Category Archives: operating system - Page 2

Upgrade Perl on FreeBSD with portupgrade

Upgrading perl is very simple. It just takes a long time to compile everything again. See the script below how to do it. If you have an other version of perl from which you upgrade don’t forget to change the version number then!

# lang/perl5.12 is out. If you want to switch to it from, for example
#  lang/perl5.10, that is:
# Portupgrade users:
 
# 0) Fix pkgdb.db (for safety):
pkgdb -Ff
 
# 1) Reinstall new version of Perl (5.12):
env DISABLE_CONFLICTS=1 portupgrade -o lang/perl5.12 -f perl-5.10.\*
 
# 2) Reinstall everything that depends on Perl:
portupgrade -fr perl

[database] property may not exist for or due insufficient access rights

Sometimes you run into really annoying things and this was one of them.
When right clicking a database in SQL server lead to an error:

“[database] property may not exist for or due insufficient access rights”

When searching the internet I found a nice solution which i tried.

USE [DATABASE]
EXEC sp_changedbowner '[hostname]\ Administrator'

An yet again SQL Server figured a way to irritate me with an other error.

Error : Msg 15110, Level 16, State 1, Procedure sp_changedbowner, Line 46
The proposed new database owner is already a user in the database

The problem could be resolved by first dropping the user on that user and then add it again.
After that all works fine again.

USE [DATABASE]
EXEC sp_dropuser '[hostname]\ Administrator'
EXEC sp_changedbowner '[hostname]\ Administrator'

[warn] (2)No such file or directory: Failed to enable the ‘httpready’ Accept Filter

What to do when you find this nasty error!
The solution is pretty simple!

Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.
[Wed Sep 17 22:01:58 2008] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter

Just open shell prompt and type the following command to load accf_http under FreeBSD :

kldload accf_http

Restart apache:

/usr/local/etc/rc.d/apache22 restart

Type the following command so that driver get loaded at the time of booting system:

echo 'accf_http_load="YES"' >> /boot/loader.conf

Backup Exec 2012 – HP MSL 2024

I installed Backup Exec 2012 on a new DL380 Machine which I connected to our HP MSL 2024. When I started to backup our environments all the backup’s ran into problems.

They all run into one of this two errors:

  1. Adamm Mover Error: Write Failure!
  2. An unknown error has occurred.

And for both Symantec Backup Exec 2012 blamed the tape drive. A device attached to the computer doesn’t work correctly. I ran all the HP Tape storage tools tests and they all indicated that the MSL was working correctly. After digging into google I found the solution for this problem on the site from Symantec  (http://www.symantec.com/business/support/index?page=content&id=TECH61192).

Disabling SCSI Information from HP did the trick. 

Disable the HP Management Agents:  
Go to Control Panel > HP Management Agents, select the Services tab, then move SCSI Information to the Inactive Agents column.  Retry the backup job.
If it still fails, try moving the performance monitor agent to the disabled column and try the backup again.
Disable the following HP services, and reboot the server and test another backup:  –  HP Insight Server Agents
–  HP Insight Storage Agents
–  HP Insight Foundation Agents
   –  HP WMI Storage Providers service
NOTE: Not all three services may be present. Only disable what is listed above.

Set title OSX tab

If you’re like me and you have one terminal window in OSX with a lot of tabs. It is handy to see which tab holds which connection to a which server.

The terminal title can easily be set to something you like.

Example: Set to the hostname of the server:

echo -n -e "\033]0;`hostname`\007"

Example: Set to something else

echo -n -e "\033]0;something else\007"

Just add this to the .profile file in you home directory and the shell appears with your line set in the tab title.

Send postfix-logwatch from previous day

I like to monitor my mail servers with postfix-logwatch which is a great tool to tell what was happening on you’re server. And because I don’t wanna miss anything I added the following line to my crontab to mail me an update every night around 4 in the morning.

0       4       *       *       *       
    root    /usr/bin/zcat /var/log/maillog.0.bz2 
    | /usr/local/bin/postfix-logwatch 
    | mail -s "Mailserver log summary for: `hostname`" sysadmin@example.com

All of this in actually in one line in my cronfile but it does not fit the page :). If you don’t compress you’re logs. remove bz2 and use cat instead of zcat.

telnet client for a ssl line.

Sometimes it is handy to debug services by hand. For plain services telnet is always a handy tool. But it is completely useless for ssl encoded services. But OpenSSL to the rescue!

openssl s_client -connect

Set the timeserver in a windows domain.

  1. First, locate your PDC Server. Open the command prompt and type:C:\>netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: C:\>net stop w32time
  4. Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
  5. Make your PDC a reliable time source for the clients. Type:C:\>w32tm /config /reliable:yes
  6. Start the w32time service: C:\>net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
  8. Check the Event Viewer for any errors.

Error: pw: user ‘username’ disappeared during update

Today I ran into a problem which made pw produce an error on creation of a new user.
When i tried to create a user it simply told me:

“pw: user ‘nagios’ already exists”

What the hell!?!?! Luckily the problem was quickly fixed by recreating the /etc/passwd file.

pwd_mkdb -p /etc/master.passwd

Install chroot bind on FreeBSD

Sometimes when you search on the internet you’ll find howto’s that are good enough. This one explained greatly how to install bind in a chroot envirioment. The original how to is located here. Just for my own reference and updates it is copied and altered below.

 

FreeBSD known as one of the most rock solid reliable and perfect operating systems, I personally lover of FreeBSD OS, so I want to publish a very nice howto about dns (Bind).

In this tutorial I’ll describe to you that how to set up secure FreeBSD based master/slave DNS server. You can use this tutorial on both 64-bit and 32-bit platforms.

 

We will use 192.168.0.1 as a Master Server and 192.168.0.2 as Slave Server

Installing and Configuring DNS:

FreeBSD 9.0 will be use for this tutorial. BIND is already installed in FreeBSD installation. You can check installed bind version using this link

1) Update your ports tree, I personally preferred portsnap for ports tree management. After updating ports tree check the version you have in the ports collection.

cat /usr/ports/dns/bind99/Makefile | grep PORTVERSION

If ports version equal your existing installed bind version then we don’t need to installation new bind version otherwise we will install new version.

Installation from Ports: Master/Slave

cd /usr/ports/dns/bind99
make configure ; make clean

You have to select REPLACE_BASE from options menu using press spacebar, you can leave other options.

Configuration:

We need to add “NO_BIND = YES” in /etc/make.conf file on both master/slave, you can do that using the following command:

echo "NO_BIND = YES" >> /etc/make.conf

The above configuration will let the make command not to build the base version of BIND in case you rebuild FreeBSD from the source.

Chroot Environment: master/slave

Now, let’s set up the directory structure for chroot jaild BIND. The directory can be anywhere on your system’s file system. I have planed to use /var/chroot/named as BIND directory. Let’s start by creating the following directory structure.

mkdir -p /var/chroot/named/etc/namedb/log
mkdir -p /var/chroot/named/etc/namedb/master
mkdir -p /var/chroot/named/etc/namedb/slave
mkdir -p /var/chroot/named/dev
mkdir -p /var/chroot/named/var/run

Placing existing Data

We need to copy named.root file into chroot directory, so BIND can easily communicate with root servers. For example:

cp /etc/namedb/named.root /var/chroot/named/etc/namedb/

We need another file in the /etc directory inside the chroot jail. You must copy /etc/localtime, so that BIND logs things with the right time on them.

cp /etc/localtime /var/chroot/named/etc

System Supported Files

When BIND is running in the chroot jail then it will not be able to access files outside the jail. However, few necessary files required for proper working within chroot environment.

cd /var/chroot/named/dev
mknod zero c 2 12
ln -s /dev/random .
mknod null c 2 2
chmod 666 zero random null

When you’ve created the directories, (re)move ore take backup old /etc/namedb directory.

cd /etc
mv namedb old.namedb
ln -s /var/chroot/named/etc/namedb .

Change the ownership newly created directories

cd /var/chroot
chown -R bind:bind named
chmod 700 named

RNDC Key

Now we need to generate rndc.key file and then add its contents into named.conf, rndc.key is an encryption key that rndc utility needs to work, also it’s used in case you are using dynamic DNS together with DHCP.

rndc-confgen -a -c /etc/namedb/rndc.conf -k dnsadmin -b 256

This will create a key named dnsadmin with the size of 256 bits. At least 256 bits is recommended is you’re using this for a public server. When you‚Äôve generated the key, edit /etc/namedb/rndc.conf and add these line end of this file.

options {
    default-key "dnsadmin";
    default-server 127.0.0.1;
};

That’s all every thing is now configured and placed now we need to create named.conf files for both master and slave server, lets create named.conf file on master and slave dns server.

named.conf – master/slave

 vi /etc/named.conf

First we will create ACL for our slave servers

acl "slaves" {
        192.168.1.2;
        };

Set general options like base directory, pid file and other controlling options

options {
        directory "/etc/namedb";
        pid-file "/var/run/named.pid";
        };

In above configuration we have defined /etc/namedb as a base directory which is linked from /var/chroot/named/etc/namedb & then pid file path has been mentioned.

Now wee need to define control clause and key section for rndc connection and port where bind will be listen.

controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { dnsadmin; };
        };
key "dnsadmin" {
        algorithm hmac-md5;
        secret "o/cb6L1GDSbJWfRBpY3L=";
        };

In the above configuration we have created key “dnsadmin” for rndc connection, you may need to copy secret line from /etc/namedb/rndc.conf file and then place within key { } section mentioned above.

For caching name server we need to define root server’s file

zone "." {
        type hint;
        file "named.root";
        };

Our named.conf file has been configured on both servers, lets configure /etc/rc.conf file on master/slave servers so bind can start on system startup.

named_enable="YES"
named_program="/usr/sbin/named"
named_chrootdir="/var/chroot/named"
named_flags="-u bind -c /etc/named.conf"

Let’s configure our domain’s forward and reverse lookup zone on master server and then start bind server

For forward lookup zone add the following into named.conf file

zone "techbabu.com" {
        type master;
        file "master/techbabu.com";
        allow-transfer { slaves; };
};

Now we need to add the reverse lookup zone, same thing need to be add after forward zone section into named.conf file

zone "0.168.192.in-addr.arpa" {
        type master;
        file "master/techbabu.rev";
        allow-transfer { slaves; };
};

Creating forward lookup zone files

cd /var/chroot/named/etc/namedb/master/
vi techbabu.com

Add these lines

$TTL 3600
$ORIGIN techbabu.com.
@       IN      SOA     ns1.techbabu.com. postmaster.techbabu.com.  (
               300000328  ; serial
               28800      ; refresh (8 hours)
               7200       ; retry (2 hours)
               604800     ; expire (1 week)
               86400      ; minimum (1 day)
               )
              NS      ns1.techbabu.com.
              NS      ns2.techbabu.com.
              MX      10 mailbox.techbabu.com.
ns1       A       192.168.0.1
ns2       A       192.168.0.2

Creating reverse lookup zone files

cd /var/chroot/named/etc/namedb/master/
vi techbabu.rev

Add these lines

$TTL 3600
$ORIGIN 0.168.192.in-addr.arpa.
@       IN      SOA     ns1.techbabu.com. postmaster.techbabu.com.  (
           300000328  ; serial
           28800      ; refresh (8 hours)
           7200       ; retry (2 hours)
           604800     ; expire (1 week)
           86400      ; minimum (1 day)
           )
              NS      ns1.techbabu.com.
              NS      ns2.techbabu.com.
1       PTR      ns1.techbabu.com.
2       PTR      ns2.techbabu.com.

Our Master server has been configured completely now start our server.

/etc/rc.d/named start

Now edit your /etc/resolv.conf file and set the nameserver 192.168.0.1 then try to dig your domain’s NS (A) record to make sure that Master DNS server running.

dig ns1.techbabu.com

If you saw the output something like this:

;; ANSWER SECTION:
ns1.techbabu.com.  3600  IN	 A  192.168.0.1

So this means your DNS server is working fine.

You can try then to ping outside domains to check either caching is working or not.

That is our Master DNS server is fully functional and ready to use now configure slave named.conf file for slave dns

vi /etc/namedb/name.conf

For forward lookup zone add these lines

zone "techbabu.com" {
        type slave;
        file "slave/techbabu.com";
        masters { 192.168.0.1; };
        allow-notify { 192.168.0.1; };
};

And for reverse lookup

zone "0.168.192.in-addr.arpa" {
        type slave;
        file "slave/techbabu.rev";
        masters { 192.168.0.1; };
        allow-notify { 192.168.0.1; };
};

Our Salve server also configured now start slave server.

/etc/rc.d/named start

Now edit your /etc/resolv.conf file and set the nameserver 192.168.0.2 then try to dig your domain’s NS (A) record to make sure that Slave DNS server running.

If you get the response the its means your slave dns is also functional and ready to use.

Congratulation you have successfully configured Secure Master/Slave DNS server

If you have any suggestion regarding this tutorial please tell us, your comments will be very helpful for us