Tag: gnome

ShareFile localized notifications

Citrix Leave a comment

Localized Notifications

Users can configure the default language of emails sent by the ShareFile system.

Admin users can set the account-wide default language in Admin Settings > Advanced Preferences > Email Settings. Under Email and Notifications, use the drop-down menu to adjust the default notification language.

User-added image

ShareFile users on an account can set their own default notification language on a user-by-user basis. This can be adjusted in the Personal Settings menu.The chosen setting will override the account-wide default for that specific user.

Related:

How to Disable Keyring Prompts of GNOME3 in Linux VDA Sessions

Citrix Leave a comment
Here are some Keyring prompts you might encounter in your RHEL 7.2 VDA or Ubuntu 16.04 VDA session:

User-added image
User-added image
User-added image

You might disable Keyring prompts based on user identity or globally:

  • An example of disabling Keyring prompts based on user identity:

$ cat ~/.config/goa-1.0/accounts.conf

[Account account_1453086621]

Provider=kerberos

Identity=user1@XD.LOCAL

PresentationIdentity=XD.LOCAL

Realm=XD.LOCAL

SessionId=6be198ae5c5f0d47b85a0b73569c579d

IsTemporary=false

TicketingEnabled=true

You might see a lot of accounts in the above .conf file. That’s the result of a Keyring bug. For more information, see https://access.redhat.com/solutions/1609773.

In this case, set the last account’s IsTemporary to false.

  • An example of disabling Keyring prompts globally:

According to the official documentation of GNOME, to disable Keyring prompts globally, you need tostop the GNOME Keyring daemon by setting the autostart desktop files and D-Bus services files:

# grep -r gnome-keyring-daemon /etc/xdg/autostart

/etc/xdg/autostart/gnome-keyring-ssh.desktop:Exec=/usr/bin/gnome-keyring-daemon –start –components=ssh

/etc/xdg/autostart/gnome-keyring-gpg.desktop:#Exec=/usr/bin/gnome-keyring-daemon –start –components=gpg

/etc/xdg/autostart/gnome-keyring-pkcs11.desktop:#Exec=/usr/bin/gnome-keyring-daemon –start –components=pkcs11

/etc/xdg/autostart/gnome-keyring-secrets.desktop:#Exec=/usr/bin/gnome-keyring-daemon –start –components=secrets

# grep -r gnome-keyring-daemon /usr/share/dbus-1/services/

/usr/share/dbus-1/services/org.freedesktop.secrets.service:#Exec=/usr/bin/gnome-keyring-daemon –start –foreground –components=secrets

/usr/share/dbus-1/services/org.gnome.keyring.service:#Exec=/usr/bin/gnome-keyring-daemon –start –foreground –components=secrets

# grep -r gnome-software /etc/xdg/autostart/

/etc/xdg/autostart/gnome-software-service.desktop:#Exec=/usr/bin/gnome-software –gapplication-service

# vi /etc/polkit-1/rules.d/02-allow-colord.rules

polkit.addRule(function(action, subject) {

if ((action.id == “org.freedesktop.color-manager.create-device” ||

action.id == “org.freedesktop.color-manager.create-profile” ||

action.id == “org.freedesktop.color-manager.delete-device” ||

action.id == “org.freedesktop.color-manager.delete-profile” ||

action.id == “org.freedesktop.color-manager.modify-device” ||

action.id == “org.freedesktop.color-manager.modify-profile”) &&

subject.isInGroup(“domain users”)) {

return polkit.Result.YES;

}

});

Set your files on the RHEL 7.2 VDA or Ubuntu 16.04 VDA according to the example above. Next time you log in to a Linux VDA session, there will be no GNOME Keyring prompt.

Related:

SDWAN: NITRO API command to export configuration

Citrix Leave a comment
How to export SDWAN configuration through NITRO API ?

Please use the below command to export SDWAN configuration through NITRO API:

NOTE: The configuration export NITRO API command is available only from 10.2 build.

First login to SDWAN device through NITRO API using below command .Then Export the configuration of SDWAN using the below command

To login:

————–

curl -X POST -c /tmp/cookies.txt -H “Content-Type:application/json” –insecure https://<MCN_IP>/sdwan/nitro/v1/config/login -d'{“login”:{“username”:”<username>”,”password”:”<password>”}}’ -v


To export a configuration:

————————————–

curl -X POST -b /tmp/cookies.txt -H “Content-Type: application/json” –insecure ‘https://<MCNIP>/sdwan/nitro/v1/config/config_package_export’ –data ‘{“config_package_export”: {“package_name”: “<pacakge name>”}}’ > (destination directory/Outputfilename.zip)

Related:

  • No Related Posts

7023429: Add custom keybindings for any command

Novell Leave a comment
For this example let’s say that we want Super Key+e to bring up the file browser (similar to some other OS).

The graphic method in Gnome is to select from the menu ‘System Tools –> Settings’ then under ‘Hardware’ select ‘Keyboard’.

In the Keyboard settings select ‘Custom Shortcuts’ on the left and click the + button near the bottom. Enter a name for the shortcut (let’s use ‘File Browser’) and what command to run which in this case is ‘nautilus’. Click on Add to save the settings.

Finally, to the right of the new entry click directly on ‘Disabled’ then press the key combination to assign to this key binding. In this case it would be ‘Super Key-e’. The key binding takes effect immediately. Press the key combination to check the results. The Nautilus file browser should pop up.

To perform the same process via command line do the following. These steps assume that there are no other custom key bindings assigned. If there are, or could be, then an additional step should be taken to list the current custom key binding entries and then add this one with the appropriate number assigned. Further explanation below.

The following commands must be run as the user.

Command to create the ‘custom0’ key binding:

gsettings set org.gnome.settings-daemon.plugins.media-keys custom-keybindings “[‘/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/’]”

Command to enter the name of the binding:

gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/ name ‘File Browser’

Command to enter the command to run:

gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/ command ‘nautilus’

Command to enter the key combination that will run the command:

gsettings set org.gnome.settings-daemon.plugins.media-keys.custom-keybinding:/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/ binding ‘<Super>s’

The key binding should be in effect after entering the last command. If it is not working try logging out and back in again.

If other key combinations are wanted, the key names in the standard key bindings can used as an example. For example, Alt, Ctrl, Shift, Left, Right, Up, Down, Page Up, Page Down, etc. To use Ctrl+F1 it would be entered ‘<Ctrl>F1’.

Related:

Sophos Anti-Virus for Linux: Recommendations for On-Access scanning with Nautilus file browser

Sophos Leave a comment

This article covers recommendations for On-Access scanning for Nautilus file browser.

Applies to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Linux

Sophos Anti-Virus does not support the filesystem fuse.gvfs-fuse-daemon which is commonly used by the Nautilus file browser to mount remote shares. Git Virtual File System (GVFS) operations do not pass through the kernel as file operations and thus cannot be intercepted by the on-access scanner.

Sophos recommends to pre-mount remote shares using a different filesystem. For example, by using the mount command or configuring /etc/fstab.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable for us to ensure that we continually strive to give our customers the best information possible.

Related:

7023374: After using yast2 keyboard module the keyboard mapping in GNOME is changed only until next login

Novell Leave a comment

This document (7023374) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Desktop 12

Situation

When starting the YaST2 keyboard module to change the keyboard, the GNOME keyboard settings are changed as well but only until the next login.

Resolution

The YaST2 keyboard module is not meant to be used to change the keyboard settings of a graphical desktop environment. In fact, it changes the settings for the system keyboard. As Linux was designed as multi-user environment by default, there are keyboard settings for users working on a local tty (configured by /etc/sysconfig/keyboard) as well as keyboard settings for the graphical desktop environment which can be configured differently for each user that exists on the system. These settings are typically stored in the user home directory while /etc/sysconfig/keyboard requires root access to make changes.
A user having experience with a single desktop environment, might find this confusing but it is working as designed. The correct way to adjust the keyboard mapping inside a graphical desktop environment is to use the respective configuration tools, not YaST2.

Cause

YaST2 uses the xkbset command to change the keyboard layout. This unfortunately has an effect on the active e.g. GNOME keyboard settings and overrides them. Hence a user might get the impression, using YaST2 is the right way to change the keyboard layout. In fact, YaST configures the system-wide keyboard and the change is written to /etc/sysconfig/keyboard.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

7019016: Configuring PAM common files manually

Novell Leave a comment
pam-config overwrites any changes made to the /etc/pam.d/common-{account,auth,password,session}-pc files. Since the /etc/pam.d/common-{account,auth,password,session} files were symbolically linked to /etc/pam.d/common-{account,auth,password,session}-pc, all changes were being overwritten.

Several packages trigger pam-config to run, such as: ecryptfs-utils, pam-config, pam_apparmor, systemd, systemd-32bit, gnome-keyring, and gnome-keyring-pam-32bit.

Per the Security Guide documentation:

“When you create your PAM configuration files from scratch using the pam-config –create command, it creates symbolic links from the common-* to the common-*-pc files. pam-config only modifies the common-*-pc configuration files. Removing these symbolic links effectively disables pam-config, because pam-config only operates on the common-*-pc files and these files are not put into effect without the symbolic links.”

Related:

7015852: Implementing a satellite avahi listener / responder to advertise iPrint printers

Novell Leave a comment
Click here to watch a video demonstrating how the Avahi listener solution works. Note, the same video also demonstrates the DNS-SD solution.

To setup a satellite Avahi server, perform the following:

1. Enable iPrint Printers for AirPrint

Go to the iPrint Appliance Management Console:

https://<IP or DNS>:9443

Choose “iPrint Appliance Configuration”

Choose “Printers” (left frame)

Ensure the printer (or printers) is enabled for Mobile and AirPrint.

2. Connect any Linux system to the wireless network. This may be done via a wireless interface, or connected on the same network / VLAN that the wireless network uplinks to down the line.

3. Ensure the Avahi package is installed

rpm -qa |grep avahi

4. Copy the printer service files from the iPrint appliance server’s /etc/avahi/services directory to the satellite Avahi server.

5. Restart the Avahi daemon on the satellite server

SuSE based Linux distributions:

rcavahi-daemon restart

Ubuntu based Linux distributions

sudo service avahi-daemon restart

Other Linux distributions

Refer to their documentation

The printers are now advertised on the network where the Avahi satellite server is attached. Please note that this process can be repeated as necessary as new printers are added. If a printer is removed, make sure to remove the service file from the satellite servers as well.

A more elegant solution would be to rsync the contents of /etc/avahi/services to each satellite server on a regular interval to ensure that all systems stay in sync.

A less elegant solution, but workable solution, to automate the copying of service files from the iPrint Appliance to the satellite Avahi listener machine is to use cron. You can configure cron to copy the service files at whatever interval (minute, day, week, etc) you desire. The steps to set this up are:

Within a terminal session (putty or otherwise):

  1. Execute the ssh keygen command
  • ssh-keygen -t rsa
    • Hit ENTER three times
  1. Execute the ssh copy id command
    • Syntax:
      • ssh-copy-id root@<IP address of satellite Linux machine>
    • Example:
      • ssh-copy-id root@172.16.3.9
    • You may need to type ‘yes’ and hit ENTER (if prompted)
    • Enter the root password of the satellite Linux machine
  2. Add the following line to the /etc/crontab file on the iPrint Appliance
    • Syntax:
      • */10 * * * * root scp /etc/avahi/services/* root@<IP address of satellite Linux machine>:/etc/avahi/services/
    • Example:
      • */10 * * * * root scp /etc/avahi/services/* root@172.16.3.9:/etc/avahi/services/
        • The update interval can be as frequent as you like. The above example copies the Avahi service files every 10 minutes.
  3. Restart cron
    • rccron restart

Related:

7022671: SAP Instances failed stop on shutdown (PACEMAKER, SYSTEMD, SAP)

Novell Leave a comment
As systemd session setup will move any application started with

su – <somenameofsomeuser>

this can be bypassed by modifying the su part of the pam stack

add a new su-session file

cp /etc/pam.d/common-session /etc/pam.d/su-session

common-session normally looks like

session required pam_limits.so

session required pam_unix.so try_first_pass

session optional pam_umask.so

session optional pam_systemd.so

session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm

session optional pam_env.so

add a line in the su-session with

session [success=1 new_authtok_reqd=ok default=ignore] pam_listfile.so item=user sense=allow file=/etc/SAPUsers

making it into

session required pam_limits.so

session required pam_unix.so try_first_pass

session optional pam_umask.so

session [success=1 new_authtok_reqd=ok default=ignore] pam_listfile.so item=user sense=allow file=/etc/SAPUsers

session optional pam_systemd.so

session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm

session optional pam_env.so

and adding a file

/etc/SAPUsers

which contains the names of the SAP Admin Users, in this example, SID is HA1 these would be

ardmore:~ # cat /etc/SAPUsers

ha1adm

sapadm


with the su-session file in place, modify the

/etc/pam.d/su

from the default

#%PAM-1.0

auth sufficient pam_rootok.so

auth include common-auth

account sufficient pam_rootok.so

account include common-account

password include common-password

session include common-session

session optional pam_xauth.so

to

#%PAM-1.0

auth sufficient pam_rootok.so

auth include common-auth

account sufficient pam_rootok.so

account include common-account

password include common-password

session include su-session

session optional pam_xauth.so

This new entry works as follows. During a session setup called by su it will check whether the Username provided is in the file /etc/SAPUsers and if yes it will do “success=1”, meaning it will

SKIP

the next one (ONE , 1=one) line in the pam stack, which is in this case pam_systemd.so and by this bypassing the user.slice creation of systemd

The result is that the SAP Instance will now stay in the pacemaker system.slice

`-system.slice

|-pacemaker.service

| |-2196 /usr/sbin/pacemakerd -f

| |-2198 /usr/lib64/pacemaker/cib

| |-2199 /usr/lib64/pacemaker/stonithd

| |-2200 /usr/lib64/pacemaker/lrmd

| |-2201 /usr/lib64/pacemaker/attrd

| |-2202 /usr/lib64/pacemaker/pengine

| |-2203 /usr/lib64/pacemaker/crmd

| |-4125 /usr/sap/HA1/ASCS00/exe/sapstartsrv pf=/sapmnt/HA1/profile/HA1_ASCS00_sapro0as -D -u ha1adm

| |-4296 sapstart pf=/sapmnt/HA1/profile/HA1_ASCS00_sapro0as

| |-4311 ms.sapHA1_ASCS00 pf=/usr/sap/HA1/SYS/profile/HA1_ASCS00_sapro0as

| `-4312 en.sapHA1_ASCS00 pf=/usr/sap/HA1/SYS/profile/HA1_ASCS00_sapro0as

There is no need to worry about the security of the /etc/SAPUsers file as it is only a list.

Generally this approach could be used on any non-systemd aware Resource inside or outside of the cluster.

Please keep in mind that there is a TasksMax Limit for Slices, which could be hit in case too many applications end up in the pacemaker system.slice, so increasing

DefaultTasksMax=

in /etc/systemd/system.conf might be advisable.

Related:

ISAM 9.0.3.0 – What data is store in embedded or local runtime database?

IBM Customer Leave a comment
What data is store in embedded or local runtime database when policy server or cluster runtime/config is configured to use local datatbase.
If I check fim-oidc-runtime.xml in support file (..tmpliberty_dumpdump_17.11.02_09.35.53usrsharedconfigisamfimfim-oidc-runtime.xml) I see entries like

databaseStore dataSourceRef=”hvdb”
oauthProviderRef=”amapp-runtime-Federation1OAuthProvider
id=”amapp-runtime-Federation1″

Does any federation/partner related entries goes into runtime datatbase?

Related: