My notes, things I have learned, and documentation I have created.

To demote a Windows 2003 Active Directory from a domain controller to a member server, perform the following from the domain controller you wish to demote:

1) Go to Start/Administrative Tools/Active Directory Users and Computers.

2) Right mouse click on the domain, and click on “Connect to Domain Controller.”

3) Choose the domain controller that you want to demote. Note: The one you should be logged into.

4) Now issue the dcpromo command to remove Active Directory and demote the server.

I was getting the following messages in my samba logs when I would try to access a samba 3.0.33 share on CentOS 5.4 from a Windows 7 Enterprise client:

[2010/03/04 14:07:12, 0] lib/util_sock.c:read_data(534)
read_data: read failure for 4 bytes to client 172.18.31.155. Error = Connection reset by peer

I tried adding the following to my /etc/samba/smb.conf global configuration, but it did not seem to work.

client ntlmv2 auth = yes

I got the same kind of messages.

I ended up having to change the Windows 7 local security policy by modifying the “LAN Manager authentication level”, the “Minimum session security for NTLM SSP based (including secure RPC) clients”, and the “Minimum session security for NTLM SSP based (including secure RPC) servers” policies.

I used the following procedure:

Control Panel -> System and Security -> Administrative Tools -> Local Security Policy

From the Local Security Policy, I went into “Security Options” and then looked under the “Network security” policies.

From here, I set the new policies.

Network security: LAN Manager authentication level
Send LM & NTML responses

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Uncheck “Require 128-bit encryption.”

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Uncheck “Require 128-bit encryption.”

I am hoping to figure out the issue with samba not accepting ntlmv2 authentication, so I can set the client policies back to the default.

To update an AIDE database:

To check the filesystem against the current AIDE database:
aide –check

Modify the /etc/aide.conf configuration file with any changes.

Put new AIDE database into use:
cd /var/lib/aide
cp -p aide.db.new.gz aide.db.gz

Run check again to see if changes provide the expected result.
aide –check

I used this method for installing the latest java plugin on a CentOS 5.4 system.

Download latest java (jre-6u18-linux-x64.bin) from java.com.
I installed all my java versions in /usr/java. This is where I save the bin file downloaded.
cd /usr/java
chmod 744 jre-6u18-linux-x64.bin
To install java:
./jre-6u18-linux-x64.bin

To install the plugin into your latest version of firefox:
cd /usr/lib64/firefox-3.0.16.
mkdir plugins #I had to create this directory.
ln -s /usr/java/jre1.6.0_18/lib/amd64/libnpjp2.so

Restart firefox.

To install the public release key:

rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

This allows you to install from the local source. For me, I had copied all the packages from the RHEL5 CDs to a directory to use “yum localinstall.” Importing the key as outlined above enabled me to install the packages without getting the following error:

warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 37017186

If you have linux running in VMware Workstation and want to access one of the virtual terminals, you need to hit CTRL-ALT-SPACE and then let go of the SPACE (while continuing to hold the CTRL-ATL) and hit the virtual terminal you want to access (one of the function keys (F1-F12).

I used the following configuration to use different xinetd directives for a service depending on which interface the connection was initiated on. In the following example, my LAN interface has IP address 192.168.0.1, and my Internet interface has IP address 10.10.10.10. I used procedures very similar to these to configure to use two different sets of directives for an SMTP server on a system running RHEL5.

The first thing I did was create a new entry in the /etc/services file. I will use telnet as an example.

vi /etc/services
…
telnetnew 23/tcp
…

Create new service configuation file:

vi /etc/xinetd.d/telnetnew

service telnetnew
{
disable = no
flags = REUSE
wait = no
user = root
server = /usr/sbin/in.telnetd
socket_type = stream
protocol = tcp
log_on_failure += USERID
log_on_success += USERID
only_from = 192.168.0.0/24
instances = 100
bind = 192.168.0.1
}

Modify the existing /etc/xinetd.d/telnet configuration file with new directives:

vi /etc/xinetd.d/telnet
…
no_access = 192.168.0.0/24
instances = 1
bind = 10.10.10.10
…

Create the new service and enable it:

chkconfig –add telnetnew
chkconfig telnetnew on

Reload xinetd to implement the new configuration and the start the new service.

service xinetd reload

This configuration will enable only one telnet connection from the Internet and 100 from the LAN segment. I used this type of configuration for an SMTP server to reduced the number of connections from the Internet.

Options
Security Options
General Settings
Press the menu button.
Select Wipe Handheld.
You will prompted to enter “blackberry” to confirm.

Once you have obtained an unlock code from your carrier or other means, do the following:

Options
Advanced Options
Sim Card
Enter MEPD
Note: You will see nothing change on the screen.
Enter MEP2
Note: You will see nothing on the screen, until you hit the Enter key.
Enter the code you obtained.

At the top of the screen, you should see “SIM Card Security Disabled.”

To remove an icon from toolbar (top of the screen) hold down the “command” button and drag the icon to the Trash.