You can now connect to a server on your same subnet using sftp. Feel free to add a default route if you need to connect to a remote server or add a DNS server if you need name resolution.
fixit# sftp user@192.168.0.10
Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
User context is very important. What works for a logged in user may not work for the LocalSystem account. If a process is running as LocalSystem, it is important to test that what you are doing will work when running as LocalSystem. Testing as the logged in user may give incorrect results as the logged in user may have different access rights and permissions.
There used to be many ways to do this, but now in Windows 7 those ways have been cut down.
Here are the two ways I know of that still work, however, only the first way I would recommend:
Open a command prompt and change to the directory where you have psexec and run the following:
psexec -i -s cmd.exe
Method 2 – Using an interactive service
Open a command prompt as administrator (right-click on the cmd.exe shortcut and choose Run as administrator) and run the following:
sc create CMD binpath= "cmd /K start" type= own type= interact
sc start "CMD"
WARNING: The service testsvc is configured as interactive whose support is being deprecated. The service may not function properly.
A prompt may appear or it may only show down on the start bar and you have to click it to see it. It looks like this:
Click “View Message”.You are now at a local system command prompt.
When you are done, close the command prompt and click return.How to verify that the command prompt is running as Local System?
1. Run Task Manager and make sure that the cmd.exe process is running as user SYSTEM.
2. Run SET in your command prompt and make sure the username variable equal your computer name with a $ at the end. For example if you computer is named MyPC1, the username variable would be MyPC1$.
How to enable sshd from the FreeBSD 8 install’s fixit environemnt?
So there are lots of documents out there on how to do something in fixit and some times (most the time) those are long drawn out processes with a lot of typing.
What if you could copy and paste? Well, you can’t. But you could if you could ssh in right.
So lets boot to the FreeBSD 8 Installation DVD and see if we can enable sshd.
I just got it to work so let me document my steps:
Run ifconfig to find what ethernet controller you have. Mine was em0.
fixit# ifconfig
Now assign an IP address. Make sure to find an open IP Address that is not already in use.
That is it for configuring your IP address. You may be asking yourself, what about the DNS server and the default route? Well, you only need those if you are connecting from a different subnet and since you are booted to a fixit environment, I assume you are on the same subnet. Just in case you aren’t, you can enable DNS and give yourself a default route with these commands:
Prepare the environment for login. We probably want similar environment variables, because the defaults won’t work, since most our binary files are in subdirectories of /mnt2.
Now try to connect using ssh and the root user. There should be no password requested. If you need a windows ssh client, use PuTTY.Note: There may be some errors on setting the environment variables when you log in but they aren’t going to hurt anything and the ones you need should work.
Well, that was a lot easier than I thought it would be. Only took me a short time to figure out.
Hopefully if you search any search engine for this term, you will find this post:
freebsd fixit sshd
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
How to configure ssh to allow certificate authentication to FreeBSD?
So supposedly you can configure SSH so that you can connect without having to type in a user name and password, but instead authenticate with a certificate. Lets see if we can set this up..
I had problems creating the key using PuTTYgen, (see this post) so I am going to create the keys on the server.
Log in as a non-root user.
Create the RSA keys with this command: (You can use dsa keys by replacing any instance of rsa with dsa.)
ssh-keygen -t rsa
Accept the default file locations and hit enter.
In your home folder you now have two files:
.ssh/id_rsa
.ssh/id_rsa.pub
Add the public key to the .ssh/authorized_keys file.
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
You can delete the public key, .ssh/id_rsa.pub, now if you want from the FreeBSD server as it is stored in the .ssh/authorized_keys file.
From the workstation that you want to connect to this machine with, use an sftp tool to copy the private key, the .ssh/id_rsa file, to the local workstation.
Example 1 -If you are on windows, you could use WinSCP to connect to the FreeBSD server. Then you can use the key to connect. If you are using PuTTY, then also use PuTTYgen to load the key and save it in PuTTY’s format.
Example 2 – If you are on another FreeBSD server or workstation, then copy the private key to the .ssh directory (with the same name id_rsa) for the user you want to automatically connect.
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
Ok, so here it goes, I am following this guide: http://wiki.freebsd.org/RootOnZFS/ZFSBootPartition
I am going to improve upon it and try to make it newbie proof and not skip steps in my guide when this guide skips steps. Why am I making it newbie proof? I don’t know, you would think if you are doing ZFS you aren’t a newbie, but who knows. Better safe than sorry.
Steps for How to install FreeBSD 8.0 using only ZFS partitions? Step 1. Creating a bootable ZFS Filesystem
Download the FreeBSD 8 DVD ISO from here: http://www.freebsd.org/where.html
Ok, so this isn’t exactly a download link, but it takes you to where you choose your architecture. Click on the [ISO] link next to your Architecture type.
If you are a newbie and don’t know your architecture, you probably want i386. If you just bought a new 64 bit machine then you want amd64.
Ok, so the actually link you want is the one that looks as follows:
For amd64 – 8.0-RELEASE-amd64-dvd1.iso.gz
For i386 – 8.0-RELEASE-i386-dvd1.iso.gz
Extract it as it is zipped.
Burn the ISO to DVD disk (or if you are using VMWare just point your VM’s CD-ROM at the ISO).
Boot off the FreeBSD 8 DVD and let it boot all the way up.
Choose your country/region.
You should now be at the Sysinstall Main Menu. Remember, we cannot use Sysinstall because it doesn’t yet support ZFS. (I am hoping for a new installer over fixing this old one.)
Choose Fixit. You will be promted to Please choose a fixit option.
Choose CDROM/DVD.
You are now at a Fixit command prompt. And if you are following the wiki guide, you are only at that guide’s step 3. Create MBR disk
Create an MBR disk by running the following command:
gpart create -s mbr ad0
However, what the guide assumes you already know is that ad0 is the name of your hard drive and can be different for each installation. I am installing on VMWare using SCSI and the name of my hard drive is da0. So I would run:
gpart create -s mbr da0
You can find out your by looking at a directory listing of /dev if you are familiar with common names, otherwise, you can start a Standard install and see what name is used when you get to the Disk label editor section of the install.
I am going to use da0 or ad0 in the rest of my document interchangeably, so you need to remember to always use the correct disk name for your drive.
Run the following command to show the information for your disk
gpart show ad0
There are two columns of numbers. The first column number is a start block for the slice and the second is the size in blocks for the slice. 63 is the start of every first slice. However, the end of a slice is variable depending on the size of your hard drive.
A slice is not exactly a partition. On FreeBSD you first create a Slice and then you create your partitions on your slice. The next steps will show you have to do both.
Create a new Slice using the entire disk.
Obviously the guy who wrote the wiki I am following already had two slices for windows, so he must have been dual booting. I am assuming that you are not dual booting and that you are installing a new server and you plan to use the entire disk.
To create a slice using the entire disk, run this command replacing the value after the -s with the value you saw when you ran the previous command.
gpart add -b 63 -s 104857515 -t freebsd da0
It will output something like “da0s1 added”. If you look at the da0s1 string, it makes sense. da0 (your disk name) s1 (slice 1 – the slice you just created).
Now lets create our slice. No, I am not sure why you have to both add the slice and create the slice, but I am sure there is a good reason.
gpart create -s BSD da0s1
Lets make our slice the active slice. Sounds like this is only sometimes needed. Better to do it and not need it than to not do it an find out you need it.
gpart set -a active -i 1 da0
You can run the gpart show da0 command again to make sure it is set as active.
Look at the slice.
gpart show da0s1
Again, you will have two rows of numbers. This time the first number is 0 and the second number is the size of the slice.
We want at least two partitions, one for / and one as a swap partition. So we need to determine how much space we want for the swap partition. I want 3 GB.
Now we have to convert the desired size from GB to sectors.
So take the total size of your slice in sectors and subtract 6291456 and you will have the size of your / partition. And our swap partition will be 6291456.
My intention is to make a more thorough and newbie proof version of this wiki. So here we go, diving into step 2.
Create the ZFS hierarchy.
Wow, this is going to be a lot of tedious typing. You know, while FreeBSD didn’t make an installer for all this, how hard would it have been to create a couple of scripts and include them on the CD so this would be easier.
cd /dist/8.0-RELEASE
export DESTDIR=/zroot
for dir in base catpages dict doc games info lib32 manpages ports; \
do (cd $dir ; ./install.sh) ; done
cd src ; ./install.sh all
cd ../kernels ; ./install.sh generic
cd /zroot/boot ; cp -Rlp GENERIC/* /zroot/boot/kernel/
zfs set readonly=on zroot/var/empty
cd /usr/src/sys/boot/
make obj
make depend
make
cd i386/loader
make install
passwd
tzsetup
cd /etc/mail
make aliases
umount /dev
exit
cp /boot/zfs/zpool.cache /zroot/boot/zfs/zpool.cache
Warning! There is only one line that might catch a newbie off-guard. Every other line you can type in as is but this one.
echo ‘ifconfig_em0=”DHCP”‘ >> /etc/rc.conf
On FreeBSD this is how you setup your network card to use FreeBSD. However, while my card is em0, not all cards are em0. Run the ifconfig command on FreeBSD to see your card type and replace em0 with the type for you card.
Step 3 – Finish
I followed the guide almost exactly except I had to do a cd / before unmounting. So I added that command where it needs to be, so this should be very newbie proof.
Run these commands.
cat < /zroot/etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/ad0s3b none swap sw 0 0
EOF
export LD_LIBRARY_PATH=/mnt2/lib
cd /
zfs unmount -a
zfs set mountpoint=legacy zroot
zfs set mountpoint=/tmp zroot/tmp
zfs set mountpoint=/usr zroot/usr
zfs set mountpoint=/var zroot/var
Wow, to think I started FreeBSD when it was at 4.x. I started using FreeBSD end of 2001, so at the end of 2008, I have used FreeBSD for almost 8 years.
Files deleted in Explore sometimes don’t delete from explorer right away, though they do delete. It takes too long to update. It takes far too long to update. It takes abismally too long to update. (I consider anything over 1 second too long, anything over 2 seconds far too long, and anything over 10 seconds abismally too long.)
Time to update is sometimes as long as 45 seconds.
Steps to duplicate
Here is what I do:
1. Delete a file in a folder.
2. Wait 15 seconds or more and the file doesn’t show as deleted.
3. Delete the file again and it says it is already deleted.
Getting to the state where this occurs
Unknown but here is what I do
I have a T61p Laptop running Windows 7 64 bit.
I am joined to a Windows 2003 domain and often the domain controller is not available (like I said I have a laptop).
I use Remote Desktop.
I use network shares often.
I use Visual Studio often.
I use Outlook often.
I use Firefox and IE often.
I have Windows Live Messenger running all the time.
Sometimes I VPN into work.
I do all of the above while VPNed
Software with plugins to explorer include: TortoiseSVN and Notepad++ (could be something they are doing, but even if it is, why would microsoft allow code that calls a plugin to execute when deleting a file?)
Resolution
Unknown, but the problem comes and goes.
Conclusion
Microsoft didn’t not test Explorer in production environments very well or they would have seen this.
If they have seen this and haven’t fixed then that would make me more annoyed.
Ok, so you want to evaluate and open source application?
What guidelines should you use? Here is a guideline. I will continue to update this as I find valid items to measure. If you have something I should add to the list, please let me know.
Obtaining the Software
A top link in search engine when searching for open source app’s name?
A quick download link?
Clear description of different downloads per platform?
Installation of Open Source App
Clear description of different downloads per platform?
List of platforms:
Ease of install score:
Ease of initial configuration score:
Authentication
Integration with Active Directory?
Score:
Integration with LDAP?
Score:
Database authentication?
Explanation: Can authentication occur in a database such as Postgresql, MySQL, etc…
Supported Database list:
Score:
Authentication to a 3rd party programs database?
Explanation: So that if you have an application A with a database that hosts a username a password, can this open source application B use your database from application A to authenticate?
Score:
Security
How secure is this application?
What security holes have been reported and fixed?
What development designs were taken into consideration to enhance security?
What security analysis tools such as Nessus has this open source application been analyzed with?
Documentation
Install guide exists?
Quality Score:
Users guide exists?
Quality Score:
Admin guide exists?
Quality Score:
Developer’s guide exists?
Compile/Debug guide on how to load in an IDE and compile and debug (Visual Studio 2008, Eclipse, KDevelop, other, etc…)
Guide for submitting a bug or suggestion?
Guide for contributing documentation?
Ease of contribution Documentation?
Ease of Use
Is the application easy to use?
Can non-technical users use the application with minimal training?
Stability
How stable is the application? Determine this from normal use for a period of time.
How stable is the platform(s) and/or 3rd party dependencies the application runs/depends on?
Does the application crash with normal use?
Does the application crash with abnormal use?
Does the application crash with prolonged use?
Is the process for submitting a bug simple?
Is the process for applying a patch simple?
Does applying patches decrease stability?
Community Strength
Is it being maintained by a strong community?
Is there a high adoption rate for this application?
What is the average turn around time for a bug in the community?
Is there a forum? What is forums user base? How quick do questions get responses?
Is there a mailing list?
Is there an RSS feed?
Customization of Open Source Application
What language is this written in?
Ease of customization.
Ease of contributing to project
Ease of compiling/debugging?
Ease of getting fixes committed to source?
Scalability
Does the application scale well with increased usage?
Does this application integrate with the two most used operating systems for desktops? Windows and OS X?
Now I am following up as promised with how to integrate this with Active Directory and AD’s LDAP. You need to know your LDAP Active Directory info. If you don’t, you need to get it. Or else maybe your domain is generic enough that looking at my examples will get you there.
Log in to dotProject.
Click on System Admin | Default User Preferences.
We will make changes to the following sections:
User Authentication Settings
LDAP Settings
These section are show in this screen shot. After this screen shot instructions on configuring these sections are provided.
Scroll to the section called User Authentication Settings.
Change the User Authentication Method setting to LDAP.
Configure the LDAP Settings section.
For LDAP Host, Enter the IP address of your Active Directory server.
Do not change the LDAP Port or LDAP Version settings.
On a default Active Directory installation, set the LDAP Base DN to the following:
CN=Users,DC=YourDomain,DC=tld
For example, the lab I am demoing this with is LD.Lab so it would be this:
CN=Users,DC=ld,DC=lab
For LDAP User Filter enter the following:
(sAMAccountName=%USERNAME%)
For the LDAP Search User, enter a domain user:
CN=John Doe,CN=Users,DC=ld,DC=lab
SUGGESTION: Create a service account on the domain with a really intense password and almost no rights, except of course the right to search LDAP so it can be an LDAP Search User.
Obviously for the LDAP Search User Password, enter the password for the LDAP Search User.
IMPORTANT! You must update this password here when the user’s changes in Active Directory (sorry for the “No duh” moment but it had to be said).
Scroll down and on the bottom right of the Default User Preferences page, click Save.
Go ahead and try to login as a Domain User.
Note On Changing Permissions
Domain Users may appear to get the Administrator role, but this is not really the case. They only get the Anonymous role when they first login. See my forum post here: How to make an LDAP user an administrator?
Also, it appears that if you want all users who login to get more permissions, then edit the Anonymous role or modify every user individually. (Yeah, so the project needs some features in this area…maybe you want to become a contributor and develop it yourself?)
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
Hey this was really easy. Really, it is just a matter of aliasing your ls commands. However, it is only really easy if you know how to do it. When you forget, it is annoying. So here is another post to store the info I once knew but forgot and had to learn again.
Using sh, the default shell
Edit your .shrc file in your home folder:
# ee /usr/home/username/.shrc
Add/Change the alias commands as follows:
alias ls=’ls -G’
alias ll=’ls -laFoG’
alias l=’ls -lG’
The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.
Save and close the file.
Logout and login and your shell should have colors when you use ls.
Using bash
Edit your .shrc file in your home folder:
# ee /usr/home/username/.shrc
Add/Change the alias commands as follows:
alias ls=’ls -G’
alias ll=’ls -laFoG’
alias l=’ls -lG’
The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.
Logout and login and your bash shell should have colors when you use ls.
Using csh, the default shell for root
As root, edit your .cshrc file in either your home folder or in the home folder for root:
Your home folder:
# ee /usr/home/username/.cshrc
Home folder for root:
# ee /root/.cshrc
Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
alias ls ls -G
alias la ls -aG
alias lf ls -FAG
alias ll ls -lAG
The first one I added, the others I only added the -G parameter to the already existing aliases for ls.
Save and close the file.
Logout and login and your shell should have colors when you use ls.
bash and sh for all users
Edit your .shrc file in your home folder:
# ee /usr/home/username/.shrc
Add/Change the alias commands as follows:
alias ls=’ls -G’
alias ll=’ls -laFoG’
alias l=’ls -lG’
The first one I added, the second two I only added the -G parameter to the already existing aliases for ls.
Save and close the file.
Cat this file to /etc/profile.
# cat /usr/home/username/.shrc > /etc/profile
Logout and login and your shell should have colors when you use ls.
csh for all users
As root, edit your .cshrc file in either your home folder or in the home folder for root:
Your home folder:
# ee /usr/home/username/.cshrc
Home folder for root:
# ee /root/.cshrc
Add/Change the alias commands as follows: (The syntax is slightly different than for sh or bash)
alias ls ls -G
alias la ls -aG
alias lf ls -FAG
alias ll ls -lAG
The first one I added, the others I only added the -G parameter to the already existing aliases for ls.
Save and close the file.
Cat this file to /etc/csh.cshrc.
# cat /usr/home/username/.cshrc > /etc/csh.cshrc
Logout and login and your shell should have colors when you use ls.
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
sed -i.bak ‘s/^M$//’ filename # in bash/tcsh, press Ctrl-V then Ctrl-M
However, this one works with the sh, tcsh and bash but not with the csh shell.
This one worked on csh but I am not sure if it is recommended as it assumes every line ends with ^M.
sed -i.bak ‘s/.$//’ filename # assumes that all lines end with CR/LF
Anyway, I like how FreeBSD supports the -i parameter. Because if I am doing lots of files, I can have a script that does each file in a directory and then (of course I have a back up just in case) I can run sed -i.bak ‘s/.$//’ filename on each file and then do delete all .bak files so every file “appears to be” edited in place.
I have previous documents about installing each of the steps above installing dotProject. Once you have gone though the above documents, you will be ready for this document. This document will only cover dotProject.
Installing dotProject 2.1.2 from Ports
Install dotProject from ports using one of the following commands (I use the first one when doing virtual hosts and the second one when just using sub directories of the web root).
#
#
cd /usr/ports/www/dotproject
make install
Note: If you Apache directory is /usr/local/www/apache22/data you may want to use this make command:
#
#
cd /usr/ports/www/dotproject
make DOTPROJECTDIR=/usr/local/www/apache22/data/dotproject install
Create a database in MySQL for dotProject. Name it whatever you want. For this example, I am going to name the database dotProjDB. If you have read the articles about MySQL that I referenced above, you should know how to log into to MySQL, but just in case you forgot, I will show you again.There are lots of ways to create a database in MySQL, and I am going to give you one example using the shell and the MySQL client.
#
mysql -u root -p
Enter your password and you should be taken to a mysql prompt.
mysql>
create database dotprojdb
Yes it is that simple. And at the same time no it is not that simple. There is a lot more to know such as where to put the database files and how fast of drives you need, whether you need faster read speed or faster write speed or both, but this will suffice for now.
Create a mysql user account for this database. We don’t want to user the root account.
See this page in the MySQL documentation for more information on this: Adding User Accounts
mysql>
CREATE USER ‘dpuser’@’localhost’ IDENTIFIED BY ‘P@sswd!’;
Query OK, 0 rows affected (0.01 sec)
mysql>
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON dotprojdb.* TO ‘dpuser’@’localhost’;
Query OK, 0 rows affected (0.01 sec)
Now open a web browser to your server’s site: http://yourserver/dotprojectYou will see the following page.
No need to do anything on this page because it should redirect you after 5 second to a dotProject configuration web page.
Now some of the items in red need to be taken care of. Not all of them, just some of them.
The first group of items are “Requirements” and anything not with a pretty green check mark under the “Requirements” section needs to be fixed.
However, under the “Database Connectors” section, there are lots of red Xs. We don’t need to fix these. We just need one database, so as long as the database you want to use (in this example it’s MySQL) has a pretty green check mark, you don’t need to do add more “Database Connectors”.
Fix the first error: Session Save Path writable? X Fatal: session.save_path is not setTo do this, follow these steps:
Change to the directory that contains the php.ini file. On FreeBSD that directory is here: /usr/local/etc
#
cd /usr/local/etc
Now by default the PHP5 port on FreeBSD doesn’t install a php.ini file, but instead provides two example php.ini files: php.ini-recommended and php.ini-dist. So copy one of them to php.ini.
#
cp php.ini-recommended php.ini
Edit the php.ini file and remove the comment from this line:
;session.save_path = “/tmp”
I use ee which is the command to open Easy Editor. But you can use vi or whatever.
Save the file and exit.
The other issue is this one: Session AutoStart = ON? X Failed Try setting to ON if you are experiencing a WhiteScreenOfDeathOk. So this issue is fixed is in that same php.ini file. So repeat the steps only this time we don’t remove a comment, we change a setting from 0 to 1. Find the following line and change it from 0 to 1, as shown.
session.auto_start = 1
Restart apache. This is required and must be done before these settings will take effect.
#
/usr/local/etc/rc.d/apache22 restart
Now you are ready to click the “Start Installation” button. So go ahead and click it. The following page should appear.
Enter the details as shown in the page. Hopefully you have your own database user and password to use.
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
So I opened a command prompt to test that a port is open using the standard practive test:
telnet ipaddress port
For example, I was checking if RDP was open to an address:
C:\Users\jbarneck>
telnet 10.1.1.1 3389
However, Windows 7 just complained.
‘telnet’ is not recognized as an internal or external command,
operable program or batch file.
So where is telnet in windows 7? Well, I am first going to check Add / Remove Programs to see if I can add it.
Open Add / Remove Programs. Here is how if you don’t know.
Click on Start.
Type in Add / Remove Programs.
Selecte and start Add / Remove Programs.
I then clicked on “Turn Windows Features On or Off”.
I then found the “Telnet Client” option.
I checked the box and clicked OK.And the Telnet client installed.So I have windows 7 ultimate. I understand leaving telnet off Windows 7 home by default, but I don’t understand why to leave it off of Windows 7 Ultimate. Oh, well. I guess we will just have to enable it ever time when we want it.
So I am not going to cover installing Bugzilla. Just how to get it to connect to Active Directory. Mostly the documentation was there, but there was not really a good example of actual implementation. If the documentation doesn’t provide an example (preferably multiple real world exmaples) then it is poor documentation. Yes, Bugzilla, you are free to take my documentation and put it in your manual, or link to this page.
Gather the information from your production environment, especially the LDAP information for your Active Directory configuration:
Bugzilla Server name:
http://myserver/bugzilla
The LDAP Servers (Active Directory servers):
dc1.corp.mydomain.tld, dc2.corp.mydomain.tld
The LDAP Bind DN info of a user that can read Active Directory. (This can be any active directory user, as long as this user can read active directory’s users, which pretty much an user no matter how locked down can do.)So my username on the domain is JBarneck, but that is not what to use here. The LDAP Bind DN of my user name is like this (with company secret information changed).
The LDAP Base DN, which is the LDAP information for the OU that your users are in.
My LDAP Base DN for the OU I am in is this (again with company secret information changed). This is exactly what I pasted into my configuration, backslash and all.
The LDAPuidattribute, which is sAMAccountName and I don’t know if you can changed in Active Directory.
sAMAccountName
Note: I’ll be honest. I didn’t have access to a domain controller or Active Directory so I used a tool called LDAPWhoAmI.exe (with an accompanying ldapinfo.dll) that is included in LANDesk’s Management Suite software. I can’t give you these files. But if you wanted to do a trial of LANDesk Management Suite, you could download a Management Suite trial (which is a gig or so) and extract it and get these files. You don’t have to install, just extract and search for the two files. Copy them to a Windows workstation on your domain, then open a command prompt and change to the directory where LDAPWhoAmI.exe and ldapinfo.dll was copied and run LDAPWhoAmI.exe.
Log into Bugzilla as an administrator. There is not default administrative user for Bugzilla. You should have created a user account as part of the install.
Enable the LDAP module.
Click on Administration from the top menu bar.
Click on Parameters.
Click on User Authentication on the left menu bar.
Scroll down to the user_verify_class setting.
Highlight LDAP and click the up arrow so that it is first in the list. I left DB enabled. I left Radius disabled.
At the bottom of the web page (yes you have to scroll all the way to the bottom) click the Save Changes button.
Configure LDAP to connect to Active Directory.
Click on LDAP on the left menu bar.
Under LDAPserver put your Active Directory servers.
At the bottom of the web page click the Save Changes button.
test Authentication.
Either log out or use a different browser or a different machine and connect to your bugzilla url:
http://myserver/bugzilla
Log in using an Active Directory account. I was unsure if I was supposed use an email or my username and it worked using my Domain user name, JBarneck, and my Domain password.
I hope this helps all of you get Bugzilla to authenticate using Active Directory much faster than if you had to scour the web for problems.
Copyright ® Rhyous.com – Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
Then install Subversion, however, one difference you need to make to the install instructions for subversion. You need to install with SASL2 support. When you run make install it is an option.
Ok, now that you have everything is installed, you are were I am and ready to try to get this configured.
Configuring Subversion to use SASL to Authenticate to a MySQL database
Create a simple MySQL database. The following is a simple database creation script that creates a database with one table and two rows.
CREATE DATABASE UserDB;
USE UserDB;
CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) )
INSERT INTO users VALUES ('user1','pw1');
INSERT INTO users VALUES ('user2@MyReal.com','pw2');
INSERT INTO users VALUES ('user3@myemailaddress.com','pw3');
Note: I use these accounts to show what works and what does not work because the idea of “realms” is confusing.
You may be asking why I don’t have three rows, one for each item: User, Password, Realm.
Well, if you really are creating a new database to handle SVN Users then that is how you should do it and here is it is.
CREATE DATABASE UserDB;
USE UserDB;
CREATE TABLE `users` ('username' varchar(255), 'password' varchar(255) , 'realm' varchar(255))
INSERT INTO users VALUES ('user1','pw1','realm');
INSERT INTO users VALUES ('user2@MyReal.com','pw2','realm');
INSERT INTO users VALUES ('user3@myemailaddress.com','pw3','realm');
However, because I am assuming that you want to authenticate to users that are in an already existing database, realm won’t really exist. However, you may have usernames that are in email format, or not in email format an that makes a difference because Subversion splits the username at an @ symbol and the username is only what is before the @ symbol. See the troubleshooting realms section below.
Edit the following file:
/home/svn/repos/MyApp/conf/svnserve.conf
#
ee /home/svn/repos/MyApp/conf/svnserve.conf
The following are the lines that should NOT be commented out.
Create and edit the following file:
/usr/local/lib/sas2/svn.conf
#
ee /usr/local/lib/sas2/svn.conf
The following are the lines that should NOT be commented out.
[general]
pwcheck_method: auxprop
mech_list: plain
auxprop_plugin: sql
sql_hostnames: localhost
sql_engine: mysql
sql_user: root
sql_passwd: pw
sql_database: UserDB
sql_select: SELECT password FROM users WHERE username='%u'
Note: For debugging add log_level: 7 to this file and then watch the /var/log/debug file.
You should now be able to connect with a client such as TortoiseSVN and connect
Troubleshooting Realms
I found some issues with realms that were really confusing.
Change your /usr/local/lib/sas2/svn.conf file to look like this:
[general]
log_level: 7
pwcheck_method: auxprop
mech_list: plain
auxprop_plugin: sql
sql_hostnames: localhost
sql_engine: mysql
sql_user: root
sql_passwd: pw
sql_database: UserDB
sql_select: SELECT password FROM users WHERE username='%u' or username='%u@%r'
I added two changes:
Turned on logging.
Changes the sql statement to look for username='username' or username='username@realm'
I had to do this because if the user was using an email address, such as john@domain.tld, then it actually makes %u only equal John and seems to drop the @domain.tld and replace it with the name of the realm. However, if your username is John@domain.tld and your realm is domain.tld (so realm and domain are the same), then the code above works. If you domain and realm are not the same, I haven't been able to get this to work.
Go ahead and run this command:
#
tail -f -n 30 /var/log/debug
And then try to authenticate using a client, such as TortoiseSVN. Test all three users. You will see the SQL Queries that are run. It should work to authenticate as user1 or User2, but it cannot authenticate user3 because it just doesn't work due to the way it handles realms. If you have users that don't have email address in your realm, then you need them to have username that are not email addresses.
Final Question
If the password is stored as an md5, sha1, sha256 hash in the database, how do I make this work?
Copyright ® Rhyous.com - Linking to this article is allowed without permission and as many as ten lines of this article can be used along with this link. Any other use of this article is allowed only by permission of Rhyous.com.
