LinuxQuestions.org - Blogs - kbscores

Step 1: Login

kbscores — Mon, 20 Aug 2012 18:59:48 GMT

So this weekend I was doing some research on limiting remote logins. There are so many ways to login to a system the easiest way is just to block everything and then allow essential protocols through. Most common way to access a Linux system remotely is through SSH.
I always thought that getty was used in conjunction with SSH for logging into a system, but it is not. Silly me. So how it works is getty is first checked by init, if everything looks good init spawns a getty process for each available terminal or serial connection.
Note: If init is killed getty dies with it  poor getty.
Upon login getty grabs the username and password then passes that information to login. If username and password are correct login then runs the shell specified. Once the shell is terminated init spawns another getty instance for that terminal.
Note: The kernel has no knowledge of logins it is all handled by system programs
Ok so what about SSH?
SSH handles logins and manages its own set of data. This data is stored in the .ssh file within the users home directory. For example when you log into machineA from machineB a record is created on machineB to note that machineA is a known host. So when you log into machineA again from machine ssh knows it is a trusted machine. Any new hosts are automatically added to that specific user�s file. If a host�s identification information changes ssh will warn the user about this to prevent unauthorized access to that machine.
Note: If you are warned and the machine was actually changed and not hijacked all that is required is to remove the entry for that host in ~/.ssh/known_hosts.
So upon a successful login either a pre-specified command is ran or it will log the user into that computer over a encrypted connection. Once a user logs in they are provided what is called a pseudo terminal; however, a pseudo terminal is not always necessary.
The session terminates after command is finished or shell is exited.
So how do you limit ssh connections?
As far as I can tell PAMlimits will allow connections to be capped on a person to person basis. This means user Susie can only have x number of logins to the server, where x is the number of logins that have been set. So how do you accomplish this?

Add this line to /etc/pam.d/sshd:
session required pam_limits.so
Next change UsePAM to yes in /etc/ssh/sshd_config
So what about total number of simultaneous connections? Can those be limited?
Yes � by limiting iptables connections to port 22.
Here is the command to use �

[root] # iptables �I INPUT �p TCP --dport 22 --syn �m connlimit --connlimit-above 9 �j REJECT

So � with that I think I am going to work on a guide for iptables.

Steam Linux and Future of Gaming

kbscores — Fri, 27 Jul 2012 16:24:29 GMT

It is becoming apparent that Microsoft wants to dominate the gaming market or rather every technology market. With rumors surfacing about the new digital key requirements in Windows 8 , doors have began to open for Linux. Take for instance Steam. The mobile client for steam comes on two types of systems iphones and droids. What�s missing? The Windows 7 phone apparently had the opportunity to have the steam client, but refused it in order to promote their games through �Games for Windows�. The current state of PC gaming is hanging in the balance with the new OS. Windows has been the preferred choice for operating systems. If they require keys or fees to be able to create applications we will see more and more application disappear on Windows and appear on MAC and Linux. For example, Linux is getting Steam. Are the mobile phones foreshadowing the future of applications on Windows?
Perhaps�.As different Linux distributions become more user-friendly more people will flock to the free OS.

Authentication to OpenLDAP

kbscores — Fri, 13 Jul 2012 17:44:45 GMT

We finally got authentication on Solaris 10 client to work with Linux OpenLDAP Client. It is a little strange because for authentication to work the Solaris machine requires a user account to exist on that box. I believe the reason it is required is because we remove the native ldap, which in turn removes cache manager. The service nscd utilizes cache manager when ldap is in place. Since we no longer have cache manager nscd becomes worthless to authentication process. As one guide so eloquently put it �These are steps for authentication not authorization.� The authorization is handled by the client machine, thus the account has to exist in order for authentication to even take place.
So how did we achieve authentication?

Note: These settings are specific to our setup. Depending on the functionality you are looking for these settings will vary.

1.) Follow my guide for installation in previous blog.

2.) Create directory for cacert.pem - -

3.) Put cacert.pem from the server in newly created directory (via ftp or scp)

4.) Next edit /usr/local/etc/openldap/ldap.conf
Example: (/usr/local/etc/openldap/ldap.conf)
SSL ON
BASE dc=example,dc=com
URI ldap://example.com
TLS_CACERT /newly/created/directory/cacert.pem
TLS_CACERTDIR /newly/created/directory
TLS_REQCACERT demand

5.) Next edit /etc/ldap.conf
Example: (/etc /ldap.conf)
uri ldap://example.com
base dc=example,dc=com
ldap_version 3
rootbinddn cn=RootUser, dc=example,dc=com
bind_policy soft
port: 389
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
pam_password md5
pam_lookup_policy yes
pam_check_host_attr yes
pam_filter |(host=example.com)(host=\*)
nss_base_passwd ou=People,dc=example,dc=com?one
nss_base_shadow ou=People,dc=example,dc=com?one
nss_base_group ou=group,dc=example,dc=com?one
ssl start_tls
tls_checkpeer yes
tls_cacertfile /newly/created/directory/cacert.pem
tls_cacertdir /newly/created/directory

6.) Next edit /etc/pam.conf
Example: (/etc/pam.conf)
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth sufficient pam_unix_auth.so.1
login auth required /usr/local/lib/security/pam_ldap.so.1 use_first_pass ignore_unknown_user ignore_authinfo_unavail

rlogin auth sufficient pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth required /usr/local/lib/security/pam_ldap.so.1 use_first_pass ignore_unknown_user ignore_authinfo_unavail
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
other auth sufficient pam_unix_auth.so.1
other auth required /usr/local/lib/security/pam_ldap.so.1 use_first_pass ignore_unknown_user ignore_authinfo_unavail
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required /usr/local/lib/security/pam_ldap.so.1 use_authtok
cron account required pam_unix_account.so.1
other account sufficient /usr/local/lib/security/pam_ldap.so.1 ignore_unknown_user ignore_authinfo_unavail
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
other session required pam_unix_session.so.1
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1

7.) A couple notes - - about these configurations
a. This configuration utilizes ppolicy overlay
b. This configuration utilizes tls
c. This configuration file could very well have excessive entries - - not amazing at pam or ldap to know exactly what everything does yet. Working on cleaning it up now.

8.) Next create the user accounts of people who are allowed access to that client. MAKE SURE - - to match the information that is on the ldap server - -
Example: If SusieQ in ldap uses /home/QQ as her home directory when SusieQ is created on Solaris 10 client the home directory must be /home/QQ along with all of her cooresponding information. If they do not match the Solaris settings will trumph the ldap settings. So if on the Solaris machine SusieQ�s home directory is /home/sue and ldap�s home directory is /home/QQ then upon logging in you will be placed in /home/sue. If that directory does not exist then Susie will be unable to log into that client.

9.) Note: A user account on the local client may be locked to prevent confusion. The account authenticates to ldap and will allow the user in as long as their account is not locked on ldap.

This is all I have so far�.more to come as I learn more.

Third time is a charm �

kbscores — Thu, 12 Jul 2012 22:11:06 GMT

Honestly it has been a fun and frustrating process. I have learned a lot about openldap as well as compiling programs. There are moments where I genuinely believed that it was not possible, but alas we have made it. Let me first mention that depending on the state of your Solaris server these instructions might change dramatically. Note this process was completed successfully on a fresh install of Solaris 10.
Here we go:

How to setup a Solaris 10 client for a Linux OpenLDAP server
1.) Verify the following packages have been installed: (If they are not present install them)
a. SUNWbinutils
b. SUNWarc
c. SUNWgcc
d. SUNWhea
e. SUNWopenssl-includes
f. SUNWopenssl-libraries
g. SUNWopenssl-commands
h. SUNWopensslr
i. SUNWgmake
j. -----LIKE MENTIONED ABOVE----- depending on the state of your machine more packages may be required. �MOZNSS is NOT required despite a very popular error that appears when configuring openldap. It just means that openldap cannot find ssl.h.

2.) Remove Native LDAP by Solaris:
a. It is important to remove NATIVE LDAP. If it is not removed nss and pam will try and use NATIVE LDAP Libraries, which will inevitably cause issues when compiling them. Save yourself the headache and just remove the package.
b. [root] # pkgrm SUNWlldap

3.) Verify the following libraries exist in specified location:
a. /usr/sfw/lib/libssl.so.0.9.7
b. /usr/sfw/lib/libcrypto.so.0.9.7
c. /usr/local/lib/libgcc_s.so.1

4.) Next add the following locations to the PATH variable:
a. /usr/ccs/bin
b. /usr/sfw/bin
c. .
d. [root] # export PATH=$PATH:/usr/ccs/bin:/usr/sfw/bin:.

5.) Next compile openldap:
a. Download openldap from http://www.openldap.org
b. Uncompress the files
c. Next cd to the openldap directory created
d. Next set following environment variables for installation:
i. LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/sfw/lib
ii. LDFLAGS=�-L/usr/lib �L/usr/local/lib �L/usr/sfw/lib �R/usr/lib
-R/usr/local/lib �R/usr/sfw/lib�
iii. CPPFLAGS=�-I/usr/include �I/usr/local/include �I/usr/sfw/include�
e. FROM the openldap folder run the following command:
i. [root] # ./configure - -disable-slapd
f. ----ONCE AGAIN STATING---- 1) if you get errors it could be because of the status of your machine � if libraries have been moved or paths changed it could be looking in the wrong location for these files � Review the config.log file within the same openldap directory to see which header files or libraries that are missing. 2) If you get MOZNSS error DO NOT INSTALL MOZNSS � this configuration uses the SUNWopenssl packages � this simply means that it cannont find ssl.h � which by default should appear within one of the include directories listed in the CPPFLAGS with /openssl/ssl.h
g. Once configuration is successful run the following commands:
i. [root] # make clean
ii. [root] # make depend
iii. [root] # make
iv. [root] # make install
v. ---If you receive errors on any part of this process it could be because files, libraries or headers are missing -- A good example is if it comes back with libraries where symbols are referenced but the functions are not found � this could happen for several reasons �
1. The library/include is completely missing
2. The wrong library/include with the same name is being hit before the correct library/include.
3. Or possibly several other reasons

6.) Next unset the library env variables previously set:
a. [root] # unset LD_LIBRARY_PATH
b. [root] # unset LDFLAGS
c. [root] # unset CPPFLAGS
d. If these are still set PAM_LDAP and NSS_LDAP will fail to make
e. DO NOT UNSET PATH

7.) For some reason PAM and NSS have an issue with the location of sasl.h
a. If for some reason the file already exists where the link is made the following step is not necessary
b. [root] #cd /usr/include
c. [root] #ln �s sasl/sasl.h sasl.h

8.) Next install pam_ldap
a. Download pam_ldap from http://www.padl.com/
b. Uncompress the files
c. Next cd to the openldap directory created
d. Next run the following command to compile:
i. [root] # ./configure - -prefix=/usr/local - -with-ldap-dir=/usr/local
e. Once configuration is successful, run the following commands:
i. [root] # make clean
ii. [root] # make
iii. [root] # make install
iv. ---If you receive errors on any part of this process it could be because files, libraries or headers are missing -- A good example is if it comes back with libraries where symbols are referenced but the functions are not found � this could happen for several reasons �
1. The library/include is completely missing
2. The wrong library/include with the same name is being hit before the correct library/include.
3. Or possibly several other reasons

9.) Next install nss_ldap
a. Download nss_ldap from http://www.padl.com/
b. Uncompress the files
c. Next cd to the openldap directory created
d. Next run the following command to compile:
i. [root] # ./configure - -prefix=/usr/local - -with-ldap-dir=/usr/local
e. Once configuration is successful, run the following commands:
i. [root] # make clean
ii. [root] # make
iii. [root] # make install
iv. ---If you receive errors on any part of this process it could be because files, libraries or headers are missing -- A good example is if it comes back with libraries where symbols are referenced but the functions are not found � this could happen for several reasons �
1. The library/include is completely missing
2. The wrong library/include with the same name is being hit before the correct library/include.
3. Or possibly several other reasons

10.) At this point all three utilities should be installed and be ready for configuration.
a. Configurations are different depending on the functionality of LDAP being used.

Hopefully this helps someone with the installation process of openldap on a Solaris 10 machine. Sometime in the near future I will go over different configurations for ldap clients, but for now gogogo and install!

OpenLDAP +Solaris = /facepalm

kbscores — Mon, 09 Jul 2012 19:06:30 GMT

Setting up ldap even with TLS on a Linux (specifically RedHat) is a fairly simple process. You simply download the file, install, and configure. Easy. Even the biggest problems are solved within minutes. This does not seem to be the case with Solaris. We are now fighting round three with the Solaris servers. We started by trying to configure the Native. It seems as if there are many more successful Native guides out there. We got the schemas. We created the ldif entry. We used ldapclient to initialize the client. Seems simple enough right? Wrong. We were able to search the database; however authentication was a big fat no. We tried without TLS, we tried with TLS and still no authentication. So then we got the bright idea to try openldap. I mean the other one was not to terrible to set up how bad could open be? Boy was I wrong. Compiling NSS and PAM on a Solaris box is something I wouldn't wish upon my worst enemy. The really deceptive thing is the guides all seem so simple. So we start by downloading the binaries for openldap. No problem -- then we move on to NSS_LDAP -- which I highly recommend doing pam first because it is clearly a bigger pain. No guide out there says you need SUNWhea. Not one. Plenty of help forums say you are probably missing libraries, but for me not having much experience at all with Solaris how the heck am I suppose to know that I need SUNWhea. Three days later after beating my head against the desk trying to get it to work I finally stumble across the package on google. So I load the package and it still does not want to compile. Turns out it was trying to get the packages from /usr/sfw/include instead of /usr/include. I attempted to make modifications using LDFLAGs, etc... Nope....still....not working....Finally I just copied /usr/include to /usr/sfw/include and it worked. Who knows what I broke though...

Then I attempted to work on PAM - which may I add is still not functioning. I've tried compiling the source several different ways. It compiles just fine, but whines when I try to make it. It is referencing the correct libraries; however, it is not grabbing all of the functions required. For example the correct ldap.h is being found.(I double checked to make sure the function exists within the header file) but for some reason the compile does not find ldap_start_tls_s. When I look at the log file it tries to find it in a temporary linked file, which does not exist after the compile is completed. How can it find the correct header file but not a function that is within it???

I know that we are close to completing it...which is why I press on. When I complete it I will post a beautiful guide for configuring openldap on solaris 10 with an openldap server. This guide will have a disclaimer at the top saying "This Guide will probably not work; but hopefully will provide enough information to help make the pain go away."

Red Hat and Sendmail

kbscores — Wed, 28 Dec 2011 20:15:35 GMT

Everyone Loves Sendmail!

Apparently Red Hat ships with both Sendmail and Postfix and a utility called alternatives. The alternatives command is used to swap between Sendmail and Postfix, because only one MTA may run at any given time. (Which I doubt--I'm sure someone somewhere has both running on a single machine)

--Anyways--

This is what I learned:

General Information About alternatives command:
� Red Hat and Fedora ship with two MTA

o Sendmail

o Postfix

� Only one MTA may run at a time

� The alternatives command provides an easy way to switch between MTA(s)

� The alternatives command is an executable with a generic name on file system used to access a particular service

� This executable is really a symbolic link to another symbolic link in /etc/alternatives directory

� The alternatives command merely swaps between symbolic links

How-to View MTA Currently In Use:
[root] # alternatives --display mta

How-to Select new MTA:
[root] # alternatives --config mta

How-to Setup Postfix:
[root] # alternatives --set mta

Red-Hat Sendmail GUI Options:
[root] # redhat-switch-mail

Support

kbscores — Wed, 07 Dec 2011 17:51:49 GMT

There are so many forms of support these days. It seems as technology grows so does the number of forms and quality of support we receive. I'm always so hesitant to call different companies because you never know if you are going to get a random person reviewing a guide for assistance or an actual person who has technical experience. Even within one organization I work for one group of technical support staff is split into three different levels. Each level works as a filter for each call or email submitted. The more technical a problem is the further it moves through support chain. Usually issues are resolved within minutes but there are times when requests are made that do take a while. I will admit as well not every support staff person has a technical background; however, they do understand their responsibilities and limitations. For the majority of our customers one maybe two calls suffice and our overall rating for customer support is excellent.

Having to call an organization four times to resolve a single technical issue is unacceptable, especially in a business environment. Last week I contacted our ISP, because they randomly changed our static IP bringing down a single subsection of computers. They then proceeded to tell me that there was no static IP set and to set it would take at minimum 24 hours. I obviously complained � First they should have notified us that our IP was changing. Second it is completely ridiculous that we have to wait 24 hours to receive our new IP information. They should be able to look this information up to provide it over the phone right then and there even if it will take 24 hours for it to process. At least from our end we could have set up or equipment with new information.

My complaints were ignored and 24 hours later I was on the phone again with at that point my fifth different �technical support� person. Not only could he not log into his own system, but fifteen minutes later he informs me that everything may not be ok and it may take up to another 24 hours for issue to be resolved. I attempted to verify with him all our information, but he seemed confident that they had everything they needed and refused confirmation. Seeing as this was on a Friday � 24 hours later was Saturday. So yay for weekend work!

Needless to say this went on for another two days, because our new IP information did not work because it wasn�t bound to our equipment. The mere fact that it took four days to resolve an issue that could have been fixed in one call is unacceptable. Is this really an acceptable standard of business? We cannot be the only company suffering from poor support from this ISP. The worst part of this situation is we have no other options for an ISP.

So if you are like me and have had enough of crappy support, don�t go unheard. If we all just accept the status quo, things will never get better. They may even get worse. And if you manage a support team, seriously take into consideration your staff and support provided. Constantly review and verify that your team understands their responsibilities and limitations. And most importantly listen to your customers. Odds are they make more sense than given credit and can provide a better insight into your own product.

Fun with LDAP

kbscores — Fri, 02 Dec 2011 19:25:32 GMT

I have been working with setting up LDAP. Like most who try and tackle a new topic, I went out in search for a good guide and have failed to find something for a simple openLDAP setup. So instead of following a crazy extensive guide I decided to learn as any student would.....from the beginning.
After having about seven weeks now under my very large and bulky LDAP belt, I am now able to compile and install both BDB and openLDAP Server side on Solaris and Red Hat. (Previously having never compiled anything by hand) Both were with basic settings- simple authentication no certificates, no Kerberos, and no SASL. We can query the database using ldapsearch and I fully understand LDIF structure and schemas.

What I need to learn now is how to successfully setup a client and how to utilize LDAP for authentication from HPUX, Solaris and Red Hat. It will most likely be with Solaris Server.

Ok so here is my guide for setting up a VERY BASIC LDAP server:

How-to Install LDAP Server:
General Information:
Note: This is a very simple explanation. LDAP is far more complex and extensive than this document will cover.
LDAP, or Lightweight Directory Access Protocol, is used for accessing and maintaining distributed directory information services over an (IP) network.
LDAP consists of three sections, frontend, overlays, and backend. The frontend is where authentication and information handling occurs.
The overlays are optional interfaces between frontend and backend. The backend is the database that handles the data storage.

Important Files/File Types:
� slapd.conf � It is primary configuration file for LDAP server daemon. If not set properly daemon will not start. [Default location: /usr/local/etc/openldap/]
� slapd.conf- It is primary LDAP configuration file. This file is located on all LDAP clients, as well as LDAP server(s). It defines how and where to connect to LDAP
server. [Default location: /usr/local/etc/openldap/]
� *.ldif �This file type defines structure of database. Creating a default file for new database entries is recommended. [Default location: /usr/local/etc/openldap/]
� *.schema �This further defines daemon setup. Very similar to a library. Editing these files is NOT recommended.

Database/Backend Installation:
� There has to be a database or backend. The most typical backend is the BDB, Berkeley Database. Other backend exist (LDBM, DBM, SHELL, and PASSWD), but for the sake of
brevity only BDB will be discussed.
� BDB is currently owned and maintained by Oracle. To download package visit:
http://www.oracle.com/technetwork/da...eSiteId=ocomen
� Download most current version of Berkeley DB 11gR2 with md5 encryption available.
� Create a new directory and unzip DB files in new file

Example:
[root] # mkdir BerkleyDB5.2
[root] # tar zxvf db.5.2.234.12

� Next change to Build_Unix directory with unzipped contents
Note: Build_Unix is where all headers and libraries will be compiled. This is recommended location. They do not have to be installed here and may be installed anywhere on machine, just adjust following steps accordingly based on location selected.
� Then use following commands
Example:
[root] # ../dist/configure
Note: If this is a new server, this may fail and kick back an error about certain libraries not being available. If this error occurs, glibc libraries are either not installed or headers have not been created.
� Next run following commands to continue installation:
Example:
[root] # make
[root] # make install
� This will unload all libraries and headers into current directory.
LDAP Installation:
� There are many packages available for running LDAP. The one discussed in this document will be OpenLDAP. They are all fairly similar. Usually the primary difference is most proprietary versions come with a GUI and slightly more functionality.
� Open source package is recommended for OpenLDAP installation.
� Start by creating an LDAP directory for configuration files � something in /usr/local is recommended for Linux servers
� Un-tar package, configure then make using following commands:
Example:

Note: If you do not want ldap to be created in current directory specify path with --prefix=path
[root] # LDFLAGS=-L/path-to-bdb-libraries/ CCPFLAGS=-I/path-to=bdb-includes/ ./configure
[root] # make depend
[root] # make
[root] # make install
� Files should install in appropriate directories automatically

Note: If a prefix was installed � please go to path before make commands

Setting up Configuration Files:
Slapd.conf:
File is typically set up with following sections:
#global configuration directives
#backend definition
#database A definition and configuration directives
#database B definition and configuration directives
# database �.however many there are
Note: It is recommended to just modify default slapd.conf file provided if this is first time editing file. It is very easy to corrupt. Also, make at least one copy of default configuration file prior to editing.
Note: There are global directives that may be used under all sections and then there are specific directives. To see a full list of global directives man slapd.conf. Also, directives that contain whitespace must be enclosed in double quotes. Also, if directive contains defined special characters they should be preceded by a back slash.

Initial LDIF File to Add:
� To verify database is working correctly please create a new file labeled init.ldif with following information:

dn: dc=
objectclass: dcObject
objectclass: organization
o:
dc:
dn: cn=, dc=
objectclass: organizationalRole
cn:

� Next add init.ldif to database with following command:

Example:
[root] # ldapadd �x �D �cn=,dc=� �W �f init.ldif

� Finally, verify information was added by using following command:

Example:
[root] # ldapsearch �x �W �D �cn=,dc=� �b �� s

Example Output: (For command listed above)
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL
#
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
# search result
search: 2
result: 0 Success
# numberResponses: 2
# numEntries: 1

Explanation:
-x: This tells server to use simple authentication
-W: This tells client to prompt us for password
-D: �cn=,dc=�: This specifies the DN that we want to use to connect to
directory
-b ��: This sets the base DN for the search. (In ldap.conf file we set default base)
-s base: This indicates that we want to search for just one (base) entry � the entry with DN
specified in the �b parameter.

--At top of results is a summary of how search was process.
--The last section displays a summary, including how many records were returned.
------In this example two are returned DSE entry and summary
------result: 0 Success indicates there were no errors

--To get more extensive information out of root DSE, use following command to query all of operational attributes for record:

Example:
[root] # ldapsearch �x �W �D �cn=,dc=penu164204� �b �� s base �(objectclass=*)� +

Another Example:
[root] # ldapsearch �D �cn=,dc=penu164204� �x �W *

Note: This returns all data currently listed in database

Troubleshooting LDAP:

Important Things to Note:
� If a LDAP server gets restarted and no startup script exists, the ONLY way to access server is through root access on console
� To start LDAP daemon type:
[root] # slapd
� To stop LDAP server type:
[root] # kill �INT `cat /var/un/slapd/slapd.pid`
� To enable LDAP authentication type:
[root] # authconfig --enableldapauth --ldapserver \
--ldapbasedn �dc=� �update
� Tod Disable LDAP authentication type:
[root] # authconfig --disableldapauth
� Stopping slapd with any other command may cause database to become corrupted
� A Good ObjectClass website: http://ldap.akbkhome.com/index.php/objectclass/top.html

Hello!

kbscores — Wed, 16 Nov 2011 13:08:32 GMT

This is my first blog entry! Going to introduce myself and explain a little bit about what I am going to blog about.

As of right now I am a junior sys admin at a medium sized datacenter. I primarily work with RHEL, so the bulk of my blogs will be in reference to that operating system. I have been here for about six months and have learned a lot.

About one month ago the only other Linux SA left and that forced me to learn fast. Even though there are several other team members few have knowledge of Linux systems. Most of them focus on Solaris or HP and think Linux to be a weaker system.(Obviously I disagree) It has been an interesting month to say the least.

In my spare time I like to play video games, script and create things.

--In the blog I'd like to share not only my experiences with Linux but also my Linux guide I'm working on to carry with me through my career. I really enjoy helping people and sharing what I know with others.(I love learning from others as well, so feedback is always appreciated)

With that being said, thank you for taking time to read my first post. If you continue to follow the blog, I can assure you will not be disappointed!