T'Krin's Realm

My yammerings…

Monday, March 23, 2009

Pretty good Bacula How-To

Found this Bacula how to while browsing around. Enjoy.

Bacula: The Open Source Commercial Backup Solution

posted by tkrin at 11:11 AM  

Tuesday, March 11, 2008

Vsftpd + SSL on CentOS 5

Sweet and Simple. Should be OK on CentOS 4, I’d imagine too.

The following will force SSL for ftp connections. Also, passive connections will be required as well.

1 – Add the following to your vsftpd.conf file:

pasv_address=192.168.1.1
pasv_min_port=40000
pasv_max_port=40100
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=YES
rsa_cert_file=/etc/ssl/your_cert.pem

Restart vsftpd: service vsftpd restart

2 – If you have iptables setup on your box add the following to your /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -p TCP --dport 40000:40100 -j ACCEPT

Restart Iptables: service iptables restart

That should be it.

posted by tkrin at 1:52 PM  

Tuesday, May 30, 2006

Airport support in Ubuntu Dapper on a PowerBook G4

It was surprisingly easy to get the Airport card working. First download and install the firmware files in a deb package format from:

http://ubuntu.cafuego.net/dists/dapper-cafuego/bcm43xx/

It puts firmware files in /lib/firmware.

Next create a little script such as:

#!/bin/bash

interface=eth0 #interface of your wireless card

#Turning off wired network...

ifconfig eth1 down

modprobe bcm43xx

#Starting up wireless network...

ifconfig $interface up

iwconfig $interface essid MY_ESSID

iwconfig $interface mode managed

iwconfig $interface key off

dhclient $interface

You can also use the Network Settings tools to manage the wireless connection. A thread at Ubunt Forums, http://www.ubuntuforums.org/showthread.php?t=142727 was a good source of information.

posted by T'Krin at 10:32 PM  

Monday, March 13, 2006

Tool to help recover from a broken RAID5

I came upon the need to attempt data recovery on a broken Raid5 array. Long story short, my client had a server with no backup at a data center. At the DC, an electrician was working on the breakers, to which our clients rack is connected, and took down power multiple times, probably a slew of surges too! :-@ That’s another story. I did not have any commercial tools that would reconstruct a set of RAID5 images, so off I went a Googling. What I found was an interesting solution created by Edmundo Carmona and can be found at Free Software Magazine. I’m not going to go into details here, but it worked pretty well, although we could not get any data recovered, as the drives seemed to have been totally hosed by the power issues. We eventually did try commercial tools, which yielded the same results. Anyway, some may find tool useful, but I hope you don’t have a need for this.

posted by tkrin at 5:07 PM  

Monday, February 13, 2006

Howto: Samba 3 Authenticating to Windows 2003 Active Directory

A quick and dirty howto for CentOS 4.

  1. Make sure system is completely updated.

    yum update

  2. Make sure Kerberos packages are installed.

    krb5-server krb5-workstation

  3. Edit /etc/krb5.conf to work with the 2003 AD server. It should look similar to below. The line in bold are what needs to be chanaged and entries are CASE sensitive!



    [logging]

    default = FILE:/var/log/krb5libs.log

    kdc = FILE:/var/log/krb5kdc.log

    admin_server = FILE:/var/log/kadmind.log

    [libdefaults]

    default_realm = ADS.LOCAL

    dns_lookup_realm = false

    dns_lookup_kdc = false

    [realms]

    ADS.LOCAL = {

    kdc = ads.local

    admin_server = 192.168.0.1:749

    default_domain = ads.local

    }

    [domain_realm]

    .ads.local = ADS.LOCAL

    ads.local = ADS.LOCAL

    [kdc]

    profile = /var/kerberos/krb5kdc/kdc.conf

    [appdefaults]

    pam = {

    debug = false

    ticket_lifetime = 36000

    renew_lifetime = 36000

    forwardable = true

    krb4_convert = false

    }

  4. Configure Samba. The basic config should look like below. Bold items are important.



    [global]

    dns proxy = no

    log file = /var/log/samba/%m.log

    load printers = no

    netbios name = Samba

    server string = Samba Server

    socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

    workgroup = ADS

    realm = ADS.LOCAL

    os level = 20

    encrypt passwords = yes

    security = ADS

    preferred master = no

    max log size = 50

    disable spoolss = yes #Enabled if you will not server printers off this server

    template shell = /bin/false

    template homedir = /home/%D/%U

    idmap uid = 10000-20000

    idmap gid = 10000-20000

    enhanced browsing = no

    winbind use default domain = yes

    Run testparm to make sure you do not have any typos or errors.

  5. Edit /etc/nsswitch.conf so that the system will use winbind for authentication.


    passwd: files winbind
    group: files winbind

  6. Start Samba and join it to the domain.

    service smb restart

    net ads join -U Administrator@ADS.LOCAL

  7. Start Winbind and restart Samba

    service smb restart

    service winbind start

  8. Run wbinfo -u to see if user accounts on the 2003 Server are seen.
  9. To see some info about the connected domain issue net ads info
  10. Edit /etc/fstab and add the option acl to the file system that will hold any directories shared by Samba. For example:

    /dev/md2 / ext3 defaults,acl 1 1

  11. Reboot the server or issue a remount command similar to mount -n -o remount,defaults,acl /
  12. Make sure Samba and Winbind are set to start at system boot.

    chkconfig smb on

    chkconfig winbind on

  13. Let’s setup an example share for use by Administrator. smb.conf should contain something like:


    [Backups]

    comment = Backups

    wide links = no

    writeable = yes

    create mode = 644

    path = /home/BACKUPS
  14. Let’s set permissions on /home/BACKUPS so that administrator has rwx permissions.

    setfacl -m u:"ADS\\Administrator":rwx /home/BACKUPS

  15. Check the permissions. getfacl /home/BACKUPS You should see something like the following:

    getfacl /home/BACKUPS

    getfacl: Removing leading '/' from absolute path names

    # file: home/BACKUPS

    # owner: foo

    # group: foo

    user::rwx

    user:administrator:rwx

    group::rwx

    mask::rwx

    other::rwx

  16. In the event of DNS failure, you may want to edit /etc/hosts and add a line for the 2003 Server so the samba server always knows the IP of the 2003 server.
  17. Because these two servers depend highly on time synchronization, ntpd must be setup to sync to the AD server. Do this by editing /etc/ntp.conf and /etc/ntp/step-tickers. Examples of which are as follows:

    Enter your AD server’s FQDN after the first server entry in ntp.conf

    ### Begin /etc/ntp.conf ###

    restrict default nomodify notrap noquery

    restrict 127.0.0.1

    server 2003server.ads.local

    server 1.pool.ntp.org

    server 2.pool.ntp.org

    server 127.127.1.0 # local clock

    fudge 127.127.1.0 stratum 10

    driftfile /var/lib/ntp/drift

    broadcastdelay 0.008

    keys /etc/ntp/keys

    ### END /etc/ntp.conf



    List the three servers in /etc/ntp/step-tickers that are in /etc/ntp.conf.

    ### BEGIN /etc/ntp/step-tickers

    2003server.ads.local

    1.pool.ntp.org

    2.pool.ntp.org

    This will enable the Samba server to sync it’s time to the the AD server.

posted by T'Krin at 11:10 AM  
Next Page »

Powered by WordPress