CUPS Administrative Guide

December 16, 2008 By Leave a Comment

I was recently given a copy of the CUPS Administrative Guide, which was written by Ankur Shah and published by Packt Publishing. The book covers the Common UNIX Printing System (CUPS) and offers a very simple yet powerful set of instructions for managing your CUPS environment.

The book is written well, its easy to understand and generally flows very well. The author did a great job explaining how to compile and install CUPS, configure CUPS, check printer status and configuring user access. These are just a few tidbits of information the book touches on.

If you are working with or plan to work with CUPS in the future I highly suggest checking this book out.

I’ve attached a sample of Chapter 4 with permission of the publisher so you can get an idea of how well the book is laid out.

Download Sample: Chapter 4 Managing multiple printers at a time

Filed Under: Articles & Reviews Tagged With: , , ,

Install nginx w/ php5 on Ubuntu 8.10

December 1, 2008 By 16 Comments

Below are the steps I took to configure nginx and php5 on my Ubuntu 8.10 server. I choose nginx because its lightweight and relatively easy to manage once you figure out the configuration. I’ve been using Apache for years and its second nature at this point, however, on my small VPS server I needed to maximize my resources.

Make sure your system is updated:

sudo aptitude update && sudo aptitude safe-upgrade

Install nginx and PHP5, we’ll be installing the cgi version of php.

sudo aptitude install nginx php5-cgi

Download the following php-fastcgi startup script and save it to /etc/init.d/php-fastcgi. Nginx will use php in cgi-mode which is why we are creating a init file for it. (note: I found this init script on a mailing list someplace)

Download: php-fastcgi init script

Next, run the following commands on the php-fastcgi script.

sudo chmod u+x /etc/init.d/php-fastcgi
sudo chown 0.0 /etc/init.d/php-fastcgi
sudo update-rc.d php-fastcgi defaults 21 23

Now, go ahead and create your directory that will store your website. For example you might do the following:

mkdir -p /home/username/domains/yourdomaincom/{public_html,log,cgi-bin}

Modify the /etc/nginx/nginx.conf file and set the following variable. I have mine set to 15MB but if you wish to allow larger files to be uploaded over http set this accordingly.

client_max_body_size 15m;

Finally, lets setup a virtual domain. Navigate to the /etc/nginx/sites-available directory and create a file called yourdomain.com (replace with your domain) and use the following as a template. Make sure to replace your paths etc.

[sourcecode language='css']server {
listen 80;
server_name yourdomain.com www.yourdomain.com;

access_log /home/username/domains/yourdomain.com/log/access.log;

location / {
root /home/username/domains/yourdomain.com/public_html;
index index.html index.htm index.php;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/username/domains/yourdomain.com/public_html$fastcgi_script_name;
include fastcgi_params;
}
}[/sourcecode]

Like apache, nginx has a sites-available and sites-enabled folder this allows for better control of active/disabled virtual domains. Navigate to the /etc/nginx/sites-enabled folder and create a symlink back to your virtual host’s configuration.

cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/yourdomain.com

Finally, lets start everything up.
/etc/init.d/php-fastcgi start
/etc/init.d/nginx start

At this point you should be able to browse to your site using your domain name. You can easily duplicate multiple domains by creating new virtual host files and creating the sym link as noted above, remember that ngix will need to be restarted.

Filed Under: Articles & Reviews, Ubuntu Tagged With: , , ,

linux & active directory authentication

April 26, 2007 By 2 Comments

Recently I have had the pleasure to work with Microsoft active directory. The goal is to get CentOS 4.4 to authenticate from active directory for ssh/mail/telnet etc. Below is a quick “howto” of sorts that deals with setting up the Linux side to authenticate from active directory.

Much to my surprise I found this process really simple and pretty effective, I’ve collected some thoughts as to advantages and disadvantages in using kerberos on the Linux side to connect to active directory.

Advantages:
1. Streamlined authentication process 2. Easily maintenance (two config files)
3. Fall back to /etc/passwd
4. Apache has a krb5/ldap module to-do authentication that works against AD
5. No need for LDAP or two/one way syncing
6. Simple maintenance and setup

Disadvantages:
1. Requires user to be in /etc/passwd (no password needed)
2. User shell/uid/gid are maintained from the Unix side
3. If a user is removed from AD the user will need to be removed from the Linux side as well

Implementation is rather simple and below are the changes I made to the Linux side so I could authenticate linux users from active directory, change passwords from the Linux side and update them in active directory.

Installed software (CentOS4.4) if you are using another distro package names may vary.

krb5-libs-1.3.4-46
krb5-auth-dialog-0.2-1
krbafs-1.2.2-6
krb5-workstation-1.3.4-46
pam_krb5-2.1.8-1

Next you will want to edit the /etc/krb5.conf file, please note YOURDOAMIN.COM is the realm you are using in your active directory setup.

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = YOURDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
YOURDOMAIN.COM = {
kdc = YOURACTIVEDIRECTORYSERVER.COM:88
default_domain = YOURDOMAIN.COM
kpasswd_server = YOURACTIVEDIRECTORYSERVER.COM
}

[domain_realm]
YOURDOMAIN.COM = YOURDOMAIN.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

Next you will want to make sure to edit /etc/pam.d/system-auth to include the kerberos pam modules, the easiest way to achieve this is by running “authconfig” from the command prompt. If you are using another OS other then CentOS4.4 you can find the changes below.

auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_krb5.so
password sufficient /lib/security/$ISA/pam_krb5.so use_authtok
session optional /lib/security/$ISA/pam_krb5.so

Additional information:
Users must be present in the /etc/passwd file in order to authenticate via active directory. A simple “useradd username” will do just fine. There is no need to set a password as it will be retrieved from active directory. If you do wish to set a password for the linux user you may and the user can then bypass active directory and authenticate via that password, the passwords must be different.

I hope this helps, your mileage may vary. :)

Filed Under: Articles & Reviews
Newer Posts »