Windows 7 RC coming to MSDN/Technet soon, public May 5

The Windows 7 RC will be publically released on May 5, and should be available for MSDN and Technet subscribers now.

Full article


share on: facebook

Change user and password for service by VBS

For changing passwords for services across domain

First step:
Create the vbs script change.vbs

-----------------------------------------------------------------------
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("list.txt", ForReading)

Const ForReading = 1

Dim arrFileLines()
i = 0
Do Until objFile.AtEndOfStream
Redim Preserve arrFileLines(i)
arrFileLines(i) = objFile.ReadLine
i = i + 1
Loop
objFile.Close

For Each strLine in arrFileLines
MyArray = Split(strLine, "|", -1, 1)

strComputer = trim(MyArray(0))
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = SWBemlocator.ConnectServer(strComputer,"\root\CIMV2",UserName,Password)
Set colItems = objWMIService.ExecQuery("Select * from Win32_Service where DisplayName = '" & trim(MyArray(1)) & "'",,48)
For each objService in colItems
errServiceChange = objService.Change( , , , , , ,trim(MyArray(2)),trim(MyArray(3)))
'wscript.echo(errServiceChange)
objService.StopService()
wscript.sleep 20000
objService.StartService()
Next

Next
wscript.echo "Done"
-----------------------------------------------------------------------

If you don't want to restart service after changing password just remove next rows from script

objService.StopService()
wscript.sleep 20000
objService.StartService()


Second step:
Create text file list.txt consist of Server name, Service DisplayName, username in format domain\user, password divided by pipe (|)

-----------------------------------------------------------------------

Server1|SQLSERVERAGENT|DOMAIN.NET\user|password
Server1|MSSQLSERVER|DOMAIN.NET\user|password
Server2|Messenger|DOMAIN.NET\user|password
Server2|HTTP SSL|DOMAIN.NET\user|password
Server3|Computer Browser|DOMAIN.NET\user|password
-----------------------------------------------------------------------
share on: facebook

Oracle to buy Sun

SANTA CLARA, Calif., April 20, 2009 -- Sun Microsystems (NASDAQ: JAVA) and Oracle Corporation (NASDAQ: ORCL) announced today they have entered into a definitive agreement under which Oracle will acquire Sun common stock for $9.50 per share in cash. The transaction is valued at approximately $7.4 billion, or $5.6 billion net of Sun's cash and debt.

http://www.sun.com/third-party/global/oracle/
share on: facebook

Replace vi with nano or pico

In most of linux/unix OS default text editor is vi.
If you can't remember all vi switches, you don't have to.
Just replace you default editor vi with user friendly nano or pico

First figure out the path to the binary file {path}

#which pico
or
#which nano

Second change your EDITOR variable

#export EDITOR={path}/pico
or
#export EDITOR={path}/pico

If you want make this change permanent, just add previews rows to ~/.bashrc if you use bash or ~/.cshrc if you use csh etc...



share on: facebook

MySQL bi-directional table replication

MySQL bi-directional table replication

On first server with ip address 10.10.10.1

/etc/my.cnf
server-id=1
master-host=10.10.10.2
master-user=slave_user
master-password=password
replicate-same-server-id = 0
auto-increment-increment = 2
auto-increment-offset = 1
log-bin=/var/lib/mysql/mysql-bin.log
log-bin-index=/var/lib/mysql/mysql-bin.index
log-slave-updates
replicate-do-db=db_name
binlog-do-db=db_name
relay-log = /var/lib/mysql/relay-bin
relay-log-index = /var/lib/mysql/relay-bin.index
relay-log-info-file = /var/lib/mysql/relay-bin.info

/etc/init.d/mysqld restart

mysql>GRANT REPLICATION SLAVE ON *.* TO 'slave_user'@'%' IDENTIFIED BY 'password';
mysql>FLUSH PRIVILEGES;
mysql> SHOW MASTER STATUS;
mysql> START SLAVE;
mysql> SHOW SLAVE STATUS\G


On first server with ip address 10.10.10.2

/etc/my.cnf
server-id=2
master-host=10.10.10.1
master-user=slave_user
master-password=password
replicate-same-server-id = 0
auto-increment-increment = 2
auto-increment-offset = 2
log-bin=/var/lib/mysql/mysql-bin.log
log-bin-index=/var/lib/mysql/mysql-bin.index
log-slave-updates
replicate-do-db=db_name
binlog-do-db=db_name
relay-log = /var/lib/mysql/relay-bin
relay-log-index = /var/lib/mysql/relay-bin.index
relay-log-info-file = /var/lib/mysql/relay-bin.info

/etc/init.d/mysqld restart

mysql>GRANT REPLICATION SLAVE ON *.* TO 'slave_user'@'%' IDENTIFIED BY 'password';
mysql>FLUSH PRIVILEGES;
mysql> SHOW MASTER STATUS;
mysql> START SLAVE;
mysql> SHOW SLAVE STATUS\G


Default path for bin logs /var/run/mysql is cleaned every restart.

For an emergency
reset slave;
share on: facebook

Ucarp. Virtual IP for Linux boxes

UCARP allows a couple of hosts to share common virtual IP addresses in order to provide automatic failover. UCARP is a portable implementation of the CARP protocol.

#Start script for first host

/usr/sbin/ucarp -B -z -P -b 1 --interface=eth0 --srcip=10.10.10.1 --vhid=1 --pass=zxcvbn --addr=10.10.10.10 --upscript=/etc/vip-up.sh --downscript=/etc/vip-down.sh

#Start script for second host

/usr/sbin/ucarp -z -B -b 2 -k 200 -r 4 --interface=eth0 --srcip=10.10.10.2--vhid=1 --pass=zxcvbn --addr=10.10.10.10 --upscript=/etc/vip-up.sh --downscript=/etc/vip-down.sh

-------------------------------------
Startup script /etc/vip-up.sh

#!/bin/bash
/sbin/ifconfig eth0:1 10.10.10.10/24 > /dev/null 2>&1

-------------------------------------
Shutdown script /etc/vip-down.sh

#!/bin/bash
/sbin/ifconfig eth0:1 down > /dev/null 2>&1

Make scripts executable

chmod 700 /etc/vip-up.sh
chmod 700 /etc/vip-down.sh
share on: facebook

Squid NTLM auth and Java Browser

Java Browser (Java Browser starts inside you regular browser window and shows Java applet) doesn't work properly with Squid NTLM auth. If you want to enable Java applets, add few rows to Squid proxy server config file (RedHat family) /etc/squid/squid.conf

#Add access control list
acl Java browser Java/1.4 Java/1.5 Java/1.6

#Add rule
http_access allow Java

Important add the rule before rule "http_access allow DOMAIN"
share on: facebook

Squid and Active Directory authentication (NTLM auth)

First join linux box to Actiwe directory

Add next rows to /etc/squid/squid.conf

#Configure auth helper: Domain - Active Directory domain name, "Internet users" - domain #group for internet access.

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOMAIN\\"Internet Users"
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=DOMAIN\\"Internet Users"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off


#Create access list

acl DOMAIN proxy_auth REQUIRED

#Create rule

http_access allow DOMAIN

Now all users from domain group "Internet users" have access to internet
share on: facebook

Join Linux (RedHat based) machine to Active Directory

Join Linux (RedHat based) machine to Active Directory we have to edit few configuration files

################################

/etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = DOMAIN.NET
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
DOMAIN.NET = {
kdc = dc1.domain.net:88
kdc = dc1.domain.net:88
kdc = dc2.domain.net:88
admin_server = dc1.domain.net:389
default_domain = domain.net
}

[domain_realm]
.domain.net = DOMAIN.NET
domain.net = DOMAIN.NET

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

##################################

/etc/smb.conf

[global]
realm = DOMAIN.NET
security = ADS
encrypt passwords = yes
# Optional. Use only if Samba cannot determine the Kerberos server automatically.
password server = dc1.domain.net
password server = dc2.domain.net
password server = dc3.domain.net
workgroup = DOMAIN
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes

##################################

/etc/pam.d/system-auth

auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quietwpg3
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

##########################################

Join Linux to domain:

net ads join -U

Restart winbind service

/etc/init.d/winbind restart

Test domain membership

wbinfo -g #gives info about domain groups

wbinfo -u #gives info about domain users

share on: facebook

Add routing in RedHat/CentOS/Fedora

Manual command

/sbin/route add -net 192.168.1.0/20 gw 10.10.10.1

Or

Route for special connection

/etc/sysconfig/network-scripts/route-eth0

GATEWAY0=10.10.10.1
NETMASK0=255.255.255.0
ADDRESS0=192.168.1.0

GATEWAY1=10.164.234.112
NETMASK1= 255.255.255.240
ADDRESS1=10.164.234.132

share on: facebook

Script for daily SARG reports

SARG is Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet. http://sarg.sourceforge.net/

If you want to generate daily reports from Squid proxy server logs, create script:

#!/bin/bash

#Get current date
TODAY=$(date +%d/%m/%Y)

#Get yesterday's date
YESTERDAY=$(date --date yesterday +%d/%m/%Y)


/usr/bin/sarg -z -d $YESTERDAY-$TODAY > /dev/null 2>&1

exit 0

And add it to cron jobs:

55 23 * * * /scripts/sarg_daily_report
share on: facebook