11 October 2015

How to fix keyring password problems in CentOS with Gnome desktop. (and maybe other distributions using Gnome as well?)

Snip ------
You can always wipe out your current keyrings by removing the file ~/.gnome2/login.keyring, but you should try resetting the password with the 'seahorse' program. Reinstalling gnome would do nothing, since it's all in your homedir.
 Unsnip ------

This was part of an exchange in the fedora forums, and was easily overlooked as it was part of a larger issue that was, thankfully,  solved.

Another part of this exchange was the following information regarding autologin, and how to disable it.

Snip -------
It sounds like you have auto-login enabled. Not sure how you managed that (is this a LiveCD?), but you can disable that by editing /etc/gdm/custom.conf and removing the lines between the [daemon] line and the [security] line.
Unsnip -------

I hope this helps someone else as much as it has helped me. :-)

The first fix regarding gnome keyring was the issue I experienced, and the second part regarding autologin was something that caught my eye as being useful in the future

Bye for now.

Have fun everyone!

08 October 2015

What to do when running "service named status" gives an rndc communication error?

 Do this and it should fix it.
I've had this issue with CentOS 5.x and 6.x at various times.
This will generate a new rndc key, and automatically configure rndc for you.

Thanks to the Serverfault.com and Linuxquestions.org websites for the answer.

rndc-confgen -a -r /dev/urandom
If you're using bind-chroot, add :
rndc-confgen -a -r /dev/urandom -t /var/named/chroot
The result should be:
wrote key file "/etc/rndc.key"
wrote key file "/var/named/chroot/etc/rndc.key"

04 June 2014

Exchange Anywhere - basic explanation of how it works and how Outlook needs to be configured to work with it.

Here's something I am having issues with at one site. Some users, while operating remotely outside the LAN,  can connect to Exchange (using Outlook Anywhere) without using the VPN, while other users have to activate the VPN before a connection to Exchange can be established.


The link above at least confirms that the settings are correct in Outlook, and the issue somehow revolves around individual laptop and/or individual user configurations. Possibly related to Security Certificates in some way. I suspect the SBS 2008 server that is running Exchange has, in the past, been administered as if it were a standard 2008 server, since the WSUS configuration was broken by micro configuration changes not suitable for SBS 2008. Whatever the issue, it is not obvious, or consistent across users or versions of Outlook in use. Two users, one with the issue and one without will be using the same versions of Outlook, with the same configuration visible in the Options
I will make a post here as soon as I have some sort of resolution to this issue, and have at least a small party to celebrate as well.

13 June 2013

This is an old post that never progressed from a draft version.
A great rock station - "Absolute Classic Rock" very good on GMT +10 local time from 'bout 8:30pm ish untill 10:37pm 2011-04-15 ... good music.
This an extract from the Samba forum regarding how to disable printing in samba to avoid log errors.


>How can I disable printing in samba ???

in /etc/samba/smb.conf

printcap name = /etc/printcap
load printers = no
printing =

is what is used with great success for your exact problem.

It worked for me, I'm happy to say.

I hate telnet sessions that time out to HP switches - especially when they are caused by Procurve Manager!

A site I work with as a consultant and also assist the system administrators has a large number of HP switches. This site uses Procurve Manager to monitor their network. For some strange reason Procurve Manager had decided (with no known changes to cause it) to leave open telnet sessions on all the switches. This eventually results in a locked out situation due to all the available telnet sessions on each switch timing out. After searching HP forums and the wider Internet for a solution that did not involve travelling to every switch and connecting to the serial port, I discovered that, once again, Linux came to the rescue. This time providing the help through SNMP tools such as snmpwalk and snmpset. What at first looked like a week of work was transformed into 5 or 6 hours for two people. (there are more than 120 switches around a 24x7 "no downtime" site 5Km by 1.5Km in size) First job was to clear the telnet sessions. This involved using snmpwalk to identify the telnet sessions we needed to delete/kill. Then using snmpset to tell the telnet sessions to close. Then connecting to each switch and setting a timeout period for the telnet sessions.
The command we used to find the sessions is this one.

snmpwalk -v2c -c public iso. |grep established is the IP address of the switch. is the IP address of the Procurve Manager server.
(we use version 2c of SNMP, version 1 may work for you)
An example of the output of this command is.

 TCP-MIB::tcpConnState. = INTEGER: established(5)
TCP-MIB::tcpConnState. = INTEGER: established(5)
TCP-MIB::tcpConnState. = INTEGER: established(5)

We are only interested in the numbers in the above results, since they define the telnet sessions.
The command we used to close the telnet sessions is as follows.

snmpset -v2c -c public iso. i 12

The result from this command was as follows.

TCP-MIB::tcpConnState. = INTEGER: deleteTCB(12)

**NOTE** all the commands and results have been "word wrapped" and should be read as being on a single line.
All the above may well be munged and mangled by blog site formatting daemons. I will attempt to find a way of presenting it that displays it in a realistic way if that happens.
I have used the "public" SNMP community, in these examples, you may need to use a different one.
This is as much to help me recall how to do this as it is to help others, but I firmly believe that sharing solutions to problems will always be a part of my life. I constantly work on abundance thinking rather than scarcity thinking. It just makes life more enjoyable, and much less stressful.

Another post on the HP forums gave a different MIB to query, however after testing it, we ended up with the same result, just by a slightly different method.

13 July 2011

After installing Fedora 15, and enjoying playing with Gnome 3, I was confronted by a disk warning at the bottom of the screen. After opening Disk-Utility it looked like my OCZ Vertex 2 120GB SSD was dying. However after some research, churning through the internet with Google riding shotgun with me, I discovered that the S.M.A.R.T. system on disk drives is not very smart at all!
Every manufacturer appears to have their own opinion on how it should work.
It reminds me of my friend Andy's favourite saying "You have to love standards in the IT world, after all there are so many to choose from that you can always find one that suits your purpose"
An article by Google (who possibly have more "vanilla" disk drives in use than any other one organisation) indicated that 56% of their drive failures were not predicted by monitoring the S.M.A.R.T. counters. http://labs.google.com/papers/disk_failures.pdf

I also discovered that in the Disk-Utility program there is a lovely little tick box available (that I missed the first half dozen times) that allows you to tell it to stop popping up warning messages for a particular drive. A wonderful option if it is annoying you, and like me, you believe it is getting the prediction wrong. (but maybe update that month old backup anyway, just in case)

Have a read of this http://forums.fedoraforum.org/showthread.php?p=1494778 forum page paying particular attention to the post by stevea. It is third up from the bottom, and explains a great deal about the subject.

23 April 2011

Listening to "That's Not My Name" by "The Ting Tings" on Rhythmbox on Scientific Linux 6.
After setting up a central storage NAS using RAID 1+0 and ext4, also using Scientific Linux 6 It's nice to enjoy the products of your toil by drinking a beer or two and listening to good music with good friends. :-)

28 July 2010

Here's a simple description of how to align the start of a windows partition with the start of the physical boundaries of the disk. This is expecially important when using striping with raid 5, 6, 50 and 60. It also does no harm at all with a normal disk partition. This _may_ assist in data recovery if damage occurs, because you now know exactly where the beginning of the partition is located.
Note ** this example is for an additional disk or raid disk added to an existing installed operating system.
To do this on the OS disk itself (C drive) you need to connect the disk to a working Windows OS (possibly using a USB adapter) and create the partition before installing it in your server, then begin the installation and use the created partition to hold the OS.

This is copied from a reply to an article in Techrepublic by user neilb and all credit goes to him.

Well, it's pretty straightforward
Windows reserves and hides the first 31 or 63 sectors at the beginning of the first partition of a disk and puts the master boot record in there. It's not completely Microsoft's fault but it's taken them a HELL of a long time to fix it! This results in misalignment with stripe units, disk controllers, and cache segment lines as the reserved sectors do not coincide with physical boundaries. The obvious result is that single clusters of user data are written across multiple stripe units of the RAID. Every nth operation is affected in that two reads are required to get one allocation unit. 'n', of course, depends on allocation unit size and stripe unit size but every part of the disk system is affected.

To get around this in Server 2003, partition alignment must be explicitly performed using Microsoft DISKPART. Now, you can get realy lairy and calculate the correct offset depending on disk sector size but the easiest way is to start the first partition on a 1MB boundary and that nails it for just about any combination. That's 2048 sectors.

Diskpart is a command line tool so...

Diskpart [enter]
List Disk [enter] will display the disks
Select Disk n [enter] (where n is the disk in which you wish to create the partition)
create partition primary align=1024 [enter]
exit [enter]

Then go on and format the parttiion in the GUI


This is absolutely mandatory for anything with a database running on RAID - Exchange, SQL, Oracle, whatever.


13 July 2010

VMware - Fixing Time Keeping Problems with the Guest OS
Here is an option that worked for us when the Linux guest on the Linux host was running fast. (gaining about 10 seconds every two minutes)
This problem occurs because current VMware for Linux products do not have complete support for host power management features (such as Intel SpeedStep, or AMD PowerNow or Cool'n'Quiet) that vary the processor speed. To work around this problem, specify the correct maximum CPU speed in your global configuration file. This can be done on either a Windows host server or a Linux host server.

On a Windows host server:

Find the speed of your host's CPU. For example, in Windows XP, right click My Computer, then choose Properties. This path may be different, depending on the version of Windows you use.


Look for config.ini in one of the following locations:

C:\Documents and Settings\All Users\Application Data\VMware\VMware Workstation\config.ini

C:\Documents and Settings\All Users\Application Data\VMware\VMware GSX Server\config.ini
C:\Documents and Settings\All Users\Application Data\VMware\VMware Server\config.ini

C:\ProgramData\VMware\VMware Workstation or
C:\Program Files\VMware\VMware Workstation
(on a Windows Vista host running Workstation 6.0)


Edit config.ini, adding the lines described below.

host.cpukHz = "X" where "X" equals the maximum speed in KHz of your host machine. That is, its speed in MHz times 1000 or its speed in GHz times 1000000. A 3GHz machine would be 3000000.
host.noTSC = "TRUE"
ptsc.noTSC = "TRUE"

The second and third lines enable a mechanism that tries to keep the guest clock accurate even when the time stamp counter (TSC) is slow.
Note: On Windows, you can use Notepad, but be careful when you save the file that Notepad does not add an extra .txt extension to the filename. You can do that by selecting All files instead of Text files in the Save dialog box.


In addition, check the VMware Tools control panel in the guest operating system. On the Options tab, ensure that Time synchronization between the virtual machine and the host operating system is selected.

On a Linux host server:

To prevent guest clocks from running too quickly, specify the correct maximum host CPU speed in your global configuration file, /etc/vmware/config. If this file exists, edit it with a text editor, adding the lines described below. The file may not exist. If it does not exist, create it as a plain text file.

Add the following lines to your global configuration file:

host.cpukHz = "X" where "X" equals the maximum speed in KHz of your host machine. That is, its speed in MHz times 1000 or its speed in GHz times 1000000. A 3GHz machine would be 3000000.
host.noTSC = TRUE
ptsc.noTSC = TRUE

To periodically correct the time (once per minute) when a guest clock runs slowly, VMware Tools must be installed in the guest. On the Options tab of VMware Tools in the guest, verify that Time synchronization between the virtual machine and the host operating system is selected.

I found this post after much searching, and with the dynamic nature of the internet didn't want to lose it's information, so I have copied it here.

All thanks and Kudos to the following Gentlemen who is the original poster.
Published Friday, August 24, 2007 8:25 PM by David Marshall
Filed under: General News (in vmblog.com)

09 April 2010

Command Line Scanner - Wilders Security Forums

Command Line Scanner - Wilders Security Forums
At the bottom of this page is a post that explains how to set ESET command line scanner (ecls.exe) to work with winrar as it's internal virus scanner.

08 April 2010

Index of /pub/samba/3.3/centos/5/i386

Here's a possible answer to connecting Windows 7 workstations to a centos 5 domain controller.
It is the sernet rpm repository.
The CentOS 5 forums or wiki will be able to help you regarding using 3rd party yum repositories . I will put it to the test soon and report on the result. That post may be a week or so in the future. Which may be the next post, considering how often I update this blog. :-)

Update 28-04-2010
Total success using the sernet rpm's. Method was to backup the /etc/samba and the /var/spool/samba directories into .tgz archives, using tar with --preserve to keep all file permissions. (just in case!)
Next I downloaded the necessary rpm files from sernet into an empty directory, and manually found the required dependencies by doing an rpm -Uvh *.rpm --test and then downloading the extra files from the sernet repository and doing rpm -Uvh *.rpm --test until no errors were shown.
I was uncertian if an upgrade (rpm -Uvh *.rpm) would be successful. However serching the internet for others who also upgraded their samba this way indicated an upgrade was the way to go. So having considered the actions required to restore the system to the present status, and knowing I had the tools and the data to achieve this. I did the rpm -Uvh *.rpm in the sernet rpm directory.
the upgrade proceeded with no errors. I needed to do a "service samba start" to get things rolling. Also required was "chkconfig --add samba" and "chkconfig samba on" to bring things back to where they were with samba auto starting at boot-up.
Testing with Windows 7 workstations joining the domain showed it was indeed doing what was expected. the workstations now conencted to the domain.
A happy ending to the CentOS 5 Server and Windows 7 Workstation saga.
You could simply enable the sernet repository and do "yum upgrade samba", however I chose this method so I knew exactly what was going to happen, rather than hope yum got it right. (which it mostly does)

05 December 2009

This made using the old version of Copernic Desktop Search much less painful.
This is extracted from the second last post in a forum at.

http://depositfiles.com/en/files/6936586 contained a copy of the version mentioned at this time.

I've got Copernic running perfectly now!
The best free version they ever made - version 2.30 - build 30.
Got it from the link on this forum.

Find the ApplicationConfig.ini file at
C:\Program Files\Copernic Desktop Search 2\FileRepository\50

and change the first line AdEnabled="True"
to AdEnabled="False"

No update nag
Just put your clock forward a few years, open Copernic, click Cancel to the update, then put your clock back to today.
I didn't need to mess with the registry (as above).

This program was by far the best desktop search, and with these changes it's perfect!

01 December 2009

SysAdminHell: "Proxy PAC Files, How to Use With Laptops and Local Bypass"

Sorting out Proxy PAC files has been one of my pet hates since I spent hours trying to make sense out of a dozen different how-to's each with their own typos and errors built in to them.
This one helps you stay sane while (possibly) fixing your Proxy PAC problems.

14 October 2009

Logon Script To Attach To A Server Based On IP Address

Logon Script To Attach To A Server Based On IP Address

Info on both Kix and batch file commands to do things based on the IP address of the client.
Examples in case they get lost.
;Establishes $location variable, determined by subnet
$address = @IPADDRESS0
$subnet = SubStr($address,9,3)
$subnet1 = SubStr($address,13,3)
Case $subnet = "xxx" And $subnet1 >= "xxx" And $subnet1 <= "xxx"
$location = servername-1
"net use d: \\" & $location &"\" & @username &" /persistent"
Case (($subnet = "xxx" And $subnet1 >= "xxx" And $subnet1 <= "xxx") $location = servername2
"net use d: \\" & $location &"\" & @username & " /persistent"
or something to that effect...

Normal batch commands:-

IPCONFIG | FIND "10.76.128." > NUL
NET USE Z: \\server1\%username% > NUL
IPCONFIG | FIND "10.76.129." > NUL
NET USE Z: \\server2\%username% > NUL
Original page is on http://www.adminscripteditor.com in the forums.
Thanks to bphilhower for the kix version and Witto for the batch commands.

25 September 2009

Cybersecurity: It's our problem | IT Security | TechRepublic.com

Cybersecurity: It's our problem | IT Security | TechRepublic.com: "Cybersecurity: It's our problem"
An interesting idea on what future options exist for cyber law enforcement.

02 September 2009

How to reduce spam: Writing Rules for SpamAssassin to Avoid Spam, a Primer

How to reduce spam: Writing Rules for SpamAssassin to Avoid Spam, a Primer: "A Guide to Writing your own Add-On Rules for SpamAssassin"

This is a very good introduction to writing rules for SpamAssassin. Especially simple ones to target short term SPAM patterns that may not spread to other geographic areas, or other businesses.

14 August 2009

A computer geek's guide to building a 64-bit server on a budget | Microsoft Windows | TechRepublic.com

A computer geek's guide to building a 64-bit server on a budget | Microsoft Windows | TechRepublic.com: "A computer geek's guide to building a 64-bit server on a budget"

A TechRepublic article I want to get back to when I have the time to read it properly.

12 August 2009

www.centos.org - Forums - CentOS 5 - General Support - yum update three systems with only one download?

www.centos.org - Forums - CentOS 5 - General Support - yum update three systems with only one download?:
"rsync --archive /var/cache/yum/ machine2:/var/cache/yum/"
Here's a simple way to use rsync to update the yum cache of machines from that of a previously updated machine prior to running yum update on the machine.
This can save up to a gig or more of download across 4 or more machines.

05 August 2009

Windows Xp Registry Tips & Tweaks - www.hiren.info

Windows Xp Registry Tips & Tweaks - www.hiren.info: "Windows Xp Registry Tips & Tweaks"

This page has some interesting registry hacks for XP. (and possibly 2003/8 server?)
The "Command Prompt Here" tweak is something every command prompt user needs.