Friday, September 28, 2012

VoIP QoS on Cisco 3560 Switches with Polycom and Cisco IP Phones

Today we are going to setup network Quality of Service (QoS) for Voice over IP (VoIP) traffic generated by Polycom and Cisco IP phones. Our goal here is to tag the VoIP packets so that they are placed in a priority outgoing queue so that if the available bandwith is saturated, then the VoIP packets will be the last ones to be dropped by the switch. VoIP is a delay-sensitive application while bulk data transfers are not. When a switch port gets more data that it can handle, the switch will start dropping packets. If a VoIP packet is dropped, people having a conversation will hear a glitch. We don't want that and this is why we must treat the VoIP packets differently than other data packets.

Thursday, September 27, 2012

IOS Upgrade on Cisco WS-C4507R Chassis with Dual Supervisor V Engines

Today we will upgrade the IOS version on both WS-X4516 supervisor engines V in a WS-C4507R chassis. This blog post assumes that your 4507R chassis's supervisor engine already has network support for you to SSH into it.

First, go to the Cisco support site and download the latest IOS version (you need a Cisco support contract to have access to new IOS images). Place this image on your TFTP server. In this example, the TFTP server is a CentOS Linux machine called alice.company.com.

Wednesday, August 22, 2012

Oracle Database 11.2.0.3 Install and Setup on RedHat Linux 6 x86_64

In this post we will install a new server with the latest Oracle Database 11gR2 software (as of this writing, it is version 11.2.0.3). In this example, the new machine is called opus.company.com and the new database instance is called meta.

Tuesday, August 21, 2012

Howto Recover Lost Cisco Enable Password

In this blog post, we will recover from a lost Cisco switch enable password.

Thursday, August 16, 2012

How to remove an FC LUN from a running RedHat 6 server.

This quick howto document shows how to remove a fibre channel LUN under multipathd(8) control from a running RedHat Enterprise Linux 6 machine. Be careful when performing online storage modifications. Make sure you have a valid backup. And of course I can't be held resonsible for any problems if you follow these steps ;)

Thursday, June 28, 2012

PC-BSD / FreeBSD Kerberos GNOME Graphical Login

A quick post just to show how to configure a PC-BSD or a FreeBSD workstation to run kinit(1) right when you login. In this example, the desktop machine is running PC-BSD 9.0 with the GNOME desktop.

Tuesday, June 12, 2012

Secure Backup & Recovery with rsnapshot, rssh and OpenSSH

Overview


Wee all need to backup our machines. But we also need to keep the data private and the backup procedure secured. In UNIX and Linux machines, we need to run the backup operation as root in order to read everything on the machines. But allowing remote connections as the root user is not exactly a good idea. So how to we proceed? We use rsnapshot(1) and rssh(1) together with OpenSSH to secure the whole process. Here's how to do it on CentOS 6.

In case you're running a heterogeneous network, please note that I've successfully configured this process on FreeBSD, PC-BSDRedHat, Ubuntu, AIX and Solaris servers.

In this example, our backup server is called backup.company.com and is running CentOS 6 while the clients are :
  1. The OpenLDAP server alice.company.com that we configured in several other blog posts and running CentOS 6.
  2. A workstation machine called charlie.company.com running PC-BSD 9.0 (i.e. FreeBSD 9.0 :)

Friday, June 8, 2012

HOWTO : OpenLDAP 2.4 Replication on CentOS 6.2

We continue our OpenLDAP 2.4 on CentOS 6.2 with a description on how to setup  between two OpenLDAP 2.4 servers. This happens to be the final bullet point in our list of goals :
  1. Install OpenLDAP 2.4.
  2. Configure Transport Layer Security (TLS).
  3. Manage users and groups in OpenLDAP.
  4. Configure pam_ldap to authenticate users via OpenLDAP.
  5. Use OpenLDAP as sudo's configuration repository.
  6. Use OpenLDAP as automount map repository for autofs.
  7. Use OpenLDAP as NFS netgroup repository again for autofs.
  8. Use OpenLDAP as the Kerberos principal repository.
  9. Setup OpenLDAP backup and recovery.
  10. Setup OpenLDAP replication.
Of course the first thing to do in order to be able to replication our DIT is to have another CentOS machine. So go ahead and install it on a seperate computer. We will continue with our example two machines : alice and bob. Alice is the current OpenLDAP server while bob was the client. At the end of this document, bob will be the second OpenLDAP server. Which in OpenLDAP syncrepl parlance, we have these entities :
  • provider : alice.company.com (a.k.a. master server)
  • consumer : bob.company.com (a.k.a. replica server)

Thursday, May 31, 2012

CentOS Serial Console Server with Digi AccelePort Xem Module

In order to effectively manage UNIX, Linux and Cisco machines from a remote location, one needs to redirect the console to the serial port and hook this to a serial console server. It is also good on a security stand point because all the messages sent to the console are logged on the console server, thus serving in forensic investigations. Ideally, to have even the BIOS at the serial ports, you need to run Oracle/Sun Microsystems or IBM pServers machines. Most newer x86 servers can redirect their BIOS to the serial port. Do it, it's great! With the console server, you have access to everything the server has to offer from the comfort of your office.

Tuesday, May 15, 2012

HOWTO : OpenLDAP 2.4 Backup & Recovery on CentOS 6.2

This blog post will explain how to backup and restore our OpenLDAP 2.4 server. This is goal number nine.
  1. Install OpenLDAP 2.4.
  2. Configure Transport Layer Security (TLS).
  3. Manage users and groups in OpenLDAP.
  4. Configure pam_ldap to authenticate users via OpenLDAP.
  5. Use OpenLDAP as sudo's configuration repository.
  6. Use OpenLDAP as automount map repository for autofs.
  7. Use OpenLDAP as NFS netgroup repository again for autofs.
  8. Use OpenLDAP as the Kerberos principal repository.
  9. Setup OpenLDAP backup and recovery.
  10. Setup OpenLDAP replication.
The Maintenance chapter in the OpenLDAP Administrator's Guide on this topic is not very explicit. We hope this blog post will be more helpful.

HOWTO : Kerberos KDC with OpenLDAP 2.4 Back-End and SASL GSSAPI Authentication on CentOS 6.2

We continue our OpenLDAP 2.4 series with goal number 8. Recall that our goals are :
  1. Install OpenLDAP 2.4.
  2. Configure Transport Layer Security (TLS).
  3. Manage users and groups in OpenLDAP.
  4. Configure pam_ldap to authenticate users via OpenLDAP.
  5. Use OpenLDAP as sudo's configuration repository.
  6. Use OpenLDAP as automount map repository for autofs.
  7. Use OpenLDAP as NFS netgroup repository again for autofs.
  8. Use OpenLDAP as the Kerberos principal repository.
  9. Setup OpenLDAP backup and recovery.
  10. Setup OpenLDAP replication.
In this document, we will learn how to setup our OpenLDAP 2.4 server as a repository for our Kerberos principals. We will also explore how to configure the client machines. Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography by utilizing asymmetric key cryptography during certain phases of authentication.

Thursday, May 10, 2012

HOWTO : OpenLDAP NFS NetGroup Repository for AutoFS

We continue our OpenLDAP 2.4 series with goal number 7. Recall that our goals are :
  1. Install OpenLDAP 2.4.
  2. Configure Transport Layer Security (TLS).
  3. Manage users and groups in OpenLDAP.
  4. Configure pam_ldap to authenticate users via OpenLDAP.
  5. Use OpenLDAP as sudo's configuration repository.
  6. Use OpenLDAP as automount map repository for autofs.
  7. Use OpenLDAP as NFS netgroup repository again for autofs.
  8. Use OpenLDAP as the Kerberos principal repository.
  9. Setup OpenLDAP backup and recovery.
  10. Setup OpenLDAP replication.
In this document, we will learn how to setup our OpenLDAP 2.4 server as a repository of NFS netgroup configuration. Then we will configure an NFS client to see if our netgroup configuration actually works. A netgroup is a set of (host, user, domain) tuples that are to be given similar network access.

Wednesday, May 9, 2012

HOWTO : OpenLDAP 2.4 NFSv4 Automount Map Repository on CentOS 6.2

We continue our OpenLDAP 2.4 series with goal number 6.
  1. Install OpenLDAP 2.4.
  2. Configure Transport Layer Security (TLS).
  3. Manage users and groups in OpenLDAP.
  4. Configure pam_ldap to authenticate users via OpenLDAP.
  5. Use OpenLDAP as sudo's configuration repository.
  6. Use OpenLDAP as automount map repository for autofs.
  7. Use OpenLDAP as NFS netgroup repository again for autofs.
  8. Use OpenLDAP as the Kerberos principal repository.
  9. Setup OpenLDAP backup and recovery.
  10. Setup OpenLDAP replication.
In this document, we will learn how to setup an NFS server along with an NFS client which runs autofs(5) version 5. This daemon will fetch his automount maps from our OpenLDAP 2.4 server. The client will then be configured to mount users home directories from the NFS server. All OpenLDAP users DN will be modified to reflect this change. We will also create a central NFS software repository.

HOWTO : OpenLDAP 2.4 sudo Repository on CentOS 6.2

Today we continue with our OpenLDAP series of blog posts. Recall that our goals were :
  1. Install OpenLDAP 2.4.
  2. Configure Transport Layer Security (TLS).
  3. Manage users and groups in OpenLDAP.
  4. Configure pam_ldap to authenticate users via OpenLDAP.
  5. Use OpenLDAP as sudo's configuration repository.
  6. Use OpenLDAP as automount map repository for autofs.
  7. Use OpenLDAP as NFS netgroup repository again for autofs.
  8. Use OpenLDAP as the Kerberos principal repository.
  9. Setup OpenLDAP backup and recovery.
  10. Setup OpenLDAP replication.
Since goals 1 to 4 are already achieved in previous blog posts, we are now ready to tackle goal number 5 which is to configure OpenLDAP to be a repository of sudo rules. The official sudo website, the sudoers LDAP manual and the sudo LDAP README file are a good place to start.

Monday, May 7, 2012

Sunday, March 11, 2012

Why vi(1) uses the hjkl keys as arrow keys?

Here's an interesting blog post by Peteris Krumins which explains why the vi(1) text editor inventor, Bill Joy, chose to use the HJKL keys as arrow keys in his software. And thus why we still use them today.

David

Sunday, February 12, 2012

OT : very nice earth images from the international space station

Off Topic!

This Flikr stream is from an Italian astronaut which photographed our planet from the international space station (ISS). Enjoy magisstra's photostream !

David

Visio Stencils Collection

Many of us rely on Microsoft© Visio in our daily work as systems administrators and architects. To create elaborate and good looking Visio documents, one relies on Visio Stencils. Finding the right stencil can be problematic. This is the reason of this blog post : to help others find good stencils. Here's my list of favorite websites which offer Visio stencils for free...

HTH,

David