All posts by James Lawton

I am a big nerd.
Uncategorized

WSUS Updates without Active Directory Domain

Leave a comment

We have a workgroup environment here and I needed a solution to provide our internal WSUS server to the clients.
So I used the way to add registry keys to our machines.

Note: the values used here working for my environment. Yours may differ. You can change them to match your needs. Please read more about it at #5 of this how-to.

1.
Create a *.reg file (wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
“AcceptTrustedPublisherCerts”=dword:00000001
“ElevateNonAdmins”=dword:00000001
“TargetGroup”=”Workstations”
“TargetGroupEnabled”=dword:00000000
“WUServer”=”http://your-WSUS-server:port”;
“WUStatusServer”=”http://your-WSUS-server:port”;

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
“AUOptions”=dword:00000004
“AUPowerManagement”=dword:00000001
“AutoInstallMinorUpdates”=dword:00000001
“DetectionFrequency”=dword:0000000a
“DetectionFrequencyEnabled”=dword:00000001
“IncludeRecommendedUpdates”=dword:00000001
“NoAUAsDefaultShutdownOption”=dword:00000001
“NoAUShutdownOption”=dword:00000001
“NoAutoRebootWithLoggedOnUsers”=dword:00000001
“NoAutoUpdate”=dword:00000000
“RebootRelaunchTimeout”=dword:0000000a
“RebootRelaunchTimeoutEnabled”=dword:00000001
“RescheduleWaitTime”=dword:0000000a
“RescheduleWaitTimeEnabled”=dword:00000001
“ScheduledInstallDay”=dword:00000000
“ScheduledInstallTime”=dword:00000003
“UseWUServer”=dword:00000001

2.
Edit the lines:
– “WUServer”=”http://your-WSUS-server:port”;; and
– “WUStatusServer”=”http://your-WSUS-server:port”;;
to match the IP address (or FQDN) of your WSUS server. IMPORTANT: remove the “;” from the end of that lines!

Examples:
“WUServer”=” http://WSUS.company.com:81 ”
“WUStatusServer”=” http://WSUS.company.com:81 ”

“WUServer”=” http://192.168.0.1 ”
“WUStatusServer”=” http://192.168.0.1 ”

“WUServer”=” http://intranet.local:8080 ”
“WUStatusServer”=” http://intranet.local:8080 ”

The first key is named WUServer. This registry key holds a string value which should be entered as the WSUS server’s URL.

The other key that you will have to change is a string value named WUStatusServer. The idea behind this key is that the PC must report its status to a WSUS server so that the WSUS server knows which updates have been applied to the PC. The WUStatusServer key normally holds the exact same value as the WUServer key.

3.
Store the *.reg file
where the computers have access to it.

4.
Apply the *.reg file by:
– double click on it from the client machine (admin rights required)
OR
– put in into the login script so it will be applied at every login

Here an example for using it in a Novell Login Script (Drive Z: is here the drive needed for the login):

IF OS = “WINNT” THEN
#regedit.exe /s Z:\WSUS\wsus-client.reg
@wuauclt.exe /resetauthorization /detectnow
END

76738995e71728dac04dbfda5c36e2482bf65e1fead6c945d068ff383595c652_xp-wsus-enabled_big
5.
Options:
Here some links to get more informations about the options used in the *.reg file:

– http://technet.microsoft.com/en-us/library/cc708449%28WS.10%29.aspx
– http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part1.html
– http://www.windowsnetworking.com/articles_tutorials/Registry-Keys-Tweaking-Windows-Update-Part2.html
– http://www.wsus.de/gpo (German – sorry)
– http://smallvoid.com/article/winnt-automatic-updates-config.html
– http://www.appdeploy.com/tips/detail.asp?id=103

6.
How to remove that settings from the client?
Maybe it`s needed to remove that settings for various reasons. To get the default values in the registry, just follow the next step.

7.
Create a *.reg file (remove-wsus-client.reg) containing this:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

8.
Store the *.reg file
where the computers have access to it.

9.
Apply the *.reg file by:
– double click on it from the client machine (admin rights required)

That`s all. I don`t think it`s useful to add this in a login/logout script ;-) but it would work too.

3160e5d533e6fe595329591ebf9493bca50fe03d1cfdd4e16dd5d36dca090e17_xp-wsus-disabled_big

Uncategorized

How to Install Zimbra 8.0.2 on Ubuntu 12.04 LTS

Leave a comment

Introduction

VMware Zimbra is an enterprise class email, calendar and collaboration suite designed for the cloud, both private and public. The flexibility, scalability and stability of Zimbra make it as a complete email solution that can be deployed in any environment either small or large. Zimbra email server can be accessed from the Zimbra Web Client, Zimbra Desktop offline client, Outlook and a variety of other standards-based email clients and mobile devices.
The three editions of Zimbra are:

1. ZCS Network Edition
2. ZCS hosted email by a Zimbra partner
3. ZCS Open Source Edition (free)

Components included with Zimbra Collaboration Server 8.0.2
Postfix – Free Mail Transfer Agent
MySQL – Database sofware
OpenLDAP – LDAP for User authentication
Jetty – Web application server
Lucene – Test and search engine
ClamAV – Antivirus scanner
SpamAssassin – Anti-spam software
Amavis (amavisd-new) – Content checker
Aspell – Spell checker
James/Sieve – Email filter

Installation of Zimbra 8.0.2 Open Source Edition on Ubuntu 12.04 LTS

System Requirements

Refer the link https://www.zimbra.com/docs/os/8.0.0/multi_server_install/wwhelp/wwhimpl/common/html/wwhelp.htm#href=ZCS_Multiserver_Open_8.0.System_Requirements_for_VMware_Zimbra_Collaboration_Server_8.0.html&single=true

Assumptions

The configuration is based on the following assumptions:

Ubuntu server IP – 192.168.1.100
Ubuntu Server FQDN – mail.mydomain.com
DNS Server IP – 192.168.1.10 (Internal Windows DNS server) , 8.8.8.8
Gateway IP – 192.168.1.1
Domain name – mydomain.com

A.) Preparing Ubuntu for Zimbra Installation

1. Install Ubuntu 12.04 LTS on your server (Include openssh-server during package selection)

2. Login as root user.

3. Update and upgrade Ubuntu

#apt-get update
#apt-get upgrade

4. Set a static IP for the server

#vi /etc/network/interfaces

auth eth0
iface eth0 inet static
address 192.168.1.100
gateway 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
dns-nameservers 192.168.1.10 8.8.8.8
:wq!

Now restart networking to make the change effective: /etc/init.d/networking restart

5. Set a hostname for the server. Latter this will become the name of your Zimbra email server.

#vim /etc/hostname

mail.mydomain.com

:wq!

6. DNS Configuration:

You can either use BIND or your internal DNS server (eg: Windows DNS server).
Here you can find the configuration of both. In this example I used my Internal Windows DNS server to create A record and MX record.

a.) For BIND configuration follow the below steps:

i. Install BIND9 : # sudo apt-get install bind9
ii. Edit the file : # vi /etc/bind/named.conf
and remove ‘//’ from forwarders and add DNS server IP address like below:

forwarders {
8.8.8.8;
};

And add the below lines and save the file:

zone “mail.mydomain.com” {
type master;
file “file.mail.mydomain.com”;
};

Now create a file “file.mail.mydomain.com” in /var/cache/bind/ directory and add the following inside the file:

$ttl 38400
@ IN SOA mail.mydomain.com. mail.mydomain.com. (
2011091202
10800
3600
604800
38400 )
IN NS ns.mail.mydomain.com
IN A 192.168.1.100
IN MX 10 mail.mydomain.com

@ A 192.168.1.100
ns A 192.168.1.100
mail A 192.168.1.100

Then edit /etc/resolv.conf and change nameserver to 192.168.1.100

Now restart BIND9 services: # /etc/init.d/bind9 restart

For more info visit http://blog.zimbra.com/blog/archives/2007/06/making-zimbra-bind-work-together.html and http://wiki.zimbra.com/wiki/Split_dns

b.) If it is a Windows DNS Server:

>Edit /etc/resolv.conf and provide the IP address of your Windows DNS server.

nameserver 192.168.1.10

>Create forward lookup zone (mydomain.com) and add the below records:

Forward lookup zone name< -> mydomain.com

A record < -> mail < -> 192.168.1.100

MX record < -> mail < -> mail.mydomain.com < -> priority 10

Now verify the dns configuration using the code #dig mail.mydomain.com mx (in this example I used windows DNS server)

; < <>> DiG 9.8.1-P1 < <>> mail.mydomain.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- 37752="" br="" id:="" noerror="" opcode:="" query="" status:="">;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;mail.mydomain.com. IN MX

;; ANSWER SECTION:
mail.mydomain.com. 3600 IN MX 10 mail.mydomain.com.

;; ADDITIONAL SECTION:
mail.mydomain.com 3600 IN A 192.168.1.100

;; Query time: 1 msec
;; SERVER: 192.168.1.10#53(192.168.1.10)
;; WHEN: Thu Feb 4 20:57:38 2013
;; MSG SIZE rcvd: 63

7. Firewall Configuration (Optional)

Zimbra recommends us to install ZCS on a sytem without a firewall. If required you can configure a firewall in your Ubuntu 12.04 LTS. For more info refer the documents: http://wiki.zimbra.com/wiki/Firewall_Configuration
https://help.ubuntu.com/community/IptablesHowTo#Disabling%20the%20firewall

8. Installing prerequisites:

You have to install the below packages before installing ZCS 8.0.2

#apt-get install netcat-traditional

#apt-get install libperl5.14

#apt-get install libidn11-dev

#apt-get install libgmp3c2 sysstat sqlite3

9. Disable & remove Apparmour

#sudo /etc/init.d/apparmour stop
#sudo /etc/init.d/apparmor teardown
#sudo update-rc.d -f apparmor remove

B.) Installing Zimbra

10. Download Zimbra collaboration suite 8.0.2 from Zimbra website :

#wget http://files2.zimbra.com/downloads/8.0.2_GA/zcs-8.0.2_GA_5569.UBUNTU12_64.20121210115059.tgz

11. Unpack the downloaded zimbra package:

#tar -zxvf zcs-8.0.2_GA_5569.UBUNTU12_64.20121210115059.tgz

12. Go the zimbra package and install it.

#cd zcs-8.0.2_GA_5569.UBUNTU12_64.20121210115059

#./install.sh

Operations logged to /tmp/install.log.1431
Checking for existing installation…
zimbra-ldap…NOT FOUND
zimbra-logger…NOT FOUND
zimbra-mta…NOT FOUND
zimbra-snmp…NOT FOUND
zimbra-store…NOT FOUND
zimbra-apache…NOT FOUND
zimbra-spell…NOT FOUND
zimbra-convertd…NOT FOUND
zimbra-memcached…NOT FOUND
zimbra-proxy…NOT FOUND
zimbra-archiving…NOT FOUND
zimbra-cluster…NOT FOUND
zimbra-core…NOT FOUND

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. (“ZIMBRA”) WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra_public_eula_2.1.html

Do you agree with the terms of the software license agreement? [N] Y

Oracle Binary Code License Agreement for the Java SE Platform Products

ORACLE AMERICA, INC. (“ORACLE”), FOR AND ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES UNDER COMMON CONTROL, IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY “AGREEMENT”). PLEASE READ THE AGREEMENT CAREFULLY. BY SELECTING THE “ACCEPT LICENSE AGREEMENT” (OR THE EQUIVALENT) BUTTON AND/OR BY USING THE SOFTWARE YOU ACKNOWLEDGE THAT YOU HAVE READ THE TERMS AND AGREE TO THEM. IF YOU ARE AGREEING TO THESE TERMS ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THE LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT WISH TO BE BOUND BY THE TERMS, THEN SELECT THE “DECLINE LICENSE AGREEMENT” (OR THE EQUIVALENT) BUTTON AND YOU MUST NOT USE THE SOFTWARE ON THIS SITE OR ANY OTHER MEDIA ON WHICH THE SOFTWARE IS CONTAINED.

I. THIRD PARTY CODE. Additional copyright notices and license terms applicable to portions of the Software are set forth in the THIRDPARTYLICENSEREADME file accessible at http://www.oracle.com/technetwork/java/javase/documentation/index.html. In addition to any terms and conditions of any third party opensource/freeware license identified in the THIRDPARTYLICENSEREADME file, the disclaimer of warranty and limitation of liability provisions in paragraphs 4 and 5 of the Binary Code License Agreement shall apply to all Software in this distribution.

J. TERMINATION FOR INFRINGEMENT. Either party may terminate this Agreement immediately should any Software become, or in either party’s opinion be likely to become, the subject of a claim of infringement of any intellectual property right.

K. INSTALLATION AND AUTO-UPDATE. The Software’s installation and auto-update processes transmit a limited amount of data to Oracle (or its service provider) about those specific processes to help Oracle understand and optimize them. Oracle does not associate the data with personally identifiable information. You can find more information about the data Oracle collects as a result of your Software download at http://www.oracle.com/technetwork/java/javase/documentation/index.html.

For inquiries please contact: Oracle America, Inc., 500 Oracle Parkway,
Redwood Shores, California 94065, USA.

Last updated May 17, 2011

Do you agree with the terms of the software license agreement? [N] Y

Checking for prerequisites…
FOUND: NPTL
FOUND: netcat-openbsd-1.89-4ubuntu1
FOUND: sudo-1.8.3p1-1ubuntu3.3
FOUND: libidn11-1.23-2
FOUND: libpcre3-8.12-4
FOUND: libgmp3c2-2:4.3.2+dfsg-2ubuntu1
FOUND: libexpat1-2.0.1-7.2ubuntu1.1
FOUND: libstdc++6-4.6.3-1ubuntu5
FOUND: libperl5.14-5.14.2-6ubuntu2.2

Checking for suggested prerequisites…
FOUND: perl-5.14.2
FOUND: sysstat
FOUND: sqlite3
Prerequisite check complete.

Checking for installable packages

Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy

Select the packages to install

Install zimbra-ldap [Y] Y

Install zimbra-logger [Y] Y

Install zimbra-mta [Y] Y

Install zimbra-snmp [Y] Y

Install zimbra-store [Y] Y

Install zimbra-apache [Y] Y

Install zimbra-spell [Y] Y

Install zimbra-memcached [N] N

Install zimbra-proxy [N] N

Checking required space for zimbra-core
Checking space for zimbra-store

Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell

The system will be modified. Continue? [N] Y

Removing /opt/zimbra
Removing zimbra crontab entry…done.
Cleaning up zimbra init scripts…done.
Cleaning up /etc/ld.so.conf…done.
Cleaning up /etc/security/limits.conf…done.

Finished removing Zimbra Collaboration Server.

Installing packages

zimbra-core……zimbra-core_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
zimbra-ldap……zimbra-ldap_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
zimbra-logger……zimbra-logger_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
zimbra-mta……zimbra-mta_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
zimbra-snmp……zimbra-snmp_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
zimbra-store……zimbra-store_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
zimbra-apache……zimbra-apache_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
zimbra-spell……zimbra-spell_8.0.2.GA.5434.UBUNTU12.64_amd64.deb…done
Operations logged to /tmp/zmsetup.01222013-154036.log
Installing LDAP configuration database…done.
Setting defaults… MX: mail.mydomain.com (192.168.1.100)

Interface: 192.168.1.100
Interface: 127.0.0.1
Interface: ::1
192.168.1.100
done.
Checking for port conflicts

Main menu

1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@mail.mydomain.com
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.wn6wiltei@mail.mydomain.com
+Enable automated spam training: yes
+Spam training user: spam.6rcnxbksez@mail.mydomain.com
+Non-spam(Ham) training user: ham.s6vyicipjc@mail.mydomain.com
+SMTP host: mail.mydomain.com
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: https
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://mail.mydomain.com:7780/aspell.php
+Configure for use with mail proxy: FALSE
+Configure for use with web proxy: FALSE
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@mail.mydomain.com
+Version update source email: admin@mail.mydomain.com

4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

Address unconfigured (**) items (? – help)

Enter number 3 to configure Admin password. Set a new password and put r to return and a to apply the configuration.

Select, or ‘r’ for previous menu [r] r

Main menu

1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-logger: Enabled
7) zimbra-spell: Enabled
8) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

*** CONFIGURATION COMPLETE – press ‘a’ to apply
Select from menu, or press ‘a’ to apply config (? – help) a
Save configuration data to a file? [Yes] Y
Save config in file: [/opt/zimbra/config.7774]
The system will be modified – continue? [No] Y
Operations logged to /tmp/zmsetup.01222013-154036.log
Setting local config values…
done.
Initializing core config…Setting up CA…done.
Deploying CA to /opt/zimbra/conf/ca …done.
Creating SSL zimbra-store certificate…done.
Creating new zimbra-ldap SSL certificate…done.
Creating new zimbra-mta SSL certificate…done.
Installing mailboxd SSL certificates…done.
Installing MTA SSL certificates…done.
Installing LDAP SSL certificate…done.
Initializing ldap…done.
Setting replication password…done.
Setting Postfix password…done.
Setting amavis password…done.
Setting nginx password…done.
Creating server entry for mail.mydomain.com…done.
Setting Zimbra IP Mode…done.
Saving CA in ldap …done.
Saving SSL Certificate in ldap …done.
Setting spell check URL…done.
Setting service ports on mail.mydomain.com…done.
Adding mail.mydomain.com to zimbraMailHostPool in default COS…done.
Setting zimbraFeatureTasksEnabled=TRUE…done.
Setting zimbraFeatureBriefcasesEnabled=FALSE…done.
Setting MTA auth host…done.
Setting TimeZone Preference…done.
Initializing mta config…done.
Setting services on mail.mydomain.com…done.
Creating domain mail.mydomain.com…done.
Setting default domain name…done.
Creating domain mail.mydomain.com…already exists.
Creating admin account admin@mail.mydomain.com…done.
Creating root alias…done.
Creating postmaster alias…done.
Creating user spam.6rcnxbksez@mail.mydomain.com…done.
Creating user ham.s6vyicipjc@mail.mydomain.com…done.
Creating user virus-quarantine.wn6wiltei@mail.mydomain.com…done.
Setting spam training and Anti-virus quarantine accounts…done.
Initializing store sql database…done.
Setting zimbraSmtpHostname for mail.mydomain.com…done.
Configuring SNMP…done.
Setting up syslog.conf…done.
Starting servers…done.
Installing common zimlets…
com_zimbra_proxy_config…done.
com_zimbra_clientuploader…done.
com_zimbra_srchhighlighter…done.
com_zimbra_adminversioncheck…done.
com_zimbra_attachmail…done.
com_zimbra_date…done.
com_zimbra_url…done.
com_zimbra_tooltip…done.
com_zimbra_ymemoticons…done.
com_zimbra_webex…done.
com_zimbra_attachcontacts…done.
com_zimbra_bulkprovision…done.
com_zimbra_cert_manager…done.
com_zimbra_phone…done.
com_zimbra_email…done.
Finished installing common zimlets.
Restarting mailboxd…done.
Creating galsync account for default domain…done.

You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.0.2_GA_5434_UBUNTU12_64)
The ADMIN EMAIL ADDRESS created (admin@mail.mydomain.com)

Notify Zimbra of your installation? [Yes] A Yes/No answer is required

You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.0.2_GA_5434_UBUNTU12_64)
The ADMIN EMAIL ADDRESS created (admin@mail.mydomain.com)

Notify Zimbra of your installation? [Yes] Yes
Notifying Zimbra of installation via http://www.zimbra.com/cgi-bin/notify.cgi?VER=8.0.2_GA_5434_UBUNTU12_64&MAIL=admin@mail.mydomain.com

Notification complete

Setting up zimbra crontab…done.

Moving /tmp/zmsetup.01222013-154036.log to /opt/zimbra/log

Configuration complete – press return to exit

12. Check the Zimbra server status:

#su zimbra

#zmcontrol status

Host mail.mydomain.com
antispam Running
antivirus Running
ldap Running
logger Running
mailbox Running
mta Running
snmp Running
spell Running
stats Running
zmconfigd Running

13. Now access the Zimbra admin console using https://192.168.1.100:7071

There we finish the installation of Zimbra Collaboration suite 8.0.2 on Ubuntu 12.04 LTS !

email posts

HowTo: Time Machine Backups over NFS

Leave a comment

1) Ensure your network drive is mounted

2) Find the name of your computer on the network – Open System Preferences – Click the Sharing Icon – The computer name is shown below the input field with .local suffix which should be ignored. ie bretts-macbook-pro.local so computer name is ‘bretts-macbook-pro’

3) Ensure Time Machine will show your NAS device – Click Go and then Utilities – Click the Terminal icon – Type ‘defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1’ and press enter

4) Find the MAC address of your computer – Type ifconfig en0 | grep ether and press enter. Your MAC address is the 17-character string consisting of six pairs of hexadecimal digits separated by colons

5) Create the sparse bundle – Type ‘hdiutil create -size 100g -fs HFS+J -volname “Time Machine” NAME_XXXXXXXXXXXX.sparsebundle’ and press enter, where NAME is the name of your computer on the network (as determined in step 2c) and XXXXXXXXXX is your MAC address (as determined in step 4a) without the colons. Ths will create a 100 gigabyte sparse bundle; to create a sparse bundle of a different size replace 100g with a different value. Do this in the directory on the network drive where you wish to save your backups. 6) Tell Time Machine to use the Disk Image – ‘sudo tmutil setdestination /Volumes/{mounted-disk-image}’ Be sure to replace {mounted-disk-image} with the appropriate name for your new disk image. You will be prompted for your password, this is normal.

Uncategorized

Running command from SSH tunnel before logging in…

Leave a comment

Hypothetically this is used for scripting, say you want to run a command on another server you can run it using a [ssh -t].

This usually requires RSA keys to remove the need to enter passwords but beware, it is best to use a limited account as using the root account is frowned at when logging into ssh servers.

http://unixhelp.ed.ac.uk/CGI/man-cgi?ssh+1

ssh:

-t Force pseudo-tty allocation. This can be used to execute arbi-
trary screen-based programs on a remote machine, which can be
very useful, e.g., when implementing menu services. Multiple -t
options force tty allocation, even if ssh has no local tty.

ssh -t user@host ‘command to run when ssh is completely logged in’

Cheers,

email posts

email posting is fun

All you need is your own email address, and a wordpress site. I am using  Postie  From: http://postieplugin.com/ Any new messages sent to the configured email address will be posted to the blog. This plugin replaces the functionality that used to live in WordPress core. Once an email has been successfully posted to the blog, it can either be marked as read (IMAP servers only) or deleted from the mailbox. Good luck!  

Uncategorized

Zarafa Webaccess Login –> Authorization Required

Link

question

I’ve just installed Zentyal 3.0 and configured it exactly as I have 2.2 and 3.0r1/r2 and have found that Zarafa webaccess isn’t working. When I try to login to http://mydomain.com/webaccess I get a popup window asking for username and password — not the usual Zafara login screen with username/password.

Anybody else get this error?

answer

If you don’t have your clients sending Kerberos SSO authentication to the server is not going to work :-), so if your clients are not “kerberized”, don’t enable SSO :P

https://forum.zentyal.org/index.php?topic=12005.0

Uncategorized

How To Install Zabbix on Ubuntu & Configure it to Monitor Multiple VPS Servers

Quote

TAGGED IN: UBUNTU, MONITORING, MY SQL, PHP
Introduction Zabbix is a networked server and software monitor. It can be used to keep track of multiple physical or virtual private server instances.

The client-server model that Zabbix employs allows the cloud server to collect rich sets of data that be used to graph historical trends. This can be very useful for monitoring the performance of the websites and applications hosted on your VPS.

For this guide, we will configure two machines. One will be configured as the server, and the other as a client. They both will run Ubuntu 12.04 LTS on 20GB Droplets.
Installing the Zabbix Server We will begin by installing the Zabbix server on the VPS that we will use as the monitoring station.

Ubuntu has Zabbix in its repositories, but it is outdated. We will use a PPA with more up-to-date packages instead.

Edit apt source list to add the PPA:
sudo nano /etc/apt/sources.list

Add the following items at the end of the file:
# Zabbix Application PPA
deb http://ppa.launchpad.net/tbfr/zabbix/ubuntu precise main
deb-src http://ppa.launchpad.net/tbfr/zabbix/ubuntu precise main

Save and close the file.

Next, we need to add the PPA’s key so that apt-get trusts the source:
sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys C407E17D5F76A32B

We can now install Zabbix. It will pull in the necessary LAMP dependencies as well:
sudo apt-get update
sudo apt-get install zabbix-server-mysql zabbix-frontend-php

During the installation, you will be asked to choose a password for the MySQL root account. Make a selection and confirm your choice.
Configuring the Zabbix Server Next, we will need to configure the packages we just installed.

First, we will edit the main Zabbix server configuration file. Open the file with root privileges:
sudo nano /etc/zabbix/zabbix_server.conf

Search for the following properties and set them accordingly. Some may already be set correctly, and some you may have to add. Choose a password as well:
DBName=zabbix
DBUser=zabbix
DBPassword=Your.Password.Here

Save and close the file. MySQL Configuration Next, we will go into the package directory and unzip the SQL files that will define our database environment:
cd /usr/share/zabbix-server-mysql/
sudo gunzip *.gz

We will import the SQL files into our database. However, we first must create the database and do some initial configuration.

Log into MySQL as the root user using the password that you set up during installation:
mysql -u root -p

First, create a user for Zabbix that matches the information we entered in the “/etc/zabbix/zabbix_server.conf” file. Make sure to use the same information:
create user ‘zabbix’@’localhost’ identified by ‘Your.Password.Here’;

Next, we will create the Zabbix database:
create database zabbix;

Give control over the new database to the new user we created:
grant all privileges on zabbix.* to ‘zabbix’@’localhost’;

The following line will implement our new permissions:
flush privileges;

We are now done with the initial MySQL configuration. Exit back to the shell:
exit;

Now that we have our database set up, we can import the files that Zabbix needs to function. Enter the password for the user “zabbix” that you configured when prompted:
mysql -u zabbix -p zabbix < schema.sql

Do the same with the images file:
mysql -u zabbix -p zabbix < images.sql

And finally, import the data file:
mysql -u zabbix -p zabbix < data.sql
PHP Configuration We need to adjust some values for the php processing of our monitoring data. Open the php configuration file:
sudo nano /etc/php5/apache2/php.ini

Search for and adjust the following entries. If they do not exist, add them:
post_max_size = 16M
max_execution_time = 300
max_input_time = 300
date.timezone = UTC

Save and close the file.

Next, we will copy the Zabbix-specific php file into the configuration directory:
sudo cp /usr/share/doc/zabbix-frontend-php/examples/zabbix.conf.php.example /etc/zabbix/zabbix.conf.php

Open the file:
sudo nano /etc/zabbix/zabbix.conf.php

Edit the following values. Use the same info as when you set up the database earlier:
$DB['DATABASE'] = 'zabbix';
$DB['USER'] = 'zabbix';
$DB['PASSWORD'] = 'Your.Password.Here'

Save and close the file. Configuring Additional Files There are a few more files that we need to configure.

First, we'll move the Zabbix apache file from the package directory:
sudo cp /usr/share/doc/zabbix-frontend-php/examples/apache.conf /etc/apache2/conf.d/zabbix.conf

Ensure that the "alias" mod is enabled within Apache:
sudo a2enmod alias

Restart Apache to use the copied configuration file:
sudo service apache2 restart

Edit the Zabbix init file to ensure that it performs the correct action:
sudo nano /etc/default/zabbix-server

Go to the bottom and adjust the "START" property to read "yes":
START=yes

Save and close the file. We can now start Zabbix:

sudo service zabbix-server start
Installing and Configuring Zabbix Agent Next, we need to configure the agent software that reports to the Zabbix server. We will install the agent software on our server machine and an additional client machine.

Follow these steps on both machines. Adjust the commands to reflect the correct information.

First, install the agent software:
sudo apt-get update
sudo apt-get install zabbix-agent

Next, we need to update the configuration files:
sudo nano /etc/zabbix/zabbix_agentd.conf

Edit the "Server" property to reflect the IP Address of the Zabbix server. For the agent configuration on the Zabbix server, you can use "127.0.0.1":
Server=Zabbix.Server.IP.Address

Adjust the "Hostname" property to reflect the hostname of the machine being monitored.
Hostname=Hostname_Of_Current_Machine

Save and close the file.

Restart the agent software:
sudo service zabbix-agent restart
Logging In for the First Time In your web browser, navigate to your Zabbix server's IP address followed by "/zabbix":
Your.Zabbix.IP.Address/zabbix

You will be presented with a login screen. The default credentials are as follows:
Username = admin
Password = zabbix
Zabbix login screen

When you have logged in, click on the "Configuration" button, and then "Hosts" in the top navigation bar.

Zabbix Host configuration

Click on the name of the server (by default, this should be "Zabbix server"). This will open the host configuration page.

Adjust the Hostname to reflect the hostname of your Zabbix server (this should be the same hostname you entered in the agent configuration for the server machine).

At the bottom, change the "Status" property to "Monitored". Click save.

Zabbix server host definition

You will be dopped back to the Hosts configuration page. Re-click on the hostname again. This time, click on the "Clone" button at the bottom of the page.

We will configure this to reflect the settings of the client machine. Change the hostname and the IP address to reflect the correct information from the client agent file.

Zabbix client definition

In the "groups" section, select "Zabbix servers" and click the right arrow icon to remove that group. Select the "Linux servers" and click the left arrow icon to add that group setting.

Zabbix client group definition

Click "Save" at the bottom.

After a few minutes, you should be able to see both computers by going to "Monitoring" and then clicking on "Latest data".

There should be information for both the server and client machines populating.

Zabbix latest data

If you click on the arrows next to an item, you can see the collected information.

Zabbix item information

If you click "Graph" you will see a graphical representation of the data points that have been collected:

Zabbix graph example

As with all monitoring software, these graphs will become more interesting the longer the server runs.

There are many other options that you can utilize to keep an eye on your VPS. Explore the interface to get comfortable with the powerful monitoring tools.

Uncategorized

Forwarding SNMP ports over SSH using socat

Here is an example of the problem we need to solve: We have SSH access to a network, but want to access an SNMP agent in that network from a local client. We use SNMP here in this example, but it could be any other protocol that uses UDP, such as DNS or TFTP.

We’ll forward the SNMP traffic in a TCP port like this, with “socat” doing the UDP-in-TCP tunneling:

One could use netcat, and that works as long as the SNMP client uses the same source port. But it changes source port eventually, trust me! :-)

Instead, we use socat. It has a “fork” parameter, that does exactly what we want.

Install socat
socat needs to be installed on both the SSH client and server. On ubuntu/debian this is done with:

client$ sudo apt-get install socat
client$ ssh server
server$ sudo apt-get install socat
Stop the SSH client’s snmpd (if any)
Because we’ll want the SNMP manager to be able to query the SSH client as if it was the switch, SSH client’s snmpd (listening on UDP port 161), needs to be stopped. Again, on ubuntu/debian this is done with:

client$ sudo /etc/init.d/snmpd stop
Run socat on both SSH client and server
Now we’re ready to run this. You’ll need two terminals that start on the SSH client to sit around doing nothing (or use screen)

Terminal one:

client$ ssh -L 10000:localhost:10000 server
server$ socat -T10 TCP4-LISTEN:10000,fork UDP4:switch:161
This creates the SSH forwarding of TCP port 10000 and runs socat on the server. Notice how the switch’s IP address is mentioned in the socat command line as “switch”.

Terminal two:

client$ sudo socat UDP4-LISTEN:161,fork TCP4:localhost:10000
That sets up socat on the client. That should do it.

Test it!
client$ snmpget -v2c -cpublic localhost sysName.0
SNMPv2-MIB::sysName.0 = STRING: switch
Yup, it works!

Uncategorized

HowTos/PXE/PXE Setup

Multilevel Menu

default – Main Menu
tools – Tools Menu
x86_Servers – x86 Servers Menu
x86_64_Servers – x86_64 Servers Menu

/tftpboot/pxelinux.cfg/default

default menu.c32
prompt 0
timeout 300
ONTIMEOUT local

MENU TITLE Main Menu

LABEL local
MENU LABEL Boot local hard drive
LOCALBOOT 0

LABEL x86 Servers
MENU LABEL x86 Servers
KERNEL menu.c32
APPEND pxelinux.cfg/x86_Servers

LABEL x86_64 Servers
MENU LABEL x86_64 Servers
KERNEL menu.c32
APPEND pxelinux.cfg/x86_64_Servers

LABEL Tools
MENU LABEL Tools
KERNEL menu.c32
APPEND pxelinux.cfg/tools

/tftpboot/pxelinux.cfg/tools

MENU TITLE Tools Menu

LABEL Main Menu
MENU LABEL Main Menu
KERNEL menu.c32
APPEND pxelinux.cfg/default

LABEL Clonezilla
MENU LABEL Clonezilla
KERNEL menu.c32
APPEND pxelinux.cfg/clonezilla

LABEL Pmajic
MENU LABEL Pmajic
kernel images/pmagic/bzImage
append noapic initrd=images/pmagic/initrd.gz root=/dev/ram0 init=/linuxrc ramdisk_size=100000

label Dos Bootdisk
MENU LABEL ^Dos bootdisk
kernel memdisk
append initrd=images/622c.img

/tftpboot/pxelinux.cfg/x86_Servers

MENU TITLE x86 Server Menu

LABEL Main Menu
MENU LABEL Main Menu
KERNEL menu.c32
APPEND pxelinux.cfg/default

LABEL CentOS 5 x86 NO KS eth0
MENU LABEL CentOS 5 x86 NO KS eth0
KERNEL images/centos/5/x86/vmlinuz
APPEND ks initrd=images/centos/5/x86_64/initrd.img ramdisk_size=100000 ksdevice=eth1 ip=dhcp url –url http://xxx.xxx.xxx.xxx/mirrors/CentOS-5-i386/

LABEL CentOS 5 x86 NO KS eth1
MENU LABEL CentOS 5 x86 NO KS eth1
KERNEL images/centos/5/x86/vmlinuz
APPEND ks initrd=images/centos/5/x86/initrd.img ramdisk_size=100000 ksdevice=eth1 ip=dhcp url –url http://xxx.xxx.xxx.xxx/mirrors/CentOS-5-i386/

/tftpboot/pxelinux.cfg/x86_64_Servers

MENU TITLE x86_64 Server Menu

LABEL Main Menu
MENU LABEL Main Menu
KERNEL menu.c32
APPEND pxelinux.cfg/default

LABEL CentOS 5 x86_64 NO KS eth0
MENU LABEL CentOS 5 x86_64 NO KS eth0
KERNEL images/centos/5/x86_64/vmlinuz
APPEND ks initrd=images/centos/5/x86_64/initrd.img ramdisk_size=100000 ksdevice=eth1 ip=dhcp url –url http://xxx.xxx.xxx.xxx/mirrors/CentOS-5-x86_64/

LABEL CentOS 5 x86_64 NO KS eth1
MENU LABEL CentOS 5 x86_64 NO KS eth1
KERNEL images/centos/5/x86_64/vmlinuz
APPEND ks initrd=images/centos/5/x86_64/initrd.img ramdisk_size=100000 ksdevice=eth1 ip=dhcp url –url http://xxx.xxx.xxx.xxx/mirrors/CentOS-5-x86_64/

http://wiki.centos.org/HowTos/PXE/PXE_Setup/Menus

http://www.howtoforge.com/ubuntu_pxe_install_server