Tuesday, August 18, 2015

Mount a Windows share on Linux

This article describes how to set up a share from a Linux box to a Windows box. Samba has to be installed.

To test if your Linux machine sees the shares on the Windows box:
smbclient -L -U

  • Make a directoy for the mountpoint:
mkdir /mnt/

  • Mount the share:
mount -t smbfs -o username=,password= /// /mnt/

Note: The syntax -username=,password= saves the password.

  • Create a symbolic link to the mounted drive:
ln -s /mnt/ /


Hobbit System Montoring | Debian

Hobbit monitors your hosts, your network services, and anything else you configure it to do via extensions. Hobbit can periodically generate requests to network services - http, ftp, smtp and so on - and record if the service is responding as expected. You can also monitor local disk utilisation, logfiles and processes through the use of agents installed on the servers.
Before you install, make sure you have Apache web server installed.


apt-get install apache2

Configure /etc/apach2/sites-enabled/000-default

Example: Apache conf here.


Install hobbit packages

apt-get install hobbit hobbit-client hobbit-plugins


By default hobbit only allows connections from local host. Append the IP addresses you want to allow here in all three of the Allow from[...] lines like shown here

vi /etc/apache2/conf.d/hobbit

Allow from localhost ::1/128 192.168.0.5


In this case I have added the 192.168.0.5 but you should replace it to the one on your computer

Restart apache

/etc/init.d/apache2 restart


Now you can access the hobbit monitoring console on this location http://youservername/hobbit/ (Make sure you include the trailing slash)

Client Install

apt-get install hobbit-client hobbit-plugins

Server Configuration for Client Data

vi /etc/hobbit/bb-hosts

Example bb-hosts:


Note:  Be sure to use the fully qualified name of the server along with the IP Address.  If you do not, you will not get all or any of the information desired.

If desired, you may use the local configuration file to monitor more finitely.   This also requires adding "--local" setting to FILENAMEHERE.  I found that in Ver. 4.2.0 if you must copy the hobbitd_client file from the "hobbit-server".

WordPress & PhotoGallery Plugin Tips

After installing WordPress and adding the PhotoGallery Plugin, I ran into an upload issue.  Sadly the plugin did not provide any errors to indicate that there was an issue.  It simply acted as if it had finished but never auto generated the thumbnails or properly uploaded the photos.

As a troubleshooting measure, I installed another "Gallery" plugin.   As luck would have it, it provided server statistics AND gave a warning, stating that due to my current settings, I would likely encounter a problem uploading photos.  This was VERY helpful and I quickly found the settings that needed to be changed in my PHP.ini file (see settings below).  I would have continued with this plugin but found the lite version to be very restricted and not as user friendly.  So I reactivated the PhotoGallery plugin and it now works as expected.

PHP.ini Settings:

1upload_max_filesize = 64M
2post_max_size = 64M
3max_execution_time = 300

Sunday, August 16, 2015

Gmail SMTP & OwnCloud

While trying to configure gmail SMTP on my OwnCloud installation, I continued to run into an authentication issue.  Oddly enough, I have several other areas where I have this working without issue (server & webcam) and so I'm no stranger to the configuration and setup.  I was nearly stumped when I found a solution that may help others as well.

I finally found the following "https://accounts.google.com/UnlockCaptcha".  Captcha was causing the hiccup.  By unlocking the account, all was back to normal and emails could be sent from my cloud server. 

My OwnCloud 8.1.1 config is as follows;

  'mail_smtpmode' => 'smtp',
  'mail_from_address' => 'mygmailacct',
  'mail_domain' => 'gmail.com',
  'mail_smtpsecure' => 'tls',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'mygmailacct@gmail.com',

  'mail_smtppassword' => 'MyPassword',

Thursday, June 4, 2015

OS X Yosemite - Create Boot Disk

There are multiple ways to create a boot disk, this is just one that I've found simple and efficient.

Steps:

  1. Connect a formatted 8GB (or larger) usb drive, and rename the drive Yosemite. (The Terminal command used here assumes the drive is named Yosemite.) Also, make sure the Yosemite installer, called Install OS X Yosemite.app, is in its default location in your main Applications folder (/Applications). 
  2. Run the following command (remember the file must be in the right location and the usb drive named "Yosemite" or change the command to match the name you've selected): 
    sudo /Applications/Install\ OS\ X\ Yosemite.app/Contents/Resources/createinstallmedia --volume /Volumes/Yosemite --applicationpath /Applications/Install\ OS\ X\ Yosemite.app --nointeraction
  3. Launch Terminal app.  Warning: This step will erase the usb drive. Paste the copied command into Terminal and press Return.
  4. Type your admin account password when prompted.
  5. You'll see the following... Erasing Disk: 0%... 10 percent...20 percent... etc. Wait until you see the text Copy Complete. Done. This step may take 20 minutes or more to complete as it is copying a large amount of data.
You now have a bootable install drive.

Sunday, January 25, 2015

SoftEther VPN

OpenVPN has provided a great solid solution over the years and I've installed many point to point solutions as well as VPNs for commercial and private use.  While I'm certainly a fan, circumstances have warranted investigating a new solution, specifically one that provides L2TP/IPsec server functionality and additional throughput.  Enter SoftEther.

SoftEther is a multi-protocol VPN software that runs on Mac, Linux, FreeBSD and Windows.  Due to the clone function, it even allows for easy integration from OpenVPN, meaning you can connect using the client you previously used to connect to an OpenVPN server.  Furthermore the L2TP capability aids in connectivity with iOS and Android devices.  A full review of the specifications and capability can be found at softether.org.

For my purposes, I needed the ability to provide VPN access from an iPhone, and a LAN to LAN bridge to connect several commercial offices. 

My specifications as you can see were initially very conservative.  I found that even a system with as little as 512MB and 5G of storage was capable of providing a reasonable VPN for a small office or home use.  While not necessary, I choose to run a separate server or virtual machine for VPN access.

  • Virtual Machine
    • Debian 7
    • 1G (Virtual allows for easy modification based on usage)
    • 10G Storage

1. Install Debian 

I used the mini.iso, no options other than system tools.  I like to run lean and don't use a gui for any production system.

Acquire the necessary tools for compiling SoftEther.

apt-get install build-essential

2. Download & Install SoftEther

Wget or Lynx are your best options.

apt-get install lynx
lynx http://www.softether-download.com/files/softether/
You have multiple different versions to choose from.  I've typically utilized the 'rtm' versions instead of 'beta' but the choice is yours. 

Once you locate your version of choice and architecture, highlight it and press "d" to download.  When prompted, choose "save to disk".

I keep my downloads in /usr/local/src.

cd /usr/local/src
tar xvfz softether-vpnserver-version-number-you-downloaded.tar.gz
The archive will extract and create a vpnserver directory.

cd /usr/local/src/vpnserver
make
You'll be prompted to read the License Agreement, confirm you read it and agree to the License Agreement.

Any issues with 'make' are likely due to unmet dependancies.  Verify you completed the step of installing the 'build-essential' components.

My habit is to move services to the /etc folder.

mv /usr/local/src/vpnserver /etc
cd /etc/vpnserver
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
Create startup script

vi /etc/init.d/vpnserver
Example:

#!/bin/sh
# SoftEther
DAEMON=/etc/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
;;
stop)
$DAEMON stop
rm $LOCK
;;
restart)
$DAEMON stop
sleep 3
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
chmod 755 /etc/init.d/vpnserver
Debian makes it easy to update the run levels and have SoftEther start on boot up.

update-rc.d vpnserver defaults
Note the use of /var/lock/subsys, you'll need to create the directory.

Start SoftEther

/etc/init.d/vpnserver start

3. Check Installation and configure.

cd /etc/vpnserver
./vpncmd

Check installation by choosing option 3.

check
exit

Virtual Hub

./vpncmd
Choose option 1 this time

HubCreate SoftVPN
You now need to choose the Hub you just created (like a database).

Hub SoftVPN
SecureNatEnable
UserCreate NewUserName
There are different ways for authentication (please read and determine how best to proceed for your circumstances).

UserPasswordSet NewUserName
Enable L2TP

IPsecEnable

This is a very basic configuration.  There are a multitude of other options available, far beyond what I've described here.  I'd also suggest changing/setting an administrative password which wasn't covered, but is a simple command.

A few items that I intend to write a follow up on are:
  • Certificate Setup & Generation
  • OpenVPN Compatibility Configuration
  • SSTP Config
  • Client Configuration
  • LAN to LAN Bridge




Sunday, January 11, 2015

DigitalOcean VPS Hosting

I've been using Digital Ocean VPS servers for the last year and half and have been very pleased with their performance.  They also have a clean interface, DNS service and a substantial knowledge base.  I've also been impressed with the quality of the customer service and the rapid response I've received for even the lowest priority tickets.

If you feel so inclined, please use my referral link.  You'll receive a $10 credit for doing so, and I also will get a referral credit.  Regardless of what you read online, the $10 credit is the best that is offered and they only allow one coupon/credit per account except for very special circumstances.

I'm confident you'll find their service(s) to be as advertised which isn't always the case these days.

-Enjoy
Todd