Wednesday, November 7, 2012
Wordpress - Permalink Problem
Copy from sis Salina Blog... :) having same problem and this help me to solve the same problem.
_________________________________________________
Salam,
I've just set up WordPress on my personal FreeBSD server, and now I'm trying to configure permalinks to this format:
/%category%/%postname%
This is not working. I've followed those instructions as well as I can, but it's still not working.
In httpd.conf:
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
Then,I chmod'ed the .htaccess-file so WordPress could edit the file. The file is now containing this:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
After some reading and checking, I found out that my .htaccess-file is not being read! How to solve this?
From forum I read, he says that "You see AllowOverride None anywhere in your config files?"
So in my httpd.conf, I found it here:
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
# AllowOverride None
AllowOverride All
I comment the original setting, and set to AllowOverride All.
After restart apache, the permalinks now working like a charm.
Alhamdulillah..
-----------------------------------------------------------------
For Ubuntu - you can do like this..
1. Manually create a ".htaccess" file and save it in your main WordPress directory. (This is the one with the wp-admin, wp-includes, and wp-content folders.)
2. Go to the Ubuntu terminal and type:
sudo chown -v :www-data "/enterYourFilePathHere/.htaccess"
You should see a line printed saying that the (group) file ownership has been changed to www-data (Apache2).
3. Give Apache2 write access to the file:
sudo chmod -v 664 "/enterYourFilePathHere/.htaccess"
You should see a line printed saying that the mode of the file has been retained.
4. Next, we have to allow WordPress to write to the .htaccess file by enabling mod_write in the Apache2 server. Type the following in the terminal:
sudo a2enmod rewrite
You should see a line printed saying that it is enabling mod rewrite and reminding you to restart the web server
5. So let's do that. Restart the web server, Apache2, for the changes to take effect by typing:
sudo /etc/init.d/apache2 restart
We are all done with the command line prompt; you can close the command line window now.
5. Go into your WordPress admin panel (i.e. http://yourDomain/wp-admin). Go to the Settings --> Permalinks and select the permalink format of your choice. Hit the "Save Changes" button.
6. DONE! Go to your site and check any page (other than your homepage) to ascertain that everything is working as expected.
Friday, September 28, 2012
Tuesday, September 25, 2012
Configuring Hybrid Exchange 2010
First of all we can find Exchange Deployment Assistant
http://technet.microsoft.com/exdeploy2010
Then you can test the SSO authentication at O365 using your AD authentication.
After SSO works, then you can start plan for hybrid exchange 2010.
Here is some image step that give some guidance instead of reading the "Exchange Deployment Assistant".
Ref:
1. http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2-part-1.html
2.http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2.html
3.http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2-part-3.html
4. http://www.howexchangeworks.com/2012/02/office-365-hybrid-deployment-with-exchange-2010-sp2-part-4.html
5. http://www.howexchangeworks.com/2012/02/office-365-hybrid-deployment-with-exchange-2010-sp2-part-5.html
Here is the good reference that you can use for handling this Hybrid Exchange 2010 Migration;
1. http://technet.microsoft.com/en-us/library/hh563847.aspx (hybrid deployment)
2. http://technet.microsoft.com/en-us/library/gg430167 (FOPE connector & Hybrid scenario)
If you have problem during migration, you can get support from the FOPE and O365 engineer by sending Service Request.
1. For O365 Service Request, you can submit at portal o365 admin cpanel, there are button for Service Request.
2. For FOPE Service Request, you can submit at https://support.live.com/default.aspx?productkey=mocpexhome&brand=mocp&&mkt=en-us
Hope all the link could help other user to migrate their mailbox to Office 365. :)
Finally my team successfully go for hybrid exchange o365 :) Thanks to all blogger and technical person who already assist the deployment..
http://technet.microsoft.com/exdeploy2010
There is guideline that you can follow base on your architecture.
ADFS and ADFSP (for single sign on)
Refer to this step : http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652540.aspx
Refer to this step : http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652540.aspx
This is the referrence for cmdlet for office 365:
Then you can test the SSO authentication at O365 using your AD authentication.
After SSO works, then you can start plan for hybrid exchange 2010.
Here is some image step that give some guidance instead of reading the "Exchange Deployment Assistant".
Ref:
1. http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2-part-1.html
2.http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2.html
3.http://www.howexchangeworks.com/2012/01/office-365-hybrid-deployment-with-exchange-2010-sp2-part-3.html
4. http://www.howexchangeworks.com/2012/02/office-365-hybrid-deployment-with-exchange-2010-sp2-part-4.html
5. http://www.howexchangeworks.com/2012/02/office-365-hybrid-deployment-with-exchange-2010-sp2-part-5.html
OR
http://www.msexchange.org/articles_tutorials/office-365/exchange-online/using-hybrid-configuration-wizard-exchange-2010-service-pack-2-part1.htmlHere is the good reference that you can use for handling this Hybrid Exchange 2010 Migration;
1. http://technet.microsoft.com/en-us/library/hh563847.aspx (hybrid deployment)
If you have problem during migration, you can get support from the FOPE and O365 engineer by sending Service Request.
1. For O365 Service Request, you can submit at portal o365 admin cpanel, there are button for Service Request.
2. For FOPE Service Request, you can submit at https://support.live.com/default.aspx?productkey=mocpexhome&brand=mocp&&mkt=en-us
Hope all the link could help other user to migrate their mailbox to Office 365. :)
Finally my team successfully go for hybrid exchange o365 :) Thanks to all blogger and technical person who already assist the deployment..
Wednesday, August 8, 2012
Windows 2008: CRM Server Problem - No internet connection after electrical failure shutdown
Case: CRM Server - Cannot remote & No internet connection after electrical failure shutdown
Study case:
One of the components of the Internet connection on your computer is a built-in set of instructions called TCP/IP. TCP/IP can sometimes become damaged or corrupted. If you cannot connect to the Internet and you have tried all other methods to resolve the problem, TCP/IP might be causing it.
Because TCP/IP is a core component of Windows, you cannot remove it. However, you can reset TCP/IP to its original state by using the NetShell utility (netsh).
Recommended solutions:
- Logged on to the computer as an administrator.
- Type cmd in the Start Search
- Type netsh winsock reset at the command prompt, and then press ENTER.
- > netsh winsock reset
- *Note If the command is typed incorrectly, you will receive an error message. Type the command again. When the command is completed successfully, a confirmation appears, followed by a new command prompt. Then, go to step 3.
- Type exit, and then press ENTER.
Thursday, July 19, 2012
SSO make me feel dizzy and crazy
It is already a week I'm try to study about sso. It is not easy for me.. To many thing I should learn.. About the permission, reading logs, cache, backup file.. It is not easy as what I thought. Mmm.. hopefully I could understand xml coding.. That is my most problem in touching up the front page of SSO.
YaAllah.. permudahkan laa.. :)
YaAllah.. permudahkan laa.. :)
Monday, July 16, 2012
CAS Jasig in Ubuntu: Login Issue
Copy from salinaitmind.blogspot.com :)
Case: Cannot login to ldap after done configuration in Tomcat6.
Solution steps:
1. Check tomcat log
# cd /var/log/tomcat6
# grep -R 443 * <- to grep all log related to 443 port
2. Check established port
# netstat -na
3. Check LDAP log whether CAS listen/connected with Tomcat server.
# tail -f /var/log/debug.log
4. How to check tomcat root folder ?
# nano /etc/init.d/tomcat6
From this file, you will find that root folder for tomcat in:
CATALINA_HOME = /usr/share/tomcat6
5. Check the SSL Cert current location. In my case, the cert located in /root/ folder.
The cert should move to tomcat root folder : /usr/share/tomcat6
6. Move the SSL cert folder from /root to /usr/share/tomcat6/
# cd /root/
# mv cert /usr/share/tomcat6/
7. Change ownership for the cert folder
# cd /usr/share/tomcat6/
# chown -R tomcat6:tomcat6 cert
8. Fix the cert path in server.xml configuration file
9. Check the deployerConfigContext.xml for 'authenticationHandlers' setting:
For new version of CAS Jasig, the basedn setting look like this:
**
value="cn=%u, ou=people, dc=staff, dc=company, dc=com, dc=my"
In our case, we missed the ou object in the property value.
10. Restart Tomcat Server
# /etc/init.d/tomcat6 restart
11. Test login again & good luck. Its working in my case!
Thank you to sifoo Saufi .... cayalah.. terbukti pemegang CCNA.
Case: Cannot login to ldap after done configuration in Tomcat6.
Solution steps:
1. Check tomcat log
# cd /var/log/tomcat6
# grep -R 443 * <- to grep all log related to 443 port
2. Check established port
# netstat -na
3. Check LDAP log whether CAS listen/connected with Tomcat server.
# tail -f /var/log/debug.log
4. How to check tomcat root folder ?
# nano /etc/init.d/tomcat6
From this file, you will find that root folder for tomcat in:
CATALINA_HOME = /usr/share/tomcat6
5. Check the SSL Cert current location. In my case, the cert located in /root/ folder.
The cert should move to tomcat root folder : /usr/share/tomcat6
6. Move the SSL cert folder from /root to /usr/share/tomcat6/
# cd /root/
# mv cert /usr/share/tomcat6/
7. Change ownership for the cert folder
# cd /usr/share/tomcat6/
# chown -R tomcat6:tomcat6 cert
8. Fix the cert path in server.xml configuration file
9. Check the deployerConfigContext.xml for 'authenticationHandlers' setting:
For new version of CAS Jasig, the basedn setting look like this:
**
value="cn=%u, ou=people, dc=staff, dc=company, dc=com, dc=my"
In our case, we missed the ou object in the property value.
10. Restart Tomcat Server
# /etc/init.d/tomcat6 restart
11. Test login again & good luck. Its working in my case!
Thank you to sifoo Saufi .... cayalah.. terbukti pemegang CCNA.
Thursday, July 5, 2012
Cannot start Microsoft Outlook. Unable to open the Outlook window. The set folders could not be opened. The server is not available.
I do have the same problem. I did remove all the profile at first but it doesn't work.
But lucky what I did to solved the problem by using this step :
1. Run Outlook.exe" /resetnavpane
2. Start > Regedit
Locate HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
Delete the Profiles key under the Windows Messaging (Subsystem) key.
3. Then use CCleaner to remove unwanted regedit.
4. And of course you need to reboot your PC to apply any changes in regedit.
But lucky what I did to solved the problem by using this step :
1. Run Outlook.exe" /resetnavpane
2. Start > Regedit
Locate HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem
Delete the Profiles key under the Windows Messaging (Subsystem) key.
3. Then use CCleaner to remove unwanted regedit.
4. And of course you need to reboot your PC to apply any changes in regedit.
PS: recommended to backup regedit. In my case it works very fine \:)/
Wednesday, June 20, 2012
CAS- Install & Configured CAS Server in UBUNTU
Reference site: https://help.ubuntu.com/community/CentralAuthenticationService
1) Install TOMCAT on Ubuntu
# sudo apt-get update
# sudo apt-get install tomcat6
OR
# sudo aptitude install tomcat6
# sudo apt-get install openjdk-6-jdk
Verify Java Installation
# java -version
check installation done
dpkg --get-selections | grep jdk
2) Install Maven
# sudo apt-get install maven2
3) Optionally you can install maven-ant-helper in case you decide to use Ant to create deployment tasks:
# sudo apt-get install ant
# sudo apt-get install maven-ant-helper
4) Configuring CAS Server Build for Maven.
Get the latest CAS server archive from JASig: http://www.ja-sig.org/downloads/cas
-----------------
# wget http://www.ja-sig.org/downloads/cas/cas-server-3.3.5-release.tar.gz
# tar -xvzf cas-server-3.5.0-RC1-release.tar.gz
# cd cas-server-3.5.0-RC1
5) Edit pom.xml
# cd cas-server-wepapps/
# nano pom.xml
and add this line:
7) Run this command in cas-server-3.5.0-RC1/cas-server-webapp directory
# cd cas-server-3.5.0-RC1/cas-server-webapp
# mvn clean package
8) Copy all content from content from cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
# cd cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
# cp -Rp * /var/lib/tomcat6/webapps/ROOT/
9) Restart tomcat service
#service tomcat6 restart
OR
# /etc/init.d/tomcat6 restart
10)Setup SSL (self signed cert) with tomcat
# keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore
* You will be requested for data that will show on your user browser's certificate:
Enter keystore password: abc123
Re-enter new password: abc123
What is your first and last name: Jeremy Atkins
What is your organizational unit: OU
What is the name of your organization: NOYO
What is the name of your city or your locality: MyCity
What is the name of your state or province: Saudi Arabia
What is the two-letter country code for this unit: uk
Is the entered data correct: yes>
11) Edit server.xml again
12) Restart tomcat service
# service tomcat6 restart
OR
# /etc/init.d/tomcat6 restart
13) Make sure firewall allow port 8080, 8443, 8009, 389.
Test telnet the port within server sso and ldap through all related port.
# telnet serverip 8443
# telnet serverip 8080
# telnet serverip 8009
# telnet serverip 389
14) ** Test site >> http://serveraddress:8080
15) Configure deployerConfigContex.xml
#/var/lib/tomcat6/webapps/ROOT/WEB-INF
Add this line at :
----------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="cn=%u,ou=people,dc=student,dc=contoso,dc=edu,dc=sa" /]
[property name="contextSource" ref="contextSource" /] [/bean]
----------------------------------------------------------------------------
And this line after :
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list>
[value]ldap://serverldap_ip/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
[property name="password" value="asdfgh"/]
[property name="baseEnvironmentProperties"]
[map]
[entry]
[key]
[value]java.naming.security.authentication[/value]
[/key]
[value]simple[/value]
[/entry]
[/map]
[/property]
[/bean]
-----------------------------------------------------------
**Change [ ] to < and > & Save file.
16) Restart tomcat service
#service tomcat6 restart
17) Allow port 8443 > 443
# nano /etc/sysctl.conf add -> sysctl net.ipv4.ip_forward=1
Run iptable command:
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination serverapps_ip:8443
18) Test site >> http://serveraddress
19) Test Login
-----------------------------------------------------------------------------------
1) Install TOMCAT on Ubuntu
# sudo apt-get update
# sudo apt-get install tomcat6
OR
# sudo aptitude install tomcat6
# sudo apt-get install openjdk-6-jdk
Verify Java Installation
# java -version
check installation done
dpkg --get-selections | grep jdk
2) Install Maven
# sudo apt-get install maven2
3) Optionally you can install maven-ant-helper in case you decide to use Ant to create deployment tasks:
# sudo apt-get install ant
# sudo apt-get install maven-ant-helper
4) Configuring CAS Server Build for Maven.
Get the latest CAS server archive from JASig: http://www.ja-sig.org/downloads/cas
-----------------
# wget http://www.ja-sig.org/downloads/cas/cas-server-3.3.5-release.tar.gz
# tar -xvzf cas-server-3.5.0-RC1-release.tar.gz
# cd cas-server-3.5.0-RC1
5) Edit pom.xml
# cd cas-server-wepapps/
# nano pom.xml
and add this line:
[dependency]*Change [ ] to < and > & Save file.${project.groupId} cas-server-support-ldap ${project.version} [/dependency]
6) Edit server.xml
# nano /var/lib/tomcat6/conf/server.xml
*Make sure you add or enable this
[Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /] [Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /]**Change [ ] to < and > & Save file.
7) Run this command in cas-server-3.5.0-RC1/cas-server-webapp directory
# cd cas-server-3.5.0-RC1/cas-server-webapp
# mvn clean package
8) Copy all content from content from cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
# cd cas-server-3.5.0-RC1/cas-server-webapp/target/cas-server-3.5.0-RC1/
# cp -Rp * /var/lib/tomcat6/webapps/ROOT/
9) Restart tomcat service
#service tomcat6 restart
OR
# /etc/init.d/tomcat6 restart
10)Setup SSL (self signed cert) with tomcat
# keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore
* You will be requested for data that will show on your user browser's certificate:
Enter keystore password: abc123
Re-enter new password: abc123
What is your first and last name: Jeremy Atkins
What is your organizational unit: OU
What is the name of your organization: NOYO
What is the name of your city or your locality: MyCity
What is the name of your state or province: Saudi Arabia
What is the two-letter country code for this unit: uk
Is the entered data correct: yes>
11) Edit server.xml again
**Change [ ] to < and > & Save file.[Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat6/keystore" keystorePass="abc123" /]
12) Restart tomcat service
# service tomcat6 restart
OR
# /etc/init.d/tomcat6 restart
13) Make sure firewall allow port 8080, 8443, 8009, 389.
Test telnet the port within server sso and ldap through all related port.
# telnet serverip 8443
# telnet serverip 8080
# telnet serverip 8009
# telnet serverip 389
14) ** Test site >> http://serveraddress:8080
15) Configure deployerConfigContex.xml
#/var/lib/tomcat6/webapps/ROOT/WEB-INF
Add this line at
----------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="cn=%u,ou=people,dc=student,dc=contoso,dc=edu,dc=sa" /]
[property name="contextSource" ref="contextSource" /] [/bean]
----------------------------------------------------------------------------
And this line after :
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list>
[value]ldap://serverldap_ip/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
[property name="password" value="asdfgh"/]
[property name="baseEnvironmentProperties"]
[map]
[entry]
[key]
[value]java.naming.security.authentication[/value]
[/key]
[value]simple[/value]
[/entry]
[/map]
[/property]
[/bean]
-----------------------------------------------------------
**Change [ ] to < and > & Save file.
16) Restart tomcat service
#service tomcat6 restart
17) Allow port 8443 > 443
# nano /etc/sysctl.conf add -> sysctl net.ipv4.ip_forward=1
Run iptable command:
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination serverapps_ip:8443
18) Test site >> http://serveraddress
19) Test Login
-----------------------------------------------------------------------------------
Reference site:
http://rackerhacker.com/2009/11/16/automatically-loading-iptables-on-debianubuntu/
http://stackoverflow.com/questions/2619798/setup-ssl-self-signed-cert-with-tomcat
https://help.ubuntu.com/community/IptablesHowTo
Wednesday, June 13, 2012
Howto-FreeBSD9-CAS-Server
After settled Create New Server + Config IP,hostname
1. Download latest diablo-jdk-freebsd and cp to /usr/ports/distfiles
2. Download latest tzupdater and cp to /usr/ports/distfiles
3. cd /usr/ports/java/diablo-jdk16/ && make install clean
4. cd /usr/ports/www/tomcat6/ && make install clean
5 Install apache22 + Apache Setup
Add: apache22_enable="YES"
tomcat60_enable="YES"
6 Install mod_jk (connector used by appche to connect to servlet container)
7 Configure Apache SSL (HTTPS) - refer to apache documentation
8. Edit /usr/local/etc/apache22/httpd.conf
Change this parameter ->
Listen 80 to Listen 443
9. Make sure this module load at apache start
Enable this in httpd.conf -> LoadModule jk_module libexec/apache22/mod_jk.so
10.Add this in httpd.conf -> Include etc/apache22/mod_jk.conf
11.Create new file
#ee /usr/local/etc/apache22/mod_jk.conf
And add this
JkWorkersFile /usr/local/etc/apache22/workers.properties
1. Download latest diablo-jdk-freebsd and cp to /usr/ports/distfiles
2. Download latest tzupdater and cp to /usr/ports/distfiles
3. cd /usr/ports/java/diablo-jdk16/ && make install clean
4. cd /usr/ports/www/tomcat6/ && make install clean
5 Install apache22 + Apache Setup
Add: apache22_enable="YES"
tomcat60_enable="YES"
6 Install mod_jk (connector used by appche to connect to servlet container)
7 Configure Apache SSL (HTTPS) - refer to apache documentation
8. Edit /usr/local/etc/apache22/httpd.conf
Change this parameter ->
Listen 80 to Listen 443
9. Make sure this module load at apache start
Enable this in httpd.conf -> LoadModule jk_module libexec/apache22/mod_jk.so
10.Add this in httpd.conf -> Include etc/apache22/mod_jk.conf
11.Create new file
#ee /usr/local/etc/apache22/mod_jk.conf
And add this
JkWorkersFile /usr/local/etc/apache22/workers.properties
JkLogFile /var/log/jk.log
JkShmFile /var/log/jk-runtime-status
JkLogLevel error
Save mod_jk.conf
12.Create new file
# ee /usr/local/etc/apache22/workers.properties
and add this
worker.list=host-name-newsso01
worker. host-name-newsso01.port=8009
worker. host-name-newsso01.host= host-name-newsso01
worker. host-name-newsso01.type=ajp13
worker. host-name-newsso01.lbfactor=1
Save workers.properties
Note : please change all " host-name-newsso01 " with your own server name
13.Edit /usr/local/etc/apache22/extra/httpd-ssl.conf
Disable Listen 443
Add this (bottom of file before )
JkMount /* host-name-newsso01
JkMount /*.jsp host-name-newsso01
Note : please change all " host-name-newsso01 with your own server name
14. cd /usr/local/apache-tomcat-6.0/conf
15. ee server.xml
*Make sure you add or enable this
connectionTimeout="20000"
redirectPort="8443" />
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
save server.xml
16. Edit /etc/rc.conf and add this line if not yet(STEP 5)
apache22_enable="YES"
tomcat60_enable="YES"
save rc.conf
17. Start apache and tomcat
18. Test access tomcat (non secure using http://servername:8080)
then try access secure connection https using https://servername:8080
**Unable to make a secure connection to the server.
This may be a problem with the server or it may be requiring a client authentication certificate that you don't have
CONFIGURE CAS SERVER
1. Install apache MAVEN -
# cd /usr/ports/devel/maven2 && make install clean ; rehash
2. Download latest JASIG CAS Server from http://downloads.jasig.org/cas/ and save in your home directory
3. Extract downloaded CAS Server
For example if latest version is cas-server-3.4.11-release.tar.gz
#tar -xzf cas-server-3.4.11-release.tar.gz
#cd cas-server-3.4.11/cas-server-webapp
#ee pom.xml and add this line
${project.groupId}
cas-server-support-ldap
${project.version}
save file
4.Run this command in cas-server-3.4.11/cas-server-webapp directory
# mvn clean package
5.Run this command in cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
Stop apache tomcat
# /usr/local/etc/rc.d/tomcat6 stop
6.Replace all content in /usr/local/apache-tomcat-6.0/webapps/ROOT/ with content from cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
# cp -Rp * /usr/local/apache-tomcat-6.0/webapps/ROOT/
:/var/lib/tomcat6/webapps/ROOT (UBUNTU)
7.Edit deployerConfigContext.xml
# ee /usr/local/apache-tomcat-6.0/webapps/ROOT/WEB-INF/deployerConfigContext.xml
make sure you configure this parameter same like this
8.Add this line at :
--------------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="uid=%u,ou=people,dc=lms,dc=contoso,dc=edu,dc=my" /]
[property name="contextSource" ref="contextSource" /] [/bean]
-------------------------------------------------------------------------------
and put this in ldap server parameter (For lms LDAP)
[value]ldap://xxx.xxx.xxx.xx/[/value]
OR paste this line (For LDAP):
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list]
[value]ldap://xxx.xxx.xx.xx/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
----------------------------------------------------------------
9. Start apache tomcat
#/usr/local/etc/rc.d/tomcat6 start
10.Create Server Key
http://www.digicert.com/csr-creation-apache.htm
11.Run this command in your home
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
**Check https details/info from current https site - https://sso.contoso.edu.my
Klik dekat lock, view certificate details > subjects
12.Get server key from server.csr
- Open server.csr
- Copy key inside .csr and paste in notepad (make sure only key copied)
________________________________________________________________
(Common Name)CN :*.contoso.sdn.bhd
(Organization)O :Contoso Sdn Bhd (CONTOS)
(Locality) L :Shah Alam
(State) S :Selangor
(Country) C :MY
________________________________________________________________
13.Register/Create New SSL certificate from digicert
- Login Digicert
- Reissue action
- Get duplicate (To get duplicate certificate)
- Paste key from notepad
- Server software : Apache
- Note : New SSO Staff
- Others lets default
- Process
** Wait until u get mail for the new cert(cert.zip)
14.Download cert > Unzip cert > copy to sso server(your home)
15.Create folder certs in apache22
#cd /usr/local/etc/apache22/
#mkdir cert
17. Move all key and cert file to this directory
#cd /home/you/
#mv server.key /usr/local/etc/apache22/cert
#mv DigiCertCA.crt /usr/local/etc/apache22/cert
#mv star_contoso_edu_my.crt /usr/local/etc/apache22/cert
** Make sure all 3 key inside cert folder
-rw-r--r-- 1 root wheel 3858 May 4 02:38 DigiCertCA.crt
-rw-r--r-- 1 root wheel 1679 May 4 02:37 server.key
-rw-r--r-- 1 root wheel 2450 May 4 02:38 star_contoso_edu_my.crt
** After all setting ok, setchmod to 444 for all
18.Configure SSL cert in your server.Edit httpd-ssl.conf
#ee /usr/local/etc/apache22/extra/httpd-ssl.conf
Enable and define right path for this SSL Cert:
____________________________________________________________________________
SSLCertificateFile "/usr/local/etc/apache22/cert/star_contoso_edu_my.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/cert/server.key"
SSLCertificateChainFile "/usr/local/etc/apache22/cert/DigiCertCA.crt"
____________________________________________________________________________
19.Test Config Apache
#apachectl configtest
20.Enable httpd-ssl-conf in basic apache setting http.conf
#ee /usr/local/etc/apache22/extra/httpd.conf
Include etc/apache22/extra/http-default.conf
21. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start
22. Now you should able to access you CAS server
https://servername/login
Done.
JkShmFile /var/log/jk-runtime-status
JkLogLevel error
Save mod_jk.conf
12.Create new file
# ee /usr/local/etc/apache22/workers.properties
and add this
worker.list=host-name-newsso01
worker. host-name-newsso01.port=8009
worker. host-name-newsso01.host= host-name-newsso01
worker. host-name-newsso01.type=ajp13
worker. host-name-newsso01.lbfactor=1
Save workers.properties
Note : please change all " host-name-newsso01 " with your own server name
13.Edit /usr/local/etc/apache22/extra/httpd-ssl.conf
Disable Listen 443
Add this (bottom of file before )
JkMount /* host-name-newsso01
JkMount /*.jsp host-name-newsso01
Note : please change all " host-name-newsso01 with your own server name
14. cd /usr/local/apache-tomcat-6.0/conf
15. ee server.xml
*Make sure you add or enable this
redirectPort="8443" />
clientAuth="false" sslProtocol="TLS" />
save server.xml
16. Edit /etc/rc.conf and add this line if not yet(STEP 5)
apache22_enable="YES"
tomcat60_enable="YES"
save rc.conf
17. Start apache and tomcat
18. Test access tomcat (non secure using http://servername:8080)
then try access secure connection https using https://servername:8080
**Unable to make a secure connection to the server.
This may be a problem with the server or it may be requiring a client authentication certificate that you don't have
CONFIGURE CAS SERVER
1. Install apache MAVEN -
# cd /usr/ports/devel/maven2 && make install clean ; rehash
2. Download latest JASIG CAS Server from http://downloads.jasig.org/cas/ and save in your home directory
3. Extract downloaded CAS Server
For example if latest version is cas-server-3.4.11-release.tar.gz
#tar -xzf cas-server-3.4.11-release.tar.gz
#cd cas-server-3.4.11/cas-server-webapp
#ee pom.xml and add this line
save file
4.Run this command in cas-server-3.4.11/cas-server-webapp directory
# mvn clean package
5.Run this command in cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
Stop apache tomcat
# /usr/local/etc/rc.d/tomcat6 stop
6.Replace all content in /usr/local/apache-tomcat-6.0/webapps/ROOT/ with content from cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
# cp -Rp * /usr/local/apache-tomcat-6.0/webapps/ROOT/
:/var/lib/tomcat6/webapps/ROOT (UBUNTU)
7.Edit deployerConfigContext.xml
# ee /usr/local/apache-tomcat-6.0/webapps/ROOT/WEB-INF/deployerConfigContext.xml
make sure you configure this parameter same like this
8.Add this line at
--------------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="uid=%u,ou=people,dc=lms,dc=contoso,dc=edu,dc=my" /]
[property name="contextSource" ref="contextSource" /] [/bean]
-------------------------------------------------------------------------------
and put this in ldap server parameter (For lms LDAP)
[value]ldap://xxx.xxx.xxx.xx/[/value]
OR paste this line (For LDAP):
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list]
[value]ldap://xxx.xxx.xx.xx/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
----------------------------------------------------------------
9. Start apache tomcat
#/usr/local/etc/rc.d/tomcat6 start
10.Create Server Key
http://www.digicert.com/csr-creation-apache.htm
11.Run this command in your home
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
**Check https details/info from current https site - https://sso.contoso.edu.my
Klik dekat lock, view certificate details > subjects
12.Get server key from server.csr
- Open server.csr
- Copy key inside .csr and paste in notepad (make sure only key copied)
________________________________________________________________
(Common Name)CN :*.contoso.sdn.bhd
(Organization)O :Contoso Sdn Bhd (CONTOS)
(Locality) L :Shah Alam
(State) S :Selangor
(Country) C :MY
________________________________________________________________
13.Register/Create New SSL certificate from digicert
- Login Digicert
- Reissue action
- Get duplicate (To get duplicate certificate)
- Paste key from notepad
- Server software : Apache
- Note : New SSO Staff
- Others lets default
- Process
** Wait until u get mail for the new cert(cert.zip)
14.Download cert > Unzip cert > copy to sso server(your home)
15.Create folder certs in apache22
#cd /usr/local/etc/apache22/
#mkdir cert
17. Move all key and cert file to this directory
#cd /home/you/
#mv server.key /usr/local/etc/apache22/cert
#mv DigiCertCA.crt /usr/local/etc/apache22/cert
#mv star_contoso_edu_my.crt /usr/local/etc/apache22/cert
** Make sure all 3 key inside cert folder
-rw-r--r-- 1 root wheel 3858 May 4 02:38 DigiCertCA.crt
-rw-r--r-- 1 root wheel 1679 May 4 02:37 server.key
-rw-r--r-- 1 root wheel 2450 May 4 02:38 star_contoso_edu_my.crt
** After all setting ok, setchmod to 444 for all
18.Configure SSL cert in your server.Edit httpd-ssl.conf
#ee /usr/local/etc/apache22/extra/httpd-ssl.conf
Enable and define right path for this SSL Cert:
____________________________________________________________________________
SSLCertificateFile "/usr/local/etc/apache22/cert/star_contoso_edu_my.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/cert/server.key"
SSLCertificateChainFile "/usr/local/etc/apache22/cert/DigiCertCA.crt"
____________________________________________________________________________
19.Test Config Apache
#apachectl configtest
20.Enable httpd-ssl-conf in basic apache setting http.conf
#ee /usr/local/etc/apache22/extra/httpd.conf
Include etc/apache22/extra/http-default.conf
21. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start
22. Now you should able to access you CAS server
https://servername/login
Done.
How To Connect To Amazon EC2 Linux Instance Using PuTTY Private Key On Windows
When first setting up an Amazon EC2 server, you receive an ssh key to connect to the instance.
Example: contoso.pem
Convert Amazon EC2 PEM files to PPK
Open Puttygen, if you dont have puttygen, you can get it for download at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
OR use PuTTYgen from WinSCP, go to Windows Start Menu -> All Programs -> WinSCP ->Key Tools -> PuTTYgen
Use putty to access cloud server
Convert Amazon EC2 PEM files to PPK
Open Puttygen, if you dont have puttygen, you can get it for download at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
OR use PuTTYgen from WinSCP, go to Windows Start Menu -> All Programs -> WinSCP ->Key Tools -> PuTTYgen
- Now click Conversions > Import.
- Choose your PEM file that was downloaded from the Amazon EC2 dashboard
- Click on Save Private Key and name it something .ppk
- Voila, use your ppk to login through Putty to your Amazon EC2 Instance
Use putty to access cloud server
- Open PuTTY and enter your host
- Select “data” on the left hand side under “auto-login username” enter the user “root”
- Select “Auth” on the left hand side then under “private key for authentication” select the .ppk file we just created with PuTTYGen.
- Go back to the top(Session) and connect to your instance.
- Open putty connection
Thursday, June 7, 2012
Access Cloud
Usually I never care how to access cloud.. but today since sister salina is on leave, so I have to assist bro John.
#sudo su
#password aminah:
Firsty we do remote the cloud using unix server. In my case im using Ubuntu server to ssh the cloud server.
1. Copy contoso.pem to /home/aminah
2. chmod 400 contoso.pem
3. ssh -i contoso.pem ubuntu@xxx-ip-ip-ip-ip.ap-southeast-1.compute.amazonaws.com (this we can get from below step)
#sudo su
#password aminah:
Firsty we do remote the cloud using unix server. In my case im using Ubuntu server to ssh the cloud server.
1. Copy contoso.pem to /home/aminah
2. chmod 400 contoso.pem
3. ssh -i contoso.pem ubuntu@xxx-ip-ip-ip-ip.ap-southeast-1.compute.amazonaws.com (this we can get from below step)
- step to get command.
- Go to amazon (https://console.aws.amazon.com)-> login
- EC2 -> instance
- right click to the instance -> connect
- choose tab
Connect with a standalone SSH Client -> copy ps: the command line is the ssh command in step 2.
done..
If you want to copy, I choose to use reverse copy.
Thursday, May 31, 2012
UBUNTU: Add New Hard Disk in Virtual Server
Case: In Unlicensed vmware
1. Power off the server
2. Right Click on server -> Edit Setting
3. Add New Hard Disk -> Next > Next
4. Disk Size: 25 GB -> Case for db server(don't click thin provisioning)
5. Specify Datastore -> Datastore01
6. Next -> Next -> Finish -> Ok
** Power on the server back.
How to present/mount New Hard Disk in Ubuntu?
1. To list the HD in server
# fdisk -l /dev/sdb/ ..........
2. To Format the new Hard Disk
# mkfs.ext3 /dev/sdb
# Yes: Y -> Enter
# cd /
3. To Mount New HD in Ubuntu Server
# mkdir data && mount /dev/sdb/ /data/
# df -h
4. Configure/edit fstab file
# nano /etc/fstab
**Add line under the last row:(Can also refer to existing ubuntu server) /dev/sdb /data/ ext3 noatime 0 0 Ctrl X -> Y -> Enter (to save -> exit).
1. Power off the server
2. Right Click on server -> Edit Setting
3. Add New Hard Disk -> Next > Next
4. Disk Size: 25 GB -> Case for db server(don't click thin provisioning)
5. Specify Datastore -> Datastore01
6. Next -> Next -> Finish -> Ok
** Power on the server back.
How to present/mount New Hard Disk in Ubuntu?
1. To list the HD in server
# fdisk -l /dev/sdb/ ..........
2. To Format the new Hard Disk
# mkfs.ext3 /dev/sdb
# Yes: Y -> Enter
# cd /
3. To Mount New HD in Ubuntu Server
# mkdir data && mount /dev/sdb/ /data/
# df -h
4. Configure/edit fstab file
# nano /etc/fstab
**Add line under the last row:(Can also refer to existing ubuntu server) /dev/sdb /data/ ext3 noatime 0 0 Ctrl X -> Y -> Enter (to save -> exit).
Wednesday, May 30, 2012
Storage - DELL equallogic/ modular disk storage
Another revision... May be can be use if I left from this company :) hehehe..
What is the different between Equallogic and MD ? Equallogic got space and CPU while MD got only space...
Equallogic designed to meet the performance and availability needs of virtualization environments in medium to large enterprises. These virtualized iSCSI storage area networks (SANs) combine intelligence and automation with fault tolerance to provide simplified administration, enterprise performance and reliability, and seamless scalability.
MD can simplify IT by optimizing your data storage architecture and ensuring the availability of your data. This frees up valuable resources to help make innovation a daily practice.
What is the different between Equallogic and MD ? Equallogic got space and CPU while MD got only space...
Equallogic designed to meet the performance and availability needs of virtualization environments in medium to large enterprises. These virtualized iSCSI storage area networks (SANs) combine intelligence and automation with fault tolerance to provide simplified administration, enterprise performance and reliability, and seamless scalability.
MD can simplify IT by optimizing your data storage architecture and ensuring the availability of your data. This frees up valuable resources to help make innovation a daily practice.
Storage - NetApss
Some revision :)
Term in storage :
1. NAS - Network attach Storage
2. DAS - Direct attach Storage
3. SAN - Storage attach Network
3 types of hardisk that I know :
1. SATA - Serial AT attachment
2. SSD - SSD - Solid state drive -> yang ni lg laju tapi mahal
3. SAS - Serial attach SCSI -> yang nih capacity besar... nih kita biasa guna.
iSCSI - internet Small Computer Software Interface
If you are using windows server 2003, you need to install Ascsi initiator.(download first).
- Initiate iSCSI
- General
- copy -> initiator node name (iqn...)
- Discovery
- add target portal -> ip netapps
- NetApss
- initiator groups
- Manage
- add initiator groups
- groupname : PM-S-CONTOSO
- type : iSCSI
- OS : Windows (or any OS)
- Initiator : initiator route name (iqn...)
- add
- check manage
- Volumes
- add new volumes
- new -> flexible
- volume image : CONTOSOvol01
- language : posix
- UTF-8 -> disable
- next -> content agregate + left
- next -> total size
- volume size -> ____ Gb
- snapshot -> reserve 10%
- next -> commits
- Manage
- LUN (logical unit number)
- add LUN
- path -> vol/CONTOSOvol01/CONTOSOlun01
- lun protocol -> windows
- description -> apa2 laa..
- size -> smaller than volume size
- unit : ___Gb
- space reserved (tick)
- Manage (map group)
- map
- LUN ID : 01
- add group to map
- PM-S-CONTOSO
- done
- Server CONTOSO
- my computer -> manage
- computer management
- disk management
- rescan disk
- initial disk (tick)
Thin provision : not recommended to use for database server.
Tuesday, May 22, 2012
apache cannot restart because of libphp5.so
I've got this error after upgrading apache from apache-2.2.19 to 2.2.22_5
It is resolved after I upgrade the php....
Performing sanity check on apache22 configuration: httpd: Syntax error on line 104 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/libphp5.so into server: Cannot open "/usr/local/libexec/apache22/libphp5.so" Starting apache22. httpd: Syntax error on line 104 of /usr/local/etc/apache22/httpd.conf: Cannot load /usr/local/libexec/apache22/libphp5.so into server: Cannot open "/usr/local/libexec/apache22/libphp5.so"
It is resolved after I upgrade the php....
My Cluster Crash :(
Ok.. today is my bad day.. This is the first time that my snapshot doesn't work... You know why??? It is because the server is cluster.. We cannot simply revert your snapshot for cluster server.
What you should do actually you should copy the folder and move to the current server. This is for moodle application.
WARGH...keja dah aaa menimbun.. tambah lg satu masalah.. :( sedih... Tapi, it is a process of learning... Go shariha go..
Wednesday, May 9, 2012
Upgrade Moodle 2.1 to 2.2
Okay.. waiting for snapshot VM..
Then keep reading... lalala..
- Do a full database backup!
- Do a full moodledata backup
- Check your backups carefully
ok.. done all backup thing..
now.. do the step.. copy current moodle to moodle.old
Then.. copy new moodle to current path.
Take config.php old one.. to new moodle.
Then.. go to admin page.. Follow upgrade instruction.
Problem
1. Coding changes that already made in old version should be recheck again.
Solution
1. Developer have to use CVS may be or other tool to check the different in the new code.
Restore Image In Lab
Today we are testing to broadcast an image to multiple PCs. In this case my sifu show our team member how to use clonezilla (Clone and restore OS over network). There will be 1 server which will save the image where we use mode clonezilla-save-disk. The image is come from 1 PC which already install with OS and other default application.
Check clonezilla-start by "space" key, various modes will be shown:
clonezilla-save-disk: clonezilla save disk mode
clonezilla-restore-disk: clonezilla restore disk mode
clonezilla-save-parts: clonezilla save partitions mode
clonezilla-restore-parts: clonezilla restore partitions mode
Then, the PC that we want to clone need to talk via network with the server.
After finish.. We choose clonezilla-restore-disk. Here we can choose either to make it multicase, unicast or broadcast.
In this testing we manage to restore 2 PCs in 4 minutes via network.
Well done.. The step is already simplified... Choose default setting... :)
Read more here..
There will be more testing where we can Automatically set hostname, group and SID of cloned Ms Windows Machine .
Check clonezilla-start by "space" key, various modes will be shown:
clonezilla-save-disk: clonezilla save disk mode
clonezilla-restore-disk: clonezilla restore disk mode
clonezilla-save-parts: clonezilla save partitions mode
clonezilla-restore-parts: clonezilla restore partitions mode
Then, the PC that we want to clone need to talk via network with the server.
After finish.. We choose clonezilla-restore-disk. Here we can choose either to make it multicase, unicast or broadcast.
In this testing we manage to restore 2 PCs in 4 minutes via network.
Well done.. The step is already simplified... Choose default setting... :)
Read more here..
There will be more testing where we can Automatically set hostname, group and SID of cloned Ms Windows Machine .
Monday, May 7, 2012
Reverse Copy
I nearly forget about reverse copy. Yasterday sis Salina have problem to copy file for Server Source to Server Destination.
Here is the way where we can pull the data ( reverse copy )
Normal copy ( copy command at source server ) source -> destination
Reverse copy ( copy command at destination server ) destination <- source
For example you want to copy DATA from Server S (source) to Server D (destination):
Normally at Server S
# scp /path/to/DATA aminah@ipServerD: -> file akan ada kat home/aminah/
# scp /path/to/copyDATA aminah@ipServerD:/path/to/save/ -> file akan ada kat /path/to/save/
But for reverse copy, we copy DATA to our home at server S.
-> so at server S we have /home/aminah/DATA
At Server D
# scp aminah@ServerS.contoso.com.my:DATA ./
Reverse SCP for amazon
#scp -i mykey.pem root@ec2-184-73-72-150.compute-1.amazonaws.com:/file/path/filename ./
./ -> mean current directory
Normal SCP for amazon
#scp -i mykey.pem filename root@ec2-184-73-72-150.compute-1.amazonaws.com:/path/to/save/
hehehe... done..
Here is the way where we can pull the data ( reverse copy )
Normal copy ( copy command at source server ) source -> destination
Reverse copy ( copy command at destination server ) destination <- source
For example you want to copy DATA from Server S (source) to Server D (destination):
Normally at Server S
# scp /path/to/DATA aminah@ipServerD: -> file akan ada kat home/aminah/
# scp /path/to/copyDATA aminah@ipServerD:/path/to/save/ -> file akan ada kat /path/to/save/
But for reverse copy, we copy DATA to our home at server S.
-> so at server S we have /home/aminah/DATA
At Server D
# scp aminah@ServerS.contoso.com.my:DATA ./
Reverse SCP for amazon
#scp -i mykey.pem root@ec2-184-73-72-150.compute-1.amazonaws.com:/file/path/filename ./
./ -> mean current directory
Normal SCP for amazon
#scp -i mykey.pem filename root@ec2-184-73-72-150.compute-1.amazonaws.com:/path/to/save/
hehehe... done..
Upgrade Exchange 2010 SP1
Ok.. today I have to review all important thing for upgrading Exchange 2010 to SP1... I really hate in upgrading microsoft product since there will be a lot of forum and blog that I need to read to solved minor problem.. From my reading I should not only upgrade to SP1 but also SP2 since there are bugs already resolved in SP1... Ok.. time to read and later will update you the outcomes..
Peace... :)
Peace... :)
Thursday, May 3, 2012
Setup SSL Server - Apache SSL
First of all, I would like to give full of thanks to Bro Saufi for transferring this knowledge :)
Ok.. Here we already subscribe Digicert.. You can choose any SSL certificate provider such as www.verisign.com, www.godaddy.com and etc...
There is wildcard cert and standart cer.. Later I will discuss on this issues. In this case, we are using wildcard cert where the cert will start with *.contoso.com
A) SSL Certificate CSR Creation
ref : http://www.digicert.com/csr-creation.htm
Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server:
Distinguished Name or DN
Ok.. Here we already subscribe Digicert.. You can choose any SSL certificate provider such as www.verisign.com, www.godaddy.com and etc...
There is wildcard cert and standart cer.. Later I will discuss on this issues. In this case, we are using wildcard cert where the cert will start with *.contoso.com
A) SSL Certificate CSR Creation
ref : http://www.digicert.com/csr-creation.htm
Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server:
Distinguished Name or DN
- The Country (C) is a two-digit code -- for the United States, it's 'US'. For countries outside of the United States, see our listing of SSL Certificate Country Codes.
- State (S) and Locality (L) are full names, i.e. 'California', 'Los Angeles'.
- The Organization Name (O) is your Full Legal Company or Personal Name, as legally registered in your locality.
- The Organizational Unit (OU) is whichever branch of your company is ordering the certificate such as accounting, marketing, etc. -nil-
- The Common Name (CN) is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate. (*.contoso.com.my)
- email - nil ; password -nil
B) OpenSSL CSR Creation for Apache SSL
1. Login to your server via your terminal client (ssh).
At the prompt, type:
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.
You will get 2 files :
1. server.csr - this will be used/ copy to digicert
2. server.key - this will be used in client server. Put this files same path as stated in ee /usr/local/etc/apache22/extra/httpd-ssl.conf (search for : SSLCertificateKeyFile "/usr/local/etc/apache22/path/server.key")
C) Reissues Action
- applicable if we use wild card registration
1. Get duplicate
1. Login to your server via your terminal client (ssh).
At the prompt, type:
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.
You will get 2 files :
1. server.csr - this will be used/ copy to digicert
2. server.key - this will be used in client server. Put this files same path as stated in ee /usr/local/etc/apache22/extra/httpd-ssl.conf (search for : SSLCertificateKeyFile "/usr/local/etc/apache22/path/server.key")
C) Reissues Action
- applicable if we use wild card registration
1. Get duplicate
- Enter Your CSR
- paste key file server.csr (we get from before step)
- Select Your Server Software
- eg: Apache, IIS Microsoft, etc..
- Note
- purpose of server as note
- Click Button Process
- proceed the step
2. Then wait to download the files or you can received it through email notification. ( You will get zip files content :
star_contoso_com_my .crt
DigiCertCA.crt and INSTALL_INSTRUCTIONS.txt
SSLCertificateFile /your/path/to/star_contoso_com_my.crt
SSLCertificateKeyFile /your/path/to/star_contoso_com_my.key
SSLCertificateChainFile /your/path/to/DigiCertCA.crt
3. Check apache configuration
# apachectl configtest
4. Check httpd.conf
# ee /usr/local/etc/apache22/httpd.conf
uncomment
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
5. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start
6. Now you should able to access you CAS server
https://servername/login
Done.
SSLCertificateFile /your/path/to/star_contoso_com_my.crt
SSLCertificateKeyFile /your/path/to/star_contoso_com_my.key
SSLCertificateChainFile /your/path/to/DigiCertCA.crt
3. Check apache configuration
# apachectl configtest
4. Check httpd.conf
# ee /usr/local/etc/apache22/httpd.conf
uncomment
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
5. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start
6. Now you should able to access you CAS server
https://servername/login
Done.
Wednesday, April 25, 2012
Configure sendmail as a smart host
Smart host is very handy if you are on dial up network or sometimes a host finds mail that it is unable to deliver directly to the desired remote host.
http://www.cyberciti.biz/faq/configure-sendmail-as-a-smart-host/
1. Install send mail (UBUNTU) -> kalu freebsd dah siap install...
#apt-get install sendmail
...bla...bla..
sendmail (y)..
..bla..bla..
2. Create file sendmail.mc
#cd /etc/mail
#nano sendmail.mc
3. Tambah command kat bawah ...features...
define('SMART_HOST','smtp.net4india.com')
4.Replace smtp.net4india.com with your actual smtp server address. If line contains word, dnl remove the dnl word. Regenerate a new sendmail.cf config file with m4 command:
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
ckp sifu; .cf nih autorun.. bahaya kalu edit .cf file nih.. sbb kalu .cf nih ubah ada extra space.. nnti dia akan jd lain...
5.Restart sendmail service:
# /etc/init.d/sendmail restart
...kata sifu.. senang jerk.. pastu gelak2.. huhuhu.. kena byk blaja lg nih..
http://www.cyberciti.biz/faq/configure-sendmail-as-a-smart-host/
1. Install send mail (UBUNTU) -> kalu freebsd dah siap install...
#apt-get install sendmail
...bla...bla..
sendmail (y)..
..bla..bla..
2. Create file sendmail.mc
#cd /etc/mail
#nano sendmail.mc
3. Tambah command kat bawah ...features...
define('SMART_HOST','smtp.net4india.com')
4.Replace smtp.net4india.com with your actual smtp server address. If line contains word, dnl remove the dnl word. Regenerate a new sendmail.cf config file with m4 command:
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
ckp sifu; .cf nih autorun.. bahaya kalu edit .cf file nih.. sbb kalu .cf nih ubah ada extra space.. nnti dia akan jd lain...
5.Restart sendmail service:
# /etc/init.d/sendmail restart
...kata sifu.. senang jerk.. pastu gelak2.. huhuhu.. kena byk blaja lg nih..
Tuesday, April 24, 2012
UBUNTU - Check Network Interface Usage
How to check network interface usage?
Open Ubuntu servern and run this command.
# vnstat -u -i eth0
# vnstat
Open Ubuntu servern and run this command.
# vnstat -u -i eth0
# vnstat
Move / Copy files with exception in UNIX.
The syntax :
mv [!filename]* target.
ie:
In directory "y" you have these files :
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 1
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 2
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 3
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 4
You want to move all files except file "4" to directory "z".
The syntax should look like this :
# mv [!4]* ../z/ Done.
mv [!filename]* target.
ie:
In directory "y" you have these files :
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 1
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 2
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 3
-rw-r--r-- 1 sirap sirap 0 2010-03-25 11:40 4
You want to move all files except file "4" to directory "z".
The syntax should look like this :
# mv [!4]* ../z/ Done.
SUDO on Freebsd / Linux
as root install
sudo located at /usr/ports/security/sudo
make configure
make && make install
edit conf at
ee /usr/local/etc/sudoers
example and edit :
# Runas alias specification
#User privilege specification
root ALL=(ALL) ALL
kenan ALL=(www) ALL
note :
This Sudo command limits the user's power on the basis of the configuration made on the file "/etc/sudoers".
Generally in default case you might see something like this:
root ALL=(ALL) ALL
Above, you can see ALL 3 times. But what does it mean?
The first ALL: Run from any(all) host
The Second ALL: From any Terminal
The third ALL: Can Run any command
example :
usename ALL=(group) ALL
** note : !/usr/bin/su (this will prevent user to sudo su)
General sudoers File Record Format
usernames/group servername = (usernames command can be run as) command
How To Change New HD in DELL PECL 5i
Kalaulah ditakdirkan korang punya salah satu harddisk (HDD) rosak...pastu nak replace (kalau korang pakai RAID 5 -Dell Perc5i la..)..alih2 RAID kata degraded...(x jumpa hdd baru tu)...cuba rebuild, x boleh2...cuba force online pun, x boleh2...ha..ni aku nak kongsi pengalaman aku..
Sepatutnya hdd baru boleh di rebuild automatically...aku pun x tahu kenapa...mungkin boleh rujuk kat sini : [1]
Anyway...apa yang aku buat...(ikut pendapat mamat Dell yg reply kat link atas tu la pun), assign hdd baru sebagai HotSpare dulu...pastu dia akan rebuild sendiri tanpa hilangkan data kat hardisk lain (hopefully la). Tunggu la dia rebuild...berjanggut ooo...bergantung pada server tu sendiri.
dah settle...reboot...dah siap...
Reference : http://lists.us.dell.com/pipermail/linux-poweredge/2006-November/028538.html
copied from sifu sirap :)
Add user as sudoer
1. Open Unix Server
2. Login as root (sudo su)
Type command:
# setenv EDITOR ee
# visudo
3. Add within this line to add new sudoer:
## User privilege specification
root ALL=(ALL) ALL
hassan ALL=(ALL) ALL
Press ESC to save & exit.
Done.
==========================================
OR
=============================
# nano /etc/group
Change/Add admin
*admin: name1, name2, name3
Ctrl X > Y > Enter
Done.. :)
Tuesday, April 17, 2012
AD MASTER CORRUPTED
We can use this command to list the FSMO roles holder:
C:\Netdom Query
FSMO The 5 roles:
Step #5: Once we are connected to the Domain Controller, type q to return back to the fsmo maintenance prompt. Now type, select operation target and then press Enter. Notice that the prompt changes to select operation target:.
Step #6: At the select operation target prompt, type list roles for connected server and press Enter. This would list all the FSMO roles for that Domain Controller. To get out of the ntdsutil, type q until you are back to the good old DOS prompt.
Then, if the master server are permenantly offline use seize command (ref: http://www.petri.co.il/seizing_fsmo_roles.htm) . If the master server still online ; you can user transfer command to moving the 5 FSMO roles while both the original FSMO role holder and the future FSMO role holder are online and operational.
C:\Netdom Query
FSMO The 5 roles:
- Schema Master: Used to introduce manual and programmatic schema updates, and this includes those updates that are added by Windows ADPREP /FORESTPREP, by Microsoft Exchange, and by other applications that use Active Directory Domain Services (AD DS). - Must be online when schema updates are performed. (which in my case when I wanted to promote the new DC in to the existing domain it was unable because the DC was holding the Schema master was offline).
- Domain Naming Master: Used to add and to remove domains and application partitions to and from the forest. -Must be online when domains and application partitions in a forest are added or removed.
- Primary Domain Controller: Receives password updates when passwords are changed for the computer and for user accounts that are on replica domain controllers. -Consulted by replica domain controllers that service authentication requests that have mismatched passwords. -Default target domain controller for Group Policy updates. -Target domain controller for legacy applications that perform writable operations and for some admin tools. -Must be online and accessible 24 hours a day, seven days a week.
- RID: Allocates active and standby RID pools to replica domain controllers in the same domain. -Must be online for newly promoted domain controllers to obtain a local -RID pool that is required to advertise or when existing domain controllers have to update their current or standby RID pool allocation.
- Infrastructure Master: Updates cross-domain references and phantoms from the global catalog.
You can see that all masters are binding to the corrupted server and you cannot change the operation master since it could not be contacted.
What you can do is using ntdsutil command. (use this ref : http://www.vishalvasu.com/finding-fsmo-roles-using-ntdsutil/)
Step #1: On any Domain Controller, click Start. In the Run command type CMD and hit Enter. You will be taken to the good old command prompt window (DOS were the days). Type ntdsutil and hit Enter.
Step #2: You shall see the screen with ntdsutil: prompt. Since we want to find out the roles, type roles and hit Enter. Notice that the prompt now changes to show fsmo maintenance:. Now is a good time to get more HELP on the list of available commands.
Step #3: On the fsmo maintenance: prompt, type ? and hit Enter. Right-click in the Window, mark and copy them. Paste the clipboard in to Notepad for easy reference.
Step #4: Type connection and press Enter. This will show a prompt with server connections:. Type connect to server (replace and press Enter.
This table has the info:
FSMO
Role
|
Loss
implications
|
Schema
|
The
schema cannot be extended. However, in the short term no one will notice a
missing Schema Master unless you plan a schema upgrade during that time.
|
Domain
Naming
|
Unless
you are going to run DCPROMO, then you will not miss this FSMO role.
|
RID
|
Chances
are good that the existing DCs will have enough unused RIDs to last some
time, unless you're
building hundreds of users or computer object per week.
|
PDC
Emulator
|
Will be
missed soon. NT 4.0 BDCs will not be able to replicate, there will be no time
synchronization in the domain, you will probably not be able to change or
troubleshoot group policies and password changes will become a problem.
|
Infrastructure
|
Group
memberships may be incomplete. If you only have one domain, then there will
be no impact.
|
The following table summarizes the FSMO seizing restrictions:
FSMO
Role
|
Restrictions
|
Schema
|
Original
must be reinstalled
|
Domain
Naming
|
|
RID
|
|
PDC
Emulator
|
Can
transfer back to original
|
Infrastructure
|
Another consideration before performing the seize operation is the
administrator's group
membership, as this table lists:
FSMO
Role
|
Administrator
must be a member of
|
Schema
|
Schema
Admins
|
Domain
Naming
|
Enterprise
Admins
|
RID
|
Domain
Admins
|
PDC
Emulator
|
|
Infrastructure
|
To seize the FSMO roles by using Ntdsutil, follow these steps:
After done it.. you
can check again the Netdom Query FSMO already go to the connected server (Slave AD).
After that you have to delete/clear all the info for
offline/corrupted server (eg: probOldAD.contoso.com)
Remove AD
Then you can start installing AD for new server as below
step:
If you facing below warning... what you can check is if the is other network is enabled .
Solved: disable other network
Subscribe to:
Posts (Atom)