! interface FastEthernet3 description WAN to VDSL-Modem switchport mode trunk ! interface Vlan7 description VLAN fuer VDSL no ip address pppoe enable group global pppoe-client dial-pool-number 1 ! interface Dialer0 ip address negotiated ip mtu 1452 ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache policy ip route-cache flow dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 ppp authentication chap pap callin ppp pap sent-username@t-online.de password 0
Sonntag, Oktober 26, 2008
VDSL mit Cisco Routern
VDSL mit Cisco Routern
! interface FastEthernet3 description WAN to VDSL-Modem switchport mode trunk ! interface Vlan7 description VLAN fuer VDSL no ip address pppoe enable group global pppoe-client dial-pool-number 1 ! interface Dialer0 ip address negotiated ip mtu 1452 ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache policy ip route-cache flow dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 ppp authentication chap pap callin ppp pap sent-username <user>@t-online.de password 0 <password>
Samstag, Oktober 25, 2008
kerberos und windows xp
Achtung kann üble Probleme machen.
Donnerstag, Oktober 23, 2008
OpenLDAP ppolicy
--- snip /etc/ldap/slapd.conf ---
# ppolicy schema
include /etc/ldap/schema/ppolicy.schema
moduleload ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=PasswordPolicy,dc=patrick-preuss,dc=de"
ppolicy_use_lockout
--- snip /etc/ldap/slapd.conf ---
--- snip default.ldif ---
dn: cn=default,ou=PasswordPolicy,dc=patrick-preuss,dc=de
objectClass: device
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckQuality: 1
pwdExpireWarning: 432000
pwdFailureCountInterval: 0
pwdGraceAuthNLimit: 0
pwdInHistory: 0
pwdLockout: FALSE
pwdLockoutDuration: 1920
pwdMaxAge: 7516800
pwdMaxFailure: 4
pwdMinLength: 6
pwdMustChange: TRUE
pwdSafeModify: FALSE
--- snip default.ldif ---
--- snip peruser.ldif ---
dn: cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=noexpire,ou=PasswordPolicy,dc=patrick-preuss,dc=de
--- snip peruser.ldif ---
Krb5 und LDAP
http://www.ibm.com/developerworks/db2/library/techarticle/dm-0809govindarajan/
kadmin.local: modpol -maxlife 180days -minlife 1hours -minlength 6 -minclasses 2 -history 10 default
http://www.ncsa.uiuc.edu/UserInfo/Resources/Software/kerberos/multiple_principals.html
Mittwoch, Oktober 22, 2008
mDNS und OpenLDAP
Zur Zeit schein der slapd noch keine API zu avahi zu haben.
Also doch ein wenig Handarbeit:-)
Mein Docu.
Kerberos und LDAP II
Normalerweise werden die Kerberos Attribute unter "cn=Kerberos,..." gespeichert.
Es ist möglich diese unter der "ou=People,...." in einem Account zu speichern.
Montag, Oktober 20, 2008
Kerberos und IOS
Cisco IOS 12.2 Configuring Kerberos
Cisco IOS 12.4 Configuring Kerberos
Cisco IOS 12.4T Configuring Kerberos
moria# kadmin.local -q 'addprinc -randkey host/ws-c2940-8tt-s.patrick-preuss.de'
moria# kadmin.local -q 'ktadd -e DES-CBC-CRC:NORMAL -k /var/www/ios.keytab host/ws-c2940-8tt-s.patrick-preuss.de@PATRICK-PREUSS.DE'
--- Cisco IOS 121-22.EA11 ---
aaa authentication login default krb5-telnet local krb5
aaa authentication login console-override local
aaa authorization exec default local krb5-instance
kerberos local-realm PATRICK-PREUSS.DE
kerberos srvtab entry host/ws-c2940-8tt-s.patrick-preuss.de@PATRICK-PREUSS.DE 1 1224540392 3 1 8 0<=?;79;5<73>:>>:
kerberos realm patrick-preuss.de PATRICK-PREUSS.DE
kerberos realm .patrick-preuss.de PATRICK-PREUSS.DE
kerberos server PATRICK-PREUSS.DE 10.0.12.32
kerberos instance map admin 15
kerberos credentials forward
--- cisco ---
--- Cisco IOS 124-15.T5 ---
aaa authentication login default krb5-telnet krb5 local
aaa authentication login console-override local
! Seams so 12.4 15 T 5 some bugs in kerberos code
! we should do some research in this point
! aaa authorization exec default local krb5-instance
kerberos local-realm PATRICK-PREUSS.DE
kerberos srvtab entry host/cisco1721.patrick-preuss.de@PATRICK-PREUSS.DE 1 1224539305 3 1 8 05>9898=<4504>?83
kerberos realm patrick-preuss.de PATRICK-PREUSS.DE
kerberos realm .patrick-preuss.de PATRICK-PREUSS.DE
kerberos server PATRICK-PREUSS.DE 10.0.12.32
kerberos instance map admin 15
kerberos credentials forward
--- cisco ---
Krb5 und LDAP
MIT Kerberos 1.6.3
The Rough Guide to configuring a Solaris KDC to use a LDAP DS for the KDB
# rm /etc/krb5kdc/kdc.conf
# ln -s /etc/krb5.conf /etc/krb5kdc/kdc.conf
--- /etc/krb5.conf ---
[kdcdefaults]
kdc_ports = 750,88
[libdefaults]
default_realm = PATRICK-PREUSS.DE
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
[realms]
PATRICK-PREUSS.DE = {
kdc = moria
admin_server = moria
acl_file = /etc/krb5kdc/kadm5.acl
database_module = openldap_ldapconf
default_domain = patrick-preuss.de
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
}
[domain_realm]
.patrick-preuss.de = PATRICK-PREUSS.DE
patrick-preuss.de = PATRICK-PREUSS.DE
[login]
krb4_convert = true
krb4_get_tickets = false
[kdc]
database = {
dbname = ldap:ou=Kerberos,dc=patrick-preuss,dc=de
}
[dbdefaults]
ldap_kerberos_container_dn = cn=Kerberos,dc=patrick-preuss,dc=de
database_module = openldap_ldapconf
[dbmodules]
openldap_ldapconf = {
db_library = kldap
ldap_kerberos_container_dn = cn=Kerberos,dc=patrick-preuss,dc=de
ldap_kdc_dn = "cn=kdc-service,ou=ITAccounts,dc=patrick-preuss,dc=de"
# this object needs to have read rights on
# the realm container, principal container and realm sub-trees
ldap_kadmind_dn = "cn=kdc-adm-service,ou=ITAccounts,dc=patrick-preuss,dc=de"
# this object needs to have read and write rights on
# the realm container, principal container and realm sub-trees
ldap_service_password_file = /etc/krb5kdc/service.keyfile
ldap_servers = ldap://moria
ldap_conns_per_server = 5
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
--- /etc/krb5.conf ---
# kdb5_ldap_util -D "cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de" -w "somethingsecret" create -subtrees dc=patrick-preuss,dc=de -r PATRICK-PREUSS.DE -s
# kdb5_ldap_util -H ldap://moria -D "cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de" -w "somethingsecret" stashsrvpw -f /etc/krb5kdc/service.keyfile "cn=kdc-adm-service,ou=ITAccounts,dc=patrick-preuss,dc=de"
# kdb5_ldap_util -H ldap://moria -D "cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de" -w "somethingsecret" stashsrvpw -f /etc/krb5kdc/service.keyfile "cn=kdc-service,ou=ITAccounts,dc=patrick-preuss,dc=de"
# kadmin.local -q 'addprinc kadmin/moria'
# kadmin.local -q 'addprinc kadmin/moria.local'
# kadmin.local -q 'addprinc kadmin/moria.patrick-preuss.de'
# kadmin.local -q 'addprinc changepw/moria'
# kadmin.local -q 'addprinc changepw/moria.local'
# kadmin.local -q 'addprinc changepw/moria.patrick-preuss.de'
SUDO mit LDAP
Sudo kann seit einiger Zeit seine Konfiguration über LDAP beziehen.
Coole Idee dann machen wird das auch :-)
Meine Docu.
Huch was ist den hier los. Warum gehen meine Gäste?
Nach dem ich die Sourcen erweitert habe, bekomme ich folgenden Fehler:
E: Dynamic MMap ran out of room
Hm warum haut MMap ab? Gefällst dir hier nicht? Kein Problem wollte eh
ein wenig Renovieren.
Also dann mal Los.
Die Lösung ist recht einfach.
Der Strolch braucht mehr Platz.
Eine Datei unter /etc/apt/apt.conf.d/ anlegen und mit dem Inhalt unten füllen.
# vi /etc/apt/apt.conf.d/01mmap
--- snip ---
APT::Cache-Limit "125000000";
--- snip ---
Die apt sources unter debian auf sid erweitern.
Folgende Zeile muss mit in die Sources List.
File: /etc/apt/sources.list
deb http://ftp.de.debian.org/debian/ sid mainDanach noch ein # apt-get update durchführen und man hat die SID Packet beschreibungen auf dem Rechner;-)
Abonnieren
Posts (Atom)