Converting CVS to GIT repositories

You need cvs-fast-export tool in your path
All projects in old CVS repositories are listed in all-projects.txt file and it is in you old cvs repos folder.

for a in `cat all-projects.txt`
do
    cd $a
    find .|cvs-fast-export > ~/separate-projects/$a.cfe
    cd ..
done

This will export every project folder as single file in /home/username/separate-projects/ 

Now to import it as git repositories

cd ~/separate-projects/
for a in `ls *.cfe`
do
    adir=`echo $a|sed s/".cfe"/""/g`
    git init "$adir".git
    cd "$adir".git
    git fast-import < ../$a
    cd ..

done

 

DHCP server listen on alias interface (eth0:1)

Linux server with more than one IP address on the same interface.

eth0 - 192.168.0.1/24
eth0:1 - 10.1.42.1/24

We want DHCP server to serve IP addresses only from 10.1.42.0/24 . If we do this in config file like this:

 subnet 10.1.42.0 netmask 255.255.255.0 {
                range 10.1.42.30 10.1.42.90;
                option broadcast-address 10.1.42.255;
                option routers 10.1.42.1;
        }

it will fail to start and produce the following error:

dhcpd: No subnet declaration for eth0 (192.168.0.1).

The correct configuration is to use shared-network parameter and define all the networks of the physical interface inside it.

shared-network horizon9net {

        subnet 192.168.0.0 netmask 255.255.255.0 {
        }

        subnet 10.1.42.0 netmask 255.255.255.0 {
                range 10.1.42.30 10.1.42.90;
                option broadcast-address 10.1.42.255;
                option routers 10.1.42.1;
        }
}

Novell OES 11.1 shell commands hang without reason

Novell OES 11 linux shell commands hang for a very long time. It happened to me and I was able to fix it without restarting the whole server.

Server release info:

Novell Open Enterprise Server 11 (x86_64)
VERSION = 11.1
PATCHLEVEL = 1

Symptoms:

# strace -p26881
Process 26881 attached - interrupt to quit
connect(146, {sa_family=AF_FILE, path="/var/run/novell-lum/.nam_nss_sock"}, 35^C <unfinished ...>

All http services that are not using linux authentiction are working - iManager works, iMonitor works, Remote Manager is not working because it is for controlling linux services and require linux authentication.

It seems that something went wrong with namcd service. Most linux commands (like cron, id, ssh...) are trying to check through that socket for a user FDN from eDirectory. Linux User Managment (LUM) maps linux users to eDirectory users and every linux program executed is asking namcd (eDirectory Novell Account Management caching daemon) for information about current user. If namcd is not working it will just use local linux user db for that and if is working correctly you can check every user in eDir like this:

Note: admin is not local linux user but eDir user

Working LUM and namcd:

# id admin
uid=602(admin) gid=602 groups=602,601(sms smdr group)

Not working LUM and/or namcd:

# id admin
id: admin: No such user

The problem is when namcd is working but not returning any data through that socket. Then you get every linux command that checks for current user to hang forever.

# id admin
(hangs forever until you press ctrl+c)

Solution is to kill all hanged processes and then restart namcd

# rcnamcd restart

I was able to login via ssh in a strange way - it asks me for password and then hanged and I left it like this and after an hour I pressed ctrl+c and it showed me the desired shell on the remote server.

If you do this and it still does not work properly and you get messages like this in /var/log/messages

Nov 22 10:19:45 storage /usr/sbin/namcd[720]:  GetGIDsGroupListNumberOfGroupsOfWS: Error [32] in LDAP search while trying to find group FDNs with scope=base for cn=UNIX Workstation - storage,o=servers

You need to recreate nam.conf. For more information look here: http://geroyblog.blogspot.com/2013/04/novell-enterprise-linux-server-install.html

xorg.conf ModeLine for VGA connected ViewSonic monitors

Even with latest Linux distributions you can face the problem of Xorg not detecting your monitor.

My monitor is ViewSonic VG2030wm and it is capable of working at 1680x1050 resolution but Xorg can't detect that and highest resolution that I can use is 1024x768.

You need to add ModeLine so the Xorg can recognize it. Here is my Monitor section from xorg.conf:

Section "Monitor"
        Identifier   "ViewSonic"
        VendorName   "ViewSonic"
        ModelName    "VG2030wm"
        HorizSync    24.0 - 92.0
        VertRefresh  50.0 - 85.0
        Option       "DPMS"
        ModeLine "1680x1050" 170.00 1680 1784 1960 2240 1050 1053 1059 1089 +hsync +vsync
EndSection

Probably you will need just the ModeLine row but I am publishing the whole Monitor section.

You can find more ModeLine for certain monitors here: https://www.mythtv.org/wiki/Modeline_Database

Android 4.2.2 how to set default install path to external SD card

You don't need root access to do this. All you need is to enable Developer Options and then enable USB debugging. Once this is done connect adb to your phone:

root@bender:~# adb shell

shell@android:/ $ pm get-install-location
0[auto]
shell@android:/ $ pm set-install-location 2
shell@android:/ $ pm get-install-location
2[external]
shell@android:/ $ logout

root@bender:~#

as you can see from pm help page:

pm get-install-location: returns the current install location.
    0 [auto]: Let system decide the best location
    1 [internal]: Install on internal device storage
    2 [external]: Install on external media

You need to set this value to 2

Jboss / Wildfly errors when accepting socket java.io.IOException: Bad file descriptor problem

Jboss/Wildfly random crashes under heavy load:

Symptoms:

Jboss/Wildfly crashes randomly with  java.io.IOException: Bad file descriptor. Undertow HTTp server does not restart but admin console and everything else is working and nothing in log files.

How to debug it:

Put this in your configuration file (standalone.xml for Wildfly)

        <logger category="org.xnio.nio">
        <level name="DEBUG"/>
        </logger>

The error:

2018-03-03 17:19:15,273 DEBUG [org.xnio.nio.tcp.server] (default Accept) Exception accepting request, closing server channel TCP server (NIO) <69a407dd>: java.io.IOException: Bad file descriptor
    at sun.nio.ch.IOUtil.configureBlocking(Native Method)
    at sun.nio.ch.ServerSocketChannelImpl.accept(ServerSocketChannelImpl.java:264)
    at org.xnio.nio.QueuedNioTcpServer.handleReady(QueuedNioTcpServer.java:477)
    at org.xnio.nio.QueuedNioTcpServerHandle.handleReady(QueuedNioTcpServerHandle.java:38)
    at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

What is the reason for that:

The reason is that you are probably running a BSD and the bug is in Java implementation of KQueueSelectorImpl.java in latest OpenJDK for BSD (openjdk-1.8.162 at the moment). This was tested on NetBSD 7.1.

Solution:

There is no solution at the moment. You need to move your Jboss/Wildfly to Linux. You can try changing default selector with java command line arguments (example is solution for Solaris):

java -Dxnio.nio.selector.provider=sun.nio.ch.PollSelectorProvider .......

At the moment the only solution to this is not to run it under BSD. Under Linux with EPollSelectorProvider everything works just fine.

How to filter 99.99% of ssh brute force attacks

Recently I've decided to experiment with ssh ciphers / key exchange algorithms to raise the security of my servers. This is the /etc/ssh/sshd_config I've got:

HostKey /etc/ssh/ssh_host_ed25519_key
Ciphers chacha20-poly1305@openssh.com
KexAlgorithms curve25519-sha256@libssh.org

If you don't have HostKey for Ed25519 generate it:

# ssh-keygen -t ed25519

You need to use recent version of ssh / pyTTY to be able to login to this server.
It seems that using only this Cipher/Kex filters all brute force scanners probably because they do not support it. I see only this kind of messages:

Feb 13 14:41:39 horizon9 sshd[22849]: SSH: Server;Ltype: Version;Remote: xxx.x.xx.xxx-53810;Protocol: 2.0;Client: libssh2_1.7.0
Feb 13 14:41:39 horizon9 sshd[22849]: fatal: ssh_dispatch_run_fatal: no matching cipher found [preauth]

More information about ciphers/algorithms read here:

https://cr.yp.to/ecdh.html#curve25519-paper
https://en.wikipedia.org/wiki/Salsa20
https://en.wikipedia.org/wiki/Poly1305

Mounting bootable image file under linux with offset

Use fdisk to see the partitions and their offset of the image file:

# fdisk -l router-devuan-jessie-diskless-2017.img
Disk router-devuan-jessie-diskless-2017.img: 3.7 GiB, 3980394496 bytes, 7774208 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x7b19da02

Device                                                 Boot Start     End Sectors  Size Id Type
router-devuan-jessie-diskless-2017.img    *     2048 7772159 7770112  3.7G 83 Linux

According to fdisk each sector of the image has 512 bytes. We need that so we can calculate the right offset when mounting it.

The image has one linux partition starting at offset of 2048. The right offset is 512*2048.

Here is how to mount it:

# mount -o loop,offset=$((2048*512)) router-devuan-jessie-diskless-2017.img /mnt/

Fast way to delete milion files in Linux

Solutions for problem when trying to delete million files and rm command says:
argument too long

1. using combination of find and xargs

# find . -print0 | xargs -0 rm -f

2. using rsync with empty directory (so far the fastest way I've found)

# rsync -a --delete /path/to/empty-directory/ /path/to/dir-to-be-deleted/

Свързване на Samba с Windows Active Directory

Тази статия предполага, че вече имате инсталирана и настроена Microsoft Windows Active Directory и знаете как се работи с нея. Samba е инсталиран върху Oracle Linux Server release 6.5, но би трябвало да работи и за други Linux дистрибуции с минимални промени.

За да може да са активни Windows потребители и групи в Samba са нужни допълнителни настройки на файловата система.

За целта е нужно файловата система да бъде монтирана с допълнителни опции acl и user_xattr. Можем да проверим за default опции при монтиране ето така:

# tune2fs -l /dev/mapper/vg_server-lv_root |grep -i "mount opt"
Default mount options:    user_xattr acl

Ако не са настроени по default, можем да го направим с командата:

# tune2fs -o acl /dev/mapper/vg_server-lv_root
# tune2fs -o user_xattr /dev/mapper/vg_server-lv_root

 За да проверим в момента тази опция дали е активна, използваме следната команда:

# getfacl /
getfacl: Removing leading '/' from absolute path names
# file: .
# owner: root
# group: root
user::r-x
group::r-x
other::r-x

Инсталираме следните пакети: samba, krb5 (Kerberos), OpenLDAP. При Oracle Linux пакетите са както следва:

# rpm -qa|grep krb
pam_krb5-2.3.11-9.el6.x86_64
krb5-libs-1.10.3-15.el6_5.1.x86_64
krb5-libs-1.10.3-15.el6_5.1.i686
krb5-workstation-1.10.3-15.el6_5.1.x86_64

# rpm -qa|grep -i openldap
openldap-2.4.23-34.el6_5.1.i686
openldap-2.4.23-34.el6_5.1.x86_64

# rpm -qa|grep -i samba  
samba-client-3.6.9-169.el6_5.x86_64
samba-common-3.6.9-169.el6_5.x86_64
samba-winbind-clients-3.6.9-169.el6_5.x86_64
samba-3.6.9-169.el6_5.x86_64
samba-winbind-3.6.9-169.el6_5.x86_64

В другите дистрибуции имената на пакетите са аналогични.

Трябва да се уверим, че Samba е компилирана с поддръжка на LDAP, Kerberos, Winbind и Active Directory:

# smbd -b | grep LDAP
HAVE_LDAP_H
HAVE_LDAP
HAVE_LDAP_DOMAIN2HOSTLIST

# smbd -b | grep KRB
HAVE_KRB5_H
HAVE_ADDRTYPE_IN_KRB5_ADDRESS
HAVE_KRB5 # smbd -b | grep ADS
WITH_ADS
WITH_ADS

# smbd -b | grep WINBIND
WITH_WINBIND
WITH_WINBIN

Настройваме и тестваме Kerberos. Нека домейна да се казва HORIZON9.LOCAL и домейн сървъра се намира на адрес ad-dc-01.horizon9.local
Ето как трябва да излгежда /etc/krb5.conf:

[libdefaults]
 default_realm = HORIZON9.LOCAL
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 HORIZON9.LOCAL = {
  kdc = AD-DC-01.HORIZON9.LOCAL
  admin_server = AD-DC-01.HORIZON9.LOCAL
  default_domain = HORIZON9.LOCAL
 }

[domain_realm]
 .horizon9.local = HORIZON9.LOCAL
 horizon9.local = HORIZON9.LOCAL

Тестваме дали работи:

# kinit Administrator@HORIZON9.LOCAL
Password for Administrator@HORIZON9.LOCAL:
#

Ако не покаже никакво съобщение, значи работи както трябва.


Настройките на Samba са както следва за примерен домейн HORIZON9 (/etc/samba/smb.conf):

[global]

 log file = /var/log/samba/log.%m
 max log size = 50
 security = ads
 netbios name = LINUX-SAMBA-AD
 realm = HORIZON9.LOCAL
 workgroup = HORIZON9
 idmap uid = 500-20000000
 idmap gid = 500-20000000
 winbind enum users = yes
 winbind enum groups = yes
 winbind use default domain = yes
 template homedir = /home/%U
 template shell = /bin/bash
 client use spnego = yes
 domain master = no

 vfs objects = acl_xattr
 map acl inherit = yes
 store dos attributes = yes

 username map = /etc/samba/user.map

 [share1]
    path = /home/samba
    comment = Share1
    public = yes
    browsable = yes
    guest ok = yes
    writable = yes

Файлът /etc/samba/user.map трябва да съдържа следното:

!root = HORIZON9\Administrator HORIZON9\Administrator

или който и да е потребител с администраторски права в домейна.

# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- HORIZON9
Joined 'LINUX-SAMBA-AD' to dns domain 'horizon9.local'
No DNS domain configured for linux-samba-ad. Unable to perform DNS Update.
DNS update failed!
#

Грешката при DNS update се поправя, като се добави на ръка запис в Windows DNS-а.

За да имат достъп програмите до новите потребители и групи от домейна, трябва да редактираме /etc/nsswitch.conf

Редовете:

passwd:     files
shadow:     files
group:      files

ги заменяме с:

passwd:     compat winbind
shadow:     files
group:      compat winbind

Рестартираме winbind и samba:

# service winbind restart
# service smb restart 

Добавяме групата 'Domain Admins' към ACL на файловата система, където ще се намират споделените директории (примерно /home/samba):

# setfacl -Rm g:'Domain Admins':rwx /home/samba
# chown -R nobody:"domain admins" /home/samba

Ако някоя от тези команди ви дава грешка, че не може да намери такава група, най-вероятно е да не се виждат потребителите/групите от домейна. Може да проверите дали потребителите и групите се виждат с помощта на следната команда:

# wbinfo -g
# wbinfo -u

Добавяме winbind в методите за автентикация в /etc/pam.d/. В Oracle Linux това се прави с командата authconfig-tui (за конзола) или authconfig-gtk (графичен интерфейс). Ето промените, които прави authconfig-tui:

# grep -nri winb /etc/pam.d/

/etc/pam.d/system-auth-ac:7:auth        sufficient    pam_winbind.so use_first_pass
/etc/pam.d/system-auth-ac:12:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/system-auth-ac:17:password    sufficient    pam_winbind.so use_authtok
/etc/pam.d/smartcard-auth-ac:10:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/password-auth-ac:7:auth        sufficient    pam_winbind.so use_first_pass
/etc/pam.d/password-auth-ac:12:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/password-auth-ac:17:password    sufficient    pam_winbind.so use_authtok
/etc/pam.d/smartcard-auth:10:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/fingerprint-auth-ac:10:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/fingerprint-auth:10:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/system-auth:7:auth        sufficient    pam_winbind.so use_first_pass
/etc/pam.d/system-auth:12:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/system-auth:17:password    sufficient    pam_winbind.so use_authtok
/etc/pam.d/password-auth:7:auth        sufficient    pam_winbind.so use_first_pass
/etc/pam.d/password-auth:12:account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
/etc/pam.d/password-auth:17:password    sufficient    pam_winbind.so use_authtok

Ако всичко е наред, можете вече да си раздавате права за samba shares от windows машина. След като сте раздали права от Windows машината, може да проверите дали всичко е наред със споделената директория (/home/samba):

# getfacl /home/samba
getfacl: Removing leading '/' from absolute path names
# file: home/samba
# owner: administrator
# group: domain\040admins
user::rwx
user:root:rwx
user:nobody:rwx
group::rwx
group:domain\040users:r-x
mask::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:domain\040users:r-x
default:group:domain\040admins:rwx
default:mask::rwx
default:other::r-x

Тук се виждат и добавените права за достъп от АD потребители и групи.

Забележка:

Навсякъде, където има нужда да се пише домейн или име на хост, пишете го с ГЛАВНИ БУКВИ. Samba е капризна и понякога нещата не се получават, защото нещо е написано с малки букви.

Ако искате да разрешите потребител guest за да могат компютри извън домейна да имат достъп до samba share, е нужно да добавите следното в /etc/samba/user.map :

!root = HORIZON9\guest HORIZON9\guest

От компютъра, който не е в домейна, при опит за достъпване на samba share ще ви поиска потребител и парола. Пишете за потребител: HORIZON9\guest без да въвеждате парола, и вече имате достъп до този share.

Multiboot NetBSD and Debian GNU/Linux with GRUB2

Debian GNU/Linux 8 Jessie Beta2 and NetBSD 7_BETA on the same pc.
 
Linux is on /dev/sda1
NetBSD partition is on /dev/sda4
Grub is installed on master boot record (/dev/sda).

Edit /etc/grub.d/40_custom and add the following lines:

menuentry "NetBSD 7 on sda4" {
        insmod ufs2
        insmod bsd
        set root=(hd0,4)
        chainloader (hd0,4)+1
}

Don't forget to do 'update-grub' before rebooting.

Multiboot FreeBSD 10.0 and Debian GNU/Linux using GRUB2

Debian GNU/Linux 8 Jessie Beta2 and FreeBSD 10.0 multiboot with grub2

Linux is on /dev/sda1
FreeBSD partition is on /dev/sda3 (ada0s3a - BSD style)
Grub is installed on master boot record.

Edit /etc/grub.d/40_custom and add the following lines:

menuentry "FreeBSD 10.0" --class freebsd --class bsd --class os {
insmod ufs2
insmod bsd
set root=(hd0,3)
kfreebsd /boot/kernel/kernel
kfreebsd_loadenv /boot/device.hints
set kFreeBSD.vfs.root.mountfrom=ufs:/dev/ada0s3a
set kFreeBSD.vfs.root.mountfrom.options=rw
}

Don't forget to run 'update-grub' after that and reboot.

Installing dovecot with vpopmail support on Ubuntu 12.04.4 LTS

The problem is that dovecot is not compiled with --with-vpopmail support. Here is step-by-step guide how to make debian package from source.

First you need working vpopmail installed somewhere on the system. Second we need some deb packages installed for the build process:

# apt-get install build-essential dpkg-dev debhelper pkg-config libssl-dev libpam0g-dev libldap2-dev libpq-dev libmysqlclient-dev drac-dev libsasl2-dev libsqlite3-dev libbz2-dev libdb-dev libcurl4-gnutls-dev libexpat-dev hardening-wrapper

Now download the source package:

# apt-get source dovecot

This will get the source and unpack it in current directory

root@mail2:/usr/src/tmp# ls -l
drwxr-xr-x 7 root root    4096 Jul 30 10:53 dovecot-2.0.19
-rw-r--r-- 1 root root 1278258 May 15 17:29 dovecot_2.0.19-0ubuntu2.1.debian.tar.gz
-rw-r--r-- 1 root root    3142 May 15 17:29 dovecot_2.0.19-0ubuntu2.1.dsc
-rw-r--r-- 1 root root 3357056 Apr  8  2012 dovecot_2.0.19.orig.tar.gz

Now enter dovecot directory and edit the file debian/rules. Find the lines:

$(shell dpkg-buildflags --export=configure) sh configure \
                 --with-ldap=plugin \
                 --with-ssl=openssl \
                 --with-sql=plugin \

and add another line like this:

 $(shell dpkg-buildflags --export=configure) sh configure \
                 --with-vpopmail \
                 --with-ldap=plugin \
                 --with-ssl=openssl \
                 --with-sql=plugin \

Alternatively here is a patch:

--- dovecot-2.0.19/debian/rules    2012-06-29 00:33:07.000000000 +0300
+++ ../dovecot-2.0.19/debian/rules    2014-07-30 10:18:00.469643701 +0300
@@ -25,6 +25,7 @@
     dh_testdir
     # Dovecot
     $(shell dpkg-buildflags --export=configure) sh configure \
+            --with-vpopmail \
                 --with-ldap=plugin \
                 --with-ssl=openssl \
                 --with-sql=plugin \

Now go to unpacked dovecot's directory and build the package:

# dpkg-buildpackage -uc -rfakeroot

You will end up with lot of *.deb files. The one that you need is 'dovecot-core_2.0.19-0ubuntu2.1_i386.deb'. Install it, restart dovecot and use your vpopmail support.

# dpkg -i dovecot-core_2.0.19-0ubuntu2.1_i386.deb
# service dovecot restart

Qmail starting error "alert: cannot start: unable to open mutex"

If you are getting this error message when you try to start qmail-send - most probably you are moving qmail from old installation to a new server.

The problem comes from missing diretories (and files) which are on most distributions links and when you archive it the real directories will not be trasfered.

Directory is /var/qmail/queue and as you can see from the example bellow it is just a symlink to another directory (example is from NetBSD qmail package):

 # ls -la /var/qmail      
drwxr-xr-x   2 root  wheel  512 Sep 18 15:25 .
drwxr-xr-x  26 root  wheel  512 Aug 24 22:11 ..
lrwxr-xr-x   1 root  wheel   24 Jul 16 04:36 alias -> /usr/pkg/etc/qmail/alias
lrwxr-xr-x   1 root  wheel   12 Jul 16 04:36 bin -> /usr/pkg/bin
lrwxr-xr-x   1 root  wheel   34 Jul 16 04:36 boot -> /usr/pkg/share/examples/qmail/boot
lrwxr-xr-x   1 root  wheel   26 Jul 16 04:36 control -> /usr/pkg/etc/qmail/control
lrwxr-xr-x   1 root  wheel   24 Jul 16 04:36 doc -> /usr/pkg/share/doc/qmail
lrwxr-xr-x   1 root  wheel   12 Jul 16 04:36 man -> /usr/pkg/man
lrwxr-xr-x   1 root  wheel   16 Jul 16 04:36 queue -> /var/spool/qmail
lrwxr-xr-x   1 root  wheel   24 Jul 16 04:36 users -> /usr/pkg/etc/qmail/users

So the real directory is "queue -> /var/spool/qmail" and here is the listing of subdirs:

# ls -la
drwxr-xr-x  11 qmailq  qmail  512 Sep 18 15:34 .
drwxr-xr-x   8 root    wheel  512 Jul 16 04:36 ..
drwx------   2 qmails  qmail  512 Sep  9 15:11 bounce
drwx------  25 qmails  qmail  512 Jan 19  2008 info
drwx------   2 qmailq  qmail  512 Sep 18 13:55 intd
drwx------  25 qmails  qmail  512 Jan 19  2008 local
drwxr-x---   2 qmailq  qmail  512 Jan 19  2008 lock
drwxr-x---  25 qmailq  qmail  512 Jan 19  2008 mess
drwx------   2 qmailq  qmail  512 Sep 18 13:55 pid
drwx------  25 qmails  qmail  512 Jan 19  2008 remote
drwxr-x---   2 qmailq  qmail  512 Sep 18 13:55 todo

Make sure to transfer this directory to the new server and also chown the dirs with correct permissions.

The actual error is caused by missing file sendmutex which resides in /var/spool/qmail/lock/ directory

# ls -la /var/spool/qmail/lock
total 12
drwxr-x---   2 qmailq  qmail   512 Jan 19  2008 .
drwxr-xr-x  11 qmailq  qmail   512 Sep 18 15:34 ..
-rw-------   1 qmails  qmail     0 Jan 19  2008 sendmutex
-rw-r--r--   1 qmailr  qmail  1024 Sep 16 09:39 tcpto


If this file does not exist just create it with the following command (make sure also to change the file owner):

# touch /var/qmail/queue/lock/sendmutex
# chown qmails:qmail /var/qmail/queue/lock/sendmutex

Lotus Domino 8.5 on Linux causing 100% CPU load.

This is known bug with platform statistics thread which is caught in infinite loop state. Solution is to modify your notes.ini file and disable platform stats:

PLATFORM_STATISTICS_DISABLED=1

Restart your server and there will be no more 100% cpu load.

Roundcube missing contacts after changing IP address of the server.

If you have working installation of Roundcube and for some reason change your IP address the result is missing address book entries of all users.

If in the configuration file config/main.inc.php the line:
$rcmail_config['default_host'] = '10.10.200.1';
is changed to some other IP address (for instance 192.168.10.1) the result is missing address book entries.

In fact entries are not missing but Rouncube shows only enties for the users with current 'default_host' IP address. This means that you have two entries for each users with different 'default_host' field. How to fix it?

First delete all newly created entries with the new default_host:
old: 10.10.200.1, new: 192.168.10.1.

# mysql -u roundcubeuser -proundcubepass
mysql> use roundcube
mysql> delete from users where mail_host='192.168.10.1';
Query OK, 60 rows affected (0.07 sec)

Now change all remained entries with the new default_host:

mysql> update users set mail_host='192.168.10.1' where mail_host='10.10.200.1';
Query OK, 105 rows affected (0.08 sec)
Rows matched: 105  Changed: 105  Warnings: 0

Now you have your addressbook back.

Using $DISPLAY for remote administration.

On X server you can export your display so the apps starts on one server and interfaces shows on another X server. Here is example how to do it.

Configuration:

On remote Linux (192.168.10.5):

# export DISPLAY="192.168.10.9:0"

On local Linux (192.168.10.9):

KDM/GDM/XDM by default on Debian use option -nolisten tcp. You need to remove it to allow X server to accept connections. Restart of display manager is needed.

# xhost + 192.168.10.5

Next step is to start application on remote Linux and it will show on your local Linux X server.

# yast2

Novell Enterprise Linux Server Install and Migration Notes

Novell NetWare 5.1 to Novell Enterprise Linux (OES2) migration scenario: The idea is to add new OES2 server to the existing NetWare 5.1 tree, add replica of the tree, transfer data files from storage volumes and then remove old NetWare 5.1 server.


Notes are for this version of Novell Linux:
# cat /etc/novell-release
Novell Open Enterprise Server 11 (x86_64)
VERSION = 11.1
PATCHLEVEL = 1

Note #1

Updates - you need your registration codes and email address so you can use online updates and install from online repositories. YAST -> Software Management -> Configuration -> Online Update. This will launch browser and lead you to novell site where you need to enter your registration email/codes so the server can be authenticated as licensed one. If everything is ok the new repositories will be added automatically.

Note #2

Time between all servers in the tree must me synchronized. Use same time server for both servers.

Note #3

If you get error about Secure LDAP connection with Novell NetWare 5.x you need to generate valid certificate for Secure LDAP on NetWare with ConsoleOne app.

Note #4

"This user does not have the correct credentials to authenticate to the CIMOM client."
You get this error when trying to add the new server to existing tree. This is bug in installation process. The Unix Config Object which is needed to map users between eDirectory and linux/unix workstation/servers is not created in installation process. Solution is to remove /etc/nam.conf file and recreate it with namconfig.

# rm -f /etc/nam.conf
# namconfig add -a cn=admin,o=company_ltd -r o=company_ltd -w ou=servers,o=company_ltd -S 192.168.20.5:389 -l 636
Enter the admin(cn=admin,o=company_ltd) password:

namconfig.getSchemaName: schema name = cn=schema
NAM Schema is extended successfully.
NAM Unique id schema is already extended.
uidNumber and gidNumber attribute indices already exist in the LDAP server
Creating the Unix Config object...done.
Creating the Unix Workstation object...done.
Adding the workstation context...done.
Stopping the service 'namcd'...done.
Stopping the service 'nscd'...done.
Starting the service 'namcd'... Done.
Starting the service 'nscd'... Done.
Configure done successfully.

Now you can use iManager to enable users for linux (Linux User Management -> Enable Users for Linux)

Note #5

Removing the tree

# ndsconfig rm -a cn=adminuser.o=admincontext

Now start YAST and use OES Installation and Configuration utility to add it to the existing tree.

Note #6

OES Installation and Configuration utility won't start
This is known bug. Use command line to start what you need:

# yast edirectory

or you can see what options you have with the command:

# yast --list
Available modules:
add-on
add-on-creator
apparmor
arkmanager
audit-laf
autofs
autoyast
backup
bootloader
ca_mgm
checkmedia
common_cert
dhcp-server
dirinstall
disk
dns-server
dsl
edirectory
fingerprint-reader
.....

You can also use yast2 (graphical interface) in the same way.

Note #7

Adding replica to the newly connected server
Open your iManager with a browser, login to old server and then add the replica:

Partitions and Replica Management -> Replica View

Enter tree name: .YourTreeName. and hit OK. Now you can see your servers and replicas. Use the "Add Replica" button. If you get an error try using 'ndsrepair' on all servers and then try again.

Note #8

You can use miggui tool to transfer existing files/services to the new server but if you have files in cyrillic or in some other encoding created in the old days when nobody cared about encodings this tool won't work.

Debian GNU/Linux mounting Novell NetWare volumes

This is example of mounting Novell NetWare 5.1 partitions with Debian GNU/Linux (in this case - unstable with kernel 3.2.0).

First we need ncpfs package.

# apt-get install ncpfs

Then we need ncpfs module in kernel (it comes with debian kernel).

# modprobe ncpfs

Novell Context is support.gabrovo.hq
Username is niki
Server IP address is 10.1.42.24
Volume to mount is called - data

# ncpmount -o tcp -S 10.1.42.24 -A 10.1.42.24 -U niki.support.gabrovo.hq -V data /mnt/
Logging into 10.1.42.24 as NIKI.SUPPORT.GABROVO.HQ
Password:
# ls -la /mnt/
total 5
drwxr-xr-x  1 root root  512 Jan  1  1986 .
drwxr-xr-x 24 root root 4096 Mar  7 14:12 ..
dr-xr-xr-x  1 root root  512 Mar 12 13:57 MAN

# df -h
Filesystem                                              Size  Used Avail Use% Mounted on
rootfs                                                  389G   23G  362G   6% /
udev                                                     10M     0   10M   0% /dev
tmpfs                                                   596M  848K  595M   1% /run
/dev/disk/by-uuid/2e00092b-1986-4e86-9887-996ff2949e05  389G  23G  362G   6% /
tmpfs                                                   5.0M     0  5.0M   0% /run/lock
tmpfs                                                   3.4G  172K  3.4G   1% /run/shm
10.1.42.24/NIKI.SUPPORT.GABROVO.HQ                               137G 132G  4.9G  97% /mnt

Mount options and what they mean as follow:
-o tcp - use tcp (or -o udp)
-S 10.1.42.24 - server name/ip address.
-A 10.1.42.24 - which server to ask for name addresses.
-U niki.support.gabrovo.hq - niki is the user name and support.gabrovo.hq is context tree.
-V data - name of the volume to mount - "data".

If you did something wrong when mounting you can clear all your connections to novell with the following command:

# ncplogout -a

Installing skype on Debian Unstable amd64

Installing skype on 64bit linux is easy but how to do it is hard to find on the skype site. Here is what you need to do.

In this case I will show how to install skype on Debian GNU/Linux Unstable amd64. First download the skype package from skype.com - Skype for Debian 7.0 (multiarch).

Install it with the following command:

# dpkg -i --force-all skype-debian_4.1.0.20-1_i386.deb

Now you have installed skype but it will not work because of missing libraries. You can see what is missing with the following command:

# ldd `which skype`
        linux-gate.so.1 =>  (0xf7793000)
        libasound.so.2 => not found

        libXv.so.1 => not found

        libXss.so.1 => not found

        librt.so.1 => /lib32/librt.so.1 (0xf776d000)
        libdl.so.2 => /lib32/libdl.so.2 (0xf7769000)
        libX11.so.6 => not found

        libXext.so.6 => not found

        libQtDBus.so.4 => not found

        libQtWebKit.so.4 => not found

        libQtXml.so.4 => not found

        libQtGui.so.4 => not found

        libQtNetwork.so.4 => not found

        libQtCore.so.4 => not found

        libpthread.so.0 => /lib32/libpthread.so.0 (0xf774e000)
        libstdc++.so.6 => not found
        libm.so.6 => /lib32/libm.so.6 (0xf7727000)
        libgcc_s.so.1 => /usr/lib32/libgcc_s.so.1 (0xf770a000)
        libc.so.6 => /lib32/libc.so.6 (0xf75a8000)
        /lib/ld-linux.so.2 (0xf7794000)

As we see there are missing libs and this happens because skype deb package is build for i386 arch and we have amd64.

We need to add another architecture to apt with the following command:

# dpkg --add-architecture i386
# apt-get update

Now we can install missing libs:

# apt-get -f install

This will download and install missing i386 libs. Now you can start skype.

Note: You can install any package by adding :i386 or :amd64 after the package name: apt-get install  tcpdump:i386