Wednesday, July 8, 2015

Reset openldap default admin password

This usually will be used during the installation of ldap, or when you have forgotten your ldap admin password. It took me quite a while to find these, so thanks to these article, that pointed me to the right direction. Here is how i did it:

  1. Find the root dn account and root dn password hash: 
    $ sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/newpasswd.ldif
  2. You can see the above info right away since we are using tee (tee is for writing to new file, and show to stdout at the same time). This is how it looks like: 
    $ cat newpasswd.ldif
    dn: olcDatabase={1}hdb,cn=config
    olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com
    olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy
    
  3. Generate a new password for the admin, and append it to the newpasswd.ldif. -h is the flag to specify the scheme, and you can know the scheme by referring to the newpasswd.ldif file that we have generated, in this case {SSHA}: 
    $ sudo slappasswd -h {SSHA} >> newpasswd.ldif
    New password:
    Re-enter new password:
    
  4. Edit the newpasswd.ldif, so that it will look like below (just comment olcRootDN, add changetype and replace, and change the oldRootPW to the one we generated in step 3:
    dn: olcDatabase={1}hdb,cn=config
    #olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com
    changetype: modify
    replace: olcRootPW
    olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy
    
  5. Implement the password change using ldapmodify command, where the flags are -H is for ldap uri, -Y for the SASL mechanism and -f for reading the input from file: 
    $ sudo ldapmodify -H ldapi:// -Y EXTERNAL -f ~/newpasswd.ldif
  6. Test the new password by listing the entries using ldapsearch, making sure that the new password is working: 
    $ ldapsearch -h localhost -b "dc=ubuntu-cacti,dc=com" -D "cn=admin,dc=ubuntu-cacti,dc=com" -W
That should be it, your admin user is now having new shiny password.

Monday, April 27, 2015

Check postfix email queue, and how to clear emails in there

To check the queue, we use a command called mailq, example as below:

$ mailq | tail

2024F98A61     3505 Mon Apr 27 18:16:17  support.us@something.com
(delivery temporarily suspended: Host or domain name not found. Name service error for name=smtp.something.com type=AAAA: Host not found)
                                         support.us@somethingelse.com
231EC98AED     3525 Fri Apr 24 16:48:04  support.us@something.com
(delivery temporarily suspended: Host or domain name not found. Name service error for name=smtp.something.com type=AAAA: Host not found)
                                         whoami@somethingelse.com

To clear the email in the queue, a command called postsuper is used, as below:

$ sudo postsuper -d ALL

To check the status of deletion, you can refer to the maillog, in below example, 15 messages have been deleted:

$ sudo tail /var/log/maillog

Apr 27 19:44:02 au-mel-rh-dev-3 postfix/smtp[6927]: 46F5598AF7: to=, relay=mta5.am0.yahoodns.net[98.138.112.37]:25, delay=2568, delays=2562/0.02/4.3/2, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 27 19:44:02 au-mel-rh-dev-3 postfix/qmgr[5985]: 46F5598AF7: removed
Apr 27 19:44:04 au-mel-rh-dev-3 postfix/smtp[6925]: ABA8B98AFA: to=, relay=mta5.am0.yahoodns.net[98.138.112.34]:25, delay=1624, delays=1617/0.02/4.4/3.3, dsn=2.0.0, status=sent (250 ok dirdel)
Apr 27 19:44:04 au-mel-rh-dev-3 postfix/qmgr[5985]: ABA8B98AFA: removed
Apr 27 19:49:27 au-mel-rh-dev-3 postfix/postsuper[7913]: Deleted: 15 messages



Monday, April 20, 2015

xrdp is not accessible with "X server -- no display in range is available" error

From rdp client, it is showing below error:












Checking on the log, this is the error:

$ sudo tail -f  /var/log/xrdp-sesman.log
...
[20150420-09:55:01] [INFO ] scp thread on sck 7 started successfully

[20150420-09:55:02] [INFO ] ++ created session (access granted): username mrapp, ip 10.157.4.55:53456 - socket: 7

[20150420-09:55:02] [INFO ] starting Xvnc session...

[20150420-09:55:02] [ERROR] X server -- no display in range is available


Searching on the web, I stumbled upon a site. Below are the steps that I learned to solve the above issue from the site:
  1. Edit /etc/xrdp/sesmain.ini
  2. Change MaxSessions from 10 to 100 
  3. $ sudo diff -u {~,/etc/xrdp}/sesman.ini
    --- /home/mrapp/sesman.ini      2012-10-29 20:58:30.000000000 +0700
    +++ /etc/xrdp/sesman.ini        2015-04-20 09:56:31.277342575 +0700
    @@ -13,7 +13,7 @@
    
    
     [Sessions]
     X11DisplayOffset=10
    -MaxSessions=10
    +MaxSessions=100
     KillDisconnected=0
     IdleTimeLimit=0
     DisconnectedTimeLimit=0
  4. Restart xrdp
    $ sudo /etc/init.d/xrdp restart
Try to connect with your rdp client, it should work now.

Wednesday, March 11, 2015

Connecting to your machine using vnc

To setup and use vncserver in redhat flavored distro, please follow below steps:

  1. Install the package:
    $ sudo yum install tigervnc-server tigervnc
  2. Set a password for a user that you want to use to login to the vnc server:
    $ vncpasswd
  3. Start the vncserver:
    $ vncserver
  4. Check the display number of your newly created vnc session:
    $ vncserver -list
    TigerVNC server sessions:
    X DISPLAY #     PROCESS ID
    :1              9168
  5. Check the port that your vnc session is using:
    $ sudo netstat -tulpn | grep 9168
    tcp        0      0 0.0.0.0:5901                0.0.0.0:*                   LISTEN      9168/Xvnc
    tcp        0      0 0.0.0.0:6001                0.0.0.0:*                   LISTEN      9168/Xvnc
    tcp        0      0 :::6001                     :::*                        LISTEN      9168/Xvnc
  6. Test your vncserver locally (only if you are using GUI, else test it from the other machine with vncviewer installed), using vncviewer (belongs to tigervnc package):
    $ vncviewer :1

To connect from a redhat flavored linux distro client:
  1. Install the tigervnc package:
    $ sudo yum install tigervnc
  2. Run the vncviewer: vncviewer :
    $ vncviewer 192.168.0.2:1
    
  3. If you are behind firewall, you need to open port 5901 for the client to get through.
  4. If firewall is not in your control, you can always use ssh to port forward port 5901 to 5901 in your localhost, by: 
  5. $ ssh -L 5901:localhost:5901 vncserver.ip.address
    and in other terminal, run
    $ vncviewer localhost:1

Once you are done, you can kill the server by running:

$ vncserver -kill :1

Thursday, February 19, 2015

Starting with tmux - putting in initial settings

After a few years using GNU screen as my main terminal multiplexer, I have now changed it to tmux. The reasons behind that are:

  1. A lot more customizable
  2. The commands are also available in easy human understandable language, rather than just the shortcuts. For example: to kill a window, just "ctrl-b" and type "kill-window" or "killw", which is easier for new user like me to remember and use, rather than shortcuts like "ctrl-b &" which sometimes can be confusing.
  3. Easier horizontal and vertical splitting mechanism

To start with tmux, especially if you are coming from screen, it is very important to set th ekey binding right, since ctrl-b is not easily reachable with one hand compared to ctrl-1. Below are my initial .tmux.conf settings, to ease up my transition from GNU screen to tmux.

$ cat .tmux.conf
# unbind control-b, and replace it with control-a (GNU screen style)
set-option -g prefix C-a
           unbind-key C-b
           bind-key C-a send-prefix
# Use vi or emacs-style key bindings in copy and choice modes
set-window-option -g mode-keys vi       
# start windows numbering at 1
set -g base-index 1
# renumber windows when a window is closed                     
set -g renumber-windows on              

So there you go, some very simple settings to be appended to .tmux.conf, to ease up your learning in using tmux. Please refer to the comments, to actually know what the settings are for. You can always refer to tmux manual (man tmux) for more settings.

Hope this will be helpful :)

Thursday, February 12, 2015

Accessing other user's screen session

This need usually arises, when in a multi user machine, you as an admin wanted to check what is other user is running using screen. The best you can see even as root using ps, is just the name of the command, like below:

michael@vbox:~$ sudo ps awxuf | grep -i screen

root      1135  0.0  0.0  13636   976 pts/1    S+   13:27   0:00                          \_ grep --color=auto -i screen

john   4245  0.0  0.0 387364 16668 ?        Sl   Feb02   0:06  |       \_ gnome-screensaver

1001      6762  0.0  0.0 347384 10428 ?        Sl   Feb02   0:00              \_ gnome-screensaver

john    625  0.0  0.0  31320  1568 ?        Ss   11:57   0:00 SCREEN -S test

michael@vbox:~$ pstree -Gap 625

screen,625 -S test

  └─bash,626



When you try to access the screen session using other user, this is usually the error:

michael@vbox:~$ sudo -u john screen -r 625
Cannot open your terminal '/dev/pts/1' - please check.


This is because, your terminal: /dev/pts/1 is only readable and writable to the owner of the terminal:


michael@vbox:~$ ls -lh /dev/pts/1
crw--w---- 1 john tty 136, 1 Feb  12 13:30 /dev/pts/1


To overcome this, simply allow read and write to the terminal, to all users:
john@vbox:~$ chmod o+rw /dev/pts/1
john@vbox:~$ ls -lh /dev/pts/1
crw--w-rw- 1 john tty 136, 1 Feb  12 13:32 /dev/pts/1


Once that done, you can use sudo to access the screen of the other user:
michael@vbox:~$ sudo -u john screen -r 625


Hope this help :).

Thursday, January 22, 2015

How to manage files whose name starting with hyphen (-), or double hyphen (--)

There are a few ways you can manage these kind of files, the normal way won't work, since this filename will be treated as options for almost all commands. Please see below on the method to manage these files:

Let's say the file name is -p, and you are trying to delete it,  the usual error is, since the -p is being treated as the flag for command rm, rather than a file name:

$ rm -p
rm: invalid option -- 'p'
Try 'rm ./-p' to remove the file ‘-p’.
Try 'rm --help' for more information.


So, the correct way to manage this file is:

To list:

$ ls ./-p
$ ls -- -p
$ find . -maxdepth 1 -iname "-p"


To delete:
$ rm -- -p
$ rm ./-p
$ find . -maxdepth 1 -iname "-p" -delete


To create:
$ touch ./-p


Basically, the ./ can be used with any command, while the " -- " have been tested working with ls and rm.

Hope this is helpful, thanks to stackexchange for this useful tips.

Thursday, January 15, 2015

How to kill whole process group (parent + child process)

This is very easy, and all this while I have been using ps with grep and awk, just to get the parent and child process PID, and feed it to kill command to kill the whole lot of them. Now no more, that is why reading the man page is very beneficial ;). To kill the whole group process, please see below example.

Let's say I want to kill teamviewer, and it's child processes:

check what is teamviewer and its children's PID:


$ pstree -Gap 31458

teamviewerd,31458 -f

├─{teamviewerd},31460

├─{teamviewerd},31461

├─{teamviewerd},31462

├─{teamviewerd},31463

├─{teamviewerd},31464

├─{teamviewerd},31465

├─{teamviewerd},31466

├─{teamviewerd},31549

└─{teamviewerd},24892

run kill to the PID of parent, and put - sign in front of the PID, to signal the whole group killing:
$ kill -TERM -31458

no more PID 31458, with the children processes
$ pstree -Gap 31458