I prefer to use Linux as my OS with a Windows VM for those things that I can't live without (i.e. MS Office, if I didn't have to share files with others, I'd make due with Google Docs or Open Office.). Lately, I've been using a Mac, not because I'm an Apple fan boy or hipster, but because it offered the best of both worlds, a UNIX command prompt and a local MS Office application.
Recently, I identified found a virus on a Windows laptop and set about the removal process. Normally, that's just format and re-install just to be sure (Nuke it from space, it's the only way to be sure...) That didn't work this time, which meant the virus had infected the MBR. I removed the drive and destroyed the partition map, created a new map, created the file system, destroyed and recreated the partition map and left the drive un-formatted from a Mac.
The virus reappeared immediately after the fresh installation, off the the network. Since the battery and power were removed from the laptop, it wasn't because it was resident in memory, thus, I'm thinking it's a BIOS virus, or some other non-volatile memory on the laptop. I'll flash the bios next...
The kicker it infected a fully patched Windows 7 64bit system with fully updated SEP 11 A/V installed. I suspect it was IE (the user used IE, but not anymore) with an unpatched flash, but I'm not sure. The virus identified was Simfraud-C.generic by Malwarebytes and Spybot S&D (and missed by SEP 11), however, all information I gleamed didn't indicate it would have behave the way this one did. I suspect some other nefarious bug...
...8 hours and $800 later (wife needed to work and a new laptop was in order), I realize that I sure do love Linux and when I can't get that, Mac OS X.
Monday, January 23, 2012
Thursday, January 5, 2012
Setting up OpenLDAP on Ubuntu
I spent some time setting up a new server at work to be the computation server for opensource alternatives to the normal applications we have. I thought it was the perfect time to migrate from NIS to LDAP.
I thought of using Microsoft Active Directory, however, that creates difficulties meeting end user needs due to politics. This is supposed to be an opensource server, thus OpenLDAP seems the option to go with here.
I set up an Ubuntu server and pretty much followed the instructions s in the Server Guide, however, there were hurdles getting it to actually function normally. I wanted it to use TLS for security reasons only. I changed the line in /etc/default/slapd to be:
SLAPD_SERVICES="ldap://127.0.0.1/ ldaps:/// ldapi:///
This allowed the server to listen on the network for TLS connections and allow non-encrypted connections if coming from the server itself. That was my biggest stumbling block as many references indicated that I needed to put the IP address or name of the server for the ldaps:/// entry. However, doing this, Ubuntu wouldn't listen on that port.
Also, following the instructions blindly results in a lot of extra stuff that you may not need, for instance, I really didn't want all the address book fields. I just wanted a replacement for NIS.
Now again, the online documentation for Ubuntu server was accurate enough to add the client successfully, but there were still a number of issues. Namely, I couldn't change the password, and newgrp didn't function as needed. installing libcap2-bin and using setcap to change newgrp itself soon fixed this problem.
The other issue was sudo, which seemed to know about ldap but still gave an non-helpful error. Installing nscd appeared to fix this issue.
Outside of a few minor tweaks, the only other thing I did was best practice security set up on the server and client. I have a functional LDAP server, and a client connected to it. Now, I can move on to the work group sharing options the users need as well as account provisioning...
I thought of using Microsoft Active Directory, however, that creates difficulties meeting end user needs due to politics. This is supposed to be an opensource server, thus OpenLDAP seems the option to go with here.
I set up an Ubuntu server and pretty much followed the instructions s in the Server Guide, however, there were hurdles getting it to actually function normally. I wanted it to use TLS for security reasons only. I changed the line in /etc/default/slapd to be:
SLAPD_SERVICES="ldap://127.0.0.1/ ldaps:/// ldapi:///
This allowed the server to listen on the network for TLS connections and allow non-encrypted connections if coming from the server itself. That was my biggest stumbling block as many references indicated that I needed to put the IP address or name of the server for the ldaps:/// entry. However, doing this, Ubuntu wouldn't listen on that port.
Also, following the instructions blindly results in a lot of extra stuff that you may not need, for instance, I really didn't want all the address book fields. I just wanted a replacement for NIS.
Now again, the online documentation for Ubuntu server was accurate enough to add the client successfully, but there were still a number of issues. Namely, I couldn't change the password, and newgrp didn't function as needed. installing libcap2-bin and using setcap to change newgrp itself soon fixed this problem.
The other issue was sudo, which seemed to know about ldap but still gave an non-helpful error. Installing nscd appeared to fix this issue.
Outside of a few minor tweaks, the only other thing I did was best practice security set up on the server and client. I have a functional LDAP server, and a client connected to it. Now, I can move on to the work group sharing options the users need as well as account provisioning...
Subscribe to:
Posts (Atom)