No. That comes from upstream (CentOS / Red Hat) which keep what they consider stable versions (even if older), applying security patches to the packages.
Newer version available on CentOS 8.
Better explained:
↧
GnuTLS 3.6.x upgrade (Security)
↧
OpenSSL 1.1.1* upgrade (Security)
I’d say no. That comes from upstream (CentOS / Red Hat) which keep what they consider stable versions (even if older), applying security patches to the packages.
Newer version available on CentOS 8.
Better explained:
↧
↧
Posix Users and SSH
Thank you, for your Explanation, but it declares not why posix admins dont have this access anymore.
Indeed i have no posix “users” but two posix-admins (administrator,wheel). The first of them was created within nethserver/centos installer, the second afterward by myself. Since this, both users has access to server-manager and over ssh - until few days.
(i havent accidentally enabled this).
The server-manger has no option to reverse this - unless ich give ssh access to all users, then the posix-admins have server-manager and ssh access and again.
Which is the suggested (nethserver-like) way to give access back to posix-admins?
Regards
yummiweb
↧
What about dolibarr
I think we could make possible to login, only when the user is inside a group, maybe better ?
what do you think ?
↧
What about dolibarr
Can you create that group during installation?
↧
↧
What about dolibarr
not sure because when I install it, I cannot know if you have installed an account provider or if you plan to do it.
However if I can do it (success on samba AD, now failure for openldap), you simply need to create a dolibarr group on your server and populate the group with the users.
↧
GnuTLS 3.6.x upgrade (Security)
@dnutan: You can see evolution for old Samba!
From:
A better NethServer is on the road, do not stop it!
↧
OpenSSL 1.1.1* upgrade (Security)
@dnutan: You can see evolution for old Samba!
A better NethServer is on the road, do not stop it!
↧
What about dolibarr
I would say this is not so important. Just cosmetics…
↧
↧
Cannot create DHCP VLAN and no device connected
Hi,
I’m currently on NethServer release 7.7.1908 (final), fully patched.
I’m in the process of adding some VLANs and I’m encountering an error.
I have a Smart Switch that I’ve connected to enp3s0 and assigned it LAN (green role)
This works and I’m able to get to the Smart Switch management web page.
The bug is when I add a new VLAN, configured for DHCP with no device connected, I get the error below.
If I assign it a bogus static IP address and gateway, I’m not able to access the Internet. I haven’t dug into this issue much yet.
Below are the details.
Summary before creation of the VLAN
Create a new VLAN interface enp3s0.103 on enp3s0
Obtain IP configuration from DHCP server
Set role to “red”
Error Message
Task completed with errors
Configuring shorewall #72 (exit status 1)
Compiling using Shorewall 5.1.10.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling /etc/shorewall/providers…
Compiling /etc/shorewall/snat…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/blrules…
Compiling /etc/shorewall/rules…
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Compiling /etc/shorewall/mangle…
Generating Rule Matrix…
Optimizing Ruleset…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Reloading Shorewall…
Initializing…
Processing /etc/shorewall/init …
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Adding Providers…
WARNING: Interface enp2s0 is not usable – Provider red2 (1) not Started
WARNING: Interface enp3s0.105 is not usable – Provider red1 (2) not Started
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]…
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
ERROR: Command “ip -4 route replace src 0.0.0.0 dev enp3s0.103” Failed
Processing /etc/shorewall/stop …
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running /sbin/iptables-restore --wait 60…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 22274 Terminated $SHOREWALL_SHELL $script options @
Configuring shorewall #113 (exit status 1)
Compiling using Shorewall 5.1.10.2…
Processing /etc/shorewall/params …
Processing /etc/shorewall/shorewall.conf…
Loading Modules…
Compiling /etc/shorewall/zones…
Compiling /etc/shorewall/interfaces…
Determining Hosts in Zones…
Locating Action Files…
Compiling /etc/shorewall/policy…
Running /etc/shorewall/initdone…
Adding Anti-smurf Rules
Adding rules for DHCP
Compiling TCP Flags filtering…
Compiling Kernel Route Filtering…
Compiling Martian Logging…
Compiling /etc/shorewall/providers…
Compiling /etc/shorewall/snat…
Compiling MAC Filtration – Phase 1…
Compiling /etc/shorewall/blrules…
Compiling /etc/shorewall/rules…
Compiling /etc/shorewall/conntrack…
Compiling MAC Filtration – Phase 2…
Applying Policies…
Compiling /etc/shorewall/mangle…
Generating Rule Matrix…
Optimizing Ruleset…
Creating iptables-restore input…
Compiling /etc/shorewall/stoppedrules…
Shorewall configuration compiled to /var/lib/shorewall/.restart
Shorewall is not running
Starting Shorewall…
Initializing…
Processing /etc/shorewall/init …
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Processing /etc/shorewall/tcclear …
Setting up Route Filtering…
Setting up Martian Logging…
Setting up Proxy ARP…
Adding Providers…
WARNING: Interface enp2s0 is not usable – Provider red2 (1) not Started
WARNING: Interface enp3s0.105 is not usable – Provider red1 (2) not Started
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get ADDRESS [ from ADDRESS iif STRING ]
[ oif STRING ] [ tos TOS ]
[ mark NUMBER ] [ vrf NAME ]
[ uid NUMBER ]
ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
[ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
[ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
[ table TABLE_ID ] [ proto RTPROTO ]
[ scope SCOPE ] [ metric METRIC ]
INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]…
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
[ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
[ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
[ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
[ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
[ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
[ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
[ pref PREF ] [ expires TIME ]
TYPE := { unicast | local | broadcast | multicast | throw |
unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 ]
ENCAPHDR := [ MPLSLABEL ]
ERROR: Command “ip -4 route replace src 0.0.0.0 dev enp3s0.103” Failed
Processing /etc/shorewall/stop …
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Processing /etc/shorewall/tcclear …
Preparing iptables-restore input…
Running /sbin/iptables-restore --wait 60…
IPv4 Forwarding Enabled
Processing /etc/shorewall/stopped …
/usr/share/shorewall/lib.common: line 93: 24308 Terminated $SHOREWALL_SHELL $script options @
↧
GnuTLS 3.6.x upgrade (Security)
That’s samba AD within the container, a custom build out of necessity (MIT Kerberos / Heimdal). Similarly, more recent versions of PHP where made available through SCL, but maintained upstream.
Not trying to stop anything, but I think you’ll have to wait till CentOS 8 adoption.
↧
Backup sets anatomy
Dear everyone, I just setup a incremental backup on server every day and sunday run a full backup. Set to delete backups older than 7 days. I want to figure out that what will happen on next sunday.
- Will the next full backup on next sunday be scheduled after deleting the old backups including incremental backups?
- If the space of Nas drive getting low, the process will be hanging?
- If the deleting process is followed by the creating new set, can we convert the process to first to deleting and then creating? (To reserve space on Nas)
Thanks
↧
What about dolibarr
yes the filter doesn’t work for openldap, for now released without it
↧
↧
What about dolibarr
↧
Guacamole 1.1.0 (2020-01-29)
I was able to get a consistent LDAP login with NS being the primary AD provider as decribed in the doc. For giggles, I wanted to see if I could enable TOTP via guacamole-auth-totp-1.1.0.tar.gz and so far it works with the internal SQL guacadmin account but not with the AD/LDAP binding accounts. I’ll have to dig more into this to see if I am unsing the TOTP module correctly.
Apr 19 09:05:50 guac server: 09:05:50.167 [http-bio-8080-exec-10] INFO o.a.g.r.auth.AuthenticationServvice - User "admin" successfully authenticated from [10.92.0.2, 10.0.99.1, 127.0.0.1].
Apr 19 09:05:50 guac server: 09:05:50.200 [http-bio-8080-exec-10] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Apr 19 09:05:50 guac server: ### Error updating database. Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLLIntegrityConstraintViolationException: Column 'user_id' cannot be null
Apr 19 09:05:50 guac server: ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.iinsertAttributes-Inline
Apr 19 09:05:50 guac server: ### The error occurred while setting parameters
Apr 19 09:05:50 guac server: ### SQL: INSERT INTO guacamole_user_attribute ( user_id, attribute_name, attribute_value ) VALUES (?, ?, ?) , (?, , ?, ?)
Apr 19 09:05:50 guac server: ### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolatiionException: Column 'user_id' cannot be null
↧
Creating two VLANs causes loss of Internet
Hi,
When I create a second VLAN on my GW, my machines behind the GW lose Internet. If I delete the second VLAN, everything works again.
Background
My plan is to connect several Cable Modems to my GW. Each Cable Modem is connected to a Smart Switch and is presented to the GW tagged.
I will map a single IP to each Cable Modem
In this example, I have VLAN ID 103 and 105.
GW Configuration
- enp1s0 - LAN (green)
- enp2s0 - Internet (red) – my current Internet. Link weight 100.
- enp3s0 - LAN (green) - connected to my Smart Switch
- enp3s0.103 - VLAN ID 103, DHCP, Internet (red), Link weight 1 - device connected and provides an IP.
- enp3s0.105 - VLAN ID 105, … same as 103.
multi WAN is set up in Active backup The link status monitor is configured as follows:
- Check IP: 8.8.8.8
- Disable … # lost pings: 4
- Disable % lost pings: 50
- Ping interval: 2
Problem
From a machine behind the GW, I ping 8.8.8.8
When I add the second VLAN (it doesn’t matter which), I can no longer ping.
If I delete the second VLAN, I can ping again.
↧
How to manually call dhclient?
Hi,
I am working through a couple of reported bugs with VLANs. My plan is to go manual until I can get the issue(s) resolved.
I have DHCP enabled on my NethServer. What’s the preferred way to call dhclient for my two VLANs?
When I manaully call dhclient to include the existing interface and my two VLANs,I lose the ability to access the Internet from my machines.
Thx!
-pablo
↧
↧
What about dolibarr
Got some issues with Module/Plugins…
Tried to import external modules:
↧
What about dolibarr
Hi,
same problem here. To activate the internal Moduls like Projectmanagement an others is possible.
But install external modules ends with the message posted by fpausp.
Greetings…
Uwe
↧
Cockpit Not Setting Green Interface To Static
Hi
Just setup a fresh install and completed updates, after this I started tackling network setup when I attempted to set the green interface to Static from DHCP using Cockpit. This fails and just reloads the “Configure physical interface” screen when selecting “Configure”.
The old server manager successfully performs this operation and cockpit can successfully perform the reverse of this operation (setting the interface from Static to DHCP)
This issue persists even when filling in all fields including the optional “Label” for the interface.
Is there anyone else who can confirm this? I have also not replicated/tested this on other interfaces (RED, BLUE or ORANGE)
↧