Configurando Netatalk

Configurando Samba 3.0.1 File Server para rede AppleTalk (Mac)

Configurando Samba 3.0.1 como File Server para rede AppleTalk (Mac)
por Fernando Falaschi (fernando@welcome.com.br)

Este tutorial foi criado para quem possui um File Server (e PDC) SAMBA para suas m?quinas Windows, depois plugou um Mac na rede, e quer que o Mac tamb?m use dados contidos no File Server.

Observa??o: Caso voc? n?o possua e deseje montar o File Server apenas para sua rede Mac, leia meu artigo Configurando Samba 3.0.1 como PDC de rede com Windows 95/98/2000, ele ? um bom in?cio para deixar seu File Server SAMBA funcionando antes de configurar o suporte ? AppleTalk.
Ignore apenas o conte?do espec?fico para Windows 2000.

As configura??es contidas neste documento foram criadas em um servidor Linux Red Hat 9, kernel 2.4.20, com Samba 3.0.1.

Com seu SAMBA funcionando, instale o suporte ? AppleTalk. O deamon papd ? necess?rio, e geralmente vem com o netatalk.
Fa?a o donwload do netatalk ( http://netatalk.sourceforge.net ) e siga as instru??es de instala??o
( http://www.anders.com/projects/netatalk ) , ou descompacte um pacote netatalk da sua distribui??o (recomendado).

Com ele instalado, configure o arquivo /etc/atalk/afpd.conf:

” -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword

Depois, o arquivo /etc/atalk/atalkd.conf:

eth0 -phase 2 -net 0-65534 -addr 65280.191

Caso a interface de rede de seu servidor seja diferente de eth0, ajuste a linha acima indicada.

Depois, configure o arquivo /etc/atalk/netatalk.conf:

ATALK_ZONE=@zone (deixar assim, pois configuramos o afpd.conf com o dominio)
ATALK_NAME=`echo ${HOSTNAME}|cut -d. -f1`
AFPD_GUEST=nobody
ATALKD_RUN=yes
PAPD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
ATALK_BGROUND=yes

Configure o arquivo /etc/atalk/AppleVolumes.default:

#Home Directory
~
# Pastas do Servidor
/home/netlogon netlogon (mesmo caminho e nome de share usado no samba)
/home/files files (mesmo caminho e nome de share usado no samba)

Agora, inicie os deamons atalkd, papd e afpd, ou inicie os servi?os de sua distribui??o.
* N?o esque?a de coloc?-los em seu /etc/rc.d/rc.local, ou usar o ntsysv (Red Hat) para marcar os servi?os para iniciar automaticamente no reboot.

atalkd -f /etc/atalk/atalkd.conf
papd -f /etc/atalk/papd.conf
afpd -c 40 -n nsuc-2 -f /etc/atalk/AppleVolumes.default -s /etc/atalk/AppleVolumes.system

Agora vamos para o Mac:

Observa??o: Seu Mac deve estar com o TCP/IP configurado corretamente.

No Mac, acesse o Apple Menu, op??o Network Browser.
Depois, clique no ?cone M?o, op??o Connect to Server.
Digite o IP do servidor Linux SAMBA e conecte.
Informe o login e a senha do usu?rio do SAMBA.
Pronto ! Voc? est? acessando seu servidor.

Este artigo veio de LinuxIT – Linux e Tecnologia
http://www.linuxit.com.br

O link desta artigo ?:
http://www.linuxit.com.br/modules.php?name=Sections&op=viewarticle&artid=352

Posted in Sem categoria

Melhorando desempenho do Samba

Neste artigo retirado do site Viva O Linux, temos um exemplo de como melhorar o desempenho do SAMBA

Como aumentar o desempenho do Samba?

[global]
log level = 1 # Default is 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
read raw = yes # Default
write raw = yes # Default
oplocks = yes # Default
max xmit = 65535 # Default
dead time = 15 # Default is 0
getwd cache = yes

A op??o log level = 1 faz com que o log do samba seja menos detalhado. Se usar log level = 0, far? com que o log seja desabilitado e log level = 2 ou 3 far? que o log do samba tenha um grande n?mero de mensagens e como existir?o v?ria requisi??es de grava??o no disco e ao syslod, a performance ir? diminuir.

A op??o socket options: TCP_NODELAY faz com que o servidor envie pacotes para a rede, mantendo assim o tempo de resposta do servidor baixo. SO_RCVBUF=8192 e SO_SNDBUF=8192: oferece o reinicio para um valor de buffer mais alto que o do sistema operacional.

As op??es read raw e write raw permitem ao samba usar grava??o e leitura de arquivos grandes, acima de 64KB em uma ?nica requisi??o samba.

A op??o oplocks permite aos clientes fazer cache dos arquivos localmente. Esta op??o ? habilitada por padr?o. Arquivos de banco de dados nunca devem ser colocados em cache, para que quando sejam feitas mudan?as nos arquivos do servidor, sejam vis?veis no cliente. Esta op??o prov? um consider?vel aumento na performance. o oplocks pode ser ativado ou desativado em compartilhamentos espec?ficos.

max xmit configura o maior bloco de dados que o samba ir? tentar gravar de cada vez.

getwd cache armazena em cache a caminho para o diret?rio corrente, evitando grandes leituras na ?rvore de diret?rios para descobr?-lo.

Posted in Sem categoria

Outport – Software para exportar e-mails do Outlook para Evolution

Artigo retirado do site VivaoLinu.com.br

O Evolution importa dados do Outlook Express, mas n?o do Outlook.

Problema, certo? Errado.

O Outport – http://outport.sourceforge.net/ – se prop?e a ser um conversor universal do formato de dados do Outlook. E o mais legal ? que ele nativamente exporta para o Evolution 🙂

O Outport roda em Windows e ? uma m?o na roda para migra??o.

Posted in Sem categoria

Criando Splash Screen para Grub.

Neste tutorial estaremos criando um modelo de splash screen para o Grub.

Requerimentos
Gimp 1x ou superior
Grub instalado na MBR

1?) Com o grub crie uma imagem no tamanho de 640×480;

2?) Ap?s ter feito a arte na imagem clique com o bot?o direito na imagem e v? at? o menu
/Imagem/Modo/Indexado
coloque o n?mero m?ximo de cores para 14 cores;

3?) Tendo convertido a imagem para 14 cores salve a imagem no formato Pixmap do X ( XPM );

4?) V? at? o diret?rio no qual voc? salvou a imagem e use o comando:

gzip exemplo.xpm

ser? criado autom?ticamento um arquivo no exemplo abaixo:

exemplo.xpm.gz

5?) Copie a imagem exemplo.xpm.gz para o diret?rio /boot/grub

6?) Para configurar o Splash Screen no Grub use os siga os procedimentos abaixo:

Edite o arquivo /boot/grub/menu.lst e adicione as linhas abaixo:

default 0
timeout 30
fallback 1
splashimage=(hd0,1)/grub/splash.xpm.gz

color black/blue white/blue

7?) Caso voc? tenha sucesso nos passos anteriores basta reiniciar a m?quina.

Com isso voc? poder? curtir seu novo Splash Screen para o Grub.

At? a pr?xima.

Posted in Sem categoria

Linux LDAP authentication

Artigo retirado do site linux.com

When you have to administer a network of many machines, you quickly find out how much duplication of effort is involved with normal administrative tasks. Routine operations like changing passwords, canceling accounts, and modifying groups become time-consuming if repeated on many individual machines. Centralizing user and authentication information can solve these issues. The former king of centralized authentication systems was NIS, or Network Information System. NIS is a simple and well-supported technology, but it’s also insecure. LDAP, short for Lightweight Directory Access Protocol, is now the preferred way of managing centralized user accounts.

LDAP’s purpose is to describe how directory data should be presented and how it should travel across networks. LDAP servers typically allow information to be read very quickly at the expense of writing. The basic functionality of an LDAP server is similar to that of a database, but more like a database designed for fast reads of relatively static information. Passwords and groups are good examples of relatively static information that needs to be read quickly. OpenLDAP is a free software implementation of the LDAP protocol. Installing OpenLDAP gives you everything needed to present and store data through LDAP.

Learning LDAP can be a frustrating experience. LDAP is complicated, and centralized authentication is only one of its many legitimate uses. As a result, the task of making Linux machines consult an LDAP server for authentication is a black art. Documentation tends to be spotty and confusing. But learning about LDAP authentication, despite its difficulty, is worth the time and effort. LDAP can provide a scalable and secure approach to network management.

Setting up an LDAP-based network

We will setup a simple LDAP-based authentication system. Our example will use two Debian 3.1 (Sarge) machines, one acting as client and one as a server. To make the process even simpler, use User Mode Linux to create virtual Linux boxes that you can break and abuse to your heart’s content. For simplicity, we will not be encrypting communication and will stick to basic examples.

First we will cover the server configuration. On your “server” Debian system, issue the following command:

apt-get install slapd ldap-utils

This will install OpenLDAP and related utilities. Debian will prompt you for slapd (the name of the OpenLDAP daemon) configuration values. The “Admin password” will be the password you want to use when adding or deleting from LDAP and for certain client tasks. “DNS domain name” is important and must be a domain name resolvable to your LDAP server.

Omit OpenLDAP server configuration? no
DNS domain name: example.org
Name of your organization: example_organization
Admin password: ldap
Database backend to use: BDB
Do you want your database to be removed when slapd is purged? no
Allow LDAPv2 protocol? no

With slapd configured, you can test if your installation is working correctly. After running the following command, you should see LDAP information:

ldapsearch -x -b dc=example,dc=org

We now have a functioning LDAP server, but it is of no use until we populate it with basic information. Make a file called base.ldif and populate it with the following values:

dn: ou=People,dc=example,dc=org
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=org
ou: Group
objectClass: top
objectClass: organizationalUnit

Save the file and add the data in it to the running LDAP server with the following command:

ldapadd -x -D “cn=admin,dc=example,dc=org” -W -f base.ldif

You will be prompted for the password you chose during the configuration of slapd. If your password was correct and your ldif file was in good order, you will see a line beginning with “adding new entry.”

Next we will add a group that our LDAP users will be a part of. Add the following values to a file called group.ldap:

dn: cn=ldapusers,ou=Group,dc=example,dc=org
objectClass: posixGroup
objectClass: top
cn: ldapusers
userPassword: {crypt}x
gidNumber: 9000

Though in my example I chose “ldapusers,” you can change this value to anything you like. You can also choose any gidNumber you like. Once you have a group.ldif you like, add it the same way as you added the base.ldif:

ldapadd -x -D “cn=admin,dc=example,dc=org” -W -f group.ldif

The final server step in this example is adding an LDAP user. Create an ldif file called myuser.ldif with the following values:

dn: cn=Myuser,ou=People,dc=example,dc=org
cn: Myuser
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
sn: User
uid: myuser
uidNumber: 1025
gidNumber: 9000
homeDirectory: /tmp

This will make a user called “myuser” with a uid of 1025 who lives in /tmp and is a member of the LDAP-only group “ldapusers.” This user doesn’t have a password yet, but we will save that task for the client machine.

Client configuration

The client steps provided here will work for any machine you wish to make authenticate via LDAP. Make sure your client can communicate with the server and that pinging “example.org” from the client returns the correct IP address of the server.

On the client machine, install OpenLDAP and PAM (Pluggable Authentication Modules) utilities, as well as NSCD, the Name Service Cache Daemon, with the command:

apt-get install ldap-utils libpam-ldap libnss-ldap nscd

One of the first packages Debian asks you to configure is libnss-ldap. Important values for your particular setup are the “LDAP server host” and the “distinguished name,” or DN for short. The server host will be the IP address of the LDAP server, while the DN will be the server’s host name. Also note the DN should be in the form of “dc=example,dc=org”. The following is a typical libnss-ldap configuration:

LDAP Server host: 192.168.1.30
The distinguished name of the search base: dc=example,dc=org
LDAP version to use: 3
database requires login? no
make configuration readable/writeable by owner only? yes

The values for libpam-ldap will be similar to those of libnss-ldap. Note that the “Root login password” is the same password you chose during the server’s slapd configuration. Enter the following when prompted:

The distinguished name of the search base: dc=example,dc=org
Make local root Database admin: yes
Database requires logging in: no
Root login account: cn=admin,dc=example,dc=org
Root login password: ldap
Local crypt to use when changing passwords: exop

Next, we need to tell the client’s underlying authentication system to use LDAP to look for users. The first file to edit is /etc/nsswitch.conf. Make sure to add “ldap” to the passwd, group, and shadow lines:

passwd: ldap compat
group: ldap compat
shadow: ldap compat

We need to configure the client’s PAM software to check LDAP for user authentication. There are three files to edit under /etc/pam.d: common-account, common-auth, and common-password. First, /etc/pam.d/common-account should contain the following:

account sufficient pam_ldap.so
account required pam_unix.so try_first_pass

/etc/pam.d/common-auth should contain:

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure try_first_pass

Finally, /etc/pam.d/common-password should contain:

password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass

The changes we made to /etc/nsswitch.conf and the PAM configuration files allow the client to check LDAP before allowing a user on the system, but will also fall back on local authentication methods should LDAP fail or not have information about a given user.

The last file to edit is /etc/ldap/ldap.conf. Adding information about our LDAP server here makes issuing LDAP commands on the client easier. Add lines for your setup similar to the following:

BASE dc=example,dc=org
URI ldap://192.168.1.30

At this point, you should be able to change the password of the user you created earlier. First restart nscd, then change the ldap user’s password:

/etc/init.d/nscd restart
password myuser

After changing the password, login as myuser on the client machine. Congratulations, you’ve just authenticated over LDAP.

Implementing LDAP on Linux isn’t exactly difficult once you know the right changes to make. For reasons I cannot explain, however, most information I have read about LDAP seems to convey just how much trouble the author had implementing it. Finding the right changes in the first place is usually the most challenging part. Linux distributions could automate this process a little more; having front ends to server and client configuration would take Linux far in the LDAP world.

Links

1. “OpenLDAP” – http://openldap.org/
2. “User Mode Linux” – http://user-mode-linux.sf.net/

? Copyright 2005 – LiNUX.COM, All Rights Reserved

printed from Linux.com, Linux LDAP authentication on 2005-10-01 02:59:33

Posted in Sem categoria