I’ve been working with the next version of ZENworks all week; and for several reasons I needed to clear up my MSI database on several Windows machines.
Here’s a cool tool from Microsoft that makes it easy. The Windows Installer CleanUp Utility.
Update time again – this time for another security issue.
Here’s the mail from wp-testers:
http://wordpress.org/beta/wordpress-2.0.6-RC2.zip
http://wordpress.org/beta/wordpress-2.0.6-RC2.tar.gzRC2 addresses the following vulnerability.
http://seclists.org/fulldisclosure/2006/Dec/0463.htmlWe also changed how we escape HTML attributes. Escaping is done with a new
attribute_escape() function.http://trac.wordpress.org/changeset/4656
This touched a lot of files so we need to do some broad testing to make sure we didn’t fat finger anything.
Should be GA soon; advisable to upgrade.
I wrote about moving my primary mail server to SLES 10 and Netmail 3.5.2 a month ago.
Everything has been working really well – great uptime, better performance, another box moved to SLES 10..
Except for one little thing. Grania has been commenting that some of her email is missing.
Well – it’s not been in the inbound SpamAssassin kill files; it’s not stuck on the mail server; there are no errors with connectivity; no problems with DNS or MX records. The mail has been from all over – so it’s not someone like Yahoo being picky. Also normal mail has been coming in fine – so we’ve not been blackholed.
Tonight I decided to hunt down the problem.
It was me. I missed one step for the migration of mail; to use Netmail rules and forwarding the AutoReply agent needs creating and configuring.
The AutoReply Agent also enables users to forward their messages to another e-mail address. Users can specify if they want to retain a copy of the message in their NetMail mailbox or forward the message to the designated address.
Ooops. I missed that one. Three mouse clicks later and everything is back to normal.
I just trawled the aliases and there were over 400 mails to forward to the real mailboxes.
A month ago I got my hands on the RTM DVD of Windows Vista and took the plunge. I installed Vista Ultimate on my production IBM Thinkpad T42p; 80GB HDD, 2GB RAM. I installed Vista into my Active Directory environment
Currently here is what I’ve got running, as well as a list of applications that are working for me:
The only applications I’m having trouble with so far are
I found a couple of defects; Microsoft worked with me and got a fix for one:
The most annoying thing was the User Account Control – every action required confirmation. I’m a domain admin and local admin on the box; my own fault if I do something foolish. I turned off all of the UAC features within a few hours – just too in your face.
Next steps are to find the Lenovo/IBM Thinkpad tools for some of the key mappings; not essential. Also have another hack at the VPN client.
Usual disclaimer – some of the apps listed are not ‘supported’. In fact I’m probably the only person testing Collanos Workplace on Vista 😉
Back in full form with ‘The Life Pursuit’. First chance I’ve had to listen to it (baby and all that). “Another Sunny Day” is especially good.
Fun fun fun – server consolidation time.
Dell P4, 2GB RAM, 1TB storage (4x 300GB SATA RAID 5)
Install SLES 10, no GUI, runlevel 3 only. Disable pretty much everything not needed.
I chose ext3 for /, xfs for my NAS filesystem; I’ve had good results using xfs – reliability and performance.
Next optimisation of the filesystem:
#/etc/sysctl.conf
# Reduces the amount of work the TCP stack does.
net.ipv4.tcp_sack = 0
# The number of inodes (fs.inode-nr) available to the Linux kernel should be 3-4 times
# greater than the fs.file-max parameter
fs.inode-nr = 128000
# Maximum number of file handles that can open at a given time (default=4096)
fs.file-max = 64000
Apply the configuration and reboot:
chkconfig boot.sysctl on
Install Kerberos Client libraries. This can be done from YAST or the ZENworks updater. The basic modules needed are:
Install the SAMBA pieces:
Next configuration of SAMBA and the Kerberos environment; I found that using YAST wouldn’t let me set this up correctly. The two files are /etc/krb5.conf and /etc/samba/smb.conf
Note that krb5.conf expects everything AD related in upper case. Took me a few tries to realise that.
I’ve cleansed the real information – for the record there is no AD infrastructure at evilzenscientist.com – it’s just illustrative.
Active Directory server: 192.68.0.16, EZS-KDC
Active Directory tree: ezs-ad.evilzenscientist.com
Active Directory ‘domain’: EZS-AD
#/etc/krb5.conf
[libdefaults]
default_realm = EVILZENSCIENTIST.COM
clockskew = 300[realms]
EVILZENSCIENTIST.COM = {
kdc = 192.168.0.16
default_domain = EZS-AD
admin_server = 192.168.0.16
}[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.EZS-AD = EVILZENSCIENTIST.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
try_first_pass = true
}
Next is the SAMBA configuration /etc/samba/smb.conf
#/etc/samba/smb.conf
[global]
workgroup = EZS-AD
realm = EZS-AD.EVILZENSCIENTIST.COM
password server = EZS-KDC.EZS-AD.EVILZENSCIENTIST.COM
security = ADS
encrypt passwords = yes
server string = %h SAMBA %v SLES 10winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes[data]
comment = data
read only = no
path = /data
user = @”EZS-AD+domain users”
Next is the Active Directory authentication configuration.
Edit /etc/nsswitch.conf – and make sure that these lines are present:
#/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
Reboot and then test the Kerberos implementation:
Test the Kerberos implementation:
This should prompt for a password and return no errors. Note that time sync between the client and the AD KDC server needs to be pretty tight. Look at using NTP.
Join the server to the AD domain:
net ads join
Using short domain name — EZS-AD
Joined ‘EZS-NAS’ to realm ‘EZS-AD.EVILZENSCIENTIST.COM’
There are some testing steps; look at the getent tool:
getent passwd
getent groups
These should return users and groups from the AD world.
That’s it for now; I’m the happy owner of a good, fast NAS box that is integrated into my Active Directory.
For the record – I have found that SLES 10 + SAMBA is about 30% faster than a Windows 2003 server on the same hardware. Cheaper and Faster – now that’s a result.
I’ve been using Nero for about seven years to burn CDs and more recently DVDs.
I upgraded online to Nero 7 on Sunday; I paid by PayPal. I expected a serial number ‘within 24 hours’ – sadly disappointed.
I emailed the support line – nothing. The US support – nothing.
I’ve watched the spam filters like a hawk – nothing so far.
I eventually called into the US sales line – with a 15 minute hold – and eventually got the serial number mailed to me from the sales person.
Not good service this time around. The reason given was ‘we are busy’.
Yesterday evening I moved my mail server from a clunky old Windows 2003 server to a shiny new SLES 10 box.
I still use NetMail – but I had a couple of fun hours with the move.
First I looked at the state of Hula; some pretty broken RPMs that didn’t do much useful for me. Then I saw this post from Alex Hudson
So, Hula as a Novell project is basically over – Novell are no longer interested in any potential “Maui” product (which was going to be an upgrade path to Netmail users), the product group has been broken up, and at least one developer who was part of that group has now left Novell.
Bummer. Kinda confirms what I had found out internally a few weeks ago in planning the mail migration.
Then I saw this from Peter Teichman (who I really respect from his work on Red Carpet Enterprise at Ximian):
Novell no longer has anyone working full-time on
Hula. As a team we have spent some time looking at where the Hula
project is and the opportunities in the market and in the end we had to
conclude that we couldn’t justify investing at the same level in Hula
going forward. So those of us who have been developing Hula full-time
will be moving on to other roles and to other parts of the company.
So Netmail as it stands is somewhat orphaned. It’s pretty much end of life.
I’ve got Netmail running on SLES 10 without major pain; it does what I need. I’ll need to look around for the ‘what’s next’ some time next year – but for now I’m sorry to see Hula and Maui not move forward.
We bought a splendid HD TV a week or so ago – a Sony – very pleased with the quality.
I did the cable magic and got the DirecTV up to speed as well. I decided to go with the ‘old’ HR10-250 Tivo based DVR, rather than the newer MPEG4 non-Tivo DVR. Call it Tivo loyalty.
Nice to know that rather than the $400 we estimated for getting the work done; it cost me around $15 for the extra LNB for the satellite dish and about $20 for the good quality coax. Good job I can still crimp cables 😉
I use IPcop and Copfilter as my firewall/spam/email filtering gateway. Free and easy. Scales well.
I’ve had problems with Copfilter running the Bayesian learning for spam assassin; in short copfilter runs a wrapper script to call into sa-learn.pl.
I found that the IMAP->message_to_file was just sitting waiting for input from the NetMail server I run. Simple fix; add a timeout to IMAP reads and increase the IMAP buffer size. This should let me get all of the body text for learning, and timeout on massive inline images.
I logged a bug and posted a fix to the DMZS-sa-learn.pl script
my $imap = Mail::IMAPClient->new(
Server => ‘foo.com:143’,
User => ‘spamtrainer’,
Password => ‘longpassword’,
Debug => ‘1’,
#ezs edits
Timeout => ‘5’,
Buffer => ‘65536’,
);
Spam training is working perfectly now – Copfilter is eating its way through 3600 spam and about 6000 ham (non spam) messages.
Recent Comments