Wilmott-IT Services - Central Coast based Business IT Systems Management.
AusWebHost - Australia Based Web Hosting Provider. Offering Web Hosting, Dedicated Servers and other Hosted Services including Hosted Email
myTravelBlog - Create your own travel blog for free today! Link to Facebook to automatically update your status and photos everytime you submit a story!

Wednesday, August 1, 2012

I.T. Sidenotes - Datacenter, Infrastructure and Application Support: Tuning RedHat Centos Linux NFS for VMWare ESXi Dat...

Lately we have been tuning our RHEL 5 and 6 boxes that run on multiple NetApp NFS datastores and this article has helped quite a bit in tuning the workload to get the best out of the servers.

I.T. Sidenotes - Datacenter, Infrastructure and Application Support: Tuning RedHat Centos Linux NFS for VMWare ESXi Dat...: Recently, I setup Redhat as an NFS server connected over a 1GBit LAN to an ESXi 4.1 host. With a datastore of 2.8TB, Hardware SAS controlle...

Tuesday, March 20, 2012

Simons Blog: Cygwin / vim / rxvt arrow key problems

Simons Blog: Cygwin / vim / rxvt arrow key problems

Great find to enable the correct key bindings in vim running Cygwin under Windows.

Fixes backspace, arrow keys, home and end keys etc.

Awesome! :)

Wednesday, January 18, 2012

New Ruby based Linux Cloud Automation Suite Announced!

Couple of friends I have in the business have gathered together to create their own automation suite in protest against the poorly designed and implemented offerings currently available.

They have called the project, Cryogen and its premise is to provide a means of automating system admin tasks in the Linux space. Essentially it contains a number of independent services which handle everything from deployment, monitoring, patching, decommissioning and reporting.

Currently the project is in its infancy but from the small demo I had recently it appears to be coming along very nicely. So far it can handle Redhat and Debian based distribution deployments along with patching and basic reporting.

A lot of the pieces employed are based on industry standard application stacks such as Puppet, Kickstart, Cobbler and Ruby on Rails.

If you would like more information head over to their sign up page at cryogen.kickofflabs.com 

Thursday, December 8, 2011

Apple blocked from calling an iPad an iPad in China!


APPLE Inc has lost a trademark dispute in China, where it had accused Proview Technology (Shenzhen) of infringing on its iPad trademark.
A Chinese court has ruled in favour of Proview - a unit of Proview International Holdings Ltd - that they are the lawful owners of the "iPad" name, as far back as 2000 for use in China and other countries, MarketWatch reported.
Proview's Taiwan based unit had sold the "global trademark" to a UK-based company called IP Application Development for £35,000 ($55,104) in 2006, the Shanghai Daily reported. That company then transferred the trademark to Apple.
But Proview Technology (Shenzhen) says the trademark for China's mainland market was not included in that agreement because the company's Taiwan unit did not own it at the time.
Proview is seeking $1 billion-plus compensation from Apple for copyright infringement.The court agreed, ruling that the Shenzhen-based company holds the rights to the iPad trademark in the Chinese market, the Dailyreported.


source

Friday, October 21, 2011


CentOS 5.6 + Windows 2003 R1 Active Directory authentication with LDAP

I wanted to share another small recipe on how to setup CentOS 5.6 to authenticate Linux users against Windows 2003 Server (Not R2). However this time with LDAP instead of Samba.

The main reasons why you would like to use LDAP instead of Samba/Winbind:
- You do not need Microsoft Client Access Licences (CALs). At least it is not checked :)
- No need to use Samba (if you do not like for a reason or another).

Active Directory server preparation

AD server needs some preparation before it can be used in this setup. You need to have Windows 2008 R2 CD/DVD around for some steps.
  1. Run adprep /forestprep from the Windows 2008 R2 disc.
  2. Run adprep /domainprep from the Windows 2008 R2 disc.
  3. Install Remote Server Administration Tools for Windows 7 with Service Pack 1 aka RSAT. You need to install ADUC (Active Directory Users And Computers) ie. AD DS + AD LDS Tools and GPMC (Group Policy Management Console) parts of it. RSAT can be found here.
  4. Edit with the tools you just installed each AD user that you need available in unix and make sure they have following parameters set:
    • uidNumber (some id number which is free in unix, e.g. 1000)
    • uid (userid: e.g. hkroger)
    • gidNumber (the id of the user's main group, e.g. 1000)
    • loginShell (e.g. /bin/bash)
    • unixHomeDirectory (e.g. /home/hkroger)
    • sAMAccountName (userid: e.g. hkroger)
  5. Every group should have:
    • gidNumber (the numeric id of the group, e.g. 1000)
  6. Create a new user called unixauth with some password. This will be used for LDAP connection itself.

Setup LDAP


Let's install necessary packages and setup basic auth config setup:
# yum install nss_ldap openldap-clients pam_ccreds -y
# authconfig --enableldap --enableldapauth --ldapserver=192.168.1.1
--ldapbasedn="DC=mycompany,DC=local" --disablesmbauth --disablewinbind --disablewinbindauth
--disablewins --enablepreferdns --enablecache --enablemkhomedir --kickstart --update

Then let's create a new /etc/ldap.conf file
cat <<EOF > /etc/ldap.conf
uri ldap://192.168.1.1:389/
ldap_version 3
binddn unixauth@MYCOMPANY.LOCAL
bindpw myunixauthuserpassword
ssl off
scope sub

nss_base_passwd DC=MYCOMPANY,DC=LOCAL?sub?&(objectClass=user)(uidNumber=*)
nss_base_shadow DC=MYCOMPANY,DC=LOCAL?sub?&(objectClass=user)(uidNumber=*)
nss_base_group DC=MYCOMPANY,DC=LOCAL?sub?&(objectClass=group)(gidnumber=*)

nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group

nss_map_attribute gecos sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowExpire accountExpires
nss_map_attribute shadowLastChange pwdLastSet
nss_map_attribute uniqueMember member

timelimit 5
bind_timelimit 5
idle_timelimit 5
bind_policy hard
nss_reconnect_tries 1
nss_reconnect_sleeptime 1
nss_reconnect_maxsleeptime 8
nss_reconnect_maxconntries 2

nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
tls_cacertdir /etc/openldap/cacerts
pam_password ad
debug 0
EOF

If you want to make a special group of users also sudoes you can enable a group in sudoers file like this. In our example the group is called unix_admin:
grep -q unix_admin /etc/sudoers || echo %unix_admin ALL=\(ALL\) ALL >> /etc/sudoers

Next we need to tweak system authentication files so that LDAP is actually used:
cat <<EOF > /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass
auth [default=done default=die] pam_ccreds.so action=validate use_first_pass
auth [default=done] pam_ccreds.so action=store
auth [default=bad] pam_ccreds.so action=update
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
#account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account [authinfo_unavail=ignore default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session optional pam_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
EOF

sed -i -e 's/^passwd:.*/passwd: files ldap [NOTFOUND=return]/g' /etc/nsswitch.conf
sed -i -e 's/^shadow:.*/shadow: files ldap/g' /etc/nsswitch.conf
sed -i -e 's/^group:.*/group: files ldap [NOTFOUND=return]/g' /etc/nsswitch.conf

And finally we configure the caching daemon to keep data for 7 days and then restart it. The great idea here is that if there is no connection between your server and the AD server, you can still login onto your server:
sed -i /etc/nscd.conf -e 's/^.*positive-time-to-live.*passwd.*/ positive-time-to-live passwd 604800/g'
sed -i /etc/nscd.conf -e 's/^.*positive-time-to-live.*group.*/ positive-time-to-live group 604800/g'
sed -i /etc/nscd.conf -e 's/.*reload-count.*/ reload-count unlimited/g'

/etc/init.d/nscd restart

And that's it! You should be now able to login onto your CentOS server with your Windows AD account.

Check for more info:
http://www.theillien.com/Sys_Admin_v12/html/v13/i05/a2.htm
http://www.flyn.org/laptopldap/
http://wuhai.wordpress.com/2009/01/23/rhel4u6-and-pam_ccreds/

Wednesday, June 15, 2011

Distribute.IT Domain Reseller Hacked and Taken Down!

The company - best known as a domain name registrar - said in a post to its Twitter account that it had been the victim of a "very deliberate, coordinated & malicious attack".

It reported on Monday morning (13 June) that engineers had "started running malicious file system tools across known exploited servers while rebuilding header information where corruption to headers has been found."

source

Wednesday, April 20, 2011

Apple Sues Samsung, Saying Galaxy Phones and Tablets Too Close To iPad and iPhone Design | Ina Fried | Mobilized | AllThingsD

In the latest intellectual property suit to hit the smartphone industry, Apple is suing Samsung, alleging the Galaxy line of phones and tablets infringe on a number of the company’s patents and trademarks.

The suit, filed on Friday in U.S. District Court in Northern California, alleges patent and trademark infringement, as well as unfair competition. Apple is seeking injunctions, actual damages and punitive damages, as well as a finding that the alleged infringement was willful.

Samsung Galaxy S Android 2.3 Gingerbread Update

Samsung have released the latest Android 2.3 Gingerbread Kernel update to their Galaxy S mobile phone series. Since Saturday the 16th April 2011 the update has been rolling out via Samsungs' Kies software suite to those in the Nordic countries. The update will be available in other regions over the course of the next few weeks. source


Friday, April 15, 2011

Installing VirtualBox (Guest Additions) on Ubuntu Server 10.10

To install Guest Additions on Ubuntu Server 10.10+, you need to do the following:
sudo apt-get install dkms
sudo apt-get install build-essential
Go to the Virtualbox Devices entry on the menu bar of the guest OS and select Install Guest Additions… , this will load the Guest Additions ISO CD image.

Change directory to media
cd /media
You will likely find a sub directory called cdrom in this directory. You can list the sub directories using the `ls` command. If not create it
sudo mkdir cdrom
this will become our mount point

Mount the Guest Additions ISO to the mount point
sudo mount /dev/cdrom /media/cdrom
Now change to the cdrom directory
cd /media/cdrom
Display the directory contents i.e. the ISO image
ls
Depending on whether you are running a 32bit or 64bit OS, run the relevant installer. In this case 32bit so enter

sudo ./VBoxLinuxAdditions-x86.run

Note:

You will get an error saying “Could not find X.org or Xfree.86 on the guest system”. This is because we are running the server edition and have not got an window manager e.g. KDE or GNOME installed!

If the process complains that DKMS could not be used to build the new kernel then you may need to run the following command to install the linux-headers manually
sudo apt-get install build-essential linux-headers-$(uname -r)

Wednesday, April 6, 2011

How to monitor hard drive health in linux

Used this article I found recently to test my hard drive health. Turns out the hard drive is fine but the USB cable it was connected with was dodgy. I was experiencing "usb 2-1.1: reset high speed USB device using ehci_hcd and address 5" messages all the time. After replacing the cable the messages disappeared!

more info

Engadget

Hack a Day

Slashdot

IntoMobile » Android

Techmeme

Koen's blog

Interesting Blogs