<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:st1 =
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
BEHAVIOR: url(#default#VML)
}
o\:* {
BEHAVIOR: url(#default#VML)
}
w\:* {
BEHAVIOR: url(#default#VML)
}
.shape {
BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]--><o:SmartTagType name="PersonName"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if !mso]>
<STYLE>st1\:* {
BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; COLOR: black; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; COLOR: black; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; COLOR: black; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: blue; TEXT-DECORATION: underline
}
P {
FONT-SIZE: 12pt; MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman"; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto
}
PRE {
FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; COLOR: black; FONT-FAMILY: "Courier New"
}
SPAN.EmailStyle18 {
COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=blue link=blue bgColor=white>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=250264822-03032008>I would consider the network topology. If the box
is behind a firewall or access lists, thus iptables being an additional (or
internal) means of defense, I have no problem stopping it temporarily. If
the box is sitting wide open on the Internet, I would probably tinker with the
logging. Considering how much junk I have seen on firewall interfaces
with brand new IPs with no publicized services, I would not put anything
unprotected "out there", even temporarily.</SPAN></FONT></DIV><!-- Converted from text/plain format -->
<P><FONT size=2>Thanks,<BR>Scott</FONT></P><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> redhat-sysadmin-list-bounces@redhat.com
[mailto:redhat-sysadmin-list-bounces@redhat.com] <B>On Behalf Of </B>Richard
Riley<BR><B>Sent:</B> Monday, March 03, 2008 4:46 PM<BR><B>To:</B>
redhat-sysadmin-list@redhat.com<BR><B>Subject:</B> RE: can't get OS to use LDAP
for accounts<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">I fully agree that
security is priority, but some times it is so much quicker to determine if
iptables or selinux is the culprit by stopping them just long enough to test and
see if the service now works. If it does, then you know quickly where to
concentrate your effort. If iptables is the culprit, <B><SPAN
style="FONT-WEIGHT: bold">then</SPAN></B> I would enable logging to help
identify the specifics.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">I have found that if I
enable logging initially on a busy machine, I may lose hours searching the log
files only to discover that iptables was not the culprit in the first
place.<o:p></o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></FONT></P>
<DIV>
<P style="MARGIN: 0in 0in 0pt"><B><FONT face=Arial color=#1b6ab8 size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #1b6ab8; FONT-FAMILY: Arial">Richard
Riley<o:p></o:p></SPAN></FONT></B></P>
<P style="MARGIN: 0in 0in 0pt"><B><FONT face=Arial color=#1b6ab8 size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #1b6ab8; FONT-FAMILY: Arial">Linux
System Administrator<o:p></o:p></SPAN></FONT></B></P>
<P style="MARGIN: 0in 0in 0pt"><B><FONT face=Arial color=#1b6ab8 size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #1b6ab8; FONT-FAMILY: Arial">Ariba,
Inc.</SPAN></FONT></B><FONT color=navy><SPAN
style="COLOR: navy"><BR><BR></SPAN></FONT><B><FONT face=Arial color=#1b6ab8
size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: #1b6ab8; FONT-FAMILY: Arial"><o:p></o:p></SPAN></FONT></B></P></DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none">
<DIV>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT
face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt; COLOR: windowtext">
<HR tabIndex=-1 align=center width="100%" SIZE=2>
</SPAN></FONT></DIV>
<P class=MsoNormal><B><FONT face=Tahoma color=black size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: windowtext; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT
face=Tahoma color=black size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: windowtext; FONT-FAMILY: Tahoma">
redhat-sysadmin-list-bounces@redhat.com
[mailto:redhat-sysadmin-list-bounces@redhat.com] <B><SPAN
style="FONT-WEIGHT: bold">On Behalf Of </SPAN></B>Sutton, Harry
(MSE)<BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Monday, March 03,
2008 4:30 PM<BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B>
<st1:PersonName
w:st="on">redhat-sysadmin-list@redhat.com</st1:PersonName><BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: can't get OS to use LDAP for
accounts</SPAN></FONT><FONT color=black><SPAN
style="COLOR: windowtext"><o:p></o:p></SPAN></FONT></P></DIV>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt">I'm a firm believer that it's never a good idea to shut
off security features to get things working. Significant improvements in the
SELinux administrative and troubleshooting tools make it much easier to get that
working properly without having to disable it.<BR><BR>As for iptables, I think
it's a much better idea to enable logging, even on a temporary basis, to
determine which packets are being blocked and then adding rules to allow them.
There's a really good article / short video in Red Hat Magazine at <A
href="http://www.redhatmagazine.com/2007/08/01/video-tip-from-rhces-firewalls/">http://www.redhatmagazine.com/2007/08/01/video-tip-from-rhces-firewalls/</A>
that explains this really well.<BR><BR> /Harry Sutton,
RHCA<BR> Hewlett-Packard Company<BR><BR>Richard Riley
wrote: <o:p></o:p></SPAN></FONT></P><PRE wrap=""><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Try stopping iptables on both machines during the test.<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Richard Riley<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></FONT></PRE>
<BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt" type="cite">
<BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt" type="cite"><PRE wrap=""><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">-----Original Message-----<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">From: <A href="mailto:redhat-sysadmin-list-bounces@redhat.com">redhat-sysadmin-list-bounces@redhat.com</A> [<A href="mailto:redhat">mailto:redhat</A>-<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><A href="mailto:sysadmin-list-bounces@redhat.com">sysadmin-list-bounces@redhat.com</A>] On Behalf Of Douglas J Hunley<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Sent: Monday, March 03, 2008 9:34 AM<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">To: <A href="mailto:redhat-sysadmin-list@redhat.com">redhat-sysadmin-list@redhat.com</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Subject: Re: can't get OS to use LDAP for accounts<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">On Monday 03 March 2008 09:10:08 Steven Kalisky wrote:<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></FONT></PRE>
<BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt" type="cite"><PRE wrap=""><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">Try turning off SELinux and then test.<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></FONT></PRE></BLOCKQUOTE><PRE wrap=""><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">SELinux had previously been disabled. That didn't change anything<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">:(<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">--<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">--<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">redhat-sysadmin-list mailing list<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><A href="mailto:redhat-sysadmin-list@redhat.com">redhat-sysadmin-list@redhat.com</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><A href="https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list">https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></FONT></PRE></BLOCKQUOTE></BLOCKQUOTE><PRE wrap=""><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">--<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt">redhat-sysadmin-list mailing list<o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><A href="mailto:redhat-sysadmin-list@redhat.com">redhat-sysadmin-list@redhat.com</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><A href="https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list">https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list</A><o:p></o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"><o:p> </o:p></SPAN></FONT></PRE><PRE><FONT face="Courier New" color=black size=2><SPAN style="FONT-SIZE: 10pt"> <o:p></o:p></SPAN></FONT></PRE>
<P class=MsoNormal><FONT face="Times New Roman" color=black size=3><SPAN
style="FONT-SIZE: 12pt"><o:p> </o:p></SPAN></FONT></P></DIV></DIV></BODY></HTML>