We had to enable SNMP on a XenServer today, I’d never even logged onto one, but it turns out, much like ESX, it’s just a Linux server, at least the good folk at Citrix included nano on there so I didn’t have to struggle with the vi editor!
Solution
First from the web console ensure that SSH access is enabled > Remote Services Configuration > Enable/Disable Remote Shell.
SSH into the host and execute the following commands to start the SNMP daemon, take a backup of the config file, and finally edit the ‘live’ config file.
You can delete EVERYTHING (At the beginning of the file press CTRL+6 to mark the file, then Press ALT+Shif+T (or ALT+T) to cut the text away). Then type in;
[box]
rocommunity {SNMP-String} {IP address or range with /{bits}}
i.e.
rocommunity public 192.168.1.0/24
[/box]
Save and Exit (CTRL+X > ‘Y’ > {Enter}). Now you need to edit the firewall on the host (iptables). To allow the IP addresses of your SNMP collector(s).
[box]
nano /etc/sysconfig/iptables
[/box]
At the bottom, (usually) you will see a deny for ICMP, put an entry for each collector BEFORE that in the following format;
Save and Exit (CTRL+X > ‘Y’ > {Enter}). then restart iptables and the snmp daemon.
[box]
service iptables restart
service snmpd restart
[/box]
If you are polling it though a firewall you can test it locally using this piece of freeware, (I use this to test, but remember to add the local IP you are testing from to the sump config and the iptables!)
Related Articles, References, Credits, or External Links
UNL is by far the coolest bit of kit I’ve got my hands on this year. I can run it in ESX, and connect to it from anywhere, so I don’t have to keep my labs on my laptop. But what if you want to connect your labs to a live network? Theres a great article on the unetlab website for the smaller versions of VMWare. If you’re lucky enough to have your own vSphere environment there’s a few more hoops to jump through.
Solution
First job is to present the vNics to the UNL virtual machine. Here all those vNics are in the same ‘port group’, but they don’t have to be, there’s no reason why you can’t present different VLANS, test networks, or DMZs for example.
Here I’m directly on the console, but you can also connect via SSH if you prefer. Make sure you can see the presented vNics with the following command;
[box]ifconfig -a | grep ^eth[/box]
Those networks need to be ‘bridged’ to the pnet interfaces that you use within UNL, to do that edit the network setttings;
[box]nano /etc/network/interfaces[/box]
Note: I already had nano installed, ‘apt-get install nano’ will install it for you if you don’t.
Make sure it looks like this, (OK, I’ve got 10 network cards bridged and only presented 5, but I can add more now, without having to go though this process again).
[box]
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
iface eth0 inet manual
auto pnet0
iface pnet0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_ageing 0
# Cloud devices
iface eth1 inet manual
auto pnet1
iface pnet1 inet manual
bridge_ports eth1
bridge_stp off
bridge_ageing 0
iface eth2 inet manual
auto pnet2
iface pnet2 inet manual
bridge_ports eth2
bridge_stp off
bridge_ageing 0
iface eth3 inet manual
auto pnet3
iface pnet3 inet manual
bridge_ports eth3
bridge_stp off
bridge_ageing 0
iface eth4 inet manual
auto pnet4
iface pnet4 inet manual
bridge_ports eth4
bridge_stp off
bridge_ageing 0
iface eth5 inet manual
auto pnet5
iface pnet5 inet manual
bridge_ports eth5
bridge_stp off
bridge_ageing 0
iface eth6 inet manual
auto pnet6
iface pnet6 inet manual
bridge_ports eth6
bridge_stp off
bridge_ageing 0
iface eth7 inet manual
auto pnet7
iface pnet7 inet manual
bridge_ports eth7
bridge_stp off
bridge_ageing 0
iface eth8 inet manual
auto pnet8
iface pnet8 inet manual
bridge_ports eth8
bridge_stp off
bridge_ageing 0
iface eth9 inet manual
auto pnet9
iface pnet9 inet manual
bridge_ports eth9
bridge_stp off
bridge_ageing 0
[/box]
You can ensure the interfaces are up by running;
[box]brctl show[/box]
If there’s a problem, you can bring tham up manually by running ‘for i in $(seq 1 9); do ifup pnet${i}; done‘.
ESX Enabling Promiscuous Mode
To enable your devices to talk through your vSwitches, they need to allow ‘promiscuous mode‘, below you can see that being done on the vSwitch (in the VI Client).
Check the ‘port group’ as well and ensure that will also accept promiscuous mode.
If you are using the vSphere Web Clienthere is where promiscuous mode is set on the vSwitch.
And here is where it’s set on the port group.
Unfortunately you can’t change this setting in the new HTML5 management console but you can view it.
Connect Your UNL Lab To the Public Network
Add a new node, and select the ‘Network’ option > When you place it you can select which live network you want to connect to.
WARNING: Connect to live networks as you would in real life, (with a router, firewall, or correctly configured L3 device).
Related Articles, References, Credits, or External Links
When attempting to upload a file to your website, (in my case from within WordPress). You see this error.
Solution
If you are on ‘shared hosting‘ then you may not have access to your php.ini file, if that is the case you should add the following to your .htaccess file, (this will be a hidden file in the root folder of your website).
If , (like me), you have your own server, then you will need to edit the php.ini file directly, but where is it? Executing a ‘whereis php.ini‘ command in my case showed me a few copies in various locations, but which one was live?
I’m assuming your website is installed in /var/www/html, so change the commands if yours is in a different location. I’m going to create a .php file in the root of my website, then browse to this file, it will show me all my .php settings, and tell me where the live copy of php.ini is located.
I use nano, if you don’t have it installed, enter the hell that is the ‘vi editor’ and use that instead 🙂
[box]
nano /var/www/html/info.php
[/box]
Then paste in the following text;
[box]
<?php phpinfo(); ?>
[/box]
Then browse to the info.php file on your website with a web browser, i.e. http://www.your-website.com/info.php. You should see something like this.
You can see that the ‘Loaded Configuration File’ is in /etc/php.ini
WARNING: Now it’s a little bit of a security hole having this sat there, so let’s delete this file on the server with the following command;
[box]
rm /var/www/html/info.php
THEN Enter 'y' to confirm.
[/box]
How To Edit The php.ini File
Execute the following command;
[box]
nano /etc/php.ini
[/box]
Locate Upload_max_filesize and change its setting accordingly, by default it’s only 2MB.
Also change your post size setting, as the default is only 8MB.
Save and exit the file, then restart Apache.
[box]
/sbin/service httpd restart
[/box]
Try to upload your file again.
Related Articles, References, Credits, or External Links
You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.
Note: The domain controller is a Windows 2008 R2 Server.
Solution
Notes
1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).
2. Then to allow users to logon from the Ubuntu welcome screen,
[box]sudo nano /etc/samba/lwiauthd.conf[/box]
3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.
[box]winbind use default domain = yes[/box]
4. Then reboot.
[box]sudo reboot[/box]
5. To allow sudo for the domain user(s),
[box]sudo nano /etc/sudoers[/box]
Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).
[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>
Problem 1
Error: Lsass Error [code 0x00080047]
9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.
This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.
FIX
Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,
[box]cat /etc/resolv.conf[/box]
Then get the domain syntax right, in my case the domain name.
If you would like to add your domain user(s) to the welcome screen click here.
Update 04/01/12
Attention: PeteNetLive – Suggestion
Message: Hi,
Thanks very much for you YouTube and description of joining Ubuntu to a domain. There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account. To do this I had to add the following line to /etc/lightdm/lightdm.conf
greeter-show-manual-login=true
I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.
Thanks again.
From: Roland Elferink
Related Articles, References, Credits, or External Links
I needed to back up a Cisco firewall, and perform an upgrade remotely, despite my best efforts to use the ASDM and update via http, I had to go ‘old school’ and bring up a TFTP server on one of my CentOS Linux servers.
Solution
1. Log onto the server and install the xinetd TFTP Server. Execute the following command and follow the on-screen prompts.
[box]Using username “root”.
Last login: Thu Aug 7 17:58:10 2014 from midd-8.cable.virginm.net
[root@Web-Test ~]# yum install tftp tftp-server xinetd[/box]
2. Now you need to edit the config file, here I’m using nano, but you could use vi as well.
# default: off
# description: The tftp server serves files using the trivial file transfer
# protocol. The tftp protocol is often used to boot diskless
# workstations, download configuration files to network-aware printers,
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = yes
per_source = 11
cps = 100 2
flags = IPv4
}
[/box]
4. Edit the file and save it, so it looks like this;
[box]
# default: off
# description: The tftp server serves files using the trivial file transfer
# protocol. The tftp protocol is often used to boot diskless
# workstations, download configuration files to network-aware printers,
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
Note: if you run SELinux you may also need to execute the following command, ‘setsebool -P tftp_anon_write 1‘.
WARNINIG: This enables anonymous access on the TFTP root folder, if your server is public facing and not firewalled, then I would suggest you do what I do, (stop and start the service manually, and only open the firewall for TFTP when you need to use it – see below).
6. If you use iptables as a firewall, you will need to open the TFTP port (UDP Port 69).
10. I could SSH into the server and change to the /var/lib/tftpboot directory and see the file. But I’ve got WinSCP installed so I can view the backup with that.
11. Let’s see if we can copy a file off the TFTP server back to the firewall.
[box]
Petes-ASA# copy tftp flash
Address or name of remote host []? 123.123.123.123
Out of the box, Apache expects your website homepage to be called index, on this site the homepage is called home, here’s how to change it.
Solution
1. Connect to the server via SSH, (or open a terminal session). The file you need to edit is called httpd.conf. This server is running CentOS, so you should find that file in the /etc/httpd/conf folder.
2. I’m going to edit it with nano.
3. Locate the DirectoryIndex section and remove index and any other unwanted filename (i.e. in this example index.var).
4. Add in the one you require and save and exit, (press CTRL+X and Y to save).
–
5. You nee to restart Apache for the change to take effect.
[box] apachectl -k restart[/box]
Related Articles, References, Credits, or External Links