Saturday, December 24, 2011

Disable IPV6 in ubuntu

Here are few methods to disable IPV6 in UBUNTU


Edit Modprobe
You need to edit the aliases file using the following command
sudo vi  /etc/modprobe.d/aliases
Find the line: alias net-pf-10 ipv6
change to
alias net-pf-10 off
If the above change is not working you need to change the following one
alias net-pf-10 off ipv6
Save the file and reboot

Edit GRUB

Edit /etc/default/grub file
sudo vi  /etc/default/grub
Change
GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash”
to
GRUB_CMDLINE_LINUX_DEFAULT=”ipv6.disable=1 quiet splash”
Save and exit the file

Update the grub from the command line
sudo update-grub
Edit sysctl.conf


Edit sysctl.conf file
sudo vi /etc/sysctl.conf
Add following lines


# Disable IPV6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
 save and exit file
Posted by at No comments:
Labels: , , , , ,

Tuesday, December 20, 2011

Setup a LDAP server

LDAP stands for Lightweight Directory Access Protocol. This allows to setup a centralized user, domain authentication.

I have defined my LDAP server as PDC - 192.168.0.20 and would manage the domain pdc.local. This would be accessible from all machines under 192.168.0.X.

Installation

Pre-Setup - Linux Box preparation

* Create a 1GB VM Disk on a vSphere and download ubuntu LTS 10.04 mini ISO
http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-i386/current/images/netboot/mini.iso

* Choose all default options and install the base system - takes about 600MB
* Add few additional packages
    sudo apt-get install openssh-server slapd ldap-utils migrationtools
* Take a snapshot of VM incase a rollback is required

LDAP Server Configuration

1. Add schema files
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
2. backend.domain.com.ldif


# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=example,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: secret
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif
3. Frontend directory population. Create a file frontend.example.com.ldif with following entries


# Create top-level object in domain
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Example Organization
dc: Example
description: LDAP Example
# Admin user.
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: secret
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=john,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 1000
gidNumber: 10000
userPassword: password
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: john.doe@example.com
postalCode: 31000
l: Toulouse
o: Example
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:
initials: JD
dn: cn=example,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: example
gidNumber: 10000
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif

Posted by at No comments:
Labels: , , , , , ,

Monday, October 31, 2011

Add new user in CentOS

Users can be created using user add command


useradd testuser

passwd testuser


Posted by at No comments:

Centos on MAC Mini

This post is about my experiences installing CentOS 6.0 on Mac Mini '07 model. Its an absolutely wonderful piece of hardware - 1.8Ghz, 2 G, 80GB. This had been running OSX for last 4 years and finally decided to move onto linux.

One of the problems with new OSX operating systems is they tend to run slower.

Steps to install:

1. Go to centos website and download 386 ISO ( i chose minimal edition can always install software and customize the environment)

This edition of mac mini runs on Core Duo chipset hence x86_64 is not supported.

2. Burn the ISO on a RW CD

3. Reboot the system and place the media on CD drive

4. Wait for a while until you see installer and follow the steps to install the application.

5. I chose to use the entire HD for linux, don't plan to run osx on this anymore

6. create users etc and reboot system.
Posted by at No comments:

Tuesday, October 25, 2011

Smoothwall mods

Lots of goodies at http://code.google.com/p/swemods/

Install modcommander to get a web install interface.

Mods installed on my Smoothwall Server:


Clamav
DHCP Lease
Enhanced DHCP mod
Smoothwall Backup
Vmwaretools
Posted by at No comments:

Connections & Ports in ESX & ESXi

An excellent port diagram for Vmware connectivity.

http://www.virtualinsanity.com/wp-content/uploads/connections-ports-esx.pdf
Posted by at No comments:

Saturday, January 29, 2011

HOWTO: Setup restricted directories on lighttpd

Restricted directories in lightttpd will be setup using mod_auth package and htpasswd.



if you don't already have htpasswd installed on your box do a apt-get

* apt-get install apache2-utils


Create password file

* htpasswd -c -m /etc/lighttpd/htpasswd

(Default encryption scheme is MD5)


Modify Lighttpd Config file

* vi /etc/lighttpd/lighttpd.conf

Add mod_auth on server.modules


server.modules              = (
            "mod_access",
            "mod_alias",
            "mod_accesslog",
            "mod_compress",
            "mod_auth"
}

Add following authorization module configurations

auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd"
auth.require = ( "/directory-to-be-protected/" => (
                        "method" => "basic",
                        "realm" => "Access restricted to authorized users only",
                        "require" => "valid-user"
                )
)


Reload lighttpd configuration

/etc/init.d/lighttpd reload
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)