Category Archives: Linux

The Linux Category actually encompasses *BSD, RH, Fedora, Ubuntu, and the like.

Linux, Microsoft

Nas4Free Samba Home Directories Active Directory

3 Comments

Wow that title is a mouthful. So I installed Nas4free (9.1.0.1-636) on a server with ample storage and wanted to give my end users access to this storage. Why Nas4free? Because it’s freakin easy to administer, fast, and ZFS snapshots are pretty damn nice. And free.

So, nas4free on a server. I also had active directory with about 120 windows users. Hell if I’m going to setup 120 “local” users on nas4free AND have to manage 120 “local” users passwords when they forget. No way. So I could either use LDAP or Active Directory – in my case I chose AD.

Under Access, choose Active Directory (This actually joins the server to your domain, so I assume your network and other settings are already correct)
Domain Controller name: MYDC1
domain name (DNS): MYDOMAIN.LOCAL
Domain name (NetBIOS): MYDOMAIN
Administrator name: ADMINISTRATOR
Administration password: ******

Save. Then verify that it joined your domain by clicking on Diagnostics, then Information. Click on MS Domain.
You should see the line “Join to ‘MYDOMAIN’ is OK” and “checking the trust secret for domain MYDOMAIN via RPC calls succeeded” as well as a list of all of your domain user accounts imported.

But then I needed to change CIFS/SMB to allow my users:
Click on Services then CIFS/SMB
Authentication should already be set to Active Directory. I had issues with protocol, so I changed it to NT1. I also changed the workgroup to be the netBIOS name from above.

Then, on shares, I created a HOmeDirs with the following path
/mnt/zfs/zfsdataset/homedirs/%U
Made it browseable and with Guest Access enabled
Then enabled Shadow Copy
In AUX parameters I entered:
valid users = %U
force user = %U

Then, all you have to do manually is create each directory:
SSH to your nas4free
mkdir /mnt/zfs/zfsdataset/homedirs/USERNAME1 etc

I ended up chmod -R 777 /mnt/zfs/zfsdataset/homedirs

Linux

Apt-get Woes

1 Comment

I had just done apt-get update && apt-get dist-upgrade when I saw something that made me cringe:

No apport report written because MaxReports is reached already
Errors were encountered while processing:
initramfs-tools
plymouth
linux-image-3.2.0-38-generic-pae
ubuntu-minimal
plymouth-theme-ubuntu-text
linux-image-generic-pae
linux-generic-pae
mountall
upstart
E: Sub-process /usr/bin/dpkg returned an error code (1)

Well that’s not the exact error – I ended up seeing “disk out of space” among other issues. Basically the /root filled up and it broke my apt-get upgrade right in the middle of updates. No good.
So I go to /boot and clean up the older kernel files – just make sure you delete the “abi”, the “config”, the “initrd”, the “System.map”, the “vmcoreinfo”, the “vmlinuz” etc all with the same version number.

Then I went about reinstalling the packages. Unfortunately since some of the packages were already installed prior to running out of space, the dependencies were a little off.

apt-get install -f was no help:

You might want to run ‘apt-get -f install’ to correct these.
The following packages have unmet dependencies:
initramfs-tools : Depends: initramfs-tools-bin (< 0.99ubuntu13.1~) but 0.99ubuntu13.1 is installed E: Unmet dependencies. Try using -f.

And I didn’t want to have to restore this beast since the last full backup was over 2 months ago. So I had to carry on.

First I noticed that initramfs-tools needed the bin installed, but the bin was too new for initramfs-tools to utilize and therefore could not update even via –configure. Chicken and egg?

So then I looked up what versions were available so that I could downgrade:
apt-cache showpkg initramfs-tools-bin

Versions:
0.99ubuntu13.1 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise-updates_main_binary-i386_Packages) (/var/lib/dpkg/status)
Description Language:
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_binary-i386_Packages
MD5: 14e601bd8c0a0905d238d89be3036fa8
Description Language: en
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_i18n_Translation-en
MD5: 14e601bd8c0a0905d238d89be3036fa8

0.99ubuntu13 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_binary-i386_Packages)
Description Language:
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_binary-i386_Packages
MD5: 14e601bd8c0a0905d238d89be3036fa8
Description Language: en
File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_precise_main_i18n_Translation-en
MD5: 14e601bd8c0a0905d238d89be3036fa8

Ok, so this was getting easier. All I have to do is install the older version. I had to look it up since it generally doesn’t happen too often:
apt-get install initramfs-tools-bin=0.99ubuntu13

The following packages will be DOWNGRADED:
initramfs-tools-bin
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 1 not upgraded.

From there I run the following:
apt-get dist-upgrade
apt-get autoremove
apt-get autoclean
reboot

Profit.

Linux, Miscellaneous

Fog, Windows 7, Sysprep

Leave a comment

Back in the day (I’m starting to feel old now) I setup a Ghost server with PXE booting. It was a pretty nice setup; a Dell PE2550 with 4x144GB SCSI (~385GB usable), 24port gigabit switch, and enough desk space – and power – to handle 16 laptops or 22 desktops at a time. It took 2 of us about 3 weeks to get the workspace setup, and another 3 weeks to get the Ghost server and PXE working. And then there was always the issue of updating the drivers on the PXE image without breaking anything else. Basically crossing your fingers and hoping for the best.

That was five years ago.

Looking back on my previous experiences I can definitely say I’ve grown and become more knowledgeable. Back then, when I had researched a solution, I just googled for “imaging software server” or something similar. Working for a computer reseller meant that I had access to NFR copies of quite a bit of software, so management decided that we should go with Ghost. I hadn’t even begun to research into FOG yet.

Fast forward the five (almost 6 now) years, and I know to look into server software that supports all operating systems, supports multicast, and is fairly intuitive to setup. Enter FOG.

I like to install the latest and greatest, but in this case I had some issues that I didn’t feel like resolving when I tried to use FOG with 12.04LTS. Instead I opted to use 10.04LTS. It’s an internal server, so the patching levels are not generally as critical. I also installed this on a production network – there are 7 VLANS, active directory and windows DNS/DHCP, cisco switches. IP helper has already been set on the switches for DHCP. The active directory environment is 2008R2.

Install Ubuntu 10.04LTS x32 – I gave it a single 2.4GHz Xeon core, 512MB RAM, and 120GB partition. Installed with LAMP (no mysql password), SSH, and Mail.
Change the Root Password
sudo passwd root
Login As Root
su
Update the system
apt-get update && dist-upgrade
Reboot
reboot

Install FOG – version 0.32 at the time of this writing
mkdir -p /opt/fog-setup
cd /opt/fog-setup
wget http://sourceforge.net/projects/freeghost/files/FOG/fog_0.32/fog_0.32.tar.gz
tar -xvzf fog*
cd fog*
cd bin
./installfog.sh
The wizard now starts. http://www.fogproject.org/wiki/index.php/Integrating_FOG_into_an_Existing_Network
I chose the following:
“N” normal installation
10.10.10.10 IP Address of FOG
“Y” to setup a router/DHCP address
10.0.10.1 IP address of DHCP server
“Y” to DNS
10.0.10.1 IP address of DNS
“N” eth0 is fine by me
“N” I already have DHCP
“N” I’m not international
“Y” looks good; set it up
Make sure you read! If you have a password setup on mysql you must adjust the configuration files accordingly (opt/fog/service/etc/config.php)
I ended up rebooting the server just in case.

Edit the Windows DHCP Options
I have 7 different DHCP scopes (one for each of the VLANs I had), so your settings may be different. Instead of making the options change per scope, I performed the task in the Server Options area.
Right-click and select “Configure Options”
Select 066 and set the value to your FOG server IP address
Select 067 and set the value to pxelinux.0

At this point you should be able to connect to your PXE FOG server – set a test workstation/laptop to boot PXE (Dell’s have F12 for this), and connect via your network interface.

SYSPREP coming soon
CONFIGURATION OF FOG coming soon

Linux

Disable SSL for Webmin

Leave a comment

Generally when I give a debian/ubuntu server to developers or other end users, I install webmin and teach them how to use it. Webmin is a great tool for those who either don’t like command line or are just not up to speed with the latest commands to use. Unfortunately a developer installed jira confluence and it broke the SSL settings on apache. Instead of “fixing” the problem, I just went and did it the lazy and easy way: disable ssl for webmin.

SSH to the server as root (or use sudo in front)
nano /etc/webmin/miniserv.conf
Change ssl=1 to ssl=0, save and quit nano
/etc/init.d/webmin restart
Profit!

Linux

Dovecot 1.2.9 Ubuntu Autodetection Failed

Leave a comment

I had an ubuntu server with 8.04LTS upgraded to 10.04LTS (not quite making it to 12.04, but that’s in the works) with webmin, LAMP, postfix, etc. I used webmin to install dovecot after I already configured postfix to receive mail without requiring SSL with plaintext. It’s an internal only server used to testing purposes, so I don’t mind if someone is sniffing the test passwords that only apply to this box.

Anyway, I was receiving the following in my /var/log/mail.err

Oct 17 08:35:33 SERVERNAME dovecot: POP3(USERNAME): mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/USERNAME
Oct 17 08:35:33 SERVERNAME dovecot: POP3(USERNAME): Fatal: Namespace initialization failed

Great. Brief search tells me that dovecot’s automatic detection failed (duh) and the fix is to enable the mail location in the configuration file
nano /etc/dovecot/dovecot.conf
Find #mail_location
Assuming it’s commented out, I just added the following below the line:
mail_location = maildir:~/Maildir
Save and close
/etc/init.d/dovecot restart

Linux, Networking

Add Public IP To DD-WRT

1 Comment

Customer has a comcast line (50/10) with 5 static IP addresses (/29 or .248, 1 IP used for the gateway) that they wanted to assign to various internal devices. I attempted to talk them into an actual firewall solution (either an ASA5505 or an Untangle system for roughly $400 plus my “fees”), but they were looking more into the sub-$100 range. After a bunch of options and a little bit of back and forth, they settled on buying a pair of refurbished E2000 Linksys Routers; one for the primary, and the second for a backup. Total cost for hardware: $85.

Unfortunately I needed to learn how to make their router work with additional public IPs. I’ve disliked the default (stock) interface of any home/small business router since the beginning of time, so I ended up installing dd-wrt on both of the routers. http://www.dd-wrt.com/wiki/index.php/One-to-one_NAT

Just set the router up as you would if you only had a single IP address. In my case I’ll use 173.x.x.0 as my public network:
173.x.x.0 network
173.x.x.1 Public 1
173.x.x.2 Public 2
173.x.x.3 Public 3
173.x.x.4 Public 4
173.x.x.5 Public 5
173.x.x.6 gateway
173.x.x.7 broadcast
And I’ll also use 192.168.1.0 as my internal private NAT network. My default configuration for the router then was a static WAN 173.x.x.1, with an internal IP of 192.168.1.1 (DHCP from 192.168.1.100-254)

From here, click on Administration, and then on the Commands tab.
In the text box, type the following (obviously I’m adding ALL other public IPs to my configuration. Edit as appropriate):

WANIF=`/sbin/get_wanface`
/sbin/ifconfig $WANIF:1 173.x.x.2 netmask 255.255.255.248 broadcast 173.x.x.7
/sbin/ifconfig $WANIF:2 173.x.x.3 netmask 255.255.255.248 broadcast 173.x.x.7
/sbin/ifconfig $WANIF:3 173.x.x.4 netmask 255.255.255.248 broadcast 173.x.x.7
/sbin/ifconfig $WANIF:4 173.x.x.5 netmask 255.255.255.248 broadcast 173.x.x.7

Now click on the Save Startup button. You should then see it after a page refresh. Basically this will add the vlan2:1 through vlan2:4 to your configuration.

Now that the virtual interfaces are configured, we need firewall rules to enable access. IPTables will enable this access. In that same box, type:

/usr/sbin/iptables -t nat -I PREROUTING -d 173.x.x.2 -j DNAT –to 192.168.1.x
/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.1.x -j SNAT –to 173.x.x.2

This will create the in and outbound rule to translate from public to private addresses. You can add the other pubic IP address if applicable. Click on Save Firewall and you should then see the configuration after a page refresh.

If you want to add specific port forwards to these new IP addresses, you must utilize the following template:

/usr/sbin/iptables -t nat -I PREROUTING -d 173.x.x.2 -j DNAT –to 192.168.1.x
/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.1.x -j SNAT –to 173.x.x.2
/usr/sbin/iptables -I FORWARD -d 173.x.x.2 -p tcp –dport 80 -j ACCEPT
/usr/sbin/iptables -I FORWARD -d 173.x.x.2 -p tcp –dport 22 -j ACCEPT

Then reboot your router.

After a reboot, you can telnet to your router and verify that you can see the iptables:

telnet 192.168.1.1 root/admin
iptables -t nat -L

Linux

Nagios Monitor Confluence Jira

1 Comment

Recently had to start monitoring a confluence installation on a virtual server using Nagios. Nagios’s built-in check_http looked like it could solve my woes. Unfortunately this was a slight pain due to the fact that confluence uses a non-standard port. So I had to relearn the commands.

I edited the service check first
nano /usr/local/nagios/etc/objects/commands.cfg
I copied the check_http command into a new one:

define command {
command_name check_http_port
command_line $USER1$/check_http -I $ARG1$ -u $ARG2$ -p $ARG3$ -s $ARG4$
}

So the command would be ./check_http -I (IP/Hostname) -u (URL Full Address) -p (Port) -s (String to look for). Technically this will already warn if there is a 400 or 500 error, but I also wanted to verify that the string could be found.

Now we edit the configuration of the system itself
nano /usr/local/nagios/etc/objects/confluence.cfg

define host{
use linux-server
host_name confluence
alias confluence
address 10.555.555.555
parents parent1, switch1, mfer1
hostgroups linux-production-servers, datacenter2
}

define service{
use generic-service
host_name confluence
service_description HTTP
check_command check_http_port!confluence!http://confluence:8090/login.action?os_destination=%2Fhomepage.action!8090!”Remember me”
}

Using the above check_command, you’re able to connect to the server and port listed above and check for the familiar login “remember me” string.