Here, I’ll admit it. One of the things I’ve always been a little scared of, in terms of Linux server administration, is LDAP. It’s obviously incredibly useful in many ways, not the least of which, it’s the most current and secure way of centralizing user, group and system configuration information, even across the web. And it offers great inter-operability with other types of systems, whether big-blue Unices, things that Came from Redmond, or even those slick little units that are Designed in California.

But, the nomenclature and concepts can be rather slippery at first, to the young mind (but here is a good intro). And while there is tons of documentation out there, it is not easy reading in general. In fact, it will guarantee to cure insomnia.

This guide is the result of an attempt to get user authentication sharing working via LDAP. After many false starts, it boils down to something pretty simple really. This won’t really be useful in a enterprise production system, but is a good way to get your feet wet.

Read the rest of this post »

NIS is a bit of an old-school solution on UNIX systems for sharing user information, including logins, across systems. This allows administrators to centralize all user account information, as well as home directories, across any number of physical machines. There are some security implications (like having to disable iptables on the server, see below), and maybe LDAP would be a better choice. But for a home or small organization behind a good firewall, an NIS system could be a lot simpler to create.

Read the rest of this post »

This seems to be a very popular subject to write about for those of us with the fix-it-and-forget-it mentality. But everything I dug up either contained outdated information or set up too unnecessary hoops (like this Redhat KB article for instance). So as my attempt to better the world today (and make a record for my own reference), here is a simple and robust way to export NFS shares from a Redhat/Fedora system with iptables enabled.
Read the rest of this post »

lifted from here

This howto will show you how to setup an SSL certificate on a Plesk server so that it will be used when people connect through secure pop, smtp and imap.

To do the following, you need a certificate. It can be self signed or CA signed. Using a self-signed cert will of course result in some browser warnings for those who have not added the certificate as locally trusted on their computer.

Read the rest of this post »

The cloud is good. The cloud is new. We like cloud.

Now that that’s settled, AWS engineers are well underway in making persistent, durable storage available to EC2 instances. This opens up a whole new world of possiblilty to those of use who have been intrigued by running AMIs, but put off by the fact of having to upload your whole database or file set each time you start one.
Read the rest of this post »

We use DenyHosts on several servers to keep the annoying kids in the neighborhood from banging on the ssh door all day. This has been working fine for years. But getting it working for FTP or other authenticated services was thought to be impossible by some. It isn’t impossible - but it is a little tricky. Here is how it is done.

Read the rest of this post »

As of today, the local cable utility monopoly has decided to block outgoing port 25 in our neighborhood. Strange it took them this long - but it means sending email suddenly became a bit of a problem this morning, because we are in that “technically savvy” minority that owns their own off-site mail server.

I initially thought this should motivate me to get SMTP running over SSL on my mail server (POP3 already is), but Plesk makes life more complicated for the admin, as usual. Then I came across a knowledgebase article at mediatemple that helped get xinetd to listen on a non-standard port that Comcast is not so concerned with, an inferior but much easier solution. It was so easy I felt I should write a blog entry to make up for saved time.

Due to voracious memory consumption issues that were bringing down the server, I had to upgrade the backgroundrb plugin inside a certain Rails app from version 0.2.1 (from Nov 06) to the latest svn trunk, which uses fork() and exec() properly, and seems to be a near-total rewrite. There were a lot of changes needed. Here is how it was done…

Read the rest of this post »