Blog d'un ingénieur en réseau et en Dev informatique.
lundi 28 février 2011
la famille ProLiant ML350 "G6 "
HP ProLiant G6 Servers Pack Efficiency and Power
http://www.devx.com/HotList/HotList-HP/Article/41583
net command(linux)
Usage:
net rpc Run functions using RPC transport
net rap Run functions using RAP transport
net ads Run functions using ADS transport
net file Functions on remote opened files
net share Functions on shares
net session Manage sessions
net server List servers in workgroup
net domain List domains/workgroups on network
net printq Modify printer queue
net user Manage users
net group Manage groups
net groupmap Manage group mappings
net sam Functions on the SAM database
net validate Validate username and password
net groupmember Modify group memberships
net admin Execute remote command on a remote OS/2 server
net service List/modify running services
net password Change user password on target server
net changetrustpw Change the trust password
net changesecretpw Change the secret password
net setauthuser Set the winbind auth user
net getauthuser Get the winbind auth user settings
net time Show/set time
net lookup Look up host names/IP addresses
net g_lock Manipulate the global lock table
net join Join a domain/AD
net dom Join/unjoin (remote) machines to/from a domain/AD
net cache Operate on the cache tdb file
net getlocalsid Get the SID for the local domain
net setlocalsid Set the SID for the local domain
net setdomainsid Set domain SID on member servers
net getdomainsid Get domain SID on member servers
net maxrid Display the maximul RID currently used
net idmap IDmap functions
net status Display server status
net usershare Manage user-modifiable shares
net usersidlist Display list of all users with SID
net conf Manage Samba registry based configuration
net registry Manage the Samba registry
net eventlog Process Win32 *.evt eventlog files
net help Print usage information
net rpc Run functions using RPC transport
net rap Run functions using RAP transport
net ads Run functions using ADS transport
net file Functions on remote opened files
net share Functions on shares
net session Manage sessions
net server List servers in workgroup
net domain List domains/workgroups on network
net printq Modify printer queue
net user Manage users
net group Manage groups
net groupmap Manage group mappings
net sam Functions on the SAM database
net validate Validate username and password
net groupmember Modify group memberships
net admin Execute remote command on a remote OS/2 server
net service List/modify running services
net password Change user password on target server
net changetrustpw Change the trust password
net changesecretpw Change the secret password
net setauthuser Set the winbind auth user
net getauthuser Get the winbind auth user settings
net time Show/set time
net lookup Look up host names/IP addresses
net g_lock Manipulate the global lock table
net join Join a domain/AD
net dom Join/unjoin (remote) machines to/from a domain/AD
net cache Operate on the cache tdb file
net getlocalsid Get the SID for the local domain
net setlocalsid Set the SID for the local domain
net setdomainsid Set domain SID on member servers
net getdomainsid Get domain SID on member servers
net maxrid Display the maximul RID currently used
net idmap IDmap functions
net status Display server status
net usershare Manage user-modifiable shares
net usersidlist Display list of all users with SID
net conf Manage Samba registry based configuration
net registry Manage the Samba registry
net eventlog Process Win32 *.evt eventlog files
net help Print usage information
dimanche 27 février 2011
iptables/netfilter
iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset provided by netfilter.org. The iptables package also includes ip6tables, which is used for configuring the IPv6 packet filter. Since Network Address Translation is also configured from the packet filter ruleset, iptables is also used for NAT.
http://en.opensuse.org/Iptables
netfilter is not deprecated, netfilter is/are the hooks in the kernel that are needed
for iptables to work (REF: www.netfilter.org ). The netfilter page says they're
part of a single framework.
http://en.opensuse.org/Iptables
netfilter is not deprecated, netfilter is/are the hooks in the kernel that are needed
for iptables to work (REF: www.netfilter.org ). The netfilter page says they're
part of a single framework.
ppp modem
PPP et PPPoE (modem, ADSL et parfois Cable |
| Normalement, vous devez avoir un répertoire /etc/ppp , dans lequel vous trouverez un fichier exécutable /etc/ppp/ip-up. Ce fichier est exécuté par pppd après la connexion (modem ou pppoe). Il vous faudra donc créer un fichier exécutable (ou y ajouter ces lignes s'il existe déjà) /etc/ppp/if-up.local : |
samedi 26 février 2011
[Windows] Vidage de la mémoire physique - Fichier Memory.dmp
Sur les systèmes Windows NT / Windows 2000 / Windows XP, lors d'un crash violent du système, le système procède à un vidage de la mémoire, consistant à copier le contenu de la mémoire vive (RAM) dans un fichier sur le disque dur.
Le fichier ainsi créé, nommé Memory.dmp, est généralement volumineux car il contient toutes les données présentes en mémoire avant le plantage.
Si le système, après redémarrage, fonctionne correctement, il est possible de supprimer ce fichier sans risque.
Il se loge par défaut dans le répertoire de Windows :
C:\Windows\Memory.dmp
Le fichier ainsi créé, nommé Memory.dmp, est généralement volumineux car il contient toutes les données présentes en mémoire avant le plantage.
Si le système, après redémarrage, fonctionne correctement, il est possible de supprimer ce fichier sans risque.
Il se loge par défaut dans le répertoire de Windows :
C:\Windows\Memory.dmp
jeudi 24 février 2011
samba error
"Plusieurs connexions à un serveur ou à une ressource partagée par le même utilisateur, en utilisant plus d’un nom utilisateur, ne sont pas autorisées"
Ouvrir une invite de commande (cmd.exe) et taper :
Ouvrir une invite de commande (cmd.exe) et taper :
net use * /DELETEsamba erreur
Si vous avez le message suivant lorsque vous voulez joindre le domaine :
"Plusieurs connexions à un serveur ou à une ressource partagée par le même utilisateur, en utilisant plus d’un nom utilisateur, ne sont pas autorisées"
Ouvrir une invite de commande (cmd.exe) et taper :
"Plusieurs connexions à un serveur ou à une ressource partagée par le même utilisateur, en utilisant plus d’un nom utilisateur, ne sont pas autorisées"
Ouvrir une invite de commande (cmd.exe) et taper :
net use * /DELETE ceci du a une ouverture precedente de conex par net use gestion des utilisateurs
Lorsque diverses personnes ont accès à un système, il est nécessaire que l'administrateur système gère les utilisateurs. Pour ceci, les commandes usuelles et les fichiers à configurer doivent être connus.
Les fichiers importants à connaître sont :
- le fichier /etc/passwd
- le fichier /etc/group
plus impo
http://www.commentcamarche.net/contents/linux/
Les profils itinérants
Il peut arriver qu'une personne utilise plusieurs ordinateurs, avec le même compte d'utilisateur. Lorsqu'il va utilisateur un ordinateur, il pourra avoir un environnement différent de celui présent sur l'autre ordinateur. Dans ce cas, il pourra être intéressant de configurer pour cet utilisateur un profil itinérant. En effet, le fait d'utiliser ce type de compte va permettre à votre utilisateur de conserver ses documents, ses paramètres, et son environnement de travail, quelque soit l'ordinateur sur lequel il ouvre une session. En effet, les profils itinérants vont stocker leurs informations sur un serveur que vous choisissez. Concrètement, vous retrouverez les dossiers suivant sur votre serveur :
cette option est assuré aussi par SAMBA sous linux
************************géstion des profils itinérants*****************
taper gpedit.msc
configurer comme dans la impr ecran
est du a un problem de configuration du dossier profil sur le serveur
revoir le smb.conf verifie que
[homes]
#======================== Share Definitions ============================
comment = Home Directories
#browseable = no
path=/home/%U
browseable = yes
writable = yes
ou logon path
************************géstion des profils itinérants*****************
taper gpedit.msc
configurer comme dans la impr ecran
revoir le smb.conf verifie que
[homes]
#======================== Share Definitions ============================
comment = Home Directories
#browseable = no
path=/home/%U
browseable = yes
writable = yes
ou logon path
Chercher une chaine dans les fichiers Trouver tous les fichiers contenant une chaine
En utilisant find et grep, on peut facilement trouver tous les fichiers contenant un mot.
Par exemple avec la commande suivante je cherche dans tous les fichiers php du répertoire /data/projects/ qui contiennent la chaine "array_keys" :
On demande a find de chercher dans le répertoire /data/projects/ les fichiers qui se terminent par l'extension .php (-iname contrairement à -name fait une recherche insensible à la casse).
On redirige la liste des fichiers php grâce au pipe et xargs vers grep pour qu'il nous filtre les fichiers et les lignes contenant array_keys.
Par exemple avec la commande suivante je cherche dans tous les fichiers php du répertoire /data/projects/ qui contiennent la chaine "array_keys" :
pcr@home:~$ find /data/projects/ -iname "*.php" | xargs grep array_keys
Explications :On demande a find de chercher dans le répertoire /data/projects/ les fichiers qui se terminent par l'extension .php (-iname contrairement à -name fait une recherche insensible à la casse).
On redirige la liste des fichiers php grâce au pipe et xargs vers grep pour qu'il nous filtre les fichiers et les lignes contenant array_keys.
mercredi 23 février 2011
lister les utillisateur samba
Tout d'abord vérifier que votre /etc/samba/smb.conf contient bien la ligne suivante: passdb backend = tdbsam
Si c'est le cas, tapez la commande suivante:
Sinon une simple commande devrait suffire:
Si c'est le cas, tapez la commande suivante:
sudo pdbedit -Lwcat /etc/samba/smbusersrpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3) _netr_ServerAuthenticate: no challenge sent to client
i cant logging with samba ??
in var/log/messages we have _netr_ServerAuthenticate: no challenge sent to client
1-valider la machine en donant un nom dhcp(ip nam)
2-lister les utilisateur et voir le root a quel username?
3-se logger avec le root
in var/log/messages we have _netr_ServerAuthenticate: no challenge sent to client
1-valider la machine en donant un nom dhcp(ip nam)
2-lister les utilisateur et voir le root a quel username?
3-se logger avec le root
454 TLS not available due to local problem
pt etre du au permission sur keyfile
ls -l /var/spool/mail/sent/
we need to creat group and atribut access
chown root:postfix /etc/postfix/tls/root.crt
change to owner root and group postfix
ls -l /var/spool/mail/sent/
we need to creat group and atribut access
chown root:postfix /etc/postfix/tls/root.crt
change to owner root and group postfix
postfix and ldap connexion
to connect ldap to postfix/dovecot
see
http://www.404blog.net/?p=36
the problem was the
see
http://www.404blog.net/?p=36
the problem was the
ldap-accounts.cf !! delet the id from these filesss mardi 15 février 2011
NIS vs ldap
Network Information Service (NIS) nommé aussi Yellow Pages est un protocole client serveur développé par Sun permettant la centralisation d'informations sur un réseau UNIX.
Son but est de distribuer les informations contenues dans des fichiers de configuration contenant par exemple les noms d'hôte (/etc/hosts), les comptes utilisateurs (/etc/passwd), etc. sur un réseau.
Un serveur NIS stocke et distribue donc les informations administratives du réseau, qui se comporte ainsi comme un ensemble cohérent de comptes utilisateurs, groupes, machines, etc.
An NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX environment, the list of users for identification is placed in /etc/passwd, and secret authentication hashes/etc/shadow. NIS adds another “global” user list which is used for identifying users on any client of the NIS domain. in
In many environments, other directory services — arguably more modern and secure than NIS, such as LDAP — have come to replace it. For example,
On large LANs, DNS servers may provide better nameserver functionality than NIS or LDAP can provide, leaving just site-wide identification information for NIS master and slave systems to serve. However, some functions — such as the distribution of netmask information to clients, as well as the maintenance of e-mail aliases — may still be performed by NIS or LDAP.
http://www.disa.nu/pub/doc/sles10/usr/share/doc/manual/sles-admin_en/cha.ldap.html
Son but est de distribuer les informations contenues dans des fichiers de configuration contenant par exemple les noms d'hôte (/etc/hosts), les comptes utilisateurs (/etc/passwd), etc. sur un réseau.
Un serveur NIS stocke et distribue donc les informations administratives du réseau, qui se comporte ainsi comme un ensemble cohérent de comptes utilisateurs, groupes, machines, etc.
An NIS/YP system maintains and distributes a central directory of user and group information, hostnames, e-mail aliases and other text-based tables of information in a computer network. For example, in a common UNIX environment, the list of users for identification is placed in /etc/passwd, and secret authentication hashes/etc/shadow. NIS adds another “global” user list which is used for identifying users on any client of the NIS domain. in
In many environments, other directory services — arguably more modern and secure than NIS, such as LDAP — have come to replace it. For example,
slapd (the standalone LDAP daemon) generally runs as a non-root user, and SASL-based encryption of LDAP traffic is natively supported.On large LANs, DNS servers may provide better nameserver functionality than NIS or LDAP can provide, leaving just site-wide identification information for NIS master and slave systems to serve. However, some functions — such as the distribution of netmask information to clients, as well as the maintenance of e-mail aliases — may still be performed by NIS or LDAP.
http://www.disa.nu/pub/doc/sles10/usr/share/doc/manual/sles-admin_en/cha.ldap.html
about nsswitch
we have passwd: compat
and in the end passwd_compat: ldap
its mean that the compat source is the ldap
equivalent à (sans file entry)
and in the end passwd_compat: ldap
its mean that the compat source is the ldap
equivalent à (sans file entry)
passwd: files ldap
In this example, there are specific entries for users root
and fred to assure that they can login even when the system
is running single-user. In addition, anyone whose password
information is stored on an LDAP server will be able to
login with their usual password, shell, and home directory.
if we delete ldap entry we can't login with su 'ldap user' shadow file and passwd file
Understanding /etc/passwd File Format
/etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).
Understanding fields in /etc/passwd
The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.Generally, passwd file entry looks as follows (click to enlarge image):
(Fig.01: /etc/passwd file format - click to enlarge)
- Username: It is used when user logs in. It should be between 1 and 32 characters in length.
- Password: An x character indicates that encrypted password is stored in /etc/shadow file.
- User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
- Group ID (GID): The primary group ID (stored in /etc/group file)
- User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
- Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
- Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
Task: See User List
/etc/passwd is only used for local users only. To see list of all users, enter:$ cat /etc/passwdTo search for a username called tom, enter:
$ grep tom /etc/passwd/etc/passwd file permission
The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:$ ls -l /etc/passwdOutput:
-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd
Reading /etc/passwd file
You can read /etc/passwd file using the while loop and IFS separator as follows:#!/bin/bash # seven fields from /etc/passwd stored in $f1,f2...,$f7 # while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 do echo "User $f1 use $f7 shell and stores files in $f6 directory." done < /etc/passwd
Your password is stored in /etc/shadow file
Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.
lundi 14 février 2011
ldap test getent
La commande getent passwd doit vous permettre de récupérer à la fois les comptes du fichier /etc/passwd, mais également les compte de l'annuaire ldap qui n'existent pas dans la base passwd.
# getent passwd [...] mlx:2/yajBmqc3tYw:1005:1005:BOURG Jean:/home/mlx:/bin/bash mly:2/yajBmqc3tYw:1006:1006:BOURG Marine:/home/mly:/bin/bash
etc/nsswitch
Le Name Service Switch (NSS) autorise le remplacement des traditionnels fichiers Unix de configuration (par exemple /etc/passwd, /etc/group, /etc/hosts) par une ou plusieurs bases de données centralisées, les mécanismes utilisés pour accéder à ces bases étant configurables
A system administrator usually configures the operating system's name services using the file /etc/nsswitch.conf. This lists databases (such as passwd, shadow and group) and one or more sources for obtaining that information. Examples for sources are files for local files, ldap for the Lightweight Directory Access Protocol, nis for the Network Information Service, nisplus for NIS+, wins for Windows Internet Name Service).
exp:
A system administrator usually configures the operating system's name services using the file /etc/nsswitch.conf. This lists databases (such as passwd, shadow and group) and one or more sources for obtaining that information. Examples for sources are files for local files, ldap for the Lightweight Directory Access Protocol, nis for the Network Information Service, nisplus for NIS+, wins for Windows Internet Name Service).
exp:
passwd: files ldap shadow: files group: files ldap hosts: dns nis files
plus d info
http://linux.about.com/od/lna_guide/a/gdelna52t01.htm
jeudi 10 février 2011
Procedure: Boot Linux Grub Boot Loader into single user mode
(1) At grub boot screen (after restart)
(2) Select the kernel
(3) Press the e key to edit the entry
(4) Select second line (the line starting with the word kernel)
(5) Press the e key to edit kernel entry so that you can append single user mode
(6) Append the letter S (or word Single) to the end of the (kernel) line
(7) Press ENTER key
(8) Now press the b key to boot the Linux kernel into single user mode
(9) When prompted give root password and you be allowed to login into single user mode.
mercredi 9 février 2011
xinetd
xinetd, qui signifie eXtended InterNET Daemon, est un démon open source qui tourne sur la plupart des systèmes Unix et qui gère les connexions basées sur l'internet. C'est une réécriture plus sécurisée de inetd.
What is D-Bus?
What is D-Bus?
D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on demand when their services are needed.
D-Bus supplies(fournit) both a system daemon (for events such as "new hardware device added" or "printer queue changed") and a per-user-login-session daemon (for general IPC needs among user applications)
d-bus dameon start up error "at boot before loging'
After configuring LDAP authentification via yast the system needs about 20 minutes to start the dbus-daemon on boot. I got a lot of ldap messages in /var/log/messages like these: Jan 12 12:01:44 w2 dbus-daemon: nss_ldap: failed to bind to LDAP server ldaps://10.0.0.10: Can't contact LDAP server Jan 12 12:01:44 w2 dbus-daemon: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Of course, because network is started after dbus, dbus can't connect to the ldap server, and waits several times until the timeout is reached. Network has dbus as "required-start", so i can't change the startup order and add $network to required-start in the dbus script. My temporary solution is to replace the /etc/nsswitch.conf file with a one without ldap access in /etc/init.d/boot.local and restoring the original one after the network is up. Reproducible: Always Steps to Reproduce: 1. Configure LDAP Authentification via yast 2. reboot Actual Results: Boot stops for about 20 minutes at "Starting D-Bus daemon", ldap errors in /var/log/messages (see details)
suse
SuSE starts etc/init.d/boot.local before the network is fired up
/etc/init.d holds all the start-up scripts while /etc/rc.d has shortlinks to those but it also specifies their priority and whether they should be started or not. This allows for enabling/disabling scripts/services without having to mess with the actual scripts that are in /etc/init.d.
web application to test open port on remote host and MORE !!
http://www.yougetsignal.com/tools/open-ports/
Cannot access web site from the LAN
Route Loopback Issue
Q: We just added a Cisco ASA5510 to protect our network. Every thing works except no one in the LAN can access our imail we site. The web site points to one of our public IP, x.x.x.35 (we can access the web site from outside and we just can’t do the same inside after adding the ASA). Is it possible the inside computers can access our web site using the public IP address? If not, my another option is to setup a DNS record pointing to the web site, for example 192.168.0.213 = www.chicagotech.net (our network domain name is chicagotech.local)?. I can’t figure out how to do that. Any suggestions?
A: You may have two options to fix it.
1. If you have an internal DNS, you should direct internal clients to your internal web site IP. To do that, create a new zone on your DNS server for the domain www.chicagotech.net . Add 'A' record(s) to that zone for all resources in www.chicagotech.net that internal clients will need to access. If the resource is available on the internal connection (e.g. the website), then enter the internal address -- 192.168.0.213. If the resource is on the external network, then enter the actual IP Address of the resource.
2. Alternatively, you may add the DNS option onto the end of your static commands, for example,
static (Inside,Outside) x.x.x.34 192.168.0.213 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.35 192.168.0.112 netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.35 192.168.0.112 netmask 255.255.255.255 dns
Inscription à :
Articles (Atom)