Month: January 2011

If you get the message:
c queue max run limit reached
in your /var/adm/messages file and some cron jobs just don’t run, you need to increase the number of
cronjobs that can be run simultaeously in the /etc/cron.d/queuedefs file. On the line that starts with “b”.
for instance:
b.2j2n90w
means that you can only run 2 cron jobs at the same time. Do a man queuedefs for details
57/433

PDC
To add to the previous post, we’ll show now a way to ssh to your Solaris 10 SPARC server using an ActiveDirectory
user+pass, additional to use samba shares anywhere, with your AD credentials.
BUILDING
Samba from blastwave does not include pam_winbind.so, to plug it to PAM, and use our AD user+pass to
login to solaris, so we ned to build our own samba. The release i got is samba 3.0.28, from
http://us4.samba.org/samba/ftp/stable/samba-3.0.28.tar.gz
We need to make sure all required packages to build and use SAMBA are in the system, so please obtain
this list
using pkg-get from blastwave.
Our SAMBA sources like GNU ld, so we are not going to use solaris native ld to build it, we do so by doing:
# mv /usr/ccs/bin/ld /usr/ccs/bin/ld. old
# ln -s /opt/csw/bin/gld /opt/csw/bin/ld
# export PATH=$PATH:/opt/csw/bin
We uncompress SAMBA in a directory called “/builds” and then:
# cd /builds/samba-3.0.28/source
# ./configure –with-ldap –with-ads –with-krb5=/opt/csw –with-winbind –with-pam –prefix=/usr/samba_ad
This will use the openldap client libs in /opt/csw, same as the krb5 in /opt/csw. If all reqs are passed do a
# make && make install
Then, it will all end at /usr/samba_ad
After building these you can always remove the gcc suite, automake, autoconf, flex and bison.
We now need to copy the nsswitch and pam extensions to their locations:
# cp /builds/samba-3.0.28/source/nsswitch/libnss_win* /usr/lib
# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1
# ln -s /usr/lib/libnss_wins.so /usr/lib/libnss_wins.so.1
Now we copy the pam extension:
# cp /builds/samba-3.0.28/source/bin/pam_winbind.so /usr/lib/security
# cp /builds/samba-3.0.28/source/bin/pam_winbind.so /lib/security
# ln -s /usr/lib/security/pam_winbind.so /usr/lib/security/pam_winbind.so.1
# ln -s /lib/security/pam_winbind.so /lib/security/pam_winbind.so.1
CONFIGURING
134/433
/opt/csw/etc/krb5.conf
:
/usr/samba_ad/lib/smb.conf
:
/etc/nsswitch.conf
, to add winbind to users and groups:
passwd: files winbind
group: files winbind
Our Windows 2003 ActiveDirectory Primary Domain controller is “fwa-dc01.aww.com”, our AD domain is
“AWW.COM”, and our solaris 10 sparc server is “netra.aww.com”, so we add these entries to /etc/hosts,
taking care the FQDN appears first.
172.16.1.38 netra.aww.com netra loghost
172.16.1.55 fwa-dc01.aww.com fwa-dc01
Now we configure pam.conf, we need to make sure home directories are created whenever a user from the
windows world logs in, so we get pam_mkhomedir from http://mega.ist. utl.pt/~filipe/pam_mkhomedir-sol/, at
http://mega.ist. utl.pt/~filipe/pam_mkhomedir-sol/pam_mkhomedir-sol-0.0.1.tgz
We build pam_mkhomedir by uncompressing it at /builds/pam_mkhomedir and editing its Makefile to use the
solaris native ld:
LD=/usr/ccs/bin/ld.old
now we just build it
# cd /builds/pam_mkhomedir
# make
And then we copy it to the system default for PAM modules:
# cp /builds/pam_mkhomedir/pam_mkhomedir.so /usr/lib/security
# ln -s /usr/lib/security/pam_mkhomedir.so /usr/lib/security/pam_mkhomedir. so.1
/etc/pam.conf
, to use both pam_winbind and pam_mkhomedir, adding 4 lines:
login auth sufficient pam_winbind.so.1
other auth sufficient pam_winbind.so.1
other account sufficient pam_winbind.so.1
other session optional pam_mkhomedir.so.1 skel=/etc/skel umask=0022
STARTING DAEMONS
After this, we can start samba, and see the effects:
# export PATH=/usr/samba_ad/sbin:/usr/samba_ad/bin:/opt/csw/bin:/opt/csw/sbin:$PATH
# pkill winbindd; pkill smbd;pkill nmbd, /etc/init.d/cswsamba stop
# /opt/csw/bin/kdestroy
# net ads leave -U “Administrator%M1cr050ft123”
# /opt/csw/bin/kinit Administrator@AWW.COM
# net ads join -U “Administrator%M1cr050ft123”
135/433
# winbindd -B
# smbd -D
# nmbd -D
TESTING
I wrote an easy test script called sambatest.ksh:
#!/bin/bash
export
136/433
PATH=/usr/samba_ad/sbin:/usr/samba_ad/bin:/opt/csw/bin:/opt/csw/sbin:/usr/sbin:/usr/bin:/usr/openwin/bin:/opt/csw/gcc3/bin:/usr/sfw/bin:/usr/ccs/bin:/usr/local/bin:/usr/local/bin:/usr/local/sbin
export LD_LIBRARY_PATH=/usr/samba_ad/lib
set -x
which net
which smbd
which nmbd
which winbindd
which klist
which kinit
137/433
sleep 5
smbclient -L netra -U%
wbinfo -m
wbinfo -g
wbinfo -u
getent passwd
getent group
net ads status
net ads info
this
. Please note that wbinfo -m shows your AD domain, wbinfo -g and wbinfo
-u show users and groups, getent passwd should show both your local and AD users.
Now we use ssh with an ActiveDirectory user+pass, it should look like this:
root@kraftek:~# ssh bmahock@netra
Password:
Creating directory ‘/export/home/AWW.bmahock’.
Last login: Sat Feb 2 19:53:08 2008 from localhost
/usr/openwin/bin/xauth: creating new authority file /export/home/AWW.bmahock/.Xauthority
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
-bash-3.00$ id
uid=10004(bmahock) gid=10008(domain users)
-bash-3.00$ pwd
/export/home/AWW.bmahock
Then it’s just a question of enjoying. 🙂
BINARIES
If you don’t want to compile much, just install the CSW packages mentioned above, get these binaries:
samba_ad_solaris_10_sparc.tar.gz
, put them at / and untar them, be careful, these contain the libraries
needed at /usr/lib/security and /usr/lib, then just configure /etc/nsswitch.conf, /etc/pam.conf,
/usr/samba_ad/lib/smb.conf, /etc/krb5.conf and /opt/csw/etc/krb5.conf, verify for each program and library that
no symbol is missing using ldd, and start your engines!.
SCREENSHOTS
Computers
Users
freenx solaris gnome session
for an ActiveDirectory user, yes he can also use sudo!
windows xp
using his AD user+pass, and paswordless-ly view and
smb.conf
.
138/433

to copy a whole directory from this server to another do:

To push files:

cd /dir/to/copy/from; tar zpcf – * | ssh otherserver “(cd /dir/to/copy/to && tar zxvpf – )”

To pull files:

ssh -C otherserver '(cd /some/dir && tar zcf - *)' | (cd /dest/dir && tar zxf -)

I cannot install packages in a machine, so i wrote this very basic substitute to nmap called nmap.ksh
 

#!/bin/ksh
 H=$1
 X=0
 L=600
 while [ $X -lt $L ];do
 O=`echo "~." | telnet -r $H $X 2>&1| grep -i connected | wc -l | sed 's/ //g'`
 if [ $O -eq 1 ];then
 echo "port $X open "
 fi
 X=`echo "$X + 1" | bc`
 done

You want to copy some files from and to a server and you don’t have root access to it?
But you do have access to its netbackup master server?
yeah!
use bpgp
The command should be executed on the Master Server.
The formats are:
A. To get a file from a client to the MasterServer:
bpgp from <client-name> <full-pathname-of-file-to-get> <full-pathname-of file-on-MS>
B. To put a file from the Master Server to a client:
bpgp to <client-name> <full-pathname-of file-on-MS> <full-path-name-of-file-to create-on-client>
thx to Alberto Vazquez 🙂
240/433

I wanted to watch my movies remotely, so i used h264 for video and aac for audio, and built a vlc config to startup a
daemonized RTSP server.I built a script to create the config file by scanning all my videos, and then start the vlc
daemon :). Here it is:
#!/bin/ksh
ps -ef | grep -i vlc | grep -v grep |awk ‘{ print $2 }’ |while read p;do
kill $p
done
(
x=0
find /disk2/VIDEO -type f | egrep -i ‘avi|mpg’ |while read v;do
#—- if not using x264
# echo “new $x vod enabled”
# echo -n “setup $x input “file://$v” output”
#—- if using x264
echo “new $x vod”
echo -n “setup $x input “file://$v” enabled output”
#—- low quality
#echo ” #transcode{vcodec=mp4v,acodec=mp4a,width=640,height=480,fps=12,vb=128,ab=8}”
echo ” #transcode{vcodec=h264,acodec=mp4a,width=640,height=480,vb=100,ab=4}”
#—- mid quality
#echo ” #transcode{vcodec=mp4v,acodec=mp4a,scale=.5,fps=10,vb=256,ab=64}”
#echo ” #transcode{vcodec=h264,acodec=mp4a,scale=.5,fps=12,vb=256,ab=64}”
#—- high quality
#echo ” #transcode{vcodec=mp4v,acodec=mp4a,scale=.5,fps=10,vb=512,ab=64}”
#echo ” #transcode{vcodec=h264,acodec=mp4a,scale=.5,fps=12,vb=512,ab=128}”
echo ” ”
x=$(($x+1))
done
) > /etc/v.config
nohup cvlc –vlm-conf /etc/v.config -I telnet –telnet-password vl –rtsp-host 0.0.0.0:564 &
Try it, and enjoy 🙂
38/433

To make “only ftp” users, meaning they can only use ftp, no telnet or ssh, do this:
add /bin/false to the list of shells in /etc/shells
change your user’s shell to /bin/false
To make users be able to sftp & ftp, but not telnet or ssh change their shell to /usr/sbin/sftp-server
done!
testing ipmp
To make one of your interfaces fail:
# ifconfig adapter_name modinsert ldterm@2
To get it back
# ifconfig adapter_name modremove ldterm@2
You can also do the supported command:
#if_mpadm -d qfe1
to get it back
# if_mpadm -r qfe1
221/433

These are the steps to add oracle enterprise linux as a kickstart
option at an existing kickstart server, it does pxe boot and serves the package install by
http. Your server must be on the kickstart network to be pxe booted by
this.
Make a directory to store your downladed ISOS, and store them there:
# mkdir -p /u01/ISOS/ORACLE_EL4x64
# ls/u01/ISOS/ORACLE_EL4x64
. Enterprise-R4-U5-x86_64-disc1.iso Enterprise-R4-U5-x86_64-disc3.iso
.. Enterprise-R4-U5-x86_64-disc2.iso Enterprise-R4-U5-x86_64-disc4.iso
Make a directory to store all the RPMs and all install files for your distro
# mkdir /installroot/oracle_el4x64
Copy all the files from the isos to /installroot/oracle_el4x64 by mounting them loopback and doing a cpio:
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc1.iso /mnt
# cd /mnt/
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
# umount /mnt
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc2.iso /mnt
# cd /mnt
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
# umount /mnt
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc3.iso /mnt
# cd /mnt
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
184/433
# umount /mnt
# mount -o loop /u01/ISOS/ORACLE_EL4x64/Enterprise
x y z
-R4-U5-x86_64-disc4.iso /mnt
# cd /mnt
# find . -depth -print | cpio -pdumv /installroot/oracle_el4x64/
# cd /
# umount /mnt
Make a directory to put all the files that will be served by tftp when the server to be installed is pxe booted
# mkdir /tftpboot/oracle_el4x64
Copy the small os and small kernel that is served by pxe/tftp when the server is pxe booted
# cp -rp /installroot/oracle_el4x64/images/pxeboot/initrd.img
/tftpboot/oracle_el4x64/
# cp -rp /installroot/oracle_el4x64/images/pxeboot/vmlinuz
/tftpboot/oracle_el4x64/
Add a profile to the pxe boot options
1.
vi /tftpboot/pxelinux.cfg/default
label oracle_el4x64
kernel oracle_el4x64/vmlinuz
append initrd=oracle_el4x64/initrd.img load_ramdisk=1 ip=dhcp
Add a http docbase to serve the install files and rpms using apache
# vi /etc/apache2/conf.d/inst_server. conf
185/433
<IfDefine
x y z
inst_server>
Alias /oracle_el4x64/ /installroot/oracle_el4x64/
Alias /oracle_el4x64 /installroot/oracle_el4x64
<Directory
/installroot/oracle_el4x64>
Options +Indexes +FollowSymLinks
x y z
IndexOptions
x y z
+NameWidth
x y z
=*
Order allow,deny
Allow from all
</Directory
x y z
>
</IfDefine
x y z
>
Add a custom message that appears on the screen when the server to be installed is pxe booted:
# vi /tftpboot/bootmsg.txt
(for version 4 choose oracle_el4x64)
Restart apache so the new apache docbase is active
# /etc/init.d/apache2 stop
# /etc/init.d/apache2 start
Reboot the server to be installed and enjoy!
186/433
187/433

If you are creating a chroot jail and need to mount a filesystem from outside the jail, you can mount it as loopback,
before entering the jail.
For example, to mount /etc inside /jail/etc
# mount –bind /etc /jail/etc
done.
286/433

To see what pools do you have:
bash-3.00# zpool list
NAME SIZE USED AVAIL CAP HEALTH ALTROOT
mot117zpool1 116G 24.7G 90.9G 21% ONLINE –
To see what disks comprise a pool
bash-3.00# zpool status mot117zpool1
pool: mot117zpool1
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
mot117zpool1 ONLINE 0 0 0
c4t6006048000019 0101181533031393341d0 ONLINE 0 0 0
c4t6006048000019 0101181533031434543d0 ONLINE 0 0 0
errors: No known data errors
To check all pools health:
# zpool status -x
To mount all the zfs filesystems:
# zfs mount -a
156/433