Mike S's questions

Is it possible to use become in a handler?

We are running ansible 2.9.3 on a RHEL 7.4 machine. We have a user who is modifying some config files for a daemon (Consul), and we want the service to restart after any configuration change. We have a notify in the tasks, and a handler.

The files are getting modified properly, and the handler is getting notified and it runs. However, the sudo rule is not working correctly as Ansible exits with a failure:

"module_stderr": "sudo: a password is required\n"

When they run it from the command line, the user can run any systemctl commands they want using sudo commands; eg sudo systemctl restart consul and sudo systemctl restart consul.service work famously. Only the Ansible handler demands the password.

Here is our handler:

---

- name: Restart consul
  service:
    name: consul
    state: restarted
  become: yes
  become_user: root
  become_method: sudo

What is the magic inside the sudoers file that Ansible wants? I have looked for clues from the ansible -vvv output but the only thing it tells me is as below. It looks like it wants to run something like

sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-hltnfuwykrbhkmyixwzzockacxeosntn ; /usr/bin/python /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861/AnsiballZ_systemd.py'"'"'

which would be impossible to put in our sudoers file. Here's the output from the handler:

RUNNING HANDLER [workdir : Restart consul] *****************************************************************************************************
task path: /home/consinstall/bitbucket/workdir/roles/deploy/handlers/main.yml:3
<testhost01> ESTABLISH LOCAL CONNECTION FOR USER: consinstall
<testhost01> EXEC /bin/sh -c 'echo ~consinstall && sleep 0'
<testhost01> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861 `" && echo ansible-tmp-1584133543.53-230020740311861="` echo /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/systemd.py
<testhost01> PUT /home/consinstall/.ansible/tmp/ansible-local-79139pfL0dr/tmpauDoVw TO /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861/AnsiballZ_systemd.py
<testhost01> EXEC /bin/sh -c 'chmod u+x /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861/ /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861/AnsiballZ_systemd.py && sleep 0'
<testhost01> EXEC /bin/sh -c 'sudo -H -S -n  -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-hltnfuwykrbhkmyixwzzockacxeosntn ; /usr/bin/python /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861/AnsiballZ_systemd.py'"'"' && sleep 0'
<testhost01> EXEC /bin/sh -c 'rm -f -r /home/consinstall/.ansible/tmp/ansible-tmp-1584133543.53-230020740311861/ > /dev/null 2>&1 && sleep 0'
fatal: [testhost01]: FAILED! => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "daemon_reexec": false, 
            "daemon_reload": false, 
            "enabled": null, 
            "force": null, 
            "masked": null, 
            "name": "consul", 
            "no_block": false, 
            "scope": null, 
            "state": "restarted", 
            "user": null
        }
    }, 
    "msg": "Unable to start service consul: Job for consul.service failed because the control process exited with error code. See \"systemctl status consul.service\" and \"journalctl -xe\" for details.\n"
}
META: ran handlers

NO MORE HOSTS LEFT *******************************************************************************************************************************************

PLAY RECAP ***************************************************************************************************************************************************
testhost01                : ok=2    changed=1    unreachable=0    failed=1    skipped=2    rescued=0    ignored=0   

Out of curiosity, is there any way to remove a systemd slice that you've created? I'm running on Fedora 28 with systemd-238-9 and kernel 4.17.12-200.fc28.x86_64 .

I performed:

systemd-run --unit=toptest --slice=test top -b

And after the top had exited, I can see my slice:

systemctl -t slice --all

But I can't remove it. I have tried

systemctl stop test.slice
systemctl kill test.slice
systemctl unload test.slice

(the latter gives an "unknown operation"), but still my slice lives in that list.

Thanks.

I cannot access a remote drive using Windows or smbclient; my authentication appears successful according to the samba log file, but getpwuid fails. The server (remote) is running CentOS 7.2 and Samba 4.2.3. The client is CentOS 7.2 and smbclient 4.2.3. The logfile shows:

[2017/05/06 22:57:48.729284,  2] ../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [developer_prod] -> [developer_prod] -> [developer_prod] succeeded
[2017/05/06 22:57:48.731091,  1] ../source3/auth/token_util.c:430(add_local_groups)
  SID S-1-5-21-4007675785-2624567327-467545301-1000 -> getpwuid(16777216) failed
[2017/05/06 22:57:48.731164,  1] ../source3/smbd/sesssetup.c:280(reply_sesssetup_and_X_spnego)
  Failed to generate session_info (user and group token) for session setup: NT_STATUS_UNSUCCESSFUL

Strangely, the SID corresponds to a local user:

# wbinfo -s S-1-5-21-4007675785-2624567327-467545301-1000         
NY4010\developer_prod 1

(ny4010 is my samba server machine) Even though on the client I am logging in using a domain user:

$ smbclient -U 'my_domain\developer_prod' \\\\ny4010\\release 'password'
session setup failed: NT_STATUS_UNSUCCESSFUL

Here is my smb.conf file:

[global]
   workgroup = MYDOMAIN
   password server = my_domain_server.mydomain.local
   realm = MYDOMAIN.LOCAL
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   kerberos method = secrets only
   winbind use default domain = true
   winbind offline logon = false
   log level = 2
   encrypt passwords = yes
       unix extensions = no
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        security = ads
        passdb backend = tdbsam
        realm = MYDOMAIN.LOCAL
        password server = my_domain_server.mydomain.local
        local master = no
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
[release]
       comment = Shared directory: /prod
       path = /prod
       browseable = yes
       read only = no
       valid users = developer_prod
       guest ok = yes
       public = yes
       follow symlinks = yes
       wide links = yes
       force user = developer_prod
[log]
       comment = Shared directory: /prod/log
       path = /prod/log
       browseable = yes
       read only = yes
       guest ok = yes
       public = yes

my nsswitch.conf file looks like: passwd: files winbind

I think the smoking gun here is that a local user's SID is showing up in that getpwuid failed line...

We're a Dell shop, and have a number of older 1950's (circa 2008 I believe) up to new R630s (it is mid-2016 as I write this). For lights out management, this means iDRAC5 through iDRAC8. I have had a hell of a time trying to reliably connect to the virtual consoles on our various servers. Nothing seems to work 100%: Neither IE, nor Chrome, nor Firefox. Even if I'm able to get into my iDRAC and start the Virtual Console, I end up with SSL errors and Java exits, eg "Error when reading from SSL socket connection".

How do I create a dependable iDRAC environment, so that I can login to any machine in my network every time? My current desktop is Windows 7.

Is there any way to shut off a network interface on a Linux box from the command line? By shut off, I mean to make the link power down as per a Cisco switch's "shutdown" command. ip, and ifconfig and even rmmod <driver> when used to bring a port down do not disconnect link; the device on the other end still sees a connection even when one disables a port using those utilities/methods.

Technically, at a device level I'm sure it can be done because when I perform

ip link set em1 down
ip link set em1 up

...then during the "up" phase, the NIC does go off for about 3-4 seconds (as seen on a switch's port cabled to that NIC, and on the port's status LED).

What I'm looking for is a command line utility that will perform the task. I have CentOS 7.2 on a Dell R610 using the onboard Broadcom nics.

I have a new Windows 7 SP1 workstation. Installation of updates failed, in part I believe because of a misconfigured AD domain controller. So I went through a lot of trouble on the workstation to get the updates to work (installing patches and deleting the below-mentioned registry entry), and I also went to the group policy editor in my Domain Controller and told it to no longer control Windows Updates in my domain. But hours later the workstation still says "Some settings are managed by your system administrator" in the windows update settings control panel, and I notice that- after I had removed HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate using regedit, and performed the updates- it is now back with the old settings (I can see that WUServer has the old entry in it).

My domain controller is running on Windows Server 2003 :-( (old, I know). How do I tell it to stop trying to control updates in the domain?

I had gone to the Group Policy Object Editor in the domain controller and changed all settings in Computer Configuration->Administrative Templates->Windows Components->Windows Update so that the state for each setting is "Not Configured". I also went to User Configuration->Administrative Templates->Windows Components->Windows Updates and made sure that all of those states are "Not configured".

I went to the Workstation and ran gpupdate /force in a cmd window as Administrator. I also have waited some hours since making these changes.

Still, it has reared its ugly head. How can I tell the domain controller to leave my poor workstations alone?

Ultimately, I want to configure a new domain controller with Windows 2012 r2 but I need the updates running nowish, and I'm too green to feel comfortable slamming an upgraded DC into place so I can get a supported solution. I just need this strange little problem to go away for right now.

Is it possible to increase the TCP window scaling factor on Linux (CentOS 7.2)? I have a long fat network (100 Mbps) from London to Chicago and I'm getting 16 Mbps throughput in TCP on an sftp from a London machine (Windows Server 2012r2) to my Chicago CentOS machine. I'd like to play with the scaling factor and see if my throughput changes.

My latency is 88 ms roundtrip.

I ask because with UDP I get over 90 Mbps, so I was thinking it would be nice to perhaps double my TCP throughput if I could.

I understand that TCP is connection-oriented, requires an ACK, etc., and that I may actually negatively affect my throughput. What I am doing is second-guessing the wisdom of the makers and trying to assume control myself, rather than allow autotuning to autotune.

Wireshark shows that my sftp from Windows to Linux is indeed using TCP window scaling, so I know it's supported in my path.

Otherwise I'll look into TCP multipath (http://www.multipath-tcp.org/) for my LFN.

Thanks.

How can I speed up my Windows 7 tcp file transfers over a 100 mbps link between Chicago and London?

Right now, I am transferring two 4GB files in two sftp sessions. Each file transfer is running at a rate of 500 KB/s (4 Mbits/sec). (B == bytes, b == bits, naturally). This is quite slow, as iperf tests show a rate of 16.8 Mbits/sec for a single TCP stream. That's 2 MB/sec.

Starting the second sftp session does not affect the speed of the first one iota. This makes sense to me as I noticed that my iperf tests were limited under TCP- each connection was 16 Mbps which leaves room on the wire for more connections. I was able to make iperf saturate my line by running many parallel connections, and it was a linear increase in bandwidth. That is, with 5 parallel connections I achieved bandwidth of about 5x16 == 80 Mbps.

I note that local file transfers using sftp are around 30 MB/s... quite good. So I don't think SSH channel encryption is the bottleneck.

I have reviewed What is the best way to transfer a single large file over a high-speed, high-latency WAN link? as well as other serverfault questions and there are a lot of interesting tools but what I am looking for is a way for me to adjust Windows' TCP stack to make sure I get my full 2 MB at least... and maybe more, since the iPerf tests were across untuned machines.

I notice, too, that when I drag-and-drop a file on a London machine from my Chicago fileserver, it seems to transfer at quite a nice clip (as shown by looking at the details during the transfer) but after a few minutes it drops off the cliff into the 10's of Kbps. It was very odd.

My latency is steady at around 88 ms, so I think the network infrastructure is good. We have a dedicated line; this is not a VPN over the Internet or anything like that.

========

I have a Linux VM that is "close" to my Windows desktop, network-wise. That is, they are on different subnets but both machines go into switches that both go into another switch that goes to London. Right now I am running an sftp from Linux to London and it is running at 8 MB/s while my desktop continues at 500 KB/s.

======== Ok, I put my Linux laptop on exactly the same switch as my Desktop. Where the desktop is performing an sftp at 500 KB/s at this moment, the Linux laptop is sending a 4Gig file at 7.6 MB/s. To the same server in London, of course.

======== Another test: I was using SecureFX by VanDyke Corp. I also have Cygwin on my PC, and I just went and used the CLI sftp command there. I just increased my throughput fivefold... I'm now getting 2.5 MB/s instead of 500k! :-\ This is on par with my iPerf results of 16 Mbps. Which I would have been content with... although now I notice that my laptop is three times as fast as that.

======== Another test: On my London machine, I started a Windows Explorer file copy from my fileserver in Chicago to the locally-mounted Downloads folder (that is, on an internal hard drive). The throughput was a rock-steady 5.49 MB/s for 12 minutes or so. That's close enough to fine for me! And again, copying via SecureCRT was miserably slow- a steady 500 KB/s.

The only thing I can conclude is that although there may be TCP tweaks that will help, the app you use can make a big difference! Furthermore, I don't know why my filecopy acted so strangely the other day. If it happens again I will attempt to debug.

Thanks for the suggestions and replies.

======================

Ok, I have followed Todd Wilcox' links and figured a few things out:

• First, according to Microsoft, from https://technet.microsoft.com/en-us/library/cc957546.aspx?f=255&MSPPError=-2147217396, "TCP uses a receive window... For Ethernet networks, the default value of this entry is 0x4470 (17,520, or 12 segments of 1,460 bytes each)" Well I have a WAN with 80ms latency so this is much too small.
• I have set both GlobalMaxTcpWindowSize and TcpWindowSize in the registry (the latter on my adapter) to 1 MiB, then went to the command line and used netsh to change the Receive Window Auto-Tuning Level from normal to disabled. My network transfer speeds did not change, so I rebooted my machine and again performed an sftp from my desktop to the London server.
• Throughput plummeted to 700 KB/s. Needless to say, I set everything back and rebooted again. Now my throughput is back to 2.1 MB/s.
• During the sftp, Wireshark shows a strange sawtooth pattern to the TCP window scaling, going from about 64000 to 62000 bytes then back up again. The cycle takes about 35 seconds.
• Let's say that my average is 63000 bytes window size. Therefore, my Bps throughput should be (from http://bradhedlund.com/2008/12/19/how-to-calculate-tcp-throughput-for-long-distance-links/), Window-Size (bytes) / Latency (sec) == 700 KB/s. Strange that I'm getting 2.1 MB/s... that's higher than the theoretical! I'm sure there are no Wan accelerators in between or anything more complicated than a Cisco 4948. Maybe Wireshark's window scaling graph is not the same as the window size, I don't know, but Googling told me that that was where I'd find the TCP window size.
• Things aren't adding up. Although I did find that my twiddling did screw things up, I don't know how to definitively tell what my TCP window sizes are. Furthermore, the oft-sited Brad Hedlund page gives some calculations that are not reflected in my experience.
• Finally, and this is the greatest lesson I have learned: I think I'll leave well enough alone. If we find we need better throughput, maybe I'll recommend a WAN accelerator. But since we're going halfway across the world we oughtn't expect phenomenal bandwidth from a single TCP connection.

Why can I not view/use/map a drive from a machine using its short hostname if the short hostname is proven resolvable by DNS?

I have a machine (the client in this example) running Windows Server 2008r2 Standard.

I cannot view, use, or map network drives from my fileserver onto this machines, using the short hostname.

I can do all that, eg net view myfileserver.example.com if I use the fully qualified domain name as shown, or if use the IP address.

I can ping the machine using the short name, and nslookup returns the proper IP address if I use the short name.

I could map a network drive on a machine in another domain using either the FQDN or the short name, eg: net use \\otherfileserver\IPC$ /u:"otherdomain\mylogin" "mypassword" /persistent:no

A real head scratcher (to me).

Note also that many other client machines are mapping network drives from the same fileserver.

EDIT: Ok, I awarded the bounty to Sum1sAdmin. I think he was on to something with the whole Browser thing. The problem is not DNS, no way no how it could be. Shortnames, longnames, skinny names, fat names, fully qualified names- they were all resolvable. It was NetBios (props to Noor Khaldi for being the first to bring it up, btw).

But it was Sum1sAdmin that pushed me to look at browsing in general. And because of that, I found that I had two Linux machines that were acting as the Masters for my domain. That was not good, because I have a mixed Linux/Windows environment and as it says in the smb.conf file: "Domain Master specifies Samba to be the Domain Master Browser...Don't use this if you already have a Windows NT domain controller doing this job..." which I do. In any event, I don't trust Samba to play well with Windows. If I can't call Microsoft Tech Support and say, "Yeah I have this browsing issue and by the way the master is a CentOS 5.3 machine running Samba," and they say, "Ok, cool!" then I'm not comfortable. I want my Windows-y things to live in Windows, and Linux be the client- only.

That said, I removed Samba's ability to be the domain master. This totally broke my browsing and made any net view command return an error 53, "The network path was not found." on all hosts for a while. Then after a while I got a new error instead: system error 6118, "The list of servers for this workgroup is not currently available." Waiting further, I suddenly started to see some machines. Using Scottie's handy dandy script (http://scottiestech.info/2009/02/14/how-to-determine-the-master-browser-in-a-windows-workgroup/), I then started to see machines and new Windows masters.

All that said, the original machine is still broken. And now, some 10 minutes later, my domain has again broke with system error 6118. If you check my conversation with Sum1sAdmin, you will see that my domain is kind of screwy. This is good, because now I know that the issue was never just random. If it's broke, and I know where it's broke, I can fix it. And right now NetBios is all kinds of broke because it was never set up correctly in the first place, which started with me figuring out that Linux was involved. (Which actually may not have caused a problem but regardless, I want to remove that wildcard from the environment and let Windows be Windows).

Anyway, thanks for all the responses. I'm going to keep futzing with this system until it works.

I have two machines with Windows 2012 r2. In one, under Computer Management->System Tools I see a "Local Users and Groups" submenu. In the other, I do not see it. How can two different machines in the same domain present two different sets of capabilities?

The machine in which I can see Local Users and Groups is running Windows Storage Server 2012 R2. It is a Dell box of recent vintage. The machine in which I cannot see Local Users and Groups is running Windows Server 2012 R2. It is a virtual machine.

Using set under cmd, I can see that the LOGONSERVER is identical. AS well, my USERNAME is identical, as is my USERDOMAIN.

I'm new at this Windows Admin stuff so I really need to wrap my head around Windows user access control. If it's inconsistent, I grow confused!

In domain B we have a server, with the share "Company$". In domain A we have users that are mapping the share to a drive letter. One of my users, we'll call him "Joe", cannot mount that share. When he attempts it, including using credentials in domain B, his workstation simply sits for a minute or two "Attempting to connect to...", and then the credentials dialog box comes back.

I should note that the difference between Joe and other users in domain A is that Joe already has some folders from the server mapped onto his machine. AND, because he forgot his password, I changed it for him. So he has shares mapped using his old password, and now we want to map a share using his new password.

Is there an obvious problem I'm missing here? I'm a Linux administrator by experience, so this is new territory for me.

We have Windows 7 SP1... is this a bug, or do I just not understand Windows shares? Thanks.

We have Windows 7 desktops and a Windows Server 2012R2 server. I have a user who needs to map a network drive which is on a server in a different AD domain from ours (over the WAN). I have created an account for him in AD over there, and I set it to "User must change password at next logon". How can he map the network drive?

Mapping is easy to do, ostensibly... But when he attempts to do so, Windows gives an error that he must change his password, yet it does not provide a prompt to do so.

I have no desktops in the remote domain that he can log into. Is there a way to set the password remotely? I have checked https://serverfault.com/questions/570476/how-can-a-standard-windows-user-change-their-password-from-the-command-line but I don't think the techniques given work over two separate domains. Furthermore I'm not a Powershell user :-( (I can answer your Bash questions, though! :-) )

Thanks.

I have a Dell R620 with a PERC RAID controller (lspci shows "RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05)").

I had placed a single disk in it, made it a "RAID0" raid level logical disk (which is a stripe with only one stripe). I put a filesystem on it, used it- but I always intended to mirror it.

Fast forward a month, and I now have a second disk. How do I add this disk and magically create a RAID1 (mirrored) array from my RAID0 array?

Prefer not to have to bring down my system.

We have a Windows 2012 R2 server; we use it for AD domain controller and DNS. Can I remove the Remote Access role and the "DirectAccess and VPN (RAS)" Role Service (in Server Manager) from my machine? I presume that Remote Access has to do with VPN and/or dialup and we don't care about either one on this box. Will that make the "PPP adapter RAS (Dial In) interface" go away?

I noticed earlier that there are 2 "A" records in DNS for this machine. Not only that, but both addresses are on the same network, and both respond to pings. AND I'm able to remote desktop into both addresses. But we only have 1 network interface on the server, and only 1 IP address is assigned as I can see from the network Control Panel.

From the command prompt I can see that this is a "PPP adapter", with a subnet mask of 255.255.255.255. How and where this interface came from I don't know. We do not have PPP and our VPN is on a completely different device, that much I know (it's not even a Windows machine).

Long-time UNIX SysAdmin here. No Windows chops, so be gentle...

Thanks.

I'm not sure how to configure my Linux server which has a single VLAN'ed interface to support a number of Virtual machines which I want to bridge to my network (so that all their services appear to come from a number of real machines on my network). Do I simply create a single bridged network interface br0, tied to my existing VLAN'ed device, and have all the VMs use that interface? Or do I need to set up br0, br1, br2, etc. for each VM? Can I even tie those bridge interfaces to a VLAN'ed interface? I suppose I need to say VLAN="yes" in the bridge's ifcfg file?

True, I could simply try it and see, but at this point I am so unsure about how it all comes together that I'd like to perform a sanity check before I get a sanity wreck :-) .

I have set up a CentOS7 host:

# uname -a
Linux cha028 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 

It has a single interface which has a VLAN. So hardware interface em1 has:

# cat ifcfg-em1
NAME="em1"
DEVICE="em1"
ONBOOT="yes"
TYPE="Ethernet"
BOOTPROTO="none"
HWADDR=14:fe:b5:d6:07:cc
NM_CONTROLLED=no

...and I have a ifcfg-em1.144 that has all the IP addressing in it and such. I have installed a plurality of VMs on the box. Now I need to make the network work.

How do I do it? Simply create ifcfg-br0 as per https://www.banym.de/linux/centos/setup-bridge-device-on-centos (with its own unique IP address), and simply add a line to my ifcfg-em1.144 file which says BRIDGE=br0?

And, having done so, can I attach all my VMs to the br0 device?

Thank you for your indulgence, and your help.

Here is my ifcfg-em1.144 file. Note that /etc/sysconfig/network contains the GATEWAY line:

VLAN="yes"
DEVICE="em1.144"
PHYSDEV="em1"
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
ONBOOT="yes"
IPADDR="10.144.101.28"
PREFIX="24"
NM_CONTROLLED=no

I need help getting apache's LocationMatch to work.

I'm trying to set up a cobbler server, and it requires SSL by default. I want to rewrite so that people can use http://server/cobbler_web instead as well as the https://server/cobbler_web, and it will bring them to the same page. I am trying to use LocationMatch to match cobbler_web in the URL, like so:

### Force SSL only on the WebUI
<VirtualHost *:80>
    <LocationMatch "^/cobbler_web/">
       RewriteEngine on
       RewriteRule ^(.*) https://%{SERVER_NAME}/%{REQUEST_URI} [R,L]
   </LocationMatch>
</VirtualHost>

but no matter what I try on the LocationMatch line, nothing works. I've tried the line you see above, and also .*cobbler_web.*, and ^/cobbler_web/.*, amongst others. No joy.

If I remove the LocationMatch entirely, it works.

Thanks.

I have run smartctl -a on five different computers (mostly CentOS 7 Linux with smartctl 6.2), and I noticed two styles of smartctl output. Why would it change its output format? One style contains a table of Attributes that are explained nicely on the smart wikipedia page. The other is not so explicit, and I guess I have to simply use the Total uncorrected errors column. But I wish I could get something as direct and understandable as the first one.

Machines are as follows; all are CentOS7/smartctl 6.2 except as noted:

1. A desktop machine, no RAID.
2. an HP DL380p G8 server with a P420i RAID card
3. an HP DL180 G9 server with a P840 RAID card
4. an old HP DL360 G5 server with both a P400i and "Compaq Smart Array 642" RAID cards (CentOS 6, smartctl 5.43)
5. a Supermicro SYS-1028UX-CR-LL1 with an LSI MegaRAID 3108 RAID card.

On the first 3 machines, smartctl includes SMART attributes which is very nice; here is typical output:

# smartctl -a -d cciss,1 /dev/sda
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-123.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

/dev/sda [cciss_disk_01] [SCSI]: Device open changed type from 'sat,auto+cciss' to 'cciss'
=== START OF INFORMATION SECTION ===
Vendor:               HP
Product:              EG0300FCSPH
Revision:             HPD0
User Capacity:        300,000,000,000 bytes [300 GB]
Logical block size:   512 bytes
Rotation Rate:        10000 rpm
Form Factor:          2.5 inches
Logical Unit id:      0x5000039578312bc4
Serial number:        44T0A3NDFTM91418
Device type:          disk
Transport protocol:   SAS
Local Time is:        Thu Sep 10 18:15:54 2015 UTC
SMART support is:     Available - device has SMART capability.
SMART support is:     Enabled
Temperature Warning:  Enabled

=== START OF READ SMART DATA SECTION ===
SMART Health Status: OK

Current Drive Temperature:     22 C
Drive Trip Temperature:        65 C

Manufactured in week 18 of year 2014
Specified cycle count over device lifetime:  50000
Accumulated start-stop cycles:  32
Specified load-unload count over device lifetime:  200000
Accumulated load-unload cycles:  0
Elements in grown defect list: 0

Error counter log:
           Errors Corrected by           Total   Correction     Gigabytes    Total
               ECC          rereads/    errors   algorithm      processed    uncorrected
           fast | delayed   rewrites  corrected  invocations   [10^9 bytes]  errors
read:          0        1         0         0          0      80988.717           0
write:         0        0         0         0          0      16041.817           0

Non-medium error count:       74

SMART Self-test log
Num  Test              Status                 segment  LifeTime  LBA_first_err [SK ASC ASQ]
     Description                              number   (hours)
# 1  Background short  Completed                   -      22                 - [-   -    -]
# 2  Background short  Completed                   -      17                 - [-   -    -]
# 3  Background short  Completed                   -      14                 - [-   -    -]
Long (extended) Self Test duration: 2782 seconds [46.4 minutes]

On the G5 or (worse) the Supermicro, I get the following, and I can find no way to get the SMART Attributes in a similar fashion to the HP machine or desktop machines:

# smartctl -a -d megaraid,25 /dev/sda 
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.10.0-229.7.2.el7.x86_64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Vendor:               SEAGATE
Product:              ST300MM0026
Revision:             0003
User Capacity:        300,000,000,000 bytes [300 GB]
Logical block size:   512 bytes
Logical block provisioning type unreported, LBPME=0, LBPRZ=0
Rotation Rate:        10500 rpm
Form Factor:          2.5 inches
Logical Unit id:      0x5000c50075e3261f
Serial number:        S0K2CJ1D0000C44065GJ
Device type:          disk
Transport protocol:   SAS
Local Time is:        Thu Sep 10 13:44:34 2015 UTC
SMART support is:     Available - device has SMART capability.
SMART support is:     Enabled
Temperature Warning:  Enabled

=== START OF READ SMART DATA SECTION ===
SMART Health Status: OK

Current Drive Temperature:     19 C
Drive Trip Temperature:        50 C

Manufactured in week 16 of year 2014
Specified cycle count over device lifetime:  10000
Accumulated start-stop cycles:  735
Specified load-unload count over device lifetime:  300000
Accumulated load-unload cycles:  991
Elements in grown defect list: 0

Vendor (Seagate) cache information
  Blocks sent to initiator = 2366764968
  Blocks received from initiator = 42603654
  Blocks read from cache and sent to initiator = 2410106
  Number of read and write commands whose size <= segment size = 591527
  Number of read and write commands whose size > segment size = 71

Vendor (Seagate/Hitachi) factory information
  number of hours powered up = 6262.87
  number of minutes until next internal SMART test = 52

Error counter log:
           Errors Corrected by           Total   Correction     Gigabytes    Total
               ECC          rereads/    errors   algorithm      processed    uncorrected
           fast | delayed   rewrites  corrected  invocations   [10^9 bytes]  errors
read:   3614146604        0         0  3614146604          0       1143.056           0
write:         0        0         0         0          0         53.204           0
verify:    29492        0         0     29492          0          0.008           0

Non-medium error count:        0


[GLTSD (Global Logging Target Save Disable) set. Enable Save with '-S on']
No self-tests have been logged

I am a part-time Windows 7 administrator in an office with about 10 PCs and a standalone networked printer... No Windows print server, though we do have an Active Directory domain.

So I have been scouring the web, have read Why use a print server?. Obviously, a print server is not necessary to overlord a small office but I wonder if I can deploy/modify printer settings across all the Windows desktops without one? Everywhere I see "Group Policy" being applied to, for example, setting the printer to default to black-and-white, there is a print server involved.

Is it necessary to have a print server in order to distribute changes to the Windows clients? If not, how would I do it? I do have a PC with the Windows Administrative tools installed on it.

Thanks.

I'm having a devil of a time getting Wordpress going on my webhost. When I try to access my virtualhost, I get a "403 Forbidden You don't have permission to access / on this server." error and a "Cannot serve directory..." error in my error_log (see below). Why am I getting "403 Forbidden"? I am missing something, hopefully obvious to you (not to me, naturally). Thanks for any help.

I installed a minimal install of Fedora 20 (ie, no Gnome/KDE but plenty of php packages [710] so it's not that skinny). Then I installed Apache, and followed up with the Wordpress install as per http://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install . Since then, I have been hacking around in /etc/httpd trying to find the issue.

I have version 2.4 of Apache, php 5.5.18, Fedora 20, and Wordpress 4.0-1.

I have created my Virtualhost in Apache, and here is the error in my error log (all on one line):

[Sat Nov 15 20:38:16.067198 2014] [autoindex:error] [pid 6745] 
[client XX.XX.XX.XX:48419] AH01276: Cannot serve directory /usr/share/wordpress/: 
No matching DirectoryIndex (index.html) found, and server-generated directory
index forbidden by Options directive

I have been hacking and hacking the httpd.conf file and my Virtual host's file (found in /etc/httpd/conf.d/myhostname.conf) to no avail. Any ideas? I include a (shortened) copy of my httpd.conf and my virtual host's conf file. First, the virtual host:

<VirtualHost *:80>
        ServerName virtual1.myhost.com
        ServerAlias virtual1
        DocumentRoot /usr/share/wordpress
        ErrorLog logs/virtual1_error
        CustomLog logs/virtual1_access common
</VirtualHost>

<Directory />
  Require all granted
  AllowOverride None
  <IfModule mod_rewrite.so>
        RewriteEngine On
        RewriteBase /
        RewriteRule ^index\.php$ - [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule . /index.php [L]
  </IfModule>
</Directory>

<Directory /usr/share/wordpress>
  Require all granted
  <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteBase /
        RewriteRule ^index\.php$ - [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule . /index.php [L]
  </IfModule>
  Options FollowSymLinks
  AllowOverride None
#  <IfModule mod_authz_core.c>
#    # Apache 2.4
#    Require local
#  </IfModule>
#  <IfModule !mod_authz_core.c>
#    # Apache 2.4
#    Require all granted
#    AllowOverride None
# </IfModule>
</Directory>

<Directory /usr/share/wordpress/wp-content/plugins/akismet>
  <FilesMatch "\.(php|txt)$">
    Require all granted
    AllowOverride None
  </FilesMatch>
</Directory>

Now, the httpd.conf:

#
ServerRoot "/etc/httpd"

Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all granted
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted
</Directory>
<Directory "/var/www/html">
    Require all granted
    Options Indexes FollowSymLinks
    AllowOverride None
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
#
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on

NameVirtualHost *:80
<VirtualHost *:80>
    ServerName www.myhost.com
    ServerAlias www
    ServerAdmin [email protected]
    DocumentRoot /var/www/html
    ErrorLog logs/error_log
    CustomLog logs/access_log common
</VirtualHost>

IncludeOptional conf.d/*.conf

We have been wrestling with the problem where our NFS4 mount on our RHEL 6.3 clients show file ownership as "nobody", and where we see "nss_getpwnam: name 'blah' does not map into domain 'localdomain'" in /var/log/messages. We know that the fix is to ensure that the Domain in the /etc/idmapd.conf file on the server matches the domain on the clients. The question is this:

If we fix the domain on the clients, we need to reboot them in order to see it work. No amount of restarting nscd, nfs, rpcbind, rpcgssd, rpcidmapd, or rpcsvcgssd will enable the fix. Nor will those work in concert with a umount/mount of the partition. As a matter of fact, after we fixed our issue and rebooted the client, we shut down rpcidmapd and correct name mapping still took place on the machine.

Why do we need to reboot the machine to enable the idmapd.conf change to the domain? Is the kernel holding onto something? Thanks.