Category: Linux

  • Google Accounts engine problem and Gnome 3

    I have login.keychain corrupted in my Gnome 3 enabled workplace due to the recent Google Accounts engine problem. For some reason it has become completely unusable, Gnome Keychain was unable to unlock it, Google Chrome stopped loading sites, goa-daemon died (as usual) and Evolution has stopped getting mail. Goog Friday morning frustration.

  • OOM-killer fun

    Recently I had installed RHEL 7 FreeIPA test lab on my workplace. I have made virtual host with default 1GB RAM, installed the system, enrolled it into the IPA domain OK, then tried ipa-replica-install. Turns out that 1GB is not enough and OOM-killer tries to solve the problem by killing processes that ipa-replica-install had spawned.…

  • AD + SSSD

    If you have host in the AD with the SSSD then your root user can be any user from the domain. So %groupname ALL=(ALL) NOPASSWD:ALL would actually give permissions to all users from the “groupname” to become any AD user they want, and if they’re SSH’ng the localhost then, they would have Kerberos ticket as…

  • Debugging IDM

    One of the most frequent cases I have is that “sometimes” and “somewhere” user is not getting authenticated. Trying to SSH to the host works for some users not always, “id username” returns errors sometimes — it’s all the same problem in the environment with LDAP replication. It does not actually matter what kind of…

  • Parsing sssd debug log

    Lol, hope to add more in furure grep -v “timed event” |grep -v “timer event”|grep -v “Requesting”|grep -v “SBUS”|grep -v “callback”|grep -v “dispatch”|grep -v “a sysbus message”|grep -v “No sub-attributes for” |grep -v “reusing cached connection” |grep -v “nesting:”|grep -v “sbus_remove_watch”|grep -v “be_client_destructor”|grep -v “sdap_process_result”|grep -v “Comparing LDAP with LDAP” |grep -v “Message type:”|grep -v…

  • More .bashrc improvements

    I need to see long path and host name. And not to lose command line space at the same time: BOLD=”\[$($TTY && /usr/bin/tput bold)\]” COLOR_BLACK=”\[$($TTY && /usr/bin/tput setaf 0)\]” COLOR_RED=”\[$($TTY && /usr/bin/tput setaf 1)\]” COLOR_GREEN=”\[$($TTY && /usr/bin/tput setaf 2)\]” COLOR_YELLOW=”\[$($TTY && /usr/bin/tput setaf 3)\]” COLOR_BLUE=”\[$($TTY && /usr/bin/tput setaf 4)\]” COLOR_MAGENTA=”\[$($TTY && /usr/bin/tput setaf 5)\]” COLOR_CYAN=”\[$($TTY…

  • Google group calendars in Evolution Mail

    If your organization uses Google Apps as mail service but you are using Evolution, there is no evident way to view and edit shared group calendars until recent versions. To add group calendar you need: go to calendar settings on web Calendar Address: -> ID (somenting like example.com_1d32345331343234213832@resource.calendar.google.com) Evolution -> New Calendar -> Google User name -> this ID Auth with usual name-pass…

  • DKIM=temperror

    Recently I have checked my messages headers of the mail that comes from the andreybondarenko.com MX and found that Google shows that my DKIM signature is invalid: In the spam score section: However the header itself is present: I have found that it’s quite common configuration error of the OpenDKIM, the selector you choose to store key can be chosen randomly, but the TXT record should match /etc/opendkim.conf.…

  • Puppet vs Ansible vs Chef vs Salt

    Good presentation, high level.

  • Bash scripting manual

    Apple has got very nice bash scripting manual here: https://developer.apple.com/library/content/documentation/OpenSource/Conceptual/ShellScripting/Introduction/Introduction.html Check the security and AWK sections.