Protected WLAN
by Misha Shnurapet
Hi.
Which WLAN protection method would you recommend?
* Shared key
* WPA-Personal
* WPA2-Personal
My router also supports Radius with 802.1x and WPA/WPA2-Enterprise, but these require strange stuff like certificates that leave me clueless. :)
--
Best regards,
Misha Shnurapet, Fedora Project Contributor
https://fedoraproject.org/wiki/Shnurapet
shnurapet AT fedoraproject.org, GPG: 00217306
12 years, 10 months
Speakers don't Mute when headphones are plugged in (Speakers & Headphones at the same time) :S
by Manuel Escudero
Since I bought my computer and I installed Linux on it, I had this
problem...
Back in the day I never Found a REAL Solution and finally my solution (in
Fedora)
was installing "pavucontrol" to choose the Devices when I needed to Switch.
Via the Pulse Audio Volume Control I was able to Mute speakers or Headphones
at my will, even if I had both connected, this thing worked from F12 to F14
very well...
(The same problem is present in every distro I tried and sometimes it was
solved the
same way in other distros)
But Now, I'm in F15 And my magic workout doesn't work anymore... it doesn't
matter
wich device I choose as output, the PC simple don't mute one or another and
my headphones
and speakers sound at the same time, Can you tell me How to Fix it?
The Sound card is a HDA INTEL with the Realtek ALC662 rev1 Chip, as I said
before,
I'm using Fedora 15 KDE (64 Bit version) and I'm running ALSA v 1.0.23
Any Help will be really nice
Thanks!
--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick(a)googlewave.com
@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)
PGP/GnuPG: E2B4 31CE F2BF 1944 8664 3E22 88C8 DFC9 4D7C 1B35
12 years, 10 months
No sound from Headphones in F15
by Manuel Escudero
Just a Few days ago I wrote a thread to this list talking about my
speakers-headphones
issue, (Both play at the same time) That I use to solve using "pavucontrol"
to select the
desired output device from F12 to F14 (Now in F15 that "solution" doesn't
work anymore)
and more strange, Just Now I tried to use the Pulse Audio Volume Control
again to
select the output and if I select the speakers, both headphones and speakers
sound
BUT if I select Headphones BOTH devices "shut up" O.o ¿Why? I believe it's a
pulseaduio
issue...
I'll quote my previous problem with all the extra info I have about it:
QUOTE BEGINING:
Since I bought my computer and I installed Linux on it, I had this
problem...
Back in the day I never Found a REAL Solution and finally my "solution" (in
Fedora)
was installing "pavucontrol" to choose the Devices when I needed to Switch.
Via the Pulse Audio Volume Control I was able to Mute speakers or Headphones
at my will, even if I had both connected, this thing worked from F12 to F14
very well...
(The same problem is present in every distro I tried and sometimes it was
solved the
same way in other distros)
But Now, I'm in F15 And my magic workout doesn't work anymore... it doesn't
matter
wich device I choose as output, the PC simply don't mute one or another and
my headphones
and speakers sound at the same time, Can you tell me How to Fix it?
The Sound card is a HDA INTEL with the Realtek ALC662 rev1 Chip, as I said
before,
I'm using Fedora 15 KDE (64 Bit version) and I'm running ALSA v 1.0.23 with
pulseaudio 0.9.22-5
The output of "lsmod | grep snd" is:
snd_usb_audio 98871 1
snd_usbmidi_lib 18066 1 snd_usb_audio
snd_rawmidi 20308 1 snd_usbmidi_lib
snd_hda_codec_realtek 325262 1
snd_hda_intel 23694 3
snd_hda_codec 80822 2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep 6368 2 snd_usb_audio,snd_hda_codec
snd_seq 52438 0
snd_seq_device 6001 2 snd_rawmidi,snd_seq
snd_pcm 78484 4 snd_usb_audio,snd_hda_intel,snd_hda_codec
snd_timer 19593 2 snd_seq,snd_pcm
snd 62686 18
snd_usb_audio,snd_usbmidi_lib,snd_rawmidi,snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_seq,snd_seq_device,snd_pcm,snd_timer
soundcore 6299 1 snd
snd_page_alloc 7431 2 snd_hda_intel,snd_pcm
I've already filed a bug, googled a lot, write e-mail to lists, asked to
some people and NO ONE has a Solution for this,
Any Help will be really nice
Thanks!
P.S. The Bug Report is here:
https://bugzilla.redhat.com/show_bug.cgi?id=708557
QUOTE END
So, any suggestions here?
--
<-Manuel Escudero->
Linux User #509052
@GWave: jmlevick(a)googlewave.com
@Blogger: http://www.blogxenode.tk/ (Xenode Systems Blog)
PGP/GnuPG: E2B4 31CE F2BF 1944 8664 3E22 88C8 DFC9 4D7C 1B35
12 years, 10 months
F15: fail2ban not in iptables status
by Marco Guazzone
Hi,
I have fail2ban up and running on my Fedora 15.
root 1026 0.0 0.3 189936 6724 ? S 13:52 0:00
/usr/bin/python /usr/bin/fail2ban-server -b -s
/var/run/fail2ban/fail2ban.sock -x
I use it for banning IPs that try to connect to my host via SSH.
Here's below is a snip of jail.local:
--- [jail.local] ---
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=sguazt, sender=fail2ban@localhost]
logpath = /var/log/secure
maxretry = 3
--- [/jail.local] ---
However I can't see it in the iptables status (like I could until Fedora 14).
So I think it is not working properly.
Here's my iptables status:
--- [iptables status] ---
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24
masq ports: 1024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24
masq ports: 1024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:68 CHECKSUM fill
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
6 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
7 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:22
9 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24
state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
6 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
--- [/iptables status] ---
Any idea?
Thank you very much!
Best,
-- Marco
12 years, 10 months
KVM x VirtualBox
by Fernando Lozano
Hi there,
I've been using KVM for quite some time but now I have to work with a
couple VirtualBox VMs. I don't want to have to setup a different server for
that.
Is it possible to have both KVM and VirtualBox installed and active on my
Fedora 15 box? If positive, can I run a KVM VM and a VirtualBox VM at the
same time, or will I have to run only one of then and shutdown the other?
Should I get VirtualBox rpms from rpmforge.org or should I use packages
from Oracle?
[]s, Fernando Lozano
12 years, 10 months
SSSD (LDAP and Kerberos) to AD
by Ethan Bonick
I am having trouble getting sssd to work properly with LDAP. I am using kerberos for passwords and LDAP for identification. I have everything working on Ubuntu and CENTOS5 clients not using SSSD so I know it works.
Kerberos works just fine and I can get a ticket. LDAP returns nothing, debug logs aren't helping me. I have included a copy of my config file. We are not using certs on ldap and it shouldn't be required since I am using kerberos for authentication.
Thanks,
Ethan
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = default
[nss]
filter_groups = root
filter_users = root, nimda
reconnection_retries = 3
[pam]
reconnection_retries = 3
[domain/default]
auth_provider = krb5
krb5_kpasswd = dc1.example.com,dc2.example.com,dc3.example.com
krb5_kdcip = dc1.example.com,dc2.example.com,dc3.example.com
krb5_realm = example.com
krb5_server = dc1.example.com,dc2.example.com,dc3.example.com
chpass_provider = krb5
cache_credentials = True
id_provider = ldap
ldap_id_use_start_tls = False
ldap_user_uid_number = msSFU30UidNumber
ldap_user_gid_number = msSFU30GidNumber
ldap_user_principal = userPrincipalName
ldap_force_upper_case_realm = False
ldap_group_gid_number = msSFU30GidNumber
ldap_uri = ldap://dc1.example.com,ldap://dc2.example.com,ldap://dc3.example.com
ldap_user_home_directory = msSFU30HomeDirectory
ldap_user_object_class = person
ldap_group_object_class = group
ldap_group_name = msSFU30Name
ldap_user_name = msSFU30Name
ldap_search_base = dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_bind_dn = cn="Linux LDAP",ou=IT,dc=example,dc=com
ldap_user_shell = msSFU30LoginShell
ldap_default_authtok = PASSWORD_GOES_HERE
ldap_tls_cacertdir = /etc/openldap/cacerts
min_id = 10000
max_id = 999999
enumerate = True
ldap_pwd_policy = none
ldap_search = dc=example,dc=com
ldap_schema = rfc2307bis
debug_level = 9
Join us at the Mobile Event of the Year
Syclo Mobile Conference 2011 | Chicago Mart Plaza | July 13-15
www.syclo.com/smc2011<http://www.syclo.com/smc2011>
Copyright © 2011. All rights reserved. No portion of this material may be copied, transmitted, or stored via any electronic media without the express written permission of Syclo, LLC. This message is intended exclusively for the individual or entity to which it is addressed and may contain information that is PROPRIETARY, CONFIDENTIAL, PRIVILEGED, ATTORNEY WORK PRODUCT or otherwise legally exempt from disclosure. If you are not the named or intended recipient, you are not authorized to read, print, retain, copy, disclose, distribute, use or take any action with regard to this message or any part of it. If you have received this message in error please notify the sender immediately by e-mail and delete all copies of the message. Unless expressly stated in this email, nothing in this message should be construed as a digital or electronic signature.
Syclo LLC. Headquarters
1721 Moon Lake Blvd, STE 300, Hoffman Estates, IL 60169
Syclo International Limited is registered in England.
Company Number: 05803809
Registered Address: Clock House, 140 London Road, Guildford, GU1 1UW
12 years, 10 months
F13->F14 upgrade + relabel = logins hosed: entrypoint access denied
by Dave Mitchell
I just tried to upgrade a F13 system to F14 using preupgrade.
It seemed to go well, but I was getting a lot of AVC denials for NM
and polkitd, and NM wasn't working properly. So I tried a 'touch
/.autorelabel' and reboot. It seemed to work, but now I can't login. Any
login attempt (via gdm or F2 console) immediately logs me back out again.
/var/log/messages shows, for a console login as root:
SELinux is preventing /bin/login from entrypoint access on the file /bin/bash
and for a GUI-based login:
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /usr/bin/gnome-keyring/daemon
SELinux is preventing /usr/libexec/gdm-session-worker from entrypoint access on the file /etc/X11/xinit/Xsession
I can boot single user okay.
I ran 'fixfiles restore' to relabel again and rebooted, and it made no
difference.
By comparing with a similar but un-upgraded (ie F13) working host, I
found that the following are the same on both hosts:
# ls -lZ /bin/login
-rwxr-xr-x. root root system_u:object_r:login_exec_t:s0 /bin/login
# ls -lZ /bin/bash
-rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash
Policy is the same apart from changes in ethereal and spamd:
# sesearch --allow --neverallow --auditallow --dontaudit --type \
--role_allow --role_trans --range_trans \
| sort | egrep -v'ethereal|spam[cd]'
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
While the two systems give the following:
# rpm -q selinux-policy
selinux-policy-3.7.19-101.fc13.noarch # F13 host
selinux-policy-3.9.7-40.fc14.noarch # F14 borked host
At this point I've exhausted my meager understanding of selinux.
Any suggestions?
Thanks.
--
In economics, the exam questions are the same every year.
They just change the answers.
12 years, 10 months
Another failure
by Beartooth
On an expendable (and thoroughly backed up, fully updated) Athlon
XP 2800+ with 1.9 GB of memory, running F 14, I asked here on April 25
about preupgrade. Having gotten two prompt and helpful replies, I went
ahead, getting an install of F15 Beta.
Starting April 27, I began a thread ("So where are my
workspaces?") which became long and bifurcated, both here and on the
testers' list. There was a lot of floundering on my part, with helpful
specific links to several bugs, which I studied. I also kept updating F15
at least daily.
F15 soon reached a point where its login screen produced only
error messages, which I posted. The bugs meanwhile were gradually
declared fixed, though the fix didn't work on this machine. About that
point I ceased keeping up with the lists, though I kept trying.
With upgrades and "yum install" commands issued over ssh from
other machines on my LAN, I became able to log into KDE4 and Xfce; I
spent some time trying them out, particularly as to workspace switchers
or substitutes. (There were also several other threads, on both lists
iirc, from other users whose needs Gnome 3 seemed not to meet.)
When F15 was declared golden, I waited a couple of days, burned a
DVD, and tried to "upgrade." No change. I tried doing a fresh install,
figuring that some obscure glitch on this machine must be responsible. No
change.
Finally I pulled the big hammer: wiped the whole machine with
DBAN, and did a second fresh install of F15. It still hit the dead bug
with logging into Gnome3.
I couldn't face the effort to enable KDE4 or Xfce via ssh again,
nor the learning curve that would follow. I'm now
managing,unsatisfactorily but adequately, with Scientific Linux 6.0 on
this machine. (I have EPEL, rpmforge, and rpmfusion enabled.)
I'll probably try F16 this fall, and meanwhile stick to F14 on my
other machines.
What I miss most from Fedora are these :
dillo, galeon, epiphany, kazehakase, midori, privoxy, seamonkey, and
gnome-control-center. (SL seems to have the last, but I can't get
anything but "command not found" from it.)
Question: if I forgo yum and PackageKit, and get ahold of actual
Fedora rpms somewhere, can I install and run them in SL? Or is there a
compatible repo I've overlooked??
In theory, according to the EPEL page, they should be available
there; but they don't seem to be.
--
Beartooth Staffwright, Neo-Redneck Not Quite Clueless Power User
I have precious (very precious!) little idea where up is.
12 years, 10 months
btrfs advice?
by Michael Wiktowy
I made the leap to a btrfs root partition for my netbook with a fresh
install of F15.
Everything seems to work fine and I have done some fair amount of
Googling for information and come across
https://btrfs.wiki.kernel.org/index.php/Getting_started which offers
some great (incomplete) info but nothing Fedora specific. I have some
questions about how to move forward to take advantage of btrfs:
1) Is there any kind of integration of btrfs with the included apps
(For example: automatic snapshots before yum updates allowing easy
rollbacks, deja dup backing up a btrfs snapshot so that currently
changing data doesn't affect the backup process, a kiosk mode that
rolls back a home directory to a known state after logout, etc.) or is
that the next step to take advantage of all the new bells and whistles
and F15 is just a test-btrfs-as-a-ext4-replacement release?
2) I see (using 'mount') that the root is btrfs along with some (what
appear to be) subvolumes for /tmp, /var/tmp and /home yet 'btrfs
device scan' shows no information. Does 'btrfs device scan' only scan
unmounted devices or is this a bug?
3) I have read at Phoronix that using the transparent compression
offers a fair performance gain (
http://www.phoronix.com/scan.php?page=article&item=btrfs_space_cache&num=1
) with mixed results when combining that with space cache. Has the
space cache+compression degradation seen in some benchmarks been fixed
in F15? Also, is using transparent compression simply a matter of
adding the correct mount flag to /etc/fstab or is there a more complex
conversion process to be followed that needs to be done offline?
4) Since this is a netbook with a modest Atom processor, would
enabling transparent compression just load the CPU such that any
performance is negated or cause significant battery drain?
Thank you for any experience you have to offer.
/Mike
12 years, 10 months