- Find the root dn account and root dn password hash:
$ sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/newpasswd.ldif - You can see the above info right away since we are using tee (tee is for writing to new file, and show to stdout at the same time). This is how it looks like:
$ cat newpasswd.ldif dn: olcDatabase={1}hdb,cn=config olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy
- Generate a new password for the admin, and append it to the newpasswd.ldif. -h is the flag to specify the scheme, and you can know the scheme by referring to the newpasswd.ldif file that we have generated, in this case {SSHA}:
$ sudo slappasswd -h {SSHA} >> newpasswd.ldif New password: Re-enter new password:
- Edit the newpasswd.ldif, so that it will look like below (just comment olcRootDN, add changetype and replace, and change the oldRootPW to the one we generated in step 3:
dn: olcDatabase={1}hdb,cn=config #olcRootDN: cn=admin,dc=ubuntu-ldap,dc=com changetype: modify replace: olcRootPW olcRootPW: {SSHA}CS9o0OVuD4YOj1eFNf4q6eqSe8O4MBMy - Implement the password change using ldapmodify command, where the flags are -H is for ldap uri, -Y for the SASL mechanism and -f for reading the input from file:
$ sudo ldapmodify -H ldapi:// -Y EXTERNAL -f ~/newpasswd.ldif - Test the new password by listing the entries using ldapsearch, making sure that the new password is working:
$ ldapsearch -h localhost -b "dc=ubuntu-cacti,dc=com" -D "cn=admin,dc=ubuntu-cacti,dc=com" -W
Wednesday, July 8, 2015
Reset openldap default admin password
This usually will be used during the installation of ldap, or when you have forgotten your ldap admin password. It took me quite a while to find these, so thanks to these article, that pointed me to the right direction. Here is how i did it:
Monday, April 27, 2015
Check postfix email queue, and how to clear emails in there
To check the queue, we use a command called mailq, example as below:
To clear the email in the queue, a command called postsuper is used, as below:
To check the status of deletion, you can refer to the maillog, in below example, 15 messages have been deleted:
$ mailq | tail 2024F98A61 3505 Mon Apr 27 18:16:17 support.us@something.com (delivery temporarily suspended: Host or domain name not found. Name service error for name=smtp.something.com type=AAAA: Host not found) support.us@somethingelse.com 231EC98AED 3525 Fri Apr 24 16:48:04 support.us@something.com (delivery temporarily suspended: Host or domain name not found. Name service error for name=smtp.something.com type=AAAA: Host not found) whoami@somethingelse.com
To clear the email in the queue, a command called postsuper is used, as below:
$ sudo postsuper -d ALL
To check the status of deletion, you can refer to the maillog, in below example, 15 messages have been deleted:
$ sudo tail /var/log/maillog Apr 27 19:44:02 au-mel-rh-dev-3 postfix/smtp[6927]: 46F5598AF7: to=, relay=mta5.am0.yahoodns.net[98.138.112.37]:25, delay=2568, delays=2562/0.02/4.3/2, dsn=2.0.0, status=sent (250 ok dirdel) Apr 27 19:44:02 au-mel-rh-dev-3 postfix/qmgr[5985]: 46F5598AF7: removed Apr 27 19:44:04 au-mel-rh-dev-3 postfix/smtp[6925]: ABA8B98AFA: to=, relay=mta5.am0.yahoodns.net[98.138.112.34]:25, delay=1624, delays=1617/0.02/4.4/3.3, dsn=2.0.0, status=sent (250 ok dirdel) Apr 27 19:44:04 au-mel-rh-dev-3 postfix/qmgr[5985]: ABA8B98AFA: removed Apr 27 19:49:27 au-mel-rh-dev-3 postfix/postsuper[7913]: Deleted: 15 messages
Monday, April 20, 2015
xrdp is not accessible with "X server -- no display in range is available" error
From rdp client, it is showing below error:
Checking on the log, this is the error:
Checking on the log, this is the error:
$ sudo tail -f /var/log/xrdp-sesman.log ... [20150420-09:55:01] [INFO ] scp thread on sck 7 started successfully [20150420-09:55:02] [INFO ] ++ created session (access granted): username mrapp, ip 10.157.4.55:53456 - socket: 7 [20150420-09:55:02] [INFO ] starting Xvnc session... [20150420-09:55:02] [ERROR] X server -- no display in range is availableSearching on the web, I stumbled upon a site. Below are the steps that I learned to solve the above issue from the site:
- Edit /etc/xrdp/sesmain.ini
- Change MaxSessions from 10 to 100
- Restart xrdp
$ sudo /etc/init.d/xrdp restart
$ sudo diff -u {~,/etc/xrdp}/sesman.ini --- /home/mrapp/sesman.ini 2012-10-29 20:58:30.000000000 +0700 +++ /etc/xrdp/sesman.ini 2015-04-20 09:56:31.277342575 +0700 @@ -13,7 +13,7 @@ [Sessions] X11DisplayOffset=10 -MaxSessions=10 +MaxSessions=100 KillDisconnected=0 IdleTimeLimit=0 DisconnectedTimeLimit=0
Try to connect with your rdp client, it should work now.
Wednesday, March 11, 2015
Connecting to your machine using vnc
To setup and use vncserver in redhat flavored distro, please follow below steps:
- Install the package:
$ sudo yum install tigervnc-server tigervnc - Set a password for a user that you want to use to login to the vnc server:
$ vncpasswd - Start the vncserver:
$ vncserver - Check the display number of your newly created vnc session:
$ vncserver -list TigerVNC server sessions: X DISPLAY # PROCESS ID :1 9168
- Check the port that your vnc session is using:
$ sudo netstat -tulpn | grep 9168 tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 9168/Xvnc tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 9168/Xvnc tcp 0 0 :::6001 :::* LISTEN 9168/Xvnc
- Test your vncserver locally (only if you are using GUI, else test it from the other machine with vncviewer installed), using vncviewer (belongs to tigervnc package):
$ vncviewer :1
To connect from a redhat flavored linux distro client:
- Install the tigervnc package:
$ sudo yum install tigervnc - Run the vncviewer: vncviewer
: $ vncviewer 192.168.0.2:1 - If you are behind firewall, you need to open port 5901 for the client to get through.
- If firewall is not in your control, you can always use ssh to port forward port 5901 to 5901 in your localhost, by:
$ ssh -L 5901:localhost:5901 vncserver.ip.address
and in other terminal, run $ vncviewer localhost:1
$ vncserver -kill :1
Thursday, February 19, 2015
Starting with tmux - putting in initial settings
After a few years using GNU screen as my main terminal multiplexer, I have now changed it to tmux. The reasons behind that are:
- A lot more customizable
- The commands are also available in easy human understandable language, rather than just the shortcuts. For example: to kill a window, just "ctrl-b" and type "kill-window" or "killw", which is easier for new user like me to remember and use, rather than shortcuts like "ctrl-b &" which sometimes can be confusing.
- Easier horizontal and vertical splitting mechanism
To start with tmux, especially if you are coming from screen, it is very important to set th ekey binding right, since ctrl-b is not easily reachable with one hand compared to ctrl-1. Below are my initial .tmux.conf settings, to ease up my transition from GNU screen to tmux.
$ cat .tmux.conf
# unbind control-b, and replace it with control-a (GNU screen style)
set-option -g prefix C-a
unbind-key C-b
bind-key C-a send-prefix
# Use vi or emacs-style key bindings in copy and choice modes
set-window-option -g mode-keys vi
# start windows numbering at 1
set -g base-index 1
# renumber windows when a window is closed
set -g renumber-windows on
So there you go, some very simple settings to be appended to .tmux.conf, to ease up your learning in using tmux. Please refer to the comments, to actually know what the settings are for. You can always refer to tmux manual (man tmux) for more settings.
Hope this will be helpful :)
Thursday, February 12, 2015
Accessing other user's screen session
This need usually arises, when in a multi user machine, you as an admin wanted to check what is other user is running using screen. The best you can see even as root using ps, is just the name of the command, like below:
This is because, your terminal: /dev/pts/1 is only readable and writable to the owner of the terminal:
To overcome this, simply allow read and write to the terminal, to all users:
Once that done, you can use sudo to access the screen of the other user:
Hope this help :).
michael@vbox:~$ sudo ps awxuf | grep -i screen root 1135 0.0 0.0 13636 976 pts/1 S+ 13:27 0:00 \_ grep --color=auto -i screen john 4245 0.0 0.0 387364 16668 ? Sl Feb02 0:06 | \_ gnome-screensaver 1001 6762 0.0 0.0 347384 10428 ? Sl Feb02 0:00 \_ gnome-screensaver john 625 0.0 0.0 31320 1568 ? Ss 11:57 0:00 SCREEN -S test michael@vbox:~$ pstree -Gap 625 screen,625 -S test └─bash,626
When you try to access the screen session using other user, this is usually the error:
michael@vbox:~$ sudo -u john screen -r 625
Cannot open your terminal '/dev/pts/1' - please check.
This is because, your terminal: /dev/pts/1 is only readable and writable to the owner of the terminal:
michael@vbox:~$ ls -lh /dev/pts/1
crw--w---- 1 john tty 136, 1 Feb 12 13:30 /dev/pts/1
To overcome this, simply allow read and write to the terminal, to all users:
john@vbox:~$ chmod o+rw /dev/pts/1
john@vbox:~$ ls -lh /dev/pts/1
crw--w-rw- 1 john tty 136, 1 Feb 12 13:32 /dev/pts/1
Once that done, you can use sudo to access the screen of the other user:
michael@vbox:~$ sudo -u john screen -r 625
Hope this help :).
Thursday, January 22, 2015
How to manage files whose name starting with hyphen (-), or double hyphen (--)
There are a few ways you can manage these kind of files, the normal way won't work, since this filename will be treated as options for almost all commands. Please see below on the method to manage these files:
Let's say the file name is -p, and you are trying to delete it, the usual error is, since the -p is being treated as the flag for command rm, rather than a file name:
So, the correct way to manage this file is:
To list:
To delete:
To create:
Basically, the ./ can be used with any command, while the "" have been tested working with ls and rm.
Hope this is helpful, thanks to stackexchange for this useful tips.
Let's say the file name is -p, and you are trying to delete it, the usual error is, since the -p is being treated as the flag for command rm, rather than a file name:
$ rm -p rm: invalid option -- 'p' Try 'rm ./-p' to remove the file ‘-p’. Try 'rm --help' for more information.
So, the correct way to manage this file is:
To list:
$ ls ./-p
$ ls -- -p
$ find . -maxdepth 1 -iname "-p"
To delete:
$ rm -- -p
$ rm ./-p
$ find . -maxdepth 1 -iname "-p" -delete
To create:
$ touch ./-p
Basically, the ./
Hope this is helpful, thanks to stackexchange for this useful tips.
Thursday, January 15, 2015
How to kill whole process group (parent + child process)
This is very easy, and all this while I have been using ps with grep and awk, just to get the parent and child process PID, and feed it to kill command to kill the whole lot of them. Now no more, that is why reading the man page is very beneficial ;). To kill the whole group process, please see below example.
Let's say I want to kill teamviewer, and it's child processes:
check what is teamviewer and its children's PID:
Let's say I want to kill teamviewer, and it's child processes:
check what is teamviewer and its children's PID:
$ pstree -Gap 31458 teamviewerd,31458 -f ├─{teamviewerd},31460 ├─{teamviewerd},31461 ├─{teamviewerd},31462 ├─{teamviewerd},31463 ├─{teamviewerd},31464 ├─{teamviewerd},31465 ├─{teamviewerd},31466 ├─{teamviewerd},31549 └─{teamviewerd},24892
run kill to the PID of parent, and put - sign in front of the PID, to signal the whole group killing:$ kill -TERM -31458
no more PID 31458, with the children processes
$ pstree -Gap 31458