LDAP comes handy to manage users and groups across many systems. However you’ll probably want only a subset of your users to login on console or over ssh. In this post I’ll describe my setup using pam_ldapd.
VLAN can be very handy to use several subnets on a machine with only one network interface. Learn how I’m using multiple VLAN on a RaspberryPi v3.
The Alix APUs are some really nice power efficient boards. However they don’t have any graphical output so installing an OS can be quite demanding. Since I just managed to get devuan running, I decided to write it down. Same procedure should as well be working for debian.
Continue reading “Installing devuan on a Alix APUC1”
Adding a new LDAP schema can already be tricky. Changing a LDAP schema on an existing server ressembles an operation at the living heart – especially if you’re using the new config backend at
cn=config. I’ll describe how I’ve interchanged the nis schema for the rfc2307bis schema.
Since quite a long time I’ve been using openLDAP to store all my user accounts for mailserver, owncloud, seafile, … I not only store user accounts in the LDAP but also user groups, preferably as GroupOfNames objects. With my recent decision to drop owncloud for seafile and davical I’ve come to a problem. All my user groups are GroupOfNames, davical however can only work with the alternative posixGroups. Of course I could add another (posix)Group for groups I want to share dates and contacts with. But as those groups are the same I want to share files with I don’t like to do the work in double and want to use the existing GroupOfNames. With the nis schema active a group can either be a GroupOfNames or a posixGroup. By changing the nis schema for the rfc2307bis schema posixGroups will no longer be structural. So with that active a group can be both, a GroupOfNames AND a posix group. Problem solved.
However this migration won’t be easy.
Continue reading “LDAP schema change on existing server”
After using arch linux for quite a time on my laptop it’s time to move on a new machine. So I’ll install arch again this time taking I slightly different approach than on the laptop. So here I’ll descripe all the steps I’ve taken to get arch up and running. It’s more a documentation for myself but it might also be helpful to some.
A short info on the machine first: It’s a AMD A10 7870K with 16GB RAM, 2 SSDs (30GB and 500GB) and 4 TB HDD.
Another important command I tend to forget. Sometimes I forget to set my camera clock correctly before a shooting. That’s bad especially when I’m using two cameras with different date/time settings. Then all my images appear mixed up as I normally sort by time. On linux however it’s easy to fix using exiftool:
exiftool "-DateTimeOriginal+=5:10:2 10:48:0" FILE
will correct the create date of the image FILE by adding 5 years, 10 months, 2 days 10 hours and 48 minutes. Continue reading “Adjust a picture’s create date using exiftool”
After having worked almost 2 years with fedora, I decided to switch to arch linux. In this post I’ve written down the steps I took to install arch linux on my ThinkPad W510.
I’ve just been too annoyed by almost reinstalling the system at least once a year with every release. And there have been kernel panics and gnome shell hangs coming and going and I couldn’t really find out why. I didn’t want to spend much time on that either. I don’t want to say fedora is bad, I just have the feeling that arch linux is better for me. So after trying it in a virtual box I’m going to give it a try on my laptop. This writeup is not intented to be a arch linux install tutorial’ (there are many) or replace the wunderful arch linux wiki. It’s just a note for me what I did but I hope it might me helpful for somebody else as well.
Continue reading “Installing arch linux on my ThinkPad”
Sometimes it is useful to automatically mount a luks encrypted disk. In this post I’m going to describe to do this safely.
- My workstation, a Lenovo Thinkpad W510 has a drive bay, where you either store a hdd or a optical drive. I usually have a hdd placed there but sometimes I need the optical drive. So I don’t want to put the disk into
/etc/crypttab. But I also don’t want to mount it manually evry time.
- On my homeserver I use a SATA hotswap disk to make backups. I have two of those hdd, swap them weekly and always keep one of them at my workplace. These backup disks are encrypted of course. When changing the disk I always have ssh onto the server, find the disk, decrypt it and mount it. Would be great if I just had to plug it in.
- Same ideas also apply to external data or backup disks
DKIM (DomainKeys Identified Mail) is a mechanism to sign emails cryptographically. It can be used to ensure an email was really sent by the domain it claims to come from. Therefore it is an interesting feature in spam checking.
In this post I’m going to describe how I set up DKIM with amavis to sign all outgoing messages with the key of my domain. This works well in my setup with postfix, dovecot and amavis (amavisd-new), for your own setup you might have to change some things. Continue reading “DKIM with amavis and postfix”
The samba server is THE fileserver solution for linux. It can server linux clients as well as windows or mac clients and provides host, user or group based access control. In this post I’ll describe how I setup up a samba server using accounts stored in my ldap replica.
Note that this howto is referring to debian wheezy.
Continue reading “Creating samba shares”