Archive for the ‘Documentation’ Category

« Older Entries

Documentation Wordbook plugin.

0 Comments

August 27th, 2010 by Jgz

I am trying to get the wordbook plugin to post on my facebook wall.

Tags:

Documentation Event ID 21 and 42 – Terminal Server license errors.

0 Comments

August 26th, 2010 by Jgz

If a Windows Terminal server client receives the following kind, they need to remove the corrupt license registry key on the client. The following two messages were identified on a Citrix license server.

The solution was to remove the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing

The key will be recreated the next time the client connects to the Citrix server.

Tags: , , , ,

Documentation How to increase shmmax kernel parameter in linux.

0 Comments

August 20th, 2010 by Jgz

Used the following to modify the shmmax kernel parameter in Fedora 13 after updating postgresql on a machine running WiKID for two-factor authentication.

Modifies the parameter:
# sysctl -w kernel.shmmax=67108864
Changes the parameter so a reboot is not required.
# sysctl -p /etc/sysctl.conf

To keep the new setting after rebooting:
# vi /etc/sysctl.conf

kernel.shmmax=67108864

Tags: , , ,

Documentation Hex editor – vi?

0 Comments

August 11th, 2010 by Jgz

Open the file as your normally would ( For example, vi mybinary.fil):
To view in hex:
Enter the following from command mode: :%!xxd

To switch back:
Enter the following from command mode: :%!xxd -r

Tags: ,

Documentation Create a custom SMS/MMS tone on an iPhone.

0 Comments

August 4th, 2010 by Jgz

To create a custom SMS tone for a jailbroken iPhone on MacOS from iTunes:

1.) Start iTunes.
2.) Go to Preferences/General.
3.) Click “Import Settings” next to “Ask To Import CD.”
4.) Change “Import Using” from “Mp3 Encoder” or other to “Aiff Encoder.”
5.) Right click on the song you want to convert and go to “Get Info.”
6.) Click on the Options tab and go to “Start Time” and “Stop Time.”
7.) Enter the desired time range that you want and click “Ok.”. It should be less than 30 seconds in duration.
8.) Right click the clip and click “Create AIFF Version.”
9.) Rename the resulting .aif file to sms-received[1-6].cap.
For example: Rename myfile.aif to sms-received1.cap.
10.) Ensure that ssh is installed on your jailborken iPhone.
11.) Replace one of the sms-received[1-6].caf files in /System/Library/Audio/UISounds with your newly created sms-received[1-6].cap file. I used FileZilla to transfer the file from my Mac to the iPhone, but you can use any sftp/scp client or the command line from Terminal.
12.) Now, on your iPhone, you can find your newly create sound in Settings/Sounds/”New Text Message.” The selection names do not change, but you can select each one to hear the sample to find your custom SMS/MMS text sound.
13.) Remember to switch back to Import Settings in iTunes.

Tags: , , , ,

Documentation How to repair Dell boot record to access restore partition.

0 Comments

July 3rd, 2010 by Jgz

The boot record on a Dell E310 was modified over time as a result of various system updates. I was unable to access the restore partition, when the OS needed to be restored, using Ctrl-F11 at the BIOS boot screen. To restore the boot record so that I could use Ctrl-F11, I created a bootable DOS CD using the fdfullcd.iso from the FreeDOS site (http://www.freedos.org/). Then, I created another CD with the dsrfix.exe (http://www.goodells.net/dellrestore/files/dsrfix.zip) utility on it. I unzipped the dsrfix.zip file and burn the contents of the zip file onto a CD.

From here, I booted the FreeDOS CD. Then, I removed the FreeDOS CD and put in the dsrfix CD. I ran mscdex.exe at this point. However, I do not believe that was necessary. Then, I switched to the E: drive and ran dsrfix. I had an alert on pbr descriptor 3. Next, I ran dsrfix /F. This repaired the record so that Ctrl-F11 worked. Thanks to Dan Goodell (http://www.goodells.net/dellrestore/). According to Dan’s site, his utility has been tested on the following Dell systems: Dimension 1100, 2400, 3000, 3100, 4550, 4600, 4700, 5000, 5100, 5150, 8200, 8300, 8400, 9100, 9150, B110, E310, E510, E520, E521, XPS 400, XPS 410, XPS 720, XPS Gen 4. Inspiron 500m, 510m, 600m, 630m, 640m, 700m, 1150, 1200, 1300, 1501(AMD), 2200, 5100, 5150, 6000, 6400, 8600, 9300, 9400, B120, B130, E1405, E1505, E1705, M710, M1210, XPS, XPS Gen 2, XPS M1710. Vostro 200.

Tags: , ,

Documentation How to add more swap space in linux.

0 Comments

June 25th, 2010 by Jgz

I used this procedure to add swap space to a server, where I not more available partitions, but had space on a previously formated partition.

# mkdir /var/swap

Create container files:
# dd if=/dev/zero of=/var/swap/swapfile1 bs=1024 count=65536
# dd if=/dev/zero of=/var/swap/swapfile2 bs=1024 count=65536
# dd if=/dev/zero of=/var/swap/swapfile3 bs=1024 count=65536
# dd if=/dev/zero of=/var/swap/swapfile4 bs=1024 count=65536

Format as swap:
# mkswap /var/swap/swapfile1
# mkswap /var/swap/swapfile2
# mkswap /var/swap/swapfile3
# mkswap /var/swap/swapfile4

Add them to startup:
# vi /etc/fstab

/var/swap/swapfile1 swap swap defaults 0 0
/var/swap/swapfile2 swap swap defaults 0 0
/var/swap/swapfile3 swap swap defaults 0 0
/var/swap/swapfile4 swap swap defaults 0 0

Enable them:
# swapon -a
Check them:
# swapon -sh

Tags: ,

Documentation Improve performance of Thunderbird 3 (IMAP).

0 Comments

June 2nd, 2010 by Jgz

When I did a new installation of Fedora 13 and configured Thunderbird 3.0.4 for IMAP, I found that the performance was just atrocious. It was downloading all the messages from all my folders.

The release notes for Thunderbird gave me a hint:

IMAP Folder Synchronization

Thunderbird will download IMAP messages by default in the background to allow for faster message loading and better offline operation. This feature can be enabled on an individual folder basis via Folder properties, or for all folders in an account via Account Settings / ‘Synchronize & Storage’.

——————–

I turned this “feature” off for my account. It is in “Account Settings” and then “Synchronization & Storage” for my IMAP account. From here, I unchecked “Keep messages for this account on this computer.” Also, I changed the “Disk Space” setting from “Synchronize all messages locally regardless of age” to “Synchronize the most recent 1 Weeks.” These two settings made a huge improvement to my performance. Yes, I lose offline access, but that does not matter to this desktop computer.

Tags: , ,

Documentation How to verify wbinfo_group.pl via command line.

0 Comments

May 27th, 2010 by Jgz

The following is a good way to verify whether your squid configuration with NTLM authentication is properly set up to utilize Windows Active Directory group memberships:

# echo “username windowsgroup” | /usr/lib/squid/wbinfo_group.pl -d
Debugging mode ON.
Got username windowsgroup from squid
User: -username-
Group: -windowsgroup-
SID: -S-1-5-21-915438365-207112795-1232828436-3341-
GID: -16777237-
Sending OK to squid
OK

Tags: , , ,

Documentation Howto Join An Active Directory Server using RHEL5.x/CentOS5.x and Samba 3.0.x

0 Comments

May 24th, 2010 by Jgz

I used the following procedure to join a simple Windows 2003 Active Directory.

Ensure that your time is synced with the ADS machines via ntp.conf.

I used the following to sync time to my NTP server:
# cat /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1

server 127.127.1.0
fudge 127.127.1.0 stratum 10

driftfile /var/lib/ntp/drift

keys /etc/ntp/keys

server ntp.domain.com
restrict ntp.domain.com mask 255.255.255.255 nomodify notrap noquery

Ensure that your name resolution is configured properly. If needed, modify via /etc/sysconfig/network with the fully qualified name. Also, the /etc/resolv.conf should use the same DNS servers that handle the dynamic updates for the ADS domain.

For example:
# hostname
rhel5.domain.local

# cat /etc/resolv.conf
search domain.local
nameserver 192.168.0.31
nameserver 192.168.0.32

Configure kerberos:

For example:
# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
DOMAIN.LOCAL = {
kdc = pdc.domain.local:88
admin_server = pdc.domain.local:749
default_domain = domain.local
}

[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

Test kerberos:
kinit -V administrator@domain.local

You should get the following kind of output:
Authenticated to Kerberos v5

Configure samba:
# cat /etc/samba/smb.conf
#GLOBAL PARAMETERS
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
preferred master = no
server string = Linux Test Machine
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-200000
idmap gid = 600-200000
;template primary group = “Domain Users”
template shell = /bin/bash

[homes]
comment = Home Direcotries
valid users = %S
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/cups
browseable = no
printable = yes
guest ok = yes

Use the testparm command to verify your samba configuration:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section “[homes]”
Processing section “[printers]”
Loaded services file OK.
‘winbind separator = +’ might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

Join the domain:
net ads join -U administrator

You will be prompted for the administrator password. If successful a message will be displayed stating as such.
For example:
Using short domain name – DOMAIN

Joined ‘RHEL5′ to realm ‘domain’

From here you can execute several commands to test:

# net ads testjoin DOMAIN
Join is OK

The following will list both local user IDs and ADS user IDs:
# wbinfo -u

The will list ADS group names:
# wbinfo -g

The following will verify ADS authentication (In this example, “password” is the administrator account password.):
# wbinfo -a administrator%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

Modify nsswitch.conf to support ADS authentication:
# cat /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus

This is very important. Make sure you are logged into a couple virtual terminals as root in case there is a problem. You can end up locking yourself out.

Make a backup copy of /etc/pam.d/system-auth-ac:
# cd /etc/pam.d
# cp -rp system-auth-ac system-auth-ac.orig

Edit the system-auth-ac file:
# cat /etc/pam.d/system-auth-ac
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 100 quiet
account sufficient pam_winbind.so use_first_pass
account required pam_permit.so

password requisite pam_cracklib.so retry=3 type=
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_winbind.so use_first_pass
password required pam_deny.so

session required pam_limits.so
session required pam_unix.so
session required pam_winbind.so use_first

Tags: , , , , ,

« Older Entries