Tuesday, December 16, 2014

Solaris 10: an LDAP user can login, but can't use SSH: You don't exist, go away!


As said in the title, I've encountered
Solaris 10: an LDAP user can login, but can't use SSH: You don't exist, go away!


Symptom: 
[14-12-03 - 14:09:54 on servername]  ~$ id -auid=1201 gid=1200 groups=1200,1300
[14-12-03 - 14:08:13 on servername]  ~$ ssh -vv
You don't exist, go away!

Cause:
users (not in root or sys group) can't access information from LDAP Server

Solution:
as root:

 
[14-12-03 - 14:40:42 on servername] root /etc
$ chmod o+r /var/ldap/*
[14-12-03 - 14:42:05 on servername] root /etc
$ ll /var/ldap/*
-rw-r--r--   1 Template root         10K Dec  3 13:45 /var/ldap/cachemgr.log
-rw----r--   1 Template root         64K Aug  5  2013 /var/ldap/cert8.db
-rw----r--   1 Template root         32K Aug  5  2013 /var/ldap/key3.db
-r-----r--   1 Template root         222 Dec  3 13:38 /var/ldap/ldap_client_cred
-r-----r--   1 Template root         478 Dec  3 13:38 /var/ldap/ldap_client_file
-rw----r--   1 Template root         32K Aug  5  2013 /var/ldap/secmod.db

then "id" commands show correct results coming from LDAP server:
[14-12-03 - 14:14:15 on servername] alex ~
$ id -a
uid=1201(alex) gid=1200(admin) groups=1200(admin),1300(support)

It's a quick post, please leave your questions in the comments! 
Posted by at No comments:

Tuesday, April 8, 2014

Quick how to: extend a linux encrypted partition



You have a linux virtual machine with an encrypted hard drive. How to quickly extend it ?


Environment (this method may apply to other environments):
  • Virtualization type: 
    • VMWare ESX
  • Linux:
    • RHEL 5.7
    • using main root partition as an LVM encrypted with LUKS
      / in /dev/sda2
    • using a boot partition /boot in /dev/sda1

Quick method:
  • give more space from VMWare
    •  edit settings / Hardware / Hard Disk / change the value in "provisioned size"
      (it is usually grayed out when you already have a snapshot)
    • create a snapshot (to roll back in case of problem)
  • boot a live CD
    • from VMWare, Edit Settings / CD DVD adapter / load ISO (I used a debian7 cd image) + connected at poweron
    • edit bios setting to boot on cd
    • Boot on virtual CD: for my Debian 7, I booted in ExpertMode / Rescue Disk 
  • From the live cd console
    • extend physical parition
      fdisk /dev/sda
      sequence is: d 2 n p 2 t 2 8e w
      (sequence meaning: delete partition2, new partiiton primary, number2, change type of parititon2 to LVM (8e) )
    • Open CRYPT
      cryptsetup luksOpen /dev/sda2 crypt1
    • extend  CRYPT:
      cryptsetup resize crypt1
    • entend PV:
      pvdisplay /dev/mapper/crypt1
      pvresize /dev/mapper/crypt1
      pvdisplay /dev/mapper/crypt1
    • entend LV:
      lvdisplpay
      lvresize -L +30G /dev/VolGroup00/LogVol00
      lvdisplay
  • reboot your server as usual
    • extend filesystem:
      resize2fs  -p /dev/mapper/VolGroup00-LogVol00
    • check new available size:
      df -h
That's it

Notes:
this is a quick (and dirty) how to.
It does not cover good practice like writing random data in the disk space we merge with our LUKS partition. It uses a live cd to avoid lock and root unmount problems.
I hope it will be useful for some readers ! Comments welcome





Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)