puppet? I tried 389-ds, but puppeting it is horrible since you can't edit configs and kick the server (you have to edit configs that edit the configs, and the server can't be running). I don't know if I'm missing something, and if say OpenLDAP is easier for the same thing, that would be useful.
|
# ? Oct 14, 2012 07:09 |
|
Doctor w-rw-rw- posted:Does anyone have any suggestion for setting up a multi-master LDAP server on puppet? I tried 389-ds, but puppeting it is horrible since you can't edit configs and kick the server (you have to edit configs that edit the configs, and the server can't be running). I don't know if I'm missing something, and if say OpenLDAP is easier for the same thing, that would be useful.
|
# ? Oct 14, 2012 17:05 |
|
Scenario: Windows Server doing LDAP (not OpenLDAP). Multiple Linux system using LDAP+Kerberos authentication for access on NFS shares. I want to have one of the Linux systems also host Samba shares, using the same LDAP-based authentication (not Winbind). When I look up Samba+LDAP, I find page after page of OpenLDAP guides. Is this doable? I tried adding Winbind authentication in addition to LDAP on the Linux systems and ended up with users listed twice, conflicting UID/GIDs, etc. Edit: Since my Windows AD scheme already has Unix/Linux-compatible UID, GID, Home, and Shell for every account - can I get Winbind/Samba to use these without the *mapping* it does? Examples: "getent passwd" when using ldap: xeno:*:500:500:Xeno:/home/xeno:/bin/tcsh (correct) "getent passwd" when using Winbind: xeno:*:16777216:16777216:Xeno:/home/DOMAIN/xeno:/bin/false Xenomorph fucked around with this message at 20:33 on Oct 14, 2012 |
# ? Oct 14, 2012 18:46 |
|
Misogynist posted:Are you setting up dozens of LDAP servers? I love the idea of configuration as code, but honestly, this is one of those situations where documenting it is an order of magnitude easier than scripting it, especially through something like Puppet that doesn't have native support for ensuring that LDAP DNs are configured a certain way. (If there was a type for that, it would make this problem really easy, though.) My CTO says we'll have two, one in the office and one in the DC so if one stops working the other we can fail over to the other.
|
# ? Oct 14, 2012 20:58 |
|
Xenomorph posted:Scenario: Doctor w-rw-rw- posted:My CTO says we'll have two, one in the office and one in the DC so if one stops working the other we can fail over to the other. Back up your /etc/dirsrv (assuming 389 DS here) containing your cn=config LDIFs and your certificate stores, and just restore from backup and reinitialize your consumer if something goes wrong on one of the servers. I don't usually recommend this approach, since I think it's lazy, but Puppet and other configuration management solutions just don't have the plumbing to properly manage LDAP entries yet. Vulture Culture fucked around with this message at 21:44 on Oct 14, 2012 |
# ? Oct 14, 2012 21:39 |
|
OK, I think I'm figuring this out. However, I'm hitting another issue. I'm noticing the issue mentioned in the last post in this thread: http://forums.gentoo.org/viewtopic-t-797291-start-0.html and also mentioned here: http://lists.samba.org/archive/samba/2006-August/123711.html I got Winbind to pull the correct Unix attributes from AD by telling it to use "rcf2307". That works for UID (uidNumber), Home, and Shell. For the group, instead of grabbing a user's GID (gidNumber), it's grabbing their primary group from Windows' setting for primary group. I can change each user's primary group that way, but that means I cannot see any groups with "getent group" because it is ignoring the GID from all of the groups. Is there way to remap what Winbind is trying to read info from?
|
# ? Oct 15, 2012 03:21 |
|
Doctor w-rw-rw- posted:My CTO says we'll have two, one in the office and one in the DC so if one stops working the other we can fail over to the other. Yeah that doesn't sound like a job for puppet. Puppet is more for maintaining system states, not high availability. If you had a big fleet of machines and want to be able to roll out another one easily it would make sense to spend the extra time configuring the puppet code. http://www.openldap.org/doc/admin24/replication.html
|
# ? Oct 15, 2012 07:48 |
|
Does anyone know of good guides to implementing VRFs and 802.1q on linux, particularly either ubuntu or Debian? I'm wanting to set up a monitoring system for some of our MPLS IPVPN customers.
|
# ? Oct 15, 2012 16:43 |
|
Looks like all the issues I've been having with samba/winbind and idmap (rfc2307 schema) may have to do with changes in Samba 3.5 and 3.6. Some people say (going by Google searches) that things worked up to 3.4, but broke after. Is anyone here using Samba/winbind and doing UID/GID mapping from AD rfc2307? Is there a non terrible way of working with permissions from Windows on a Samba share? I can set permissions from Windows, but then as soon as a the server reboots or a permission is changed from Linux, I end up with "CREATOR OWNER", "CREATOR GROUP", and "Special permissions" set on a file/directory. When I view Advanced permissions, I have half a dozen entries for what use to just be a simple "user, group, other" permission setting. code:
Xenomorph fucked around with this message at 04:37 on Oct 17, 2012 |
# ? Oct 16, 2012 19:16 |
|
I'm trying to alias an ssh tunnel. Let me explain. I have a LocalForward statement in my ~/.ssh/config, bringing a remote resource over: code:
So now that I have access to localhost:9090, I would like to assign a virtual host to it, like foo.remote, so when I access foo.remote from any program, it will forward that request to localhost:9090, and therefore to foo.server.com:8080 over the tunnel. Is this possible?
|
# ? Oct 18, 2012 06:25 |
|
Houston Rockets posted:I'm trying to alias an ssh tunnel. No. Virtual hosts are a HTTP/HTTPS thing done via the "Host:" header (and even HTTPS has has problems with it). You can't select based on DNS name. What you might be able to do is create some virtual interfaces with their own static IPs, modify your /etc/hosts file to point to those IPs, and then use that to access your forwards by name. This also allows you to bind a port multiple times, so long as no IP has more than one thing claiming the same port. How you go about setting the routes I don't know since I never actually learned networking, just the tools that are used to configure it. EDIT:vvvvvvvv See below. vvvvvvvv (woo! my off the wall idea was valid!) Doctor w-rw-rw- fucked around with this message at 07:55 on Oct 18, 2012 |
# ? Oct 18, 2012 06:44 |
|
Houston Rockets posted:I'm trying to alias an ssh tunnel. As Doctor w-rw-rw- said, "virtual hosts" is not quite the right term for this. Furthermore, there is no easy and universal way to assign port numbers to hostnames. If you create virtual interfaces, you can use the same port number locally as the remote real service uses, which may allow you to omit the port number. But even that has a restriction: if you want to use "privileged" ports (= port numbers 0-1023), you must run your local SSH client as root. Creating the virtual localhost interfaces (essentially IP Aliases for localhost) is simple: code:
Your Linux distribution probably already has some way to specify IP Aliases in network configuration files: check the distribution's documentation and support resources. Then assign names for the virtual interfaces in /etc/hosts: code:
code:
After this, when start "ssh XYZ" and then tell any program to connect to port 8080 on foo.remote, the connection should pass through the SSH tunnel to port 8080 on foo.server.com. Likewise, connections to port 8080 on bar.remote should go to bar.server.com. Now, if the default port number of the application can be used in the configuration above, the need to explicitly specify the port number may be removed. But even if you must still specify it, you can now standardize to a particular port number to minimize your memory workload (i.e. "when using whatever.remote, the port number shall always be 8080").
|
# ? Oct 18, 2012 07:52 |
|
Can you use dynamic forwarding/SOCKS proxying? Lots (but not all) programs support it.
|
# ? Oct 18, 2012 19:34 |
|
Ninja Rope posted:Can you use dynamic forwarding/SOCKS proxying? Lots (but not all) programs support it. Then each client program would have to be configured per-server. The nuance is slight, but SOCKS proxying would add access to another network, potentially enabling acces to multiple other computers on that one network, but making the forwards local is a way of adding access to other computers, all of which may be on multiple different networks.
|
# ? Oct 18, 2012 19:49 |
|
Hopefully I did not miss what is blindingly obvious due to searching for the wrong phrases on Google, but is it possible to block an entire subnet (Class C 192.168.1.0/24) in iptables but leave access to two or three IPs within that subnet open? These three are all over the place so I can resort to a few range entries and not do hundreds of entries, thank God, but it'd be nice if I could basically say "block access to this /24 except for these..."
|
# ? Oct 18, 2012 20:53 |
|
CHEF!!! posted:Hopefully I did not miss what is blindingly obvious due to searching for the wrong phrases on Google, but is it possible to block an entire subnet (Class C 192.168.1.0/24) in iptables but leave access to two or three IPs within that subnet open? These three are all over the place so I can resort to a few range entries and not do hundreds of entries, thank God, but it'd be nice if I could basically say "block access to this /24 except for these..." Iptables rulesets are evaluated in order, and first match wins. Just put the exceptions first, e.g.: code:
|
# ? Oct 18, 2012 21:34 |
|
For the first time in nearly 15 years, I'm giving Linux a shot as my main desktop OS. Hooray! Anyway, what the gently caress do I have to do to get fonts in Chromium looking like they do in Chrome on Windows? I don't know anything about fonts other than to say they look different. I'm running Ubuntu 12.10.
|
# ? Oct 19, 2012 19:35 |
|
I think having the Windows TrueType fonts might help with that. The package to install is called msttcorefonts.
|
# ? Oct 19, 2012 19:45 |
|
Thermopyle posted:Anyway, what the gently caress do I have to do to get fonts in Chromium looking like they do in Chrome on Windows? Are you running stock Ubuntu with Unity? Play around with the font hinting settings in the control panel. Chromium should now respect those.
|
# ? Oct 19, 2012 19:52 |
|
babies havin rabies posted:I think having the Windows TrueType fonts might help with that. The package to install is called msttcorefonts.
|
# ? Oct 19, 2012 19:53 |
|
Doctor w-rw-rw- posted:On 12.04 it's ttf-mscorefonts-installer. Thanks. I couldn't remember the name myself, the first result on Google was a blog post that I just noticed was created in 2005.
|
# ? Oct 19, 2012 19:55 |
|
babies havin rabies posted:I think having the Windows TrueType fonts might help with that. The package to install is called msttcorefonts. This helped a lot. Suspicious Dish posted:Are you running stock Ubuntu with Unity? Play around with the font hinting settings in the control panel. Chromium should now respect those. Can't find these settings. :/
|
# ? Oct 19, 2012 22:53 |
|
I don't know how Unity has their control panel structured, but they should be available in gnome-tweak-tool if nowhere else.
|
# ? Oct 19, 2012 23:00 |
|
Is there seriously no way to make netflix work on linux without a VM? It's kind of frustrating, I hope they stop using silverlight at some point, or at least release some sort of client.
|
# ? Oct 20, 2012 01:34 |
|
tarabluh posted:Is there seriously no way to make netflix work on linux without a VM? Unlikely. The cost is the licensing cost for the encoding software per instance times the number of concurrent instances of the encoder the number of shows to transcode times the number of resolutions to encode at. It's a very real cost and certainly greater than the amount it would cost to implement the appropriate DRM module for mono, if such a thing were possible (I haven't looked at the license, it may or may not be).
|
# ? Oct 20, 2012 02:40 |
|
They built Netflix for ChromeOS (actually Google built it for Netflix), so it's clear that they can do it. It's just that they won't.
|
# ? Oct 20, 2012 02:50 |
|
Suspicious Dish posted:They built Netflix for ChromeOS (actually Google built it for Netflix), so it's clear that they can do it. It's just that they won't. They got it running on a Linux-based solution with a known and integrated hardware and software configuration. Building in support includes testing it against configurations and modifying encode profiles to work on different hardware configurations. The amount of engineering to get it work on ChromeOS is easily a small fraction of the engineering effort it would take to engineer, test, deploy, and continuously support a solution for Linux as a whole. Porting to well-behaved and specific targets is the easiest part.
|
# ? Oct 20, 2012 03:52 |
|
I'm pretty sure that Netflix realizes that they'd get more complaints if they supported Ubuntu and not Gentoo than if they just don't support linux at all.
|
# ? Oct 20, 2012 05:55 |
|
Netflix realizes there's not enough Linux users to be profitable and there's no way they could make working DRM.
|
# ? Oct 20, 2012 05:57 |
|
pseudorandom name posted:Netflix realizes there's not enough Linux users to be profitable and there's no way they could make working DRM. I thought that Android didn't use DRM?
|
# ? Oct 20, 2012 05:58 |
|
The difficulty in getting DRM working on Android is the major reason why Netflix took so long in releasing an Android client.
|
# ? Oct 20, 2012 06:04 |
|
pseudorandom name posted:The difficulty in getting DRM working on Android is the major reason why Netflix took so long in releasing an Android client. Not quite. Video playing is a horror in itself. There are three separate decoders used on Android devices 2.1+, which will fail in different conditions. The VideoView, furthermore, didn't even have a resume() function until API8, and the VideoView itself has layers upon layers of issues with managing its own state. Add to that the fact that GoogleTV (API12) has buggy/incomplete support for HLS, which is different from the support in ICS+, because that was the type GoogleTV implemented independently from ICS, and the fact that a Xoom and a Nexus 7 don't behave identically, then it's clear that basically playing any video at all that was the major reason Netflix took so long in releasing an Android client. Of course, decoding any sort of encryption is sure to have complicated the process on top of that.
|
# ? Oct 20, 2012 06:27 |
|
Why couldn't they possibly make working DRM? I don't see the reasoning here.
|
# ? Oct 20, 2012 06:32 |
|
Suspicious Dish posted:Why couldn't they possibly make working DRM? I don't see the reasoning here. The point I'm getting at is that DRM isn't the only thing that makes being on every platform hard for Netflix. There are numerous challenges on every platform and many of them have to do with just getting the drat thing to play. MPlayer and VLC and their associated libraries spoil us - encoding and decoding video is a huge pain in the rear end and a gargantuan mess.
|
# ? Oct 20, 2012 06:52 |
|
So basically Redhat and Canonical have to get together and agree on DRM?
|
# ? Oct 20, 2012 06:58 |
|
|
# ? May 16, 2024 06:27 |
|
Suspicious Dish posted:Why couldn't they possibly make working DRM? I don't see the reasoning here. Useful DRM requires control of the full path from the moment decoding is started to the point the content reaches the part where it interfaces to the meatbag trying to play it. That means the kernel and audio/video drivers must also be working to secure the content. Between Protected Audio Path and HDCP if you play a Blu-ray on a Windows PC the content is hidden as well as software can do from the user until it hits the ADCs in the sound card and display interface. Turns out that's kind of hard when you have access to the kernel source and the majority of the drivers (other than the official GPU drivers from AMD/nVidia). That's why some Android media apps refuse to run on rooted devices, they figure they can trust the DRM in a manufacturer ROM but not anything homebrew. wolrah fucked around with this message at 07:07 on Oct 20, 2012 |
# ? Oct 20, 2012 07:03 |