Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

LDAP-Based Access Control

First off, let’s set some expectations. First, I performed this testing using CentOS (version 4.3) and Windows Server 2003 R2, both running as VMs on VMware ESX Server (version 3.0.0). Active Directory and the CentOS server were configured for Kerberos authentication as described in my Linux-AD integration instructions. Second, I used OpenSSH (version 4.2p1 on the client, version 3.9p1 on the server) as the vehicle for testing host access. If you are using telnet, HTTP, or something else, the configuration will look very different. Third, and finally, I can’t guarantee you that this procedure will work flawlessly in your environment. It should, however, get you well down the road to completion.

(Read more...)

New Zero-Day Word Vulnerability

This new zero-day vulnerability has only been confirmed on Word 2000, but may also work on newer versions of Word as well. Security firm Secunia has issued an advisory with more information. eWeek is also providing information on the newly discovered vulnerability.

(Read more...)

Kerberos TGT Validation

I performed some testing with both CentOS 4.3 and Solaris 10, two of the platforms for which I’ve penned instructions on how to integrate authentication with Active Directory (using Kerberos and LDAP). I was hoping that I would see the same behavior on both platforms, but my testing showed otherwise.

(Read more...)

Follow Ups on Solaris, Native Kerberos Authentication

If you haven’t read the previous articles, take a quick moment to review them before continuing:

(Read more...)

Another Round with iSCSI and ESX Server 3

There were two driving factors that led me to rebuild the iSCSI-based storage that was currently serving the test lab, instead of continuing to use the Data ONTAP Simulator. First, we had acquired a Gigabit Ethernet backbone for the test lab, and I wasn’t convinced that the Data ONTAP Simulator was taking full advantage of the Gigabit Ethernet NICs I installed in the server. I also wanted to test bonding some NICs together for more throughput, or possibly to try some multipathing. I couldn’t do either of those with the Data ONTAP Simulator. Note that this is not a knock against the Data ONTAP Simulator; it’s not designed or intended for those kinds of things. (It would be great if I could get a real NetApp device in the lab, but I don’t know if that will ever happen.)

(Read more...)

Erroneous Mail Relay Error with Exchange

You’ve probably all run into the “Unable to relay” error message before. The usual fixes to this problem are pretty straightforward:

(Read more...)

Native Kerberos Authentication with SSH

First, a quick disclaimer: I have only tested this in a very limited configuration. Namely, using OpenSSH 4.2p1 on Mac OS X (as reported by ssh -V) to connect to OpenSSH 3.9p1 on CentOS 4.3 (again, as reported by ssh -V). I have been trying to get it to work with the SSH server in Solaris 10 but have been unsuccessful thus far (more on that in a moment).

(Read more...)

More on Kerberos Authentication Against Active Directory

I’ll break the information down according by the article to which the information pertains. If the information pertains to all the articles equally, it is included in the “All Articles” portion. Links back to the original articles are included.

(Read more...)

Finding Duplicate Names in Active Directory

To use this procedure, you’ll need access to the Directory Service command line tools (these come installed automatically with Windows Server 2003) and Microsoft Log Parser. With these two tools in hand, let’s proceed.

(Read more...)

Reminders of Why I Like the Mac

I make no secret of my preference for Mac OS X; in the past, I’ve written about why I chose to use a Mac and my preferred Mac OS X-based applications, including a fair number of open source applications for the Mac. I’m also not afraid to speak up about what’s wrong with Mac OS X, and to speak out against the misconceptions that many Mac users have.

(Read more...)