Monday 27 December 2010

HOWTO: DHCP Server On Debian

For a Ubuntu flavoured version of this post see this article

Pre-requisites:

A working LAN where clients can ping each other from static IP address's. For more information on configuring a Debian or Ubuntu server with a static IP address see this article.

Login as root;

su -l

Setting up DHCP is a fairly simple affair. We start by installing dhcp-server from the repositories;

apt-get install dhcp3-server

We need to tell it which interface to listen for client requests on;

vi /etc/default/isc-dhcp-server

Add your (space separated) interface(s) like so;

INTERFACES=”eth0″

There is a lot of useful documentation in the default configuration file, however this tends to make things a bit cluttered. I prefer a minimalist config file so we will backup the default one for future reference;

mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.default

Now, we create a new config file;

vi /etc/dhcp/dhcpd.conf

Add the following contents, modifying as applicable for your own network of course;
default-lease-time 600;
max-lease-time 7200;

subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.10 10.1.1.200;
option subnet-mask 255.255.255.0;
option broadcast-address 10.1.1.255;
option routers 10.1.1.1;
option smtp-server 10.1.1.1;
option domain-name "tuxnetworks.net";
option domain-name-servers 10.1.1.1, 10.1.1.2;

host earth {
hardware ethernet 00:1f:d0:c0:3b:9d;
fixed-address 10.1.1.10;
}
}

Notes:
I have added a fixed address for the host "earth" identified by MAC address 00:1f:d0:c0:3b:9d. This is for illustrative purposes only and can be removed if it is not needed.

The above example assumes you have DNS servers running on the your network on hosts 10.1.1.1 and 10.1.1.2. If you want to use upstream DNS resolvers enter the addresses for your ISP DNS servers instead. Alternately you can use the servers provided by OpenDNS[1] or configure your own DNS server.


To apply the changes, restart the dhcp server daemon;

service isc-dhcp-server restart

Now you should refresh the IP address on a PC configured as a dhcp client and you should receive a shiny new DHCP lease.

Now that you have a DHCP server, why not improve it by adding DDNS (Dynamic DNS) updates so that your clients names are automagically added to your DNS Server?

[1] OpenDNS use error redirects (DNS Hijacking) as a way to generate income. If you are like me and don't like such shenanigans then I recommend that you configure your own DNS server.

HOWTO: DHCP Server On Ubuntu

For a Debian flavoured version of this post see this article

Pre-requisites:

A working LAN where clients can ping each other from static IP address's. For more information on configuring a Debian or Ubuntu server with a static IP address see this article.

Login as root;

sudo -i

Setting up DHCP is a fairly simple affair. We start by installing dhcp-server from the repositories;

apt-get install dhcp3-server

We need to tell it which interface to listen for client requests on;

vi /etc/default/dhcp3-server

Add your (space separated) interface(s) like so;

INTERFACES=”eth0″

There is a lot of useful documentation in the default configuration file, however this tends to make things a bit cluttered. I prefer a minimalist config file so we will backup the default one for future reference;

mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.default

Now, we create a new config file;

vi /etc/dhcp3/dhcpd.conf

Add the following contents, modifying as applicable for your own network of course;
default-lease-time 600;
max-lease-time 7200;

subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.10 10.1.1.200;
option subnet-mask 255.255.255.0;
option broadcast-address 10.1.1.255;
option routers 10.1.1.1;
option smtp-server 10.1.1.1;
option domain-name "tuxnetworks.net";
option domain-name-servers 10.1.1.1, 10.1.1.2;

host earth {
hardware ethernet 00:1f:d0:c0:3b:9d;
fixed-address 10.1.1.10;
}
}

Notes:
I have added a fixed address for the host "earth" identified by MAC address 00:1f:d0:c0:3b:9d. This is for illustrative purposes only and can be removed if it is not needed.

The above example assumes you have DNS servers running on the your network on hosts 10.1.1.1 and 10.1.1.2. If you want to use upstream DNS resolvers enter the addresses for your ISP DNS servers instead. Alternately you can use the servers provided by OpenDNS[1] or configure your own DNS server.


To apply the changes, restart the dhcp server daemon;

service dhcp3-server restart

Now you should refresh the IP address on a PC configured as a dhcp client and you should receive a shiny new DHCP lease.

Now that you have a DHCP server, why not improve it by adding DDNS (Dynamic DNS) updates so that your clients names are automagically added to your DNS Server?

[1] OpenDNS use error redirects (DNS Hijacking) as a way to generate income. If you are like me and don't like such shenanigans then I recommend that you configure your own DNS server.

Friday 17 December 2010

Intellinet 150n USB WiFi key

I had some trouble getting my new "Intellinet 150n Wireless LAN Adapter" working in Ubuntu 10.04 (Lucid)

The problem is that one of the other Realtek drivers (rt2800usb) conflicts with the driver we need (rt2870sta)

To fix it you need to stop the rt2800usb driver from loading by blacklisting it.

sudo vi /etc/modprobe.d/blacklist.conf

Add this line;

blacklist rt2800usb

Reboot and you should be up and running.

Thursday 18 November 2010

HOWTO: Configure a NAS/Fileserver with LVM

LVM is a logical volume manager for the Linux kernel; it manages disk drives and similar mass-storage devices, in particular large ones. The term "volume" refers to a disk drive or partition thereof. (Source: wikipedia)

The way to visualise LVM is that you have the bottom layer, which are your physical drives. On top of that you place an abstraction layer which can span multiple, disparate drive devices. On top of this layer you then create your logical volumes. These become like the hard disk devices that you would normally mount but can be carved up into whatever sizes you like.

For example, you may have 3 hard disks in these sizes, 1Tb, 750GB and 500GB.

These drives can all be used to create a 2250GB "Volume Group".

Then, say we want 1.5TB to store media files and 400GB for user home directories. We go ahead and create the appropriate sized "Logical Volumes" leaving 850GB unused. At any time in the future it is extremely easy to expand one of your logical volumes, add a new one, add new physical disks to the volume group or replace one of the smaller disks with a bigger drive.

I am going to step through the process of installing and configuring LVM such as you might use for storing large numbers of files on a file server or NAS. In my case I will be using four almost identical 1TB drives but as mentioned earlier, using an eclectic mix of different sized drives works just as well. In fact the ability to join a number of different drives together to for one (or more) logical volumes is one of the main benefits of using LVM.

So let's get started. Actually. before we do a warning.

We will be messing around with filesystems and partition tables in this guide and that is ALWAYS a recipe for disaster. Please, do not attempt this if you have valuable data stored on any of the drives on the system you will be working on. If you do for the love of dog make a backup before you proceed. You have been warned!


OK, now that's done we can begin.

What physical disks are we going to be using for our logical volumes?

Let's take a look at the disks presently in our system;

$sudo fdisk -l

Disk /dev/sda: 8069 MB, 8069677056 bytes
255 heads, 63 sectors/track, 981 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000771b4

Device Boot Start End Blocks Id System
/dev/sda1 * 1 933 7490560 83 Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2 933 981 387072 82 Linux swap / Solaris
Partition 2 does not end on cylinder boundary.


Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xda92f63f

Disk /dev/sdc doesn't contain a valid partition table

[trimmed remaining output]


What we are looking for here are all the drives that say "doesn't contain a valid partition table".

In my system I have 4, they are all 1TB drives (I trimmed the output for the last three) They are /dev/sdc /dev/sdd /dev/sde /dev/sdf.

We need to partition the drives as LVM members. Let's do the first one, /dev/sdc;

Open the disk with fdisk;

sudo fdisk /dev/sdc

You should use the 'p' command to check that the drive is indeed empty, once you are sure then we create a primary partition (using all the default entries);

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-10443, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-10443, default 10443): 10443


The drive now has a partition but we also need to define the type of partition we want. In our case of course it will be an LVM partion (Hex code 8e).

While still in fdisk we set our partition type, save and exit;

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.


Now, if we redo our fdisk command from earlier we should see that /dev/sdc now has an LVM partition;

sudo fdisk -l

Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xda92f63f

Device Boot Start End Blocks Id System
/dev/sdc1 1 121601 976760001 8e Linux LVM


In particular, we are interested in the line that says;

/dev/sdc1 1 121601 976760001 8e Linux LVM

If the output for your drive looks like this then great, you should go ahead and repeat the process for every drive that you want to include in our LVM group.

Checkpoint: At this stage you should have 1 or more drives that are partitioned as LVM and you should know which ones they are (/dev/sdb1, /dev/sdc1 etc). Make a list!


Next, we need to install some packages;

sudo apt-get install lvm2 dmsetup reiserfsprogs xfsprogs

Using our list of member drives we create a "physical volume";

sudo pvcreate /dev/sdc1 /dev/sdd1 /dev/sde1 /dev/sdf1
Physical volume "/dev/sdc1" successfully created
Physical volume "/dev/sdd1" successfully created
Physical volume "/dev/sde1" successfully created
Physical volume "/dev/sdf1" successfully created


We can take a look at our handiwork like so;

sudo pvdisplay
"/dev/sdc1" is a new physical volume of "931.51 GiB"
--- NEW Physical volume ---
PV Name /dev/sdc1
VG Name
PV Size 931.51 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID 3Qjtvy-I6DX-YpT9-1Abk-IWu3-oJT0-kqBLHv

[trimmed output for 3 remaining drives]


Assuming that went well, now we can go ahead and create a "volume group"

sudo vgcreate store /dev/sdc1 /dev/sdd1 /dev/sde1 /dev/sdf1
Volume group "store" successfully created


Let's take a look at the new volume group;

sudo vgdisplay
--- Volume group ---
VG Name store
System ID
Format lvm2
Metadata Areas 4
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 4
Act PV 4
VG Size 3.64 TiB
PE Size 4.00 MiB
Total PE 953865
Alloc PE / Size 0 / 0
Free PE / Size 953865 / 3.64 TiB
VG UUID AhHEFG-Q0ql-0WV4-2q4d-Wv0B-uuz3-I7dvf3


OK, that's looking good. Now we can create our logical volumes. I am only going to create one but there is no need to use the full capacity of the volume group because another one of the great things about LVM is that it is trivially easy to enlarge (or reduce) volumes as necessary. In fact, let's do that now;

We will create a LV that does not take up the entire capacity we have available. In my case I have 3.6TB available but I will create a 2TB LV.

sudo lvcreate --name archive --size 2000G store
Logical volume "archive" created


We can take a look and see what we have created;

sudo lvdisplay
--- Logical volume ---
LV Name /dev/store/archive
VG Name store
LV UUID Pc0EVc-DF1b-n2Mt-jIfr-YHHX-CrtU-SPtyW0
LV Write Access read/write
LV Status available
# open 0
LV Size 1.95 TiB
Current LE 512000
Segments 3
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 251:0


So, just say we actually need more room in our "archive" volume. Well, that is no problem, we just need to extend it;

sudo lvextend -L3600G /dev/store/archive
Extending logical volume archive to 3.52 TiB
Logical volume archive successfully resized


We can confirm that this has worked by checking with the lvdisplay command again;

sudo lvdisplay
--- Logical volume ---
LV Name /dev/store/archive
VG Name store
LV UUID Pc0EVc-DF1b-n2Mt-jIfr-YHHX-CrtU-SPtyW0
LV Write Access read/write
LV Status available
# open 0
LV Size 3.52 TiB
Current LE 921600
Segments 4
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 251:0


Checkpoint: You should have all your drives added to the 'volume group" and have created one (or more) "logical volumes" at this point. Make sure the output from the "lvdisplay" command above corresponds with what you are seeing here.


So, we have set up our LVM volumes but just like any other hard drive we can't use them without a filesystem, let's format ours with ext3

sudo mkfs.ext3 /dev/store/archive
mke2fs 1.41.11 (14-Mar-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
235929600 inodes, 943718400 blocks
47185920 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=0
28800 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848, 512000000, 550731776, 644972544

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 25 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.


When that finally completes all we need to do now is create a mountpoint and add the volume to fstab.

I prefer to use uuid's rather than the physical device paths so that is the way we are going to mount our volume here. If you prefer of course you can mount the volume just like any device in fstab.

First, create a mountpoint for the volume;

sudo mkdir -p /store/archive

Now we need to find the UUID of our new volume;

sudo blkid /dev/store/archive

This will return something like this;

/dev/store/archive: UUID="ee88bfd6-1a7e-486f-85ff-2f2e4c81bd6d" SEC_TYPE="ext2" TYPE="ext3"

You want to select and copy the UUID string (without the quotes).

Now, edit /etc/fstab

sudo vi /etc/fstab

Add a line like this;

UUID=ee88bfd6-1a7e-486f-85ff-2f2e4c81bd6d /store/archive ext3 errors=remount-ro 0 1

Let's test to see if we can mount the new volume.

sudo mount /store/archive

If all goes well there should be no error returned.

Let's see if it is mounted;

df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 7.1G 5.1G 1.7G 76% /
none 998M 220K 997M 1% /dev
none 1002M 0 1002M 0% /dev/shm
tmpfs 250G 40K 250G 1% /tmp
none 1002M 284K 1002M 1% /var/run
none 1002M 0 1002M 0% /var/lock
none 1002M 0 1002M 0% /lib/init/rw
/dev/sdb1 688G 389G 265G 60% /mnt/sdb1
/dev/mapper/store-archive
3.5T 197M 3.3T 1% /store/archive

Great! As we can see above, /dev/mapper/store-archive is now mounted to /store/archive

The final tweak is optional and involves setting the reserved block count down from 5% to something more reasonable. On very large filesystems 5% is too much and by reducing these reserved blocks we can free up gigabytes of space.

Use tune2fs to set reserved blocks at 1%;

sudo tune2fs -m 1 /dev/store/archive

And that's it. You should now be able start placing data in your new LVM volume!

Here are some other commands that you will find useful, they are pretty self explanatory so I'm not going to detail their use here.

vgrename

lvreduce

lvremove

pvrename

pvremove

lvrename

vgscan

lvscan

Thursday 11 November 2010

Change Your Shell To BASH in FreeBSD

First, need to build from the ports tree.

cd /usr/ports/shells/bash
make install

Edit the shells file

vi /etc/shells

Add this line if does not already exist;

/usr/local/bin/bash

Execute the chsh command and change the line that says;

Shell: /bin/csh

to

Shell: /usr/local/bin/bash

Logout and login again and you will have a bash shell!

Tuesday 2 November 2010

HOWTO: Team Fortress 2 Dedicated Server

Create a folder in your home directory and cd into it;

mkdir ~/hlds
cd ~/hlds


You need to obtain the half Life Dedicated Server Update Tool from the steam website;

wget http://www.steampowered.com/download/hldsupdatetool.bin

When the download is done make the bin file executable and execute it;

chmod +x hldsupdatetool.bin
./hldsupdatetool.bin


Do an initial install of the dreaded steam;

./steam

This will do some downloading and updating for a while.

When it finishes it will probably say "Please retry the command." So, we do as it says and it will update again.

When that is done we then need to download the actual Team Fortress server files;

./steam -command update -game "tf" -dir .

Now, for some reason when you do an install, it doesn't actually download all the necessary files. We need to do a "verify-all" to force it to download all the missing files;

./steam -command update -game tf -verify_all

It also doesn't provide a server config file. You can create one or use the one here.

vi orangebox/tf/cfg/server.cfg

// Team Fortress 2 Server Configuration File, To be used with TF2 only!
hostname "Tuxnetworks TF2 Server" // this is your server name as shown in the server list
sv_password "" // your server password. a pair of double quotes means it is not set and anyone can join

//rcon settings
rcon_password "change_this_password" // your rcon password to log into the dev rcon console or HLSW rcon console

// Rcon Cvars
sv_rcon_banpenalty 15 //Number of minutes to ban users who fail rcon authentication
sv_rcon_log 1 //Enable/disable rcon logging.
sv_rcon_maxfailures 3 //Max number of times a user can fail rcon authentication before being banned
sv_rcon_minfailures 5 //Number of times a user can fail rcon authentication in sv_rcon_minfailuretime before being banned
sv_rcon_minfailuretime 10 //Number of seconds to track failed rcon authentications

sv_cheats 0
mp_autoteambalance 0
mp_teams_unbalance_limit 0


// Server Cvars
mp_allowspectators 1 //Toggles whether the server allows spectator mode or not
mp_autocrosshair 0
mp_bonusroundtime 5 //Time in seconds after round win until round restarts
mp_chattime 5 //amount of time in seconds players can chat after the game is over
mp_limitteams 0
mp_decals 1
mp_defaultteam 1
mp_disable_autokick 1 //Prevents a userid from being auto-kicked
mp_enableroundwaittime 1 //Enable timers to wait between rounds.
mp_fadetoblack 0 //fade a player's screen to black when he dies
mp_falldamage 5 //Amount of damage players sustains from a fall
mp_flashlight 0 //Toggles flashlight on or off
mp_footsteps 1 //Toggles footsteps on or off
mp_forcecamera 0 //Restricts spectator modes for dead players
mp_forcerespawn 0
mp_forcerespawnplayers 1 //Force all players to respawn.
mp_forcewin 1 //Forces team to win
mp_fraglimit 0
mp_idledealmethod 0 //Deals with Idle Players. 1 = Sends them into Spectator mode then kicks them if they're still idle, 2 = Kicks them out of the game
mp_idlemaxtime 1 //Maximum time a player is allowed to be idle (in minutes)
mp_maxrounds 10 //max number of rounds to play before server changes maps
mp_teams_unbalance_limit 2 //Teams are unbalanced when one team has this many more players than the other team. (0 disables check)
mp_teststalemate 0 //Test the stalemate mode. Parameter: <0/1>. If 1, the map will reset at the end.
mp_time_between_capscoring 5 //Delay between scoring of owned capture points.
mp_timelimit 120 //game time per map in minutes
mp_winlimit 10 //Max number of rounds one team can win before server changes maps
sv_allow_color_correction 1 //Allow or disallow clients to use color correction on this server.
sv_allow_wait_command 0 //Allow or disallow the wait command on clients connected to this server.
sv_allowdownload 1 //Allow clients to download files
sv_allowupload 1 //Allow clients to upload customizations files
sv_alltalk 0 //Players can hear all other players, no team restrictions
sv_alternateticks 0 //If set, server only simulates entities on even numbered ticks.
sv_autosave 0 //Set to 1 to autosave game on level transition. Does not affect autosave triggers.
sv_bonus_challenge 0 //Set to values other than 0 to select a bonus map challenge type.
sv_cacheencodedents 1 //If set to 1, does an optimization to prevent extra SendTable_Encode calls.
sv_cheats 0 //Allow cheats on server
sv_clearhinthistory 0 //Clear memory of server side hints displayed to the player.
sv_consistency 1 //Whether the server enforces file consistency for critical files
sv_contact "" //Contact email for server sysop
sv_downloadurl "" //Location from which clients can download missing files
sv_enableoldqueries 1 //Enable support for old style (HL1) server queries
sv_pausable 0 //Is the server pausable.

// Lan or internet play, Server region cvars
sv_lan 0 //Server is a lan server ( no heartbeat, no authentication, no non-class C addresses )
sv_region 255 // Region Codes: 0 - US East coast, 1 - US West coast, 2 - South America, 2 - South America, 3 - Europe, 4 - Asia, 5 - Australia, 6 - Middle East, 7 - Africa, 255 - world

//server Logging
sv_log_onefile 0 //Log server information to only one file.
sv_logbans 1 //Log server bans in the server logs.
sv_logblocks 0 //If true when log when a query is blocked (can cause very large log files)
sv_logecho 0 //Echo log information to the console.
sv_logfile 1 //Log server information in the log file.
sv_logflush 0 //Flush the log file to disk on each write (slow).
sv_logsdir "logs" //Folder in the game directory where server logs will be stored.

//Server Rates
sv_maxcmdrate 0 //(If sv_mincmdrate is > 0), this sets the maximum value for cl_cmdrate.
sv_maxrate 20000 //Max bandwidth rate allowed on server, 0 == unlimited
sv_maxreplay 2 //Maximum replay time in seconds
sv_maxupdaterate 100 //Maximum updates per second that the server will allow
sv_mincmdrate 0 //This sets the minimum value for cl_cmdrate. 0 == unlimited.
sv_minrate 0 //Min bandwidth rate allowed on server, 0 == unlimited
sv_minupdaterate 30 //Minimum updates per second that the server will allow


Finally, we want to start our server. It's easiest to do this using a short shell script;

vi tf2.sh

#!/bin/sh
echo "Starting Team Fortress Server"
sleep 1
cd ./orangebox
./srcds_run -console -game tf +map cp_dustbowl +maxplayers 8 -autoupdate +ip 1.2.3.4


make your script executable;

chmod +x tf2.sh

When you execute the script there are all sorts of warnings and errors. I've looked up some of them and apparently this is "normal". The server seems to run OK anyway.

Stop cron jobs from sending email

If you have a cronjob that is constantly spamming you with emails, then add the following to the offending line in your crontab;

>> /dev/null 2>&1

Example;

* * * * * root /root/checkvpn.cron >> /dev/null 2>&1

Voila! No more annoying emails!

Reverting your default editor to vi

In their ongoing quest to destroy ubuntu, Team Shuttleworth have decided to change the default editor for visudo to the train wreck that is nano. To change it back we need to change our default editor back to vi.

#sudo update-alternatives --config editor
There are 3 choices for the alternative editor (providing /usr/bin/editor).

Selection Path Priority Status
------------------------------------------------------------
* 0 /bin/nano 40 auto mode
1 /bin/nano 40 manual mode
2 /usr/bin/vim.basic 30 manual mode
3 /usr/bin/vim.tiny 10 manual mode

Press enter to keep the current choice[*], or type selection number: 3
update-alternatives: using /usr/bin/vim.tiny to provide /usr/bin/editor (editor) in manual mode.


As shown in the code box above, you need to choose option 3

Monday 25 October 2010

Enable Directory Listing in Apache2

You need to add a line to your "site" file. For the default site you would do this;

vi /etc/apache2/sites-enabled/000-default

Add this line inside the main VirtualHost *:80 section;

Options Includes ExecCGI

Restart apache and you are done!

Friday 15 October 2010

rsync on a non standard port

If you have a machine with an ssh server that listens on a port other than the default 22 then you need to modify the way you would normally invoke the rsync command.

rsync -parv --inplace -e "ssh -p 2222" $source $dest

Thursday 14 October 2010

HOWTO: Syncing your /home with a server

Do you have a storage server where you keep your files? Do you think it would be a neat idea to keep a copy of your user files (home directory) on that storage in case your laptop or desktop suffers some sort of a catastrophe? Would you like an approximation of Windows roaming profiles?

If you answered yes to any of the above then read on! (However you should read the disclaimer at the end of this post.)

PLATFORM :
* Ubuntu (Tested with 10.04.1 Lucid but should work with any version)

PREREQUISITES :
* You must have passwordless SSH configured between the client and server users on the two hosts.
* rsync and openssh-server are installed on both hosts.

b) On the server;

The server part is pretty simple. First we will login as the root user;

sudo -i

We need a place to store the copies of the home folders. Create a folder;

mkdir -p /store/homes

Go back to the client;

Now assuming that we have keyless access to our server from the client we just need a script to do the syncing.

Create a script in /etc/init.d

root@hack:~# vi /etc/init.d/homesync
#!/bin/sh
### BEGIN INIT INFO
# Provides: homesync
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: sync homes at startup and shutdown
# Description:
### END INIT INFO

MODE=$1
TARGET="root@zen:/store/homes/"
EXCLUDE="/root/excludes.rsync"

case $MODE in

start)
rsync -parv --inplace $TARGET /home/
;;

stop)
rsync -parv --inplace --exclude-from=$EXCLUDE --delete /home/ $TARGET
;;

esac

Note: Of course you need to change TARGET= to suit your own environment. Also, if your SSH server is listening on a non standard port you will need to modify the rsync command as per this post

Make the script executable;

chmod +x /etc/init.d/homesync

If you look carefully, you will notice that the script will refer to /root/excludes.rsync for any files or folders that it should avoid syncing. We should create that file;

touch /root/excludes.rsync

Now, there are no files on the server yet so we should do an initial sync.
WARNING: If this is not the first (ie primary) client that you are setting this up on then don't run the following command as is or else it will wipe out the "backup" that is already on the server. In such a case you need to replace the "stop" in the command with "start" in order to retrieve the primary files from the server instead.

Perform an initial sync;

/etc/init.d/homesync stop
Note: Depending on how much stuff you have in your user homes this may take some time. You should also ensure that you have enough space to fit everything!


OK, assuming everything is working, the final step is to make sure the homesync script executes when the system stops and start. We do that with the update-rc.d command;

sudo update-rc.d -f homesync defaults

That's it. You can test your setup by adding or altering a file in your home folder and then shutting down your system. If you check the server you should see your changes appear there after it shuts down. If you delete or alter the file again on the server the change should appear on the client after reboot.

If you want to exclude particular files or directories then you may list them in the exludes.rsync file we created earlier.

Here is a sample list;

Junk*
oops*
.pulse*
.cache*
tmp*
temp*
gvfs*
.gvfs*
.Trash*
Trash*
*~
Thumbs.db*
desktop.ini*
lost+found*


DISCLAIMER: Be very careful using this setup in a multiuser environment where there is more than one PC (in use) at any one time. If a user is logged in on more than one PC then it is possible that they could lose data. Be sure you understand the limitations of this system before proceeding down such a path. Also note that the script only executes at startup and shutdown so if the PC is rarely restarted then this system will be of little value. I recommend using it for a simple home network only. It is not flexible or robust enough for use in a corporate network. And one final note, this does not work if you connect to the server using a wifi connection due to the way Ubuntu connects and disconnects after the user logs in. Any script such as this one that runs at boot time will not be able to connect to the network in order to do the sync. In such scenarios you could consider using a cron job or syncing manually.

Wednesday 29 September 2010

Shrinking vmware vmdk disk images

Firstly, you should delete all unnecessary files from within the guest. This includes stuff in /tmp and any cached files, including the apt-get cache. When you have cleared out everything

Deleting files is not enough however because when you a delete file it only deletes the directory entry for the file, all the "1's and 0's" stay as they were before and therefore cannot be efficiently shrunk.

Run this command to fill all empty space on each drive with zero's.

cat /dev/zero > zero.fill;sync;sleep 1;sync;rm -f zero.fill

Note: if you have more than one virtual disk you will need to run this command from within any directory on the mounted disk.

Shut down the guest and log on to the host server.

Change directory (cd) to where the virtual machines vmdk files are located.

Use the vmware-vdiskmanager command to shrink the disk(s).

vmware-vdiskmanager -k sda.vmdk

When this completes, check the size of your vmdk files and they should now be considerably smaller!

Solving "udevadm trigger is not permitted while udev is unconfigured"

After updating a server recently I was presented with the following error after attempting to reboot;

udevadm trigger is not permitted while udev is unconfigured

To fix this we need to do something similar to one of my previous entries on Centos

Boot up a desktop LiveCD and perform the following steps from within a console;

Determine your boot disk, it will usually be /dev/sda1;

sudo fdisk -l

This will produce output like this;

Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000d730c

Device Boot Start End Blocks Id System
/dev/sda1 * 1 994 7977984 83 Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2 994 1045 407553 5 Extended
/dev/sda5 994 1045 407552 82 Linux swap / Solaris


The device with the * is the boot disk.

Create a folder in the "ubuntu" users home;

mkdir tmproot

Mount the disk to that folder (change the boot device if yours is not /dev/sda1);

sudo mount /dev/sda1 /home/ubuntu/tmproot

Chroot the mounted disk;

sudo chroot /home/ubuntu/tmproot

Finding the latest installed version of the kernel.

ls /boot

This will produce output like this;

abi-2.6.32-21-generic-pae memtest86+.bin
abi-2.6.32-24-generic-pae System.map-2.6.32-21-generic-pae
System.map-2.6.32-22-generic-pae config-2.6.32-21-generic-pae
System.map-2.6.32-24-generic-pae config-2.6.32-22-generic-pae
config-2.6.32-24-generic-pae vmcoreinfo-2.6.32-21-generic-pae
vmcoreinfo-2.6.32-24-generic-pae grub
initrd.img-2.6.32-21-generic-pae vmlinuz-2.6.32-21-generic-pae
initrd.img-2.6.32-22-generic-pae vmlinuz-2.6.32-22-generic-pae
initrd.img-2.6.32-24-generic-pae vmlinuz-2.6.32-24-generic-pae


Your latest kernel is the one with the highest version number. In my case it is 2.6.32-24-generic-pae

Update initramfs to load the latest kernel;

sudo update-initramfs -u -k 2.6.32-24-generic-pae

There will likely be an error "unable to resolve hostname ubuntu" and a few errors about /proc/mount not existing. These can be safely ignored.

Reboot the system and all should now be good!

Friday 24 September 2010

Download from RapidShare via Command Line

Plain old wget is not able to download files from rapidshare so we need a tool that can cope with the timers and counters put up when trying to download from that site,

For this we can use "Plowshare"

You can download the deb for the current version from the Download page on the link above. At the time of writing the current version was plowshare_0.9.3-1_all.deb

Once you have the deb file install it with dpkg

sudo dpkg -i sudo dpkg -i plowshare_0.9.3-1_all.deb

This will fail due to unmet dependencies but panic not! We can fix this using apt-get;

sudo apt-get install -f

This will download and install all the missing dependencies automatically.

To use Plowshare, the authors have made it a little unintuitive, by naming the executable differently to the package name.

The executable is named "plowdown"

To download a file from Rapidshare you need the url for the file. To do this simply navigate to the Rapidshare page for the file you are after (the one with the "Speed Meters"), and click on "Free User".

This will take you to the page with the "Seconds Countdown". Copy the URL for that page and paste it into your command.

Example:
plowdown http://rs215.rapidshare.com/files/314956608/ubuntu-9.10-dvd-i386.iso.part01.rar

From here plowshare will do all of the negotiating with RapidShare, wait for any countdown timers and make the appropriate "clicks" as required for you.

This means no more waiting for timers.

Enjoy!

Friday 13 August 2010

LVM VolGroup00 not found (CENTOS)

UPDATE: I've had a similar problem on Ubuntu recently, look here if you are trying to fix a "udevadm trigger is not permitted while udev is unconfigured" error.

-----------

Had to fix this on a server at work. Scenario was that I used Clonezilla to convert a server to an image and then created a virtual server from that image. Because the hard disk drivers had changed the virtual system failed to boot with the above error followed by the dreaded "Kernel Panic". The solution requires us to rebuild our initrd image to suit the new disk architecture.

To start we need to boot from the Centos CD/DVD and into "Rescue system" mode. Follow the prompts until you end up at a shell prompt.

Now, chroot to your system boot;

chroot /mnt/sysimage

Change to your boot directory;

cd /boot

We need to take note of the kernel version that we will be making an image for, it will usually be the latest version. In my case it was 2.6.18-53.el5PAE We will be using this info later. Just do an ls of the directory to see all the installed images.


Once you have identified the correct initrd image, we probably should back it up.

mv initrd-2.6.18-53.el5PAE.img initrd-2.6.18-53.el5PAE.img.backup

Now, we can build a new initrd;

mkinitrd /boot/initrd-2.6.18-92.el5.img 2.6.18-53.el5PAE

Once the image has been built we should rebuild grub just in case.

grub-install /dev/sda

If your drive is on /dev/hda or something else entirely then substitute the correct value in the command above.


Remove the disc from the drive and exit.

exit

And with that your system should boot up happily!

Tuesday 27 July 2010

Virtualisation Is Fun . . . .

. . . . Well, mostly.

I've been a big fan of virtualisation since about 2002. I started with VMWare GSX 2 on Redhat 7.2 and have been using VMWare server on Ubuntu for several years since. For the most part I've found that VMWare offers the stability and usability that I wanted for the typically small installations that I need.

Lately, however, I find I'm losing my enthusiasm for the product a bit.

Firstly, there are all the compatiblity problems that require workarounds with later versions of the kernel and other software packages.

1) Firefox 3.6+ does not work with the console plugin at all. Access to machine consoles requires a workaround. There is no console plugin available for Google Chrome.

2) You can't install vmware server on the later versions of the linux kernel without manually applying 3rd party patches.

3) There are no downloadable updates for the vmware guest tools packages. You need to download the latest version of VMWare Workstation and manually extract the "latest" versions from that.

4) There are other small bugs and glitches to do with web interface and there is no longer a standalone client app as there was with previous versions. The web interface also leaves much to be desired.

So, I have long been mulling moving to a different platform. I even made a concerted effort with Virtualbox with some success.

The point is that VMWare Server is not the only "free" (as in beer) product available, there is also their "Type 1" hypervisor called ESXi, so I thought I'd take a look at that.

I had tried ESXi in the past, but met a stumbling block where it was not compatible with the hardware I was using at the time. I have new hardware now, so I thought I might take a look at ESXi again.

Currently, the version of ESXi that is on the VMWare website is version 4.1. After reading up a bit, I discovered that ESXi does not include the dreaded Web Management Console any more. It requires a standalone application called vSphere Client, which is also a "free" download. Yay! Unfortunately however, the vSphere Client app is Windows only, there is no Linux version at all. Boo! Apparently it was written in .NET so it is locked into the Microsoft platform. There are indications that you may possibly be able to run it in Wine, but I'm not interested in any more dodgy workarounds so that won't work for me.

So, it looks like I will need to be looking at my options yet again.

Basically, there are two types of hypervisors, Type 1 and Type 2. Type 1 is known as a "bare metal" hypervisor, meaning the hypervisor runs directly on the server hardware. Type 2's are called "hosted" which means the hypervisor runs as an application on a host OS. VMware Server is type 2 where as ESXi is type 1. KVM and Xen describe themselves as Type 1 hypervisors but personally, technical distinctions aside, I think the case for both Xen and KVM being type 1 is fairly weak. If I can boot it up and get an otherwise complete Linux desktop then to me that makes it a type 2. Esoteric arguments about the hypervisor being built into the Linux kernel and therefore qualifying it as "bare metal" aren't entirely convincing to me. No matter though, as I don't really care that much as long as things work.

So, let's do a quick and dirty comparison of the "free" (as in beer) virtualisation products currently available (in no particular order).

1) VMWare Server 2 (Type 2)
Has been a reliable workhorse since the old GSX days but it hasn't seen much love for quite some time. I guess VMWare/EMC are focusing their energies elsewhere. VMware server also has paravirtualisation support so a more modern CPU with VT extensions is not absolutely required. Licence = Proprietary

2) VMware ESXi (Type 1)
This I guess is where the VMWare action is these days as all the ESX related management tools and other gubbins is where EMC makes their money. Unfortunately the complete lack of *nix based tools means it's a no go zone for any self respecting Linux geek. VT extensions are required and hardware compatibility issues are not uncommon. Licence = Proprietary

3) MS Hyper-V (Type 1)
It's a Microsoft product which isn't a good start. Nevertheless, I have read a bit about it and apparently it's a fairly basic hypervisor which doesn't have much in the way of decent management tools. Considering Microsoft's history and their penchant for slipping in hidden user lock-in "features" wherever possible and the general crappiness of their products (not to mention the company itself) I am quite hesitant to consider using this. Hyper V also requires VT extensions. Licence = Proprietary

4) Citrix XenServer (Type 1)
Xen is installed as part of a Linux OS so it is easy to mistake it for a Type 2 hypervisor. I was confused about this for some time but apparently since the hypervisor is part of the kernel then this qualifies it as a Type 1. Whatever. Citrix XenServer itself is payware, but there is a "time unlimited trial version" available from their website. There are also open source implementations of Xen including one in the Ubuntu repositories. XenCenter is their version of vSphere and it is, you guessed it, also Windows only. Sigh. I haven't yet tried Xen but one thing I'm concerned about is that all the "energy" in the OSS world right now seems to be in the KVM camp so the long term future of Xen is somewhat cloudy. I don't like the Windows only management centre either.Xen also requires CPU VT extensions. Licence = XOSL

5) Redhat KVM (Type 1)
There is some debate as to whether KVM is type 1 or 2 on the interwebs. My understanding is that it runs in a similar fashion to Xen so I guess that makes it officially a type 1? I have seen it described as a "Type 1.5" before though. Anyway, KVM is part of the RHEL stack, but being open source is available for most distributions. As mentioned before it is where all the action is at the moment so I intend to try KVM next. KVM used to require VT extensions, but last time I looked at it it offered the option to use QEMU for paravirtualisation. I'm not sure what the performance hit is however, the old QEMU I knew was a full x86 emulator and was pretty slow. I believe that this new QEMU also does paravirtualisation though so it may be OK. Stay tuned for more details! Licence = GPL/LGPL

6) Virtualbox (Type 2)
Originally from Innotek, taken over by Sun and now part of the Oracle juggernaut, Virtualbox comes in two flavours. Oracle VirtualBox is free (beer) whereas VirtualBox OSE is Free (as in freedom). However, the OSE version does not work "headless" so it is of no interest to those who want to virtualise servers like I do. I spent a couple of months battling VB and did manage to get things to work (mostly) but it is simply too messy to really use in a production environment. There are zero management tools. EVERYTHING is done via the command line. Now, I'm in no way afraid of the command line but there are some areas where being able to have a visual representation of the state of all the servers you are managing can make things infinitely easier to deal with. Having to type VBoxManage list runningvms at a console just to see what is currently up is cumbersome, especially with the totally unnecessary capitalisation. Automatically starting and stopping machines at shutdown is a pain to setup and if a guest gets its state confused then you are in for an absolute world of pain trying to convince it to forget being suspended and just start up from scratch already. In the end I had a machine that simply refused to start because it insisted that it had been suspended and I could not for the life of me get it to restart. Not being able to remove a guest from the database because "a drive is attached" is simply stupid. I am trying to remove the machine goddamit, I don't CARE that there is a drive attached. But no, you have to find the drive uid by typing in a bunch of cryptic commands. Determine which virtual IDE adaptor it is connected to by using even more cryptic commands, remove the drive from the specific adaptor it is attached to and only THEN can you actually unregister the machine. Why does it have to be so difficult? By all accounts VirtualBox makes a decent alternative to VMWare Workstation as far as running on the desktop. Running it in headless mode is a recipe for frustration. Do I sound bitter? Well, maybe a little. There is also the ongoing uncertainty as to what Oracle intends to do with VirtualBox, they haven't been particularly open source friendly in the past. License = PUEL

So there we go. Now I'm off to play around with KVM!

Monday 19 July 2010

On Tablets and the Death Of Windows

Tablets are coming and with it we will witness the slow and agonizing death of the Windows / Office hegemony.

There can be no doubt that a significant portion of people will purchase a tablet in the next decade. At first it will be as an adjunct to their "traditional" PC and not as a replacement.

However, as their traditional PC's get older and the tablets get better more than a few non tech people will actively consider making a decision to buy just one or the other. Increasingly they will choose to forgo on the traditional PC in favour of some form of small form factor touchscreen alternative, probably with a bluetooth, keyboard + mouse equipped dock for using it on a desk.

Microsoft on the other hand have lost any clue they may have once had. The only thing they have is their bullying relationship with their OEM "Partners", their various user lock in technologies and the existing Windows + Office monopoly.

Before we go any further we must remember Microsoft's Rule #1.

Rule#1 is to protect the Windows + Office monopoly. Everything else is secondary.

To do that Microsoft cannot afford to introduce products that will tempt their customers away from their overpriced and under performing flagship bloatware, therefore any "Tablet OS" will be either a poor second cousin to the desktop products or else they will continue to be what they are today, which is basically the same laptop/desktop OS crowbarred onto an overweight, over heating "touchscreen laptop" sporting the same old fashioned point and click UI that they have been pushing for decades.

This has failed for them for the last decade, there is no reason to believe that it will be any less of a fail in the future.

So, assuming that Ballmer has less success at bullying his OEM's into killing the tablet market like he did for netbooks that will leave most people choosing between various tablets sporting iOS or some form of Linux.

This is a huge problem for Microsoft. The main thing that keeps them in their position of dominance is the Windows monoculture. Most non techy people simply believe that if you want to type a letter you need Office and if you want to use the internet you click on the "Blue E". Various lockin "features" (docx files, .NET, Silverlight) help to reinforce this behaviour and serve to make developers lazy. Why develop open products that can be used cross platform when 95% of users will run IE6 with Active X on Windows" was the status quo for half a decade until Firefox came along. Eventually, the growing numbers of people who were NOT using IE6 on XP reached a tipping point where developers were forced to wake up and stop actively reinforcing Redmonds iron grip on the Industry. The internet is a better place for it now.

So it will be for tablets. Apple has already shown the way. Microsoft will totally fail to keep up as it continues to try and protect its existing monopoly while the Linux upstarts will take up the remainder of the market.

Eventually we will reach another tipping point as developers are forced by the market to wean themselves away from their Visual Studio plus .Net addiction and Joe Public comes to understand that the Microsoft way is not, in fact, the only way and they can write letters to their grandkids perfectly well without the need for a bloated, over featured and expensive PC that requires constant attention, vigilance and third party security products just to keep it functioning.

I fully expect that within 5 years Microsoft will be relegated to corporate desks, and even there their dominance will be waning.

Thursday 15 July 2010

FIx: util-linux error doing dist-upgrade on Ubuntu

This bug was first "introduced" in 10.04 Lucid but appears to have carried over to Natty, Maverick and Oneiric.

If you get this error;

Could not perform immediate configuration on 'util-linux'

then you have struck a bug in the packaging of util-linux. The problem is that util-linux depends on the upstart-job but that is not correctly defined in the package.

Install upstart-job manually;

sudo apt-get install upstart-job

When that is done you should be able to do a apt-get dist-upgrade again without problems.

Moving your home directories to a separate partition.

I always have my user homes on a separate partition.

This has a couple of advantages.

1) Frees up space on your root (/) partition.

2) Separates user homes from the OS. If you ever have to re-install the OS you don't lose all your user data.

In general, the steps are as follows;


!!!!! BACKUP YOUR SYSTEM OR YOU COULD LOSE EVERYTHING !!!!!


First, lets take a look around and see how the system is currently configured

We want to know what drives are currently mounted and where.

df -h

The main one you are interested in is the device where / is mounted.

It will probably be /dev/sdan but it may be something different.

Here is an example using sda1;
brettg@earth:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 11G 4.2G 6.4G 40% /
none 1.5G 296K 1.5G 1% /dev
none 1.5G 608K 1.5G 1% /dev/shm
none 1.5G 132K 1.5G 1% /var/run
none 1.5G 0 1.5G 0% /var/lock
none 1.5G 0 1.5G 0% /lib/init/rw


Note: If your root is not on /dev/sda1 then ensure you make a note of where it is mounted.


You will notice that I currently have only a single file system mounted, and that is root on sda1. (You can ignore all the "none" mounts they are used by the kernel)

Next is to identify a suitable place to mount /home.

Note: I will assume that your system has a single hard disk with some free space or an existing EXT partition. If you have a second hard disk then you will need to modify this procedure to suit your configuration!


Let's take a look at all the drives on my system.

sudo fdisk -l

This will show you all the current disks and partitions on your system. Here is mine;
Disk /dev/sda: 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4865 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00090790

Device Boot Start End Blocks Id System
/dev/sda1 * 1 1459 11717632 83 Linux
/dev/sda2 1459 4623 25410560 83 Linux
/dev/sda3 4623 4866 1952768 82 Linux swap / Solaris


In my case I already have a suitable unmounted partition /dev/sda2. The third partition is (obviously) my swap partition.
Note: If the unused space on your target disk is shown as free space or is partitioned as something else (ie NTFS or FAT) then you will need to use gparted or fdisk to remove it and create a suitable EXT partition (ID=83).

! For Dogs sake ensure you know what is on the partition you are messing with, all data on the partition will be LOST FOR EVER !


Once you have created a suitable partition, mount it to a temporary mount point. I will use the /dev/sda2 from now on as the target. Let's temporarily mount it to /tmp/sda2.


sudo mkdir /tmp/sda2
sudo mount /dev/sda2 /tmp/sda2
cd /tmp/sda2


At this point you should be now looking at the existing contents of the partition. If this is an old partition you probably want to ensure that you do in fact want to delete all the files located here because after the next command there is no going back.

Once you have determined that you do in fact want to trash the contents of the partition type;
sudo rm -rf /tmp/sda2

Next we want to copy our existing home directories over to the new partition. Use this command;

sudo cp -rfvp /home/* /tmp/sda2/

Depending on how much data is in your home directory this may take some time to complete.

When it is done do a quick visual check to see that everything looks OK.

brettg@earth:~$ ls -al /tmp/sda1
total 16
drwxr-xr-x 3 root root 4096 2010-07-14 14:58 .
drwxr-xr-x 22 root root 4096 2010-07-14 16:33 ..
drwxr-xr-x 12 brettg users 4096 2010-02-12 08:55 brettg
drwxr-xr-x 26 andy users 4096 2010-02-12 09:39 andy


Compare this with your existing homes;
brettg@earth:~$ ls -al /home
total 16
drwxr-xr-x 3 root root 4096 2010-07-14 14:58 .
drwxr-xr-x 22 root root 4096 2010-07-14 16:33 ..
drwxr-xr-x 12 brettg users 4096 2010-02-12 08:55 brettg
drwxr-xr-x 26 andy users 4096 2010-02-12 09:39 andy


Both should be the same.

If all is ok you can now do the final steps, which is adding the drive to fstab.

I like to use a disks uuid rather than the physical device. It makes things much easier down the track when you want to move or add drives to your system.

Let's find the uuid of our new partition;

sudo blkid /dev/sda2

This will return something like this;

/dev/sda2: UUID="ee88bfd6-1a7e-486f-85ff-2f2e4c81bd6d" TYPE="ext4"

You want to select and copy the uuid string without the quotes.

Now, edit /etc/fstab

sudo vi /etc/fstab

Add a line like this;

UUID=ee88bfd6-1a7e-486f-85ff-2f2e4c81bd6d /home ext4 errors=remount-ro 0 1

making sure you use your own uuid.

Let's test to see if you can mount the new home partition.

sudo mount /home

If all goes well there should be no error returned.

Let's see if it is mounted;

brettg@earth:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 11G 4.2G 6.4G 40% /
/dev/sda2 25G 2.2G 23.7G 9% /home
none 1.5G 300K 1.5G 1% /dev
none 1.5G 608K 1.5G 1% /dev/shm
none 1.5G 132K 1.5G 1% /var/run
none 1.5G 0 1.5G 0% /var/lock
none 1.5G 0 1.5G 0% /lib/init/rw


As we can see above, /dev/sda2 is now mounted to /home

And that's it. All we need to do is reboot and make sure everything is working OK.

Note: Be aware that the original data in /home on /dev/sda1 is still there and taking up the same space as it was before. It is hidden underneath the mounted drive. Once you have determined that everything is OK, you might want to login as root, manually umount /home to make the old data reappear and then rm -rf the old data. Of course the normal caveats apply and you should make triple sure you are really deleting what you think you are deleting before hitting Enter

Always remember when messing with partitions and rm -rf IRREVERSIBLE DATALOSS IS POSSIBLE !!!!!


Good luck and take care . . .

Friday 9 July 2010

CPU, RAM and Process Monitoring with HTOP

Here's a nifty alternative to good old "top"







It's called "htop"

You can install it with

sudo apt-get install htop

and simply enter htop on the command line to invoke it.

Thursday 8 July 2010

Mapping /dev/sg to scsi disks

This is another thing that has been making life difficult, particularly when configuring scsi passthru devices under vmware.

Just say you have a device /dev/sdd that you want to pass through to a guest machine. When you configure it under vmware you can't use the normal nomenclature (ie /dev/sdd), you must pass through the "sg" device (ie /dev/sg3)

The trouble is, sometimes it is hard to figure out which sg device is which.

The answer is to use the "sg_map" command.

sudo apt-get install sg3-utils

brettg@jupiter:~# sudo sg_map
/dev/sg0 /dev/sda
/dev/sg1 /dev/sdb
/dev/sg2 /dev/sdc
/dev/sg3 /dev/sdd
/dev/sg4 /dev/sde
/dev/sg5 /dev/sdf
/dev/sg6 /dev/sdg
/dev/sg7 /dev/sdh


Easy peasy!

Tuesday 6 July 2010

Add VMware Server certificate to Chrome

When you connect to your VMware Server host console using the Google Chrome browser you will be presented with a warning about the site certificate being invalid. This is because the certificate is self signed due to it being generated during the vmware install process.

In Firefox you simply click "allow exception" and this warning disappears for good.

Chrome does not have a similar exception mechanism unfortunately. Chrome uses the "NSS Shared DB" which is part of the OS. From their website "On Linux, Chromium uses the NSS Shared DB. Rather than reinvent the wheel and create another certificate configuration tool, we are going to wait for a system certificate configuration utility to be created and launch that. In the mean time, you can configure certificates with the NSS command line tools."

This is how we do it. My host server is named "jupiter", you should change this to suit yours obviously.

Install the nss toolset;

sudo apt-get install libnss3-tools

Obtain the certificate from your server;

echo QUIT | openssl s_client -connect site:8333 | sed -ne '/BEGIN CERT/,/CERT/p'END

This will produce a lot of output. Select and copy the section that looks like this;

-----BEGIN CERTIFICATE-----
MIqDRzCCArACCQC6JbNYOIukPTANBgkqhkiG9w0BAQUFADCB5zELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEVMBMG
A1UEChMMVk13YXJlLCBJbmMuMSQwIgYDVQQLExtWTXdhcmUgTWFuYWdlbWVudCBJ
bnRlcmZhY2UxEDAOBgNVBAMTB2p1cGl0ZXIxNDAyBgkqhkiG9w0BCQITJSgxMjc4
MTEwNzE0KSwoNTY0ZDc3NjE3MjY1MjA0OTZlNjMyZSkxKjAoBgkqhkiG9w0BCQEW
G3NzbC1jZXJ0aWZpY2F0ZXNAdm13YXJlLmNvbTAeFw0xMDA3MDIyMjQ1MTRaFw0y
NDAzMTAyMjQ1MTRaMIHnMQswCQYDVQJGEwJVUzETMBEGA1UECB6KQ2FsaWZvcm5p
YTESMBAGA1UEBxMJUGFsbyBBbHRvMRUwEwYDVQQKEwxWTXdhcmUsIEluYy4xJDAi
BgNVBAsTG1ZNd2FyZSBNYW5hZ2VtZW50IEludGVyZmFjZTEQMA4GA1UEAxMHanVw
aXRlcjE02DIGCSqGSIb3DQEJAhMlKDEyNzgxMTA3MTQpLCg1NjRkNzc2MTcyNjUy
MDQ5NmU2MzJlKTEqMCgGCSqkSIb3DQEJARYbc3NsLWNlcnRpZmljYXRlc0B2bXdh
cmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNYXoFdwyIkk4uoAiE
vdD/Wl19hYcPswPIROr+eyMRRs1uriMA6LAyF8hYQZL0BYkCxxP6XpCT23pmZwmu
/0ZLPGig4nl35MipeRSdVgkfWMyqmT2iwArvk+Vm3zwWx5IPeCXHOHilmfIB9Xe1
Kq3zUmIHWwkrkNt+Y4z7S1eiKwIDAQABMA0GCSqGSIb3DQEBBQUAA4GlACiRRhLx
kdH3QQdTZvDBXs3D+dcFEXzgWNNyTiyEx1Gyf34cDbmNdyoVtUspH4P1HjQIj+fC
XH++BhmtIjxDhwpzat378eo2X0h3d4sw/maaVu6luTBn4VRg8/6iAOijPcQR0PaJ
EmzxqPMUrxz2s072xj00y2v9vzGJhaVim5Ph
-----END CERTIFICATE-----

Note: You should include the BEGIN and END tag lines.

Create a file to store the certificate;

vi ~/jupiter.cert

and paste in the code you copied.

Add the certificate to your store;

certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n vmware-jupiter -i ~/jupiter.cert
"vmware-jupiter" is a nickname, you can use whatever you like there as long as it makes some sense to you
.
You should be able to browse your host without seeing any error*

You can list the certificates that are installed like this;

certutil -d sql:$HOME/.pki/nssdb -L

To look at the details of a certificate;

certutil -d sql:$HOME/.pki/nssdb -L -n certificate_nickname

And finally, to delete a certificate;

certutil -d sql:$HOME/.pki/nssdb -D -n certificate_nickname

* You will still get a red "broken certificate" indicator in the browser address bar but you wont be asked to proceed every time you connect.

Saturday 3 July 2010

VMware remote console + Firefox 3.6 (updated)

Firefox 3.6 is the default browser on Ubuntu since Karmic but unfortunately it no longer works when attempting to launch a VMWare server remote console session from within the web gui. This is one of the reasons I decided to move away from VMware to Virtualbox headless, with mixed results.

My virtualbox experiment is over and I have decided to go back to VMware. It is a shame but vbox just has too many ways to get itself tangled up and lacks the "management polish" that you get with vmware server.

That being said, there is still the problem that new versions of Firefox refuse to work with the remote console plugin and that is a show stopper. It forces me to keep Jaunty on my laptop just so I can get a console session when needed.

The good news is that I have just discovered a workaround for this problem.

Apparently, there is an undocumented* feature in vmware player that enables it to connect to a remote host!

I have long been wondering why such a feature was not available and now I find out it actually is! Yay!

Anyway, assuming you have installed vmware player, if you type the following at a shell prompt;

vmplayer -h

you will be presented with a dialog that looks like this;



Enter your server details (including the port which is 8333 by default)



Click OK and you will see a list of the guest machines on that host, like so;



Click on a host and open to create a remote console session and you are done!

I can't tell you how excited I am to discover this trick. Now I have no more reasons to avoid changing my main browser to Chrome.

[UPDATE]

I having been playing about and you can streamline the process by adding the host and login details to the command line.

vmplayer -h jupiter -u brettg -p mypassword

* It is not mentioned when you type vmplayer --help at the console.

Friday 2 July 2010

HOWTO: SAMBA + LDAP on 10.04 Lucid Part 1

Wow, it has taken me weeks to get this to the point that it seems to be working. The official documentation is horribly broken, but I have finally got what i think is a working solution. I will probably need to tweak this guide as time goes on (see the end of the post for revision history)

PLATFORM:
* Ubuntu Server 10.04 LTS (Lucid)

PREREQUISITES:
* A standard vanilla Ubuntu 10.04 server install.
* Set your admin user as a system user.
* Mount our user home directories to an NFS server

Network overview;
* domain name: tuxnetworks.com (change this to suit your own)
* ldap-server 10.1.1.5 (change this to suit your own)

Installing Samba

We will start by configuring samba.

Download this samba config file;

~$ wget http://www.tuxnetworks.com/configs/smb.conf

Note:
Edit this file to suit your own network. You need to change the "ldap suffix" & "ldap admin" values, but you will probably also want to change "workgroup" and "netbios name" as well.


Create a samba directory;

sudo mkdir /etc/samba/

Copy the new smb.conf file into place;

~$ sudo cp smb.conf /etc/samba/

Install Samba;

~$ sudo apt-get install samba samba-doc smbclient

Install the LDAP server

Next we want to install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP management utilities;

~$ sudo apt-get install slapd ldap-utils libpam-smbpass smbldap-tools

Notes:
By default slapd is configured with minimal options needed to run the slapd daemon.

The configuration example in the following sections will match the domain name of the server. For example, if the machine's Fully Qualified Domain Name (FQDN) is ldap.tuxnetworks.com, the default suffix will be dc=tuxnetworks,dc=com.

OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon, allowing the modification of schema definitions, indexes, ACLs, etc without stopping the service.

The backend cn=config directory has only a minimal configuration and will need additional configuration options in order to populate the frontend directory. The frontend will be populated with a "classical" scheme that will be compatible with address book applications and with Unix Posix accounts. Posix accounts will allow authentication to various applications, such as web applications, email Mail Transfer Agent (MTA) applications, etc.

* For external applications to authenticate using LDAP they will each need to be specifically configured to do so. Refer to the individual application documentation for details.

Remember to change "dc=tuxnetworks,dc=com" in the following examples to match your LDAP configuration.

First, some additional schema files need to be loaded. In a terminal enter:
~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

Download this LDIF file

~$ wget http://www.tuxnetworks.com/configs/backend.ldif

Edit the file to change "dc=tuxnetworks,dc=com" and "mypassword" to suit your own domain details.

TIP:
A quick way to do this is to use sed;
sed -i s/dc=tuxnetworks,dc=com/dc=example,dc=net/g backend.ldif

Now add the LDIF to the LDAP directory:

~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ~/backend.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=module,cn=config"

adding new entry "olcDatabase=hdb,cn=config"


Samba needs us to tell it the LDAP admin password which we can do with this command;

~$ sudo smbpasswd -W
Setting stored password for "cn=admin,dc=tuxnetworks,dc=net" in secrets.tdb
New SMB password:
Retype new SMB password:


Note:
Use the password you entered in the backends.ldif file earlier.

And finally, we restart samba again;

~$ sudo service smbd restart

You can test that samba works by using the samba-client (when it asks for roots password just press Enter);

~$ sudo smbclient -L localhost

You should see something like this;
~$ sudo smbclient -L localhost
Enter root's password: 
Anonymous login successful
Domain=[SAMBA] OS=[Unix] Server=[Samba 3.4.7]

 Sharename       Type      Comment
 ---------       ----      -------
 print$          Disk      Printer Drivers Share
 shared          Disk      
 archive         Disk      
 IPC$            IPC       IPC Service (Samba 3.4.7)
Anonymous login successful
Domain=[SAMBA] OS=[Unix] Server=[Samba 3.4.7]

 Server               Comment
 ---------            -------
 MYSAMBASERVER        Samba 3.4.7

 Workgroup            Master
 ---------            -------
 MYSAMBAWORKGROUP     MYSAMBASERVER

Note:
If you don't see the expected output, then you should stop right now and repeat the process. Having Samba incorrectly configured at this point will cause the rest of the procedure to fail.

OK, now that that we have the basic part done you should proceed to part 2.

HOWTO: SAMBA + LDAP on 10.04 Lucid Part 2

This is Part Two of my SAMBA + LDAP howto. You must successfully complete Part One before attempting this procedure.

OK, with Part one done we must now provide our samba users with profile and netlogon directories, let's create them now;

~$ sudo mkdir -v -m 777 /var/lib/samba/profiles
~$ sudo mkdir -v -p -m 777 /var/lib/samba/netlogon


Next we must add the samba schemas to the LDAP server. These schemas are part of the samba-doc package that we installed in Part One.

Copy the schemas to the appropriate location;
~$ sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/
~$ sudo gzip -d /etc/ldap/schema/samba.schema.gz

These schemas must be converted to the "ldif" format before we can use them.

Create a file called schema_convert.conf

~$ vi ~/schema_convert.conf

and paste in the following lines;

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/samba.schema


Next, use slapcat to convert the schemas;

~$ slapcat -f ~/schema_convert.conf -F ~ -n0 -s "cn={12}samba,cn=schema,cn=config" > ~/cn=samba.ldif


slapcat will generate a file "~/cn\=samba.ldif". Edit this file;

~$ vi ~/cn\=samba.ldif

and change the following attributes:

dn: cn={12}samba,cn=schema,cn=config
...
cn: {12}samba


to

dn: cn=samba,cn=schema,cn=config
...
cn: samba


Also, remove all these lines from the bottom of the file.

structuralObjectClass: olcSchemaConfig
entryUUID: 99e797a8-07cb-102f-8c5c-739a8467e607
creatorsName: cn=config
createTimestamp: 20100609043122Z
entryCSN: 20100609043122.188753Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20100609043122Z


Add the schema to the server;

~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ~/cn\=samba.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=samba,cn=schema,cn=config"


You should see the following line with no errors reported.

adding new entry "cn=samba,cn=schema,cn=config"

Let's check how things are going with the following query (use an empty password);
~$ sudo ldapsearch -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -b cn=config -W olcDatabase={1}hdb

You should see a metric shedload of output with this at the end;

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


If you see output like above then your LDAP server is working, but we still need to finish configuring samba.

Unpack the samba-ldap-tools (we downloaded this earlier)
~$ sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz

Now we are going to execute a perl script which will set up samba for us. For almost every prompt you should just press Enter. There are a few of exceptions however. When asked for "logon home" and "logon path" enter a "." (fullstop) and nothing else. When asked for a password (ldap master/slave bind password) use the password for the "admin" account that you entered earlier. Remember, leave the default value for everything else!

Run the script;

~$ sudo perl /usr/share/doc/smbldap-tools/configure.pl

Now that the script has created our configuration, we can use it to populate the server;

~$ sudo smbldap-populate
Populating LDAP directory for domain TUXNETWORKS (S-1-5-21-3403240416-131340500-4256605436)
(using builtin directory structure)

adding new entry: dc=tuxnetworks,dc=net
adding new entry: ou=Users,dc=tuxnetworks,dc=net
adding new entry: ou=Groups,dc=tuxnetworks,dc=net
adding new entry: ou=Computers,dc=tuxnetworks,dc=net
adding new entry: ou=Idmap,dc=tuxnetworks,dc=net
adding new entry: uid=root,ou=Users,dc=tuxnetworks,dc=net
adding new entry: uid=nobody,ou=Users,dc=tuxnetworks,dc=net
adding new entry: cn=Domain Admins,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Domain Users,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Domain Guests,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Domain Computers,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Administrators,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Account Operators,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Print Operators,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Backup Operators,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: cn=Replicators,ou=Groups,dc=tuxnetworks,dc=net
adding new entry: sambaDomainName=TUXNETWORKS,dc=tuxnetworks,dc=net

Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:


Note:
The "UNIX and samba passwords for root" can be anything, you don't need to use the LDAP admin password here.

The final touches;

~$ sudo /etc/init.d/slapd stop
~$ sudo slapindex

WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!

Ignore the warning!

~$ sudo chown openldap:openldap /var/lib/ldap/*
~$ sudo /etc/init.d/slapd start


Make "root" the domain adminstrator;

~$ sudo smbldap-groupmod -m 'root' 'Administrators'
adding user root to group Administrators


If this returns;

adding user root to group Administrators

with no errors then you are looking good!

Now, we need to allow clients to authenticate via LDAP. To do this we need to install a package.

~$ sudo apt-get --yes install ldap-auth-client

During this process enter the following details;

ldapi:///127.0.0.1:389/

dc=tuxnetworks,dc=com

3

Yes

No

cn=admin,dc=tuxnetworks,dc=com

mypassword


We also need to tell PAM and the "Name Service Switch" (NSS) service to use LDAP for auth;

~$ sudo auth-client-config -t nss -p lac_ldap
~$ sudo pam-auth-update ldap


If all has gone well, you should now be able to add a user to the database;

~$ sudo smbldap-useradd -a -m -P brettg
Cannot confirm uidNumber 1000 is free: checking for the next one
Changing UNIX and samba passwords for brett
New password:
Retype new password:


Note:
You will notice the above command returns "Cannot confirm uidNumber 1000 is free: checking for the next one" and your LDAP user ends up with UID of 1001. If you are an OCD type like me and want all your users on LDAP and starting at 1000, then you might want to consider changing the UID of the default Ubuntu system user to a number below 1000 before issuing this command. If you do that, then make sure that you can log in and get sudo privileges before you go any further of course.

You can check your new user by issuing this command;

~$ ldapsearch -xLLL -b "dc=tuxnetworks,dc=com" uid=brettg
dn: uid=brett,ou=Users,dc=tuxnetworks,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: brett
sn: brett
givenName: brett
uid: brett
uidNumber: 1001
gidNumber: 513
homeDirectory: /home/brett
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: brett
sambaSID: S-1-5-21-3403240416-131340500-4256605436-3002
sambaPrimaryGroupSID: S-1-5-21-3403240416-131340500-4256605436-513
sambaLogonScript: allusers.bat
sambaLMPassword: 157FBB24ACBE1A68AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 8462E3FFE0BA1C8CED841873EC989A29
sambaPwdLastSet: 1308795478
sambaPwdMustChange: 1312683478
shadowLastChange: 15148
shadowMax: 45


If you get output like this then congratulations, you have successfully configured a combined Samba/LDAP server!

Next, you should go ahead and configure a client

Revisions:
13/7/2010- Karan Pratap Singh pointed me to another howto which does some things in a better way than mine did. I have merged the parts that I like into my document (see comments)

23/6/2011- Retested, confirmed the process still works. Some parts were cleaned up and extra output from some of the commands was added. Also I split the post into 2 parts as it was getting quite long.

Monday 21 June 2010

HOWTO: phpLDAPadmin on 10.04 Lucid Lynx

PLATFORM:
* Ubuntu Server 10.04 LTS (Lucid)

PREREQUISITES:
* A vanilla Ubuntu 10.04 server install.
* You have successfully installed a working LDAP server

Network overview;
* domain name: example.com
* ldap-server 10.1.1.5

Currently, the version of phpLDAPadmin that is in the Lucid repositories is a relatively old version (v1.1.07) which is not compatible with the version of PHP that actually ships with Lucid (v5.3.2).

Doh!

What we need to do is use the current version (v1.2.0.5) from Launchpad

wget https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+build/1744905/+files/phpldapadmin_1.2.0.5-1ubuntu1.10.04.1_all.deb

Install dependancies

sudo apt-get install apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap php5-common php5-ldap ssl-cert

Install the package

sudo dpkg -i phpldapadmin_1.2.0.5-1ubuntu1.10.04.1_all.deb

Make a softlink to the downloaded version of php

sudo ln -s /usr/share/phpldapadmin /var/www/phpldapadmin

Pointing phpldapadmin to your domain;

Edit config.php

sudo vi /etc/phpldapadmin/config.php

Find these lines;

$servers->setValue('server','base',array('dc=example,dc=com'));

$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');


Change the lines to suit your own network. In my case this would be like this;

$servers->setValue('login','bind_id','cn=admin,dc=tuxnetworks,dc=com');

Restart apache

sudo /etc/init.d/apache2 restart

Test it by browsing to your ldap server at;

http://10.1.1.5/phpldapadmin/

and login using;

USER: cn=admin,dc=example,dc=com
PASS: your_password

Once you have logged in, expand the tree & you should see something like this;

+--> dc=example,dc=com (3)
---> cn=admin
+--> ou=groups (1)
+--> ou=people (1)
---> Create new entry here


And that's it, you're done!

HOWTO: LDAP Server on 10.04 Lucid Lynx

In my previous LDAP server howto we used 8.04 Hardy Heron. Things have changed quite a bit since then, so I have updated my procedure. Most of this is ajust a reproduction of the Ubuntu Doc's page for LDAP (See references at the end of the article for a link)

PLATFORM:
* Ubuntu Server 10.04 LTS (Lucid)

PREREQUISITES:
* A standard vanilla Ubuntu 10.04 server install.
* An NFS server exporting the users home directorys

Network overview;
* domain name: example.com
* ldap-server 10.1.1.5

Install The Packages

We want to install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP management utilities:

sudo apt-get install slapd ldap-utils
Notes:
By default slapd is configured with minimal options needed to run the slapd daemon.

The configuration example in the following sections will match the domain name of the server. For example, if the machine's Fully Qualified Domain Name (FQDN) is ldap.example.com, the default suffix will be dc=example,dc=com.

Populating the server
Notes:
OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon, allowing the modification of schema definitions, indexes, ACLs, etc without stopping the service.

The backend cn=config directory has only a minimal configuration and will need additional configuration options in order to populate the frontend directory. The frontend will be populated with a "classical" scheme that will be compatible with address book applications and with Unix Posix accounts. Posix accounts will allow authentication to various applications, such as web applications, email Mail Transfer Agent (MTA) applications, etc.

* For external applications to authenticate using LDAP they will each need to be specifically configured to do so. Refer to the individual application documentation for details.

* Remember to change dc=example,dc=com in the following examples to match your LDAP configuration.

First, some additional schema files need to be loaded. In a terminal enter:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif


Next, create an LDIF file

vi ~/backend.ldif

With the following contents;

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=tuxnetworks,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=tuxnetworks,dc=com
olcRootPW: mypassword
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by * read

* Change olcRootPW: mypassword to a password of your choosing.

* Change dc=example,dc=com to suit your own domain details.

Now add the LDIF to the directory:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif

The frontend directory is now ready to be populated. Create a frontend.ldif file

vi ~/frontend.ldif

Enter the following contents, once again making the necessary changes to suit your own network:

# Create top-level object in domain
dn: dc=tuxnetworks,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Tuxnetworks
dc: Tuxnetworks
description: LDAP Server

# Admin user.
dn: cn=admin,dc=tuxnetworks,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: mypassword

dn: ou=people,dc=tuxnetworks,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=tuxnetworks,dc=com
objectClass: organizationalUnit
ou: groups

dn: uid=brettg,ou=people,dc=tuxnetworks,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: brettg
sn: Glasson
givenName: Brett
cn: Brett Glasson
displayName: Brett Glasson
uidNumber: 1000
gidNumber: 10000
userPassword: mypassword
gecos: Brett Glasson
loginShell: /bin/bash
homeDirectory: /home/brettg
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: brett.glasson@tuxnetworks.com
postalCode: 31000
l: Melbourne
o: tuxnetworks
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:
initials: BG

dn: cn=users,ou=groups,dc=tuxnetworks,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000

Notes:
In this example the directory structure, a user, and a group have been setup. In other examples you might see the objectClass: top added in every entry, but that is the default behaviour so you do not have to add it explicitly.

Add the entries to the LDAP directory:

sudo ldapadd -x -D cn=admin,dc=tuxnetworks,dc=com -W -f frontend.ldif

We can check that the content has been correctly added with the ldapsearch utility. Execute a search of the LDAP directory:

ldapsearch -xLLL -b "dc=tuxnetworks,dc=com" uid=brettg sn givenName cn

Which should return something like this;

dn: uid=brettg,ou=people,dc=,dc=com
cn: Brett Glasson
sn: Glasson
givenName: Brett


Next, you should go ahead and install phpLDAPadmin, add Samba support or configure a client

References:
Ubuntu Docs