Archive for the ‘Server’ Category
I decided to take all the old scsi disks that I have and attach them to an old pc and use the setup as a backup computer. I’ll put as many disks as I can into a software raid to use for backups and then put a dvd writer in the computer to use to write dvds.
Here is the scsi stuff attached:
Host: scsi0 Channel: 00 Id: 01 Lun: 00 Vendor: SEAGATE Model: ST3146807LW Rev: 0007 Type: Direct-Access ANSI SCSI revision: 03 Host: scsi0 Channel: 00 Id: 02 Lun: 00 Vendor: SEAGATE Model: ST336607LW Rev: 0006 Type: Direct-Access ANSI SCSI revision: 03 Host: scsi0 Channel: 00 Id: 03 Lun: 00 Vendor: SEAGATE Model: ST336607LW Rev: 0006 Type: Direct-Access ANSI SCSI revision: 03 Host: scsi0 Channel: 00 Id: 04 Lun: 00 Vendor: SEAGATE Model: ST336607LW Rev: 0006 Type: Direct-Access ANSI SCSI revision: 03 Host: scsi0 Channel: 00 Id: 08 Lun: 00 Vendor: SONY Model: SDT-11000 Rev: 0200 Type: Sequential-Access ANSI SCSI revision: 02 Host: scsi0 Channel: 00 Id: 09 Lun: 00 Vendor: SEAGATE Model: ST336607LW Rev: 0007 Type: Direct-Access ANSI SCSI revision: 03 Host: scsi0 Channel: 00 Id: 11 Lun: 00 Vendor: SEAGATE Model: ST373307LW Rev: 0007 Type: Direct-Access ANSI SCSI revision: 03
I’m going to combine all the ST336607LW disks into a software raid. First, create a new partition on each of these disks. Then create the raid.
# mdadm --create --verbose /dev/md0 --level=5 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 # mkfs.ext3 -m0 -j -O dir_index,resize_inode,sparse_super /dev/md0 # tune2fs -c0 -i0 /dev/md0
After mounting, I have a 109GB drive mounted as the raid. Not much, but it’s a little more disk space to use. I’ll also mount the other disks, which are a little bigger to give me a bit more space.
Cronjobs for users who exist only in the ldap database were not being run. The crond log file was showing entries like this:
Dec 27 13:42:01 server crond[2781]: (arthur) ORPHAN (no passwd entry)
To fix this, make sure that nscd is running (I didn’t have it started) and restart crond.
I’m having some very strange problems with ldap and samba. Some users work fine in samba and others not at all. First, I found the /etc/pam.d/system-auth problem again, where the uid must be at least 500 for it to work. I changed that to 200 and it still doesn’t work.
I also found that each time you run authconfig-tui, /etc/pam.d/system-auth-ac gets rewritten and my 200 would go back to a 500. (system-auth is just a symlink to system-auth-ac.) I fixed this by creating system-auth-EDG and linking system-auth to that. The link does not change whenever authconfig is run, so the 200/500 uid problem looks to be solved.
But why am I running authconfig-tui so much? Because I am unable to start ldap on the server when “Use LDAP” is checked under the User Information and the Authentication sections. I uncheck them, then restart ldap successfully, then go back and recheck them. If things are checked, the ldap restart command just hangs, until I press Ctrl-C a few times. Then, it gives me errors like:
Session terminated, killing shell.......killed. /etc/pki/tls/certs/slapd.pem is not readable by "ldap" [WARNING] Checking configuration files for slapd: config file testing succeeded [OK] Starting slapd: [OK]
But it’s not really started. I have to undo the authconfig stuff, restart again (at which time it restarts in about a second) and then redo the authconfig stuff.
I’ve changed the ldap user to have a login shell and have logged in and read the slapd.pem file without a problem, so I don’t really know why it complains that it can’t be read. And since the ldap user is not in the ldap database, but it /etc/passwd, I don’t understand at all why this is a problem.
I was getting some strange errors in my maillog when an ldap user would try to call spamassassin on incoming mail. This was fixed by adding the “–ldap-config” option to the spamassassin startup script. The line in the file that I changed, no looks like this:
SPAMDOPTIONS="-d -c -m5 -H --ldap-config"
I’m slowly moving all of our users out of /etc/passwd to the ldap directory. One problem that I found was that users’ personal websites weren’t coming up. For example, user arthur, can make a directory called public_html in their home area and it would be accessible at server.uchicago.edu/~arthur. But for accounts that are only in the ldap database, it was as if these accounts didn’t exist.
To get the accounts to show, add the following to /etc/httpd/conf/httpd.conf:
< IfModule mod_ldap_userdir.c > LDAPUserDirServer server.uchicago.edu LDAPUserDirSearchScope subtree LDAPUserDirBaseDN ou=people,dc=server,dc=uchicago,dc=edu LDAPUserDir public_html < /IfModule >
I thought I’d be smart and upgrade our server to the 64-bit version of RHEL5. Well, after upgrading I had many problems. A big one was this error:
[root@edg ~]# su - maryh /bin/hostname: error while loading shared libraries: libc.so.6: wrong ELF class: ELFCLASS32
If I can’t run a simple hostname command, then there are probably lots of other issues. Thus, I’m reinstalling again with the 32-bit version.
Since roaming profiles is what’s causing our windows logins to take minutes instead of seconds, I want to make all profiles be local. To do this, run gpedit.msc.
Local Computer Policy
.Computer Configuration
..Administrative Templates
…System
….User Profiles
Check only allow local user profiles
Check Prevent Roaming Profile changes from Propagating to the server
I had a problem where I couldn’t send mail with squirrelmail. Whenever I hit the send button, I got an error that said:
Server replied: 71 Can't execute command '/usr/sbin/sendmail -i -t -fmailaddress@someone.com'.
So, I then tried to run the command as a regular user at the command line and I got this error:
NOQUEUE: SYSERR(): can not write to queue directory > /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied
It turns out that my smmsp user had uid=51 and gid=51, but in /etc/group, the smmsp group was gid=25. To fix this, I simply changed the gid of the smmsp user to 25 and restarted sendmail. That fixed things.
If the install script has a problem registering, try this:
sudo rpm -Uvh \ http://rhn.uchicago.edu/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
Then make sure your trusted sslCACert entry in
/etc/sysconfig/rhn/up2date looks like:
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Then run:
rhnreg_ks --activationkey=4615db501bffebd96009bb81b065c015 rhn_check
Get the proper key from the rhn website.