The ldapsearch command can simply be used as ldapsearch -x to see everything in the database. The -x means to use simple authentication instead of SASL authentication. When this command is used though, user passwords (even encrypted ones) will not be shown in the output. To see the userpassword field, use:
ldapsearch -x -D “cn=Manager,dc=gray,dc=uchicago,dc=edu” -W
and enter the password.
Things are still not working, but I have learned this. In smb.conf, the line:
ldap admin dn = cn=Manager,dc=gray,dc=uchicago,dc=edu
will work, as long as the password set in secrets.tdb (done with smbpasswd -p password) is the same as the encrypted one in slapd.conf.
My latest idea is to set samba up as my primary domain controller and then use LDAP for authentication. I’m not sure if this is a good idea or not, but I decided that I wanted to try it.
First things, according to some websites I’ve read, I need to install smbldap-tools. I couldn’t find an rpm for this, but then found that they were included with the samba rpm. Location: /usr/share/doc/samba-3.0.10/LDAP/smbldap-tools. Then, to install them, I need to do the following:
copy the perl scripts to /usr/local/sbin
smbpasswd -w secret to set up ldap admin password in secrets.tdb. (I did this and didn’t use secret)
I need to do something else, but I’m not exactly sure what it is. I’ll add on when I figure it out.
Ok, this is just wrong. I don’t need a primary domain controller. All I want to be able to do is have the windows logons use the linux ldap server for access. And, have the linux samba server use the same ldap server for authentication. A PDC brings up profiles and all that other crap I don’t want to deal with. So, I’m going back to just trying to figure out how to get samba to use the ldap server for authentication.
The ultimate goal is to have one place to create logins and have them be valid on all machines, linux, mac or windows. Ldap takes care of this for linux (and mac, I think). I’ve just installed a program called pGina that allows ldap to work for windows as well. In the test in parallels on my mac laptop, it worked fine. The only problem was in mounting the samba drives, but I think I’ll be able to work with that.
I got a new altera license and installed in on the new file server. Should now change the LM_LICENSE_FILE to 27000@new_file_server
I also could comment out the mgcld daemon line because there were no feature codes in the new license that use that daemon. In previous versions, that was there to check out the license for Modelsim. But now, that license is checked out using the Mentor Graphics license server which is on a different machine.
up2date --nox -u
That’s two dashes in front of nox and one dash in front of u. The u means to upgrade all relevant packages.
Our imap server has been acting a little funny and despite my attempts to ignore it until it got better, it just kept acting funny. It would undelete messages and not let them be moved to other folders at times. At other times, it would work fine. So, I decided to go with the RedHat provided dovecot package.
The config file is /etc/dovecot.conf. It had a few lines that needed to be edited.
protocols = imaps (we only allow secure connections)
ssl_cert_file
ssl_key_file
first_valid_uid = 200 (the default is 500)
auth_passdb = shadow
Once these were changed, I just had to turn off imaps with chkconfig and restart xinetd. Then start dovecot.
Backups to DVDS
1. mkisofs -r -v volume name -o iso to write location datafiles
2. growisofs -Z /dev/dvd=iso location -speed=2
I got a call from Network Security saying that our mail server was reporting to an ehlo command that its name was localhost.localdomain. This isn’t really a problem, except that some spam-reporting companies have a bug where this would be enough to automatically blacklist our machine. I edited /etc/hosts and added our machine there, restarted sendmail and everything looks ok.
Also, you have to go to the spamhaus website and request that the address be removed from their system. What a pain!
Our server has a 3Ware 9550SX SATA-RAID card in it that controlls our raid system. The command-line interface to this card is the tw_cli program, provided by 3ware. I wrote a script that runs every hour that checks the status of the raid and sends mail to be if a disk comes up as not optimal or if any new alarm messages appear.
#!/usr/bin/perl
#
# check_raid – Check for any alarms from the raid card, using tw_cli
#
# Syntax: check_raid
#
# If any errors are listed, email them to the sysadmin
#
# 13 October 2006
$day=`date +%a`;
$month=`date +%b`;
$date=`date +%d`;
$hostname=`hostname`;
chop($day);
chop($month);
chop($date);
chop($hostname);
# Location of tw_cli program
$TW_HOME=”/net/sw/edg/bin”;
# Person to receive email
$TO=”admin\@uchicago.edu”;
$FROM=”root”;
$SUBJECT=”RAID DISK PROBLEM ON $hostname”;
# Determine how many raid controllers are in the machine
@raids = `$TW_HOME/tw_cli show| grep ^c`;
# Output of above command will look something like this:
# c0 9550SX-8LP 8 8 1 0 4 4 –
# c1 9550SX-8LP 8 8 1 0 4 4 –
# Run the tw_cli program, looking for errors in each raid
foreach $raid(@raids)
{
# Split the line to get the controller
($controller, $model, $ports, $drives, $units, $notopt, $rrate, $vrate, $bbu)=split(‘ ‘,$raid, 9);
# If any are in the Not Optimal state, email the admin
if ( $notopt != 0 )
{
$notopt_message = “$notopt disk(s) on controller $controller are not in optimal state.\n\n”;
}
# Check for any disk alarms
@alarms=`$TW_HOME/tw_cli show alarms| grep $controller`;
foreach $alarm(@alarms)
{
#Check the month and date on the alarm and only send messages from the current day
($acontroller,$aday,$amonth,$adate,$atime,$ayear,$aerror,$anotes,$junk,$amessage)=split(‘ ‘,$alarm, 10);
# Check that the alarm message is from today
if ($date == $adate && $month == $amonth)
{
# Concatenate the messages together and send mail out
$message = $notopt_message . $alarm;
sendEmail(“$TO”,”$FROM”,”$SUBJECT”,”$message”);
}
}
}
sub sendEmail
{
my ($to, $from, $subject, $message) = @_;
my $sendmail = ‘/usr/sbin/sendmail’;
open (MAIL, “|$sendmail -oi -t”);
print MAIL “From: $from\n”;
print MAIL “To: $to\n”;
print MAIL “Subject: $subject\n\n”;
print MAIL “$message\n”;
close (MAIL);
}