HowTo

Archived Posts from this Category

25/01/2012

What date is XX days from today?

Posted by Robert under HowTo, Open Source Software, Unix | Tags: , |
Leave a Comment 

A quick CLI reference for perl people…

perl -e ' my @t=localtime(time() + $ARGV[0]*24*60*60); $t[4]++; $t[5]+=1900; print "$t[4]/$t[3]/$t[5]\n";' XX

I’ve needed this 2x today already, and hope it helps you!

Edit:
Someone made a comment, as people on the internet are prone to do, so here’s the long-form non-one-liner version:


#!/usr/bin/perl
my $addDays = shift;
my ($second, $minute, $hour, $day, $month, $year, $dayOfWeek, $dayOfYear, $daylightSavings) = localtime(time());
my ($fsecond, $fminute, $fhour, $fday, $fmonth, $fyear, $fdayOfWeek, $fdayOfYear, $fdaylightSavings) = localtime(time() + $addDays*24*60*60);

#fix 0 = 1 values, and "0 = 1900" problem:
$month++;
$fmonth++;
$year+=1900;
$fyear+=1900;

print "today is: $month/$day/$year\n";
print "$addDays days from today is: $fmonth/$fday/$fyear\n";

Run it as:

rob@laptop:~$ fdate.pl 50
today is: 1/25/2012
50 days from today is: 3/15/2012

 

05/10/2011

Dynamic MTU in Debian/Ubuntu

Posted by Robert under HowTo, Linux, Networking
Leave a Comment 

I know it’s probably an unusual situation, but in the lab we have Jumbo frames turned on for all the servers and test boxes. It makes a huge difference copying ISOs between hosts, and doing network backups. However, my Kubuntu laptop isn’t always in the lab network. This means that I almost never remember to change the MTU when I’m back in the office, OR I remember in the middle of a transfer, when it’s already too late to gain the benefits.

So I wrote a little script, and put it in /etc/network/if-up.d/ named “jumbo-frames.sh”. The if-*.d/ structure is designed for exactly this purpose: run a script when an interface comes up. The basic premise is: If I’m plugged into a wired network (eth0) in the lab (domain or IP address match certain parameters), then set the MTU to 9000 (jumbo frame support), otherwise assume the network has a normal MTU (1500). This allows the system to reconfigure on the fly if I put it to sleep and go visit a customer.

Here’s the code:

#!/bin/sh
# Set support for jumbo frames when at home on wired network, else do not.
# Determine home network based on IP address and DNS-determined name.
# $IFACE should be set by the caller.

PATH=/sbin:/bin:/usr/sbin:/usr/bin

IFC=/sbin/ifconfig
INT="eth0"
MTU=9000
DEFMTU=1500
#name of the DNS domain to assume as "home"
HOMED="totalnetsolutions.net"
#IP Subnet to assume as "home" if DNS test fails
HOMEN="10.0.0."

test -x $IFC || exit 0

# Don't make changes to the wireless (wlan) or loopback (lo) interfaces
if [ "$IFACE" != "$INT" ]; then
exit 0
fi

# if dhcpd is still working on writing our resolv.conf, just wait a while (it's a hack, but it works).
test -f /etc/resolv.conf || sleep 15

DOM=`awk '/search/ { print $2 }' /etc/resolv.conf`
NET=`ip addr show dev $IFACE | awk '/inet / { print $2 }' | awk -F. '{ print $1 "." $2 "." $3 "." }'`

if [ "$DOM" = "$HOMED" ]; then
$IFC $IFACE mtu $MTU
elif [ "$NET" = "$HOMEN" ]; then
$IFC $IFACE mtu $MTU
else
$IFC $IFACE mtu $DEFMTU
fi

 

07/07/2011

HowTo: Create a dummy / empty / blank krb5.keytab file

Posted by Robert under HowTo, Linux, Unix | Tags: |
Leave a Comment 

We had an issue recently where we needed a dummy krb5.keytab file for an operation prior to creating the real keytab:
echo -e "\0005\0002\c" >/etc/krb5.keytab

 

21/06/2011

How To: Test SMTP by hand

Posted by Robert under Exchange, HowTo
Leave a Comment 

I recently had a co-worker trying to figure out a “lost email” problem we were possibly experiencing. He was blind to everything after hitting “send” because the intermediate servers weren’t sending delivery recipets, even though they were requested in the MIME header (Does any mail admin allow those to be sent out of the organization these days?) So, to help him out, I wrote up the following “how to test SMTP by hand” HOWTO.

First step is to determine which servers are responsible for mail delivery inbound for the domain you’re sending to. You do this by looking in DNS for the “MX” type records. These are provided in the format “priority servername.domain.” Priority is reverse-ordered. The easiest way to remember priority order is that it’s the order in which servers are attempted.

rob@rob-kubuntu3:~$ dig MX totalnetsolutions.net +short
10 docsmooth.isa-geek.net.
rob@rob-kubuntu3:~$ dig MX likewise.com +short
10 server1.inboundmx.com.
20 server2.inboundmx.com.

This tells you the servers, in order, that *all* mail will be sent to for the domain listed. So, anything to my likewise.com address will go to server1.inboundmx.com. The higher priorities are only used if the lower priorities fail to answer. If no server answers, the mail is held by the sender and retried, generally every 1 or 4 hours for up to 4 days, but this retry is configured on the *sending* server. That means, your own email admin (or you, if you’re the mail admin).

Next thing to check is: does the server work, and is it your sender, or their receiver? Check with telnet!
Stuff I type is in red:

rob@rob-kubuntu3:~$ telnet docsmooth.isa-geek.net 25
Trying 99.29.179.119...
Connected to docsmooth.isa-geek.net.
Escape character is '^]'.
220 totalnetsolutions.net Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Tue, 31 May 2011 08:43:08 -0500
HELO
250 totalnetsolutions.net Hello [12.130.116.175]
MAIL FROM: me@me.com
250 2.1.0 me@me.com....Sender OK
RCPT TO:you@you.net
250 2.1.5 you@you.net
DATA
354 Start mail input; end with .
from:me@me.com
to:you@you.net
subject:test manually
test
test
.
250 2.6.0 Queued mail for delivery
quit
221 2.0.0 totalnetsolutions.net Service closing transmission channel
Connection closed by foreign host.

The last “.” is SUPER important – it tells the mail server when you’re done sending that email. You could use that channel to send other messages, rather than sending “QUIT” if you’d like. You might notice that I entered the “From” and “To” lines twice. The first entries are for the SMTP header (analogy would be the message envelope), and the second entries are for the MIME headings (analogy would be the return address header in a formal postal letter, if anyone sends those). The MIME headings are what most mail programs display, and actually don’t technically need to match the SMTP header (but if MIME and SMTP don’t match many anti-spam programs will throw out the message).

The MIME header is pretty complex, but not order-dependant, although I prefer to enter it in order, so that I can be sure I don’t miss anything.
If you want to add an attachment, just base64 encode it first with:
perl -e 'use MIME::Base64; qw(encode_base64); print encode_base64("@ARGV");' cat attachment-to-send.zip
Then you can just paste it into the email. In the MIME heading (right after the subject), just add (with the appropriate mime coding, probably application/octet-string:

------=_NextPart_000_000D_01CC1C41.21F38080
Content-Type: application/zip;
name="attachment-to-send.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="attachment-to-send.zip"
<paste your base64 encoded attachment/ >
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_000D_01CC1C41.21F38080"
------=_NextPart_000_000D_01CC1C41.21F38080
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

Type your message here, ending with a “.” Standalone on a line.
.

Now that you know *how* to send an email message by hand, you can use the returned error codes to troubleshoot where the message may be disappearing. Remember, that this just gives you transport troubleshooting between yourself and the initial destination mail server. Many large (and even medium-sized) organizations will have a perimeter mail server which then forwards the message to one or more internal servers. If the mail is being dropped at that point, you’ll have to contact the reciever with the proof that their server is accepting your messages.

 

05/03/2009

Samba on Likewise Open – errors with machine accounts

Posted by Robert under HowTo, Open Source Software, Windows
[2] Comments 

We’ve had a few customers and Open users posting about problems with machine accounts trying to access Samba shares and getting denied with:
smbd/sesssetup.c:reply_spnego_kerberos(439) Username DOM\COMPUTER1$ is invalid on this system
The “$” at the end of the account name means it’s a computer account, not a user. We’re seeing this for Citrix MetaFrame application servers on shared storage, startup scripts not stored on a DC, and several other cases.

On a Samba server joined to AD with winbind, this is easy to deal with because Samba’s winbind can treat the computer accounts just like user accounts, and assign them access to the unix filesystem with whatever backend has been configured. When a Samba server is joined with Likewise, however, the machine accounts are not visible, and the “username is invalid” message comes up.

Fortunately, Samba gives us a method to handle this, in form of the “username map” directive in /etc/samba/smb.conf.  There are two ways to use this, the first is with the username map file.
In smb.conf, to simply add:
[global ]
username map = /etc/samba/smbusers
then create a file named /etc/samba/smbusers and populate it with localuser=aduser pairs, like:
COMPUTER1$ = compacct
COMPUTER2$ = compacct
CITRIXFARM1$ = citrxact
and so on. Lastly, you’ll have to add the local accounts from the pairs above:
useradd -c "Account for AD Computers to use Samba" compacct -G users -u 998
useradd -c "Account for AD Citrix Servers to use Samba" citrxact -G users -u 999
Then, whenever one of the AD computers in the list attempts to access the Samba share, it’ll be mapped to the local account.

The problem with this is when you have a lot of servers, like a Citrix MetaFrame farm, or a Windows Server 2008 R2 Remote Desktop Services farm, that may be changing frequently, because managing that file could get hard. In this case there is the username map script directive, which is added to smb.conf as:
[global ]
username map script = /usr/lib/samba/auth/machine-acct-map.pl
Then download this script and save it in /usr/lib/samba/auth/ and make it executable (chmod +x /usr/lib/samba/auth/machine-acct-map.pl). Then run:
useradd -c "Account for AD Computers to use Samba" compacct -G users -u 998
Now, all computers which access the share will be remapped to the “compacct” user, and you won’t have to manage a file for every time the server farm changes.

Get the file here.

 

Next Page »