Monday, 26 October 2015

Kerberos Keytab Error - CentOS 6 

Oct 22 21:10:38 server sshd[52210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=server.domain.com  user=st14988
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: error reading keytab 'FILE:/etc/krb5.keytab'
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: TGT verified
Oct 22 21:10:38 server sshd[52210]: pam_krb5[52210]: authentication succeeds for 'abc' (abc@server.domain.com)
Oct 22 21:10:38 server sshd[52210]: pam_unix(sshd:session): session opened for user abc by (uid=0)
To disable keytab validation and hence suppress these log messages, add the no_validate option to your PAM settings. 
auth        sufficient    pam_krb5.so use_first_pass no_validate
On my CentOS 6 servers, these are in the following files: 
/etc/pam.d/password-auth-ac
/etc/pam.d/system-auth-ac
Posted by at No comments:

Friday, 25 September 2015

RedHat Channel Subscription

To list all available channels: 
[root@ ~]# rhn-channel -L  --user=rhn_user --password=rhn_password
To subscribe to a channel (e.g. options): 
[root@ ~]# rhn-channel --add --channel=rhel-x86_64-server-optional-6 --user=rhn_user --password=rhn_password
To list channel subscribed: 
[root@ ~]# rhn-channel -l
rhel-x86_64-server-6
rhel-x86_64-server-optional-6
To register to RHN (do this first!): To register and subscribe in one step: 

[root@ ~]# subscription-manager register --username  --password  --auto-attach
This is the old way or using a satellite server: 
[root@ ~]# rhn_register
Posted by at No comments:

Monday, 27 July 2015

Remove node from Puppet Enterprise system

On the PE master: 
[root@pe-master ~]# puppet cert clean node.domain.com
Notice: Revoked certificate with serial 34
Notice: Removing file Puppet::SSL::Certificate node.domain.com at '/etc/puppetlabs/puppet/ssl/ca/signed/node.domain.com
Notice: Removing file Puppet::SSL::Certificate node.domain.com at '/etc/puppetlabs/puppet/ssl/certs/node.domain.com

[root@pe-master ~]# puppet node deactivate node.domain.com
Submitted 'deactivate node' for node.domain.com with UUID 1d6c7992-d4cf-4659-91e2-23c751afacc2

[root@pe-master ~]# puppet cert revoke node.domain.com
Notice: Revoked certificate with serial 34
Restart pe: service pe-puppet restart On the client: 
[root@pe-client ~]# find /etc/puppetlabs/puppet/ssl -name node.domain.com -delete
Posted by at No comments:

Thursday, 23 July 2015

Firewall Commands on CentOS 7

Open a firewall port 
   30  firewall-cmd --zone=public --add-port=4407/tcp --permanent
   31  firewall-cmd --reload
Show opened ports 
  568  firewall-cmd --zone=public --list-ports
List connected servies 
  567  firewall-cmd --zone=public --list-services
Posted by at No comments:

Monday, 13 July 2015

Find out whether an NIC is connected and has link 

root@host ~
$ ip link show dev eth0
3: eth0:  mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
    link/ether 00:xx:xx:xx:xx:ef brd ff:ff:ff:ff:ff:ff
root@host ~
$ ip link show dev eth1
2: eth1:  mtu 1500 qdisc pfifo_fast master bond1 state DOWN qlen 1000
    link/ether 00:xx:xx:xx:xx:ed brd ff:ff:ff:ff:ff:ff
root@nost ~
Posted by at No comments:

Wednesday, 8 July 2015

If NetworkManager is installed but not used facter throws a warning - Puppet

The solution for this is simple! 
yum remove NetworkManager
Posted by at No comments:

Friday, 19 June 2015

When a process shows uid number instead of user name

When a process appears with the uid number instead of the username, it is because the username is more than 8 characters long: 
[root@ pe-activemq]# ps -ef|grep active
497       2578     1  0 12:44 ?        00:00:27 /opt/puppet/lib/jvm/pe-java/jre/bin/java -Xms512m -Xmx512m -Djava.util.logging.config.file=logging.properties -Dhawtio.realm=activemq -Dhawtio.role=admins -Dhawtio.rolePrincipalClasses=org.apache.activemq.jaas.GroupPrincipal -Djava.security.auth.login.config=/etc/puppetlabs/activemq/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/opt/puppet/share/activemq/tmp -Dactivemq.classpath=/etc/puppetlabs/activemq; -Dactivemq.home=/opt/puppet/share/activemq -Dactivemq.base=/opt/puppet/share/activemq -Dactivemq.conf=/etc/puppetlabs/activemq -Dactivemq.data=/opt/puppet/share/activemq/data -jar /opt/puppet/share/activemq/bin/activemq.jar start
root     16591  7586  0 13:30 pts/0    00:00:00 grep active
Use the command option -o to shown fullname: 
[root@ pe-activemq]# ps -e -o "user:16,pid,ppid,c,stime,tty,time,command"|grep active
pe-activemq       2578     1  0 12:44 ?        00:00:28 /opt/puppet/lib/jvm/pe-java/jre/bin/java -Xms512m -Xmx512m -Djava.util.logging.config.file=logging.properties -Dhawtio.realm=activemq -Dhawtio.role=admins -Dhawtio.rolePrincipalClasses=org.apache.activemq.jaas.GroupPrincipal -Djava.security.auth.login.config=/etc/puppetlabs/activemq/login.config -Dcom.sun.management.jmxremote -Djava.awt.headless=true -Djava.io.tmpdir=/opt/puppet/share/activemq/tmp -Dactivemq.classpath=/etc/puppetlabs/activemq; -Dactivemq.home=/opt/puppet/share/activemq -Dactivemq.base=/opt/puppet/share/activemq -Dactivemq.conf=/etc/puppetlabs/activemq -Dactivemq.data=/opt/puppet/share/activemq/data -jar /opt/puppet/share/activemq/bin/activemq.jar start
root             17623  7586  0 13:37 pts/0    00:00:00 grep active
root             17391 grep active
Posted by at No comments:
Subscribe to: Posts (Atom)