Category Archives: Linux

krb5-telnet != telnet-server

I had a task to allow root login via telnet on RHEL 4.3 servers. I tried my luck on Google and found this. Once I have done exactly as mentioned, I still couldn’t login as root via telnet.

After researching a little bit more on Google, I finally found the answer! Apparently krb5-workstation‘s /etc/xinetd.d/krb5-telnet is not the telnet-server package that I have been looking for. telnet-server‘s telnetd is actually another package which is mentioned in the document I found earlier. I disabled krb5-telnet and enabled telnet in /etc/xinetd.d/.

Voila! Now it allows root login via telnet. Red Hat should have written a note about this in the document.

PS: Please enable telnet-server ONLY if you need it and you know what you’re doing. I do NOT recommend the use of telnet-server.

References:
http://kbase.redhat.com/faq/FAQ_45_453.shtm
http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1210184407758+28353475&threadId=1035531

Update initrd with mkinitrd to install new (different) hardware on Linux

I’m not sure if this important topic is discussed thoroughly in manuals because I couldn’t find any easily on Google without the exact keywords. I could be wrong though, but I’m documenting it here for my own note.

Many people do not dare to adopt Linux due to its complexity. I have to agree that Linux is far from being user friendly despite a lot of people’s effort to make it one. Simple task such as changing/replacing hardware is very common, especially now with the rapid development of technological advances. Few weeks ago I had to change one of my servers’ motherboard with a new one to accommodate a new multi-core CPU and I had to keep everything (OS and data) on the hard drive intact. Once the new motherboard was in place, it wouldn’t boot because it couldn’t read from my hard drive. Typical error where it says root partition cannot be found. Initially, I didn’t know an incorrect initrd could cause this problem because the error messages (which leads to kernel panic) didn’t mention anything specific other than not being able to read the partition table and find /. I almost put my blame instantly on LVM. Fortunately with some dedications searching through Google, I was able to find the right solution.

Linux uses initrd to keep a handful of modules it requires for booting to take place properly. If you compile every driver you need into the kernel, then initrd is not required but including everything in the kernel is inefficient and defeats the purpose of modular design. Important modules such as ext3, PATA/SATA controller, LVM, need to be placed inside the initrd. How can a boot loader (in most cases GRUB or LILO) be able to load LVM partitions if the modules required to read LVM partitions are inside the LVM partition?

To “repair” my new system, I had to boot using a rescue CD, modify /etc/modprobe.conf to include the new motherboard’s SATA controller. This new motherboard’s PATA controller is different from the old motherboard and therefore requires a different driver. I replaced “alias scsi_hostadapter2 pata_amd” to “alias scsi_hostadapter2 libata” in modprobe.conf. Basically these are the steps:

chroot /mnt/sysimage
vi /etc/modprobe.conf
(make needed changes as required)
depmod -ae -F /boot/System.map-2.6.9-1.667 2.6.9-1.667
mkinitrd -v -f /boot/initrd-2.6.9-1.667.img 2.6.9-1.667

Once everything ran as expected, remove the rescue CD, and reboot. The system should boot properly now. If it doesn’t, most likely the module name specified in modprobe.conf is incorrect.

Here is a tip to find out which PATA/SATA module you should include in modprobe.conf:
When booting the rescue CD, right after the blue screen appears it will pop up a dialog. Find the module name that is required in that dialog. Be sure to keep an eye on it because it will disappear quickly.

BTW, this article is also useful when moving an installed Linux hard drive to a different computer with different hardware.

Good luck! Let me know if this article helps you by posting a comment. Thanks!

References:
http://www.keffective.com/mvsata/
http://en.wikipedia.org/wiki/Initrd

LVM recovery on Fedora Core 6 with Fedora 8 Rescue CD

One of my hard disks on my Fedora Core 6 server nearly failed yesterday. It sounded like it loses power every now and then. This hard disk is my primary, it has the /boot partition and an LVM partition. It holds at least 36GB of the 300GB+ LVM Volume Group. Had it died totally, then most of the OS would have been gone along with some of my data. Luckily I was still able to boot from this nearly-dead hard disk for a couple of times.

I downloaded Fedora Core 6’s Rescue CD ISO and burned it. Every time I could boot into the system without a problem, I rebooted immediately and booted from the Rescue CD. I was hoping that I could move the LVM PEs off the broken hard disk ASAP.

During my first attempt, the faulty hard disk ‘disappeared’ when I was running e2fsck. I had to shut the system down for about 15 minutes to let it cool down. This trick did work and I tried another attempt. This time e2fsck finished without a problem, and I ran pvmove to move the PEs from the faulty disk. Unfortunately my kernel is the latest version but the device-mapper and lvm2 packages are not. pvmove printed out errors (“device-mapper: reload ioctl failed: Invalid argument”) no matter how many times I tried. Initially I thought that the faulty hard disk may be too damaged, but then since I could still boot the system without a hitch so I guessed it couldn’t be that damaged.

This post has a solution, but I didn’t use it. I downloaded Fedora 8 Rescue CD ISO and used that instead of Fedora Core 6’s. This time pvmove didn’t show any error and the process completed as expected without any lost data. I was then able to vgreduce the faulty hard disk from the LVM Volume Group.

If you experience the same problem, try downloading a newer Rescue CD and give it a try. Hopefully it will address problems that are present on older Rescue CDs. Good luck! 🙂

ClamAV’s clamd/freshclam permission problems

Since I have always used ClamAV‘s clamd as the virus filter of my email servers along with qmail-scanner, I noticed that crash-hat‘s clamav RPM packages use logrotate to rotate the logs files. qmail-scanner runs as its own user (qscand), so clamd has to run under the same user. When the RPM package was first installed, it created these directories: /var/run/clamav/ and /var/log/clamav/. Chown these 2 directories to qscand (this assumes that User directives in freshclam.conf and clamd.conf have been changed to qscand), otherwise clamd and freshclam wouldn’t be able to write any logs and pid file and neither service would start.

As for the logrotate configuration, edit clamd and freshclam in /etc/logrotate.d/ to change the log files’ ownership to qscand instead of clamav. Modify line 8 where it says:

create 640 clamav clamav

to

create 640 qscand clamav

That should do the trick. 🙂

RP-PPPoE server problem in Fedora Core 5, 6, Fedora 7, 8

Since Fedora Core 5, pppoe-server that comes with rp-pppoe RPM package has always been broken. Someone actually filed a bug report, but unfortunately there was no response. Apparently the problem is caused by ppp conflicting with syslogd. If you stop syslogd and klogd, then pppoe-server will run properly. Fedora Core 4 does not have this problem though. I’m not sure if the newly released Fedora 7 has got this issue sorted out. I’m guessing that they haven’t.

If you have installed Fedora 7 and found out that the issue has been fixed, please let me know ASAP. Thanks! 🙂

Update (Jul 03, 2007): Problem confirmed in Fedora 7.

Update (Mar 14, 2008): Problem fixed as stated on bugzilla ticket.

Missing bitops.h in Fedora Core 6

I was just compiling an updated version of HTB-tools a few minutes ago then I noticed that either I forgot to make a note about removing a line from q_show.c or the addition of bitops.h is new in the latest version of HTB-tools (0.3.0a). If you don’t remove the following line in q_show.c:

#include <asm/bitops.h>

the compilation process will fail with the following error:

sys/q_show.c:40:24: error: asm/bitops.h: No such file or directory

I found this on Google to explain why bitops.h is missing in Fedora Core 6.

ETHTOOL_OPTS to configure ethernet cards

I was going to write about ETHTOOL_OPTS a couple of months ago, but unfortunately I’m a forgetful person.

If you use Fedora Core (or some Fedora-driven distributions) which uses ifcfg-DEVNAME files in /etc/sysconfig/network-scripts/ and you wish to alter your ethernet cards’ default configuration, ETHTOOL_OPTS is basically all you need! Look no further, no need to add anything in rc.local or write your own rc scripts just to force your ethernet cards to a certain configuration (be it 100Mbps full duplex or 10Mbps half duplex). Simply add this line to your ifcfg file, e.g. for eth0, edit /etc/sysconfig/network-scripts/ifcfg-eth0 and append:

ETHTOOL_OPTS=”speed 100 duplex full autoneg off”

To put this change into effect, do service network restart.

Use mii-tool to verify whether the ethernet cards apply the new configuration.

References:
http://www.redhat.com/archives/broadcom-list/2003-December/msg00002.html

Layer Four Traceroute (lft)

I’m a big fan of tcptraceroute. It’s a very useful tool for network administrators (in addition to the traditional traceroute). I had tcptraceroute installed on my MacBook via MacPorts, but later it stopped working (“libnet_write failed? Attempted to write 40 bytes, only wrote -1” error message) due to libnet compatibility problem. I couldn’t find a fix to that problem so I searched for a similar tool to replace tcptraceroute for my MacBook. I found lft on Google. Apparently lft is more flexible and advanced than tcptraceroute. What makes lft even better than tcptraceroute? lft is included in Fedora Extras! Since I use Fedora Core for my servers, this is much better than having to use third-party repository (e.g. dries, dag, etc.)

Normally, I use the following syntax for lft:

lft -C -z -n -E -S google.com

Real-time Linux bandwidth monitor

There are so many Linux bandwidth monitoring software available out there. Many of these software are just showing the current upload and download speed of each network interface, pretty much similar to iptraf‘s “General interface statistics”. I was looking for something that plots TUI graphs. I found nload after spending a few minutes on Google. It doesn’t produce pretty graphs like rrdtool, but at least it does what I need.

UPDATE: I just noticed that ifstatus is similar to nload. ifstatus is capable of producing colored TUI graphs.