Re: EMC Isilon AD authentication for FTP

Yan, thanks a ton for your quick response. Thankfull for such useful information

When using local user on cluster, ftp does work like a charm and files land is specified location in config directory.

However when ever i try with AD user it still point to

500 OOPS: cannot change directory:/ifs/home/EXS/e00XXX

500 OOPS: priv_sock_get_cmd

Connection closed by remote host.

Here are the settings:

isilon01-1# isi ftp ls

accept-timeout 60

allow-anon-access NO

allow-anon-upload YES

allow-dirlists YES

allow-downloads YES

allow-local-access YES

allow-writes YES

always-chdir-homedir YES

anon-chown-username root

anon-root-path /ifs/home/ftp

anon-umask 077

ascii-mode off

connect-timeout 60

data-timeout 300

dirlist-localtime NO

dirlist-names hide

file-create-perm 0666

local-root-path local user home directory

local-umask 077

server-to-server NO

session-support YES

session-timeout 300

user-config-dir /ifs/vsftpd/user_config

denied-user-list (none)

limit-anon-passwords NO

anon-password-list (disabled)

chroot-local-mode Only chroot the local users in the exception list

chroot-exception-list EXSe00xxxx


isilon01-1# cat /ifs/vsftpd/user_config/EXS\e00xxxx



isilon01-1# cat /ifs/vsftpd/user_config/shirish



isilon01-1# ls -lead /ifs/home/scratch

drwxrwx— + 2 root wheel 19 Oct 22 08:28 /ifs/home/scratch

OWNER: user:root

GROUP: group:wheel


0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child

1: user:EXSe00xxxx allow dir_gen_all,object_inherit,container_inherit

2: group:wheel allow dir_gen_read,dir_gen_execute

There may be some basic thing i am missing and can not find it. Check and see if there is any other setting or expression i am missing in this config


Unable to Delete Resource or Host Connection due to Pending tasks

1.) In PowerShell do the following:

PS H:> cd xdhyp:

PS XDHyp:> dir



PS XDHyp:> cd .HostingUnits

PS XDHyp:HostingUnits> dir

The following is the output. You’ll see all of your hosting units. Find the HostingUnitUid that you want to delete and copy.

PSPath : Citrix.Host.Admin.V2Citrix.Hypervisor::XDHyp:HostingUnitsJCT01NewPSParentPath : Citrix.Host.Admin.V2Citrix.Hypervisor::XDHyp:HostingUnitsPSChildName : JCT01NewPSDrive : XDHypPSProvider : Citrix.Host.Admin.V2Citrix.HypervisorPSIsContainer : TrueHostingUnitName : JCT01NewHostingUnitUid : aeb15638-1875-3a304-b359-25df52f252a2HypervisorConnection : VMwareMetadata :MetadataMap :NetworkId : Network:network-4801NetworkPath : XDHyp:ConnectionsVMwareCitrix test.datacenterXenDesktop Cluster.clusterXD.networkPermittedNetworks : {XDHyp:ConnectionsVMwareNewCitrix test.datacenterXenDesktop}RootId : domain-c2435RootPath : XDHyp:ConnectionsVMwareNewCitrix test.datacenterXenDesktop Cluster.clusterStorage : {XDHyp:ConnectionsVMwareNewCitrix test.datacenterXenDesktop, XDHyp:ConnectionsVMwareNewCitrix test.datacenterXenDesktop}VMTaggingEnabled : TrueUseLocalStorageCaching : FalsePersonalvDiskStorage : {XDHyp:ConnectionsVMwareNewCitrix test.datacenterXenDesktop}PSPath : Citrix.Host.Admin.V2Citrix.Hypervisor::XDHyp:HostingUnitsJCT01OldPSParentPath : Citrix.Host.Admin.V2Citrix.Hypervisor::XDHyp:HostingUnitsPSChildName : JCT01OldPSDrive : XDHypPSProvider : Citrix.Host.Admin.V2Citrix.HypervisorPSIsContainer : TrueHostingUnitName : JCT01OldHostingUnitUid : 0b256e23-2554-3fd3-3a134-bd1323d35256HypervisorConnection : VMwareOldMetadata :MetadataMap :NetworkId : Network:network-4801NetworkPath : XDHyp:ConnectionsVMwareOldCitrix test.datacenterXenDesktop Cluster.clusterXD.networkPermittedNetworks : {XDHyp:ConnectionsVMwareOldCitrix test.datacenterXenDesktop}RootId : domain-c4960RootPath : XDHyp:ConnectionsVMwareOldCitrix test.datacenterXenDesktop Cluster.clusterStorage : {}VMTaggingEnabled : TrueUseLocalStorageCaching : FalsePersonalvDiskStorage : {}

2) Issue the command in bold below replacing with your HostingUnitUid

PS XDHyp:HostingUnits> Get-ProvObjectReference -HostingUnitUid 0b256e23-2554-3fd3-3a134-bd1323d35256| fl

You should see the same count that the error was displaying.

Count : 0ObjectId : 0b256e23-2554-3fd3-3a134-bd1323d35256Source : ProvisioningSchemeTarget : HostingUnitCount : 48ObjectId : 0b256e23-2554-3fd3-3a134-bd1323d35256Source : TaskTarget : HostingUnit

3) Back up your XenDesktop database and then go to the table named “DesktopUpdateManagerSchema.PendingImageDeletes”. Right-click and choose “edit top 200” and locate the entries that have the same ID that you copied above and delete them.

4) If you go back to your PowerShell window and hit the up arrow on your keyboard and run the last command it should display a zero count.

5) You should now be able to delete your host connection as long as no resources are using it.


Re: patching question

Hi Ryan,

It looks like they are two stand alone patches. Patch 221617 deprecates 213278 so that would need to be uninstalled. I don’t see anything noting the patches that you mentioned are conflicting. One addresses security and the other SyncIQ. They do not list any common files changed between the two. If you are running into an issue installing one or the other, I would recommend opening a support case.

From the ReadMe on each patch:


Patch-215690: Patch for OneFS This patch addresses multiple issues with


This patch can be installed on clusters running the following OneFS versions:


* /usr/lib/

(MD5 = 9b998fbb1ef21e1c6ca20bbd547e239a)

* /usr/bin/isi_migrate

(MD5 = aa215a922f67462ca09f6acc9e5fcab4)

* /usr/local/lib/python2.6/site-packages/isi/fs/

(MD5 = 42912ff842c51bacc60006188eda564c)

* /usr/bin/isi_migr_pworker

(MD5 = a4b134d409f871ed6046df7d48b495fe)

* /usr/bin/isi_migr_sworker

(MD5 = b2032ea89812c62945539618097fe8fc)


Patch-221617: Patch for OneFS This patch addresses multiple security

issues in OneFS.

This patch can be installed on clusters running the following OneFS versions:

This patch deprecates the following patch:


If any conflicting or deprecated patches are installed on the cluster, you must

remove them before installing this patch.


* /etc/mcp/templates/sudoers

(MD5 = 9a43fd959128ee2174d055b289839555)

* /etc/mcp/templates/webui_httpd.conf

(MD5 = 948009e305b0294a710885af3ac84e74)

* /etc/mcp/templates/apache2.conf

(MD5 = 05711fff84a738bdc485c89be76d89f4)

* /usr/local/isi_phone_home/isi_phone_home

(MD5 = 49ac82bce8515a21655d50fae70a1180)

* /usr/local/www/static/onefs/scripts/all-classes.js.gz

(MD5 = 818632227ae867535c15e3beeac5d87e)

* /usr/local/www/static/onefs/scripts/onefs.js.gz

(MD5 = 09b35f0cdf72d61b44ae61833acf0196)

* /usr/local/www/static/onefs/scripts/app/view/networking/external/GroupnetsWindow.js.gz

(MD5 = e0a63b9f7dbbcc47800ba64cc7b030e0)

* /usr/local/www/static/onefs/scripts/app/view/networking/external/ExternalNetworkTreeGrid.js.gz

(MD5 = 6b7185e4d7a0c5a159bfd690117d3cb5)

* /usr/local/www/static/onefs/scripts/app/view/operations/impactpolicies/ImpactPoliciesGrid.js.gz

(MD5 = 5b6d05f5cfb6764ba3a6f8dce52ecae0)

* /usr/local/www/static/onefs/scripts/app/view/operations/impactpolicies/ImpactPoliciesWindow.js.gz

(MD5 = 615629c461f21c64d3ade6cbf1461e5e)

* /usr/local/www/static/onefs/scripts/app/view/ndmp/settings/SettingsForm.js.gz

(MD5 = 555befd26f3c14cf17a63f68411c0865)

* /usr/local/www/static/onefs/scripts/app/view/ndmp/settings/UsersWindow.js.gz

(MD5 = ad8cfdb81389dfde6b4ebaf07a2c2f9f)

* /usr/local/www/static/onefs/scripts/app/view/providers/kerberos/KerberosRealmGrid.js.gz

(MD5 = e4c948e0c3e47f974ce2d24a1749f291)

* /usr/local/www/static/onefs/scripts/app/view/providers/kerberos/KerberosRealmWindow.js.gz

(MD5 = df81de9e6f05f76f568fdd52199d975f)

* /usr/local/www/static/onefs/scripts/app/view/login/LoginForm.js.gz

(MD5 = aead2de7f27bb423f36e823034d1d958)

* /usr/local/www/static/onefs/scripts/app/view/generalSettings/clusterIdentity/ClusterIdentityForm.js.gz

(MD5 = d8a8185ae15d3c5a63a68f4b00b28e8c)

* /usr/local/www/static/onefs/scripts/app/view/header/Masthead.js.gz

(MD5 = ec5385b61937c655e286d5a3c435da97)

* /usr/local/www/static/onefs/scripts/app/view/antiVirus/policies/AntiVirusPoliciesGrid.js.gz

(MD5 = 98d11c47fbf1b9fc4e6ed5cd48af593c)

* /usr/local/www/static/onefs/scripts/app/view/antiVirus/policies/AntiVirusPoliciesWindow.js.gz

(MD5 = e3cdb42a578e9dee9a8ee04379412ea9)

* /usr/local/www/static/ui/scripts/Isilon.Env.js.gz

(MD5 = 81333c6e986f436341c539053adaf002)

* /usr/local/www/static/ui/pages/OneFS.html.gz

(MD5 = 81e4aab3aff55b88d7baa2fd774a13b6)

* /usr/local/www/static/ui/pages/OneFSDebug.html.gz

(MD5 = a658865223d367206e15930e42406cb5)

* /usr/local/www/static/ui/pages/OneFSDebugTest.html.gz

(MD5 = 8e19c9a233c48bc3d3444bb893e22b68)

* /usr/local/www/webkit/webui/

(MD5 = 09103148b6bd88a21c9f670338f00e97)

* /usr/local/apache2/modules/

(MD5 = 7cb07a57ba618b824715c7831b2105fd)



Installing Community Edition on Azure VM

I have had good success running the QRadar Community Edition on a standard Azure CentOS VM, so I thought I would post the brief mods required that allow the installation to run here, in case anyone else finds them useful – use them at your own risk.

I am not going to explain how to create an Azure VM, hopefully you will already be up to speed on that, the VM specifics I used are –

PublisherName: OpenLogic
Offer: CentOS
Skus: 7.3
Version: Latest
Size: Standard_F2s (this is 2 cpus, 4GB RAM, premium storage)
VMOSDiskSize: 80GB

Once created the VM needs a few changes to make the QRadar install run smoothly, as follows.

Extend the /dev/sda2 partition to use the full available space

sudo fdisk /dev/sda

The device presents a logical sector size that is smaller than
the physical sector size. Aligning to a physical sector (or optimal
I/O) size boundary is recommended, or performance may be impacted.
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): d
Partition number (1,2, default 2): 2
Partition 2 is deleted

Command (m for help): n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p): p
Partition number (2-4, default 2): 2
First sector (1026048-167772159, default 1026048):
Using default value 1026048
Last sector, +sectors or +size{K,M,G} (1026048-167772159, default 167772159):
Using default value 167772159
Partition 2 of type Linux and of size 79.5 GiB is set

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Reboot to pick up the new partition table.

sudo reboot

Grow the root filesystem:

sudo xfs_growfs /

Create 8GB of swap space:

sudo dd if=/dev/zero of=/swapfile bs=1024 count=8388608

sudo chmod 0600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile

Add the following line to /etc/fstab to mount the swap on reboot:

/swapfile swap swap defaults 0 0

Update everything and install screen:

sudo yum -y update

sudo yum install screen

Disable SELINUX, and reboot to clear it:

sudo sed -i -e ‘s/^SELINUX=.*$/SELINUX=disabled/g’ /etc/selinux/config
sudo reboot

Copy the Community Edition to a temporary directory, mount it and run the setup as per the IBM instructions (You get the standard appliance install screens, it tells you that you have insufficient memory, but continues to install an appliance type “300”.)

Eventually you get a working Qradar CE system! Don’t forget this doesn’t have all the DSMs so you may need to get rpms from fix central for additional log source support.