Aleksandr Makhov's questions

I have servers based on RHEL 7 and 8. RHEL 7 serevers use nslcd to work with a LDAP server, RHEL 8 use SSSD.

For RHEL 7 I can provide access for users to allowed hosts only. This functions is covered by the option in the nslcd.conf:

pam_authz_search        (&(objectClass=posixAccount)(uid=$uid)(|(host=$hostname.\*)(host=\\*)))

I use the option "host=$hostname.\* " for regular users who have list of allowed servers, "host=\\*" is used for admins who have * for the ldap host attribute.

SSSD has the option ldap_access_filter and with next sttings:

ldap_access_filter = (objectClass=posixAccount)

All users can log in to all RHEL 8 machine, what I want to avoid.

Is it possible to add host options to the ldap_access_filter as I have in the nslcd.conf on the old servers?

Thank you in advance.

UPD:

ldap_access_filter = (&(objectClass=posixAccount)(host=\*))

works for admins with * in the ldapsearch host attributes:

~$ ldapsearch -LLL -Q -Z uid=admin-user host
dn: uid=admin-user,ou=People,dc=my,dc=domain,dc=net
host: *

Also I can specify the server name directly:

ldap_access_filter = (&(objectClass=posixAccount)(host=servername.example.lan))

and it also works for users which have this server in the list:

~$ ldapsearch -LLL -Q -Z uid=a-testuser host
dn: uid=a-testuser,ou=People,dc=my,dc=domain,dc=net
host: servername.example.lan

But how can I use variables or special characters like * or \*?

I am trying to run a new Ceph cluster with Rados GW using the last software version 16.2.7, but when I set up RGW nodes I found out there are some changes in the CLI comparing with a version 16.2.4 I tested before.

The next commands are missed in the 16.2.7 version:

ceph dashboard set-rgw-api-user-id $USER
ceph dashboard set-rgw-api-access-key ...
ceph dashboard set-rgw-api-secret-key ...

they don't exist in ceph dashboad -h output on the 16.2.7 version:

# ceph dashboard -h | grep set-rgw-api | grep -v reset
dashboard set-rgw-api-access-key                     Set the RGW_API_ACCESS_KEY option value read from -i
dashboard set-rgw-api-admin-resource <value>         Set the RGW_API_ADMIN_RESOURCE option value
dashboard set-rgw-api-secret-key                     Set the RGW_API_SECRET_KEY option value read from -i
dashboard set-rgw-api-ssl-verify <value>             Set the RGW_API_SSL_VERIFY option value

But on the 16.2.4 version everything is on place:

# ceph dashboard -h | grep set-rgw-api | grep -v reset
dashboard set-rgw-api-access-key                                                                          Set the RGW_API_ACCESS_KEY option value read from -i <file>
dashboard set-rgw-api-admin-resource <value>                                                              Set the RGW_API_ADMIN_RESOURCE option value
dashboard set-rgw-api-host <value>                                                                        Set the RGW_API_HOST option value
dashboard set-rgw-api-port <value>                                                                        Set the RGW_API_PORT option value
dashboard set-rgw-api-scheme <value>                                                                      Set the RGW_API_SCHEME option value
dashboard set-rgw-api-secret-key                                                                          Set the RGW_API_SECRET_KEY option value read from -i <file>
dashboard set-rgw-api-ssl-verify <value>                                                                  Set the RGW_API_SSL_VERIFY option value
dashboard set-rgw-api-user-id <value>                                                                     Set the RGW_API_USER_ID option value

Do you know what is a replacement for this commands or where were they moved? Thank you in advance.

UDP: In both cases the host OS is Debian 10.

The list of ceph packages is identical on both RGW setups: 16.2.4:

# dpkg -l | grep ceph
ii  ceph                              16.2.4-1~bpo10+1             amd64        distributed storage and file system                                                                                                
ii  ceph-base                         16.2.4-1~bpo10+1             amd64        common ceph daemon libraries and management tools                                                                                  
ii  ceph-common                       16.2.4-1~bpo10+1             amd64        common utilities to mount and interact with a ceph storage cluster                                                                 
ii  ceph-mgr                          16.2.4-1~bpo10+1             amd64        manager for the ceph distributed storage system                                                                                    
ii  ceph-mgr-modules-core             16.2.4-1~bpo10+1             all          ceph manager modules which are always enabled                                                                                      
ii  ceph-mon                          16.2.4-1~bpo10+1             amd64        monitor server for the ceph storage system                                                                                         
ii  ceph-osd                          16.2.4-1~bpo10+1             amd64        OSD server for the ceph storage system                                                                                             
ii  libcephfs2                        16.2.4-1~bpo10+1             amd64        Ceph distributed file system client library                                                                                        
ii  libsqlite3-mod-ceph               16.2.4-1~bpo10+1             amd64        SQLite3 VFS for Ceph
ii  python3-ceph-argparse             16.2.4-1~bpo10+1             all          Python 3 utility libraries for Ceph CLI                                                                                            
ii  python3-ceph-common               16.2.4-1~bpo10+1             all          Python 3 utility libraries for Ceph                                                                                                
ii  python3-cephfs                    16.2.4-1~bpo10+1             amd64        Python 3 libraries for the Ceph libcephfs library

# dpkg -l | grep rados
ii  librados2                         16.2.4-1~bpo10+1             amd64        RADOS distributed object store client library
ii  libradosstriper1                  16.2.4-1~bpo10+1             amd64        RADOS striping interface
ii  python3-rados                     16.2.4-1~bpo10+1             amd64        Python 3 libraries for the Ceph librados library
ii  radosgw                           16.2.4-1~bpo10+1             amd64        REST gateway for RADOS distributed object store

16.2.7:

# dpkg -l | grep ceph
ii  ceph                              16.2.7-1~bpo10+1             amd64        distributed storage and file system
ii  ceph-base                         16.2.7-1~bpo10+1             amd64        common ceph daemon libraries and management tools
ii  ceph-common                       16.2.7-1~bpo10+1             amd64        common utilities to mount and interact with a ceph storage cluster
ii  ceph-mgr                          16.2.7-1~bpo10+1             amd64        manager for the ceph distributed storage system
ii  ceph-mgr-modules-core             16.2.7-1~bpo10+1             all          ceph manager modules which are always enabled
ii  ceph-mon                          16.2.7-1~bpo10+1             amd64        monitor server for the ceph storage system
ii  ceph-osd                          16.2.7-1~bpo10+1             amd64        OSD server for the ceph storage system
ii  libcephfs2                        16.2.7-1~bpo10+1             amd64        Ceph distributed file system client library
ii  libsqlite3-mod-ceph               16.2.7-1~bpo10+1             amd64        SQLite3 VFS for Ceph
ii  python3-ceph-argparse             16.2.7-1~bpo10+1             all          Python 3 utility libraries for Ceph CLI
ii  python3-ceph-common               16.2.7-1~bpo10+1             all          Python 3 utility libraries for Ceph
ii  python3-cephfs                    16.2.7-1~bpo10+1             amd64        Python 3 libraries for the Ceph libcephfs library

# dpkg -l | grep rados
ii  librados2                         16.2.7-1~bpo10+1             amd64        RADOS distributed object store client library
ii  libradosstriper1                  16.2.7-1~bpo10+1             amd64        RADOS striping interface
ii  python3-rados                     16.2.7-1~bpo10+1             amd64        Python 3 libraries for the Ceph librados library
ii  radosgw                           16.2.7-1~bpo10+1             amd64        REST gateway for RADOS distributed object store

I want to have AD users to log in my Linux machine. I have added a CentOS 6.7 machine to an AD domain and all things look ok. I can execute 'kinit' command without error and 'wbinfo' works fine and shows to me all AD users and groups. Also I can get information about my users using 'id' command. The problem is I cannot execute this command: 'su domain_user' and get error:

$ su domain_user
Password: 
Access is denied
su: incorrect password

In the same time I can login to this Linux machine using this account via SSH.

How is it possible? Thank for your help.

I'm trying to connect to the MS Azure VPN. I installed the Client certificate and got access to the VPN network.

But now I need, the system request the password when somebody is trying to connect to VPN.

I deleted the client certificate and imported it again with high security level. Now I'm getting the error every time when I try to connect:

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customized troubleshooting information for this connection, click Help.

If I export the certificate without high security level again everything works okay.

Thanks for your help.

Little add-on.

My schema works on Windows 8 and 8.1 clients. I have set up "Enable strong private key protection" during certificat installation process. And now VNP requests to enter the password. But Win 7 client don't.

What is the difference between certificates storing in Windows 7 and 8?

I created own custom CentOS iso. I used mkisofs make it.

This is part of my isolinux.cfg file:

label vesa
  menu label Install ^RAIDIX system 
  kernel vmlinuz
  append initrd=initrd.img xdriver=vesa nomodeset text linux ks=cdrom:/isolinux/ks.cfg

If I specify parameter ks=cdrom:/isolinux/ks.cfg my iso will boot only from cd or dvd-rom. If I specify parameter ks=hd:<device>:/ks.cfg my iso will boot only from usb-drive.

Can I specify ks parameter to boot from both type of installation media?

I have one interesting question. I have custom distribution of CentOS Linux 6.3. The installed system needs CPU support for AES-NI for all services to work properly.

Can I add a check for AES support during the installation? I'm using Anaconda, but am willing to consider other ways to do it as well.

Thanks in advance.

I try to set up collective access to EFS-folder. I want to add certificates of all users to all files in folder. Is it posible do with using powershell scripts or some another way?

Thanks.

I have standalone, nodomain server. EFS is used on this server for one folder. How to share the encrypted folder? Users on the server are created locally. I tried to export the owner folder certificate and import it to other users, but in this case, the folder is available only locally (eg at work through rdp), as when dealing with a network folder pops up a message "access denied". Can I fix it?

I have Solaris 10 installed on computer and I have USB flash drive with ext2fs partition. I want to mount flash drive and do this: 1) Download FSWpart and FSWfsmisc packages 2) Install:

root~#gzcat FSWpart.tar.gz | tar xvf -

root~#gzcat FSWfsmisc.tar.gz | tar xvf -

root~#pkgadd -d . FSWpart

root~#pkgadd -d . FSWfsmisc

3) Run prtpart util 4) And mount:

root~#mount -F ext2fs /dev/dsk/c1d0p3 /mnt/usb

After that I can see file-tree in /mnt/usb, but it mounted only as read-only. May be anybody know, other way to mount ext2 in Solaris whit read-write mode?

I installed UEC with the help of this manual. And and I had not any problems until I tried to enter the section Store in Web-interface. At this point, get error messages:

Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

What could be the problem?

Anyone has any recommendations, articles, manuals or instructions for upgrading TFS 2005 to TFS 2010? Interested walkthroughs, articles describing possible problems. I would be grateful for any information.

Add: I found this shot instruction:

Backup your databases!
If you are using SQL 2005, upgrade to SQL 2008 or SQL 2008 R2
If you are using SharePoint 2.0 and want to continue using SharePoint, upgrade to 3.0
Restore your TFS databases to your SQL instance
Install TFS 2010
After Install finishes but before running the Upgrade Wizard, apply the upgrade hotfix linked above
Run the Upgrade Wizard and point to your TFS databases

What can be added?

I want to reset administrator password on Windows Server 2003. OS installed on VMware server VMware Server version 2.0.1. And problem is this: when i try to boot from live cd, after boot disk with Windows not detected. I tried to use

• Windows Admin Hack - Linux Boot;
• Hirens.BootCD.10.4;
• ophcrack-xp-livecd-2.3.1.iso

None of these programs did not see the hard drive! Any ideas?

Thank!

ADD: I want to reset LOCAL admin password, not domain. And this computer are not domain controller.