Linkstation enable ssh - LS-X1.0TLJ

How to enable SSH on Linkstation LS-X1.0TLJ

1/ Download acp_commander.jar ( google around to find the JAR)

2/ Assuming the IP on your linkstation is 10.0.1.60 you have to run the following commands

3/ _ADMIN_PASSWORD_ is same password that you user on linkstation HTTP/HTTPS URL with admin id.

4/ _ROOT_PASSWORD_ provide a new root password

 

java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.10 -pw _ADMIN_PASSWORD_ -c "ls /"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "(echo _ROOT_PASSWORD_;echo _ROOT_PASSWORD_)|passwd"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "sed -i 's/UsePAM yes/UsePAM no/g' /etc/sshd_config"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/sshd_config"
java -jar acp_commander.jar -t 10.0.1.60 -ip 10.0.1.60 -pw _ADMIN_PASSWORD_ -c "/etc/init.d/sshd.sh restart"

SAX 2048 byte issue on Java XML parsing

SAX parser code has an issue for files or messages of greater than 2048 bytes. Parser only reads in 2048 bytes at a time which could lead to an error if the 2048-byte split the data element.

The solution to this is to introduce a temporary variable on the callback method. Here is code snippet.

public void startElement(String uri, String localName, String qName,

Attributes attributes) throws SAXException {

public void startElement (String uri, String localName, String qName, Attributes attr) throws SAXException{

     value = new StringBuffer();     if(qName.equalsIgnoreCase("clientDets")) {          ncstClient = new NcstClient();          ncstClient.setType(attributes.getValue("type"));     }}

public void characters(char[] ch, int start, int length) throws SAXException {     value.append(new String(ch, start, length));}

Configure NTP to Synchronize the system clock: Centos 6

Login as root. Type the following command

[root@homeserver]# yum install ntp

Type on the ntpd service

[root@homeserver]# chkconfig ntpd on

Synchronize the system clock with 0.pool.ntp.org server:

[root@homeserver]# ntpdate pool.ntp.org


Start daemon process:
[root@homeserver]# /etc/init.d/ntpd restart

Install GD Library For PHP5 On CentOS 6

Install GD Library For PHP5 On CentOS

Note: this article only applies if your current PHP version has been installed by yum. If you custom compiled it from source, this will not work.

Verify PHP as installed by yum

An easy task, using yum. First step, see if it's already installed.

[root@homeserver]# rpm -qa | grep php
php-common-5.1.6-15.el5
php-cli-5.1.6-15.el5
php-5.1.6-15.el5
php-pdo-5.1.6-15.el5
php-mysql-5.1.6-15.el5

Install the GD library using yum

If the GD Library isn't present in that list, it wasn't installed on the server yet. Install it using yum.

[root@homeserver]# yum install php-gd
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
epel/metalink                                                                                                                 | 5.0 kB     00:00     
 * base: ftp.iij.ad.jp
 * epel: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
base                                                                                                                          | 3.7 kB     00:00     
extras                                                                                                                        | 3.5 kB     00:00     
updates                                                                                                                       | 3.5 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-gd.x86_64 0:5.3.3-3.el6_2.8 will be installed
--> Processing Dependency: libpng12.so.0(PNG12_0)(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libpng12.so.0()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libjpeg.so.62()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libfreetype.so.6()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libXpm.so.4()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Processing Dependency: libX11.so.6()(64bit) for package: php-gd-5.3.3-3.el6_2.8.x86_64
--> Running transaction check
---> Package freetype.x86_64 0:2.3.11-6.el6_2.9 will be installed
---> Package libX11.x86_64 0:1.3-2.el6 will be installed
--> Processing Dependency: libX11-common = 1.3-2.el6 for package: libX11-1.3-2.el6.x86_64
--> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.3-2.el6.x86_64
---> Package libXpm.x86_64 0:3.5.8-2.el6 will be installed
---> Package libjpeg.x86_64 0:6b-46.el6 will be installed
---> Package libpng.x86_64 2:1.2.49-1.el6_2 will be installed
--> Running transaction check
---> Package libX11-common.noarch 0:1.3-2.el6 will be installed
---> Package libxcb.x86_64 0:1.5-1.el6 will be installed
--> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.5-1.el6.x86_64
--> Running transaction check
---> Package libXau.x86_64 0:1.0.5-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=====================================================================================================================================================
 Package                               Arch                           Version                                  Repository                       Size
=====================================================================================================================================================
Installing:
 php-gd                                x86_64                         5.3.3-3.el6_2.8                          updates                         104 k
Installing for dependencies:
 freetype                              x86_64                         2.3.11-6.el6_2.9                         updates                         359 k
 libX11                                x86_64                         1.3-2.el6                                base                            582 k
 libX11-common                         noarch                         1.3-2.el6                                base                            188 k
 libXau                                x86_64                         1.0.5-1.el6                              base                             22 k
 libXpm                                x86_64                         3.5.8-2.el6                              base                             59 k
 libjpeg                               x86_64                         6b-46.el6                                base                            134 k
 libpng                                x86_64                         2:1.2.49-1.el6_2                         updates                         182 k
 libxcb                                x86_64                         1.5-1.el6                                base                            100 k

Transaction Summary
=====================================================================================================================================================
Install       9 Package(s)

Total download size: 1.7 M
Installed size: 5.9 M
Is this ok [y/N]: y
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 1.7 M
(1/9): freetype-2.3.11-6.el6_2.9.x86_64.rpm  | 359 kB     00:00     
(2/9): libX11-1.3-2.el6.x86_64.rpm           | 582 kB     00:00     
(3/9): libX11-common-1.3-2.el6.noarch.rpm    | 188 kB     00:00     
(4/9): libXau-1.0.5-1.el6.x86_64.rpm         |  22 kB     00:00     
(5/9): libXpm-3.5.8-2.el6.x86_64.rpm         |  59 kB     00:00     
(6/9): libjpeg-6b-46.el6.x86_64.rpm          | 134 kB     00:00     
(7/9): libpng-1.2.49-1.el6_2.x86_64.rpm      | 182 kB     00:00     
(8/9): libxcb-1.5-1.el6.x86_64.rpm           | 100 kB     00:00     
(9/9): php-gd-5.3.3-3.el6_2.8.x86_64.rpm     | 104 kB     00:00     
--------------------------------------------------------------------
Total                                                                                                                736 kB/s | 1.7 MB     00:02     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 2:libpng-1.2.49-1.el6_2.x86_64    1/9 
  Installing : libX11-common-1.3-2.el6.noarch    2/9 
  Installing : libXau-1.0.5-1.el6.x86_64         3/9 
  Installing : libxcb-1.5-1.el6.x86_64           4/9 
  Installing : libX11-1.3-2.el6.x86_64           5/9 
  Installing : libXpm-3.5.8-2.el6.x86_64         6/9 
  Installing : libjpeg-6b-46.el6.x86_64          7/9 
  Installing : freetype-2.3.11-6.el6_2.9.x86_64  8/9 
  Installing : php-gd-5.3.3-3.el6_2.8.x86_64     9/9 
Installed:
  php-gd.x86_64 0:5.3.3-3.el6_2.8                                                                                                                    

Dependency Installed:
  freetype.x86_64 0:2.3.11-6.el6_2.9       

  libX11.x86_64 0:1.3-2.el6

  libX11-common.noarch 0:1.3-2.el6

  libXau.x86_64 0:1.0.5-1.el6      
  libXpm.x86_64 0:3.5.8-2.el6 

  libjpeg.x86_64 0:6b-46.el6

  libpng.x86_64 2:1.2.49-1.el6_2  

  libxcb.x86_64 0:1.5-1.el6        

Complete!

Easy going, isn't it?

Restart Lighttpd

Restart your lighted, and you're ready to rock.

[root@srv]# service httpd restart
Stopping lighttpd:                                            [  OK ]
Starting lighttpd:                                            [  OK ]

Installing SSH2 extension for PHP on Centos 6

Installing the SSH2 PHP extension on CentOS is actually pretty simple. 


Although it isn’t available as a straight yum install, it boils down to a few short steps.


Firstly, we’re going to install the dependencies:

yum install gcc php-devel php-pear libssh2 libssh2-devel

These will allow us to build the SSH2 extension using pecl.

pecl install -f ssh2

After running that command, it should stop at a line like:

WARNING: channel "pecl.php.net" has updated its protocols, use "pecl channel-update pecl.php.net" to update
downloading ssh2-0.11.3.tgz ...
Starting to download ssh2-0.11.3.tgz (23,062 bytes)
........done: 23,062 bytes
5 source files, building
running: phpize
Configuring for:
PHP Api Version:         20090626
Zend Module Api No:      20090626
Zend Extension Api No:   220090626
libssh2 prefix? [autodetect] : 

All you have to do is hit Enter and it should detect the proper path. 


Once the install is completed, you just have to tell PHP to load the extension when it boots.

touch /etc/php.d/ssh2.ini
echo extension=ssh2.so > /etc/php.d/ssh2.ini

Now restart your webserver and test to see if the changes took effect.

/etc/init.d/lighttpd restart
php -m | grep ssh2

You should get a line returned with ‘ssh2′.

lighttpd doesn't start - selinux

Lighttpd doesn't start due to a conflict with file descriptors:

Issue

# /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd: 2012-06-03 00:57:12: (server.c.722) couldn't set 'max filedescriptors' Permission denied
                                                           [FAILED]

Solution:

Install SE utils

yum install policycoreutils-python

Create SELinux module to allow lighttpd to set its own open file descriptors limit

/usr/sbin/semodule -DB

# /etc/init.d/auditd restart
Stopping auditd:                                           [  OK  ]
Starting auditd:                                           [  OK  ]

#grep lighttpd /var/log/audit/audit.log | audit2allow -M lighttpdmaxfds

#/usr/sbin/semodule -i lighttpdmaxfds.pp 

 # /etc/init.d/lighttpd restart
Stopping lighttpd:                                         [FAILED]
Starting lighttpd:                                         [  OK  ]

# /usr/sbin/semodule -B

HOWTO: Change your default user account to a system account

When you deploy a new Ubuntu installation, the first user it creates (uid=1000) will be given sudo privileges. Sometimes it is desirable to have a specific "admin" user on your system that is separate from your normal user accounts which are located in the uid=1000+ range. For example, if you are setting up an LDAP network. Unfortunately, you can't set the uid manually during the initial installation process but you can change it afterwards.


Note:
If you make a mistake during this procedure it is possible to lock yourself out of the system completely. This is not such an issue if this is a freshly installed system but if it is already up and running in some sort of role, then you need to be extra careful. You have been warned!


I am working here with a fresh Lucid server install, and my uid=1000 user is called "sysadmin".


Login to a console session as root;


~$ sudo -i


Manually edit your passwd file;


~# vi /etc/passwd


At the end of the file will be the entry for the "sysadmin" account;


sysadmin:x:1000:1000:system admin,,,:/home/sysadmin:/bin/bash


Change the two "1000"'s to "999";


sysadmin:x:999:999:system admin,,,:/home/sysadmin:/bin/bash


Make the same change in the "group" file;


vi /etc/group


Change the "sysadmin" line to;


sysadmin:x:999:


Changing the uid of a user will break the permissions in their home directory;
~# ls -al /home/sysadmin
total 32
drwxr-xr-x 3 1000     1000     4096 2012-05-13 13:34 .
drwxr-xr-x 3 1000     1000     4096 2012-05-13 13:32 ..
-rw------- 1 1000     1000       48 2012-05-13 13:34 .bash_history
-rw-r--r-- 1 1000     1000      220 2012-05-13 13:32 .bash_logout
-rw-r--r-- 1 1000     1000     3103 2012-05-13 13:32 .bashrc
drwx------ 2 1000     1000     4096 2012-05-13 13:33 .cache
-rw-r--r-- 1 1000     1000      675 2012-05-13 13:32 .profile
-rw-r--r-- 1 1000     1000        0 2012-05-13 13:33 .sudo_as_admin_successful
-rw------- 1 1000     1000      663 2012-05-13 13:34 .viminfo


You can fix that by issuing the following commands;


~# chown sysadmin:sysadmin /home/sysadmin
~# chown sysadmin:sysadmin /home/sysadmin/.*


When we setup LDAP later we will want to mount /home to an NFS share. Unfortunately, when we do this we will overwrite our sysadmin's home folder! Let's move it to the root ("/") directory.


~# mv /home/sysadmin /


We will need to change the path in the passwd file;


~# vi /etc/passwd


Change it from;


sysadmin:x:999:999:sysadmin,,,:/home/sysadmin:/bin/bash


to this;


sysadmin:x:999:999:sysadmin,,,:/sysadmin:/bin/bash


Check that all is well;
~# ls -al /sysadmin
total 32
drwxr-xr-x 3  sysadmin sysadmin 4096 2012-05-13 13:34 .
drwxr-xr-x 23 root     root     4096 2012-05-14 11:29 ..
-rw------- 1  sysadmin sysadmin   48 2012-05-13 13:34 .bash_history
-rw-r--r-- 1  sysadmin sysadmin  220 2012-05-13 13:32 .bash_logout
-rw-r--r-- 1  sysadmin sysadmin 3103 2012-05-13 13:32 .bashrc
drwx------ 2  sysadmin sysadmin 4096 2012-05-13 13:33 .cache
-rw-r--r-- 1  sysadmin sysadmin  675 2012-05-13 13:32 .profile
-rw-r--r-- 1  sysadmin sysadmin    0 2012-05-13 13:33 .sudo_as_admin_successful
-rw------- 1  sysadmin sysadmin  663 2012-05-13 13:34 .viminfo




On another console, confirm that you can login as the sysadmin user.


You should get a proper bash prompt;


sysadmin@ldapds:~$


Note:
If your system has a GUI login, be aware that the logon screen will not display usernames for users with a UID of less than 1000. To login using the "sysadmin" account in such a case, you would need to type the name in to the username field manually.

Create WMQ QueueManager using script

Here is a handy script to make QM on Centos. This should be run after switching to mqm user.

Save the following as create_qm.sh

#!/bin/bash 
#############################################

##            Main Routine 
#############################################

main(){
echo "Checking if [$qm] exists?..."
qm=`dspmq | awk '{ print $1 }' | sed 's/QMNAME(//g;s/)//g' | grep -o $qm`
if [ "$qm" = "" ];
then
echo "Creating: [$qm]"
`crtmqm $qm`
echo "Successfully created $q, Exiting with value 0"
 else 
echo "[$qmname], already exists"
status=`dspmq -m $qmname| cut -d '(' -f2,3 | cut -d ')' -f2 | cut -d '(' -f2`
echo status of queue manager [$qm] is [$status]
fi
echo "Exiting Main Routine.. "
}
#############################################

##                 Entry Point 
#############################################

if [ ! "$1" ];
then
echo "Fail: You must pass in a queue manager name"
exit 1
else
qm=$1
echo "Queue Manager to create = $qm"
echo "Calling Main function ... "
main $*
exit 0 
fi

Use following command to create Queue Manager

create_qm.sh TEST_QM1

Install WMQ6.0 on Centos

This article explains step-by-step installation of WMQ6.0 on Centos 6.0.

• Download WMQ6.0 from IBM Website ( login required)
• After downloading the package and extracting the same on /tmp, accept license by running mqlicense.sh script
• Install the packages, commands listed below

rpm  -ivh  MQSeriesServer-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesRuntime-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesSDK-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesSamples-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesClient-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesJava-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesTXClient-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesServer-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesMan-6.0.2-3.i386.rpm

rpm  -ivh --nodeps  MQSeriesFTA-6.0.2-3.i386.rpm

rpm  -ivh --nodeps MQSeriesIES30-6.0.2-3.i386.rpm

rpm  -ivh --nodeps MQSeriesConfig-6.0.2-3.i386.rpm

rpm  -ivh  MQSeriesKeyMan-6.0.2-3.i386.rpm

rpm  -ivh  gsk7bas-7.0-4.11.i386.rpm

rpm  -ivh  IBMJava2-142-ia32-SDK-1.4.2-9.0.i386.rpm 

• Done.

A Brief outline on IBM Webshpere MQ (WMQ)

IBM Websphere MQ (WMQ or MQ Series) is a middleware for messaging in a cross platform environment. MQI - Message Queue Interface - api used to commmunicate with a Message Queue Manager (MQM). 


Queue Manager (MQM) 

• Manages queues and messages for applications 
• Transfers messages to other Queue Managers via channels using existing network facilities. 
• It refers to objects that are defined by the administrator.
• Coordinates updates to databases and queues using two-phase commit. 
• Gets and puts from/to queues are committed together with SQL updates, or backed out if necessary. 
• Segments messages, if necessary, and assembles them. 
• Can group messages and send them as one physical message to their destination, where they are automatically disassembled. 
• Can send one message to more than one destination using a user-defined dynamic destination list. 
• Allow administrators to create and delete queues, alter properties of existing queues,control the operation of queue manager. 
• Front-end available on Eclipse to manage Queue Manager 

 Queue Manager Clusters 

• Queue Managers that form a cluster can run in the same machine or in different machines on different platforms. 
• Two of Queue Managers maintain a repository that contains information about all queue managers and queues in the cluster (full repository). Other Queue Managers maintain only a repository of the objects they are interested in (partial repository).
• Queue Managers use special cluster channels to exchange information. 
• Client application may specify a queue manager and direct the message to a specific queue in a cluster or it may let a queue manager to determine where the queue is and to which one to send the message. 
• Client uses a Transmission Queue on its machine and destination queue is called “Target Queue”. 
• Administrator must define the name of the cluster, when a queue is defined. 
• MQSeries distributes the messages round robin. 

 Queue Manager Objects 

•  A Queue Manager uses 3 types of objects, namely, Queues, Process Definitions and Channels. 
• Queues are used to store messages. 
• Process Definition object defines an application to a queue manager. It contains a name of a program (and its path) to be triggered when a message arrives for it.
• Channel is a communication link. There are 2 kinds of channels, namely, Message Channels and MQI channels. 
• Message Channel connects 2 queue managers via Message Channel Agents (MCA). Message Channel is unidirectional. 
• MCA is a program (also called mover) that transfers messages from a transmission queue to a communication link and from communication link to a target queue. 
• MQI channel connects MQSeries client to a queue manager and is bi-directional. 
• Message Channel can run at 2 speeds: fast and normal. Fast Channels improve performance but messages can be lost in case of channel failure. 

Message Queues 

• Message Queues belong to Queue Manager. 
• Types of Messages Queues are: 
• Local Queue – is a real queue
• Cluster Queue – is a local queue that is known throughout a cluster of queue managers. 
• Remote Queue – structure describing a queue hosted by a different queue manager. 
• Transmission Queue – a local queue used for messages to be sent to a remote queue. 
• Initiation Queue – local queue with a special purpose 
• Dynamic Queue – local queue created on the fly 
• Alias Queue - if you do not like the queue name 
• Dead-Letter Queue – one for each queue manager 
• Reply-to Queue – specified in request message 
• Model Queue – model for local queues 
• Repository Queue – hold cluster information 

Samba as a Primary Domain Controller

Although it cannot act as an Active Directory Primary Domain Controller (PDC), a Samba server can be configured to appear as a Windows NT4-style domain controller. A major advantage of this configuration is the ability to centralize user and machine credentials. Samba can also use multiple backends to store the user information.

Primary Domain Controller

This section covers configuring Samba as a Primary Domain Controller (PDC) using the default smbpasswd backend.

First, install Samba, and libpam-smbpass to sync the user accounts, by entering the following in a terminal prompt:

sudo apt-get install samba libpam-smbpass
Next, configure Samba by editing /etc/samba/smb.conf. The security mode should be set to user, and the workgroup should relate to your organization:

workgroup = EXAMPLE
...
security = user
In the commented “Domains” section add or uncomment the following:

domain logons = yes
logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
logon script = logon.cmd
add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d /var/lib/samba -s /bin/false %u
domain logons: provides the netlogon service causing Samba to act as a domain controller.

logon path: places the user's Windows profile into their home directory. It is also possible to configure a [profiles] share placing all profiles under a single directory.

logon drive: specifies the home directory local path.

logon home: specifies the home directory location.

logon script: determines the script to be run locally once a user has logged in. The script needs to be placed in the [netlogon] share.

add machine script: a script that will automatically create the Machine Trust Account needed for a workstation to join the domain.

In this example the machines group will need to be created using the addgroup utility see the section called “Adding and Deleting Users” for details.

Also, rights need to be explicitly provided to the Domain Admins group to allow the add machine script (and other admin functions) to work. This is achieved by executing:

net rpc rights grant "EXAMPLE\Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege \
SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege

If you wish to not use Roaming Profiles leave the logon home and logon path options commented.

Uncomment the [homes] share to allow the logon home to be mapped:

[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
When configured as a domain controller a [netlogon] share needs to be configured. To enable the share, uncomment:

[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = yes
read only = yes
share modes = no

The original netlogon share path is /home/samba/netlogon, but according to the Filesystem Hierarchy Standard (FHS), /srv is the correct location for site-specific data provided by the system.

Now create the netlogon directory, and an empty (for now) logon.cmd script file:

sudo mkdir -p /srv/samba/netlogon
sudo touch /srv/samba/netlogon/logon.cmd
You can enter any normal Windows logon script commands in logon.cmd to customize the client's environment.

With root being disabled by default, in order to join a workstation to the domain, a system group needs to be mapped to the Windows Domain Admins group. Using the net utility, from a terminal enter:

sudo net groupmap add ntgroup="Domain Admins" unixgroup=sysadmin rid=512 type=d

Change sysadmin to whichever group you prefer. Also, the user used to join the domain needs to be a member of the sysadmin group, as well as a member of the system admin group. The admin group allows sudo use.

Finally, restart Samba to enable the new domain controller:

sudo restart smbd
sudo restart nmbd
You should now be able to join Windows clients to the Domain in the same manner as joining them to an NT4 domain running on a Windows server.

Backup Domain Controller
With a Primary Domain Controller (PDC) on the network it is best to have a Backup Domain Controller (BDC) as well. This will allow clients to authenticate in case the PDC becomes unavailable.

When configuring Samba as a BDC you need a way to sync account information with the PDC. There are multiple ways of accomplishing this scp, rsync, or by using LDAP as the passdb backend.

Using LDAP is the most robust way to sync account information, because both domain controllers can use the same information in real time. However, setting up a LDAP server may be overly complicated for a small number of user and computer accounts. See the section called “Samba and LDAP” for details.

First, install samba and libpam-smbpass. From a terminal enter:

sudo apt-get install samba libpam-smbpass
Now, edit /etc/samba/smb.conf and uncomment the following in the [global]:

workgroup = EXAMPLE
...
security = user
In the commented Domains uncomment or add:

domain logons = yes
domain master = no
Make sure a user has rights to read the files in /var/lib/samba. For example, to allow users in the admin group to scp the files, enter:

sudo chgrp -R admin /var/lib/samba
Next, sync the user accounts, using scp to copy the /var/lib/samba directory from the PDC:

sudo scp -r username@pdc:/var/lib/samba /var/lib

Replace username with a valid username and pdc with the hostname or IP Address of your actual PDC.

Finally, restart samba:

sudo restart smbd
sudo restart nmbd
You can test that your Backup Domain controller is working by stopping the Samba daemon on the PDC, then trying to login to a Windows client joined to the domain.

Another thing to keep in mind is if you have configured the logon home option as a directory on the PDC, and the PDC becomes unavailable, access to the user's Home drive will also be unavailable. For this reason it is best to configure the logon home to reside on a separate file server from the PDC and BDC.

Howto Samba Active Directory Integration

Samba Directory Server Integration

1. 
   Once part of an Active Directory domain, Samba can provide file and print services to AD users.
   The simplest way to join an AD domain is to use Likewise-open.
   

Once part of the domain, enter the following command in the terminal prompt:

sudo apt-get install samba smbfs smbclient

Since the likewise-open and samba packages use separate secrets.tdb files, a symlink will need to be created in/var/lib/samba:

sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig
sudo ln -s /etc/samba/secrets.tdb /var/lib/samba

Next, edit /etc/samba/smb.conf changing:

workgroup = EXAMPLE
   ...
   security = ads
   realm = EXAMPLE.COM
   ...
   idmap backend = lwopen
   idmap uid = 50-9999999999
   idmap gid = 50-9999999999

Restart samba for the new settings to take effect:

sudo restart smbd
sudo restart nmbd

You should now be able to access any Samba shares from a Windows client. However, be sure to give the appropriate AD users or groups access to the share directory. See the section called “Securing a Samba File and Print Server” for more details.

Centos Directory Services Install

Installing the CentOS Directory Server packages

1. CentOS Directory server is available from the Extras Repository for CentOS-5. Install the same using following command :

   yum install centos-ds
   

2. After installing directory server, the supporting packages listed below require to be installed:

   yum install xorg-x11-xauth bitstream-vera-fonts dejavu-lgc-fonts urw-fonts
   

Setup the Directory Server

1. Refer to Installation Guide to setup the Directory server. Keep in mind on following points:
   1. Anywhere that there is a redhat- script, substitute centos- instead.
   2. Anywhere that java-1.5.0-ibm is referenced, substitute java-1.6.0-openjdk.
   3. Anywhere that up2date is used to install a package, instead use yum to install that package.

UBoot - Kurobox - Supported Commands

Supported Commands

?       - alias for 'help'
base    - print or set address offset
bdinfo  - print Board Info structure
boot    - boot default, i.e., run 'bootcmd'
bootd   - boot default, i.e., run 'bootcmd'
bootm   - boot application image from memory
bootp   - boot image via network using BootP/TFTP protocol
cmp     - memory compare
coninfo - print console devices and information
cp      - memory copy
crc32   - checksum calculation
dhcp    - invoke DHCP client to obtain IP/boot params
diskboot- boot from IDE device
echo    - echo args to console
erase   - erase FLASH memory
ext2load- load binary file from a Ext2 filesystem
ext2ls  - list files in a directory (default /)
flinfo  - print FLASH memory information
go      - start application at address 'addr'
help    - print online help
ide     - IDE sub-system
loadb   - load binary file over serial line (kermit mode)
loads   - load S-Record file over serial line
loop    - infinite loop on address range
md      - memory display
mm      - memory modify (auto-incrementing)
mtest   - simple RAM test
mw      - memory write (fill)
nfs     - boot image via network using NFS protocol
nm      - memory modify (constant address)
pci     - list and access PCI Configuration Space
ping    - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
protect - enable or disable FLASH write protection
rarpboot- boot image via network using RARP/TFTP protocol
reset   - Perform RESET of the CPU
run     - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv  - set environment variables
tftpboot- boot image via network using TFTP protocol
version - print monitor version

UBoot - Kurobox

Net Console

The net console is the U-Boot driver which uses the UDP protocol with a default port of 6666 to send the console output to and receive the console input from a remote computer. You need to run netcat on the remote computer to communicate with the U-Boot net console. The communication is bidirectional. Netcat will display on your screen the console output received from U-Boot and will send your keyboard input back to U-Boot.

If U-Boot cannot contact the remote computer, it switches the console to the serial port. To show that it changed the console, U-Boot makes the HDD LED blink with the pattern corresponding to the serial console (see The Reset Button below). The timeout period is 20 sec.

Minimal Console

U-Boot for the LinkStation is designed to allow some control over the boot process even in the absence of a console. For this, it uses the power button (the big button at the front) and the reset button (the small red button at the back).

Before installing U-Boot, when the LinkStation is switched on, the power LED starts blinking, the original boot loader starts executing and, very quickly, it starts booting the kernel from flash. If U-Boot is installed, the power LED will change from blinking quickly to blinking very slowly. The blink pattern is the same as the one used to indicate sleep mode in normal operation. When the power LED starts blinking slowly at boot, U-Boot has taken over and it is counting down the boot delay before booting the kernel. The default boot delay is 10 sec. From the moment when the power LED starts blinking slowly and for the duration of the boot delay, you can control the boot process with the power and reset buttons.

The Power Button

If you push the power button and keep it pressed for more than 1 sec, the boot process will stop and the LinkStation will wait for a command. A stopped boot process is indicated by the power LED being lit solid. The effect is the same a pressing 's' on the console.

A long push of the power button acts as a toggle. If the boot delay count down is in progress, a long push of the power button stops the boot process. If the boot process is stopped (U-Boot is at the command prompt, even if you can't see it), a long push of the power button restarts the boot process resetting the boot delay to its original value. The restart of the boot process is indicated by the power LED blinking slowly.

By default U-Boot supports three pre-configured boot commands:

1. The first boot command will attempt to load and boot a file named boot/vmlinux.UBoot from the first hard disk partition, /dev/hda1. The file can be in any of the U-Boot bootable formats but uImage is the preferred format. If the file is missing or corrupted, U-Boot will fall back to booting the original kernel from flash. 
2. The second boot command will boot the original kernel from flash.
   Please note that the original kernel for the LinkStation 1 / KuroBox standard has a bug in the function that calibrates the decrementer and it will stop for up to 180 sec during boot. This bug is not an U-Boot bug but a kernel bug which is uncovered by the fact that U-Boot activates the decrementer where the original boot loader does not.
   The original kernel for LinkStation HG / KuroBox HG does not suffer from the above problem. 
3. The third boot command will attempt to boot in emergency mode (EM). It does this by passing the argument root=/dev/ram0 to the kernel.
   LinkStation / LinkStation HG owners should avoid booting in EM mode as the root password for this mode on the LinkStation is unknown.
   The original kernel for the LinkStation / KuroBox standard and for some of the earlier LinkStation HG / KuroBox HG models ignores the root argument. These models will boot normally from the on-board flash when the EM boot command is used. Read the section on EM mode if your LinkStation HG / KuroBox HG has a kernel that doesn't boot in EM mode using this boot command. 

You can cycle through the boot commands with the power button.

To see which of the three commands U-Boot is going to execute, press the power button quickly. The HDD LED (the third from the top) will start blinking. The number of times the LED blinks, shows the number of the active boot command. For example, a pattern short on - short off - short on - long off, means that the boot command number 2 is active. U-Boot will repeat the blinking cycle for a total duration of about 5 sec counting from the moment the power button is released.

A short press of the power button while the HDD LED is blinking will advance the boot command to the next one.

Changing the boot command does not change the boot status. If the boot is stopped, it will not be restarted. If the boot is in progress, it will not be stopped but the boot delay will be reset to the original value.

The Reset Button

Two consoles are currently configured, the serial console and the net console. The first console is the serial console and the second console is the net console (nc). The net console is the default console.

The reset button can be used, similarly to the power button, to switch consoles. A press on the reset button (here, it doesn't matter how long you keep the button pressed) displays the currently active console using the HDD LED. Repeatedly pressing the reset button while the HDD LED is blinking will toggle between the two consoles. The blinking pattern is different from the one showing the boot command. The pattern which shows that the second (net) console is active is short off - short on - short off - long on. U-Boot will repeat the blinking cycle for a total duration of about 5 sec counting from the moment the reset button is released.

Furthur information at http://www.linuxnotincluded.pwp.blueyonder.co.uk/linkstation/u-bootinstall.html

Kurobox Restore

**** Procedure to restore iNAS *****

Dis-assemble the Kurobox and place a new SSD / SATA drive

Start the machine and wait until power LED blinks

Hit start button twice this will take the machine to EM mode

Telnet using root and FTP using operator / operator

Make partitions as desired and copy following files
* debianlenny-2.6.25.1-kuroHG-20100722.tgz
* devices.tar
* 2.6.31.1-ppc.tar.gz

There are available on iBackup

Uncompress the package and its done

Extend life-time on CF cards based file system

Extend Life-time on CF cards

I use Smoothwall on a VIA custom server with 4 NICs. This board can accomodate only CF cards.
One of my observation CF cards lasted just 5 to 7 months, had to carry on Smoothwall maintance for every 6 months.

After some googling worked out following modifications can increase the lifetime of CF cards

1. Move /tmp to RAM by editing /etc/fstab and adding following entry

tmpfs /tmp tmpfs  size=512000m,exec,nosuid 0 0

2.  Update file system to ext2 partition, since ext3 does journalling as-well which means high IO.
Edit fstab and modify partition type.

UUID=a9425b1d-3d67-40fc-b2a7-4a4f686d8be9 /                  ext3    defaults        1 2

3. Add additional option noatime

UUID=a9425b1d-3d67-40fc-b2a7-4a4f686d8be9 /                  ext2    errors=remount-ro,noatime        1 2

Setup a NFS server and client

HOWTO: Setup a NFS Server & Client

In this tutorial, outlines the steps involved in setting up a NFS server & client. Typically this will be used to mount shares on the network, could be user home directory when authenticating via LDAP or media server.

This guide assumes a Debian Server -hostname iNAS- is ready to be converted as a NFS server.

Setup NFS Server

1. Logon to iNAS using root

2. Install NFS server package

~# apt-get install nfs-kernel-server

3. Create shared directory

~# mkdir -p /share /share/pictures /share/music /share/movies

4. Export this directory on exports file, vi /etc/exports and add the following line

/media                *(rw,sync,no_subtree_check,no_root_squash)

5. Restart NFS Service

~# service nfs-kernel-server restart

Setup NFS Client


1. Install NFS client

~# apt-get install nfs-common

2. Add NFS mount on fstab; edit /etc/fstab and add following line

iNAS: /share           /media        nfs  defaults 0 0

3. Restart client machine to confirm auto-mount works or mount the /media directory

~# mount /media

4. Check if it worked using df command