[opensuse-autoinstall] installation source not at root of DVD?
Hi, I have a question regarding installation from CD/DVD. Is it possible to have the installation source at a DVD where the product files do not exist at the root of the DVD? My DVD layout looks like that: /boot, /grub, /inst/media/sles/10/sp2/i586/CD1, /inst/media/oes2/sp1/i586/CD1 I'm using grubs eltorito stage to make the image bootable - that works fine with network installation sources. The content of SLES10-SP2 DVD is on the media below /inst/media/sles/10/sp2/i586/CD1 I tried install=cd:/hdc path=/dev/hdc/inst/media/sles/... install=cd:/dev/hdc patch=/dev/hdc/inst/media/sles/... ... But it didn't work. I'm wondering if it is possible to accomplish this task at all. /dev/hdc as path argument seems wrong for me cause /dev/hdc is a block device which should be mounted. I'm also thinking about mounting the DVD via exec parameter at bootloader prompt and point the installation source to the mountpoint. But at first I would like to hear your advises. Thanks, Jochen -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Hi, solved the problem. Should have read the documentation more carefully. intall=cd:///inst/media/sles/10/sp2/i586/CD1 does it Jochen
On 3/12/2009 at 01:34 PM, in message <49B90F7C0200009700017200@vpn.id2.novell.com>, "Jochen Schaefer"
wrote: Hi, I have a question regarding installation from CD/DVD. Is it possible to have the installation source at a DVD where the product files do not exist at the root of the DVD?
My DVD layout looks like that: /boot, /grub, /inst/media/sles/10/sp2/i586/CD1, /inst/media/oes2/sp1/i586/CD1 I'm using grubs eltorito stage to make the image bootable - that works fine with network installation sources.
The content of SLES10-SP2 DVD is on the media below /inst/media/sles/10/sp2/i586/CD1
I tried install=cd:/hdc path=/dev/hdc/inst/media/sles/... install=cd:/dev/hdc patch=/dev/hdc/inst/media/sles/... ... But it didn't work.
I'm wondering if it is possible to accomplish this task at all. /dev/hdc as path argument seems wrong for me cause /dev/hdc is a block device which should be mounted.
I'm also thinking about mounting the DVD via exec parameter at bootloader prompt and point the installation source to the mountpoint. But at first I would like to hear your advises.
Thanks, Jochen
-- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
I use something like this in my 11.1 config file for my ldap clients
<ldap>
Henrik Schmidt wrote:
/etc/ldap.conf is auto generated :
# OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls ldap_version 3 pam_filter objectClass=posixAccount nss_base_passwd ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de nss_base_shadow ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de nss_base_group ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de tls_checkpeer no #ssl on
Some additional values you may also want in /etc/ldap.conf nss_map_attribute uniqueMember member timelimit 15 bind_timelimit 15 bind_policy soft
Two questions :
1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default.
tls_checkpeer is set to 'no' because you haven't defined tls_cacertdir or tls_cacertfile which are required for peer verification. This is described in nss_ldap(5).
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c.
Case doesn't matter for these identifiers but it's common practice when an identifier is a concatenation of multiple words to use upper case for the first letter the successive words. It's lends to the readability but that is it. -- Darin Perusich Unix Systems Administrator Cognigen Corporation 395 Youngs Rd. Williamsville, NY 14221 Phone: 716-633-3463 Email: darinper@cognigencorp.com -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Darin Perusich schrieb:
Two questions :
1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default.
tls_checkpeer is set to 'no' because you haven't defined tls_cacertdir or tls_cacertfile which are required for peer verification. This is described in nss_ldap(5).
Wrong. I just want to use the default which is explained in /etc/ldap.conf : # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is to use libldap's default behavior, which can be configured in # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes I just don't want to use 'no' and some script is forcing this upon me. No need for tls_cacertdir or other tls settings according to the text above.
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c.
Case doesn't matter for these identifiers but it's common practice when an identifier is a concatenation of multiple words to use upper case for the first letter the successive words. It's lends to the readability but that is it.
objectclass is used multiple times in ldap.conf like #pam_filter objectclass=aixAccount, there is just a single case with upper C and i asked myself why. Looked like some anomaly. -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
Henrik Schmidt wrote:
Darin Perusich schrieb:
Two questions :
1. Why is tls_checkpeer set to "no" or set at all ? I want have it either enabled or not set at all so that the configuration in /etc/openldap/ldap.conf is used as default.
tls_checkpeer is set to 'no' because you haven't defined tls_cacertdir or tls_cacertfile which are required for peer verification. This is described in nss_ldap(5).
Wrong. I just want to use the default which is explained in /etc/ldap.conf :
# OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is to use libldap's default behavior, which can be configured in # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". #tls_checkpeer yes
I just don't want to use 'no' and some script is forcing this upon me. No need for tls_cacertdir or other tls settings according to the text above.
When specifying either of these options, tls_checkpeer and TLS_REQCERT, the expectation is that the CA certificate is available on the system to verify to server certificate. Since this cannot be guaranteed setting it to 'no' is the safe bet. If you're not happy with this it's easy enough to provide your own ldap.conf or script setting the preferred values for your environment. If you see the configuration section of nss_ldap(5) it explains that while /etc/ldap.conf and /etc/openldap/ldap.conf share many of the same options there is no guarantee they will match in the future. Not relying on /etc/openldap/ldap.conf for nss_ldap functionality will ensure user provisioning if and when things change in the future.
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled correctly ? I think it should be spelled objectclass with a small c.
Case doesn't matter for these identifiers but it's common practice when an identifier is a concatenation of multiple words to use upper case for the first letter the successive words. It's lends to the readability but that is it.
objectclass is used multiple times in ldap.conf like #pam_filter objectclass=aixAccount, there is just a single case with upper C and i asked myself why. Looked like some anomaly.
-- Darin Perusich Unix Systems Administrator Cognigen Corporation 395 Youngs Rd. Williamsville, NY 14221 Phone: 716-633-3463 Email: darinper@cognigencorp.com -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-autoinstall+help@opensuse.org
participants (3)
-
Darin Perusich
-
Henrik Schmidt
-
Jochen Schaefer