All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.
Microsoft

Exchange 2007 Outlook Anywhere

Leave a comment

I enabled Outlook Anywhere on the Primary external-facing Exchange server. But then some of the employees were complaining that whenever they would connect to exchange using Outlook that it would ask for their credentials. I chalked it up to being a permissions issue, but apparently the old Ex03 server was somehow still in the mix.

Open the registry editor on your Outlook Anywhere machine and checking the following key:
HKLM\SOFTWARE\Microsoft\Rpc\RpcProxy\ValidPorts
Make sure that you only see the name of your exchange server and the ports 6001, 6002, 6004 for the servername and servername.domain.tld.
I noticed that the old server was still listed in there. I deleted it, and then restarted the Microsoft Exchange Service Host to complete the task. Unfortunately the old server was put back in.

So then I checked ASDIedit and saw no traces of the old exchange server in the mix. Odd. So why was the old server still showing up in the RPC registry keys?

I had to load up IIS/Adminpak.msi on an XP machine to get Exchange 2003 System Manager to install (ESM). Loaded that up and under Admin Groups I could clearly see the old Exchange server. Booo.
Right-click, delete. *poof*.

Redo the registry edit steps and restart the service host service and bam, working again. Now no more complaints.

Microsoft

Exchange 2007 Outlook Anywhere Per User

Leave a comment

Exchange 2007 is pretty nice. They made Outlook Anywhere (RPC over HTTPS) pretty darn easy to setup – assuming you have an SSL certificate. Unfortunately (or fortunately depending on how you look at things) a lot of the commands must be performed using the command line PowerShell application. Good thing the PowerShell and Exchange 2007 allows for more granular permissions with Outlook Anywhere.

One such command is to allow/disallow Outlook Anywhere per user. By default Exchange allows all authenticated users to connect via Outlook Anywhere. There’s no nice way using the GUI to disable access – like there is for POP3/IMAP/MAPI/etc – so you’ll have to fire up the PowerShell.

Want to check the current settings of your user?
get-mailbox USERNAME | get-casmailbox | fl
That will fully list the CAS settings for that mailbox. Look under MAPIBLOCKOUTLOOKRPCHTTP. It’s probably set to “false”. If you want to block that user from accessing Outlook Anywhere:
get-mailbox USERNAME | set-casmailbox -mapiblockoutlookrpchttp $true

That’s it.

Linux

Clone Disk Drive Ubuntu

Leave a comment

We’ve all used DD before:
dd if=/dev/sda of=/dev/sdb

But someone pointed out there was a better way – a way that would allow retrieval of data even if the drive was dying. DD was never supposed to be able to do that, so it’s generally not the best tool to use.

apt-get install gddrescue
ddrescue -v /dev/sda /dev/sdb

That’s it.
Oh, I learned about ddrescue from Dimitar Darazhanski’s blog.

Linux

Postfix, Dovecot, SMTP Relay

Leave a comment

After setting up a BIND DNS on my Ubuntu 10.04 x32 server, I decided I should probably make a mail server too. I wanted to be able to access the mail from my iPhone.

Postfix was installed by default as I needed sendmail for some other php scripts I had previously written/edited. Otherwise you can always apt-get install postfix

I let webmin install dovecot for me. Dovecot is a POP3/IMAP server that will communicate with postfix’s mail system. Basically it’ll read the mail from /var/mail (which I had to edit – more on that later). I then set the DNS name for mail.mydomain.tld using BIND on webmin.

Use webmin and open up Servers > Dovecot
Click Networking and Protocols
I selected POP3
Click Save
Click on User and Login Options
SASL authentication realms: mail.yourdomain.tld
Authentication methods: plain text
Click save
Click on Mail Files
Select Inbox under /var/mail, folders in ~/mail
Click apply configuration

Then I made sure that port 110 was opened up on the firewall and away I went. I could now connect to the server via POP3 on the iPhone and retrieve my mail. However, I could not send mail. The fix for that (Found from Jimmy’s Weblog):
apt-get install postfix-tls sasl2-bin libsasl2 libsasl2-modules
nano /etc/default/saslauthd

START=yes
MECHANISMS=”pam”

nano /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd

nano /etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

/etc/init.d/postfix restart
/etc/init.d/saslauthd start

Honestly by that time I had changed a few other things in the postfix configuration, so hopefully this still works. If I ever set it up again or do a dry run on a secondary test system (ie if I find the time to QA my own work) then I will most definitely put up any updates. Any issues let me know.

Linux

Webmin Install Ubuntu 10.04 LTS Server

16 Comments

Log into your server
wget http://downloads.sourceforge.net/project/webadmin/webmin/1.510/webmin_1.510-2_all.deb
sudo dpkg -i webmin_1.510-2_all.deb
If you get errors, just type sudo apt-get install -f (this will install all the required pre-reqs)

And then I usually update the server:
apt-get update
apt-get upgrade
apt-get dist-upgrade

And then make sure you change the security on webmin:
Login to https://yourip:10000 as your root user
Click on Webmin, then Webmin Configuration
Click on IP access control
Only allow from the following:

127.0.0.1
192.168.1.0
OtherIP
ETC

***EDIT***
http://downloads.sourceforge.net/project/webadmin/webmin/1.570/webmin_1.570_all.deb
http://superb-dca2.dl.sourceforge.net/project/webadmin/webmin/1.580/webmin_1.580_all.deb

Linux

BIND, DNS, Godaddy, Ubuntu

7 Comments

Customer purchased Comcast Business cable for their primary internet provider. They also purchase a domain name through godaddy. I used to think godaddy was a horrible/awful/pile of dung, but now that I’m starting to find out where everything is hidden they’re turning out to be moderately OK.

Background:
Ubuntu 10.04 x32 Server LAMP
BIND 9.7.0
Webmin 1.510
Sonicwall TZ180W Enhanced
Godaddy account information and domain name

I updated their ubuntu server from 9.04 to 9.10, then now to 10.04. I installed webmin as the customer wanted a GUI to be able to edit the config files. And, despite resistance from CLI users, webmin is a pretty powerful suite. I secured the server as much as I could. I then made sure that port 53 for UDP and TCP was opened for DNS to/from the server.

Now the fun part begins. Login on your webmin server (usually https://webminserver’sIPaddress:10000) and navigate to Servers > Bind DNS Server.

Create BIND Master Zone
Under Existing DNS Zones, Click on Create Master Zone.

Zone type: Forward
Domain Name/Network: yourdomain.tld
Records file: Automatic
Master server: yourdomain.tld, uncheck Add NS record for master server
Email address: admin@yourdomain.tld
Use zone template: No
IP Address for template records: Your PUBLIC IP address
Add reverses for template addresses: Yes
Leave the TTL as is, unless you want longer/shorter timeouts
Click Create

Add Name Records
Now you should be in the Address Records for your new domain. If not, navigate to Servers > BIND DNS Server > Existing DNS Zones > Yourdomain.tld > Address.
NOTE: Notice the ‘.’ at the end of the names.

Name: ns1.yourdomain.tld.
Time-To-Live: default
Address: Your PUBLIC IP address
Update reverse: Yes
Create
Name: ns2.yourdomain.tld.
Time-To-Live: default
Address: Your PUBLIC IP address
Update reverse: Yes
Create
Name: yourdomain.tld.
Time-To-Live: default
Address: Your PUBLIC IP address
Update Reverse: Yes
Create
Name: www.yourdomain.tld.
Time-To-Live: default
Address: Your PUBLIC IP address
Update Reverse: Yes
Create

Add Name Servers
Return to Record Types. Now click on Name Server.

Zone Name:
Time-To-Live: 300
Name Server: ns1.yourdomain.tld.
Create
Zone Name:
Time-To-Live: 300
Name Server: ns2.yourdomain.tld.
Create

Restart BIND
You have two ways to do this (well, more than that, but you know how it is):

1.) Login as root using SSH to your BIND Server. Run:
sudo /etc/init.d/bind9 restart
2.) On Webmin, Click on System > Bootup and Shutdown > bind9
Click on the Restart Now button

Test your configuration:

Login to your BIND Server using SSH
nano /etc/resolv.conf
search yourdomain.tld
nameserver 127.0.0.1
Add ‘#’ to any other name servers in the list
Save and Exit Nano
dig yourdomain.tld
Make sure the HEADER Flags have: qr aa rd ra. Well, the ‘aa’ is the most important part – that shows it’s that authority for this domain.

Change the DNS Servers of your Godaddy account

Login on your godaddy domain manager
I added the DNS entries for ns1.yourdomain.tld and ns2.yourdomain.tld in the custom DNS area. Point those both to your public IP address.
In the lower left corner of the Domain Manager screen (after you click on the domain you want to manage) you will see a Host Summary area.
Add NS1.yourdomain.tld with your PUBLIC IP
Add NS2.yourdomain.tld with your PUBLIC IP
I had to wait 5 minutes or so before everything was happy.

Now change the DNS servers from NSxx.DOMAINCONTROL.COM to NS1.YOURDOMAIN.TLD AND NS2.YOURDOMAIN.TLD.

If you get a message about your name servers not being registered, you probably forgot to add the domains into the Host Summary area. Either that or you haven’t waited long enough.

Miscellaneous

Happy 4th Anniversary

Leave a comment

Four Long Years.

I look back on some of my early posts and see a completely different style of writing. That added to the fact that most of the “issues” were fairly easy in nature, and you can see how far I’ve come.

I’m glad I could write all this up here. It’s helped me more than a few times. It’s helped others more than a few times. And it’s still free.

Says I’m at Post 488. I’ve gone through 3 style changes (well, the site, so not technically “me”), 2 jobs, and several life-changing events in the past 4 years. Hopefully the next 4 years are just as interesting.