JMX is a technology that lets you add management interfaces for Java applications
the jmx interface on your java application will let you monitor and publish graphs for:
From Wikipedia:
Network File System (NFS) is a network file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed.
So basically its a network share, it allows you to share files between remote computers
in the most easy and seamless way, once it was specifically for UNIX servers,
but today NFS is supported over MS servers as well.
Like everything else in Sysadmin life,
when its working its working well, and nobody hears about it,
but what to do when its not working?
Samba debugging for example is easier from that aspect since it has extensive logs for the sysadmin,
NFS doesn’t keep logs, and NFS issues doesn’t show up in the syslog/messages file as well.
But there are tools that allow you to get extensive information about the running NFS process,
shares, statistics, users connected etc :
Description |
Command |
| see what the machine is exporting | SunOS: # exportfs Solaris: # share |
| Print the list of shared file systems | showmount -e server_name |
| Print the list of all clients mounting a directory from the questioned server | showmount -a server_name |
| Print the directory and all the clients that are mounting it curretly – from within the nfs server | dfmounts |
| print the nfs netwrok statistics | client side: nfsstat -c server side: nfsstat -s |
| To see that nfsd is responding | rpcinfo -T udp crimson nfs |
| To see that mountd is responding | rpcinfo -T udp crimson mountd |
| To see that lockd is responding | rpcinfo -T udp crimson nlockmgr
rpcinfo -T udp crimson llockmgr |
VNC is a server client method of connecting to a remote server,
the great thing about vnc is that you can see the remote server desktop, and work on it with a mouse just like its your local desktop.
another good thing about vnc is that its free for use for many distros.
There are main 2 major software companies that supply free vnc server and vnc cllient,
the first is realvnc and the second is tightvnc , from the tighvnc site:
TightVNC is a free remote control software package. With TightVNC, you can see the desktop of a remote machine and control it with your local mouse and keyboard, just like you would do it sitting in the front of that computer. TightVNC is:
So these are 2 options for you to download a good free vnc viewer.
and I say only viewer because now the Solaris 10 build 5 comes with the vncserver alredy inside.
all you need to do is to configure it.
This page on the SUN site will give you the detailed explanation on how to do things and what security patch you need to install fisrt ,but the instructions can be summed up in 4 lines:
mkdir -p /etc/dt/config
cp /usr/dt/config/Xservers /etc/dt/config/Xservers
edit this file “/etc/dt/config/Xservers” and add these lines at the end:
:1 Local local_uid@none root /usr/X11/bin/Xvnc :1 -nobanner -AlwaysShared -SecurityTypes None -geometry 1024x768x24 -depth 24
:2 Local local_uid@none root /usr/X11/bin/Xvnc :2 -nobanner -AlwaysShared -SecurityTypes None -geometry 1024x768x24 -depth 24
:3 Local local_uid@none root /usr/X11/bin/Xvnc :3 -nobanner -AlwaysShared -SecurityTypes None -geometry 1024x768x24 -depth 24
And reboot the server.
The lines with the :1 :2 etc at the beginning, are the virtual displays you wish to server to have available for connections, you can add more by changing the numbers to :4 :5 etc.
when connecting to the server with the vnc viewer you need to express to which virtual display you want to connect by adding it to end of the server’s name or ip:
10.10.10.1:3
If you want to connect to virtual display number 3.
A security note – this configuration will allow passwordless access to the vnc screen – if someone logs in and leaves it open – the next user can just enter without a login.
A safer configuration is to require a password by using the -SecurityTypes VncAuth parameter. The Xvnc(1) man page describes password requirements.
The vnc as a general is clear text, for a more secure connection there is a method of tunneling the vnc through a ssh session.
2 nice tutorials for vnc through ssh can be found here and here.
the second tutorial is using putty for the ssh connection – putty is another great freeware,
its a free ssh client for windows to connect to ssh servers.
If the server you wish to connect to through vnc is located withing your lan,
and you are relaxed about security for the users on it – if its a training server etc ,
you can just setup the vncserver without any safeguards,
but if you are connecting through an unsecured medium (AKA the internet)
you better add the ssh layer to it.
Apache server is a strong web server that can serve great open source application like Mediawiki which is a great solution for information sharing,
but what if you want to use Mediawiki to share information only for the local office active directory domain members?
Or even only to members of a specific group in the active directory?
In Apache you have a specific module called mod_ldap which allows you to use the Active Directory as an authentication server for your users,
so you can create a secure wiki branch for each department users.
To setup the apache server to use Active Directory as access manager you will need to make sure the mod_ldap was compiled with the apache server and that these lines are in the httpd.conf file:
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so
If you have a Windows server installed with the xampp install of apache and mysql, you will have the module pre-compiled into the apache server,
however testing that it’s loaded can be done with:
C:\xampp\apache\bin\httpd.exe -t -D DUMP_MODULES
the output should have these lines:
authnz_ldap_module (shared)
ldap_module (shared)
Once you have the mod_ldap modules loaded you can add to the apache configuration file the user authentication support:
<Location /Finance_Wiki>
Require valid-user
AuthType Basic
AuthName “Finance Wiki Access”
AuthBasicProvider “ldap”
AuthLDAPBindDN “CN=proxy_user,OU=sub_group,OU=main_group,DC=some,DC=domain,DC=com”
AuthLDAPBindPassword “proxy_user_pass”
AuthLDAPURL “ldap://pdc.some.domain.com:389/OU=main_group,DC=some,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)”
</Location>
The AuthLDAPBindDN and AuthLDAPBindPassword settings are for setting a user that will allow the apache server to browse the Active Directory structure,
the user created for this should have the minimum rights possible in the domain.
This specific apache configuration will allow any user from the domain to share the /Finance_Wiki folder, but if you want to allow access for a specific group you need to add this configuration line:
require ldap-group CN=groupname,OU=group.container,OU=main_group,DC=some,DC=domain,DC=com
This is the part that will require the active directory authentication for a specific group.
This way you can prepare a wiki branch for each group in your company to securely share internal files.
So you went ahead and did a little change to your web site, or web server redirect,
and you want to test it out without a sniffer,
the fastest way to test the http server headers and output is from the command line so you can see exactly what the servers is sending.
Now from Linux you have built in tools like GET, and wget ad curl,
wget and curl you can also install on windows to work from the command line.
Curl For Windows
Go ahead and download curl from their main website, you should get the Win32 – General version,
or the Win64 binary.
Better take the SSL enabled version if you will ever need to test SSL.
Take the curl.exe file from the zip file and place it somewhere in your windows PATH.
To find which directories are already in the windows path open the command line and write:
C:\>echo %PATH%
You will get the listing for such directories, just place the curl.exe in one of them.
Now for the tests:
To get only the headers and not the file contents itself use “curl -I http://address”
C:\>curl -I http://some.site.com/blocked_folder/blocked.php
HTTP/1.0 403 Forbidden
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Expires: Tue, 27 Oct 2009 19:32:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 27 Oct 2009 19:32:38 GMT
Connection: keep-alive
From this test you can see the file is forbidden, what are the caching setings for the server, and other headers information.
If you would like to see the full page contents just remove the “-I”.
another sample:
C:\>curl -I http://www.cisco.com/
HTTP/1.1 200 OK
Date: Tue, 27 Oct 2009 19:36:28 GMT
Server: Apache/2.2
Set-Cookie: CP_GUTC=62.214.121.218.123463458258569; path=/; expires=Sat, 21-Oct-34 19:36:28 GMT; domain=.cisco.com
Last-Modified: Tue, 27 Oct 2009 16:34:14 GMT
ETag: “5985″
Accept-Ranges: bytes
Content-Length: 22917
CDCHOST: cdcxweb-prod1-02
Content-Type: text/html
this time we got a 200 reply which means the apache sent us the page,
we can see the page’s size from the “Content-Length” header,
and the other info the apache wants to send us.
Virtual hosting on apache can mean having more domain names on the same IP,
and you can test each of these domains by adding a “Host” header to the curl test line:
curl -H “Host: sub1.host.com” http://www.hosting.com/
curl -H “Host: sub2.host.com” http://www.hosting.com/
These 2 lines will bring back the html code for each of the different virtual hosts on the same server.
Here are some more ideas of using curl -for example:
Sending POST data through curl
A fresh install of windows 7 might have a problem with samba shares,
if you setup samba logging you will see errors like this:
[2009/08/26 09:15:53, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not exist.
[2009/08/26 09:15:53, 3] smbd/server.c:exit_server(614)
although the user was able to connect from a different PC with a different operating system.
I found this great solution for the samba connection problem,
and to break it to a few simple steps:
This solution worked just fine on a fresh windows 7 install.
Need Help Cleaning up your registry?
Samba is the server used to share files from a Linux server to the rest of the windows clients in an office,
it is an easy to use server with simple defaults that will make the integration easy into any domain,
you can find on the samba main site some configurations samples and newer smb.conf samples to help ease the server into the domain.
But the harder part after setting the server is debugging problems with it,
like a user permission problem – can the user authenticate to the Microsoft domain server?
maybe he has a password problem? maybe he doesn’t have permission to access the share?
Setting up samba logging:
For starters you will find all the config files are at /etc/smb
the main config file is smb.conf,
other important files are smbusers and smbpasswd,
smbusers is a mapping file, to mask windows user as a linux user for access.
Now first thing to do when debugging is to setup the logging well,
so these are good log settings in the /etc/samba/smb.conf for debugging of the samba service:
log file = /var/log/samba/%m.log
syslog = 0
log level = 3 passdb:0 auth:0 winbind:0 vfs:0
vfs objects = full_audit
With this configuration all the machines log files will be found under /var/log/samba/*.log
for a sample, if you been trying to connect to the samba server from a machine named “boo1″
you should see in the log folder: /var/log/samba/boo1.log
You can search inside the folder by using “ls –latr” to find the newest files,
which will mean the windows clients that have been trying to connect to te samba server.
And “tail -100 machine_name.log” to view the errors you got if you couldn’t access the share.
Real life Debug sample:
from the file temp1.log:
nmbd/service.c:make_connection_snum(314)
user ‘temp1′ (from session setup) not permitted to access this share (share2)
This error means to that your user is known as temp1,
and temp1 doesn’t have permission to access the share “share2”
in which case you need to open the smb.conf and setup the permissions
for the user on this share to allow him access.
Inside smbusers you can map windows users to a specific unix user with this syntax:
unix_user = MY_DOMAIN\windows_user1 MY_DOMAIN\windows_user2 MY_DOMAIN\windows_user3
And then allow access to shares in the config by using the unix name:
valid users = unix_user
Checking access to the server and listing shares on it from commend line:
smbclient -L //server -U windows_user
You will be prompt for password, and if the settings are good, you will receive the shares listing from the server.
Connecting to a share on the server:
smbclient //server/share -U windows_user
after answering the password you get a command line much like ftp:
smbclient //server/share -U builder
Password:
Domain=[MY_DOMAIN] OS=[Unix] Server=[Samba 3.0.33-3.7.el5_3.1]
smb: \>
mounting windows share on linux from fstab:
This will allow for automatic mount in case of server reboot:
\\server\share /unix_location smbfs credentials=/etc/samba.sharepasswd,uid=unix_user,gid=unix_group,ip=192.168.0.1,lfs 0 0
Contents of /etc/samba/.sharepasswd should be windows user and password to connect to the share:
username=windows_user
password=windows_pass
Getting info from a windows domain controller for samba debugging:
To list all the windows domain users from linux command line:
net rpc username -S icq-mdc1
replace “username” with a valid windows user name, to list all the users in the server,
you will need to know the user password as well.
This command can list the user groups from the domain controller:
net rpc user INFO username -S domain-server-name
replace “username” with a valid windows user name.
Although I’m a great Linux fan, i still have Windows on my personal computer, since the computer is not used by me alone, and although i have various Linux OS installed on this same computer, most of the time its on the windows mode. so what do i do when i need to test something on wordpress or mediawiki?
For that reason i needed a development environment on my home computer that will run Apache, MySQL, php and Perl. There are some ways to go about that – i could have installed Cygwin, which is a Linux-like environment for windows.
Another way to go about it is to install the windows version Apache and mysql and php and perl.
These two options are fine solutions but they will need some more work on them , other then the point and click option which is xampp.
xampp for windows version 1.7.1 on default will include all of these:
and if you want to can add Perl 5.10.0-2.2.11 from their Add-Ons page.
The install process is a next,next,next version of a regular windows install, and in the the end you have everything installed into the default location at C:\xampp.
This is the windows control panel that stops and starts the Apache and MySQL for you if you don want to install them as services, personally i prefer to start them when I’m developing since they are resource heavy applications.
Some default file locations:
the html and php files are installed to C:\xampp\htdocs
Perl scripts should be placed here: C:\xampp\cgi-bin
the php.ini (php config file) can be found at: C:\xampp\apache\bin\php.ini
httpd.conf (apache config file) is located in: C:\xampp\apache\conf
Note that for Unix Perl scripts you need to replace the first line with the location of the Perl binary on your windows, so it should look like:
#!”C:\xampp\perl\bin\perl.exe”
Another not is that the xampp on default is set to work with php 5 , but you can from the xampp configure page which is at http://localhost/xampp/ , use the “PHP switcher” and change the install to work with php 4 instead.
And that’s it – your local development website is ready and is available at: http://localhost/ to play with.