Jeff Leyser's questions

I have setup FreeRADIUS, PAM and the Google Authtenicator. FreeRADIUS calls PAM, which in turn calls the Google pam_google_authenticator.so libary. That all works successfully.

However, that's not really 2 factor auth, as all one needs is the OTP from the Google App. To get two 2FA, I want to use the local Linux password. Since this is through RADIUS, I can't prompt for both passwords, and need to combine them in one. According the Google Auth README, and various blogs I found, I should do this in PAM:

   auth requisite pam_google_authenticator.so forward_pass
   auth required pam_unix.so use_first_pass  

And then I can put the password and OTP at the same prompt, e.g. MyPass123456

But it never works. With debugging on, I can see that pam_unix.so checks and accepts the password from the user, but then fails anyway. If I remove that second line, or change 'auth' to 'account' (one suggestion I found), auth works, but the local password is simply ignored.

Am I missing something in my PAM config?

Of the 40+ desktop machines we have, about 5 are Windows 7 boxes, the rest Fedora. So we aren't running AD, and we don't want to. We do have Samba deployed (on a CentOS box), configured as a WINS server.

Wired network is one VLAN (and subnet), WiFi another. Basic networking works fine (e.g. everyone can ping everyone else). The Samba server is configured as the Master Browser for both subnets.

If a Windows 7 box (on WiFi) wants to access a Samba-served share (on the wired network), it can be done, but only if the user specifies \servername\share. The Windows 7 user can't find the server in the 'Network' part of Windows Explorer.

Worse, shared multifunction printers (on the wired network) can't be found at all. I can get printing to work by creating a TCP/IP port, and printing through that. But all of the printer's other functions (e.g. scanning) won't work. The Cannon-specific software that came with the printer can not see the printer.

I'm a Linux guy, way out of my depth. If deploying a Windows 2008 will fix this, I'll do it in a heartbeat, but I've got no idea how to configure said server (WINS? DNS? Something else?)

Any and all advice most welcome!

I have a CentOS box with 10 2TB drives & an LSI RAID controller, used as an NFS server.

I know I'm going to use RAID 1 to create 5TB of usable space. But in terms of performance, reliability & management, which is better, create a single 5TB array on the controller, or create 5 1TB arrays and use LVM to regroup them into one (or more) VGs.

I'm particularly interested in hearing why you would pick one approach or the other.

Thanks!

I need to create several distinct VLANs, and provide a way for traffic to move between them. A "router on a stick" approach seems ideal:

                                Internet
                                   |
                      Router with Trunking Capability ("router on a stick")
                                   *
                                   *  Trunk between router and switch
                                   *
                      Switch with Trunking Capability
                       |      |       |      |      |
                       |      |       |      |      |
                       |    LAN 2     |    LAN 4    |
                       | 10.0.2.0/24  | 10.0.4.0/24 |
                       |              |             |
                     LAN 1          LAN 3         LAN 5
                  10.0.1.0/24    10.0.3.0/24   10.0.5.0/24

We have trunk-capable Layer-2 switches. The question is what to use as the router on a stick. My choices seem to be:

1. Use an existing Cisco 5505 ASA firewall. It appears the ASA can do the routing, but it's a 100Mbps device, and so seems sub-optimal at best
2. Buy a router. This seems overkill.
3. Buy a Layer-3 switch. Also seems overkill.
4. Use an existing, shared Linux Box as a router (e.g. the NIS server)
5. Use a dedicated Linux box as a router
6. Something I'm not thinking of

I think either (4) or (5) is my best option, but I'm not sure how to choose between them. I expect the amount of traffic that has to cross the VLANs to be somewhat small, but bursty. How much load does routing add to a CentOS machine?

Server currently running CentOS 5.2. Developers tell me they'd like the machine upgrade to CentOS 5.3 -- but not all the way to CentOS 5.4, as they haven't tested with 5.4 yet.

I'm pretty sure a yum upgrade will put me at 5.4, as a yum check-update shows all sorts of 5.4 packages.

So how do I move up to 5.3?

I'm trying to setup backup scripts on WinXP to use Volume Shadow Sets. I downloaded the VSS 7.2 SDK from MSFT, and used the include vshadow.exe to create a shadow set:

vshadow -script=vss-setvar.cmd f:

(note that I've tried both f: and c:)

vshadow executes just find, giving no errors, reporting the shadow is created. However, executing

vshadow -q

as the very next command results in "There are no shadows on the system" and, indeed, if I use dosdev to try and map the Shadow set named in vss-setvar.cmd, it will not work.

Am I missing a step?