This is the discussion thread for ClearOS 7.1 Beta 3 which was released on 31 July 2015. If you have downloaded a copy of this release and have bugs, issues, or feedback, please feel free to report it here.
To review the release notes, click here.
To download your copy, click here.
With this version we have some major introductions. You can install and run Samba Directory now as your directory server. There is also a powerful events system which allows you to get notified if your box does things that match a certain criteria.
To review the release notes, click here.
To download your copy, click here.
With this version we have some major introductions. You can install and run Samba Directory now as your directory server. There is also a powerful events system which allows you to get notified if your box does things that match a certain criteria.
Share this post:
Responses (48)
-
Accepted Answer
Hi all,
For those of you upgrading from earlier betas, please run the following commands:
yum clean all
yum --disablerepo=* --enablerepo=clearos,clearos-updates,clearos-centos upgrade
yum clean all
yum upgrade
We moved to a shiny new build system which led to a change in the layout of the yum repositories. Doing the usual yum upgrade will complain about repositories that no longer exist, hence the requirement for the more complicated command above. -
Accepted Answer
-
Accepted Answer
Did some trouble shooting with Samba simple networking and my Windows 10 PC. Found this in the /var/log/samba/ directory in one of all the log files that seems to be the standard one being written to during the startup of the smb service. This is the entire startup sequence:
[2015/09/23 22:07:23.165334, 1] ../source3/param/loadparm.c:2387(service_ok)
NOTE: Service printers is flagged unavailable.
[2015/09/23 22:07:23.165373, 1] ../source3/param/loadparm.c:2387(service_ok)
NOTE: Service print$ is flagged unavailable.
[2015/09/23 22:07:23.165405, 1] ../source3/param/loadparm.c:2387(service_ok)
NOTE: Service netlogon is flagged unavailable.
[2015/09/23 22:07:23.165443, 1] ../source3/param/loadparm.c:1956(map_parameter)
Unknown parameter encountered: "force directory security mode"
[2015/09/23 22:07:23.165452, 0] ../source3/param/loadparm.c:3159(lp_do_parameter)
Ignoring unknown parameter "force directory security mode"
[2015/09/23 22:07:23.165460, 1] ../source3/param/loadparm.c:2387(service_ok)
NOTE: Service profiles is flagged unavailable.
[2015/09/23 22:07:23.165583, 0] ../source3/smbd/server.c:1269(main)
standard input is not a socket, assuming -D option
[2015/09/23 22:07:23.177764, 0] ../lib/util/become_daemon.c:136(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to fetch record!
I realize this is just one very small piece of a larger puzzle. But maybe it can trigger someone to ask the right questions...
Edit: I should also mention that from the very same Windows 10 PC I can access all my ClearOS 6 servers that also has samba simple networking running without any problems.
/Fred -
Accepted Answer
..... and for those of us who could not read the thread while it was password protected and upgraded anyway what do we do? I am now getting:
This is following what appeared to be a full upgrade. Do I have a problem with the Marketplace repo or anything else?[root@clearos7vm ~]# yum upgrade
Loaded plugins: clearcenter-marketplace, fastestmirror
ClearCenter Marketplace: fetching repositories...
ClearCenter Marketplace: OS vendor not found.
Loading mirror speeds from cached hostfile
* clearos: www.mirrorservice.org
* clearos-centos: repo.bigstepcloud.com
* clearos-centos-fasttrack: repo.bigstepcloud.com
* clearos-centos-updates: repo.bigstepcloud.com
* clearos-contribs: www.mirrorservice.org
* clearos-epel: mirrors.ukfast.co.uk
* clearos-infra: www.mirrorservice.org
* clearos-updates: www.mirrorservice.org
No packages marked for update -
Accepted Answer
-
Accepted Answer
Just a quick follow up - as I've been poking around in the Beta2 the repo configurations were not updated in my instance and had to manually rename/move the following config files. The rest of the process went through as expected following Peters commands below.
mv /etc/yum.repos.d/clearos-epel.repo.rpmnew /etc/yum.repos.d/clearos-epel.repo
mv /etc/yum.repos.d/clearos.repo.rpmnew /etc/yum.repos.d/clearos.repo
Updating : clearos-release-7-1.9.v7.x86_64 13/258
warning: /etc/yum.repos.d/clearos-epel.repo created as /etc/yum.repos.d/clearos-epel.repo.rpmnew
warning: /etc/yum.repos.d/clearos.repo created as /etc/yum.repos.d/clearos.repo.rpmnew -
Accepted Answer
-
Accepted Answer
I've just installed clean 7.1b3, and am missing a bunch of apps.
I have 43 listed in the market place, but ftp, web server, and lots of other apps are missing.
I do have the basics, dhcp, dns firewall, and just prior to this, I installed the beta 2 and got exactly the same 43 apps listed, with the same ones missing.
Should I have more than 43 listed or have to do something to grain access to the rest ?
Regards
Rich -
Accepted Answer
Hi
I have installed 7.1 beta 3, installed all necessary apps (including several paid ones) and all is well, - apart from the firewall giving a notification that it is in "Panic Mode". I can see from Googling that this is a known occasional problem but cannot see how to resolve it. It does sound rather critical.......
Any thoughts gratefully received.
Thanks! -
Accepted Answer
-
Accepted Answer
Hi Tim
The response to "firewall-start -d" is below - To my rather untutored eye nothing jumps out as being obviously amiss?
[root@gateway ~]# firewall-start -d
firewall: Starting firewall...
firewall: Loading environment
firewall: FW_MODE=gateway
firewall: FW_PROTO=ipv4
firewall: WANIF=ppp0
firewall: LANIF=enp2s0
firewall: SYSWATCH_WANIF=ppp0
firewall: WIFIF=
firewall: BANDWIDTH_QOS=on
firewall: QOS_ENGINE=internal
firewall: SQUID_USER_AUTHENTICATION=off
firewall: SQUID_TRANSPARENT=on
firewall: IPSEC_SERVER=off
firewall: PPTP_SERVER=off
firewall: ONE_TO_ONE_NAT_MODE=type2
firewall: RULES=||0x10000008|6|192.xxx.xxx.xxx|8xxx|8xxx
firewall: RULES=ssh_server||0x10000001|6||22|
firewall: RULES=webconfig||0x10000001|6||81|
firewall: FW_DROP=DROP
firewall: FW_ACCEPT=ACCEPT
firewall: IPBIN=/sbin/ip
firewall: TCBIN=/sbin/tc
firewall: MODPROBE=/sbin/modprobe
firewall: RMMOD=/sbin/rmmod
firewall: SYSCTL=/sbin/sysctl
firewall: IFCONFIG=/sbin/ifconfig
firewall: PPTP_PASSTHROUGH_FORCE=no
firewall: EGRESS_FILTERING=off
firewall: PROTOCOL_FILTERING=off
firewall: Detected WAN role for interface: ppp0
firewall: Detected LAN role for interface: enp2s0
firewall: Setting kernel parameters
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh1=512 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh2=2048 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh3=4096 >/dev/null = 0
firewall: /sbin/sysctl -w net.netfilter.nf_conntrack_max=524288 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.tcp_syncookies=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.log_martians=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null = 0
firewall: Detected WAN info - ppp0 xxx.xxx.xxx.xxx on network xxx.xxx.xxx.xxx/32
firewall: Detected LAN info - enp2s0 192.xxx.xxx.xxx on network 192.xxx.xxx.xxx/24
firewall: Using gateway mode
firewall: Loading kernel modules
firewall: /sbin/modprobe ipt_LOG >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_REJECT >/dev/null 2>&1 = 0
firewall: /sbin/modprobe nf_conntrack_ipv4 >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_IMQ >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_generic >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_mppe >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_conntrack_pptp >/dev/null 2>&1 = 0
firewall: Loading kernel modules for NAT
firewall: /sbin/modprobe ipt_MASQUERADE >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_nat_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_h323 >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_tftp >/dev/null 2>&1 = 0
firewall: Setting default policy to DROP
firewall: Defining custom chains
firewall: iptables -t filter -A DROP-lan -j DROP
firewall: Running blocked external rules
firewall: Running custom rules
firewall: Running common rules
firewall: iptables -t filter -A INPUT -m state --state INVALID -j DROP
firewall: iptables -t filter -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
firewall: iptables -t filter -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
firewall: iptables -t filter -A INPUT -i ppp0 -s 127.0.0.0/8 -j DROP
firewall: iptables -t filter -A INPUT -i ppp0 -s xxx.xxx.xxx.xxx/16 -j DROP
firewall: iptables -t filter -A INPUT -i lo -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o lo -j ACCEPT
firewall: iptables -t filter -A INPUT -i pptp+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o pptp+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i tun+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o tun+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i enp2s0 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o enp2s0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type 0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type 3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type 8 -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p icmp --icmp-type 11 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o ppp0 -p icmp -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p udp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p tcp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o ppp0 -p udp --sport bootpc --dport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o ppp0 -p tcp --sport bootpc --dport bootps -j ACCEPT
firewall: Running incoming denied rules
firewall: Running user-defined incoming rules
firewall: Allowing incoming tcp port/range 22
firewall: iptables -t filter -A INPUT -p 6 -d xxx.xxx.xxx.xxx --dport 22 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o ppp0 -s xxx.xxx.xxx.xxx --sport 22 -j ACCEPT
firewall: Allowing incoming tcp port/range 81
firewall: iptables -t filter -A INPUT -p 6 -d xxx.xxx.xxx.xxx --dport 81 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o ppp0 -s xxx.xxx.xxx.xxx --sport 81 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -o tun+ -j ACCEPT
firewall: Running default incoming allowed rules
firewall: iptables -t filter -A OUTPUT -o ppp0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: iptables -t filter -A INPUT -i ppp0 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: Running user-defined port forward rules
firewall: Port forwarding tcp 8xxx to 192.xxx.xxx.xxx 8xxx
firewall: iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p 6 --dport 8xxx -j DNAT --to 192.xxx.xxx.xxx:8xxx
firewall: iptables -t nat -A POSTROUTING -d 192.xxx.xxx.xxx -p 6 -s 192.xxx.xxx.xxx/255.255.255.0 --dport 8xxx -j SNAT --to 192.xxx.xxx.xxx
firewall: iptables -t filter -A FORWARD -o enp2s0 -p 6 -d 192.xxx.xxx.xxx --dport 8xxx -j ACCEPT
firewall: /sbin/rmmod imq 2>/dev/null = 256
firewall: /sbin/tc qdisc del dev ppp0 root >/dev/null 2>&1 = 512
firewall: Initializing bandwidth manager
firewall: Bandwidth manager is enabled but no WAN interfaces configured!
firewall: Running 1-to-1 NAT rules
firewall: Running user-defined proxy rules
firewall: Content filter is online
firewall: Web proxy is online
firewall: iptables -t nat -A PREROUTING -p tcp -d 192.xxx.xxx.xxx --dport 80 -j ACCEPT
firewall: iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j ACCEPT
firewall: Enabled proxy+filter transparent mode for filter port: 8080
firewall: iptables -t nat -A PREROUTING -i enp2s0 -p tcp --dport 80 -j REDIRECT --to-port 8080
firewall: Blocking proxy port 3128 to force users through content filter
firewall: iptables -t nat -I PREROUTING -p tcp ! -s 127.0.0.1 --dport 3128 -j REDIRECT --to-port 82
firewall: Running multipath
firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del prio ${PRIO%%:*} 2>/dev/null; done = 0
firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del $RULE prio ${PRIO%%:*} 2>/dev/null; done = 0
firewall: /sbin/ip route flush table 50 = 0
firewall: /sbin/ip route flush cache = 0
firewall: Enabling NAT on WAN interface ppp0
firewall: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
firewall: Running user-defined outgoing block rules
firewall: Running default forwarding rules
firewall: iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: iptables -t filter -A FORWARD -i enp2s0 -j ACCEPT
firewall: iptables -t filter -A FORWARD -i pptp+ -j ACCEPT
firewall: iptables -t filter -A FORWARD -i tun+ -j ACCEPT
firewall: Execution time: 0.366s -
Accepted Answer
I just followed the link in webconfig (/app/support) to the community forums. It took me to a blank page (no formatting or anything) at
http://www.clearfoundation.com/forums -
Accepted Answer
Tim Burgess wrote:
@ric9887, in the beta there are still missing apps in the marketplace, you can however install them from the command line.. try 'yum list app-*'
Yup! The repository structure changed quite a bit in beta 3 and the Marketplace UI hasn't caught up yet. We should have Marketplace up-to-date next week. -
Accepted Answer
Hi Chris,
Chris wrote:
I have installed 7.1 beta 3, installed all necessary apps (including several paid ones) and all is well, - apart from the firewall giving a notification that it is in "Panic Mode". I can see from Googling that this is a known occasional problem but cannot see how to resolve it. It does sound rather critical.......
Search for the word "panic" in /var/log/system - there should be some details in that log. Feel free to send the log to us for analysis. Send it to [email protected]. -
Accepted Answer
It'd be nice if somewhere there was a link between the marketplace web and the actual services or whatever. For example,
What is the package name for yum?
Is it a service or initiated by cron?
Is there more customization that can be done, e.g. by editing a config.local file?
Where would we see logs or results from the app; how can we tell if it is running or working as advertised.
Case in point. I have sshd listening on port 22 (yeah, I know, the default is bad). There are 3417 messages about Failed login for root at that port. Intrusion Prevention System appears to be installed and running. But no IP Addresses have been added to the blocked list. Surely 3,417 would have triggered some response by now? So how do I troubleshoot, or learn whether my expectations are too high? Or is the marketplace app that was installed a placeholder during the beta and not supposed to be working?
I don't mind tracking down information, except when it seems all the clues to how to learn more have been eliminated, in favor of an app with three buttons: 'Details', 'Uninstall', and 'Rate App', where 'details' basically says very little other than how wonderful the app is.
Maybe just have it be a footnote at the bottom of the page, if you don't want mere mortals to know what is going on? -
Accepted Answer
I've been working on getting some things working with ipv4 with tunnel vision, but I hope to get to IPv6 eventually. I notice the DSL modem has passed along a routable IPv6 address to the server, but as far as I can tell that's about all that has happened. There seem to be IPv6 settings in /etc/sysconfig/network-scripts, and ip6tables seems to be blocking everything except outbound and the udp port 67/68 pair, but 'ping6 google.com' replies 'connect: Network is unreachable.' The firewall output posted here recently doesn't seem to have any ipv6 settings.
Am I on my own trying to get it to work, or configure ip6tables firewall? Is it maybe disabled and not supported in ClearOS 7 (or what does "IPv6 Ready" mean)? Will the CentOS 7 instructions for getting IPv6 working be appropriate, or will they interfere with something implemented or planned for clearos webconfig?
(Sorry if this has been answered elsewhere...) -
Accepted Answer
Merrill Cook wrote:
The current default IDS does not do any sensible blocking. You'll need a subscription for that or you'll have to use Emerging Threats or some other source of rules. You should also install fail2ban, but even that is not brilliant as it will only block repeat offenders on the same IP. I have found they round-robin the IP address going through a subnet so I was often getting no more than one probe from a single IP, but I had a lot of probes from the /24 subnet. No IDS/IPS system is going to pick up on this sort of attack.
<snip>
Case in point. I have sshd listening on port 22 (yeah, I know, the default is bad). There are 3417 messages about Failed login for root at that port. Intrusion Prevention System appears to be installed and running. But no IP Addresses have been added to the blocked list. Surely 3,417 would have triggered some response by now? So how do I troubleshoot, or learn whether my expectations are too high? Or is the marketplace app that was installed a placeholder during the beta and not supposed to be working?
Can I strongly suggest that, if it is only you requiring ssh access, you do it through OpenVPN and close port 22 to the internet. It is just too risky leaving it open. -
Accepted Answer
Well, it looks like fail2ban is in the clearos repositories, but it isn't really compatible with the clearos firewall, right? (If a change is made in the firewall, it redoes iptables based on its own private configuration, ignoring anything done by the iptables command outside of webconfig.) I should think the repository would mark it incompatible with the clearos firewall, or include some accommodation so fail2ban's blocking doesn't stop working when the firewall is reset.
So how come the default (non-subscription) rules for intrusion protection don't handle simple things like multiple failed login attempts on sshd? I can see the subscription rules being more comprehensive and responding to more recent or emerging threats, but sshd failures have been around for a decade or more. Why wouldn't the default non-subscription rules protect against basic or older/traditional threats? (I know, that's probably rhetorical or a question for the sales department ...)
Are you saying that openvpn is somehow technically better than ssh, or just that the script kiddies haven't figured out what its default port is yet? Maybe it has logic in place to block IP addresses that try to abuse it? If both ssh and openvpn use public keys (e,g, certificates) to authenticate (both ways) rather than passwords, I should think they would be about equal as far as resisting password guessing or other connections that put extra load on the server and add lines to the logs. In other words, if both are on random ports and use exclusively public keys/certificates for authentication, how would openvpn be better than sshd?
Also, since this is a beta forum, I'm trying to stick to defaults. We all know that best practice requires choosing a random port for sshd and sticking with it or randomizing it from time to time; but the default (beta) distro doesn't do that, and that's what I am commenting on. I figure if I did something minimal like move sshd to a different port, 99.9% of the failures in my logs would disappear immediately, but that's not the default.
It is fairly easy to change the port and password setting in webconfig, so it's not a huge problem. I'll get around to testing that eventually. -
Accepted Answer
-
Accepted Answer
There is an issue with fail2ban and the ClearOS firewall as every time the firewall restarts it wipes the fail2ban rules as you point out. This is easily circumvented by adding a line "service fail2ban reload" to either /etc/clearos/firewall.d/local or /etc/clearos/firewall.d/10-anyname (making it executable, also any number up to at least 99). This way all the fail2ban rules get reloaded. One great thing with the 0.9.x release of fail2ban (only recently released) over 0.8.x is that it builds a database of banned IP's so it rebans them after the firewall is restarted. Before a restart would lose all the bans.
I don't know the full story about the IPS rules but they are an opensource rule set which has not been updated in years. They can easily be amended to get them to block, if you want and there are a couple of ways. One is to create a file, /etc/sid-block.map and add rules like:
The first number is the rule number (sid). Then you have to decide if you are blocking the source or destination IP of the rule and for how long. Be careful with the src/dst flag. Often password failure rules track the return "login failed" message so you want to block the destination and not the source. The other way is to edit the rules directly, adding something like " fwsam: src, 24 hours;" to the end of each rule. Have a look at the Emerging Threats block rules for examples of the fwsam method.2008578: src, 1 day
2100368: src, 1 day
2100369: src, 1 day
I am not saying OpenVPN is technically better than SSH. They do not compare as they perform different functions. With OpenVPN you would still have to use SSH, but once you connect to your server by OpenVPN you effectively are SSH'ing into the LAN IP of the server and not the WAN IP and the LAN IP is never exposed to the public. In the ClearOS implementation of OpenVPN authentication is by certificate and user/pass. You control your certificates so will (should) know if one has gone missing. As such it is way more secure than the SSH set up of default user (root)/pass and certificates are not very friendly for script kiddies. SSH can be secured more using things like pre-shared keys and so on, but why bother when OpenVPN does the job better by default. I agree that OpenVPN and SSH, both using public keys/certificates for authentication probably are pretty similar but the default configuration for SSH does not use public keys.
If you are trying to stick to defaults use SSH through OpenVPN. Both can then be quite happily left with their default configurations. -
Accepted Answer
-
Accepted Answer
If it is deprecated but working, why change now? I don't know anything about systemctl, but if you are worried about the service command you can use "/etc/rc.d/init.d/fail2ban reload" to reload fail2ban.
[edit]
Anyway, on systemctl systems it looks like the system command has been modified to call systemctl. See here for more info.
[/edit] -
Accepted Answer
I'm trying to set it up and not having any luck getting to the webgui. I have it installed and in gateway mode. My external nic is working and I can run a speed test. My internal nic must be working because I can point internal machine to it as a gateway and they have internet access. I can't connect to the webgui though. whats the url? I have tried https://machineIP:1501/app and just 1501, is it a different port or url?
Thanks,
Levi
EDIT
It was port 82, got it working -
Accepted Answer
@Chris.
Thanks for the logs! The firewall panic is happening here:
Aug 14 15:10:10 gateway firewall: Web proxy is online
Aug 14 15:10:10 gateway firewall: Running firewall panic mode...
That issue was likely recently resolved. The firewall will do different things based on the status of the web proxy server. In ClearOS 7, the Squid Web Proxy pid file (/var/run/squid.pid) is always there even when Squid is not running. No daemon behaves like this in ClearOS 6 (and most don't in ClearOS 7). We had to change the way the web proxy detection worked and those changes were pushed to the updates repository yesterday. -
Accepted Answer
Sorry if this does not belong here. I haven’t caught onto the jest of the new forums.
Anyway I needed to upgrade hardware 32 >64 bit and thought this would be a good opportunity to test out 7.1B Community. The install goes to around 70% complete and stopped with "Unknown Error" With the options to report to what looks like redhat or just plain quit. Tried the B3 and later an earlier version with the same outcome. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Matthew Lavigne wrote:
Has anyone seen a complete fail to install on Enterprise level hardware? I have an IBM 3650M4 that the install gets all the way through installation but pukes on the last bit, likely on the grub install or in that space. Reboot gets me GRUB> and that is it.
Matthew
I had no issues getting through installation with my HP DL380 G6. The account manager didn't load and won't allow me to remove or reinstall it so I"ll probably try to reinstall the whole thing this weekend. -
Accepted Answer
Bob Rose wrote:
Sorry if this does not belong here. I haven’t caught onto the jest of the new forums.
Anyway I needed to upgrade hardware 32 >64 bit and thought this would be a good opportunity to test out 7.1B Community. The install goes to around 70% complete and stopped with "Unknown Error" With the options to report to what looks like redhat or just plain quit. Tried the B3 and later an earlier version with the same outcome.
Are there any other details in the error message? Is there any trace output? Feel free to send a screenshot to [email protected] -- we'll definitely take a look. -
Accepted Answer
Eric Anderson wrote:
i didn't see miniupnpd on the installation disk, does it exist in one of the repos?
It's not available. That's a pet project that I do when I can get around to it. I have made the changes for ClearOS 7 (here), but I haven't yet pushed the package through the build system. -
Accepted Answer
Matthew Lavigne wrote:
Has anyone seen a complete fail to install on Enterprise level hardware? I have an IBM 3650M4 that the install gets all the way through installation but pukes on the last bit, likely on the grub install or in that space. Reboot gets me GRUB> and that is it.
That definitely sounds like a grub install issue. The 3650 M3 hardware is Red Hat certified for version 6, but there's nothing shown for the 3650 M4 though. -
Accepted Answer
Hi,
Just (today) install a new ClearOS7beta environment on virtual box using the beta3 DVD iso as I have used before. None of the previous installs have been possible to work with my Windows PCs omn my LAN (I am not using any Primary Domain Controller or anything like that, just lan windows networking on a simple home LAN). With my ClearOS6 PCs it works fine but not on ClearOS7.
The install today was however a bit different: When I selected to install OpenLDAP, I got an error message after what looked as an installationInstall failed, please check your network connection.
I do have network connection (a pretty good one too... so that should not be the problem). After that whenever I try to go to the "User" or "Group" setting in WebConfig, this error message turns up. There seems to be no way to cure this.
When I then tried to install The Directory Services from the Market Place I got the following error:
Exception: [u'ERROR with transaction check vs depsolve:', 'nss-pam-ldapd is needed by app-openldap-directory-core-1:2.1.6-1.v7.noarch', 'pam_ldap is needed by app-openldap-directory-core-1:2.1.6-1.v7.noarch', 'tdb-tools >= 1.2.9 is needed by app-samba-core-1:2.1.14-1.v7.noarch']
Anyone seen this behaviour? As it is now, I cannot create any other user that root on this machine...
EDIT:
I have now done more new installs I have these two observations:
1. If I create a user (besides root) in the "centos" setup/installation wizard when ClearOS is to be installed from DVD (wich is natural since the options shows up), then that user will NOT work with LDAP and therefore this user cannot be used for Windows Networking etc. So avoid this!
2. If I at the first startup of ClearOS choose to skip the app installation wizard, and after the installation go to the marketplace to install directory service it will fail as described above. However, if I for instance select to run the app installation wizard by function and select directory service, LDAP will install correctly.
/Fred -
Accepted Answer
Fredrik Fornstad wrote:
Hi,
...
Anyone seen this behaviour? As it is now, I cannot create any other user that root on this machine...
EDIT:
I have now done more new installs I have these two observations:
1. If I create a user (besides root) in the "centos" setup/installation wizard when ClearOS is to be installed from DVD (wich is natural since the options shows up), then that user will NOT work with LDAP and therefore this user cannot be used for Windows Networking etc. So avoid this!
2. If I at the first startup of ClearOS choose to skip the app installation wizard, and after the installation go to the marketplace to install directory service it will fail as described above. However, if I for instance select to run the app installation wizard by function and select directory service, LDAP will install correctly.
/Fred
Fred,
I did a reinstall yesterday and noted what you have also found: if you create a user during install then there are issues with LDAP (the account manager) giving the error that you mention. This disables several other functions/apps for the server as they are dependent on the account mgr. My reinstall did nothing to change the dashboard views (only column one is usable so I can only see five items as the number of rows is fixed at five).
Mike -
Accepted Answer
One item/feedback/question:
Does ClearOS 7 now include the ability to have a User Portal or a built in bypass method for the content filter or is it basically unchanged from Clear OS 6?
Apparently it was on the Clear OS 6 roadmap per this thread:
https://sfj48-fkj200.heiksthsd.cf/clearfoundation/social/community/content-filter-bypass-user-level
Thanks -
Accepted Answer
Attempted to install "serviio media server" and got the following:
Exception: [u'ERROR with transaction check vs depsolve:', 'libvdpau.so.1()(64bit) is needed by ffmpeg-2.8-1.v7.x86_64', 'libgsm.so.1()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libopus.so.0()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libschroedinger-1.0.so.0()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libspeex.so.1()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libtheoradec.so.1()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libtheoradec.so.1(libtheoradec_1.0)(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libtheoraenc.so.1()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libtheoraenc.so.1(libtheoraenc_1.0)(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libva.so.1()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libvorbis.so.0()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libvorbisenc.so.2()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'libwavpack.so.1()(64bit) is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'opus is needed by ffmpeg-libavcodec_56-2.8-1.v7.x86_64', 'dcraw >= 8.96 is needed by serviio-1.5.2-4.v7.noarch', 'java-1.8.0-openjdk is needed by serviio-1.5.2-4.v7.noarch', 'libass.so.5()(64bit) is needed by ffmpeg-libavfilter_5-2.8-1.v7.x86_64', 'libbs2b.so.0()(64bit) is needed by ffmpeg-libavfilter_5-2.8-1.v7.x86_64', 'libopencv_core.so.2.4()(64bit) is needed by ffmpeg-libavfilter_5-2.8-1.v7.x86_64', 'libopencv_imgproc.so.2.4()(64bit) is needed by ffmpeg-libavfilter_5-2.8-1.v7.x86_64', 'libbluray.so.1()(64bit) is needed by ffmpeg-libavformat_56-2.8-1.v7.x86_64', 'libgnutls.so.28()(64bit) is needed by ffmpeg-libavformat_56-2.8-1.v7.x86_64', 'libgnutls.so.28(GNUTLS_1_4)(64bit) is needed by ffmpeg-libavformat_56-2.8-1.v7.x86_64', 'libgnutls.so.28(GNUTLS_3_0_0)(64bit) is needed by ffmpeg-libavformat_56-2.8-1.v7.x86_64', 'libmodplug.so.1()(64bit) is needed by ffmpeg-libavformat_56-2.8-1.v7.x86_64', 'libcaca is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libcaca.so.0()(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libcdio_cdda.so.1()(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libcdio_cdda.so.1(CDIO_CDDA_1)(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libcdio_paranoia.so.1()(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libcdio_paranoia.so.1(CDIO_PARANOIA_1)(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libdc1394.so.22()(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libopenal.so.1()(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libpulse.so.0()(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libpulse.so.0(PULSE_0)(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libv4l2.so.0()(64bit) is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'openal-soft is needed by ffmpeg-libavdevice_56-2.8-1.v7.x86_64', 'libsoxr.so.0()(64bit) is needed by ffmpeg-libswresample_1-2.8-1.v7.x86_64'] -
Accepted Answer
MikeCindi,
Thanks for trying Serviio. Unfortunately the ClearOS team moved around some of the needed libs to prepare for the final release. In this process libcdio_paranoia URL got corrupted. This has now been corrected (I think). Why it should work now if you try again.
/Fred
EDIT: I just did a fresh installation of ClearOS 7 Beta 3 and installed Serviio successfully from the Marketplace. It works now. -
Accepted Answer
Fredrik Fornstad wrote:
MikeCindi,
Thanks for trying Serviio. Unfortunately the ClearOS team moved around some of the needed libs to prepare for the final release. In this process libcdio_paranoia URL got corrupted. This has now been corrected (I think). Why it should work now if you try again.
/Fred
EDIT: I just did a fresh installation of ClearOS 7 Beta 3 and installed Serviio successfully from the Marketplace. It works now.
I got the same error when I tried again just now. I then tried another app but it too would not install. Ran "yum update" and tried again but still no success. -
Accepted Answer
MikeCindi wrote:
I got the same error when I tried again just now. I then tried another app but it too would not install. Ran "yum update" and tried again but still no success.
First tip: There are a number of packages, like ftp and backuppc that cannot be installed right now due to missing dependencies. When you try to install Serviio (app-serviio), then to ONLY that. Do NOT try to install several other packages at the same time.
Another thing: Yesterday a number of updates were released for beta 3. If yum update has not resulted in any updates the last couple of days for you, I would suspect that you have got a faulty setup of the yum repos. Have you changed anything?
Try to clean yum and marketplace cache by doing this as root on the command line:
Results?yum clean all
rm /var/clearos/framework/cache/* -rf
yum upgrade
Can you install Serviio now?
If you really want Serviio badly for testing here is a "workaround". Type this at command line (as root):
yum install app-serviio
If you still get missing "packages" error then you can "escalate" it a bit by doing:
. If it works now then for some reason clearos-contribs-verified is not enabled by default on your machine which it should be. If you get an error that there is no repo "clearos-contribs-verified" then you have a setup problem with yum.yum install app-serviio --enablerepo=clearos-contribs-verified
As last resort this should work:
. If that does not work: STOP and consider to reinstall your machine.yum install app-serviio --enablerepo=clearos-centos,clearos-epel
/Fred
Edit: Corrected the name of the clearos-centos repo (it is not clearos-core).
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »