Category Archives: sys admin

NFS mount – When Your Shares Go Wrong

From Wikipedia:

Network File System (NFS) is a network file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed.

So basically its a network share, it allows you to share files between remote computers
in the most easy and seamless way, once it was specifically for UNIX servers,
but today NFS is supported over MS servers as well.

Like everything else in Sysadmin life,
when its working its working well, and nobody hears about it,
but what to do when its not working?
Samba debugging for example is easier from that aspect since it has extensive logs for the sysadmin,
NFS doesn’t keep logs, and NFS issues doesn’t show up in the syslog/messages file as well.

But there are tools that allow you to get extensive information about the running NFS process,
shares, statistics, users connected etc :

Description

Command

see what the machine is exporting SunOS: # exportfs
Solaris: # share
Print the list of shared file systems showmount -e server_name
Print the list of all clients mounting a directory from the questioned server showmount -a server_name
Print the directory and all the clients that are mounting it curretly – from within the nfs server dfmounts
print the nfs netwrok statistics client side: nfsstat -c
server side: nfsstat -s
To see that nfsd is responding rpcinfo -T udp crimson nfs
To see that mountd is responding rpcinfo -T udp crimson mountd
To see that lockd is responding rpcinfo -T udp crimson nlockmgr

rpcinfo -T udp crimson llockmgr

Technorati Tags: , , ,

Implementing MediaWiki

My favorite type of wiki is mediawiki,
I love the ease of use, the huge matrix of extensions available,
and the look and feel of the wiki itself.
backup, restore and upgrade support are also very important reasons to choose a specific wiki software,
and having gone through all this steps in mediawiki, I am very pleased with the ease of use.

Starting from the begining:

what is mediawiki?

MediaWiki is free server-based software which is licensed under the GNU General Public License (GPL). It’s designed to be run on a large server farm for a website that gets millions of hits per day. MediaWiki is an extremely powerful, scalable software and a feature-rich wiki implementation, that uses PHP to process and display data stored in its MySQL database.
Media wiki site

Media wiki also saves the versions of the updated files – allowing for easy reverts and versioning of edited files.

The largest sites using medaiwiki:

Mediawiki large sites list

Design matters

Wiki website doesn’t have to have the MediaWiki standard look,
you can design the look and feel either manually to suite the corporate guidelines or with existing skins.

Novelle’s wiki site:

Novell wiki site

marvel.wikia.com:

marvel

Extensions

Extensions are compilations of PHP code that add new features or enhance functionality of the main MediaWiki core. Extensions are one of the main advantages of MediaWiki. They give wiki administrators and wiki end-users the ability to adapt MediaWiki to their requirements.

The extensions can add capabilities like:

Integrate into the Organization

Using LDAP we can integrate the wiki with the main active directory.
http://www.mediawiki.org/wiki/Ldap will show you the step to add ldap support to the wiki install,
with ldap you can have single and multi domain authentication (including local database)
Retrieval of user information from LDAP:
  • Email address
  • Real name
  • Nickname
  • Language
you can configure the wiki to allow to only domain users to access the server, and you can create wikis that will be accessible only by a specific domain group/users.
You can restrict edit access only to users who have created an account AND verified their email address.
more features the mediawiki ofers:
  • A watch list – update by email when a watched page has changed.
  • By default, MediaWiki’s page URLs look like /index.php?title=Your_Page,
  • but an .htaccess file tweak can make them look like Wikipedia’s clean /wiki/Your_Page links.
  • When a user submits an edit to a page, MediaWiki writes it to the database, but without deleting the previous versions of the page, thus allowing easy reverts in case of vandalism or spamming.

First steps with editing wiki pages

http://meta.wikimedia.org/wiki/MediaWiki_User%27s_Guide:_Editing_overview

This simple editing tutorial will show you the basic step in editing a new wiki page:

  • headings
  • lists
  • links

Technorati Tags: , , ,

solaris 10 and vnc

Boost Your Adsense And Affiliate Commissions By Building 10s, 100s or 1,000s of Websites,
Each With The Click of a Button!

VNC is a server client method of connecting to a remote server,
the great thing about vnc is that you can see the remote server desktop, and work on it with a mouse just like its your local desktop.
another good thing about vnc is that its free for use for many distros.

There are main 2 major software companies that supply free vnc server and vnc cllient,
the first is realvnc and the second is tightvnc , from the tighvnc site:

TightVNC is a free remote control software package. With TightVNC, you can see the desktop of a remote machine and control it with your local mouse and keyboard, just like you would do it sitting in the front of that computer. TightVNC is:

  • free for both personal and commercial usage, with full source code available (GPL-licensed);
  • useful in remote administration, remote customer support, education, and for many other purposes;
  • cross-platform, available for Windows and Unix, compatible with other VNC software.

So these are 2 options for you to download a good free vnc viewer.

Solaris VNCserver configuration

and I say only viewer because now the Solaris 10 build 5 comes with the vncserver alredy inside.
all you need to do is to configure it.

This page on the SUN site will give you the detailed explanation on how to do things and what security patch you need to install fisrt ,but the instructions can be summed up in 4 lines:

mkdir -p /etc/dt/config

cp /usr/dt/config/Xservers    /etc/dt/config/Xservers

edit this file “/etc/dt/config/Xservers” and add these lines at the end:

:1  Local local_uid@none root /usr/X11/bin/Xvnc :1 -nobanner -AlwaysShared -SecurityTypes None -geometry 1024x768x24 -depth 24
:2  Local local_uid@none root /usr/X11/bin/Xvnc :2 -nobanner -AlwaysShared -SecurityTypes None -geometry 1024x768x24 -depth 24
:3  Local local_uid@none root /usr/X11/bin/Xvnc :3 -nobanner -AlwaysShared -SecurityTypes None -geometry 1024x768x24 -depth 24
And reboot the server.

The lines with the :1 :2 etc at the beginning, are the virtual displays you wish to server to have available for connections, you can add more by changing the numbers to :4 :5 etc.

when connecting to the server with the vnc viewer you need to express to which virtual display you want to connect by adding it to end of the server’s name or ip:

10.10.10.1:3

If you want to connect to virtual display number 3.

A security note – this configuration will allow passwordless access to the vnc screen – if someone logs in and leaves it open – the next user can just enter without a login.

A safer configuration is to require a password by using the -SecurityTypes VncAuth parameter. The Xvnc(1) man page describes password requirements.

VNC and Security

The vnc as a general is clear text, for a more secure connection there is a method of tunneling the vnc through a ssh session.
2 nice tutorials for vnc through ssh can be found here and here.
the second tutorial is using putty for the ssh connection – putty is another great freeware,
its a free ssh client for windows to connect to ssh servers.

If the server you wish to connect to through vnc is located withing your lan,
and you are relaxed about security for the users on it – if its a training server etc ,
you can just setup the vncserver without any safeguards,
but if you are connecting through an unsecured medium (AKA the internet)
you better add the ssh layer to it.

Boost Your Adsense And Affiliate Commissions By Building 10s, 100s or 1,000s of Websites,
Each With The Click of a Button!

Technorati Tags: , , , ,

Reading Linux Email book

Linux E-mail

I’m reading a new book about Linux mail servers,
Its basically a Hands on training book for easily installing a full linux email server for the office,
The book is filled with helping screenshots and a step-by-step procedures to install the server and make things work,
some of the apps the book covers are: Postfix, Courier, Procmail etc…
Ill add a full review when I’m done reading – it looks nice so far.

Technorati Tags: , ,

I Like Good Linux Lists On The Morning

Lists are the magic word for SEO and link bait, and they catch the eye.

Well I sometimes bite too so here is the latest Linux links list I have fallen for:
15 Power tools for Linux that you cant afford to miss,
I havent checked all the links in the page yet, but I will.

And you should probably check out the whole blog,
It looks very promising and fun to read.
from their description:
Penguin Inside is a blog about Linux and Software Guides, How-TOs, Reviews.
The blog is dedicated to Linux Desktops.

Another Good list is from Smashing Magazine:
50 Beautiful Flash Websites , and thats a beutiful list of 50 stunning flash websites,
A couple that i liked the most are:

e-Content Solutions

econtent

and v5 Design

v5design_s

Technorati Tags: , , ,

Computer Jokes

Syntax Error

I found these bunch of old geek jokes in this post today,
that combined with the red wine glass  had for lunch made working in the afternoon impossible :)

the couple I loved the most were:

Unix is user friendly. It’s just very particular about who its friends are.

and another unix joke – a true classis:

Why programmers like UNIX:

unzip, strip, touch, finger, grep, mount, fsck, more, yes, fsck, fsck, fsck, umount, sleep

Technorati Tags: , ,

Solution for Windows 7 samba connection problem

samba_linux

A fresh install of windows 7 might have a problem with samba shares,

if you setup samba logging you will see errors like this:

[2009/08/26 09:15:53, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name  failed with error Record does not exist.
[2009/08/26 09:15:53, 3] smbd/server.c:exit_server(614)

although the user was able to connect from a different PC with a different operating system.

I found this great solution for the samba connection problem,

and to break it to a few simple steps:

  1. from the run command or from a cmd window run secpol.msc
  2. go to “Local Policies” -> “Security Options” -> “Network Security: LAN Manager authentication level”
  3. change to “LM and NTLM – use NTLMV2 session security if negotiated”
  4. Press the OK button

This solution worked just fine on a fresh windows 7 install.

Need Help Cleaning up your registry?

Technorati Tags: , ,

How to Debug Samba Server and solve user connection problems

samba_linux

Samba is the server used to share files from a Linux server to the rest of the windows clients in an office,
it is  an easy to use server with simple defaults that will make the integration easy into any domain,
you can find on the samba main site some configurations samples and newer smb.conf samples to help ease the server into the domain.

But the harder part after setting the server is debugging problems with it,
like a user permission problem – can the user authenticate to the Microsoft domain server?
maybe he has a password problem? maybe he doesn’t have permission to access the share?

Setting up samba logging:

For starters you will find all the config files are at /etc/smb
the main config file is smb.conf,
other important files are smbusers and smbpasswd,
smbusers is a mapping file, to mask windows user as a linux user for access.

Now first thing to do when debugging is to setup the logging well,
so these are good log settings in the /etc/samba/smb.conf for debugging of the samba service:

log file = /var/log/samba/%m.log
syslog = 0
log level = 3 passdb:0 auth:0 winbind:0 vfs:0
vfs objects = full_audit

  • log file = /var/log/samba/%m.log                             the %m is substituted for the machine name.
  • syslog = 0                                                                             0 means only LOG_ERR will be sent to the syslog,
    If you want more info to be sent there change it to 3
  • log level = 3 passdb:0 auth:0 winbind:0 vfs:0        gives better control over which options to log
  • vfs objects = full_audit                                                  this allows for full details on which files are accessed by whom.

With this configuration all the machines log files will be found under /var/log/samba/*.log
for a sample, if you been trying to connect to the samba server from a machine named “boo1″
you should see in the log folder: /var/log/samba/boo1.log

You can search inside the folder by using “ls –latr” to find the newest files,
which will mean the windows clients that have been trying to connect to te samba server.

And “tail -100 machine_name.log” to view the errors you got if you couldn’t access the share.

Real life Debug sample:

from the file temp1.log:

nmbd/service.c:make_connection_snum(314)
user ‘temp1′ (from session setup) not permitted to access this share (share2)

This error means to that your user is known as temp1,
and temp1 doesn’t have permission to access the share “share2”
in which case you need to open the smb.conf and setup the permissions
for the user on this share to allow him access.

Inside smbusers you can map windows users to a specific unix user with this syntax:
unix_user = MY_DOMAIN\windows_user1 MY_DOMAIN\windows_user2 MY_DOMAIN\windows_user3

And then allow access to shares in the config by using the unix name:
valid users = unix_user

Checking access to the server and listing shares on it from commend line:

smbclient -L //server -U windows_user

You will be prompt for password, and if the settings are good, you will receive the shares listing from the server.

Connecting to a share on the server:
smbclient  //server/share -U windows_user

after answering the password you get a command line much like ftp:

smbclient //server/share -U builder
Password:
Domain=[MY_DOMAIN] OS=[Unix] Server=[Samba 3.0.33-3.7.el5_3.1]
smb: \>

mounting windows share on linux from fstab:

This will allow for automatic mount in case of server reboot:

\\server\share /unix_location  smbfs  credentials=/etc/samba.sharepasswd,uid=unix_user,gid=unix_group,ip=192.168.0.1,lfs 0 0

Contents of /etc/samba/.sharepasswd should be windows user and password to connect to the share:

username=windows_user

password=windows_pass

Getting info from a windows domain controller for samba debugging:

To list all the windows domain users from linux command line:

net rpc username -S icq-mdc1

replace “username” with a valid windows user name, to list all the users in the server,
you will need to know the user password as well.

This command can list the user groups from the domain controller:

net rpc user INFO username -S domain-server-name

replace “username” with a valid windows user name.

Technorati Tags: , ,