Saturday, October 31, 2015
Automated script to transform Ubuntu Trusty into MacBuntu
Run the script here
https://drive.google.com/file/d/0B_TW7XwVogRYZkVldUJxMEFGejQ/view?usp=sharing
The only extra step is to go to 'Startup Applications' and add an item with the command 'docky' (for some reason the config script does not auto run docky).
This is the end result
https://lh5.googleusercontent.com/-RwMQYtS_p_M/VGdMSzOe8EI/AAAAAAAAKi0/dZeBHnFzzU0/s1600/mac-3.jpg
Sunday, October 25, 2015
Wednesday, October 21, 2015
Joining Debian 8 Jessie to Active Directory, and sharing files with Samba + realmd
There are three different ways to join a Samba domain in Linux.
- Using pbis-open and samba interop
- Pbis open latest (8.3) works on Jessie (download here) to make your Linux box into a Kerberos client to your AD domain
- Sadly Pbis Samba interop does not work with latest Samba 4.1 in Debian 8
- Using the classical way of Samba + Winbind pam (although this does not include Kerberos)
- Using realmd as below (this is the most modern way I suppose)
Migrate Samba 4 Active Directory server to new hardware
I migrated my old Proxmox 3.0 KVM based Samba 4 server into a new Proxmox 4.0 LXC container. Luckily migrating Samba 4 is pretty straighforward.
- Backup the following directories
- sudo tar cvzf back.tgz /etc/samba /var/lib/samba
- Turn off the old VM (or computer)
- Create a new VM with the same IP and hostname in the new hardware host
- Move the backup.tgz to the new VM
- Extract on the root
- cd /
- sudo tar xvzf /home/user/backup.tgz
- Now install samba on top of it
- sudo apt-get install samba
- When prompted to keep your old smb.conf file choose 'keep'
- Restart
Thursday, October 15, 2015
Join Debian Samba 4 Server as secondary (backup) PDC
In Debian 8.2 Jessie, install samba packages and Kerberos client packages
apt-get install samba krb5-user
Follow this guide
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory
Lastly, setup dns forwarding for the internal Samba DNS
Add the following line in [global] section of /etc/samba/smb.conf
dns forwarder = <your dns server ip eg. your router 192.168.100.1>
Friday, May 29, 2015
Tuesday, May 12, 2015
Install Squid 3.4 with ssl bump on Debian 8 (Jessie)
sudo apt-get install dpkg-dev
sudo apt-get build-dep squid3
sudo apt-get build-dep openssh
sudo apt-get install libssl-dev libcrypto++-dev
sudo apt-get build-dep openssl
sudo apt-get source squid3
sudo apt-get install devscripts build-essential fakeroot
sudo apt-get install squid-langpack apache2
cd squid3-3.4.8
vi debian/rules
# add the lines
# --enable-ssl \
# --enable-ssl-crtd \
./configure
fakeroot debian/rules binary
# install
cd ..
dpkg -i *.deb
/usr/lib/squid3/ssl_crtd -c -s /var/lib/ssl_db/
chown -R proxy /var/lib/ssl_db
#create ca certificate
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
#copy the public part of pem file and create a der file
cp myCA.pem myCApublic.pem
# remove the private part of myCApublic.pem
openssl x509 -in myCApublic.pem -outform DER -out myCApublic.der
# make sure these lines are present in squid.conf
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/home/proxy/ssl_cert/myCA.pem
http_port 3129 transparent
http_port 3130 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/home/proxy/ssl_cert/myCA.pem
acl bump_sites dstdomain .youtube.com .youtube.com.mx
ssl_bump none localhost
ssl_bump server-first bump_sites
ssl_bump none all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
always_direct allow all
#change firewall to redirect port 80 to 3129, port 443 to 3130
sudo apt-get build-dep squid3
sudo apt-get build-dep openssh
sudo apt-get install libssl-dev libcrypto++-dev
sudo apt-get build-dep openssl
sudo apt-get source squid3
sudo apt-get install devscripts build-essential fakeroot
sudo apt-get install squid-langpack apache2
cd squid3-3.4.8
vi debian/rules
# add the lines
# --enable-ssl \
# --enable-ssl-crtd \
./configure
fakeroot debian/rules binary
# install
cd ..
dpkg -i *.deb
/usr/lib/squid3/ssl_crtd -c -s /var/lib/ssl_db/
chown -R proxy /var/lib/ssl_db
#create ca certificate
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
#copy the public part of pem file and create a der file
cp myCA.pem myCApublic.pem
# remove the private part of myCApublic.pem
openssl x509 -in myCApublic.pem -outform DER -out myCApublic.der
# make sure these lines are present in squid.conf
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/home/proxy/ssl_cert/myCA.pem
http_port 3129 transparent
http_port 3130 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/home/proxy/ssl_cert/myCA.pem
acl bump_sites dstdomain .youtube.com .youtube.com.mx
ssl_bump none localhost
ssl_bump server-first bump_sites
ssl_bump none all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
always_direct allow all
#change firewall to redirect port 80 to 3129, port 443 to 3130
Subscribe to:
Posts (Atom)