Ubuntu 10.04 sshd not starting…
When installing updates to one of my ubuntu boxes today I was prompted if I wanted to install the package maintainers copy of /etc/init/ssh.conf
After looking at the changes I went ahead and did so….
Everything looked fine, but I did not verify wether or not sshd had come back up again, it had not.
Booted the VM in repair mode and had look at the syslog:
Failed to spawn ssh pre-start process: unable to set oom adjustment: Operation not permitted
Looks like Virtuozzo containers needs to have ‘oom never’ commented out in the ssh.conf.
As far as I can see 11.04 is not affected by this issue, but I recently moved from 6.06 and am not planning on upgrading again any time soon.
Lesson learned: Verify that sshd comes back up before disconnecting your ssh connection. It will save you the trip to repair mode and back.
Coming together
-
- First module done
-
- Closeup of engine bays
-
- Engines
samba4 on ubuntu
# install ubuntu server 10.10 with hostname ubuntu
# set static ip address: /etc/network/interfaces
apt-get install openssh-server
apt-get update
apt-get dist-upgrade
shutdown -r now
# upgrade to 11.04 Natty Narwhal – needed for dynamic dns updates to work
do-release-upgrade -d
# set timezone data
dpkg-reconfigure tzdata
# download samba source
apt-get install git
git clone git://git.samba.org/samba.git samba-master
# get ourselves a build environment
apt-get install build-essential libattr1-dev libblkid-dev libgnutls-dev libreadline5-dev python-dev autoconf python-dnspython gdb pkg-config bind9utils
# create configure file
cd ~/samba-master/source4
./autogen-waf.sh
./configure.developer
# compile
make
# verify build works
make quicktest
# make sure it outputs “All OK”
# install (/usr/local/samba)
make install
# provision samba
./setup/provision --realm=samdom.cork.lan --domain=SAMDOM --adminpass=s3cret --server-role='domain controller'
# add /usr/local/samba to path
echo "export PATH=/usr/local/samba/bin:/usr/local/samba/sbin:\$PATH" | tee -a .bashrc
# verify samba is in the PATH
which samba
which smbclient
# start samba
samba
# verify correct version
smbclient --version
# Version 4.0.0alpha15-GIT-622ef6a
# view available shares
smbclient -L localhost -U%
# should list netlogon, sysvol and IPC$ shares
# connect to a share
smbclient //localhost/netlogon -Uadministrator%s3cret
# should give smb> prompt
# create share
mkdir -p /data/test
# add a share to /usr/local/samba/etc/smb.conf
# [test]
# path = /data/test
# read only = No
# relaunch samba
samba
# install bind
apt-get install bind9
# add sambas dns config
echo "include \"/usr/local/samba/private/named.conf\";" | tee -a /etc/bind/named.conf.local
service bind9 restart
# this will fail because of AppArmor disallowing it
# add the following to /etc/apparmor.d/usr.sbin.named:
# # adding for samba4
/usr/local/samba/private/** rw,
# reload AppArmor profile for named
apparmor_parser -r /etc/apparmor.d/usr.sbin.named
# start bind again
service bind9 start
# point to itself for dns
# edit /etc/resolv.conf
# change nameserver and domain
# verify that we have the necessary dns records
host -t SRV _ldap._tcp.samdom.cork.lan
host -t SRV _kerberos._udp.samdom.cork.lan
host -t A ubuntu.samdom.cork.lan.
# the above commands should not fail
# install kerberos user apps e.g. kinit and klist
apt-get install heimdal-clients
# set realm to SAMDOM.CORK.LAN
kinit administrator@SAMDOM.CORK.LAN
klist
# you should see a TGT
# enable dynamic dns updates
echo "include \"/usr/local/samba/private/named.conf.update\";" | tee -a /etc/bind/named.conf
# add environment variables
# add the following lines in /etc/default/bind9:
KEYTAB_FILE="/usr/local/samba/private/dns.keytab"
KRB5_KTNAME="/usr/local/samba/private/dns.keytab"
export KEYTAB_FILE
export KRB5_KTNAME
# allow bind to read dns.keytab file:
chown bind.bind /usr/local/samba/private/dns.keytab
# add the following lines to /etc/bind/named.conf.options:
tkey-gssapi-credential "DNS/samdom.cork.lan";
tkey-domain "SAMDOM.CORK.LAN";
# apparmor denied access to this file as well
was not able to edit correct rule, so put it in complain mode instead:
aa-complain /etc/apparmor.d/usr.sbin.named
# need to figure out how to add this properly
# enable xattr on filesystem
add user_xattr to /etc/fstab
# UUID=b541c29d-1400-4b96-9ebd-d4d7e26fd70b / ext4 user_xattr,errors=remount-ro 0 1
shutdown -r now
# verifying xattr
apt-get install attr
touch test.txt
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
getfattr -n security.test -d test.txt
# remember to be root on second command
# add support for roaming profiles:
# add the following in: /usr/local/samba/etc/smb.conf
[profiles]
path = /usr/local/samba/var/profiles
read only = no
mkdir /usr/local/samba/var/profile
# In Active Directory Users and Computers add the following to profile of a user:
\\ubuntu.samdom.cork.lan\profiles\%USERNAME%
Note to self – spotlight
.metadata_never_index
Netgear WN311B on Win7
After moving to win7 on my computer the Netgear WN311B stopped working.
I tried numerous things to get it back up and running, but it seems the driver which gets delivered with Win7 is not working . So to fix this uninstall WN311B in device manager, make sure to tick the box to delete the driver.
When installing it, do not have windows automatically select the driver for you but select your own.
Download this driver, unpack and point to its location.
Windows update will offer to update this driver, but then we are back at square one again, so be careful.
First pieces arrive
Today the first pieces arrived.
With a little bit of luck I guess I will have everything I need by the end of October.
Then comes the boring part of making sure I have every single piece,
thus saving myself the pain of missing that one $#%#” piece on the halfway point.
Building an Executor in Lego
I have decided to finally go ahead and build myself a large Lego Star Wars model.
Executor lego model
Picture is stolen from http://mocpages.com/moc.php/1549 but in a few months time I hope to be able to take my own.
These are the instructions I will attempt to follow:
http://www.daimi.au.dk/~ld/lego/executor/
Most parts have already been purchased, just waiting for them to be delivered.
I will attempt to create a stop motion movie showing the progress when building.
Updates should follow in the weeks to come.
Wish me luck! (I think I need it)
Note to self – portscan
/Applications/Utilities/Network\ Utility.app/\ Contents/Resources/stroke 127.0.0.1 548 548
