[Fedora-directory-users] Building RPMS on 64 Bit
by Brett Elsmore
FDUG,
Has anyone had success building rpm's on 64 bit ?
I am getting the following error -
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.38067
+ umask 022
+ cd /usr/src/redhat/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ echo yes
+ echo yes
+ ./setup -b /usr/src/redhat/BUILD//opt/fedora-ds
/var/tmp/rpm-tmp.38067: line 30: ./setup: No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.38067 (%install)
When I look at the spec file, like 80 states -
(echo yes ; echo yes) | ./setup -b $RPM_BUILD_ROOT/%{prefix}
Thanks for any assistance.
17 years, 10 months
[Fedora-directory-users] Error start-admin
by Douglas Hussey
I have made a fresh install of the latest DS version. I get the
following error when I attempt to start the admin server, what is
strange is the previous version runs fine on this machine 7.1-2. We
are running Redhat V4 AMD_64. JDK 1.5.0_05
ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libssl3.so' from
LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/opt/fedora-ds/bin/admin/lib/libldap50.so' from
LD_PRELOAD cannot be preloaded: ignored.
Syntax error on line 150 of /opt/fedora-ds/admin-serv/config/httpd.conf:
Cannot load /opt/fedora-ds/bin/admin/lib/libmodrestartd.so into
server: /opt/fedora-ds/bin/admin/lib/libmodrestartd.so: cannot open
shared object file: No such file or directory
Thanks
Doug
17 years, 10 months
[Fedora-directory-users] automount (revisited)
by Roger Spencer
I dug the below out from the archive. Is there anything new on the subject?
I've seemed to have slammed head first into the subject. Got SUSE and
RHEL 3 using nisObjects happily (apparently they'll support either
model). Just configured a Solaris 10 box as a client and it wants
automountMap. Even worse, Solaris 9 and 10 do automountMap, Solaris 8
does nisObjects. Fortunately, I have all three versions running. (Info
on Solaris' automount:
http://www.informit.com/articles/article.asp?p=31550&seqNum=4&rl=1 )
I tried loading the 10rfc2307bis.ldif (by replacing the 10rfc2307.ldif
file) and slapd wouldn't restart.
Any idea to a) get the automountMap objects in the schema? b) possibly
support both models?
* /From/: Rich Megginson <rmeggins redhat com>
* /To/: "General discussion list for the Fedora Directory server
project." <fedora-directory-users redhat com>
* /Subject/: Re: [Fedora-directory-users] Re: automount
* /Date/: Tue, 16 Aug 2005 09:01:40 -0600
------------------------------------------------------------------------
There has been a lot of confusion around this issue (mostly on my part).
I think one of the problems is that rfc2307 support from OS vendors is
now deprecated in favor of rfc2307bis
http://www.ietf.org/internet-drafts/draft-howard-rfc2307bis-01.txt,
which is still in Internet Draft phase (and is due to expire very
quickly). A new draft is being worked on with the goal of generating a
new RFC. The bis draft has one problem with it, in that it requires the
use of the authPassword attribute (defined in RFC 3112
http://www.ietf.org/rfc/rfc3112.txt). FDS does not support this (and
neither does OpenLDAP AFAICT). I have attached a file called
10rfc2307bis.ldif. This is the schema from the 2307bis I-D in FDS schema
format.
The preferred way to map the automount information is to use the
automount attributes and objectclasses in the RFC 2307bis draft schema.
The problem is that I don't know all of the vendor support. So far I've
been unable to find out what RHEL3 and RHEL4 support. I've been told
that Solaris has support for the bis schema.
If you like, you can replace the 10rfc2307.ldif schema supplied with FDS
with the attached file, and see what happens.
17 years, 10 months
[Fedora-directory-users] Hosed sync with AD
by Daniel Shackelford
Hello...
Earlier this month we had an issue with one of our domain controllers
(Win2003) and took it down. It was the one the directory server was
pointing to for synchronization. Ever since then, no sync has occurred
and I am back to getting the
-81 (Peer's Certificate issuer is not recognized.)
I have checked the DC, and all looks well. We were merely moving the
logs to another volume, so it should not have an effect on ldap
connections. I did some fiddling and at one point I removed the native
java since I had installed the IBM version. Jessie depended on it, so
that was removed as well. I have since gotten new certs and CA certs,
and installed them, but still no luck on the connection. Certutil no
longer worked, so I installed mozilla-nss, and now it does not work
for other reasons:
NSS_Initialize failed: An I/O error occurred during security authorization.
All certificate management via the console seems to work fine...
So, my questions are:
Is there a way to get my ssl libraries so they line up with what FDS wants?
Was jessie even involved in this issue?
I already have all our data in this directory, so is there a way for me
to get this thing syncing again without a wipe and reinstall?
If I delete the sync agreement, and create a new one, what happens on
the first sync? Will it just pick up where it left off, or will it
choke on all the objects that were a part of the previous sync
agreement? Will I have problems with my data since it has been over 10
days since the last sync?
--
Daniel Shackelford
Systems Administrator
Technology Services
Spring Arbor University
517 750-6648
"For even the Son of Man did not come to be served, but to serve, and to give His life a ransom for many"
Mark 10:45
17 years, 10 months
[Fedora-directory-users] enforce strong passwords
by Jo De Troy
Hello,
I was wondering if anyone was looking into enforcement of strong passwords.
I'm not a hardcore C programmer but I'm willing to help. But first I'll have
to try in getting the current version compiled.
I'm certainly willing to do some testing.
Greetings,
Jo
17 years, 10 months
[Fedora-directory-users] FDS console on Windows with SSL and self-signed certificates
by Brian Rudy
Hi Folks,
I have set up Fedora Management Console on one of my Windows boxes per
the directions in the Howto:WindowsConsole Wiki, but have an issue
connecting to the Directory Server using SSL. From the Windows box FMC,
the Directory Server is listed in the Server Group, with Server status:
Stopped. In the slapd logs I see the following:
[20/Jan/2006:11:09:36 -0800] conn=4768 fd=68 slot=68 SSL connection from
192.168.128.65 to 192.168.128.4
[20/Jan/2006:11:09:36 -0800] conn=4768 op=-1 fd=68 closed - SSL peer
cannot verify your certificate.
Since I am using a self-signed certificate on the directory server,
which would require installation on the client, this all appears to make
sense. Now for the question: How does one install certificates on the
client when using JSS/NSPR/NSS as shown in the Wiki? It looks like you
would need to create your own cert7.db and key3.db with certutil, and
import the Server-Cert, but I'm a bit confused as to where the .db files
should be located, and what they should be named.
Has anyone done this who wouldn't mind sharing?
17 years, 10 months
[Fedora-directory-users] dsbuild and libadminutil build error os Slackware 10.2 - 2.6.14.3
by Mike Lowrie
I'm trying to do a complete build using dsbuild on a freshly installed
Slackware 10.2 box with a 2.6.14.3 kernel, but I'm running into problems
with the system not finding some header files:
==== Building AdminUtil ==========
cd lib/libadminutil; gmake BUILD_OPT=1 NSPR_BASENAME= USE_PTHREADS=1
SECURITY=domestic MOZILLA_SOURCE_ROOT_EXT= ICU_SOURCE_ROOT_EXT= USE_64=
gmake[3]: Entering directory
`/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/lib/libadminutil'
gcc -c -fPIC -pipe -DLINUX -Dlinux -DBSD -D_POSIX_SOURCE -D_XOPEN_SOURCE
-D_BSD_SOURCE -DHAVE_STRERROR -DNO_DBM -DNO_NODELOCK -DXP_UNIX -DLinux
-O2 -DNET_SSL -DSPAPI20 -DBUILD_NUM=\"2005.344.255\"
-I/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include
-I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/Linux2.6.14_x86_glibc_PTH_OPT.OBJ/include
-I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/public/nss
-I/usr/local/src/dsbuild/ds/mozilla/work/mozilla/dist/public/ldap
-I/usr/local/src/dsbuild/ds/icu/work/icu-2.4/built/include psetc.c -o
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/built/Linux2.6.14_x86_glibc_PTH_OPT.OBJ/lib/libadminutil/psetc.o
In file included from
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/psetc.h:24,
from psetc_pvt.h:26,
from psetc.c:30:
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:25:21:
prtypes.h: No such file or directory
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:26:19:
plstr.h: No such file or directory
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:27:19:
prprf.h: No such file or directory
In file included from
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/psetc.h:24,
from psetc_pvt.h:26,
from psetc.c:30:
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:78:
error: syntax error before "createAttrNameList"
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:78:
warning: data definition has no type or storage class
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:80:
error: syntax error before "addName"
/usr/local/src/dsbuild/ds/adminutil/work/fedora-adminutil-1.0/include/libadminutil/admutil.h:80:
warning: data definition has no type or storage class
.
.
.
and of course a whole lot of other errors follow.
I have found the files it is looking for in the mozilla directory of the
dsbuild directory, but its as if it doesn't have the correct include
paths. I tried adding a few manually, but there are a lot of different
paths - all from the mozilla directory that aren't being found.
Does anyone have any suggestions on how to fix this?
Appreciate the help!
Mike
17 years, 10 months
Re: [Fedora-directory-users] Admin Server or Console problem
by Little Dragon
Hi,
My problem is partly solved.
I am testing FDS on virtual PC (VPC) with FC4.
It seems my problem related to DHCP/DNS settings.
The VCP gets the IP address from DHCP but the hostname is not
registered as it is just a test and I am testing it when I
have a few free minutes.
Then I installed a new VPC without network (only the "lo" is
there) and now it works as it should.
If you are on a network then try to check the hostname with
"nslookup yourhostname". If it is not OK then your problem
is also could related to DHCP/DNS.
HTH,
Laszlo
"Hyo-su,Won<Monster>" <iamyasu(a)pmcmantech.com> írta:
>
> Cannot connect to the Admin Server http://hostname:1500;
> The URL is not correct or the server is not running.
>
> I'm looking for how to solve..
>
> If you got any idea.. can I share your opinion?
________________________________________________________________
Harry Potter és a Félvér Herceg! Garantált szállítás a megjelenés napján! (február 10. )
Jegyezze elő most! http://www.bookline.hu/control/news?newsid=322&affiliate=frehp6kar1482
17 years, 10 months
RE: [Fedora-directory-users] Some password policy enforcement information questions
by Bliss, Aaron
Turns out the issue I was having was with my clients; I'm not sure why,
but the administrator before me had "UseLogin Yes" set in
/etc/ssh/sshd_config; commenting this out immediately started generating
password warnings to users (as configured by the directory server); does
anyone know what the UseLogin option is used for? Thanks.
Aaron
-----Original Message-----
From: Bliss, Aaron
Sent: Thursday, January 19, 2006 3:15 PM
To: 'General discussion list for the Fedora Directory server project.'
Subject: RE: [Fedora-directory-users] Some password policy enforcement
information questions
Thanks very much for the explanation; makes much sense to me now; I did
some playing around, and got the directory server to spit out to me that
your password is going to expire in x amount of days. Thanks again.
Aaron
-----Original Message-----
From: fedora-directory-users-bounces(a)redhat.com
[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard
Megginson
Sent: Thursday, January 19, 2006 2:35 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] Some password policy enforcement
information questions
It looks like the way it works is this:
When you have enabled password warning, an operational attribute called
"passwordExpWarned" is created in the user's entry. The value will be 0
until the user does a successful BIND operation and the time between now
and the configured password expiration time is less than or equal to the
configured password warning time. When this happens, the warning will
be sent, the value of passwordExpWarned will be changed to 1, and the
operational attribute passwordExpirationTime in the user's entry will be
set to the time at which the password will expire. When the user
changes the password, passwordExpWarned will be reset to 0 and
passwordExpirationTime will be set to the new expiration time.
Bliss, Aaron wrote:
>If I've configured a correct password policy and the warning attribute
>is not getting updated, should this be considered a bug?
>
>Aaron
>
>-----Original Message-----
>From: fedora-directory-users-bounces(a)redhat.com
>[mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Richard
>Megginson
>Sent: Thursday, January 19, 2006 1:48 PM
>To: General discussion list for the Fedora Directory server project.
>Subject: Re: [Fedora-directory-users] Some password policy enforcement
>information questions
>
>Bliss, Aaron wrote:
>
>
>
>>Please forgive me if I'm asking silly newbie questions, however I'm
>>trying to understand exactly what I'm seeing thru fds; first the
>>policy
>>
>>
>
>
>
>>I've configured on the directory using the fds console:
>>I've enabled fine-grain password policy for the data unit, including
>>password history enforcement, password expiration after 90 days,
>>password warning 14 days before password expires, check password
>>syntax, account lockout policy enabled after 3 login failures for 120
>>minutes and reset failure count after 15 minutes.
>>
>>Everything seems to be working except for send password warning; in
the
>>client's ldap.conf file, I've enabled pam_lookup_policy yes.
>>
>>Looking at account information attributes for a user, passwordexpwarnd
>>value is 0; I've reset users password to try to initialize the
>>password
>>
>>
>
>
>
>>policy, however this value never seems to change. According to this
>>documentation
>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#107
>>7
>>0
>>81 I believe that this attribute is stored in seconds. Is this true?
>>
>>
>>
>>
>Yes.
>
>
>
>>If so, what can I do to ensure this attribute is getting updated
>>(assuming that this is the attribute responsible for triggering
>>password expiration warning).
>>
>>
>>
>>
>I'm not really sure.
>
>
>
>>Second issue/question:
>>I've looked at this wiki
>>http://directory.fedora.redhat.com/wiki/Howto:PAM and near the very
>>bottom it mentions adding the following
>>
>>dn: cn=config
>>changetype: modify
>>add: passwordExp
>>passwordExp: on
>>-
>>add: passwordMaxAge
>>passwordMaxAge: 8640000 (this I believe would give a password max age
>>of 100 days)
>>
>>Do I need to add these attributes even though I've configured the
>>password policy using fds console has done this for me. Is this the
>>case, I see don't these attributes in the gui, however I do see
>>passwordexpirationtime as an attribute and is set to 90 days from now
>>(I'm want to ensure that accounts are indeed locked after passwords
>>have expired).
>>
>>
>>
>>
>Those attributes are only for global (default) password policy - what
>you have set for fine grained password policy will override those.
>
>
>
>>Also, Jim Summers posted to this group that he saw an issue with
>>shadowpasswd / shadowexpire fields not being updated
>>https://www.redhat.com/archives/fedora-directory-users/2005-December/m
>>s
>>g
>>00367.html
>>
>>Can anyone tell me what these fields are used for, as I don't see any
>>mention of them in this documentation
>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#107
>>7
>>0
>>81
>>
>>
>>
>>
>Right. They are a PAM/posix thing - FDS treats them as any other data
>- it doesn't update them from it's own password policy.
>
>
>
>>Thanks again very much.
>>
>>Aaron
>>
>>
>>
>>
>>www.preferredcare.org
>>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>>Power and Associates
>>
>>Confidentiality Notice:
>>The information contained in this electronic message is intended for
>>
>>
>the exclusive use of the individual or entity named above and may
>contain privileged or confidential information. If the reader of this
>message is not the intended recipient or the employee or agent
>responsible to deliver it to the intended recipient, you are hereby
>notified that dissemination, distribution or copying of this
>information is prohibited. If you have received this communication in
>error, please notify the sender immediately by telephone and destroy
>the copies you received.
>
>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>>
>
>
>www.preferredcare.org
>"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D.
>Power and Associates
>
>Confidentiality Notice:
>The information contained in this electronic message is intended for
the exclusive use of the individual or entity named above and may
contain privileged or confidential information. If the reader of this
message is not the intended recipient or the employee or agent
responsible to deliver it to the intended recipient, you are hereby
notified that dissemination, distribution or copying of this information
is prohibited. If you have received this communication in error, please
notify the sender immediately by telephone and destroy the copies you
received.
>
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates
Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information. If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited. If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.
17 years, 10 months
