All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.
Linux, Troubleshooting

Ubuntu Repositories Download Speed

Leave a comment

I recently upgraded my working Ubuntu 7.10 to Ubuntu 8.04. I hadn’t used the computer in about a month, so there were quite a few updates to do. Namely 83 updates.

sudo apt-get update
sudo apt-get upgrade

It was flying at anywhere from 300KB/sec to 950KB/sec on most of the packages, but then would falter down to 4000bytes/sec (and sometimes even less). I figured it was the Repositories getting nailed, or my network connection becoming unruly.

But, after searching for a while, I found the answer: the us.archive.ubuntu servers are SLOW. Doesn’t matter that the servers reside in the same country I’m located.

Edit the /etc/apt/sources.list file to remove the “us.”

cd /etc/apt
cp /sources.list sources.list.old
nano sources.list

Anywhere it says “us.archive.ubuntu” remove the us., then it should say “http://archive.ubuntu” etc.

Linux

Analog On Ubuntu

Leave a comment

This is a step by step process to install Analog logging server for apache on Ubuntu Server.

Update your ubuntu server
sudo apt-get update
sudo apt-get upgrade

Install analog
sudo apt-get install analog

Edit analog config file
sudo nano /etc/analog.cfg

Now I ended up putting in the following:

OUTFILE /var/www/stats/report.html
HOSTNAME “My Site”
MONTHLY ON
WEEKLY ON
DAILYREP ON
REQUEST ON
DIRECTORY ON
SEARCHWORD ON
SEARCHQUERY ON
BROWSERSUM ON
OSREP ON
FAILURE ON
REQLINKINCLUDE pages
REFLINKINCLUDE *
REDIRREFLINKINCLUDE *
FAILREFLINKINCLUDE *
SUBBROW */*
SUBTYPE *.gz,*.Z

And I kept all the search engine and page include stuff by default.

You can then run a crontab to allow the script to run every hour or day or month.
For everyone’s reference, here’s my settings in Crontab:
sudo crontab -e
15-45 * * * * /usr/bin/analog
That forces analog to run 15 and 45 minutes after every hour, every day, every week, every month.

Linux, Networking

VHCS On Ubuntu

Leave a comment

I was given the project of DNS entries for several customers. After playing around with BIND9 for several hours (I actually got it to work for all sites EXCEPT http://sitename.tld – it worked fine for subdomains), a colleague suggested that I try VHCS. VHCS is a free software suite that allows for Virtual Hosts, DNS, and other web related items to be shared and easily managed between several groups. You can grab more data here: VHCS.net

I also chose to put this on Ubuntu because debian packages are easy to install, Ubuntu is fully supported by a huge user base, and Ubuntu also uses a very small footprint.

Once you download the suite, follow the Install directions all the way until you get an error similar to this:
If specified by -literal_key, then the key length must be equal to the chosen cipher's key length of 56 bytes at /var/www/vhcs2/engine/setup/../vhcs2_common_code.pl line 1443
Compilation failed in require at ./vhcs2-setup line (line whatever).

Here’s the fix:
nano /var/www/vhcs2/engine/vhcs2_common_code.pl
Control + W and search for db_pass_key
Any time you see 'key' => $main::db_pass_key fill in the following ABOVE the line:
'keysize' => 32,

Then rerun the script ./vhcs2-setup

P.S. By the way even, the instructions don’t really mention that you have to copy some folders over. Make sure you copy everything in the vhcs2-2.4.7.1/configs folder to /etc/vhcs2/ otherwise it will fail out. If you get some postfix errors, that’s probably ok.

P.S. Part 2 There is a much easier product to setup: ISPConfig. You can find it at ISPConfig.com. I recommend using ISPConfig as it is actively maintained.

Linux

Webmin Install Ubuntu 8.04 Server

Leave a comment

1.) Log into your server. You can use SSH or your TTY.
2.) wget http://prdownloads.sourceforge.net/webadmin/webmin_1.340_all.deb
3.) sudo dpkg -i webmin_1.340_all.deb
4.) If you get errors, just type sudo apt-get install -f (this will install all the required pre-reqs)

EDIT: I had this as 8.06 server, when in fact it’s 8.04. My mistake. And since I always seem to install this right after installing the server, it’s a good idea to apt-get update, then apt-get upgrade

EDIT PT 2: The newest package is webmin_1.430_all.deb

EDIT PT3: if you’re installing on a CENTOS 5 box (like I am right now), you’ll need to wget http://downloads.sourceforge.net/webadmin/webmin-1.430-1.noarch.rpm
and then rpm -i webmin-1.430-1.noarch.rpm

EDIT PT4: Newest package is webmin_1.470_all.deb (http://prdownloads.sourceforge.net/webadmin/webmin_1.470_all.deb)

EDIT PT 5: Newest is webmin_1.490_all.deb (http://prdownloads.sourceforge.net/webadmin/webmin_1.490_all.deb)

Linux

CentOS and VMWare Server 1.0.6/2.0.0

Leave a comment

It was a toss up between a 64bit Ubuntu Server (8.04) and a 64bit CentOS Server (5.1). I couldn’t decide between the two, except for the fact that more people have installed VMWare server on CentOS than Ubuntu. And most of those people have been successful. Yay!

The server is a Dell PowerEdge 2850, 2X 3.0GHz Intel Xeon Processors (800FSB), 12GB RAM, 6X 300GB SCSI HD in RAID10 (1+0). It’s a beast. Why didn’t I go with a 32 bit OS? Because of the 2 to 4GB limitations imposed upon single processes. Take MySQL for example:
64Bit OS MySQL will use up as much RAM as you have (actually it uses up roughly 8 out of 12GB in another server)
32Bit OS MySQL will use up to 2GB RAM in the same spec server.

So I want to use VMWare to it’s full potential.
Install CentOS with most of the defaults. I didn’t choose to install support for virtualization.

First thing is first: UPDATE your server. yum update
Next we have to install GCC. yum install gcc
Then install the developer kernel yum install kernel-devel
Reboot your system. This will make the new kernel active.
Download VMWare Server from vmware.com
tar xvfz vmware*.tar.gz
cd vmware
/etc/init.d/xinetd start
./vmware_install.pl

If you ever update the kernel you will need to run the vmware configuration again /usr/bin/vmware_config.pl

Getting Samba to work was a whole different matter. Issues… Issues… Issues.

************************************************

2.0.0 is the same, but I made the mistake of installing the xen kernel on the development machine. VMWare will not work with the xen kernel – you will get an error:
You cannot install VMware Server on a system running a xen kernel

So then you must:

yum install kernel
yum remove xen kernel-xen
nano /boot/grub/grub.conf

and then make sure that in the grub.conf menu that it’s trying to load the kernel and not the xen kernel. It probably does this automatically, but a few seconds here fixes issues down the road.

Microsoft

Exchange 2007 Self-Signed Certificate

1 Comment

This will probably never come up in my ventures as the Administrator here at my job, but it has come up with one of our customers. They do not have a Certificate Authority (CA) and do not pay for an outside certificate. They also use Exchange 2007. I’m not privy to all the ins and outs of their network, but they’re a standard small business with 4 or 5 servers. And it’s been 53 weeks since they installed Exchange 2007.

Why is 53 a number you should scoff at? Every 52 weeks (365 days, 12 months, 1 year, 1/10th of a decade…) you have to resign the self-signed certificate that Exchange gives itself. Why do I even need a certificate, you ask. The certificate is required for all TLS communication. Anything that’s even remotely secured uses TLS. Outlook uses TLS. If the certificate is invalid or non-existent, Outlook will refuse to send and receive emails from your Exchange server. Not good. I’m not sure why their server lasted 53 weeks and not 52, but maybe the guy got it wrong (he’s fairly technical though).

Here’s a quick and easy way of renewing your certificate:
1.) On your Exchange 2007 server, open up the Exchange Management Shell
2.) Type “get-exchangecertificate” and hit enter. This will show all installed certificates.
Type “get-exchangecertificate | fl *” to show everything about the installed certificates.
Type “get-exchangecertificate | fl services, thumbprint” to show only the services with the thumbprint for each certificate.
3.) Type “get-exchangecertificate -thumbprint thumbprint_of_cert | new-exchangecertificate
4.) Type “enable-exchangecertificate -thumbprint thumbprint_of_new_cert -services “IMAP,POP,SMTP,IIS”
5.) Test the services
6.) Remove the old certificate. Type “remove-exchangecertificate – thumbprint thumbprint_of_old_cert

You’ll have to do this every year if you use the self-signed certs. If you use a CA, the issued certificate will last anywhere from 1 to 5 years. You can also use your internal CA to issue new signed-certificates. You can use the standard website template, and then use the Exchange Management Shell to add the services to the new certificate (enable-exchangecertificate -thumbprint thumbprint -services “imap,pop,smtp”. You can leave out IIS since it *should* already be there.

**** EDIT ****

New-ExchangeCertificate -SubjectName "DC=domain, DC=com, CN=server.domain.com" -DomainName server.domain.com,mail.domain.com -IncludeAcceptedDomains -IncludeAutoDiscover -Services "SMTP" -PrivateKeyExportable $true
This updates the certificate to cover all domains used by Exchange. You can also specify other domains like mail.domain, webmail.domain etc.

Get-ExchangeCertificate
Get-ExchangeCertificate | FL
These allow you to find the thumbprint of the certificate you created.

Enable-ExchangeCertificate -Thumbprint THUMBPRINT -Services SMTP,IMAP,POP,IIS
This will turn on the services for your thumbprinted certificate. Obviously you can choose which services to allow.

Export-ExchangeCertificate -Thumbprint THUMBPRINT -BinaryEncoded:$true -Path C:\SSCert.pfx -Password:(Get-Credential).password
This exports your personal certificate PFX file with the password you choose at the prompt. This can then be pushed out to users to trust this file. Check for root certificate installations for other details.

OR, if you have your own Certificate Authority:

New-ExchangeCertificate -GenerateRequest -SubjectName "o=My, o=Site, cn=MyServer.MyDomain.com" -IncludeAcceptedDomains
-Path c:\MyServer.MyDomain.com.req
Open this file using notepad or the like, and copy the information between the start and end of the certificate.
Now log into your Certificate Authority
http://CAServer/certsrv
Click Request a certificate
Submit an advanced certificate request
Submit a certifcate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file
Paste the certificate information from earlier
Change the Certificate Template to Web Server
Click submit

You should now have a certificate issued. You’ll probably want to download it – so select Base64 encoded and download the certificate. I always choose to download the full path AND the general cert.

Copy your newly issued/downloaded certificate to your Exchange server.
Import-ExchangeCertificate -Path c:\2009mycert.cer | Enable-ExchangeCertificate -Services SMTP,POP,IMAP,IIS

If you already have a certificate that’s the default one on Exchange, you’ll notice that the SMTP and IIS settings DO NOT STAY.
You’ll have to:
Enable-ExchangeCertificate -Thumbprint MYTHUMBPRINT -Services SMTP,IIS
Exchange will ask if you want to overwrite the current certificate with Y for yes.
You’re done!

Linux, Microsoft, Miscellaneous

Forgotten Passwords

Leave a comment

I can’t tell you the number of people that come up to me and ask if I can retrieve their password. For certain devices I can either reset the password or I can figure out a way to reset the password. Several websites give options to reset your password. Several Instant Messaging programs give the option to reset your password. I’m really just trying to see how many times I can type “reset your password”.

So here’s the lowdown on what can be reset, and a mostly “how-to” do it:

Mac OS 6.* – 8.5: If you set up a password you’re a fool. The OS doesn’t support native passwords and is a single user OS. You set one? Reformat and start from scratch. Or just live with it.
Mac OS 8.6 – 9.*: Read above. The OS was meant to be a single user Operating System, but somewhere along the line someone decided it would be a good idea to include basic password login protection. Usually a reboot will yield an “auto login” situation where you can change the preferences of a screen saver password. Otherwise you’ll have to reformat once again.
Mac OS X.*: Here’s the really easy part – Apple has included the utility to reset the password for you. It’s on the Apple Installation Disc. Don’t have the disc? You’ll have to download or buy one then. Have the disc? Boot off of it (press and hold C while turning on the computer), and then when you see a menu at the top of the screen click on Utilities. You’ll now see a “reset password” option. You can get the rest from there.

Windows 95/98: Press ESC instead of trying to login.
Windows ME: Burn your computer and that crappy Operating System and buy a new one.
Windows 2000/NT/XP/2003/Vista: Find a linux boot disc (knoppix should work) that can edit SAM files and reset administrator passwords.

Ubuntu: Press ESC at the grub prompt, Press E for edit, Select the line that begins with Kernel and press E, Go to the very end of the line and add “rw init=/bin/bash” without the quotes, Press enter and then B to reboot. This will give you full root shell access, so then type “passwd ” to reset that user’s password.

A lot of people work in corporations with Active Directory Microsoft Windows computers. Here’s a couple things that people should know:
1.) Administrators do NOT know your password for your login to the computer. We can reset it, but we can’t retrieve it (with normal means)
2.) Administrators do NOT know your password for your personal chatting application. We, like EVERY OTHER PERSON, can go to the provider’s website (ie yahoo.com/aim.com/msn.com) and have them send a reset password email to the registered email address.
3.) Administrators do NOT know the POP server or IMAP settings to your personal email. I actually block access to POP and IMAP so I don’t have to hear this one daily.