lundi 28 février 2011

ASP.NET hosting with Apache (on linux)

http://www.mono-project.com/ASP.NET

mod_Mono is an Apache 2.0/2.2 module that provides ASP.NET support for the web's favorite server, Apache (http://httpd.apache.org).
http://www.mono-project.com/Mod_mono

la famille ProLiant ML350 "G6 "

HP ProLiant G6 Servers Pack Efficiency and Power

 

http://www.devx.com/HotList/HotList-HP/Article/41583

net command(linux)

Usage:
net rpc             Run functions using RPC transport
net rap             Run functions using RAP transport
net ads             Run functions using ADS transport
net file            Functions on remote opened files
net share           Functions on shares
net session         Manage sessions
net server          List servers in workgroup
net domain          List domains/workgroups on network
net printq          Modify printer queue
net user            Manage users
net group           Manage groups
net groupmap        Manage group mappings
net sam             Functions on the SAM database
net validate        Validate username and password
net groupmember     Modify group memberships
net admin           Execute remote command on a remote OS/2 server
net service         List/modify running services
net password        Change user password on target server
net changetrustpw   Change the trust password
net changesecretpw  Change the secret password
net setauthuser     Set the winbind auth user
net getauthuser     Get the winbind auth user settings
net time            Show/set time
net lookup          Look up host names/IP addresses
net g_lock          Manipulate the global lock table
net join            Join a domain/AD
net dom             Join/unjoin (remote) machines to/from a domain/AD
net cache           Operate on the cache tdb file
net getlocalsid     Get the SID for the local domain
net setlocalsid     Set the SID for the local domain
net setdomainsid    Set domain SID on member servers
net getdomainsid    Get domain SID on member servers
net maxrid          Display the maximul RID currently used
net idmap           IDmap functions
net status          Display server status
net usershare       Manage user-modifiable shares
net usersidlist     Display list of all users with SID
net conf            Manage Samba registry based configuration
net registry        Manage the Samba registry
net eventlog        Process Win32 *.evt eventlog files
net help            Print usage information

dimanche 27 février 2011

iptables/netfilter

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset provided by netfilter.org. The iptables package also includes ip6tables, which is used for configuring the IPv6 packet filter. Since Network Address Translation is also configured from the packet filter ruleset, iptables is also used for NAT.


http://en.opensuse.org/Iptables


netfilter is not deprecated, netfilter is/are the hooks in the kernel that are needed
for iptables to work (REF: www.netfilter.org ). The netfilter page says they're
part of a single framework.

ppp modem

PPP et PPPoE (modem, ADSL et parfois Cable

 
Normalement, vous devez avoir un répertoire /etc/ppp , dans lequel vous trouverez un fichier exécutable /etc/ppp/ip-up.
Ce fichier est exécuté par pppd après la connexion (modem ou pppoe). Il vous faudra donc créer un fichier exécutable (ou y ajouter ces lignes s'il existe déjà) /etc/ppp/if-up.local :

samedi 26 février 2011

admin réseau debian

[Windows] Vidage de la mémoire physique - Fichier Memory.dmp

Sur les systèmes Windows NT / Windows 2000 / Windows XP, lors d'un crash violent du système, le système procède à un vidage de la mémoire, consistant à copier le contenu de la mémoire vive (RAM) dans un fichier sur le disque dur.

Le fichier ainsi créé, nommé Memory.dmp, est généralement volumineux car il contient toutes les données présentes en mémoire avant le plantage.

Si le système, après redémarrage, fonctionne correctement, il est possible de supprimer ce fichier sans risque.

Il se loge par défaut dans le répertoire de Windows :
C:\Windows\Memory.dmp

jeudi 24 février 2011

samba error

"Plusieurs connexions à un serveur ou à une ressource partagée par le même utilisateur, en utilisant plus d’un nom utilisateur, ne sont pas autorisées"

Ouvrir une invite de commande (cmd.exe) et taper :
net use * /DELETE

Best samba tutorial config

samba erreur

 Si vous avez le message suivant lorsque vous voulez joindre le domaine :
"Plusieurs connexions à un serveur ou à une ressource partagée par le même utilisateur, en utilisant plus d’un nom utilisateur, ne sont pas autorisées"

Ouvrir une invite de commande (cmd.exe) et taper :
net use * /DELETE
 
ceci du a une ouverture precedente de conex par net use

gestion des utilisateurs


Lorsque diverses personnes ont accès à un système, il est nécessaire que l'administrateur système gère les utilisateurs. Pour ceci, les commandes usuelles et les fichiers à configurer doivent être connus.
Les fichiers importants à connaître sont :
  • le fichier /etc/passwd
  • le fichier /etc/group
http://www.commentcamarche.net/contents/linux/linusr.php3

plus impo
http://www.commentcamarche.net/contents/linux/

Les profils itinérants

Il peut arriver qu'une personne utilise plusieurs ordinateurs, avec le même compte d'utilisateur. Lorsqu'il va utilisateur un ordinateur, il pourra avoir un environnement différent de celui présent sur l'autre ordinateur. Dans ce cas, il pourra être intéressant de configurer pour cet utilisateur un profil itinérant. En effet, le fait d'utiliser ce type de compte va permettre à votre utilisateur de conserver ses documents, ses paramètres, et son environnement de travail, quelque soit l'ordinateur sur lequel il ouvre une session. En effet, les profils itinérants vont stocker leurs informations sur un serveur que vous choisissez. Concrètement, vous retrouverez les dossiers suivant sur votre serveur :













cette option est assuré aussi par SAMBA sous linux

************************géstion des profils itinérants*****************
taper gpedit.msc
configurer comme dans la impr ecran

  est du a un problem de configuration du dossier profil sur le serveur
revoir le smb.conf verifie que

[homes] 
#======================== Share Definitions ============================ 
comment = Home Directories 
#browseable = no 
path=/home/%U 
browseable = yes 
writable = yes 
ou logon path

Chercher une chaine dans les fichiers Trouver tous les fichiers contenant une chaine

En utilisant find et grep, on peut facilement trouver tous les fichiers contenant un mot.
Par exemple avec la commande suivante je cherche dans tous les fichiers php du répertoire /data/projects/ qui contiennent la chaine "array_keys" :
pcr@home:~$ find /data/projects/ -iname "*.php" 
| xargs grep array_keys
 
 Explications :
On demande a find de chercher dans le répertoire /data/projects/ les fichiers qui se terminent par l'extension .php (-iname contrairement à -name fait une recherche insensible à la casse).
On redirige la liste des fichiers php grâce au pipe et xargs vers grep pour qu'il nous filtre les fichiers et les lignes contenant array_keys.

mercredi 23 février 2011

lister les utillisateur samba

Tout d'abord vérifier que votre /etc/samba/smb.conf contient bien la ligne suivante: passdb backend = tdbsam
Si c'est le cas, tapez la commande suivante:
sudo pdbedit -Lw
Sinon une simple commande devrait suffire:
cat /etc/samba/smbusers

rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3) _netr_ServerAuthenticate: no challenge sent to client

i cant logging with samba ??

in var/log/messages we have _netr_ServerAuthenticate: no challenge sent to client

1-valider la machine en donant un nom dhcp(ip nam)
2-lister les utilisateur et voir le root a quel username?
3-se logger avec le root






stl for postfix

http://koti.kapsi.fi/ptk/postfix/postfix-tls-cacert.shtml

454 TLS not available due to local problem

pt etre du au permission sur keyfile


ls -l /var/spool/mail/sent/

we need to creat group and atribut access 
chown root:postfix /etc/postfix/tls/root.crt

change to owner root and group postfix

postfix and ldap connexion

to connect ldap to postfix/dovecot
see
http://www.404blog.net/?p=36
the problem was the
ldap-accounts.cf 
!! delet the id from these filesss

mardi 15 février 2011

NIS vs ldap

Network Information Service (NIS) nommé aussi Yellow Pages est un protocole client serveur développé par Sun permettant la centralisation d'informations sur un réseau UNIX.
Son but est de distribuer les informations contenues dans des fichiers de configuration contenant par exemple les noms d'hôte (/etc/hosts), les comptes utilisateurs (/etc/passwd), etc. sur un réseau.
Un serveur NIS stocke et distribue donc les informations administratives du réseau, qui se comporte ainsi comme un ensemble cohérent de comptes utilisateurs, groupes, machines, etc.
An NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX environment, the list of users for identification is placed in /etc/passwd, and secret authentication hashes/etc/shadow. NIS adds another “global” user list which is used for identifying users on any client of the NIS domain. in

In many environments, other directory services — arguably more modern and secure than NIS, such as LDAP — have come to replace it. For example, slapd (the standalone LDAP daemon) generally runs as a non-root user, and SASL-based encryption of LDAP traffic is natively supported.
On large LANs, DNS servers may provide better nameserver functionality than NIS or LDAP can provide, leaving just site-wide identification information for NIS master and slave systems to serve. However, some functions — such as the distribution of netmask information to clients, as well as the maintenance of e-mail aliases — may still be performed by NIS or LDAP.
http://www.disa.nu/pub/doc/sles10/usr/share/doc/manual/sles-admin_en/cha.ldap.html

about nsswitch

we have  passwd: compat
and in the end passwd_compat: ldap
its mean that the compat source is the ldap

equivalent à (sans file entry)

passwd: files ldap

     In this example, there are specific entries for  users  root
     and  fred to assure that they can login even when the system
     is running single-user. In addition, anyone  whose  password
     information  is  stored  on  an  LDAP server will be able to
     login with their usual password, shell, and home directory.
if we delete ldap entry we can't login with su 'ldap user'


shadow file and passwd file

Understanding /etc/passwd File Format

by Vivek Gite on February 22, 2006 · 58 comments
Can you explain /etc/passwd file format for Linux and UNIX operating systems?

/etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).

Understanding fields in /etc/passwd

The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.
Generally, passwd file entry looks as follows (click to enlarge image):

(Fig.01: /etc/passwd file format - click to enlarge)
  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Task: See User List

/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd

/etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:
$ ls -l /etc/passwd
Output:
-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

Reading /etc/passwd file

You can read /etc/passwd file using the while loop and IFS separator as follows:
#!/bin/bash
# seven fields from /etc/passwd stored in $f1,f2...,$f7
#
while IFS=: read -r f1 f2 f3 f4 f5 f6 f7
do
 echo "User $f1 use $f7 shell and stores files in $f6 directory."
done < /etc/passwd
 

Your password is stored in /etc/shadow file

Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.
Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

lundi 14 février 2011

ldap test getent

La commande getent passwd doit vous permettre de récupérer à la fois les comptes du fichier /etc/passwd, mais également les compte de l'annuaire ldap qui n'existent pas dans la base passwd.
# getent passwd
[...]
mlx:2/yajBmqc3tYw:1005:1005:BOURG Jean:/home/mlx:/bin/bash
mly:2/yajBmqc3tYw:1006:1006:BOURG Marine:/home/mly:/bin/bash

etc/nsswitch

Le Name Service Switch (NSS) autorise le remplacement des traditionnels fichiers Unix de configuration (par exemple /etc/passwd, /etc/group, /etc/hosts) par une ou plusieurs bases de données centralisées, les mécanismes utilisés pour accéder à ces bases étant configurables

A system administrator usually configures the operating system's name services using the file /etc/nsswitch.conf. This lists databases (such as passwd, shadow and group) and one or more sources for obtaining that information. Examples for sources are files for local files, ldap for the Lightweight Directory Access Protocol, nis for the Network Information Service, nisplus for NIS+, wins for Windows Internet Name Service).
exp:
passwd:     files ldap
shadow:     files
group:      files ldap

hosts:      dns nis files
 
 
plus d info 
http://linux.about.com/od/lna_guide/a/gdelna52t01.htm 

jeudi 10 février 2011

How to Uninstall Linux

Procedure: Boot Linux Grub Boot Loader into single user mode


(1) At grub boot screen (after restart)
(2) Select the kernel
(3) Press the e key to edit the entry
(4) Select second line (the line starting with the word kernel)
(5) Press the e key to edit kernel entry so that you can append single user mode
(6) Append the letter S (or word Single) to the end of the (kernel) line
(7) Press ENTER key
(8) Now press the b key to boot the Linux kernel into single user mode
(9) When prompted give root password and you be allowed to login into single user mode.

opensuse website

linux kernel

mercredi 9 février 2011

xinetd

xinetd, qui signifie eXtended InterNET Daemon, est un démon open source qui tourne sur la plupart des systèmes Unix et qui gère les connexions basées sur l'internet. C'est une réécriture plus sécurisée de inetd.

What is D-Bus?

What is D-Bus?

D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on demand when their services are needed.
D-Bus supplies(fournit) both a system daemon (for events such as "new hardware device added" or "printer queue changed") and a per-user-login-session daemon (for general IPC needs among user applications)

d-bus dameon start up error "at boot before loging'

After configuring LDAP authentification via yast the system needs about 20
minutes to start the dbus-daemon on boot. I got a lot of ldap messages in
/var/log/messages like these:
Jan 12 12:01:44 w2 dbus-daemon: nss_ldap: failed to bind to LDAP server
ldaps://10.0.0.10: Can't contact LDAP server
Jan 12 12:01:44 w2 dbus-daemon: nss_ldap: reconnecting to LDAP server (sleeping
8 seconds)...

Of course, because network is started after dbus, dbus can't connect to the
ldap server, and waits several times until the timeout is reached. 

Network has dbus as "required-start", so i can't change the startup order and
add $network to required-start in the dbus script.

My temporary solution is to replace the /etc/nsswitch.conf file with a one
without ldap access in /etc/init.d/boot.local and restoring the original one
after the network is up.

Reproducible: Always

Steps to Reproduce:
1. Configure LDAP Authentification via yast
2. reboot
Actual Results:  
Boot stops for about 20 minutes at "Starting D-Bus daemon", ldap errors in
/var/log/messages (see details)

suse

SuSE starts etc/init.d/boot.local before the network is fired up

/etc/init.d holds all the start-up scripts while /etc/rc.d has shortlinks to those but it also specifies their priority and whether they should be started or not. This allows for enabling/disabling scripts/services without having to mess with the actual scripts that are in /etc/init.d.

 

web application to test open port on remote host and MORE !!

http://www.yougetsignal.com/tools/open-ports/

Cannot access web site from the LAN


Route Loopback Issue
Q: We just added a Cisco ASA5510 to protect our network. Every thing works except no one in the LAN can access our imail we site. The web site points to one of our public IP, x.x.x.35 (we can access the web site from outside and we just can’t do the same inside after adding the ASA). Is it possible the inside computers can access our web site using the public IP address? If not, my another option is to setup a DNS record pointing to the web site, for example 192.168.0.213 = www.chicagotech.net (our network domain name is chicagotech.local)?. I can’t figure out how to do that. Any suggestions?
A: You may have two options to fix it.
1. If you have an internal DNS, you should direct internal clients to your internal web site IP. To do that, create a new zone on your DNS server for the domain www.chicagotech.net . Add 'A' record(s) to that zone for all resources in www.chicagotech.net that internal clients will need to access. If the resource is available on the internal connection (e.g. the website), then enter the internal address -- 192.168.0.213. If the resource is on the external network, then enter the actual IP Address of the resource.
2. Alternatively, you may add the DNS option onto the end of your static commands, for example,
static (Inside,Outside) x.x.x.34 192.168.0.213 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.35 192.168.0.112 netmask 255.255.255.255 dns

Nombre total de pages vues