cyborgworkshop.org

I seem to be running on a theme here. Setting your centos 5 boxes to authenticate users against your Openfiler LDAP server isn’t as straight forward as setting samba up to auth against it. You’ll obviously need to have Openfiler and LDAP already setup, but you’re also going to have to do some per user modifications in LDAP and some PAM configuration changes on the Centos box. So, starting with the easiest part. Download and copy this script to your openfiler machine. I did not write this script (I found it here) I just modified it for my use.

#!/bin/bash
# change shell and home for user in OpenFiler LDAP server

BINDDN=”cn=Manager,dc=themclarks,dc=com”
BASEDN=”ou=People,dc=themclarks,dc=com”

USER=$1
SHELL=$2

if [ -z "${SHELL}" -o -n "${3}" ]; then
echo “Usage: $0 ”
exit 1
fi

ldapsearch -s base -x -b “uid=${USER},${BASEDN}” > /dev/null
if [ $? -ne 0 ]; then
echo “Error: User ${USER} not found in LDAP server”
exit 1
fi

grep -q -E -e “^${SHELL}$” /etc/shells
if [ $? -ne 0 ]; then
echo “Error: ${SHELL} not found in /etc/shells”
exit 1
fi

ldapmodify -x -D ${BINDDN} -W <
dn: uid=${USER},${BASEDN}
changetype: modify
replace: homeDirectory
homeDirectory: /home/${USER}
EOF
ldapmodify -x -D ${BINDDN} -W <
dn: uid=${USER},${BASEDN}
changetype: modify
replace: loginShell
loginShell: ${SHELL}
EOF

Before you run this script, go into openfiler and make a backup of your LDAP config and database. I doubt their will be a problem, but if you don’t do a backup I can almost guarantee something bad will happen.
Be sure to chmod 775 that script. When you run it you will need to supply the user you want to modify and the shell you want them to have. Home directories will be in /home, but you can modify that as you see fit.
Once that script has run, you will have a user setup with a shell and a home directory in LDAP. moving on to the Centos box
run authconfig as root and select “Use LDAP” in User Information and “Use LDAP Authentication” in Authentication. I also like to select “Local Authentication is sufficient” so I can add an oh-crap account. When you select next, you will be prompted for some LDAP settings.
Leave Use TLS unchecked.
LDAP Server will be ldap://OPEN_FILER_SERVER_NAME
Base DN: will be “dc=your_domain,dc=com”
Hit OK. you can test to see if this works by doing an

su - $USER

for the user that you setup in LDAP. This should work, but it will give you an error about not having a home directory. To fix that, we need to make a change to the pam config. If you did this using the gui authconfig, I believe you will have had an option to setup the automatic creation of home directories, so if you don’t get an error, you’re done.
as root on the centos box, edit /etc/pam.d/system-auth and add the following line to the bottom of the file

session required pam_mkhomedir.so skel=/etc/skel umask=0022

save the file and do an su – to the user you setup in LDAP. You should see a message about a home directory being created. Congratulations, you are authing to LDAP!

I have an openfiler based NAS running as my main file server and an ubuntu VM running rsync that backs that server up. I wanted to be able to browse my backups via samba, and for giggles, authenticate that samba server against the openfiler LDAP that is already configured. This turned out to be really easy.   First install samba.

sudo apt-get install samba

In the new /etc/samba/smb.conf, you need to replace the passdb backend statement with

passdb backend ldapsam:ldap://$DNS_NAME_OF_OPENFILE

and add the following lines

ldap ssl = no
ldap admin dn = cn=Manager,dc=$YOURDOMAIN,dc=com
ldap suffix = dc=$YOURDOMAIN,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group

Be sure to replace $YOURDOMAIN with the domain you configured when you first setup LDAP in openfiler.
The last step is to store LDAP auth credentials in the secrets.tdb file so samba can query your LDAP. you do that by running

smbpasswd -w $OPENFILER_LDAP_PASSWORD

and replace $OPENFILER_LDAP_PASSWORD with the LDAP password you configured when you created the openfiler LDAP. restart samba with

service smbd restart

And you should now be authenticating to you openfiler LDAP!

I’m a regular user of the logger command on linux boxes and I’ve found the equivalent in windows. The command is called eventcreate.exe and seems to be present from windows XP forward. To create an informational event in the application log with a message subject of “Test message”, an arbitrary message id of 13 and a message text of “This is a test” you would just run the following


eventcreate /t information /l application /so "Test message" /id 13 /d "This is a test"


More info on eventcreate.exe can be found at microsoft

To find files older than X days on a windows box, you either need the forfiles.exe command installed from the windows resource kit, or a 2003 and newer machine. The command looks like so

forfiles -pC:\TEMP -s -m*.* -d-5 -c"cmd /C echo @PATH\@FILE"

Just replace “-d-5″ with “-d-X” where X is the number of days since a file has been created.

All of the IIS process’s show up as the same process name, which makes it really challenging to figure out which of your websites has lost it’s mind.  In order to trace an IIS website or application pool back to a PID, you just need to open a command prompt and run the iisapp utility.

iisapp

Outputs
W3WP.exe PID: 7424 AppPoolId: Site1
W3WP.exe PID: 8096 AppPoolId: JoesSite
W3WP.exe PID: 13080 AppPoolId: Wookielove.com

And now you can just use taskmanager to track resource usage to a site.