blogdovicente.com

Filed under: All, Linux, Video/Audio | No Comments »

Filed under: All, Video/Audio | No Comments »

I found this interesting website:

http://www.top10seotips.com/

Filed under: All, tips | No Comments »

Tar is very useful to create backups and disk images. Normally Unix’s administrators know this pair:

tar -czf file.tar.gz directory/ # To compress directory into file.tar.gz
tar -xvzf file.tar.gz # To unzip file.tar.gz

It is possible to tar utility automatic discover compression format when unzipping using:

tar -xf file.tar.gz

Now imagine you need copy a hd’s content to another. You would need almost double space to create a file to unzip it and not always this space is available. Using tar and pipe together is possible create and extract in same time with a single command with no need to double space creating a target file:

(cd /mnt/ ; tar -cf - sda1/) | (cd /mnt1 ; tar -xvf -) # by the same time file is created, is unzipped too, saving time and disk space.

Is possible tunneling tar inside ssh:

(cd /mnt/ ; tar -cf - sda1/ ) | (ssh destino ‘mkdir sda1 ; cd sda1 ; tar -xvf - ‘)

If your network link is limited just compress in origin and unzip in target:

(cd /mnt/ ; tar -czf - sda1/ ) | (ssh target ‘mkdir sda1 ; cd sda1 ; tar -xvfz - ‘) # If you are note transmitting compressed files, you will save network link, but you will use more cpu in origin and target.

PS: Never try to create a tar file of open files, strange things can happen…

Filed under: All, Linux | No Comments »

A good alternative for Windows notepad is Crimson editor. Besides its feature of work as C, C++, Java and Perl editor have a lot of useful editing resources link spelling checker, undo/redo, user tools, macros, and more. Even it last version is from 2004, it’s still modern and achieve the purposes for it was built.

Filed under: All, Miscellaneous | No Comments »

My friend Vicente Maia has in flickr his photos of his travels by the world. Take a look, is worth of a visit, the pictures are at least amazing. Below you can see some pictures as sample of you can get there.

Filed under: All, photos | No Comments »

This how-to aim to provide a Centos Terminal Server using FreeNX authenticating on Active Directory and automatic mounting of Windows shares.

To create this how-to was installed Centos 5 64 bits on a virtual machine using VMware ESX 3.0 authenticating by winbind, the FreeNX, a Windows Server 2003 domain, pam_mount to mount Windows shares and pam_listfile to provide control what users have access to server. I did not apply any update on Linux, I did not have tested if works after an update either.

1. Install Centos 5 disabling Firewall and SELinux.

Installing Winbind to allow access to Centos for domain’s users.
2. After installed, log in as root. Go to an graphical console.
3. Run system-config-network and change the hostname to a definitive name.
4. Run system-config-authentication.
4.1. Mark use winbind option
4.1.1. Fill in Winbind settings:
Winbind domain: dominio
Security role: ads
Winbind ADS realm: domain.test
Winbind domain controllers: server.domain.test
Template Shell: /bin/bash
4.2. Select Authentication tab and mark Activate Winbind Support.
5. Assuming your server will not be a samba server and will use only Winbind, change the file /etc/samba/smb.conf as showed below, changing the parameters to match your environment in lines 2, 8, 9 and 14:
[global]
workgroup = domain
server string = Terminal Server
security = ads
log file = /var/log/samba/%m.log
max log size = 50
dns proxy = no
password server = server.domain.test
realm = DOMAIN.TEST
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = true
wins server = 10.0.0.1

6. Change /etc/krb5.conf as showed below, changing the parameter in the lines 6, 12, 13, 14, 15, 18 and 19:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.TEST
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
DOMAIN.TEST = {
kdc = server.domain.test:88
admin_server = server.domain.test:749
default_domain = domain.test
}
[domain_realm]
.domain.test = DOMAIN.TEST
domain.test = DOMAIN.TEST
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

7. Change /etc/resolv.conf, changing the DNS server’s IP address in the first line and the DNS domain in line 2 an 3:
nameserver 10.0.0.1
search domain.test
domain domain.test

8. Run the command: net ads join -S server -U administrator and type the password to add the server to domain.
9. Run the command: net user -U administrator and type de password to check if Winbind is working. If it is, all the domain users will be returned.
10. Change /etc/nsswitch.conf to:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files wins dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus

11. Change /etc/pam.d/system-auth, as below:
#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/system_users onerr=fail
auth required pam_env.so
auth required pam_mount.so
auth sufficient pam_winbind.so use_first_pass
auth sufficient pam_unix.so use_first_pass likeauth nullok
auth required pam_deny.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
session optional pam_mount.so

12. Line 2 change of /etc/pam.d/system-auth indicate the file’s name that contains the users that can log in te server, you need place an user in each line with out domain’s information, do not forget root. DO NOT FORGET TO ADD THE USER ROOT, WITH OUT IT, WILL BE NOT POSSIBLE TO YOU LOG ON AS ROOT ANY MORE!!!
13. In this case, the name of file is /etc/system_users, it does not exist, you need to create it.
14. The change in the lines 4 and 15 of /etc/pam.d/system-auth will be to automatic mounting of Windows shares that we will see soon.
15. The standard /etc/pam.d/system-auth for CentOS is diferent of this and I ran several tests but it prevent local users to log on the server. This is a similar version that I have on my Gentoo Linux desktop.

PAM_MOUNT installation to provide automatic mounting of Windows shares
16. Create /etc/yum.respos.d/fedora.repo with the contents below:
[fedora-dries]
name=Extra Fedora rpms dries - 6 - $basearch
baseurl=http://ftp.riken.jp/Linux/dries/fedora/fc6/$basearch/dries/RPMS
http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/fc6/$basearch/dries/RPMS
gpgkey=http://dries.ulyssis.org/rpm/RPM-GPG-KEY.dries.txt
enabled=1
gpgcheck=1
[fedora-extras]
name=Fedora Extras 6 - $basearch
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/6/$basearch/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=extras-6&arch=$basearch
#mirrorlist=file:///etc/yum.repos.d/local-extras
enabled=1
gpgkey=http://ftp.riken.jp/Linux/fedora/extras/RPM-GPG-KEY-Fedora-Extras
gpgcheck=1

17. To install softwares using YUM will be necessary provide access to internet:
17.1 In case you have direct access to internet, yum works fine with out any other setting.
17.2 In case your access to internet is provide by a proxy that do not requires authentication, before to use yum, run the command: export http_proxy=”http://proxy_servers_ip:port”
17.3 In case your access to internet is provide by a proxy that requires authentication, before to use yum, run the command: export http_proxy=”http://domain\user:password@proxy_servers_ip:port”
18. Install pam_mount running the command: yum install pam_mount
18.1 This command will install Fedora’s version of pam_mount. Pam_mount is not in CentOS’s repository and this is easiest method, doesn’t requiring compile if from sources. It is not last version but is sufficient for our purposes.
19. Edit /etc/security/pam_mount.conf and insert in bottom of file the volumes that will be mounted for users. To avoid users have access volumes not mounted for them, the mount point must be inside their home.
20. Each line for the volumes to be mounted must follow this layout:
volume <user> <type> <server> <volume> <mount point> <mount options> <fs key cipher> <fs key path>
21. For CIFS mounting the last 3 parameters must be changed for dashes. Below examples of lines to mount shares \\server\grp in mount point ~/r and \\server\apl in ~/w. Insert this lines in the bottom of /etc/security/pam_mount.conf.
volume * cifs server grp ~/r - - -
volume * cifs server apl ~/o - - -
21.1 Note tilde sign indicate the user’s home directory.
21.2 I figure out that too much shares may cause time out for Terminal Server Client. Up to 3 shares, works fine.
22. Restart winbind using this command: service winbind restart
23. Check out if everything works trying log on using an authorized user as described on item 12. using the command:
ssh <usuario_com_permissão>@localhost

FreeNX Installation (Terminal Server for Linux)
24. Set up your proxy server in case you need as described on item 17.
25. Install FreeNX and the library need with this command: yum install freenx libXcomposite
26. Create a conf file for FreeNX from the sample: cp /etc/nxserver/node.conf.sample /etc/nxserver/node.conf
27 Restart SSH and FreeNX using these commands:
27.1 service sshd restart
27.2 service freenx-server start
28. Install FreeNX client as showed on http://wiki.centos.org/HowTos/FreeNX and test using an allowed user as described on item 12.
29. Change /etc/inittab the following parameter to prevent server load graphic interface:
id:5:initdefault: para id:3:initdefault:
30. Restart the server. After reboot, an authorized Active Directory user will be capable to access the server by Terminal Server NX and have automatically mounted windows shares filled on pam_mount conf file.
31. That’s all folks!

Filed under: All, Linux, Terminal Server | 2 Comments »

If you miss a network sniffer for your work or to learn about networks, the Ethereal is a good option.

On www.ethereal.com you find the software to download for Windows, Solaris and Linux e manuals to know how it works. Until some time ago there is not on YUM of Fedora and Centos, on Gentoo you can install by emerge, it named as Wireshark.

Free and open source.

Filed under: All, Network | No Comments »

Firefox has an extention called ScrapBook that make easy to save an entire page or part of it. Are available some resources to insert notes and mark parts of text you find important.

If you want to try: https://addons.mozilla.org/firefox/427/

Filed under: All, Browsers | No Comments »

For network administrators there is a script language that is perfect for using on logon scripts on Windows networks: Kixtart.

There is some functions that make easy the admin’s life: mapping of drives, add or remove printers, change of wallpapper and much more. There is in the official website a script database with a lot of ready to use scripts. Probably what you need to do is already done.

Take a look on www.kixtart.org

Filed under: All, Windows | No Comments »