Reset or recover password lost or forgotten alcatel OS6850 switch

Ok, to reset a password, or if you have forgotten your admin password for your switch, do the following steps, and all done

Remember, this clears all users on the switch (NMS) etc.

Connect with putty.exe to the switch, make sure you are connected (press Enter key couple times)

Then reboot and press enter key almost immediately to stop Auto boot

Wait for the message Hit any key to stop autoboot: 0 and hit any key. Hit any key to stop autoboot: 0

Then type the following commands

=> fatls ide :1,0

=> fatls ide :1,0 /network

=> fatdelete ide :1,0 /network/usertable5 OR usertable4

Now powercycle the switch or type "run miniboot" on the U-Boot; => Reboot or =>boot Now back switch will be factory default "admin/switch". Please note that you need to recreate all users needed for NMS or logins

ACPI: Assume root bridge [\_SB_.PCI0] bus is 0

OK, so I have noticed some HP hardware users are having issues installing Linux (different Distro's).

The CD would boot and get stuck at

ACPI: Assume root bridge [\_SB_.PCI0] bus is 0

... but don't cry ....

All you do is restart, and when you get the the install promt where you normally just press enter to boot, you type in the following and THEN press enter

linux noacpi nodma acpi=off

That should do it for majority of you guys...

SCP or SSH without password

I have many requests from user on how they can set up a linux server to be able to ssh or scp to another linux server without having to authenticate ( to move data with cron jobs, scripts etc ). This is REALLY so easy you wont believe it, but since you are here... reading this ... I take it is is NOT so easy then hey ;-)

Firstly, make sure that you actually have the neccesary routing and firewall rules in place for you to ssh to your destination Linux server. SO log into you server and do a normal ssh session to the other server:

ssh user@server.ip.address

This should prompt you for a username if you have connected before, or ask you (only once) to save the host key details for the server and then ask you for the password. Once this is confirmed, continue reading.

OK, so what you need to do is to check the following location to see if you have the following files.

cd /root/.ssh
ls -al

This should list the following files on your server:

-rwx--xr-x 1 user user 601 Jun 3 01:58 authorized_keys
-rwx--xr-x 1 user user 668 Jun 11 19:26 id_dsa
-rwx--xr-x 1 user user 599 Jun 11 19:26 id_dsa.pub
-rwx--xr-x 1 user user 6257 Jan 2 21:04 known_hosts

Should you NOT have the id_dsa files, you need to create them as follows:

user@fwsrv ~ $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): # Press 'enter' here
Enter passphrase (empty for no passphrase): # Press 'enter' here
Enter same passphrase again: # Press 'enter' here
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
2f:d4:cb:50:e6:f3:90:f0:0g:68:d6:10:34:eb:1d:5f user@fwsrv

DO NOT enter a password during any of the above steps.

Should you not have the authorized_keys on the destination server, do the following:

scp ~/.ssh/id_dsa.pub user@'servername':.ssh/authorized_keys

Only do the above if you DO NOT have the authorized_keys in the destination server as well

Should you allready have the file, because you need to do this between more than one server, you just need to copy the id_dsa.pub file from server1 to server2 as any file name and then concatinate the file on server2 to the existing file

Do this by typing : cat "filename" >> authorized_keys

This will take the contenst of "filename" and append or add it to the existing file, if you only make a > sign, you will over ride the whole file so be carefull !!

Now test the connection by typing ssh server2 from server1


GO HOME

squid proxy server - mini howto

Squid proxy servers are a great way to control your inter browsing for your company. In a previous post I have mentioned all the good reasons why you should get one, and in this post I will try and show you and explain to you where and how to do this.

You need to edit the main configuration file located under /etc/squid/squid.conf. In this file the following options must / can be used:

http_port 8080 - This is where you specify what port the proxy server must listen on. If you go to your Internet explorer to set your proxy and proxy port, this is the port number.

cache_mem 64 MB - This line specify the amount of memory that squid can use for caching. There are many theories out there how to calculate, but a good understanding could be obtained from the following criteria: ( from http://www.devshed.com/ )

x=Size of cache dir in KB (i.e. 6GB=~6,000,000KB) y=Average object size
(just use 13KB z=Number of directories per first level directory
(((x / y) / 256) / 256) * 2 = # of directories
As an example, I use 6GB of each of my 13GB drives, so:
6,000,000 / 13 = 461538.5 / 256 = 1802.9 / 256 = 7 * 2 = 14
So my cache_dir line would look like this:
cache_dir 6000 14 256

cache_swap_low 80 - When you set your cache_dir to lets say 2048 Mb or 2 GB, then this value is the low mark for squid to stop rotating or clean out the cache.

cache_swap_high 90 - Same as explanation above, but this will tell squid when to start free up old cache when it gets to the set level, and stop when it gets to the percentage of disk size ( 80 percent ).

maximum_object_size 1024 KB - This will tell squid not to cache any objects or files larger than 1 MB. It depends on how big the squid server is and how fast you want your cache to be, but also the amount of disk space you have, because you might fill up the space before you know it !

minimum_object_size 0 KB - This specify what the minimum size of a file or object is allowed to be, set this to 0 if you don't want to specify anything.

maximum_object_size_in_memory 64 KB - This specify the size of an object or file that is allowed to be placed in cache_mem amount of memory, Normally used for fast accees type files for browsing, don't make too high, it will hog the memory pool.

cache_dir ufs /var/spool/squid 2048 256 256 - This is where you specify what the disk space or disk space usage is for squid cache on your server. The cache_swap_high and cache_swap_low will look at this value and know when to rotate the cache when it hits the 90 an 80 percent mark.

cache_access_log /var/log/squid/access.log - This will tell squid where to write the access details to. You will run your reporting software on this file to see who browsed where on the Internet, amount of bandwidth used etc. You can use the below script file to concatenate the log files each month, so you have a directory will monthly access.log files in them :

#!/bin/bash
############################################################################## #Copyright : LDS - http://www.lds.za.net/
#
# Variables : ARCHIVE - directory where the SQUID files are archived
# : LOGDIREC - location
# : SQUIDLOG - SQUID log file name
##############################################################################
ARCHIVE=/var/log/archive/squid
LOGDIREC=/var/log/squid
SQUIDLOG=access.logrm $ARCHIVE/$SQUIDLOG -f
cp -dp $LOGDIREC/$SQUIDLOG $ARCHIVE/$SQUIDLOG
cp /dev/null $LOGDIREC/$SQUIDLOG
cd $ARCHIVE
mv ./`date +'%Y%m'`.gz ./temp.gz
gunzip ./temp.gz
(cat ./temp $SQUIDLOG gzip > ./`date +'%Y%m'`.gz) && rm temp mv temp
failed-`date +'%Y%m%d'`
#
# END OF SCRIPT
##############

ftp_user squid@lds.za.net - This specify the default username to send to Anonymous FTP sites.

auth_param basic program /usr/lib/squid/smb_auth -W CORE -U
The above line to to send authentication to a Microsoft based authentication server ( normally a domain controller )

auth_param basic children 8
auth_param basic realm AOSL Proxy Server
auth_param basic credentialsttl 2 hours

The above line sets options for the Authentication module.

client_lifetime 1 hour - This option prevent open connections to hog the squid process ( Internet Explorer browser left open on a PC )

half_closed_clients off - This works in conjunction with the above line to kill inactive connections

shutdown_lifetime 3 seconds - This option is to speed up the shutdown time when you stop squid.

acl password proxy_auth REQUIRED - This option work with the authentication options you have set, this will force authentication when a request comes through.

The below options is to have control over which Internal IP's can do anything, which sites are blocked etc.

acl openip src "/etc/squid/openip.cfg"
acl badsites dstdomain "/etc/squid/badsites.cfg"
acl opensites dstdomain "/etc/squid/opensites.cfg"
acl restricted_sites dstdomain "/etc/squid/restricted_sites"
acl restricted_users proxy_auth "/etc/squid/restricted_users"
acl priv_sites dstdomain "/etc/squid/priv_sites"
acl priv_users proxy_auth "/etc/squid/priv_users"
acl BONYUSERS dst 160.254.119.0/24

From the file names at the end ( which you should create ) explains what the file contain and what it will do for you.

The below lines is to "activate" the above lines

http_access allow BONYUSERS
http_access allow openip
http_access allow opensites
http_access allow restricted_users restricted_sites
http_access deny restricted_users
http_access allow priv_users priv_sites
http_access deny badsites
http_access allow password

The rest of the configuration files is not much needed, but the short explanation for that config line is given inside the /etc/squid directory.

As stated earlier, please post a comment to get more help.

Sendmail support - sendmailreload script

I have made this simple script you can use for your mail server when you need to activate any changes you have made to any of the config files inside the /et/mail directory. I know I have made a posting before with the script in it, but this one is a bit better, and this post is dedicated to it ;-)

Here is the script:

#!/bin/bash
MAILDIR="/etc/mail"
cd /etc/mail
makemap hash $MAILDIR/virtusertable.db < $MAILDIR/virtusertable
makemap hash $MAILDIR/mailertable.db < $MAILDIR/mailertable
makemap hash $MAILDIR/access.db < $MAILDIR/access
makemap hash $MAILDIR/aliases.db < $MAILDIR/aliases
makemap hash $MAILDIR/domaintable.db < $MAILDIR/domaintable
newaliases > /dev/null 2> /dev/null
wait
ps auxw grep sendmail grep accepting awk '{print "kill -HUP "$2}' sh
echo "Rebuild aliases run now - "`date` >> /var/log/maillog


The reason why it is better to use this script is that when you start to get a very busy mail server, with huge amount of mail in the mail queue, you don't want to restart the sendmail service everytime you made a change, rather run this script.

Sendmail support - aliases file

Sendmail use this file to "alias" email to users, groups, script files or even Mailmanagers.
With a standard Linux installation, this file is for some reason located in the /etc directory and not in the /etc/mail directory like the rest of the email configuration files.

I believe it is best to keep all the email configuration files in one directory, so I suggest you MOVE the /etc/aliases and the /etc/aliases.db files into the /etc/mail directory. Once you have done this, you MUST edit the /etc/mail/sendmail.cf file and change the location where sedmail is looking for the alias file. so you need to edit /etc/mail/sedmail.cf and look for the line:

" O AliasFile=/etc/aliases "

Change this line to read the following:

"O AliasFile=/etc/mail/aliases"

Write and quit the file, and again do a " service sendmail reload " or just run that sendmailreload script I have posted previously.

Lets look at the contents and the uses for the aliases file.

Option 1:

If you need to forward mail to more than one mailbox, example is sales, then you would use the aliases file. Inside the virtusertable file, you will state that sales@lds.za.net goes to user account lin001.

Then in the aliases file, you will have the following line to forward the mail to 4 other users as well, even external mail account, the following is the exact line:

lin001: user1, user2, user3, bill@gates.com
or
sales@lds.za.net: user1, user2, user3, bill@gates.com

Option 2:

If you need to forward mail for a specific user to himself and someone else, because he is on leave, then you would do the following.

jdoe@lds.za.net: \jdoe, user2

The \ in front of the username prevents the mail from looping that that user. Since the virtusertable already relay the mail to that user, you will create a loop of mail to that user by sending it to them again in the alias file.

Option 3:

You need to run a script file when someone sends an email to your server, almost like list managers, but normally used to send someone a legal disclaimer or something. The following line in the aliases file must be used.

disclaimer@lds.za.net: /path/to/script/file

Option 4:

The MD is going oversee on a business trip, and wants his email forwarded somewhere else, or to the branch where he is going, do the following.

ltrovald@lds.za.net: ltrovald@usa.lds.za.net

This will forward all mail to another mail address as specified.

Option 5:

The MD wants his mail to be kept on the server AND sent to the other email address as well, then do the following:

ltrovald@lds.za.net: \ltrovald, ltrovald@usa.lds.za.net


Remember to write a quit the /etc/mail/aliases file, and run the following command before reloading sendmail

makemap hash /etc/mail/aliases.db < /etc/mail/access
service sendmail reload

That is it, please post comments if you need more help.

Sendmail support - mailertable file

Sendmail use this file to forward mail for a domain itself as a whole to another host on the Internet or inside your network. Let say you have an internal exchange server, and the Linux server acts as a gateway on the internet, you can send all your email to the Linux server ( MX records ) and from there forward the mail internal to your exchange server.

The mailertable file can also be used to send an entire domain to one local user by doing:

domainname.com local:username

The virtusertable file can do the same as the above, by adding a line in the virtusertable file like:

@domainname.com username

The syntax to use in the mailertable file to send a domain email to another host, is done with the following example:

domainname.com smtp:[internalserver.domain.com]

That is it, again like always, send me your comments or questions so we can make this better for you !