Posfix and SASL Unix Auth

/etc/postfix/main.cf

Configure the Postfix MTA to support SASL

smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus

/etc/postfix/master.cf

Disable the run of the Postfix MTA in a chroot environment

smtp inet n - n - - smtpd

/etc/postfix/sasl/smtpd.conf

Tell Postfix where he finds the saselauthd socket file

pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: PLAIN LOGIN

/etc/pam.d/smtp

Configure PAM to support local unix Authentication for the SMTP Deamon

auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so

Finally be sure saslauthd is running and is pointing to the right directory

/usr/sbin/saslauthd -a pam -c -m /var/run/saslauthd -n 5

Here a Python Script to Test the Auth

#!/usr/bin/python
 
import argparse
import smtplib
 
if __name__ == '__main__':
    parser = argparse.ArgumentParser(description='Tests SASL')
    parser.add_argument('--username', '-u', dest='username', action='store', help='Username')
    parser.add_argument('--password', '-p', dest='password', action='store', help='Password')
    parser.add_argument('--host', '-H', dest='host', action='store', help='SMTP Hostname')
    parser.add_argument('--port', '-P', dest='port', action='store', help='SMTP Port', default='25')
 
    args = parser.parse_args()
 
    server = smtplib.SMTP(args.host, int(args.port))
    server.set_debuglevel(1)
    server.ehlo()
    server.starttls()
    server.ehlo()
    server.login(args.username, args.password)
    server.quit()
 
    exit(0)
Tagged: , , , , ,

iTunes sharing over VPN

If your are one of those people who have VPN access to their home IT infrastructure you may have wonder why iTunes sharing does not work while connected the the VPN. This is due to a limitation of VPN which does not forward any broad/multicast messages. But there is help! With the tool Network Beacon you are able to send self created beacons over the VPN connection to a remote device. I’ve tried it, and its working like a charm !

more

Tagged: , , , ,

Central Network Management with Rancid

To proceed with this Howto you need rancid configured and running. Read the Post about Rancid.

If you are working in a Network with more than just two or three devices and you do not to work on them every day it can be a pain to connect to one of them. First you need the IP or Hostname, then get the password. Normally you need two passwords, to connect and get into the privileged mode. And finally you should know which kind of device you are connecting to determine if you should use telnet or ssh.

With rancid and a short and simple shell script i’ve solved this problem perfectly!

more

Tagged: , , , , ,

Binding a DHCP Server to an Interface in Debian

If you want to have your ISC-DHCP Server listening to just one specific interface in Debian you just need to edit the File “/etc/default/isc-dhcp-server” and add the appropriate interfaces to the INTERFACES variable.

Thats it.

Tagged: , ,

Booting into WDS (Windows Deployment Service) from Linux DHCPD

I’m currently working in developing a automated DHCP Boot Environment which serves automated Linux and Windows deployments. Some more articles about this topic will follow soon.

It took me some minutes to figure out how i need to configure my ISC-DHCPD Server to boot into the WDS Server. Thats why i want to feed this knowledge into the internet with this post ;)

Configure your host like this, where 192.168.1.2 is your WDS Server IP:

host wdsBootClient {
   	hardware ethernet 01:02:03:04:05:06;
	next-server 192.168.1.2;
        option tftp-server-name "192.168.1.2";  
        option bootfile-name "boot\\x86\\wdsnbp.com\000";  
}
Tagged: , , , , ,

Installing Rancid with SVN on Debian 6.0

If you’r working in a Network, and are responsible for it, with more than just 2 Switches and an Router it could be a very good idea to use rancid for managing all the configs on the devices. A proper configures Rancid insallation will make your network-live much easier. You define the rules to access the devices with usernames, passwords and some further settings and finally you list all your devices in a file.

Then you can login to a device by using clogin or catching all configs and settings periodically with rancid-run.

more

Tagged: , ,

Installing NeDi (NetworkDiscovery) on Debian 6.0

NeDi is a really great tool to manage your whole enterprise Network. (Cisco, Foundry, HP and much more). Based on many protocols like CDP, ARP-Cache etc. does NeDi scan your whole Network and indexes all found Devices. If you have CDP enabled on your Devices, Nedi will build a nice topology map for your. Trash all your Visio Graphs!

more

Tagged: ,

Using the Redmine API with PHP

Redmine has a really nice and since the version 1.1.x more or less stable RESTful API. You can use this API the same way as to most of all RESTful API’s. I’ve wrote a small API Class some weeks a go to interact with Redmine.

To get the API Client working, you just need PHP with CURL and SimpleXML. First of all you need to activate the RESTful API in Redmine in Administration -> Settings -> Authentication. Then get the API Key for your user. You use the API Key as username with a random password in the Basic http authentication while communicating with the API. It is also important to know, that you need the corresponding rights to manage the issues in a project.

more

Tagged: , ,

Creating Config Templates in Linux

As an Linux/Unix Engineer i’m spending a huge percentage in developing automatism. Sometimes you need to periodically or automated create config files. I’m using the following script create them in a cool automated way.

  1. You need a perfect config file e.g. Apache vHost config file
  2. All occurences of required dynamic variables are replaced with %n% where “n” is numbered streight from 0 to x. If you need the same content more than once you should us the same number again.
  3. Start the templating script with each value as seperated parameter and pipe the output to the destination file

This is the Script:

#!/bin/bash
# Thomas Spycher - Zero-One - 05.11.2010
# This Script reads in the piped input and goes trough it line for line
# and replaces all occurrences of %n% where n represents an Argument
# passed to the script
 
# Read in piped input
while IFS= read -r data; do
        # Search an Replace line for line
        COUNTER=0
        for ARG in "$@"     
        do
                VARNAME="%$COUNTER%"
                data=${data//$VARNAME/$ARG}
                COUNTER=`expr $COUNTER + 1`
        done
        echo "$data"
done
exit 0

For example the creation of a simple Textfile:

Welcome to %0% which lies in %1%. 
We in %0% are speaking %2%.

and the execution of the script:

cat template.txt | ./templateScript.sh "Switzerland" "Europe" "German" > switzerland.txt
Tagged: ,

How to keep your Redmine uptodate

Usually its hard the server all the time the latest version of a software in a hosted environment like sourceTube.net. For example, sourceTube is a hosted Redmine solution. This piece of software is under heavy development with a tight roadmap. To server always the latest version of the code I handle two directories with all the data.

  • The first folder contains the productive data, which i’m using for my hosted environment
  • The second folder contains a checkout of the latest stable revision (gotten from the tag repository folder) of the trunk repository folder

After the successful setup of the folders the following short script does the whole magic for me:

#!/bin/bash
# Thomas Spycher - Zero-One - 05.11.2010
 
# Init
TAR=/bin/tar
SVN=/usr/bin/svn
SKELETON=/var/data/redmine/skeleton
 
#Create Backup of the current data
$TAR -czf $SKELETON/redmine_backup_before_update.tar.gz $SKELETON/redmine
$SVN update -r $1 $SKELETON/redmine_svn/
cp -r $SKELETON/redmine_svn/ $SKELETON/redmine/
# remove all .svn folders from the target
find $SKELETON/redmine/ -type d -name .svn | xargs rm -fr

The Script gets started with the revision number as argument:

./redmineBaseUpdate.sh 4786
Tagged: , ,
Page 1 of 212