Configuring MailCleaner for Active Directory 2003/2008

Configuring MailCleaner to function with AD wasn't to hard, this worked with my Windows 2008 Active Directory environment, and I'm sure it should work with 2003 as well.

 

First go into your MailCleaner domain configuration.

 

Under User authentication configure these options

 


Connector: ldap/active directory

 

Server: IP or Computer name of your AD server : 389

Use SSL: NO.

Protocol version: 3

BaseDN: OU=Path, OU=To, OU=YourUsers, DC=domain, DC=com

User Attribute: samAccountName

Bind User: domain\bindUser

Bind Password: bindUsersPassword

Username format: username

Address format: ldap lookup

Pre-shared key:

 


 

Under Server: be sure to set the second input field for the port to 389

For the Base DN, I tried just setting DC=domain, DC=com but it would fail on user lookups... So I changed it to the direct OU I had my users stored and this seemed to work

i.e.

OU=Users, DC=crackedconsole, DC=com

You also need to assign a user account to connect to Active Directory with, it only needs read access so a stanard user will do. Be sure to put the domain name as part of Bind User

i.e.

crackedconsole\bindUser

 

You should now be able to search by user and email in the admin section, as well as Authentication in the standard user page via AD Authentication.

Running ArchLinux on the PogoPlug Series 4 - Additional Settings

Installing and enabling Cron on the Pogoplug with Archlinux installed

pacman -S cron

1. for cronie

systemctl start cronie
systemctl enable cronie

Installing rsync on the Pogoplug

pacman -S rysnc

http://www.linux.org/threads/rsync-from-linux-to-smb-device-ie-mybook-windows-computer-etc.4210/

 

 

Arch Arm Linux on PogoPlug - Keeping Time

 

First up, update the package manager to have the latest packages available. You may be asked if you want to update pacman itself, and a bunch of other stuff. In my case it grabbed the latest linux kernel version, and took a fair amount of time. Run this command a few times to make sure everything is the latest it can be.

$ pacman -Syu

Next up, install ntp.

$ pacman -S ntp

To enable ntp on startup, edit /edit/rc.conf, adding ntpd to the DAEMONS array, and removinghwclock.

# before: DAEMONS=(hwclock syslog-ng network netfs crond sshd)
DAEMONS=(syslog-ng network netfs crond sshd ntpd)

Next you should configure ntp by editing /etc/ntp.conf. A list of local ntp servers can be found athttp://www.pool.ntp.org/. I chose to use the UK servers.

Comment out any existing lines that begin with ‘server’, and add in those you want to use. Appendiburst to the end, this specifies how the servers are polled.

server 0.uk.pool.ntp.org iburst
server 1.uk.pool.ntp.org iburst
server 2.uk.pool.ntp.org iburst
server 3.uk.pool.ntp.org iburst

Next, set your timezone. A complete list of zones can be found in /usr/share/zoneinfo. I went withEurope/London. Edit the TIMEZONE variable in /etc/rc.conf, changing it to your chosen zone.

TIMEZONE="Europe/London"

Now restart.

$ reboot

That’s it! You should now have the correct time and timezone.

$ date
Fri Sep 16 19:58:09 BST 2011

 

http://douglasfshearer.com/2011/09/16/arch-arm-linux-on-pogoplug-keeping-time.html

Running ArchLinux on the PogoPlug Series 4

Base Install

http://archlinuxarm.org/platforms/armv5/pogoplug-series-4

  • These instructions will void your warranty. While every precaution is taken to ensure nothing bad happens, all actions are at your own risk.
  • my.pogoplug.com, the mobile applications, and the desktop Pogoplug connector will no longer work.
  • Only the top ports (USB 2.0 and SATA) can be used for the root filesystem
  1. With the device on and online, register and enable SSH through my.pogoplug.com.
  2. Power down the original, unmodified Pogoplug Series 4.
  3. With only the drive you intend to install Arch Linux ARM to plugged in (all data will be erased), switch on the power.
  4. Log in to the Pogoplug Series 4 over SSH.
  5. Stop the Pogoplug software so it doesn't interfere with the install process:killall hbwd
  6. Start fdisk to partition the USB2 or SATA drive:
    /sbin/fdisk /dev/sda
  7. At the fdisk prompt, delete old partitions and create a new one:
    1. Type o. This will clear out any partitions on the drive.
    2. Type p to list partitions. There should be no partitions left.
    3. Now type n, then p for primary, 1 for the first partition on the drive, and then press ENTER, accepting default values.
    4. Exit by typing w.
  8. Create the ext3 filesystem:
    cd /tmp wget http://archlinuxarm.org/os/pogoplug/mke2fs chmod +x mke2fs ./mke2fs -j /dev/sda1 mkdir alarm mount /dev/sda1 alarm
  9. Download and install Arch Linux ARM:
    1. cd /tmp/alarm
    2. wget http://archlinuxarm.org/os/ArchLinuxARM-kirkwood-latest.tar.gz
    3. tar -xzvf ArchLinuxARM-kirkwood-latest.tar.gz
  10. Unmount the drive:
    umount alarm
  11. Download the U-Boot installer and run it:
    cd /tmp wget http://archlinuxarm.org/os/ppv4/ppv4-install.sh chmod +x ppv4-install.sh ./ppv4-install.sh
  12. After the installer tells you its done, and if there were no errors, reboot:/sbin/reboot
  13. Double-check your router's DHCP tables to see if a different IP was leased, and you can now SSH in with the user/pass of root/root.

Installation Observations/Troubleshooting

  • U-Boot has been noted to occasionally not properly re-initialize USB and SATA drives on soft reboots. This is a rare occurrence, but if you are stuck with just a flashing green light after following the instructions above and rebooting, then just power-cycle the device. This won't harm the filesystem, and will be sure to get the device(s) plugged in on top re-initialized properly.
  • Network has been observed to take a little longer than other devices to start responding to pings or ssh attempts. If you just booted it and have a green light, you might see an address in the DHCP tables but not able to connect. Just give it a minute.

 

Additional Configuration

 

http://obihoernchen.net/wordpress/877/setup-samba-4-on-arch-linux/

 

Installation of Samba 4 is pretty easy.

1
pacman -Sy samba

Enable Samba

1
systemctl enable smb nmb

Create Users

If you want to create shares for multiple users you have to create new Unix user and add this one to samba as well.
To make it clean we will create a group called “samba”.

1
groupadd samba

Now we can add a new user to this group. This user “fabian” is not able to login (-s /sbin/nologin) for security purposes.

1
useradd -m -g samba -s /sbin/nologin fabian

To use this user in samba shares you have to add it to samba

1
pdbedit -a -u fabian

 

Create Shares

We are ready to configure our samba shares.
At the beginning configure
To do so edit /etc/samba/smb.conf

1
nano /etc/samba/smb.conf

Here is an example configuration.
You have to edit the Share definitions below so it fits your setup.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
[global]
   workgroup = WORKGROUP
   server string = POGOPLUG
   netbios name = POGOPLUG
   # hosts allow = 192.168.0.
   printcap name = /dev/null
   load printers = no
   disable spoolss = yes
   printing = bsd
   log file /var/log/samba/log.%m
   max log size = 50
   security = user
   dns proxy = no
   # For public share without login
   map to guest = Bad User
 
   # Android bugix for reading files (samba4 bug see: https://bugzilla.samba.org/show_bug.cgi?id=9706)
   unix extensions = false
 
   # Fix for file batch copy issues (see: http://archlinuxarm.org/forum/viewtopic.php?f=18&t=4864)
   oplocks = no
 
   # Some Tuning (See Optimize Performance)
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
   write cache size = 131072
   # this decreases read CPU load
   use sendfile = true
   getwd cache = yes
   min receivefile size = 16384
 
   # Global security
   public = yes
 
#============================ Share Definitions ==============================
 
# Public, read only
[Videos]
        comment = Videos for all
        read only = yes
        # use this only for read only shares!
        fake oplocks = yes
        path = /media/zincobi/Videos
 
# Public, writeable
[Abrechnungen]
        comment = Abrechnungen
        read only = no
        writeable = yes
        path = /media/zincobi/Abrechnungen
 
# whole HDD, only for fabian
[zincobi]
        comment = Fabians share
        public = no
        valid users = fabian
        read only = no
        writeable = yes
        path = /media/zincobi

 

Optimize performance

The stock performance of samba isn’t that great. Especially with NTFS.
But there are some parameters which will increase Samba performance significantly.

Add all these settings to the global section in your smb.conf file.

1
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072

The main problem for slow file transfer speeds is NTFS, because NTFS needs much CPU on linux.
Nevertheless there are 2 options which will boost the speed:

write cache size

If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file (it does not do this for non-oplocked files). All writes that the client does not request to be flushed directly to disk will be stored in this cache if possible. The cache is flushed onto disk when a write comes in whose offset would not fit into the cache or when the file is closed by the client. Reads for the file are also served from this cache if the data is stored within it.

This cache allows Samba to batch client writes into a more efficient write size for RAID disks (i.e. writes may be tuned to be the RAID stripe size) and can improve performance on systems where the disk subsystem is a bottleneck but there is free memory for userspace programs.

The integer parameter specifies the size of this cache (per oplocked file) in bytes.

Default: write cache size = 0

Example: write cache size = 262144 # for a 256k cache size per file

Some example values are:

1
write cache size = 131072

(131072= 128KB – you should test some values it’s pretty memory intensive)

Don’t forget to start the samba services or reboot:

1
systemctl start smb nmb

 

http://obihoernchen.net/wordpress/770/plug_computer_arch_linux/

 

First you should change your root password.
Use the following command to do so:

1
passwd root

 

Note: For GUI lovers: skip this step and set hostname and timezone in the webmin interface (next step)

The default hostname is “alarm”. Let’s change it!

1
hostnamectl set-hostname myhostname

To get all available timezones use:

1
timedatectl list-timezones

And to set your timezone:

1
timedatectl set-timezone <Zone>/<SubZone>

For example:

1
timedatectl set-timezone Europe/Berlin

Now reboot:

1
reboot

Wait a few seconds and reconnect to SSH.

 

Webmin is a pretty cool web-based interface for system administration.
It’s easy to use  and will help you to configure stuff faster.
To install it use:

1
pacman -Sy webmin perl-net-ssleay

Now we have to allow access from more IP addresses.
You have to edit the configuration file.

1
nano /etc/webmin/miniserv.conf

Find the following line: allow=127.0.0.1
Now add a new allow line with your local network broadcast ip or a specific ip and save the file.
For example:

1
2
allow=127.0.0.1 ## Allow local access
allow=192.168.0.0 ## Allows all users from 192.168.0.1 - 192.168.0.255

Now we’ll enable & start the webmin service so it autostarts.

1
2
systemctl enable webmin
systemctl start webmin

To access the Webmin interface open a browser and go to:
https://deviceip:10000

To lower memory usage go to:
Webmin>Webmin Configuration>Advanced Configuration and disable Pre-load Webmin functions library?”

 

If you want to remove your USB HDD and use it anywhere else it would be cool to have automounting like Windows.
There are a lot of auto mounting mechanisms for Arch Linux but a lot of them are outdated.
This one is using udevil to auto mount all USB HDDs on attach as /media/PARTITION_LABEL. So make sure all partitions have a label!

1
pacman -Sy udevil

I want to access my HDDs via Samba to use them in Windows so I have to use either FAT32 or NTFS.
This sucks because FAT32 isn’t able to handle files >4GB so it’s useless.
And NTFS is fucking slow on Linux.

But with some special mount options we are able to increase the speed dramatically!
I’ve did some benchmarks with hdparm and dd before and after the optimization.
The read speed was pretty good already (about 29MB/s –> USB 2.0 limit).
But the write speed was really bad!

Before: ~6,5 MB/s write speed
After: ~28,5 MB/s write speed

As you can see the write speed on NTFS was really slow before. But there is a way to fix it :)
We have to edit the mount options and add a special ntfs-3g option to our udevil automount settings.
Open the udevil config file and edit it:

1
nano /etc/udevil/udevil.conf

Search for default_options_ntfs= and allowed_options=

Now we add the option “big_writes” to both lines so it looks like:

1
..., noatime, big_writes, uid=...

Save the file.

Create the /media directory

1
mkdir /media

Add the udevil service to autostart.

1
systemctl enable devmon@root

Let’s reboot to see whether it works

1
reboot

Wait a few seconds and reconnect to SSH.
Now you’ll have a new folder: /media/yourHDDname where your HDD is mounted.
And you should see something like /dev/sdX1 on /media/… if you type:

1
mount

Note: All USB HDDs should go to standby automatically.
You can check with:

1
hdparm -C /dev/sda

 

Be careful you can mess up your whole network connection!

I don't like dynamic IP addresses in my LAN. Especially for servers.
They should have a static IP like every server. Of course there are hostnames but not all devices are able to resolve them.

Arch uses netcfg to configure your network adapters. You can create multiple profile.
To create a new static ip profile create a new profile in /etc/network.d/ named wired-static-eth0

1
nano /etc/network.d/wired-static-eth0

And add the following content, replace everything with your values and save the file.
Note: I use custom DNS settings because my router doesn't allow me to edit DNS settings.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
CONNECTION='ethernet'
DESCRIPTION='A basic static ethernet connection using iproute'
INTERFACE='eth0'
IP='static'
 
#IP of your pogoplug
ADDR='192.168.0.2'
 
#ROUTES=('192.168.0.0/24 via 192.168.1.2')
 
#Gateway (For example your router)
GATEWAY='192.168.0.1'
 
#DNS set to ('Gateway IP') if you want to use the DNS your router provides
DNS=('8.8.8.8' '8.8.4.4')
 
## For IPv6 autoconfiguration
#IP6=stateless
## For IPv6 static address configuration
#IP6='static'
#ADDR6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
#ROUTES6=('abcd::1234')
#GATEWAY6='1234:0:123::abcd'

Now you need to change the default network profile to the new one.

1
nano /etc/conf.d/netcfg

Find NETWORKS= and edit it:

1
NETWORKS=(wired-static-eth0)

You have to be sure that everything is correct otherwise you are going to loose network connection and have to edit all files from your USB stick with another PC.
Just restart the netcfg service or restart to apply the new settings

1
systemctl restart netcfg

 

Amount: