Skip to content

re-enable “EPEL” repos

Trying to run the yum update and failing with the following message:

warning: /var/cache/yum/x86_64/7Server/prodclone-epel_repo_rhel7_x86_64/packages/R-core-3.3.3-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for R-core-3.3.3-1.el7.x86_64.rpm is not installed

The last line explains what is needed – the key, so lets get it for the current version of RedHat (RH7)

# rpm -ivh

No problems any more….. ir if they are still present

For RHEL 7:

# wget

For RHEL 6:

# wget

Followed with

# yum -y install ./epel-release-latest-*.noarch.rpm

Posted in LINUX.

mount WIN cifs home directory on RedHat box

my WIN home folder which is defined as // “follows” me whenever I go and attaches itself to whatever WIN contraption I login. Now, I want it to be present on a LINUX box as well.
So, I make this entry into the /etc/fstab

\\\personalshare\HD3\duszyk /home/wmd   cifs  _netdev,username=duszyk,dir_mode=0755,file_mode=0755,uid=923810,gid=216

Execution of the mount command triggers request for my password which if corrects allows the share to be mounted as /home/wmd.

For a normal user the mount has to be sudoed and I suggest to include it in the .bashrc and the umount of the share in the .bash_logout as well.

Posted in LINUX.

update Ansible to the latest…

# mkdir ansible; cd ansible
# git clone git:// --recursive
# git submodule update --init --recursiv
# make install
# ansible --version
ansible 2.4.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/usr/share/ansible']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible-2.4.0-py2.7.egg/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

Posted in LINUX.

Tagged with , , .

xming, putty, linux

A few steps are required on linux and putty sides.

a. Install the following package if it is not present.

# yum -y install xorg-x11-xauth

b. Enable X11 forwarding in /etc/ssh/sshd_config

X11Forwarding yes

c. In putty check that SSH-> X11-> X11Forwarding is enabled and MIT-Magic-Cookie-1 is set.

d. On laptop side, start Xming, putty into your linux box, do not set DISPLAY! – all is ready to go.

Posted in LINUX.

Tagged with , , .

synchronize channels of Oracle SpaceWalk server

Busy day today….

To list Oracle Public Yum repo channels associated with a given SpaceWalk server, execute

# spacewalk-repo-sync -l

To upgrade / synchronize contents of these channels, execute

for repo in `spacewalk-repo-sync -l | grep http | awk -F '|' '{print $1}'`
 spacewalk-repo-sync -c $repo

and wait for this loop to finish…..

To synchronize a channel with a ULN repository, use the spacewalk-repo-sync -t uln command, and use the -c option to specify the channel label, for example:

# spacewalk-repo-sync -t uln -c ksplice-ol6-x86_64

Posted in LINUX.

Tagged with , , .

mounting cifs with RedHat

To mount cifs share verify that these packages are installed


Check that the following entry exists in /etc/request-key.conf

create  dns_resolver    *       *      /usr/sbin/cifs.upcall %k

Finally, mount the share using the associated with it login/password

# mount -t cifs  // /someLocalMount \
               -o username=Name,password=Password

Posted in Linux.

Tagged with , .

encrypted password in sssd.conf

Currently, the password of the “AD search only” account in the /etc/sssd/sssd.conf is not encrypted.

ldap_default_authtok_type = password
ldap_default_authtok = ^Marco$Polo2011$

To change this situation and to encrypt it follow this steps

# yum –y install sssd-tools

# sss_obfuscate -d WMD.EDU
Enter password - ^Marco$Polo2011$
Enter again = ^Marco$Polo2011$ 

The last command command modifies the file changing the following two entries:

ldap_default_authtok_type = obfuscated_password
ldap_default_authtok = AAAQALnUQMEhhj7/reDfWBkSbUrOCvfxuOwJfdOXFxGzUoGS8zOZWCP5jC4BqvcFkBk8q

Posted in LINUX.

Tagged with , .

uninstalled public key kills yum update……..

Trying to do yum -y update and instead of success these messages show up:

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Public key for unbound-libs-1.5.1-1.el6.x86_64.rpm is not installed

The package might not be necessary the same as shown above. A quick way to success is the following one

# yum update --nogpgcheck

Posted in LINUX.

Configure UBUNTU/Debian/RH for ActiveDirectory authentication with SSSD

a. Start with checking if the pam_ldap package is installed and remove it if it is.

# apt-get remove pam_ldap

b. Install sssd

# apt-get install sssd libpam-sss libnss-sss sssd-tools

c. Edit /etc/sssd/sssd.conf. In my case, this file has the following content.

config_file_version = 2
services = nss, pam
domains = WMD.EDU
debug_level = 9

ldap_id_use_start_tls = False
cache_credentials = False
id_provider = ldap
access_provider = ldap
auth_provider = krb5
chpass_provider = krb5
ldap_schema = rfc2307bis
ldap_force_upper_case_realm = True
ldap_user_object_class = user
ldap_group_object_class = group
ldap_user_gecos = displayName
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_user_fullname = displayName
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_group_object_class = group
ldap_group_name = sAMAccountName

ldap_user_home_directory = unixHomeDirectory
ldap_uri = ldap://
ldap_search_base = dc=wmd,dc=edu
ldap_user_search_base,OU=Secured,OU=Corporate Users,DC=wmd,DC=edu
ldap_user_search_base,OU=Managed By Others,DC=wmd,DC=edu
ldap_user_search_base,OU=Shared,OU=Corporate Users,DC=wmd,DC=edu
ldap_user_search_base,OU=ServiceAccounts,OU=Corporate Servers,DC=wmd,DC=edu
ldap_group_search_base,ou=Unix,ou=Security Groups,ou=Corporate Groups,dc=wmd,dc=edu
ldap_default_bind_dn = CN=aixldapquery,OU=ServiceAccounts,OU=Corporate Servers,DC=wmd,DC=edu
ldap_default_authtok_type = password
ldap_default_authtok = **********
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_referrals = false

krb5_realm = WMD.EDU
krb5_kpasswd =
krb5_server =
krb5_canonicalize = False

offline_credentials_expiration = 0

where ********** is the password of the aixldapquery account, which queries AD on the behalf of the login in user.

d. While in /etc/sssd, edit permissions of the sssd.conf – this is important, otherwise the service will not start!

# chmod 0600 sssd.conf

e. Verify that the following files in /etc/pam.d contain the entries shown.

[success=1 default=ignore] use_first_pass
session	required umask=0022 skel=/etc/skel
session	optional
password	sufficient use_authtok

f. Absolutely remove/comment out the following line in /etc/pam.d/common-account. Otherwise no AD defined user will be able to login.

account  [default=bad success=ok user_unknown=ignore]

g. Set the sssd service to start on reboot

# systemctl enable sssd

h. restart sssd and you are ready to go.

# systemctl restart sssd

The following command can be very useful troubleshooting sssd issues.

# sudo sssd -d9 -i

Posted in LINUX.

patch and reboot on the second Friday of every month at 1:30am

One of the ways to do it in Linux:

# crontab -l
30 1 7-14 * Fri yum -y update && init 6

If the day of the month is between the seventh or the fourteenth and if this day is Friday than this is the patching day (based on the 2016 calendar)!

Remember, triggering yum execution does not mean that yum will do what you expect….
There should also be a task to validate patching was as success – a boot volume might be too small for the new kernel causing the patching cycle to fail ….

# crontab -l
30 1 7-14 * Fri `yum -y update && init 6 || /path/scriptname`

where the script defined by /path/scriptname will email an alert on yum failure.

Posted in LINUX.

Tagged with , .

Copyright © 2016 - 2017 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.