LDAP+Kerberos authentication on Debian Squeeze (+ AFS client)

Posted on August 13, 2011 by Belgarion

Start by installing the necessary packages:

apt-get install krb5-user libnss-ldap libpam-krb5 libpam-ldap openafs-client openafs-modules-dkms libpam-afs-session

Modify /etc/pam_ldap.conf and /etc/libnss-ldap.conf to look like this:

base dc=example,dc=com
uri ldap://ip.to.ldap.host
ldap_version 3

Add ldap to passwd and group lines in /etc/nsswitch.conf, it should now look like this:

passwd:         compat ldap
group:          compat ldap
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Add host principal, (the reverse dns for client must also point towards it’s hostname (client.domain)):

kadmin -p root/admin
addprinc -randkey host/client.domain
ktadd host/client.domain

Enable GSSAPI Authentication in SSH server by this to /etc/ssh/sshd_config

GSSAPIAuthentication yes

Also enable GSSAPI in the SSH client by adding this to /etc/ssh/ssh_config:

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

Installing OpenAFS client on Windows 7 (64bit)

Posted on August 1, 2011 by Belgarion

Start by downloading the files:
OpenAFS 64bit
OpenAFS 32bit tools
Heimdal kerberos 64bit and 32bit
Network Identity Manager

Then install them in this order:

Heimdal
netidmgr-AMD64
openafs 64bit (Choose “Disable” on the integrated logon setting)
openafs-32bit-tools

Add “allow_weak_crypto = true” under [libdefaults] in %SYSTEMROOT%\ProgramData\Kerberos\krb5.conf

Reboot.

Uploading termcap/terminfo for current $TERM to remote server

Posted on December 5, 2009 by Belgarion

Termcap:

infocmp | ssh hostname 'dd of=term.terminfo; tic -C term.terminfo | sed "\$s/$/AF=\\\\E[3%dm:AB=\\\\E[4%dm:/" >> .termcap; rm -f term.terminfo'

Terminfo:

infocmp | ssh hostname 'dd of=term.terminfo; tic -o .terminfo/ term.terminfo; rm -f term.terminfo'

Edit only last line with sed

Posted on December 5, 2009 by Belgarion

sed '$s/regexp/replacement/'

Converting raw harddrive image to virtualbox disk

Posted on June 13, 2009 by Belgarion

VBoxManage convertdd hda.img hda.vdi

Multiple virtual network interfaces using netgraph

Posted on March 20, 2009 by Belgarion

Load the ng_ether module, to make the real interfaces visible to netgraph

kldload ng_ether

or add it to /boot/loader.conf to load it on boot

echo 'ng_ether_load="YES"' >> /boot/loader.conf

Create the bridge and give it a name:

ngctl mkpeer em0: bridge lower link1
ngctl name em0:lower br0

Connect the physical interface to the bridge:

ngctl connect em0: br0: upper link2

Disable the overwriting of source route on the physical interface

ngctl msg em0: setautosrc 0

Enable promiscous mode on the physical interface

ngctl msg em0: setpromisc 1

Create the virtual interfaces and connect them to the bridge

ngctl mkpeer br0: eiface link3 ether
ngctl mkpeer br0: eiface link4 ether

Set an unique MAC-address to each of the virtual interfaces:

ifconfig ngeth0 link 00:5c:16:10:dd:79
ifconfig ngeth1 link 00:5c:16:10:dd:80

Booting from usb in VirtualBox

Posted on March 15, 2009 by Belgarion

Create a virtual disk that is using a physical disk (replace /dev/disk with whichever disk or partition you want to use)

VBoxManage internalcommands createrawvmdk -filename usb.vmdk -rawdisk /dev/disk

Losing arrow keys in X

Posted on February 17, 2009 by Belgarion

If you lose the arrow keys in X (and you use evdev) run this:

setxkbmap -model evdev

Converting ext3 to ext4

Posted on January 24, 2009 by Belgarion

tune2fs -O extents,uninit_bg,dir_index /dev/yourfilesystem fsck -pf /dev/yourfilesystem

Listing nfs exported directories

Posted on December 12, 2008 by Belgarion

To show nfs exported on a computer on the network:

showmount -e

Belgarion's blog

Just another Blog weblog