December 2013 Archives

Mon Dec 16 16:11:20 ICT 2013

Using patch (1)

Use the option -p to preserve the full pathnames.


Posted by Olivier | Permanent link | File under: administration, freebsd

Mon Dec 16 15:44:21 ICT 2013

rsync(1) configuration

Typical rsync (1) configuration file on the server is located in /usr/local/etc/rsynchd.conf and should have a section of the form:

[section]
        path = /directory
        auth users = username
        secrets file = /usr/local/etc/rsyncd.secrets
        uid = 0
        gid = 0
        hosts allow = 192.41.170.22
        host deny = 0.0.0.0/0

The rsyncd.secrets file contains the username:password used by the client to connect to the server. It must be chmod 600.

On the client the user username must launch the synchronization with the rsync (1) command:

rsync -aczHAX --delete --password-file=passwd_file server::section /directory

Posted by Olivier | Permanent link | File under: administration, freebsd

Fri Dec 13 11:42:06 ICT 2013

fusefs port in FreeBSD

To allow ordinary users to mount fuse devices, set the kernel state:

# sysctl vfs.usermount=1

Now fuse filesystems (sysutils/fusefs-x) can be munted at startup from /etc/fstab with ethe late parameter.

You may need to create a symbolic link for /usr/sbin/mount_fusefs is it was not created when installing the port.

Posted by Olivier | Permanent link | File under: administration, freebsd, ports

Fri Dec 13 11:32:20 ICT 2013

Dependencies for vmware-vsphere-cli port on FreBSD

In order to build and install net/vmware-vsphere-cli you need the following ports installed first:

  • compat6x
  • glib
  • gettext
  • perl (install)

Posted by Olivier | Permanent link | File under: administration, vmware, freebsd, ports

Fri Dec 13 11:24:58 ICT 2013

UTF-8 encoding in Ruby Gems RDoc port in FreBSD

When installing Ruby Gems RDoc port on FreeBSD, there is a conflict between UTF-8 and ASCII coding.

To remove the conflict, add the environment variable: RDOCOPT --encoding=UTF-8


Posted by Olivier | Permanent link | File under: administration, freebsd, ports

Wed Dec 11 15:51:12 ICT 2013

The /usr/local/ETC directory to build the port for asciidoc(1)

When installing asciidoc(1) on FreeBSD, the port is looking for the directory /usr/local/ETC. I create a symbolic link with /usr/local/etc/asciidoc:

ln -s /usr/local/etc/asciidoc /usr/local/ETC

Posted by Olivier | Permanent link | File under: administration, freebsd, ports

Wed Dec 11 15:28:12 ICT 2013

Disable lock screen and password change in Windows XP

Student should not be allowed to lock the machines in the laboratory. This prevents them to prepend a machine and prevent access to other fellow students.

In a similar way, the password change menu should be disabled to encourage students using the web page for account management.

Use the Groupd Policiy Editor to disable both functions on Windows XP, follow the step-by-step instructions bellow:

  1. Run gpedit from command line, press Windows-R and type gpedic.msc.
  2. in the left pane, select User Configuration/Administrative Templates/System/Ctrl+Alt+Del Options.
  3. Change the options for Remove Lock Computer and Remove Password Change in the right pane.

Posted by Olivier | Permanent link | File under: administration, ms_windows

Wed Dec 11 14:53:43 ICT 2013

Mount a file system image in FreeBSD

A filesystem have been saved in an image file, this image can be mounted in FreeBSD like any other filesystem.

More information is available in FreeBSD Handbook, in the section Network, Memory and File Backed File System.

  1. The first step is to configure and enable a memory disk associated to the image file; the memory disk has a device of the form /dev/md0 or /dev/md0s1c:
    # mdconfig -a -t vnode -f filename
    
  2. The device can now be mounted like any other device:
    # mount -t type memory-disk-device mount-point
    
  3. To have the list of available memory disks:
    # mdconfig -l
    
  4. After umounting the memory disk, you can remove it with:
    # mdconfig -d -u memory-disk-ID
    

Posted by Olivier | Permanent link | File under: administration, freebsd

Tue Dec 10 12:16:37 ICT 2013

Install and configure Mac OS X system on iMac

This step-by-step intructions gives an how-to install (or re-install) and confugure Mac OS X on CSIM iMac machines.
  1. Insert the Mac OS X Install DVD in the drive.
  2. Hold the ALT key for 10-20 seconds while booting; until an arrow appears on the screen.
  3. Select the DVD icon.
  4. Proceed with accepting any menu until the Install Mac OS X screen.
  5. The first step of to reformat the hard disk. On the Install Mac OS X screen, select Utilities/Disk Utility.
  6. Select Machintosh HD and Erase.
  7. Go on and erase, this will apply the default format operation which is a quick format.
  8. Exit Disk Utility. The disk has been reformatted.
  9. Continue with installation and accept all the defaults.
  10. Select country Thailand.
  11. Select Keyboard US.
  12. Select No information transfer.
  13. Do not enter Apple ID.
  14. Do not enter Registration Information.
  15. Create the user toor, full name Charlie, with the Administrator password use on Windows machines.
  16. Install the applications from Applications Install DVD.
  17. Cancel Keyboard Setup Assistant.
  18. This step will configure the login options. Go to System Preferences/Accounts/Login Options.
  19. Select Automatic Login: off.
  20. Select Display login window as: Name and password.
  21. Now you need to install AIT root CA certificate. Open a shell window and create the directory that will hold the root CA:
    # sudo mkdir -p /usr/local/ssl/ca
    
  22. Import the certificate from banyan.cs.ait.ac.th:
    # scp on@banyan:SSL/ca/ca-bundle.crt .
    
  23. In the Finder, open ca-bundle.crt.
  24. Add it in the Keychain system, always trust it.
  25. Move the certificate to its final location:
    # sudo mv ca-bundle.crt /usr/local/ssl/ca
    
  26. Next step will be to download and install system updates. Launch Safari.
  27. Modify the preference to use www.cs.ait.ac.th for home page.
  28. Authenticate to access to Internet.
  29. In the Finder, launch Software Update.
  30. Restart at step 26. and relaunch the Software Update until there is no more update (minimum twice).
  31. Configure syslog to log to CSIM loggin server. Edit /etc/syslog.conf add a line:
    *.*                        @sysl.cs.ait.ac.th
    
  32. Configure NFS to autiomatically mount the disk from oak.cs.ait.ac.th/etc/auto_master, comment out all lines except /net and /Network/Servers.
  33. Edit /etc/fstab and enter the line:
    oak.cs.ait.ac.th:/home /home nfs -P,-i,-b 0 0
    
  34. Add an entry to start fstab automatically:
    # scp on@banyan:_Library_LaunchDaemon_fstab.plist to /Library/LaunchDaemon/fstab.plist
    
  35. Now configure the date and time. In System Preferences/Date & Time/Date & Time, set Set date and time automatically to: ntp.cs.ait.ac.th.
  36. In Clock, select Use 24-hour clock.
  37. In System Preferences/Sharing, change the Computer Name. The name are in the form of Macx.
  38. Install the C-shell .rc file:
    # scp on@banyan:/etc/.cshrc /etc/.cshrc
    
  39. Configure LDAP and the users accounts. Edit /etc/openldap/ldap.conf and add the line:
    TLS_CACERT /usr/local/ss/ca/ca-bundle.crt
    
  40. In System Preferences/Account/Login Options, click on Network Account Server Join...
  41. Enter the name ldap.cs.ait.ac.th and click Open Directory Utility.
  42. Edit LDAPv3.
  43. Click New and enter Server Name or IP Address: ldap.cs.ait.ac.th.
  44. Select Encrypt using SSL.
  45. Click on Continue.
  46. Enter in Pick a Template: RFC 2307 (Unix).
  47. Enter in Searchbase: ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
  48. Click Continue then OK.
  49. Lock the Directory Utility.
  50. Enter CSIM in Configuration Name.
  51. Click Edit, in Search & Mappings.
  52. Click Groups and change Search base to: ou=Group,ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
  53. Change Search only at the first level.
  54. Click People and change Search base to: ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
  55. Change Search only at the first level.
  56. Expand People, under RealName, add gecos and delete cn.
  57. Under RecordName add uid.
  58. Click on Users and change Search base to: ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
  59. Change Search only at the first level.
  60. Expand Users.
  61. Repeat the changes for RealName.
  62. OK everything and close
  63. In a shell window, make the users tempadmin and on administrators of the machine:
    # dscl . -append /Groups/admin GroupMembership  on tempadmin
    
  64. Configure the printers. Edit /etc/hosts.lpd on banyan. Add a line with the full name of the iMac computer macx.desktops.cs.ait.ac.th. Restart the lpd(8) daemon:
    # /etc/rc.d/lpd restart
    
  65. In System Preferences/Printers & Fax:
    • Add Address: banyan.cs.ait.ac.th
    • Queue: big
    • Name: Big
    • Print Using Print software
    • Select HP Laserjet 4300 Series
    • Select Optional Tray3: 500 sheets
    • Select Duplex Unit selected
    • Select Fit to Page: Nearest Size and Scale
  66. Same for Queue: magnum; Name: Magnum; select HP Laserjet P4010 series.
  67. Same for Queue: Ricoh; Name: Ricoh; select Ricoh Aficio 2051 -Gutenprint v5.2.3; this one has no option to select duplex or tray.
  68. Lock the System Preferences.
  69. Reboot

Posted by Olivier | Permanent link | File under: administration

Mon Dec 9 18:02:05 ICT 2013

Re-install grub after WEA lab has installed their sandbox Ubuntu

Part of WEA class is installing Ubuntu on the machines in the lab. During the process, the students will install their own version of grub.

To have the machines boot normally, you must re-install a stanard version of grub.

  1. Choose CSIM Ubuntu from grub. The name may vary, the version number will be different, but it should be on /dev/sda3.
  2. Mount the WEA sandbox Ubuntu:
    # mount /dev/sda5 /mnt
    
  3. Open /mnt/boot/grub/grub.conf in a text editor:
    # edit /mnt/boot/grub/grub.conf
    
  4. Locate the first menuentry and copy it to the clipboard.
  5. Open /boot/grub/grub.cfg in a text editor:
    # edit /boot/grub/grub.cfg
    
  6. Locate the entry for Windows.
  7. After the entry for Windows, paste the contents of the clipboard from point 4 above.
  8. In the entry you just pasted, change the label to WEA Ubuntu 13.4 (on /dev/sda5).
  9. Re-install grub:
    # grub-install --nofloppy /dev/sda5
    
  10. Reboot.

Posted by Olivier | Permanent link | File under: administration, ubuntu

Mon Dec 9 15:35:41 ICT 2013

Enable syslog on VMware ESXi server

There is no GUI method to enable syslog on VMware ESXi server (ESXi); it must be enabled using console access and command line.
  1. Remote connect to ESXi with ssh(1):
    # ssh root@ESXi
    
  2. Enable syslog in ESXi firewall:
    # esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
    # esxcli network firewall refresh
    
  3. Define the syslog server; you must use an IP address, not the server's name:
    # esxcli system syslog config set --loghost='udp://192.41.170.20:514'
    # esxcli system syslog reload
    
  4. Check the configuration:
    # esxcli system syslog config get
       Default Network Retry Timeout: 180
       Local Log Output: /scratch/log
       Local Log Output Is Configured: false
       Local Log Output Is Persistent: true
       Local Logging Default Rotation Size: 1024
       Local Logging Default Rotations: 8
       Log To Unique Subdirectory: false
       Remote Host: udp://192.41.170.20:514
    

Posted by Olivier | Permanent link | File under: administration, vmware

Wed Dec 4 20:00:39 ICT 2013

FreeBSD portupgrade

When upgrading all the ports with portupgrade(1), use the -x option to ignore Perl modules installed from CPAN:
# portupgrade -fa -x bsdpan\*
On the mail server, you want to ignore Kaspersky anti-virus:
# portupgrade -fa -x bsdpan\* kav4\*

Posted by Olivier | Permanent link | File under: administration, freebsd, ports

Wed Dec 4 17:19:15 ICT 2013

VMware administrator

To have administrator priviledges on a VMware ESXi server (ESXi), a user must be listed in the Domain Admins group on the Active Directory server (AD).

To list the users of the group Domain Admins, execute the following command on the AD:

# samba-tool group listmembers "Domain Admins"
To add a user to the group Domain Admins, execute the following command on the AD:
# samba-tool group addmembers "Domain Admins" user_name
Note: it may be possible that a user has to be re-added to the group after the account has been disabled and then re-enabled.

To grant administrator priviledges on an ESXi to the AD group Domain Admins, use the following procedure.

  1. Connect to the ESXi using the VMware vSphere standalone client. Authenticate with the root account.
    Select the Configuration tab, the Authentication Services item and click on Properties....
  2. In the popup window, select Active Directory, enter the Domain cs.ait.ac.th and click on Join Domain.
  3. In authentitcation window, enter the User Name Administrator and the Unix root password. Click on Join Domain.
    Now the ESXi can access the accounts defined in the AD.
  4. Select the tab Permissions, right click on the window and select Add Permission...
  5. In the popup window, select the Assigned Role Administrator and click on Add...
  6. In configuration window, select the Domain SMB4, in the Users and Groups select the group Domain Admins and click on Add.
    SMB4\Domain Admins is now listed in the Groups, click on OK.

    All the users listed in the group Domain Admins of the AD have Administrator priviledges on the ESXi.

Posted by Olivier | Permanent link | File under: administration

Wed Dec 4 17:07:26 ICT 2013

ClamAV

After upgrading ClamAV, ownership must be fixed on /var/run/clamav and /var/log/clamav:

# chown vscan:vscan /var/run/clamav
# chown vscan:vscan /var/log/clamav

Posted by Olivier | Permanent link | File under: administration, vmware

Tue Dec 3 12:00:57 ICT 2013

Amanda

To restore files from amanda, login to amanda server, get root and change directory to /holding/recover. You can then issue the command:

# amrecover normal -t localhost -s localhost -oauth=bsd
When upgrading Amanda, do all the clients first, and only then do the server.

Posted by Olivier | Permanent link | File under: administration, backup