Tag: Linux

IT

Using Ctrl+Alt+F1 in a VMWare Virtual Machine

When you're running Linux, pressing CTRL+ALT+F1 will bring you to console #1. If you want to go to the console of a vmware guest, this won't work, because the host will go to the console instead of the guest. Making it pretty hard to get to a console.

The correct combination for linux-in-vmware-on-linux is CTRL+ALT+SPACE, release space while holding down CTRL+ALT, then add the F1 key.

© GeekLabInfo Using Ctrl+Alt+F1 in a VMWare Virtual Machine is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

Simple dual uplink configuration

Last week I switched from ADSL to EuroDOCSIS cable. I couldn't just shut down the DSL connection as several services were still connecting to that IP. So I made my home router (Fedora 15) kind of multihomed.

Configuration

I haven't even taken the time to seperate the ADSL and cable modems, I just hooked them up to the same network interface. Of course, they got their own IP range.

ADSL modem: 192.168.2.254/24
Cable modem: 192.168.1.1/24

Step 1: Add ip
ip addr add 192.168.1.2 dev eth0

Step 2: Routing
By default we send all outgoing packages to the default gateway at 192.168.2.254. Only packets that are answers to incoming packets on the 192.168.1.x network must be routed back to 192.168.1.1
ip rule add from 192.168.1.0/24 lookup 1001
ip route add default gw 192.168.1.1 table 1001

That's all. Of course, above setup only takes care of answering to incoming packets. If you want to load-balance or have a fail-over setup, I suggest you read the Linux Advanced Routing & Traffic Control HOWTO.

© GeekLabInfo Simple dual uplink configuration is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

Backup your website over FTP

One of my customers is being hosted at a crappy hosting provider, which I do not trust at all. In fact, I have actually seen that I made changes to the website, which were reverted a couple of days later.

To never lose any data on the FTP, I wrote a script to make backups of the FTP, while not wasting too much bandwidth or disk space. I based this script on the principle that rsnapshot uses: hardlinks and rotation.

#!/bin/bash    
 
for i in `seq 100 -1 2`; do
        if [ -d $i ]; then
                echo mv $i $((i+1))                                                                 
                mv $i $((i+1))
        fi
done
echo cp -al 1 2
cp -al 1 2
 
HOST="type-hostname-here.com"
USER="type-username-here"
PASS="type-password-here"
LCD="/backups/1"
RCD="/remote/path/httpdocs"
 
mkdir -p $LCD            
lftp -c "set ftp:list-options -a;
set ftp:ssl-force;
open ftp://$USER:$PASS@$HOST;
lcd $LCD;
cd $RCD;
mirror --verbose \
       --delete \
       --exclude-glob __old \
       --exclude-glob phpmyadmin

In this example the directory __old is not copied, nor is phpmyadmin. What is does, is move the directory 99 to 100, then it moves 98 to 99, 97 to 98 etc until 2 is moved to 3. It then hardlinks the directory 1 to 2. This way, a 100Mb file that is not modified can exist in all 100 directories while only using one single block of 100Mb of disk space.

Finally, the script uses lftp to download all modified files from the remote ftp server. Luckily, lftp doesn't just open a local file to modify its contents: instead remotely modified files are first unlinked locally, then re-downloaded. This way, lftp does not interfere with the hardlink system.

Database backup

This method does NOT backup your database. Don't forget to backup your database!

© GeekLabInfo Backup your website over FTP is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

Install mod_auth_ntlm_winbind on CentOS 6.0

Step 1. Install ntp and synchronize clocks

We'll be using winbind, kerberos and ntlm to authenticate the user. This requires the clocks of the AD server and the proxy server to be synchronized.

yum -y install ntp

sed -i "s/^server /#server /g" /etc/ntp.conf

echo "server YOURSERVERNAME" >> /etc/ntp.conf

ntpdate YOURSERVERNAME #synchronize right now

service ntpd start #and keep in sync

chkconfig ntpd on #after reboot as well

Step 2. Update system and install required software

yum update
yum install mc vim httpd php svn httpd-devel make autoconf gcc ntp krb5-workstation \
samba-common authconfig samba-winbind

Step 3. Connect to active directory

Please note that MYCOMPANY.local and mycompany.local may be different domains due to the upper/lowercase.
ADSERVER=sbs.MYCOMPANY.local
DOMAIN=MYCOMPANY.local
WORKGROUP=MYCOMPANY
authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=$ADSERVER \
--krb5realm=$DOMAIN --smbservers=$ADSERVER --smbworkgroup=$WORKGROUP \
--enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=$DOMAIN \
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" \
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline \
--winbindjoin=Administrator --disablewins --disablecache --enablelocauthorize --updateall
service winbind start ; chkconfig winbind on
setsebool -P allow_httpd_mod_auth_ntlm_winbind on

Now check your winbind connection using the following commands:
wbinfo -u
wbinfo -g

The socket /var/lib/samba/winbindd_privileged/pipe should be writable by the webserver. To allow that access, I add user apache to the group wbpriv: usermod -G wbpriv apache

Step 4. Download and compile mod_auth_ntlm_winbind

svn co svn://svnanon.samba.org/lorikeet/trunk/mod_auth_ntlm_winbind mod_auth_ntlm_winbind
cd mod_auth_ntlm_winbind/
autoconf
./configure
apxs -DAPACHE2 -c -i mod_auth_ntlm_winbind.c

Step 5. Configure it

In /etc/httpd/conf.d/mod_auth_ntlm_winbind.conf I put the following configuration
LoadModule auth_ntlm_winbind_module /usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so

Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "NTLM Authentication"
AuthType NTLM
Require valid-user
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on

In /etc/httpd/conf/httpd.conf, change KeepAlive Off to KeepAlive On. Preferably, also set MaxKeepAliveRequests and KeepAliveTimeout to a high value. On my intranet server, they're set to 1000 requests and 600 seconds.:w

Step 6. Change your firewall to enable incoming HTTP

iptables -I INPUT -p tcp --dport 80 -j ACCEPT
service iptables save

Step 7. Go!

Run service httpd restart, make httpd start on reboot using chkconfig httpd on and test your configuration.

© GeekLabInfo Install mod_auth_ntlm_winbind on CentOS 6.0 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Linux

X11 over SSH

CentOS 5's and Fedora 15's base installations are pretty good prepared to use X11 over SSH. You just need to install one more package on the server you're connecting to: xorg-x11-xauth. According to yum info, the purpose of this package is:
xauth is used to edit and display the authorization information used in connecting to an X server.
This editting probably means synchronising X11 authority cookies between SSH peers.

Installing is done using:
yum install xorg-x11-xauth

Then ssh into the box using:
ssh -X [servername]

© GeekLabInfo X11 over SSH is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
IT

SELinux: Running samba unconfined

I don't want to disable SELinux, but i'm using samba to access about every file on the system. To run samba unconfined, change its context:
chcon -t unconfined_exec_t /usr/sbin/smbd
service smb restart
This works for other software as well.

Update: Another solution may be to run software in permissive mode. I just changed the mode of one postfix sub-program to permissive mode: semanage permissive -a postfix_pipe_t

© GeekLabInfo SELinux: Running samba unconfined is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
IT

OpenVPN: script failed: could not execute external program

I've been using the great VPN software OpenVPN for a long time now. I just love it. Today, I copied the configuration of my old router to my brand new Fedora 15 box, and suddenly it can't start anymore.

In the logs I found this message:
script failed: could not execute external program

What does that mean?
Is the 'up' script not found? It it in the wrong directory? I could not just find it. Until I hooked up my favourite debugger tool: strace. And look what I found there:
[pid 8273] execve("./up", ["./up", "vpn", "1500", "1576", "", "", "init"], [/* 14 vars */]) = -1 ENOEXEC (Exec format error)

Solution

What is the case? In older OpenVPN versions, scripts where run by system(3), which uses the shell to run scripts. Newer versions are more secure, and use execl/execve or something like that. That means that shell scripts must explicitly tell the sytem that they're to be run by the shell.

So, add the following line to the top of the script:
#!/bin/bash
And you're done.

© GeekLabInfo OpenVPN: script failed: could not execute external program is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 4.11 out of 5)
Loading...