Home Home > Server
Sign up | Login

Archive for the ‘Server’ Category

« Older Entries

openSUSE Edu Li-f-e 12.1 out now!

December 22nd, 2011 by

openSUSE Education team is proud to present another edition of openSUSE-Edu Li-f-e (Linux for Education) based on openSUSE 12.1. Li-f-e comes loaded with everything that students, parents, teachers and system admins of educational institutions may need.

  more screenshots…

(more…)

Tags: , , , ,
Posted in Apache, Derivative, Desktop, Distribution, Education, GNOME, KDE, Programming, Samba, Server, Virtualization | No Comments »

new package squidview available

July 17th, 2011 by

squidview

squidview is one of the software, I’ve always build and installed on each squid proxy server I build for me or customers. It’s small, stable, and usefull. So it was a clear real nice candidate to be use to improve my obs and packager skiil.
I would like to thanks T1loc, yaloki, mrdocs, coolo, alin, and all others great packagers around, for helping and teaching me during the process.

Introduction

Squidview is an interactive console program which monitors and displays squid logs in a nice fashion, and may then go deeper with searching and reporting functions.

(If you don’t know what squid is or does this program is probably not for you.)

To use squidview you must at least have read access to squid’s access.log file. You may need to see your administrator for this. Squidview uses this text log file for all operations. It does not generate its own database for tasks.

homepage www.rillion.net/squidview

Features

Squidview has a number of functions. Navigate the log file with the cursor pad keys, jump to a certain day or switch to a different log file. Search for text or large http/ftp requests.

Put squidview into monitor mode: see the latest activity updated every 3 seconds (this is light on cpu load).

Reports can be generated listing the heavist Internet users and the most popular visited sites. See how many cache hits squid makes to save network traffic.

Squidview is released under the GPL.

Examples / Usage

The selected line shows a request made for a .gif at the shown time. As luck would have it, the 'H' indicates a cache hit :) In this mode user traffic can scroll by.

What the above would be if viewed with less.

A tally of all users against the bandwidth they used. Kept current in near real time.

A quick investigation into the recent history of one user.

Installation / Repositories

I’ve just made a submit request against openSUSE_Factory to get it included directly, but in the meantime, you could install it from the repository server:proxy as many other useful & related packages

For example adding the repository under openSUSE_Factory

zypper ar -c -f -n "server:proxy" http://download.opensuse.org/repositories/server:/proxy/openSUSE_Factory "server:proxy"
zypper in squidview

Builds available for :

The package is build successfully against : SLES10, SLES11, openSUSE 11.3 to Factory

Have Fun!

Tags: , , ,
Posted in Network, Packaging, Server, Systems Management | Comments Off

1-2-3 Cloud

June 20th, 2011 by

Towards the end of last year there was an article in openSUSE news “announcing” the cloud efforts in the openSUSE project and on OBS. Well, cloud is still all the rage (see Jos’ contribution to openSUSE News issue 180) and people just cannot stop talking about cloud computing.

Using openSUSE as a host for your cloud infrastructure is also making great progress. We have 3 cloud projects in OBS and hopefully these cover your favorite cloud infrastructure code, Virtualization:Cloud:Eucalyptus, Virtualization:Cloud:OpenNebula, and Virtualization:Cloud:OpenStack. The projects provide repositories for Eucalyptus, OpenNebula, and OpenStack, respectively.

We attempt to make it relatively easy to get a cloud up and running. In this process OpenNebula and OpenStack have progressed the most. Eucalyptus is working, but due to an issue with Eucalyptus and openSSL 1.0 and later (the version in openSUSE) automation has to wait until these issues are resolved.

For OpenNebula we now have a KIWI example that shows how one can get a cloud setup from scratch in less than 2 hours, including the image build. The example contains a firstboot workflow for the head node, and self configuration of cloud nodes.

For OpenStack SUSE Gallery images are in the works and will be published in the near future.

All repositories provide packages you can install on running openSUSE systems. If you are interested in using openSUSE as the underlying OS for your cloud or if you want to contribute to the cloud projects, subscribe to the cloud mailing list opensuse-cloud@opensuse.org

Posted in Build Service, Infrastructure, Packaging, Programming, Virtualization | Comments Off

Oxygenise your Apache

January 24th, 2011 by

I have updated apache2-icons-oxygen with icons from KDE 4.6 RC2. Thanks Nuno & Co! Now Apache’s directory listings look a bit better ;-)

See it in action here. If you want to download the tarball/rpm, go to the Build Service.

Posted in Apache, Artwork, KDE | 1 Comment »

Make vmware workstation 7.1.3 running with opensuse 11.4 (kernel 2.6.37)

November 15th, 2010 by

Note about the 2.6.37xx

There’s a solution to make the kernel modules building under openSUSE factory (11.4) and the kernel 2.6.37

Preparation

download the lastest vmware workstation 7.1.3 (the patch is only for this version)
download the patch vmware-7.1.3-2.6.37-rc5.patch
download the script to patch patch-modules_v62-opensuse.sh

Install

Proceed to the normal installation of workstation, if you have older version, it will be replaced
by running under root account

sh VMware-Workstation-Full-7.1.3-324285.x86_64.bundle

Patch

Now we have to apply the needed patch, just run as root 

sh patch-modules_v62-opensuse.sh

Here the output result

sh patch-modules_v62-opensuse.sh
(Stripping trailing CRs from patch.)
patching file vmci-only/include/compat_semaphore.h
(Stripping trailing CRs from patch.)
patching file vmmon-only/linux/driver.c
(Stripping trailing CRs from patch.)
patching file vmnet-only/compat_semaphore.h
(Stripping trailing CRs from patch.)
patching file vsock-only/shared/compat_semaphore.h
Stopping VMware services:
   VMware USB Arbitrator                                               done
   VM communication interface socket family                            done
   Virtual machine communication interface                             done
   Virtual machine monitor                                             done
   Blocking file system                                                done
Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-root/modules/vmmon-only'
make -C /lib/modules/2.6.37-rc5-12-desktop/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C ../../../linux-2.6.37-rc5-12 O=/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop/. modules
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/driver.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/iommu.o
/tmp/vmware-root/modules/vmmon-only/linux/iommu.c: In function ‘IOMMUUnregisterDeviceInt’:
/tmp/vmware-root/modules/vmmon-only/linux/iommu.c:217:17: warning: ignoring return value of ‘device_attach’, declared with attribute warn_unused_result
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/hostif.o
/tmp/vmware-root/modules/vmmon-only/linux/hostif.c: In function ‘HostIFReadUptimeWork’:
/tmp/vmware-root/modules/vmmon-only/linux/hostif.c:2004:37: warning: ‘newUpBase’ may be used uninitialized in this function
  CC [M]  /tmp/vmware-root/modules/vmmon-only/linux/driverLog.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/common/memtrack.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/common/vmx86.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/common/cpuid.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/common/task.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/common/hashFunc.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/common/comport.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/common/phystrack.o
  CC [M]  /tmp/vmware-root/modules/vmmon-only/vmcore/moduleloop.o
  LD [M]  /tmp/vmware-root/modules/vmmon-only/vmmon.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/vmware-root/modules/vmmon-only/vmmon.mod.o
  LD [M]  /tmp/vmware-root/modules/vmmon-only/vmmon.ko
make[1]: Leaving directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/vmware-root/modules/vmmon-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/vmware-root/modules/vmmon-only'
cp -f vmmon.ko ./../vmmon.o
make: Leaving directory `/tmp/vmware-root/modules/vmmon-only'
Built vmmon module
Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-root/modules/vmnet-only'
make -C /lib/modules/2.6.37-rc5-12-desktop/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C ../../../linux-2.6.37-rc5-12 O=/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop/. modules
  CC [M]  /tmp/vmware-root/modules/vmnet-only/driver.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/hub.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/userif.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/netif.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/bridge.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/filter.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/procfs.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/smac_compat.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/smac.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/vnetEvent.o
  CC [M]  /tmp/vmware-root/modules/vmnet-only/vnetUserListener.o
  LD [M]  /tmp/vmware-root/modules/vmnet-only/vmnet.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/vmware-root/modules/vmnet-only/vmnet.mod.o
  LD [M]  /tmp/vmware-root/modules/vmnet-only/vmnet.ko
make[1]: Leaving directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/vmware-root/modules/vmnet-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/vmware-root/modules/vmnet-only'
cp -f vmnet.ko ./../vmnet.o
make: Leaving directory `/tmp/vmware-root/modules/vmnet-only'
Built vmnet module
Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-root/modules/vmblock-only'
make -C /lib/modules/2.6.37-rc5-12-desktop/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C ../../../linux-2.6.37-rc5-12 O=/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop/. modules
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/filesystem.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/dentry.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/stubs.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/dbllnklst.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/file.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/block.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/module.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/super.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/inode.o
  CC [M]  /tmp/vmware-root/modules/vmblock-only/linux/control.o
  LD [M]  /tmp/vmware-root/modules/vmblock-only/vmblock.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/vmware-root/modules/vmblock-only/vmblock.mod.o
  LD [M]  /tmp/vmware-root/modules/vmblock-only/vmblock.ko
make[1]: Leaving directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/vmware-root/modules/vmblock-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/vmware-root/modules/vmblock-only'
cp -f vmblock.ko ./../vmblock.o
make: Leaving directory `/tmp/vmware-root/modules/vmblock-only'
Built vmblock module
Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-root/modules/vmci-only'
make -C /lib/modules/2.6.37-rc5-12-desktop/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C ../../../linux-2.6.37-rc5-12 O=/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop/. modules
  CC [M]  /tmp/vmware-root/modules/vmci-only/linux/driver.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/linux/driverLog.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/linux/vmciKernelIf.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciDatagram.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciDriver.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciDs.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciContext.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciHashtable.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciEvent.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciQueuePair.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciGroup.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciResource.o
  CC [M]  /tmp/vmware-root/modules/vmci-only/common/vmciProcess.o
  LD [M]  /tmp/vmware-root/modules/vmci-only/vmci.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/vmware-root/modules/vmci-only/vmci.mod.o
  LD [M]  /tmp/vmware-root/modules/vmci-only/vmci.ko
make[1]: Leaving directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/vmware-root/modules/vmci-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/vmware-root/modules/vmci-only'
cp -f vmci.ko ./../vmci.o
make: Leaving directory `/tmp/vmware-root/modules/vmci-only'
Built vmci module
Using 2.6.x kernel build system.
make: Entering directory `/tmp/vmware-root/modules/vsock-only'
make -C /lib/modules/2.6.37-rc5-12-desktop/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C ../../../linux-2.6.37-rc5-12 O=/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop/. modules
  CC [M]  /tmp/vmware-root/modules/vsock-only/linux/af_vsock.o
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c: In function ‘VSockVmciStreamConnect’:
/tmp/vmware-root/modules/vsock-only/linux/af_vsock.c:3172:4: warning: case value ‘255’ not in enumerated type ‘socket_state’
  CC [M]  /tmp/vmware-root/modules/vsock-only/linux/vsockAddr.o
  CC [M]  /tmp/vmware-root/modules/vsock-only/linux/util.o
  CC [M]  /tmp/vmware-root/modules/vsock-only/linux/stats.o
  CC [M]  /tmp/vmware-root/modules/vsock-only/linux/notify.o
  CC [M]  /tmp/vmware-root/modules/vsock-only/driverLog.o
  LD [M]  /tmp/vmware-root/modules/vsock-only/vsock.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/vmware-root/modules/vsock-only/vsock.mod.o
  LD [M]  /tmp/vmware-root/modules/vsock-only/vsock.ko
make[1]: Leaving directory `/usr/src/linux-2.6.37-rc5-12-obj/x86_64/desktop'
make -C $PWD SRCROOT=$PWD/. \
  MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/vmware-root/modules/vsock-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/vmware-root/modules/vsock-only'
cp -f vsock.ko ./../vsock.o
make: Leaving directory `/tmp/vmware-root/modules/vsock-only'
Built vsock module
Starting VMware services:
   VMware USB Arbitrator                                               done
   Virtual machine monitor                                             done
   Virtual machine communication interface                             done
   VM communication interface socket family                            done
   Blocking file system                                                done
   Virtual ethernet                                                    done
   Shared Memory Available                                             done

All done, you can now run VMWare WorkStation.
Modules sources backup can be found in the '/usr/lib/vmware/modules/source-workstation7.1.3-2010-12-13-19:07:07-backup' directory

References

vmware community post
vmware community thread

Mark D Bernstein aka InitiaZero for providing the script and patch by email and having ping me about it

Enjoy, and thanks to people having done the crappy job before.

Tags: , , , ,
Posted in Base System, Kernel, Virtualization | 4 Comments »

OPENSUSE 11.3/SLES 11 ** INTEGRATING FREERADIUS TO LDAP SERVER

November 12th, 2010 by

FreeRADIUS is a modular, high performance free RADIUS suite developed and distributed under the GNU General Public License, version 2, and is free for download and use. The FreeRADIUS Suite includes a RADIUS server, a BSD-licensed RADIUS client library, a PAM library, anApache module, and numerous additional RADIUS related utilities and development libraries (wikipedia)

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc., in 1991 as an access server authentication and accounting protocol and later brought into the Internet Engineering Task Force (IETF) standards(wikipedia)

Well, then again a bit of introduction about “what is RADIUS ?” and the FreeRADIUS, the most popular OpenSource RADIUS Server :D .

This tutorial based on an existing LDAP Server Configuration ( you can read this post) and it already has 1-2 users on it ( you can read this post again :) ),  and this post is explain how-to integrate FreeRADIUS to read and use existing user on LDAP Server.

you can install the FreeRadius server on the same server or on a seperate server ( it’s your choice :p )

  • Add the FreeRADIUS repository from software.opensuse.org
# zypper ar http://download.opensuse.org/repositories/network:/aaa/SLE_11/ FreeRadius
# zypper ref
  • Install the FreeRADIUS Server Package
# zypper in freeradius-server freeradius-client freeradius-server-utils
  • After Installing the FreeRADIUS Packages, edit /etc/raddb/modules/ldap file, and then find and edit following lines (in my case : dc=malayin,dc=net) :
ldap {

server = “192.168.0.30″ the LDAP Server
#identity = “cn=Adminstrator,dc=malayin,dc=net”
#password = admin
basedn = “dc=malayin,dc=net” – The Base DN LDAP Server
#filter = “(uid=%{Stripped-User-Name:-%{User-Name}})”
filter = “(uid=%u)”
#base_filter = “(objectclass=radiusprofile)”
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1

tls {
start_tls = no
}
access_attr = “uid”
edir_account_policy_check = yes
}
  • After editing the ldap file, save it and then edit /etc/raddb/sites-available/default. FIND THE LINES that contain LDAP word and uncomment the lines :

authorize {
#
#  The preprocess module takes care of sanitizing some bizarre
#  attributes in the request, and turning them into attributes
#  which are more standard.
#
#  It takes care of processing the ‘raddb/hints’ and the
#  ’raddb/huntgroups’ files.
#
#  It also adds the %{Client-IP-Address} attribute to the request.
#preprocess
#
#  If you want to have a log of authentication requests,
#  un-comment the following line, and the ‘detail auth_log’
#  section, above.
# auth_log
#
#  The chap module will set ‘Auth-Type := CHAP’ if we are
#  handling a CHAP request and Auth-Type has not already been set
#chap
#
#  If the users are logging in with an MS-CHAP-Challenge
#  attribute for authentication, the mschap module will find
#  the MS-CHAP-Challenge attribute, and add ‘Auth-Type := MS-CHAP’
#  to the request, which will cause the server to then use
#  the mschap module for authentication.
#mschap
#
#  If you have a Cisco SIP server authenticating against
#  FreeRADIUS, uncomment the following line, and the ‘digest’
#  line in the ‘authenticate’ section.
# digest
#
#  Look for IPASS style ‘realm/’, and if not found, look for
#  ’@realm’, and decide whether or not to proxy, based on
#  that.
# IPASS
#
#  If you are using multiple kinds of realms, you probably
#  want to set “ignore_null = yes” for all of them.
#  Otherwise, when the first style of realm doesn’t match,
#  the other styles won’t be checked.
#
#suffix
# ntdomain
#
#  This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
#  authentication.
#
#  It also sets the EAP-Type attribute in the request
#  attribute list to the EAP type from the packet.
#
#  As of 2.0, the EAP module returns “ok” in the authorize stage
#  for TTLS and PEAP.  In 1.x, it never returned “ok” here, so
#  this change is compatible with older configurations.
#
#  The example below uses module failover to avoid querying all
#  of the following modules if the EAP module returns “ok”.
#  Therefore, your LDAP and/or SQL servers will not be queried
#  for the many packets that go back and forth to set up TTLS
#  or PEAP.  The load on those servers will therefore be reduced.
#
#eap {
# ok = return
#}
#
#  Pull crypt’d passwords from /etc/passwd or /etc/shadow,
#  using the system API’s to get the password.  If you want
#  to read /etc/passwd or /etc/shadow directly, see the
#  passwd module in radiusd.conf.
#
#unix
#
#  Read the ‘users’ file
#files
#
#  Look in an SQL database.  The schema of the database
#  is meant to mirror the “users” file.
#
#  See “Authorization Queries” in sql.conf
# sql
#
#  If you are using /etc/smbpasswd, and are also doing
#  mschap authentication, the un-comment this line, and
#  configure the ‘etc_smbpasswd’ module, above.
# etc_smbpasswd
#
#  The ldap module will set Auth-Type to LDAP if it has not
#  already been set
ldap
#
#  Enforce daily limits on time spent logged in.
# daily
#
# Use the checkval module
# checkval
expiration
logintime
#
#  If no other module has claimed responsibility for
#  authentication, then try to use PAP.  This allows the
#  other modules listed above to add a “known good” password
#  to the request, and to do nothing else.  The PAP module
#  will then see that password, and use it to do PAP
#  authentication.
#
#  This module should be listed last, so that the other modules
#  get a chance to set Auth-Type for themselves.
#
#pap
#
#  If “status_server = yes”, then Status-Server messages are passed
#  through the following section, and ONLY the following section.
#  This permits you to do DB queries, for example.  If the modules
#  listed here return “fail”, then NO response is sent.
#
# Autz-Type Status-Server {
#
# }
}
#  Authentication.
#
#
#  This section lists which modules are available for authentication.
#  Note that it does NOT mean ‘try each module in order’.  It means
#  that a module from the ‘authorize’ section adds a configuration
#  attribute ‘Auth-Type := FOO’.  That authentication type is then
#  used to pick the apropriate module from the list below.
#
#  In general, you SHOULD NOT set the Auth-Type attribute.  The server
#  will figure it out on its own, and will do the right thing.  The
#  most common side effect of erroneously setting the Auth-Type
#  attribute is that one authentication method will work, but the
#  others will not.
#
#  The common reasons to set the Auth-Type attribute by hand
#  is to either forcibly reject the user (Auth-Type := Reject),
#  or to or forcibly accept the user (Auth-Type := Accept).
#
#  Note that Auth-Type := Accept will NOT work with EAP.
#
#  Please do not put “unlang” configurations into the “authenticate”
#  section.  Put them in the “post-auth” section instead.  That’s what
#  the post-auth section is for.
#
authenticate {
#
#  PAP authentication, when a back-end database listed
#  in the ‘authorize’ section supplies a password.  The
#  password can be clear-text, or encrypted.
#Auth-Type PAP {
# pap
#}
#
#  Most people want CHAP authentication
#  A back-end database listed in the ‘authorize’ section
#  MUST supply a CLEAR TEXT password.  Encrypted passwords
#  won’t work.
#Auth-Type CHAP {
# chap
# }
#
#  MSCHAP authentication.
#Auth-Type MS-CHAP {
# mschap
#}
#
#  If you have a Cisco SIP server authenticating against
#  FreeRADIUS, uncomment the following line, and the ‘digest’
#  line in the ‘authorize’ section.
# digest
#
#  Pluggable Authentication Modules.
# pam
#
#  See ‘man getpwent’ for information on how the ‘unix’
#  module checks the users password.  Note that packets
#  containing CHAP-Password attributes CANNOT be authenticated
#  against /etc/passwd!  See the FAQ for details.
#
#unix
# Uncomment it if you want to use ldap for authentication
#
# Note that this means “check plain-text password against
# the ldap database”, which means that EAP won’t work,
# as it does not supply a plain-text password.
Auth-Type LDAP {
ldap
}
#
#  Allow EAP authentication.
# eap
}
#
#  Pre-accounting.  Decide which accounting type to use.
#
preacct {
preprocess
#
#  Ensure that we have a semi-unique identifier for every
#  request, and many NAS boxes are broken.
acct_unique
#
#  Look for IPASS-style ‘realm/’, and if not found, look for
#  ’@realm’, and decide whether or not to proxy, based on
#  that.
#
#  Accounting requests are generally proxied to the same
#  home server as authentication requests.
# IPASS
suffix
# ntdomain
#
#  Read the ‘acct_users’ file
files
}
#
#  Accounting.  Log the accounting data.
#
accounting {
#
#  Create a ‘detail’ed log of the packets.
#  Note that accounting requests which are proxied
#  are also logged in the detail file.
detail
# daily
#  Update the wtmp file
#
#  If you don’t use “radlast”, you can delete this line.
unix
#
#  For Simultaneous-Use tracking.
#
#  Due to packet losses in the network, the data here
#  may be incorrect.  There is little we can do about it.
radutmp
# sradutmp
#  Return an address to the IP Pool when we see a stop record.
# main_pool
#
#  Log traffic to an SQL database.
#
#  See “Accounting queries” in sql.conf
# sql
#
#  Instead of sending the query to the SQL server,
#  write it into a log file.
#
# sql_log
#  Cisco VoIP specific bulk accounting
# pgsql-voip
#  Filter attributes from the accounting response.
attr_filter.accounting_response
#
#  See “Autz-Type Status-Server” for how this works.
#
# Acct-Type Status-Server {
#
# }
}
#  Session database, used for checking Simultaneous-Use. Either the radutmp
#  or rlm_sql module can handle this.
#  The rlm_sql module is *much* faster
session {
radutmp
#
#  See “Simultaneous Use Checking Queries” in sql.conf
# sql
}
#  Post-Authentication
#  Once we KNOW that the user has been authenticated, there are
#  additional steps we can take.
post-auth {
#  Get an address from the IP Pool.
# main_pool
#
#  If you want to have a log of authentication replies,
#  un-comment the following line, and the ‘detail reply_log’
#  section, above.
# reply_log
#
#  After authenticating the user, do another SQL query.
#
#  See “Authentication Logging Queries” in sql.conf
# sql
#
#  Instead of sending the query to the SQL server,
#  write it into a log file.
#
# sql_log
#
#  Un-comment the following if you have set
#  ’edir_account_policy_check = yes’ in the ldap module sub-section of
#  the ‘modules’ section.
#
ldap
#exec
#
#  Access-Reject packets are sent through the REJECT sub-section of the
#  post-auth section.
#
#  Add the ldap module name (or instance) if you have set
#  ’edir_account_policy_check = yes’ in the ldap module configuration
#
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
  • save the file, then add these line to /etc/raddb/clients.conf filem to decide which network is ALLOWED to use and access FreeRADIUS service (in my case : 192.168.0.0/24)  :

client 192.168.0.0/24 {

secret = testing123-1

shortname = testing123-1

}

  • After finish editing clients.conf file, save it and then test the connectivity by using radtest command

You can see detail http://www.malayin.net

Posted in Server | Comments Off

Merging SVN Repositories Explained

October 30th, 2010 by

Adding files to a SVN server is usually a task done in seconds. However, having several independent SVN repositories and wanting to “combine” them, this is not trivial—especially if you want to preserve the history.

The doc team had had three different, independent repositories on BerliOS (opensuse-ha-doc, opensuse-docmaker, and opensuse-lfl) all holding separate information. This was a bit silly, so my task was to consolidate them into opensuse-doc by keeping all history.

(more…)

Tags: , , ,
Posted in Documentation, Server, Systems Management | Comments Off

OBS 2.1: Status of SuperH (sh4) support with QEMU

October 24th, 2010 by

With established ARM support in OBS the as well as emulated MIPS and PowerPC is getting more mature, the last big embedded architecture not working in OBS with QEMU user mode was SH4. QEMU developers community had done a lot of work in improving QEMU user mode during the last months, so I can proudly present with currently only a few patches to QEMU git master OBS builds working with the SH4 port of Debian Sid. The new QEMU 0.13 released recently is a big milestone for this.

Another news is that I had fixed the bugs in Virtual Machine builds (build script) when using them with some architectures like PowerPC 32bit and SH4. So now also the combination of using for example KVM (XEN should also work) in a worker together with ARM, MIPS, PowerPC and SH4 is working. The appropriate fixes are in one of the next build script releases (if not even released already now with OBS 2.1, I have to check that). You can select architecture “sh4″ with OBS 2.1 and also start a scheduler with “sh4″.

With the use of the QEMU User Mode, you can build also accelerated native cross toolchains for your host architecture so time critical parts like the compiler can run without the emulator. This works with .deb as well as with .rpm based backages. The MeeGo Project as well as the openSUSE Port to ARM uses this technique to provide an optimum between compatibility and performance. It means you can mix natively build packages and use cross toolchains on it. The “CBinstall:” feature helps you to use native or cross builds automatically depending on if your build host is a native machine or a x86 machine with cross build. In summary, we have the current classics of linux embedded archs together now in OBS: ARM, x86, MIPS 32, PowerPC 32 and SH4.

I have uploaded the fixed QEMU package to the OBS project openSUSE:Tools:Unstable inside the package “qemu-devel” after some more testing. I have of course also a OBS meta prjconf file working with Debian Sid. The SH4 port of Debian Sid you can find at Debian Ports Site.

And last but not least I would like to thank Riku Voipio of the Debian Project, QEMU project and MeeGo project and other major contributors during the QEMU 0.13 development cycle for the restless work on QEMU user mode improvements. In case of KVM, QEMU is used even twice, with QEMU-KVM as well as QEMU User Mode. I am sure I had forgotten other important people, so thanks to them also.

Posted in Build Service, Distribution, Packaging, Toolchain, Virtualization | 3 Comments »

Matryoshka

October 20th, 2010 by

A matryoshka doll, also known as a Russian nesting doll or a babushka doll, is a set of dolls of decreasing sizes placed one inside the other. A set of matryoshkas consists of a wooden figure which separates, top from bottom, to reveal a smaller figure of the same sort inside, which has, in turn, another figure inside of it, and so on. Matryoshka Doll

Virtualization is a concept similar to the Matryoshka analogy. There is another system running inside the host machine. So it is box in a box. There are many virtualization techniques available at the disposal of the user; vmware, virtualbox, xen to name a few which requires lots of resources. Another alternative which is OpenVZ , container-based virtualization for Linux. Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files.

Here is a quote from TechRepublic Blog :

In the past we have looked at using OpenVZ for container virtualization on Linux. OpenVZ is great as it allows you to run compartmentalized “servers” within an operating system so you can separate systems, much like running virtual machines on a host system. With OpenVZ, you can get the benefits of virtualization without the overhead.

The downside of OpenVZ is that it isn’t in the mainline kernel. This means you need to run a kernel provided by the OpenVZ project. By itself this isn’t necessarily a problem, unless you are running an unsupported Linux distribution, and also if you don’t mind a bit of lag from upstream security fixes

So what is an alternative; well maybe lxc is the answer.According to http://lxc.sourceforge.net/

The  container  technology  is actively being pushed into the mainstream linux kernel. It provides the resource management through the control groups aka process containers and resource isolation through the namespaces.

There is very little information regarding LXC in the opensuse wiki and the only one available is still draft, yet provides enough information to start rolling up your containers.  Here is the preamble of the above mentioned page:

LXC is a form of paravirtualization. Being a sort of super duper chroot jail, it is limited to running linux binaries, but offers essentially native perfomance as if those binaries were running as normal processes right in the host kernel. Which in fact, they are.

LXC is interesting primarily in that:

  • It can be used to run a mere application, service, or a full operating system.
  • It offers essentially native performance. A binary running as an LXC guest is actually running as a normal process directly in the host os kernel just like any other process. In particular this means that cpu and i/o scheduling are a lot more fair and tunable, and you get native disk i/o performance which you can not have with real virtualization (even Xen, even in paravirt mode) This means you can containerize disk i/o heavy database apps. It also means that you can only run binaries that the host kernel can execute. (ie: you can run Linux binaries, not another OS like Solaris or Windows)

The same page also states there is not another HOWTO or documentation explaining how to use lxc with opensuse even though the lxc package has been part of the main oss repo since 11.2 version. Furthermore there are no scripts like lxc-fedora or lxc-debian  that will automate the creation or installation of opensuse. Now while it may be true that there are no opensuse specific scripts are available (at least I could not find through a Google search), though there is an interesting video on youtube showing the lxc with opensuse 11.2.

Based on the the information on the LXC wiki page, using the  SUSEStudio , I built an appliance which  is almost ready to use lxc. In order to create a container image, a very primitive lxc_opensuse script that will do a fairly basic job is also included. Once the script is issued,it will download opensuse 11.3 base system and the user can start playing with the wonders of lxc. For the impatient, who wants do discover Matryoshka, here is the link for  the appliance .

Have fun with Matryoshka !

Tags: , , ,
Posted in Virtualization | 1 Comment »

On-Access virus scanning on openSUSE 11.3

September 14th, 2010 by

One of the most useful deployment scenario for Linux in enterprise or educational environment is a fileserver with on access virus scanning, to serve Windows PCs on the network of course. Long ago there used to be samba-vscan that worked very nicely, it went missing in openSUSE 11.2 so dazuko kernel module worked in its place. On 11.3 dazuko is no longer available, enter dazukofs.

(more…)

Posted in Documentation, Education, Samba, Security, Server | 4 Comments »

« Older Entries