Garnser

The Swede in the middle of Silicon Valley

Monday, October 12, 2009

Closing blog

As I've recently decided to get my own company going again I've made the decision to close this blog, it will still be available as is but there wont be any further posts. For technical solutions etc please refer to kb.sedoss.com were I'll post future technical solutions related to my consulting company.

Thanks for all of you who has followed my blog, as you hopefully know you can get to my personal blog via me.garnser.se.

Wednesday, September 16, 2009

Creds to Microsoft

Throughout the last few weeks I've somewhat raped my soul and went against most things I believe in. Why? I've done a Windows AD implementation to solve a somewhat interesting problem.

I've been working with an organization to help them create a centralized way of having authentication across the border, this include Windows, Linux and OS X servers and clients. Looking at the problem initially I gave it a try to run Samba as a PDC, unfortunately the development hasn't come as far as I hoped so I gave up that idea.

The solution I ended up choosing (which I haven't completely finished yet) is to utilize Windows AD and all that comes with it. As many know AD + Linux has never been a fun thing to deal with until recently as Microsoft decided to implement rfc2307 for Unix attributes. Doing this makes life a lot easier and I managed to put together a working solution in just a few hours, including group definitions!

For now I'm still working on having Samba authenticate with ADS so that shares can be maintained on a Linux-box rather than a Windows server (who wants to run NTFS anyway?) there's still some issues with it but I hope to have it ironed out pretty soon.

Didn't think I would say this but thank you Microsoft for opening up for us Unix-hackers!

Saturday, September 5, 2009

Making smbldap-tools rfc2307bis

Just stumbled upon a setup where I had to make smbldap-tools rfc2307bis compliant, figured I should post the patch here.

This adds ou and uniqueMember to smbldap-populate.

*** /usr/sbin/smbldap-populate.orig 2009-09-05 09:58:29.000000000 -0700
--- /usr/sbin/smbldap-populate 2009-09-05 10:04:10.000000000 -0700
***************
*** 285,293 ****
--- 285,295 ----
loginShell: /bin/false

dn: cn=Domain Admins,$config{groupsdn}
+ ou: Domain Admins
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 512
cn: Domain Admins
memberUid: $adminName
***************
*** 295,344 ****
--- 297,359 ----
sambaSID: $config{SID}-512
sambaGroupType: 2
displayName: Domain Admins
+ uniqueMember: uid=$adminName,$config{usersdn}

dn: cn=Domain Users,$config{groupsdn}
+ ou: Domain Users
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: $config{SID}-513
sambaGroupType: 2
displayName: Domain Users
+ uniqueMember: uid=$adminName,$config{usersdn}

dn: cn=Domain Guests,$config{groupsdn}
+ ou: Domain Guests
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: $config{SID}-514
sambaGroupType: 2
displayName: Domain Guests
+ uniqueMember: uid=$guestName,$config{usersdn}

dn: cn=Domain Computers,$config{groupsdn}
+ ou: Domain Computers
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: $config{SID}-515
sambaGroupType: 2
displayName: Domain Computers
+ uniqueMember: uid=$adminName,$config{usersdn}

dn: cn=Administrators,$config{groupsdn}
+ ou: Administrator
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the computer/sambaDomainName
sambaSID: S-1-5-32-544
sambaGroupType: 5
displayName: Administrators
+ uniqueMember: uid=$adminName,$config{usersdn}

#dn: cn=Users,$config{groupsdn}
#objectClass: top
***************
*** 375,389 ****
--- 390,407 ----
#displayName: Power Users

dn: cn=Account Operators,$config{groupsdn}
+ ou: Account Operators
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-32-548
sambaGroupType: 5
displayName: Account Operators
+ uniqueMember: uid=$adminName,$config{usersdn}

#dn: cn=System Operators,$config{groupsdn}
#objectClass: top
***************
*** 397,433 ****
--- 415,460 ----
#displayName: System Operators

dn: cn=Print Operators,$config{groupsdn}
+ ou: Print Operators
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 550
cn: Print Operators
description: Netbios Domain Print Operators
sambaSID: S-1-5-32-550
sambaGroupType: 5
displayName: Print Operators
+ uniqueMember: uid=$adminName,$config{usersdn}

dn: cn=Backup Operators,$config{groupsdn}
+ ou: Backup Operators
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 551
cn: Backup Operators
description: Netbios Domain Members can bypass file security to back up files
sambaSID: S-1-5-32-551
sambaGroupType: 5
displayName: Backup Operators
+ uniqueMember: uid=$adminName,$config{usersdn}

dn: cn=Replicators,$config{groupsdn}
+ ou: Replicators
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
+ objectClass: groupOfUniqueNames
gidNumber: 552
cn: Replicators
description: Netbios Domain Supports file replication in a sambaDomainName
sambaSID: S-1-5-32-552
sambaGroupType: 5
displayName: Replicators
+ uniqueMember: uid=$adminName,$config{usersdn}

";
if ("sambaDomainName=$domain,$config{suffix}" eq $config{sambaUnixIdPooldn}) {

Monday, August 31, 2009

New project going down

I'm currently working on a new exciting open-source project which is taking up the wast majority of my time. Once official I'll hopefully get back to somewhat of my normal life and start posting more again, for now follow me on twitter.

If you are or know someone who may be interested in contributing with code or design please contact me directly at jpetersson [ at ] garnser dot se.

Tuesday, August 11, 2009

Flow control routing

Just this morning I stumbled upon an article about Lawrence G. Roberts work on flow-control routers. I'm a bit surprised that I haven't stumbled upon his work earlier given that he's been in the market with this since 1999.

The technology behind flow-control is well described in the following chart:

If you're interested I would give the article about it a read, it's quite impressive that we've been able to keep up the last few years with 40 year old technology, I'm sincerely hoping to see more of these solutions in the future, especially if someone would decide to implement it into the Linux kernel.