Category Archives: Network Servers

OpenSSH

Tunneling SSH over HTTPS with stunnel

2 Comments
0.00 avg. rating (0% score) - 0 votes

I was faced with a firewall denying access to the outside world using ssh. All I had was http/https access via a proxy server which required authentication. I had an Ubuntu jump host outside the network connected to the internet with a free 443 port. I tried accessing that with httptunnel and proxytunnel, but could get neither to work with this proxy server.

The solution that worked in this particular case was stunnel. It can wrap any TCP connection into an https session which was not rejected by the proxy server I was facing.

Continue reading Tunneling SSH over HTTPS with stunnel

Active Directory, Authentication, Kerberos, Ubuntu, Uncategorized

Ubuntu 14.04 Active Directory Authentication

21 Comments
5.00 avg. rating (91% score) - 1 vote

In a post a couple of years ago I gave an example on how to configure an Ubuntu 12.04 server to authenticate to Active Directory. Things used to be hard back then. Now we have the realmd realm enrollment manager to do the hard work of joining the host to an Active Directory domain, and the System Security Services Daemon or SSSD to do the actual authentication and authorization work whenever it is needed. And things are much easier to configure and get running. Continue reading Ubuntu 14.04 Active Directory Authentication

Apache, Geoinformatics, Nominatim, OpenStreetMap, PostGIS, PostgreSQL, Ubuntu

OpenStreetMap Nominatim Server for Geocoding

33 Comments
5.00 avg. rating (98% score) - 9 votes

Here’s how to install the OpenStreetMap Nominatim service on your own server. It can be used to geocode and reverse geocode addresses and map coordinates. You will also get a web interface which loads map tiles from openstreetmap.org while doing geocoding requests using your own server. Continue reading OpenStreetMap Nominatim Server for Geocoding

DHCPD, IPv6, RADVD, Ubuntu

Linux IPv6 Router: RADVD + DHCPv6

3 Comments
3.25 avg. rating (68% score) - 4 votes

Unlike IPv4, which uses DHCP for configuration, IPv6 uses the Neighbor Discovery Protocol to configure addresses and gateways. Unfortunately, originally the protocol had no means of providing addresses of DNS servers to clients, making it necessary to use  DHCPv6 for that purpose. Modern Linux and Mac OS X machines are able to use the IPv6 Router Advertisement Options for DNS Configuration (RFC 6106), but to my knowledge, Windows clients are not able at the moment. Here’s how to configure a Linux router using radvd and the ISC DHCP daemon. Continue reading Linux IPv6 Router: RADVD + DHCPv6

Postfix, ProLiant, Ubuntu

HP ProLiant Management Component Pack on Ubuntu

5 Comments
0.00 avg. rating (0% score) - 0 votes

HP seems to have set up a package repository for Ubuntu 12.04, which is an improvement since I last checked a few years ago. To use the repo, add the following line to /etc/apt/sources.list:

Run “sudo apt-get update”.

You can install a number of software packages from the repository:

  • hpsmh: HP System Management Homepage
  • hp-smh-template: HP System Management Homepage Templates
  • cpqacuxe: HP Array Configuration Utility, web-based
  • hp-snmp-agents: Insight Management SNMP Agents for HP ProLiant Systems
  • hponcfg: RILOE II/iLO online configuration utility
  • hp-health: HP System Health Application and Command line Utility Package
  • hpacucli: HP Command Line Array Configuration Utility
  • ams: Agentless Monitoring Service for HP ProLiant Gen8 Systems Continue reading HP ProLiant Management Component Pack on Ubuntu
Active Directory, Kerberos, Samba, Ubuntu

Ubuntu 12.04 Active Directory Authentication

22 Comments
4.20 avg. rating (83% score) - 5 votes

Update 2015-06-16: Ubuntu 14.04 Active Directory Authentication

Authenticating Linux users against Active Directory has traditionally been hard. There’s a multitude of HOWTOs on how to do it, and every one of them seems to do it a bit differently. This is because environments and goals vary, and there are many ways to achieve a particular goal. I will add my version to the mix. This one fetches users and groups from Active Directory LDAP using a machine account added using the Samba tools, and authenticates users to the Active Directory Key Distribution Center using Kerberos. Continue reading Ubuntu 12.04 Active Directory Authentication

Apache, mod_auth_*, MySQL, Wordpress

Apache HTTP authentication against WordPress password database

1 Comment
0.00 avg. rating (0% score) - 0 votes

The stock mod_auth_mysql package in Ubuntu is not able to authenticate against the phpass password hashes stored in the WordPress database.

There seems to be a patch lying around to enable phpass authentication in mod_auth_mysql. Its inclusion in mod_auth_mysql has been requested a long time ago, and again more recently, but for one reason or another it has been declined. Inclusion of the patch into the Debian package has also been requested.

Thanks to Peter Lamberg, there are good instructions around on how to apply the patch and enable it. I’ve made available a pre-compiled 64-bit package here: Continue reading Apache HTTP authentication against WordPress password database

Apache, mod_dir, mod_rewrite, mod_wsgi, Python

Serving Python scripts with Apache mod_wsgi, part II – mod_rewrite

4 Comments
5.00 avg. rating (91% score) - 1 vote

In part I, we learned how to configure Apache to server any .py file as a web application using mod_wsgi. I promised to tell you more about WebOb and multiprocessing and multithreading, and exception handling. I’ll save those topics for later articles. Instead, in this part I will talk about using mod_rewrite – if, why and how to get rid of the .py extension. You will need the test apps from part I to try these out. Continue reading Serving Python scripts with Apache mod_wsgi, part II – mod_rewrite