… mammoth cave …
I have registered for the Bachelor program of Computer Science in the Nicosia\’s Campus of Intercollege. This semester I will be taking four classes all of which a computer related. I have got Artificial Intelligence, Object Oriented Programming, Computer Organization and Architecture and Software Development.
Most of the classes are night ones, so I will still have a lot of time during the day.
I have managed to set up FreeNX to work quite smoothly with MS Active Directory authentication. Here are few steps to be done (assuming Fedora Core 5 as a FreeNX server):
1. Make the linux server where FreeNX will be installed an AD member
For this we will need samba and kerberos stuff which are either installed or easily retrieved with yum. So I will not bother describing on how to get packages :) If some configs mentioned below are missing, then obviously you are missing some packages
In /etc/samba/smb.conf:
[global]
netbios name = myhost
realm = mydomain.int
workgroup = mydomain
security = ADS
password server = pdc.mydomain.int bdc.mydomain.int
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-20000
winbind enum users = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind use default domain = yes
encrypt passwords = yes
log level = 3 passdb:5 auth:10 winbind:5
template shell = /bin/bash
In /etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = mydomain.int
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
mydomain.int = {
kdc = pdc.mydomain.int:88
kdc = bdc.mydomain.int:88
admin_server = pdc.mydomain.int:749
default_domain = mydomain.int
}
[domain_realm]
.mydomain.int = pdc.mydomain.int
mydomain.int = pdc.mydomain.int
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
This is enough to be a member of AD. Just make sure that smbd and winbindd are running. To join the domain, use net join ads command with required options (see net help join for more info)
2. Make domain users be able to login to linux server with SSH
I suppose there are many ways to do this, but I went with modifying the /etc/pam.d/ssh the next way
#%PAM-1.0
#auth include system-auth
#account required pam_nologin.so
#account include system-auth
#password include system-auth
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_unix.so use_first_pass shadow nullok
account sufficient /lib/security/pam_winbind.so
account required pam_nologin.so
account include system-auth
session include system-auth
session required pam_loginuid.so
and now make system look for AD users by modifying the /etc/nsswitch.conf to contain the next lines:
passwd: files winbind
shadow: files
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns winbind
From now on the system will allow domain users to login with SSH.
3. Make it work
Now just install freenx:
# yum install freenx
Optionally make it work with default nomachine keys (so that clients will have less configurations to do) by reconfiguring freenx:
# nxsetup --override --install --setup-nomachine-key --clean --purge)
start nxserver
# nxserver --start
create home for desired domain users
# mkdir /home/mydomain/myusername
and finally allow the user to use FreeNX
# nxserver --adduser mydomain+myusername
4. Troubleshooting
All problems are seen in log files under /var/log
5. Other benefits
The way the samba is configured now, it is very easy to add SQUID with NTLM auth ;) If you are interested in this - just let me know in the comments - I will post the samples of config files.
I have this strange problem now with one installation of MS Exchange server and IIS inetinfo.exe process on that machine. Whenever I restart the server running MS Exchange, the inetinfo.exe process start consuming 1GB of ram and stops all mail delivery. SMTP server just accepts mail and pulls it to \”Messages Pending Submission\” queue for later delivery.
It seems that inetinfo.exe does some indexing of MS Exchange store during which it consumes all resources and delay mail delivery. The only way to solve this is to wait until the inetinfo.exe finish this indexing, but normally it takes some hours. Since this is not the case (users need mail), I had to come up with some tricky solution:
1. Put a scheduled task to restart IIS every 2 minutes (%SYSTEM%\\System32\\iisreset.exe) since after the restart IIS manages to deliver around 10 pending messages before getting stuck
2. Make the IIS to be restarted until evening so that users can have their mail delivered (though with some small delays)
3. Stop scheduling after the working day so that the inetinfo.exe can finish indexing overnight. In the morning of the next day the server will be fine.
The biggest problem here is that I can not get what particularly the inetinfo.exe does, so that I could possibly find a better solution.
Yet another useful model for developing web applications with perl. Though I am using Template Toolkit to make job easier, I am fed up with building similar forms in my web applications. Now I found a very nice combination of things: Catalyst + Class::DBI + TemplateToolkit + FormBuilder.
Catalyst, being an MVC framework (which I really like) does all the routing job of determining what to do apon the request and how to do it. Catalyst::Session alsp provides me with all I need in regards to sessions.
Class::DBI (along with Class::DBI::Sweet and Class::DBI::mysql) makes the process of storing, retrieving and doing other stuff with data very easy and comfortable.
Template Toolkit reduces the amount of HTML written a lot.
CGI::FormBuilder makes it very easy to work with forms. I have only one general template to define how the form will look and a bunch of config files to define different forms. It also does a lot of validation work (both with javascript on client side and perl on server side).
Another good point is that all of the above modules can be very easily integrated into one application and used smoothly together.
Any other useful things?
Recently I decided to try and use Gnome on my laptop instead of KDE (not that I do not like KDE – I love it. It is just I want to try and study Gnome a bit more). In addition to changing the desktop I decided to find some software which matches it more. One of new applications I got is Liferea which is a news aggrigator similar to KAggregator but it looks to me much better, though there are some things which I like in KAggregator and they are missing here.