logs archiveIRC Archive / Freenode / #centos / 2015 / September / 19 / 1
ke4nhw
The only problem that might create is that there will be a good many users for samba, and I will need a way to easily manage their share access. So far in my VM testing I have done this by adding users to specific groups, and using the groups in /etc/samba/smb.conf as 'valid users = @groupnamehere' to control access between shares. This way I can create however many users to that group, but
all I have to do is remember to add them to that group, and I don't have to continually edit the smb.conf file
If they're not on the system I'd have to add them individually to the shares, which would be much more tedious and error-prone.
billings
surprisingly enough, there's technology for managing groups of users and their authentication
particularly for windows
ke4nhw
OpenLDAP?
billings
LDAP. Active Directory.
ke4nhw
or something a bit less complicated?
yep
billings
if they're using samba shares, I assume they're windows hosts. Do you already have AD?
ke4nhw
In the future I intend to port the fileserver user access controls over to an LDAP backend, but right now I need to limit the complexity of the system to speed up deployment. Currently there will only be 8 members gaining access, and there already exists a certain level of trust with the users. I have base or reasonable expectation that they will not intentionally abuse the system, but do not
discount the possibility.
Nope no AD here
This is a home network that I am trying to extend into an Emergency Communications Group Central Command including data center
Completely volunteer, completely no money coming in, completely my home network and my home equipment, so completely my dollar buying machines, hardware, and my time installing and maintaining them
Not to mention AD and LDAP are both very weak points for me: I dealt BRIEFLY with Microsoft AD in school, all of about 1 week.
The initial deployment will be done using VPN and linux / samba UAC's but eventually yes I would prefer that everyone, including remote users, have a user on their system that logs into this domain (I will need to create a domain controller) and function under the LDAP setup here.
Given my limited experience with AD and my complete lack of experience with domain controllers, if you can suggest some light reading (or heaving reading is fine too) I'm all game to do some learning...
phy1729
the OpenLDAP manual is good
ke4nhw
Hell, I can create another virtual with LDAP if necessary and a windows VM or two to play with it, that way who cares if I screw up to high heavens, no harm done.
         

phy1729
there's also a zytrex (sp?) that is pretty good and humorous isn't official/may be out of date a bit
ke4nhw
Okay, I'll look into these, particularly the first two. If I understand correctly OpenLDAP is the industry Linux-based standard?
phy1729
pretty much I've found it to be excellent. Just make sure you're on the latest stable
PainterArithmati
How to change tty resolution?
ke4nhw
I will. I also have to watch the level of complexity. Ideally I'd need to run all of this with no more than two physical machines, one being ideal. Reason being is power consumption during emergencies. Second is I need the setup to be as simple as possible for end users. This way if they break their laptop on the way to their assigned hospital EOC, the hospital can loan them one when they get
there, and they have only a minimum configuration to be back on the server and running.
This will be even more critical during a full-scale emergency when they will also have to be dealing with radio communications and establishing the wifi mesh on that laptop for network access.
I want to balance security and simplicity, and yes I am aware of the famous equation involving those two :)
billings, from a user standpoint connecting via VPN or via mesh (call it a local network same subnet) and from an admin standpoint, how much complexity, hardware, config time, and maintenance time will an LDAP backend add to the system?
brb
PainterArithmati
In CentOS 7 I've modified /etc/default/grub and added GRUB_GFXMODE then did grub2-mkconfig -o /boot/grub2/grub.cfg but tty still has the same old resolution. What else can I do?
bekks
hi
Evolution
PainterArithmati: depends on the video card and driver too
Caterpillar
Do you use RPMFusion on CentOS 7? On RPMFusion webpage I only see commands about CentOS 6
bekks
I'm kinda stuck with deploying a centos VM - how can I manage to have a centos VM with a single interface obtain a DHCP address on that interface even if the MAC changes (which it does when deploying a new VM from the template)?
fenrus02
@repos Caterpillar
centbot
Additional packages are often in 3rd party repos. Information on additional CentOS repos is available at http://wiki.centos.org/AdditionalResources/Repositories Pay attention to the reference on yum-priorities.
Evolution
PainterArithmati: for example, nvidia's driver doesn't support DRM so if you're using the nvidia driver, the console font resolution will suck
fenrus02
bekks, limit your dynamic scope to 1
bekks
fenrus02: scope of the DHCP server?
fenrus02
bekks, yes.
bekks
fenrus02: How would I do that in an enterprise environment? :)
fenrus02
bekks, you would set the mac to something static and not have this problem
bekks
fenrus02: Thats the point of deploying a template - I cannot set a static MAC since it has to change when deploying multiple copies of the vm.
So I guess I'm left with hacking rc.local and using a custom script.
PainterArithmati
Evolution: it is inside VirtualBox
         

fenrus02
bekks, why do you care what the mac is in the template?
bekks, no. you do not need an rc.local at all. simply remove the MAC from the template entirely. no point.
Evolution
PainterArithmati: doesn't change my answer.
bekks
fenrus02: I already tried that - I case the interface enumeration changes (which it does) the interface is brought up with no IP.
fenrus02: Thats why I am asking here :)
*in case
PainterArithmati
Evolution: how to check driver and video card in tty only environment?
fenrus02
bekks, then you're doing something funky. rewind and explain the entire thing from the start
PainterArithmati
Evolution: it is Intel gpu
fenrus02
bekks, i've got a hundreds of vm's deployed in an enterprise environment. never had the problem you half-explained above, so clearly i'm missing some important detail
Evolution
PainterArithmati: I mean, in some instances it is impossible to get a better resolution.
PainterArithmati
Evolution: vbeinfo in grub console is returning a lot of supported resolutions
Evolution
I don't use vbox I don't know if that applies to you or not
bekks
fenrus02: OK, I have a centos VM template, and I need to deploy multiple instances of that template on demand. On first boot of the newly deployed vm, it should obtain a DHCP address (and as a matter of fact, just as a side note, when deploying the vm from the template, the MAC of the VM will be different from the MAC of the template). Now I am struggling with the network configuration, since the enumeration of the interfaces may change (enp0s8, ...
... enp0s160, enp0s83, etc.), so I cannot use a ifcfg-enp0s160 file with no MAC.
PainterArithmati
Evolution: what else can I do to check if it works or to try to change it?
fenrus02
bekks, then you're doing something wrong. the mac is defined before firstboot. it does not change.
pycoderf
bekks: and with systemd doesnt it name the devices consistently anyways
fenrus02
bekks, the names can change, but you can easily ignore those or manually set them
pycoderf
i have multiple vms and they all use the same interface names
bekks
fenrus02: Upon every new deployment from that template, the MAC of the newly deployed VM will change.
Evolution
PainterArithmati: I'd say keep googling or trial/error. I wish I had a better answer for you, but I honestly don't mess with it too much
bekks
fenrus02: And since the name may change as well, I cannot rely on a specific name.
fenrus02
bekks, the mac is defined *prior* to the very first boot of a vm.
Evolution
PainterArithmati: someone else might have more info for it
bekks
fenrus02: I know. Thats very clear.
fenrus02
bekks, the mac does not change, nor does the interface name, until you change it
Evolution
PainterArithmati: alternatively, you could try on the mailing list.
fenrus02
bekks, from your deployment system, you already know the mac before it ever boots
bekks, you can, for example, allocate a reserved-ip matching the mac address prior to it ever booting.
PainterArithmati
Evolution: thank you for help, would you like to know the solution if I happen to stumble upon it?
Evolution
PainterArithmati: certainly
bekks
fenrus02: That would involve administering the DHCP as well, prior starting the new vm. :)
fenrus02
bekks, of course. but you asked how in an ent env . . .
bekks, this is what i do ftr. i allocate a mac, add it to dot1x/mab, add it to dhcp scope, *THEN* boot it.
bekks
fenrus02: Yeah, in an enterprise env, the VM deployer doesnt necessarily is in control of the DHCP server :)
fenrus02
bekks, api works well.
bekks, need a suggestion? use infoblox.
pycoderf
i have a vm refused a key auth for nor eal reason. i made the authorized_keys file and set it to 600
fenrus02
"no real reason" ? use -v flag. it'll tell you why.
typically, permissions.
pycoderf
i would but im connecting via putty at the moment
fenrus02
pycoderf, get a real client then so you can see why.
Bahhumbug
selinux
pycoderf
fenrus02: it is a real client just not ideal situation thank you
quite helpful
fenrus02
pycoderf, if it were a real usable client, you could enable verbose mode. if you cannot, then it sucks. get a replacement.
Bahhumbug
No, it's really not. A real client will display debugging information with the -v flag.
pycoderf
i can tell it is going to be a pleasant evening with you guys
Bahhumbug
pycoderf: restorecon -Rv ~/.ssh on the target box.
pycoderf: Just because the answer you get is not the answer you want doesn't make the answer incorrect.
pycoderf
did not say in correct
ke4nhw
Here's an interesting one. Right now LDAP is an awesome idea but can be backburnered and worked on over time. One thing I'd like to setup early is a Distributed File System (DFS), so that this server and another server at another location are mirrored to each other. If this server goes down, the other server immediately kicks in and is already identical to this one. Any packages in CentOS that
can simplify or even perform this type of task?
« prev 1 2 3 4 5 6 next »