Can’t delete files/folders on a NSS volume.

While deleting files/folders on the NSS volume on an OES11 server as root user via shell. Let’s say test1.doc and the following error will occur:

“rm: cannot remove `test1.doc’: Permission denied” or “S-1-1-0-1 on a Windows machine.”

You will get that error if you have flagged the file with NSS flag “Delete Inhibit” or “Rename Inhibit”. Clear those flags out and it should also be possible to delete the file directly from a Linux console. Use this command:

root# attrib -r -c all foldername

"Cannot access path" error when mounting an NCP share from OES11 SP1 using ncpmount.

When trying to mount an NCP share with the ncpmount command, the system prints out the following error:

Cannot access path "{volume-name}": Invalid argument

A network trace reveals a problem in the name space negotiation between the server and client. Even though the OES11 SP1 NCP server advertises the NFS namespace with the volume to be mounted, it returns error 191 (ERR_INVALID_NAMESPACE) when the NFS name space is used in requests for accessing the given volume.

ncpmount -S 192.168.87.70 -A 192.168.87.70 -o tcp,nonfs -V VOLC1 -U admin.novell /mnt

Tomcat6 – SLES11sp3 – "This account is currently not available."

The problem is located in the initscript (/etc/rc.d/init.d/tomcat6) with the invocation of the $SU command, which is either /sbin/runuser or /bin/su. Please note there are multiple places in the initscript where $SU is invoked, here is one typical example.

$SU – $TOMCAT_USER -c “${TOMCAT_SCRIPT} start” >> $TOMCAT_LOG 2>&1

The key element here to notice is that a command line is being passed via the -c argument, this requires the user ($TOMCAT_USER) to have a shell in which to execute the -c command. But system daemons shouldn’t have login shells for security reasons. If $TOMCAT_USER doesn’t have a login shell then $SU aborts with the message:

“This account is currently not available.”

The solution is to provide a temporary shell to $SU for the purpose of executing the -c command. This can be done with the -s arg to $SU. One possible solution would be to modify the definition of $SU in the script, thus:

# For SELinux we need to use 'runuser' not 'su'
if [ -x "/sbin/runuser" ]; then
SU="/sbin/runuser"
else
SU="/bin/su"
fi

would become:

if [ -x "/sbin/runuser" ]; then
SU="/sbin/runuser -s /bin/sh"
else
SU="/bin/su -s /bin/sh"
fi

XFCE and ecryptfs-utils issue.

I use eCryptfs to encrypting a home directory. After upgrade the ecryptfs-utils package to 103 version. I’m not able to log into XFC using a LightDM, the unlock doesn’t work. The LightDM runs in the loop and displays a login screen
again and again. So, the solution is add the following:

auth optional pam_ecryptfs.so unwrap
password optional pam_ecryptfs.so
session optional pam_ecryptfs.so unwrap

to the /etc/pam.d/lightdm file, or:

common-auth-pc, common-session-pc and common-password-pc files into the /etc/pam.d directory

or using:

pam-config -a --ecryptfs should add it automatically to the proper common-* files.

By the way, the bug was fixed after a few hours by openSUSE maintainer 🙂

Enabling the Global Status Monitor – Data Synchronizer.

In Synchronizer Web admin, click Global Status Monitor to display the instructions for enabling the Global Status Monitor. Initially, the current section of the documentation displays in your browser so that you can enable the Global Status Monitor.

As root in a terminal window, enter the following command:

root#: /opt/novell/datasync/previewfeature.sh --monitor --action enable

Restart the Synchronizer services. Refresh the Synchronizer Web Admin browser window to replace the link to the documentation with the link to the Global Status Monitor.

Data Synchronizer Mobility Connector and a self-signed cert.

In order to be able to use Mobility Pack with a self-signed cert (normally for testing purposes), you’ll need to follow these instructions: NOTE: You can name the .key and .cert files anything you’d like initially because you’re going to need to change it to “mobility.pem” later. Open the terminal and perform the following commands:

openssl genrsa 1024 > anything.key
chmod 400 anything.key
openssl req -new -x509 -nodes -sha1 -days 365 -key anything.key > anything.cert

Now that you’ve created the key and cert file you need to concatenate the two files into a .pem file with this command, private key first, then cert. You can also remove the .key file for security purposes in the same command.

cat anything.key anything.cert > anything.pem && rm anything.key
chmod 400 anything.pem

Once you’ve created the .pem file you need to rename it to “mobility.pem” and then replace it with the mobility.pem file in /var/lib/datasync/device.
WinMobile devices require a .cer certificate file (as opposted to .pem). You’ll need to create a copy of the .pem file and convert it to .cer:

openssl x509 -in mobility.pem -inform PEM -out mobility.der -outform DER

rename the mobility.der to mobility.cer and move it in the /var/lib/datasync/device directory.
Restart the connectors and resync with your device, now you shouldn’t have cert issues with your device while trying to connect with your self-signed cert.

TightVNC Remote Desktop Connections using SUSE as Client or Server.

1. Install the tightvnc and xorg-x11-Xvnc packages:

root# zypper install tightvnc xorg-x11-Xvnc

Type the command vncserver to start the VNC server, and then type the command
vi $HOME/.vnc/xstartup
to open the VNC configuration file in the vi text editor. You can replace “vi” with your preferred text editor.
Add the line /usr/bin/gnome & under the #!/bin/sh line, if you are using the Gnome desktop.

Type the command vncserver in Suse 10 or dbus-launch vncserver in Suse 11, to start the VNC server. Take note of the desktop number, usually “:1,” “:2” or “:3,” that is shown after the command is executed.

2. Connect to the Server

Open the VNC viewer software on the remote computer. Type “192.168.1.100:1” in the connection text box. Replace “192.168.1.100” with the IP address of the Suse server. Replace “:1” with the desktop number from the previous section. and then type the password for the VNC server, when prompted.

Users who are logged on can start a server with a simple console command.

• Starting the server in Suse versions 10.x: vncserver
• Starting the server in Suse versions 11.x: dbus-launch vncserver

The vncserver command will start the next unused desktop in the sequence :1, :2, :3 …etc. You can attach many options to the command line when starting the server. There are options specific to TightVNC on the TightVNC man page and you can also attach the options listed in the Xvnc man page.

Note: vncpasswd allows you to set the password used to access VNC desktops. Its default behavior is to prompt for a VNC password and then store an obfuscated version of this password to passwd-file (or to $HOME/.vnc/passwd if no password file is specified.) The vncserver script runs vncpasswd the first time you start a VNC desktop, and it invokes Xvnc with the appropriate -rfbauth option. vncviewer can also be given a password file to use via the -passwd option. The password must be at least six characters long (unless the -f command-line option is used– see below), and only the first eight characters are significant. Note that the stored password is not encrypted securely – anyone who has access to this file can trivially find out the plain-text password, so vncpasswd always sets appropriate permissions (read and write only by the owner.) However, when accessing a VNC desktop, a challenge-response mechanism is used over the wire making it hard for anyone to crack the password simply by snooping on the network.

conf example:


server:/home/user/.vnc # cat xstartup
#!/bin/sh

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

SNMP installation and configuration.

This describe howto install and configure the SNMP on a RedHat or CentOS and Suse.

1. Installation
Run command yum for RH and Centos, for Suse use zypper and install net-snmp-utils

for RH/Centos use yum
root# yum install net-snmp-utils

for Suse use zypper:

root# zypper install net-snmp-utils

2. Configuration
Add the following lines to /etc/snmp/snmpd.conf

rocommunity public
syslocation "IT Department"
syscontact admin@somedomain.com

and then start the snmpd service

root# /etc/init.d/snmpd start

Do snmpwalk to make sure it is working

root# snmpwalk -v 1 -c public -O e 127.0.0.1

sample output:
SNMPv2-MIB::sysDescr.0 = STRING: Linux centos.somedomian.ie 2.6.18-274.el5 #1 SMP Fri Jul 22 04:49:12 EDT 2011 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (719265) 1:59:52.65

And finally, make sure snmpd starts next time you restart your machine.

root# chkconfig snmpd on