LINUX AND VMWARE STUFF

This Blog is to share our knowledge and expertise on Linux System Administration and VMware Administration

Tuesday, March 1, 2016

How to resolve : User is unable to change its password and getting error as "You must wait longer to change your password"

Tuesday, March 01, 2016 0
Getting error as "You must wait longer to change your password" while changing user password in Red Hat Enterprise Linux

Issue

    While changing the user password getting following error:

You must wait longer to change your password 
passwd: Authentication token manipulation error

    User is unable to change its password and getting error as "You must wait longer to change your password".
    Copied the user passwd entries from a BSD box. That may be what is causing the problem. However, pwck come back clean.

Resolution

    First check password aging policies/information for user as follows:

# chage -l user 
Last password change: Feb 07, 2011 
Password expires: May 08, 2011 
Password inactive: never 
Account expires: never 
Minimum number of days between password change: 7       <---
Maximum number of days between password change: 90 
Number of days of warning before password expires: 28

If Minimum number of days required for password change is set to 7 days then it will prompt an error message as You must wait longer to change your password while changing password using command passwd
Change the password aging information to linux defaults and try to change the password.
Changing 4th field to '0' will change Minimum number of days between password change to '0' so that user will be able to change its password without any restrictions.
 Make following changes to "/etc/shadow" file as root user:

user:$1$rmOPqlKQ$DMS2VsQuV/LNh8it5jT.N0:15012:0:99999:7:::     <---

OR

Expire the user's password using root account:

# chage -d 0 user

Then check again for password aging information for user:

* # chage -l user 
Last password change: Feb 07, 2011 
Password expires: May 08, 2011 
Password inactive: never 
Account expires: never 
Minimum number of days between password change: 0    <--- 
Maximum number of days between password change: 90 
Number of days of warning before password expires: 28
 
Try to change the password and it should work now.

Root Cause

    The issue mentioned above seems to be due to user password expiry settings are too restrictive.
    Minimum number of days between password change was set to 7 days so password change was not allowed before 7 days. The error You must wait longer to change your password was suggesting the same.
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Friday, February 26, 2016

Understand Processes in Linux

Friday, February 26, 2016 0

Understand Processes in Linux

Normal Process

Normal processes are those which have life span of a session. They are started during the session as foreground processes and end up in certain time span or when the session gets logged out. These processes have their owner as any of the valid user of the system, including root.

Orphan Process

Orphan processes are those which initially had a parent which created the process but after some time, the parent process unintentionally died or crashed, making init to be the parent of that process. Such processes have init as their immediate parent which waits on these processes until they die or end up.

Daemon Process

These are some intentionally orphaned processes, such processes which are intentionally left running on the system are termed as daemon or intentionally orphaned processes. They are usually long-running processes which are once initiated and then detached from any controlling terminal so that they can run in background till they do not get completed, or end up throwing an error. Parent of such processes intentionally dies making child execute in background.

Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Wednesday, February 24, 2016

Repeat a Linux Command Every X Seconds Forever

Wednesday, February 24, 2016 0

Run Linux Command Every Second

In this Article, you will learn a simple scripting techniques to monitor or keep a eye on a particular command in continuously running state  for every 3 seconds by default.

1. Use watch Command

Watch is a Linux command that allows you to execute a command or program periodically and also shows you output on the screen. This means that you will be able to see the program output in time. By default watch re-runs the command/program every 2 seconds. The interval can be easily changed to meet your requirements.
Monitor Memory Usage

“Watch” is extremely easy to use, to test it, you can fire up a Linux terminal right away and type the following command:

# watch free -m

The above command will check your system free memory and update the results of the free command every two seconds.

Monitor Memory Usage in Linux

As seen per the above output, you have a header, displaying information about (from left to right) update interval, command that is being executed and current time. If you wish to hide this header, you can use the -t option.

The next logical question is – how to change the execution interval. For that purpose, you can use the -n option, that specifies the interval with which the command will be executed. This interval is specified in seconds. So let’s say you want to run your script.sh file every 10 seconds, you can do it like this:

# watch -n 10 script.sh

Monitor Logged-In Users, Uptime and Load Average Let’s say you want to monitor logged-in users, server uptime and load average output in continuously phase every few seconds, then use following command as shown:

# watch uptime

Watch Linux Load Average

To exit the command, press CTRL+C.

Here, the 'uptime' command will run and display the updated results every 2 seconds by default.
Monitor Progress of Copy Command

In Linux, while copying files from one location to other using cp command, the progress of data is not shown, to see the progress of data being copied, you can use the watch command along with  du -s command to check disk usage in real time.

2. Use sleep Command

Sleep is often used to debug shell scripts, but it has many other useful purposes as well. For example, when combined with for or while loops, you can get pretty awesome results.

In case this is the first time you hear about the "sleep" command, it is used to delay something for a specified amount of time. In scripts, you can use it to tell your script to run command 1, wait for 10 seconds and then run command 2.

With the above loops, you can tell bash to run a command, sleep for N amount of seconds and then run the command again.

Below you can see examples of both loops:
for loop Example

# for i in {1..10}; do echo -n "This is a test in loop $i "; date ; sleep 5; done

The above one liner, will run the echo command  and display the current date, total of 5 times, with 5 seconds sleep between executions. Here is a sample output:

This is a test in loop 1 Wed Feb 17 20:49:47 EET 2015
This is a test in loop 2 Wed Feb 17 20:49:52 EET 2015
This is a test in loop 3 Wed Feb 17 20:49:57 EET 2015
This is a test in loop 4 Wed Feb 17 20:50:02 EET 2015

You can change the echo and date commands with your own commands or script and change the sleep interval per your needs.
while loop Example

# while true; do echo -n "This is a test of while loop";date ; sleep 5; done

Here is sample output:

This is a test of while loopWed Feb 17 20:52:32 EET 2015
This is a test of while loopWed Feb 17 20:52:37 EET 2015
This is a test of while loopWed Feb 17 20:52:42 EET 2015
This is a test of while loopWed Feb 17 20:52:47 EET 2015
This is a test of while loopWed Feb 17 20:52:52 EET 2015
This is a test of while loopWed Feb 17 20:52:57 EET 2015

The above command will run until it is either killed or interrupted by user It can come in handy if you need to run a command running in the background and you don’t want to count on cron.
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

How to Install Skype 4.3 on Arch Linux

Wednesday, February 24, 2016 0
Skype is a most popular VoIP – Voice over IP  for Linux.

Install Skype in Arch Linux

What brings new in this version of Skype for Linux:
  •     An enhanced User Interface.
  •     A New cloud-based Group Chat exposure.
  •     Improved support for file transfer using on multiple device the same time.
  •     Support for PulseAudio 3.0 and 4.0.
  •     ALSA sound system is no more supported without PulseAudio.
  •     Many bug fixes.
Install Skype 4.3 on Arch Linux

1.  Before installing Skype 4.3 on Arch Linux, assure that you have PulseAudio and all the required libraries installed on your system using the following commands.
On 32-bit Arch Linux

$ sudo pacman -S pulseaudio pulseaudio-alsa pavucontrol

On 64-bit Arch Linux

$ sudo pacman -S pulseaudio pulseaudio-alsa pavucontrol lib32-libpulse

2. Then stop and start PulseAudio server with the following commands.

$ pulseaudio -k
$ pulseaudio --start

3. Now install old Skype package from official Arch repository in order to pull out all the dependencies required to run smooth.

$ sudo pacman -S skype

Install Old Skype in Arch

4. Now to upgrade your software to the last version, go to official Skype web page using followiing link and download Dynamic package and extract it.

    http://www.skype.com/en/download-skype/skype-for-linux/

$ cd Downloads
$ tar xjv skype-4.3.0.37.tar.bz2
$ cd skype-4.3.0.37/

Download and Install Latest Skype

5. Don’t leave the folder and use the following commands to upgrade Skype to latest version 4.3 from sources.
$ sudo cp -r avatars/*  /usr/share/skype/
$ sudo cp -r lang/*  /usr/share/skype/
$ sudo cp -r sounds/*  /usr/share/skype/
$ sudo cp skype  /usr/bin/
$ sudo chmod +x /usr/bin/skype

6. Now reboot your system and open Skype and you should see the last version running on your Arch Linux.

Skype 4.3 Login Screen
About Skype 4.3

7. To revert changes to official Arch repository Skype run the following commands.
$ sudo pacman -R skype
$ sudo pacman -S skype

If you want to install Skype 4.3 on other Linux distributions like Ubuntu, Debian, Fedora and OpenSuse visit Skype official page and grab the binary especially build and packaged for those distributions by Skype developers.
Tags # Linux General Continue Reading
By v�o l�c No comments:
Labels:

Remediating an ESXi 5.x or 6.0 host fails with the error: The host returns esxupdate error code:15. The package manager transaction is not successful

Wednesday, February 24, 2016 0
 Symptoms

You cannot remediate an ESXi 5.x or 6.0 host using vCenter Update Manager.
Remediating ESXi 5.x or 6.0 hosts fails.
A package is to be updated on the host, particularly when VMware_locker_tools-light* is corrupt.

You see the error:

error code:15. The package manager transaction is not successful. Check the Update Manager log files and esxupdate log files for more details.
Cause

This issue occurs if the package files for floppies in the /locker/packages/Version/ folder is corrupt or full.

For example:
    In ESXi 5.0 systems – /locker/packages/5.0.0/
    In ESXi 5.1 systems – /locker/packages/5.1.0/
    In ESXi 5.5 systems – /locker/packages/5.5.0/
    In ESXi 6.0 systems – /locker/packages/6.0.0/

Resolution

To resolve this issue, recreate the/locker/packages/version/ folder, where version is:
    ESXi 5.0 – /locker/packages/5.0.0/
    ESXi 5.1 – /locker/packages/5.1.0/
    ESXi 5.5 – /locker/packages/5.5.0/
    ESXi 6.0 – /locker/packages/6.0.0/

To verify the store folders contents and symbolic link:

 Connect to the ESXi host using an SSH session.
Check for information in the /store folder by running this command:
    ls /store

 This folder must contain packages and var folder.
 Run this command to verify that the symbolic link is valid:
    ls -l /

 The /store folder should be linked to /locker and appear as:
    locker  -> /store

 If that link is not displayed, run this command to add the symbolic link:
    ln -s /store /locker

To recreate the/locker/packages/version/ folder:
    Put the host in the maintenance mode.
    Navigate to the /locker/packages/version/ folder on the host.
    Rename /locker/packages/version/ folder to /locker/packages/version.old.
    Remediate the host using Update Manager.

The /locker/packages/version/ folder is recreated and the remediation should now be successful.

Note: Verify if you can change to the other folders in /locker/packages/version/. If not, rename all the three folders including floppies.

An alternative resolution for ESXi:
    Put the host in the maintenance mode.
    Navigate to the /locker/packages/version/ folder on the host.

Rename the folder to:
    /locker/packages/ version.old

Run this command as the root user to recreate the folder:
 mkdir / locker/packages/ version/

For example:

 In ESXi 5.0:
    mkdir / locker/packages/5.0.0/

In ESXi 5.1:
    mkdir / locker/packages/5.1.0/

In ESXi 5.5:
mkdir / locker/packages/5.5.0/

In ESXi 6.0:
 mkdir / locker/packages/6.0.0/

 Use WinSCP to copy the folders and files from the / locker/packages/ version/ directory on a working host to the affected host.

If the preceding methods do not resolve the issue:

 Verify and ensure that there is sufficient free space on root folder by running this command
    vdf -h

Check the locker location by running this command:
    ls -ltr /

 If the locker is not pointing to a datastore:
Rename the old locker file by running this command:
    mv /locker /locker.old

Recreate the symbolic link by running this command:
    ln -s /store /locker
Tags # VMware Continue Reading
By v�o l�c No comments:
Labels:

Why VM creation in KVM is failing with error: libvirtError: Unable to read from monitor: Connection reset by peer on Red Hat Enterprise Liunx 6.5?

Wednesday, February 24, 2016 0
Issue

    While creating/ starting VM, getting below error:

Unable to complete install: 'Unable to read from monitor: Connection reset by peer'

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 44, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/create.py", line 1928, in do_install
    guest.start_install(False, meter=meter)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1229, in start_install
    noboot)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1297, in _create_guest
    dom = self.conn.createLinux(start_xml or final_xml, 0)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 2686, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: Unable to read from monitor: Connection reset by peer

Resolution

    Add Display/ video drivers spice, virtio, qxl in the VM configuration.
    Set loopback address eth-lo to up.

Root Cause

    Display hardware virtio, spice, qxl were not enabled or added in VM configuration.
    Loopback interface eth-lo was down to make localhost connection.
Tags # Linux Virtualization Continue Reading
By v�o l�c No comments:
Labels:

User execution of su fails with error "bash: /bin/su: Permission denied"

Wednesday, February 24, 2016
Issue

    After updating the system, no one (including root) can use su without getting bash: /bin/su: Permission denied errors, but ssh and terminal logins work as normal. SELinux is disabled and no new log entries are generated in /var/log/secure or /var/log/messages when root tries to run /bin/su, which has appropriate permissions, file size, and md5sum. The /etc/nsswitch.conf, /etc/pam.d/system-auth, and /etc/pam.d/su files have all been replaced with default versions and still the problem remains.

Raw

    [root@localhost ~]# ls -l /bin/su
    -rwsr-xr-x 1 root root 28336 May 11  2011 /bin/su
    [root@localhost ~]# /bin/su -
    bash: /bin/su: Permission denied
    [root@localhost ~]# strace -tvfs 2048 -o su_strace_root.log su -lc exit
    strace: exec: Permission denied
    <truncacted strace output:>
    28530 15:17:38 execve("/bin/su", ["su", "-lc", "exit"], ... "_=/usr/bin/strace"]) = -1 EACCES (Permission denied)

Resolution
The one customer that reported this issue eventually resolved it by realizing that the system had a 3rd-party LDAP application installed that was no longer being used but which hadn't been permanently disabled and was therefore initialized after the reboot. Customer quote:

    Issue was basically with an LDAP client called TAMOS running on the system was causing this authorization issues.
    I hit that because after reboot all the disabled TAMOS processes started and not allowing us to authorize to su -.
    Now TAMOS is been uninstalled from the system and we are good now.

If seeing a similar problem, this particular cause could be confirmed or ruled out by checking if the kail kernel module is loaded or if there are TAMOS log entries on the system.

Raw

$ lsmod | grep kail
kail                  124328  1 kaznmod,[permanent]

$ egrep 'TAMOS|kail' /var/log/dmesg
kail: no version for "struct_module" found: kernel tainted.
kail: no version magic, tainting kernel.
TAMOS: INFO kail_init_module kernel module initializing
TAMOS INFO: kail_kernel.c: init_module OK:  Perm2rw
TAMOS: INFO kail_kernel kailPerm2rw 
 kail_kernel change_perm loop: 0
 kail_kernel change_perm loop: 1
 kail_kernel change_perm loop: 0
 kail_kernel change_perm loop: 1
TAMOS INFO: nct_async.c  TIMEDWAIT_THREAD NOT enabled
TAMOS INFO: nct_async.c  TRACE_AREXIT enabled
TAMOS INFO: nct_asyncInit pre: FFFFFFFF88512A50:FFFFFFFF88512A68:FFFFFFFF88512A60
TAMOS INFO nct_init.. scanning procs
TAMOS INFO: nct_init LSM enabled
TAMOS INFO: ignoring NR call index: 1000  at kail index: 3
kail_kernel kailPerm2ro
 kail_kernel change_perm loop: 0
 kail_kernel change_perm loop: 1
TAMOS INFO:kail_kernel perm2ro done: 0
 kail_kernel change_perm loop: 0
 kail_kernel change_perm loop: 1
TAMOS INFO:kail_kernel perm2ro done: 0
TAMOS INFO: setting up as a security module
TAMOS INFO: nct_arThread entering base counter local: 0: FFFF810234A75DEC global: 0: FFFFFFFF88512A48
TAMOS INFO: nct_arThread entering base counter local: 0: FFFF810234A73DEC global: 1000: FFFFFFFF88512A48
TAMOS INFO: nct_arThread entering base counter local: 0: FFFF810234A71DEC global: 2000: FFFFFFFF88512A48
TAMOS INFO: nct_arThread entering base counter local: 0: FFFF810234A6FDEC global: 3000: FFFFFFFF88512A48
TAMOS INFO: kaznmod successfully inserted (30:(10:0) of 6) as a security framework and overlaying.
TAMOS INFO: Initialization complete
Tags # Linux General Continue Reading
By v�o l�c
Labels: