Archive for May, 2008

Creating Alternate User Logins in Active Directory

Friday, May 30th, 2008

The User Principal Name (UPN) provides an easy-to-use naming style for users to log on to Active Directory. The style of the UPN is based on Internet standard RFC 822, which is sometimes referred to as a mail address. The default UPN suffix is the forest DNS name, which is the DNS name of the first domain in the first tree of the forest.

You can add alternate UPN suffixes, which increase logon security. You can also simplify user logon names by providing a single UPN suffix for all users. The UPN suffix is only used within the Windows Server 2003 domain and is not required to be a valid DNS domain name.

[Before following the steps below, ensure that the Administrative account being used is a member of Enterprise Admins.]

To add additional UPN suffixes

1. Select Active Directory Domains and Trusts in the upper left pane, right-click it, and then click Properties.
2. Enter any preferred alternate UPN suffixes in the Alternate UPN Suffixes box and click Add.
3. Click OK to close the window.

When accessing Active Directory Users and Computers, the account tab now has the option to select this newly created UPN for login access.

Configure ClamAV on a Kerio Mail Server

Wednesday, May 28th, 2008

As of KMS 6.1 , Kerio introduced clamAV support. This works by communicating with any clamd deamon via the localhost on port 3310. While clamAV can be downloaded via some package untils such as macports and fink, but it compiles fine from source on Mac OS X and so that is the preferred method.

To compile the source , you will need the Mac OS X Developer tools ( Actually just gcc ) which are available from the Mac OS X Installer CD and developer.apple.com ( Apple ID required )

Once downloaded/Installed, you can download the clamAV source(Latest stable release) from http://www.clamav.org/download/sources
File is typically a .gz which Safari will auto expand. The resulting tar file can be double clicked on to expand ( alternatively you can use tar -xzf /path/to/clamav-*.tar.gz or tar -xf /path/to/clamav-*.tar )

Once expanded you need to create a terminal session at that folder (i.e. cd /path/to/folder ) or “cd” and drag and drop the folder to automatically fill in the path. Verify you are in the right folder by typing “pwd”

# Next you must configure clamAV for the compile operation, and then install

CFLAGS=”-O0″ ./configure && make install

/usr/local/etc/clamd.conf

LogFile /var/log/clamav.log
LogTime yes
LogSyslog yes
LocalSocket /tmp/clamd
TCPSocket 3310
TCPAddr 127.0.0.1
MaxDirectoryRecursion 15
ScanOLE2 yes
ScanMail yes
ScanArchive yes
ClamukoScanOnOpen yes
ClamukoScanOnClose yes
ClamukoScanOnExec yes
ClamukoIncludePath /Users

/usr/local/etc/freshclam.conf

LogSyslog yes
PidFile /var/run/freshclam.pid
DatabaseOwner clamav
DatabaseMirror database.clamav.net
NotifyClamd /usr/local/etc/clamd.conf

/Library/LaunchDaemons/net.clamav.clamd.plist


Label
net.clamav.clamd
ProgramArguments

/usr/local/sbin/clamd

RunAtLoad

UserName
clamav

/Library/StartupItems/ClamAV/ClamAV

#!/bin/bash
. /etc/rc.common

StartService ()
{
ConsoleMessage “Starting ClamAV”
exec /usr/local/sbin/clamd
}

StopService ()
{
ConsoleMessage “Stopping ClamAV”
/usr/bin/killall clamd
}

RestartService ()
{
ConsoleMessage “Restarting ClamAV”
StopService
StartService
}

RunService “$1″

/Library/StartupItems/ClamAV/StartupParameters.plist

{
Decription = “ClamAV”;
Provides = (“ClamAV”);
OrderPreference = “Early”;
Messages =
{
start = “Starting ClamAV”;
stop = “Stopping ClamAV”;
};
}

Leopard: What, No NetInfo?

Thursday, May 15th, 2008

As many will already be aware, there’s no NetInfo in Leopard. So where are those pesky account settings stored? Well, local user account settings are now stored in plist files. The plist files are stored in the /var/db/dslocal/nodes/Default/users directory for users or /var/db/dslocal/nodes/Default/groups folder for groups. Password hashes are stored in the /var/db/shadow/hash folder. Inside each plist file for user accounts you can augment (or create) attributes required in order to perform certain actions. So, for example, if you want to change the location of your home folder you can open the users plist file and search for the home key and edit it’s contents.

Scripting Printers in Windows

Wednesday, May 14th, 2008

It’s possible to deploy printers to a windows environment when all the client computers are joined to the domain.

First, add the printers to the print server.
Second, make sure that on the print server you have also installed the drivers that the clients will require.

Open up notepad and use the following script template:

rundll32 printui.dll,PrintUIEntry /in /n \\servername\hplj4025
rundll32 printui.dll,PrintUIEntry /in /n \\servername\hpp2015

Save the text file as [whatevernameyouwant].bat

Place it somewhere in Sysvol Scripts or netlogon.

Open up Group Policy Management.
Create the GPO where you would like (in SBS put it with all of the others at the root of the domain).
Go to User Configuration > Windows Settings > Scripts
Go to “logon” and add the script location.

You have now added a logon script that will deploy Printers via a GPO. If the printers are already there, then it will not error, but it wont crash anything either.

Ubuntu 8.04 Released

Sunday, May 11th, 2008

ubuntulogo1.pngUbuntu 8.04 is now available – the first major release since 7.10. Code named Hardy heron, 8.04 will look familiar to long-time Ubuntu users. But under the hood, 8.04 sports a new kernel (2.6.24-12.13), a new rev of Gnome (2.22), improved graphical elements (such as Xorg 7.3), a spiffy new installer (Wubi), the latest and greatest in software, enhanced security and of course more intelligent default settings. The build is free to download the desktop version from ubuntu.com.

The new Ubuntu installer comes with a new utility called Wubi. Wubi can run as a Windows application, which means that Windows users will be able to more easily transition and learn about Ubuntu. Wubi can perform a full installation of Ubuntu as a file on a Windows hard drive. This means that you no longer need to install a second drive or perform complicated partitioning on an existing drive. When you boot up Ubuntu the system reads and writes to the disk image as though it were a standard drive letter, much like VMWare would do. Ubuntu can also be uninstalled as though it were a standard Windows application using Add/Remove Programs.

The new application set is solid. Firefox 3.0 comes pre-installed. Brasero provides an easier interface for burning CDs and DVDs. PulseAudio now gets installed by default (which is arguably a questionable decision but we found it worked great for us). The Transmission BitTorrent client is now included by default. Vinagre provides a very nice and streamlined VNC client for remote administration (although the latency for remote users is still a bit of a pain compared to the Microsoft RDP protocol). Inkscape has always been easy to install and use, but the popular Adobe Illustrator-like application it now comes bundled with Ubuntu.

In order to play nicer in the enterprise, the security infrastructure of Ubuntu has also had a nice upgrade. The Active Directory plug-in is provided using Likewise Open (unlike Mac OS X which sees a custom package specifically for this purpose). There is a new PolicyKit which provides policies similar to GPOs in Windows or MCX in Mac OS X. The default settings in 8.04 are also chosen with a bit more of a security mindset. New memory protection is built into 8.04, primarily to make exploits harder to uncover and prevent rootkits. Finally, UFW (uncomplicated firewall) is now built into the system to make firewall administration more accessible to the everyday *nix fan.

Network Administrators will be impressed by the inclusion of many new features. KVM is included in the Kernel and lib-virt and virtmanager are provided to make Ubuntu a very desirable virtualization platform. iSCSI support provides more targets with which to store those virtual machines and also expanded storage for those larger filers (eg – using Samba 3). Postfix and Dovecot provide a standardized mail server infrastructure out of the box. CUPS in 8.04 now supports Bonjour and Zeroconf protocols as well as the solid standbys of SMB, LPD, JetDirect and of course IPP. Those building web servers will be happy to see Apache 2, PHP 5, Perl, Python and Ruby on Rails (with GEM) and of course Sun Open JDK (community supported). If you need the database side of things there’s MySQL, Postgresql, DB2 and Oracle Database Express.

However, if you are just starting out keep in mind that Ubuntu Server does not come with a windowing system by default – so beef up those command line skills sooner rather than later! We are also still waiting for a roadmap for integrating much of the more Enterprise or Network-oriented packages. For example, we now have the PolicyKit and a solid Active Directory client. But how do we push out en masse the policies that we want our users to have post imaging?

So if you use Ubuntu or are interested in getting to know the Linux platform then 8.04 is likely a great move. It’s solid, stable and much improved over 7. It’s easier to migrate, virtualize and work in. The developers should be proud!

Using cmpindex4 to Fix Kerio Status and Index Files

Friday, May 9th, 2008

Installation
This is a BASH(shell) script deployed on a few select client systems, it is not installed by default. To use it you must upload the script to the server using any method available such as ARD’s copy command, scp/sftp or as a last resort cut and paste via ARD (if the ARD UDP ports have not been opened on the host).
If you do cut and past to recreate the file, make sure to use a command line editor such as nano or vi ( or just use TextEdit with (Format ->Make Plain text Selected). The scripts creator suggests you place it in the mailstore directory (which could need to be done as root) i.e.
sudo cp ~/Desktop/cmpindex* /usr/local/kerio/mailserver/store/mail/
chmod +x usr/local/kerio/mailserver/store/mail/cmpindex*

Usage
Once installed the general use is fairly simple, the script does a line count on any index.fld (or status.fld ) file passed to it, i.e:
sudo /usr/local/kerio/mailserver/store/mail/cmpindex4 /path/to/mailserver/store/mail/318.com/anna/INBOX/index.fld

Alternatively using the preferred method you can use find command in conjunction with the cmpindex to search for all index.fld files in the mailstore, while this takes longer , it will yield a more complete fix for all index and status files having issues.
sudo -s
cd /usr/local/kerio/mailserver/store/mail/
find . -name index.fld -exec ./cmpindex4 {} \;

The scripts behavior is to compare the line numbers in the index.fld and status files and either correct the mistakes in size by recreating the file ( in the case of the status files ) or to rename the index.fld to index.bad automatically(which is picked up by the built in kerio reindex tool ) . The script will output the names of the files affected.The script uses the BASH shell, and thus will be default only work on *nix and Mac OS X Systems, however you can use it under cygwin on windows with the following commands installed sed,rm,touch,mv,perl,awk,grep. The script was created by a Kerio engineer and could use some rewriting but is generally solid.

Office Unified Communication Server

Wednesday, May 7th, 2008

Communication is the transfer or collaboration of thoughts, ideas and plans between individuals. It is essential in the organizational success of most businesses to have various easy to use methods of communication. Today’s communication varies from chatting to video teleconferencing. Combining these forms of communication into a simple easy to use interface or tool can drastically increase the flow of collaboration and communication of staff members.

Microsoft’s Unified Communication Server and Office Communicator comprise a suite of programs and services that allow businesses to integrate most communication platforms into one centralized management console. Unified Communications takes the functionality of outlook and exchange and combines email with VOIP service, voicemail, chatting, faxing and video teleconferencing. Along with the integration of all these services, Unified Communications comes with one tool to rule them all.

Office Communicator gives anyone with a laptop or Windows Mobile Smart phone the ability to switch methods of communication on the fly, without having to worry about loss of communication. This simple tool will give you ability to take your office anywhere in the world as long as you have an Internet connection. It also has the ability to attach additional phone numbers to your main office number. Chatting, faxing, emailing, calling and video teleconferencing have never been so easy.

Unified Communications and Office Communicator provide a new method of centralized communication that when implemented in your company will greatly enhance the flow of communication between the staff at your business.

Starting and Stopping Kerio Mail Server From the Command Line

Friday, May 2nd, 2008

Windows Server 2003:
Verify the KerioMailServer process “mailserver.exe” is running.
tasklist /svc | find /i “Kerio”

This command will also return the process id of the mailserver.
If the mailserver process is not listed you can query if its stopped by using:
sc queryEx KerioMailServer

Under STATE: You will see “STOPPED,STOP_PENDING,RUNNING,START_PENDING”
If the process is stopped you can see if it shutdown successfully by examining the WIN32_EXIT_CODE
This value should normally be 0 if the process exited normally.

To stop the Kerio mailserver Process you can use:
sc stop KerioMailServer

To start the Kerio mailserver Process you can use:
sc start KerioMailServer

If the Kerio process will not stop, you can at last resort before a reboot try a task kill:
taskkill /f /im mailserver.exe

to restart the service:
(wait 3-5 seconds before hitting any key to continue -which will [re]start the service).
sc stop KerioMailServer & pause & sc start KerioMailServer

Mac OS X v10.4
Verify the KerioMailServer process “mailserver” is running.

ps -awx | grep mailserve[r]

This command will also return the process id of the mailserver.
if the mailserver process is not listed you can attempt a start by using:

To stop the Kerio mailserver Process you can use:
sudo SystemStarter stop KerioMailServer

If the Kerio process will not stop, you can as last resort before a reboot try a KILL signal:
sudo launchctl unload ‘/Library/LaunchDaemons/com.kerio.watchkms.plist’
killall -9 mailserver
Remember to reload the com.kerio.watchkms when your ready to [re]start the service in lieu of just using “SystemStarter start…”
sudo launchctl load ‘/Library/LaunchDaemons/com.kerio.watchkms.plist’

To start the Kerio mailserver Process (Normally) you can use:
sudo SystemStarter start KerioMailServer

to restart:
sudo /Library/StartupItems/KerioMailServer/KerioMailServer restart

Mac OS X v10.5
Verify the KerioMailServer process “mailserver” is running.
This command will also return the process id of the mailserver.
ps -awx | grep mailserve[r]

To stop:
sudo launchctl unload ‘/Library/LaunchDaemons/com.kerio.watchkms.plist’
sudo /usr/local/kerio/mailserver/KerioMailServer stop

If the Kerio process will not stop, you can as last resort before a reboot try a KILL signal:
sudo launchctl unload ‘/Library/LaunchDaemons/com.kerio.watchkms.plist’
killall -9 mailserver

To start:
sudo launchctl load ‘/Library/LaunchDaemons/com.kerio.watchkms.plist’

To restart:
sudo /usr/local/kerio/mailserver/KerioMailServer restart