Wednesday, July 8, 2015

Reset openldap default admin password

This usually will be used during the installation of ldap, or when you have forgotten your ldap admin password. It took me quite a while to find these, so thanks to these article, that pointed me to the right direction. Here is how i did it:

  1. Find the root dn account and root dn password hash: 
    $ sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/newpasswd.ldif
  2. You can see the above info right away since we are using tee (tee is for writing to new file, and show to stdout at the same time). This is how it looks like: 
    $ cat newpasswd.ldif
    dn: olcDatabase={1}hdb,cn=config
    olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com
    olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy
    
  3. Generate a new password for the admin, and append it to the newpasswd.ldif. -h is the flag to specify the scheme, and you can know the scheme by referring to the newpasswd.ldif file that we have generated, in this case {SSHA}: 
    $ sudo slappasswd -h {SSHA} >> newpasswd.ldif
    New password:
    Re-enter new password:
    
  4. Edit the newpasswd.ldif, so that it will look like below (just comment olcRootDN, add changetype and replace, and change the oldRootPW to the one we generated in step 3:
    dn: olcDatabase={1}hdb,cn=config
    #olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com
    changetype: modify
    replace: olcRootPW
    olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy
    
  5. Implement the password change using ldapmodify command, where the flags are -H is for ldap uri, -Y for the SASL mechanism and -f for reading the input from file: 
    $ sudo ldapmodify -H ldapi:// -Y EXTERNAL -f ~/newpasswd.ldif
  6. Test the new password by listing the entries using ldapsearch, making sure that the new password is working: 
    $ ldapsearch -h localhost -b "dc=ubuntu-cacti,dc=com" -D "cn=admin,dc=ubuntu-cacti,dc=com" -W
That should be it, your admin user is now having new shiny password.

Monday, April 27, 2015

Check postfix email queue, and how to clear emails in there

To check the queue, we use a command called mailq, example as below:

$ mailq | tail

2024F98A61     3505 Mon Apr 27 18:16:17  support.us@something.com
(delivery temporarily suspended: Host or domain name not found. Name service error for name=smtp.something.com type=AAAA: Host not found)
                                         support.us@somethingelse.com
231EC98AED     3525 Fri Apr 24 16:48:04  support.us@something.com
(delivery temporarily suspended: Host or domain name not found. Name service error for name=smtp.something.com type=AAAA: Host not found)
                                         whoami@somethingelse.com

To clear the email in the queue, a command called postsuper is used, as below:

$ sudo postsuper -d ALL

To check the status of deletion, you can refer to the maillog, in below example, 15 messages have been deleted:

$ sudo tail /var/log/maillog

Apr 27 19:44:02 au-mel-rh-dev-3 postfix/smtp[6927]: 46F5598AF7: to=, relay=mta5.am0.yahoodns.net[98.138.112.37]:25, delay=2568, delays=2562/0.02/4.3/2, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 27 19:44:02 au-mel-rh-dev-3 postfix/qmgr[5985]: 46F5598AF7: removed
Apr 27 19:44:04 au-mel-rh-dev-3 postfix/smtp[6925]: ABA8B98AFA: to=, relay=mta5.am0.yahoodns.net[98.138.112.34]:25, delay=1624, delays=1617/0.02/4.4/3.3, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 27 19:44:04 au-mel-rh-dev-3 postfix/qmgr[5985]: ABA8B98AFA: removed
Apr 27 19:49:27 au-mel-rh-dev-3 postfix/postsuper[7913]: Deleted: 15 messages



Monday, April 20, 2015

xrdp is not accessible with "X server -- no display in range is available" error

From rdp client, it is showing below error:












Checking on the log, this is the error:

$ sudo tail -f  /var/log/xrdp-sesman.log
...
[20150420-09:55:01] [INFO ] scp thread on sck 7 started successfully

[20150420-09:55:02] [INFO ] ++ created session (access granted): username mrapp, ip 10.157.4.55:53456 - socket: 7

[20150420-09:55:02] [INFO ] starting Xvnc session...

[20150420-09:55:02] [ERROR] X server -- no display in range is available


Searching on the web, I stumbled upon a site. Below are the steps that I learned to solve the above issue from the site:
  1. Edit /etc/xrdp/sesmain.ini
  2. Change MaxSessions from 10 to 100 
  3. $ sudo diff -u {~,/etc/xrdp}/sesman.ini
    --- /home/mrapp/sesman.ini      2012-10-29 20:58:30.000000000 +0700
    +++ /etc/xrdp/sesman.ini        2015-04-20 09:56:31.277342575 +0700
    @@ -13,7 +13,7 @@
    
    
     [Sessions]
     X11DisplayOffset=10
    -MaxSessions=10
    +MaxSessions=100
     KillDisconnected=0
     IdleTimeLimit=0
     DisconnectedTimeLimit=0
  4. Restart xrdp
    $ sudo /etc/init.d/xrdp restart
Try to connect with your rdp client, it should work now.

Wednesday, March 11, 2015

Connecting to your machine using vnc

To setup and use vncserver in redhat flavored distro, please follow below steps:

  1. Install the package:
    $ sudo yum install tigervnc-server tigervnc
  2. Set a password for a user that you want to use to login to the vnc server:
    $ vncpasswd
  3. Start the vncserver:
    $ vncserver
  4. Check the display number of your newly created vnc session:
    $ vncserver -list
    TigerVNC server sessions:
    X DISPLAY #     PROCESS ID
    :1              9168
  5. Check the port that your vnc session is using:
    $ sudo netstat -tulpn | grep 9168
    tcp        0      0 0.0.0.0:5901                0.0.0.0:*                   LISTEN      9168/Xvnc
    tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      9168/Xvnc
    tcp        0      0 :::6001                     :::*                        LISTEN      9168/Xvnc
  6. Test your vncserver locally (only if you are using GUI, else test it from the other machine with vncviewer installed), using vncviewer (belongs to tigervnc package):
    $ vncviewer :1

To connect from a redhat flavored linux distro client:
  1. Install the tigervnc package:
    $ sudo yum install tigervnc
  2. Run the vncviewer: vncviewer :
    $ vncviewer 192.168.0.2:1
    
  3. If you are behind firewall, you need to open port 5901 for the client to get through.
  4. If firewall is not in your control, you can always use ssh to port forward port 5901 to 5901 in your localhost, by: 
  5. $ ssh -L 5901:localhost:5901 vncserver.ip.address
    and in other terminal, run
    $ vncviewer localhost:1

Once you are done, you can kill the server by running:

$ vncserver -kill :1

Thursday, February 19, 2015

Starting with tmux - putting in initial settings

After a few years using GNU screen as my main terminal multiplexer, I have now changed it to tmux. The reasons behind that are:

  1. A lot more customizable
  2. The commands are also available in easy human understandable language, rather than just the shortcuts. For example: to kill a window, just "ctrl-b" and type "kill-window" or "killw", which is easier for new user like me to remember and use, rather than shortcuts like "ctrl-b &" which sometimes can be confusing.
  3. Easier horizontal and vertical splitting mechanism

To start with tmux, especially if you are coming from screen, it is very important to set th ekey binding right, since ctrl-b is not easily reachable with one hand compared to ctrl-1. Below are my initial .tmux.conf settings, to ease up my transition from GNU screen to tmux.

$ cat .tmux.conf
# unbind control-b, and replace it with control-a (GNU screen style)
set-option -g prefix C-a
           unbind-key C-b
           bind-key C-a send-prefix
# Use vi or emacs-style key bindings in copy and choice modes
set-window-option -g mode-keys vi       
# start windows numbering at 1
set -g base-index 1
# renumber windows when a window is closed                     
set -g renumber-windows on              

So there you go, some very simple settings to be appended to .tmux.conf, to ease up your learning in using tmux. Please refer to the comments, to actually know what the settings are for. You can always refer to tmux manual (man tmux) for more settings.

Hope this will be helpful :)