Archive for March, 2010

Testing email via telnet or openssl.

To send an email via telnet for testing:
telnet SMTP Server Name 25
EHLO mydomain.tld
MAIL FROM: my@from.address
RCPT TO: my@to.address
DATA
Here you can type the body of the message.
.

To the same thing, but with From: To: and Subject: headers:
telnet SMTP Server Name 25
EHLO mydomain.tld
MAIL FROM: my@from.address
RCPT TO: my@to.address
DATA
From: my@from.address
To: my@to.address
Subject: Here is a subject.

Here you can type the body of the message.
.

Here is how you can do a basic test of an IMAP server via telnet:

telnet IMAP Server Name 143
? LOGIN username password
? LIST “” “*”
? LOGOUT

This will log you in and list the accounts mail folders. Note: This is testing a basic unencrypted login to an IMAP server. Not the way you would want to implement in production, unless implement via localhost.

If you want to test your SSL configuration use openssl instead of telnet:
openssl s_client -connect hostname:portnumber

For example:
openssl s_client -connect SMTP Server Name:465

Apache – Redirect from http to https.

I used the following rewrite rules to redirect squirrelmail from http to https automatically. I added this to the end of the /etc/httpd/conf.d/squirrelmail.conf in RHEL5.x.

vi /etc/httpd/conf.d/squirrelmail.conf

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

Demote a Windows 2003 server.

To demote a Windows 2003 Active Directory from a domain controller to a member server, perform the following from the domain controller you wish to demote:

1) Go to Start/Administrative Tools/Active Directory Users and Computers.

2) Right mouse click on the domain, and click on “Connect to Domain Controller.”

3) Choose the domain controller that you want to demote. Note: The one you should be logged into.

4) Now issue the dcpromo command to remove Active Directory and demote the server.

Accessing Samba shares from Windows 7 client.

I was getting the following messages in my samba logs when I would try to access a samba 3.0.33 share on CentOS 5.4 from a Windows 7 Enterprise client:

[2010/03/04 14:07:12, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 172.18.31.155. Error = Connection reset by peer

I tried adding the following to my /etc/samba/smb.conf global configuration, but it did not seem to work.

client ntlmv2 auth = yes

I got the same kind of messages.

I ended up having to change the Windows 7 local security policy by modifying the “LAN Manager authentication level”, the “Minimum session security for NTLM SSP based (including secure RPC) clients”, and the “Minimum session security for NTLM SSP based (including secure RPC) servers” policies.

I used the following procedure:

Control Panel -> System and Security -> Administrative Tools -> Local Security Policy

From the Local Security Policy, I went into “Security Options” and then looked under the “Network security” policies.

From here, I set the new policies.

Network security: LAN Manager authentication level
Send LM & NTML responses

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Uncheck “Require 128-bit encryption.”

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Uncheck “Require 128-bit encryption.”

I am hoping to figure out the issue with samba not accepting ntlmv2 authentication, so I can set the client policies back to the default.

Return top

INFORMATION