robocopy 2014 2015 /COPY:S /SECFIX
CISCO Client can’t connect outside to PPTP (L2TP) VPN
If You cannot connect VPN from NAT inside to any server, check if there is no „no-payload” in:
ip nat source list …
Symptoms: PPTP Error 800, Error 619
#cisco #windows #pptp #vpn
cPanel Quick Fix Permission Script (by find)
find ./ -type d -exec chmod 755 {} \;
find ./ -type f -exec chmod 644 {} \;
OVH / Linux Two network cards (nic), two gateways. Gateway for one ip address. Two Gateways. VRACK IP Failover
eth0: 2.2.2.2 ( route like a normal )
eth1: 1.1.1.1 netmask 255.255.255.255 ( OVH )
# make this IP append to table Route1
ip rule add to 1.1.1.1/32 table Route1
ip rule add from 1.1.1.1/32 table Route1
# this IP push directly to eth1
ip route add 10.10.10.10 dev eth1
# and main think, put default route for this table
ip route add default via 10.10.10.10 dev eth1 table Route1
IPTABLES cPanel script set outgoing IP as dedicated
iptables -t nat -A POSTROUTING -o eth0 -m owner --uid-owner *USERNAME* -j SNAT --to 198.51.100.10
Do I need to comment that? 😉
Oh, wait. Maybe some script to do it easier?
#!/bin/bash for file in /var/cpanel/users/*; do fname=$(basename $file) ip=$(grep "IP=" $file | cut -d "=" -f 2) hip=$(hostname -i) if [ "$ip" != "$hip" ] then echo iptables -t nat -A POSTROUTING -o eth0 -m owner --uid-owner $fname -j SNAT --to $ip fi done
cPanel set php / php.ini variable for one vhost / account
1: on folder’s .htaccess put:
suPHP_ConfigPath /home/{account}/public_html <Files php.ini> order allow,deny deny from all </Files>
2: in php.ini
magic_quotes_gpc = Off magic_quotes_runtime = Off magic_quotes_sybase = Off
3. Remember for correct: chown, chmod
Done.
[POSTFIX] How to check if user exists in case of postfix proxy Exchange with Active Directory / LDAP
In case if postfix is Exchange proxy mail filter,
much email going to spamassasin (grow up load), and then relay to Exchange
( made fake reply to non existing address ) so it’s good idea to check if recipient exists:
This is in case of EFA – work nice.
1) Install postfix-ldap package
2) nano /etc/postfix/ldap-users.cf
3) Insert:
server_host = srv.domain.local search_base = dc=domain,dc=local bind = yes bind_dn = CN=Some User,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local bind_pw = [******** Your PW here *********] query_filter = (|(mail=%s)(proxyAddresses=smtp:%s)) leaf_result_attribute = mail # result_format = %S OK result_format = OK
4) Modify your /etc/postfix/main.cf to achieve this one:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access ldap:/etc/postfix/ldap-users.cf, hash:/etc/postfix/recipient_access, reject
5) service postfix reload
6) tail -f /var/log/maillog
If some user shoud be passed, but it’s no in active directory,
edit /etc/postfix/recipient_access
and put:
email@domain.com OK
postmap /etc/postfix/recipient_access
Done. Enjoy!
#ff
UBIQUITY Unifi, Windows 2008R2 RADIUS + SSL Setup – Integration
1. Add valid certificate to MMC, Local computer, Personal, Certificates. Cert should be signed, valid and probably not wildcard!
Intermediate cert shoud be placed in correct folders ( Trusted Root CA, etc. )
Remember to have imported SSL With private key. If it is without private key, do:
Get cert serial number from itself,
at cmd: certutil -repairstore my „SerialNumber„ (https://support.microsoft.com/en-us/kb/889651)
2. Configure Windows 2008 R2 RADIUS
Add radius client: Enable, Friendly name: Unify_AP_01 IP: 172.16.0.11, Secret: P@ssw0rd,
4. Create new network policy:
Overviev: Enabled, Grant Access, Ignore User account, Type of network: unspecified.
Conditions: Nas port type: Wirewless IEEE 802.11 _ OR _ Witreless – Other
Windows Group: Domain\Wireless Users
Client Friendly Name: Unify_AP_*
Constraints:
Authentication method: Microsoft: Protected EAP (PEAP)
Edit it, select cert from point 1, Enable fast reconnect, Leave only Secured password (EAP-MSCHAP-2)
Ok, back to auth methods,
Leave 2 first checkboxes ( MSCAHP-2, User can change expired pass )
And configure Unify:
Settings ->WLAN Group -> Your WLAN
Set IP of Your RADIUS, password from first screen. WPA-Enterprise
IP, port 1812, P@ssw0rd
Radius1: IP, port 1813, P@ssw0rd
Done.
My favorite rsync command
rsync -avh -e "ssh -c arcfour" --stats --numeric-ids --partial --delete /home/ host.widmo.biz:/mnt/
WINDOWS XP, IPv6 configuration. OVH sample. VSphere working.
// chaos begin 😉
ipv6 install
// check index of interface
ipv6 if
// change default prefix ( WAN = Local Area Network by default )
netsh interface ipv6 set interface „WAN” siteprefixlength=54
// set ipv6 address ( 8 its interface index )
ipv6 -p adu 8/2001:41d0:b:110::1
// set default route
netsh interface ipv6 add route ::/0 „WAN” 2001:41d0:b:1ff:ff:ff:ff:ff