sudo /sbin/pam_tally2
Login Failures Latest failure From jack.oregan 1 06/29/12 15:22:19 /dev/pts/0
Reset all failures
sudo /sbin/pam_tally2 -r
If you run "sudo /sbin/pam_tally2" again the output will be blank
Friday 29 June 2012
how to check if a user account is locked out in linux
Show accounts with password failures
sudo /sbin/pam_tally2
Reset all failures
sudo /sbin/pam_tally2 -r
If you run "sudo /sbin/pam_tally2" again the output will be blank
sudo /sbin/pam_tally2
Reset all failures
sudo /sbin/pam_tally2 -r
If you run "sudo /sbin/pam_tally2" again the output will be blank
User must change password on next login in linux
su to root
chage -d 0 useraccountname
Next time the user logs in they will be asked to change their password
chage -d 0 useraccountname
Next time the user logs in they will be asked to change their password
Tuesday 26 June 2012
After reboot Jboss service starts but chek fails on port 8080
After jboss started up there was still a check failing in monitoring. The check was on port 8080. The server was responding on port 80 but not 8080. It turned out iptables was the cause. It was set to start on boot on the server. It was turned off on other servers. Added jboss into chkconfig on the server. Turned iptables off on boot (to mirror config as other servers). Set httpd/jboss to start on boot with chkconfig. Set iptables not to start. All fixed now.
Friday 22 June 2012
account lockout in windows
You can use the account lockout tools to find out why accounts are locking out
http://www.microsoft.com/en-us/download/details.aspx?id=18465
On server 2008 you have to make sure to run eventcombMT as administrator.
This http://support.microsoft.com/kb/977519 page says the account lockout ID is 4740
You can configure account lockouts in group policy under
Computer configuration -> Policies -> Windows Settings -> Account Policies/Account Lockout Policy
http://www.microsoft.com/en-us/download/details.aspx?id=18465
On server 2008 you have to make sure to run eventcombMT as administrator.
This http://support.microsoft.com/kb/977519 page says the account lockout ID is 4740
You can configure account lockouts in group policy under
Computer configuration -> Policies -> Windows Settings -> Account Policies/Account Lockout Policy
Thursday 21 June 2012
command for adding and removing linux users
This command removes the user and their home directory too
sudo /usr/sbin/userdel -r theuser.name
Use useradd for adding users
sudo /usr/sbin/useradd theuser.name
Add the user to the wheel group
sudo /usr/sbin/usermod -G10 theuser.name
To set a users password
sudo passwd theuser.name
Expire the password so they need to change it at next logon (need to su to root)
chage -d 0 theuser.name
sudo /usr/sbin/userdel -r theuser.name
Use useradd for adding users
sudo /usr/sbin/useradd theuser.name
Add the user to the wheel group
sudo /usr/sbin/usermod -G10 theuser.name
To set a users password
sudo passwd theuser.name
Expire the password so they need to change it at next logon (need to su to root)
chage -d 0 theuser.name
Wednesday 20 June 2012
python script to connect to linux servers and run a command
This is a sloppy script I wrote to get a job done. The job was to collect the host name, list of users and the wheel group from a list of linux servers. It could be easily edited to run other commands. You need to have your password set the same on each server. My username is hard coded. You also need to have a list of servers in /data/servers.txt
import os
# Read servers in from file
f = file("./data/servers.txt","r")
servers = []
servers = f.readlines()
# set up commands to use later
cmd1 = 'hostname'
cmd2 = 'cat /etc/passwd | sort'
cmd3 = 'grep wheel /etc/group'
sshcmd = 'ssh -p 22 user.name@'
# Loop through the list of servers, connect to each and run the commands that were setup above
for x in servers:
x = x.rstrip()
one = sshcmd + x + " " + cmd1 + " >> " + x + ".txt"
runone = os.system(one)
print runone
two = sshcmd + x + " " + cmd2 + " | cut -d: -f 1,3,6 | grep \"[5-9][0-9][0-9]\" | cut -d: -f1 >> " + x + ".txt"
print two
runtwo = os.system(two)
print runtwo
three = sshcmd + x + " " + cmd3 + " >> "+x+".txt"
runthree = os.system(three)
print runthree
An alternative to this would be to use cssh, but that was not available to me.
Monday 18 June 2012
listing users from /etc/passwd
This will grep the /etc/passwd file and remove lines with the usual default accounts. It should outlook a list of real users. You need to leave bin in there otherwise real users will be removed because they have /bin/bash in their shell path
grep -v "daemon\|adm\|lp\|sync\|shutdown\|halt\|mail\|news\|uucp\|operator\|games\|gopher\|ftp\|nobody\|rpm\|dbus\|mailnull\|smmsp\|nscd\|rpc\|ntp\|vcsa\|rpcuser\|nfsnobody\|sshd\|pcap\|haldaemon\|xfs\|mysql\|apache\|jboss\|munin\|distcache\|avahi\|ntp\|avahi-autoipd" /etc/passwd
grep -v "daemon\|adm\|lp\|sync\|shutdown\|halt\|mail\|news\|uucp\|operator\|games\|gopher\|ftp\|nobody\|rpm\|dbus\|mailnull\|smmsp\|nscd\|rpc\|ntp\|vcsa\|rpcuser\|nfsnobody\|sshd\|pcap\|haldaemon\|xfs\|mysql\|apache\|jboss\|munin\|distcache\|avahi\|ntp\|avahi-autoipd" /etc/passwd
Wednesday 6 June 2012
powershell cheat sheet
List the members of the Domain Admins group in AD
Get-ADGroupMember "Domain Admins" | select "SamAccountName" | Sort-Object SamAccountName
Get-ADGroupMember "Domain Admins" | select "SamAccountName" | Sort-Object SamAccountName
Friday 1 June 2012
MD3000i basic setup
Basic MD3000i setup
Typical configuration
At least one host (to access the storage)
At least 2 switches (for iSCSI traffic only)
MD3000i and the hard disks inside
1 - Install the MDSM software on the host
Download the MSDM from dell website
Extract or mount the CD and select Install MD3000i Storage SW
Allow it to make some reg changes and install MDSM
Choose a full installation (installs drivers needed to provide iSCSI stores to this host)
Restart the host
2 - Upgrade to the latest firmware
Many users have had issues with the MD3000.
If you call dell with an issue one the first things they will check are that the firmware is up to date. Upgrade this to the latest before you start creating disk groups etc. Upgrading later will be tricky because you will need full backups of the data and the configuration of the SAN.
Dell have also started sending our replacment hard disks with the later firmware on them and you'll need to downgrade the firmware on them before they will work in your unit.
The firmware fixes alot of issues and you don't want any issues on a device like this which will probably contain your backups, critical file store, virtual hard disks and databases.
Also update all windows servers to latest updates, looks for hotfixes for iSCSI and MPIO.
3 - Configure the Storage
Run the MD3000i Configuration Utility
Configure -> Discover Array -> Automatic
Make sure both controllers are added to the MDSM if you have two controllers.
Rename the Array
Fill in a password (store that somewhere safe)
Specify the management ports (fill in IP addresses, *see note below)
Configure the iSCSI ports (fill in IP addresses)
Configure CHAP if requried (can do it later if needed)
Apply settings
Save your configuration file
Choose not to configure the array
Configure the host
* A note on selecting IP addresses
I advise you use IP addresses that are easy to understand.
For example:
Enclosure 0, Controller 0, iSCSI 0 = 192.100.100.100
Enclosure 0, Controller 0, iSCSI 1 = 192.100.100.101
Enclosure 0, Controller 1, iSCSI 0 = 192.100.101.100
Enclosure 0, Controller 1, iSCSI 1 = 192.100.101.101
Enclosure 1, Controller 0, iSCSI 0 = 192.101.100.100
and so on
This will make troubleshooting easier if you have to do it later on.
4 - Configure vDisks, volumes and assignments in the MDSM
Start the MDSM on the host
On the Configure tab, configure host access (who can access this storage)
Configure a hot spare (in case of a failure)
Create a vDisk, select manual, select the RAID level, select the disks you want
For example 3 disks in RAID5 with a hot spare.
Select capacity, name it and
Assign it to a host
Assign a LUN (usually 0 is a boot disk)
4 - Attach the vDisk to the host via iSCSI
Start iSCSI Initiator on the host (full install fills in the details for you)
Log On
Initialize the disk, format and assign a drive letter.
5 - Load balance your disks across the two controllers if you have them
You should alertante the preferred path across the two controllers if you have two. This will provide basic load balancing. Also if something happens to a controller you should known about it straight away. The disks will failover to the working controller. They will failback when you replace the faulty controller. There is much more you can do on array tuning, but this is a basic start. You should disk about which disks are busy during the day and night.
More on the switches
Depending on your set up, you may need more than 2 switches for heatbeat/live migration networks. If you do that you'll need enough NIC's on your hosts to accommodate this.
You will want gigabit switches and gigabit network cards in your hosts
You will want to enable jumbo frame on your network interfaces and swtich ports
MD3000 snapshots
Start MDSM
Go to configure -> Create snapshot virtual disk.
In order to ensure consistancy you need to halt all IO
Select the volume click next
select simple
Enter the snapshot name and repo name (dates,test etc)
Map to second host which you will be testing on
Microsoft hyper-v cluster
Must be enterprise or datacenter for cluster
All must be in the domain
Alt menu advanced -> Advanced settings (set domain int to be first bound)
DOMAIN int
heart beat
iSCSI
Also configure iSCSI(MTU should be configured to 9000 bits)
Needs to be set all the way through the network on all interfaces
Check IPs on
heartbeat
iSCSI
DOMAIN int
Turn off firewall on heartbeat and iSCSI network
They should be attached to their own switches (or VLANs)
There should be no internet access to the heartbeat or iSCSI networks
They should be physically/logically segmented away
ipconfig /all
make sure we can ping between heart beat network
netsh int ipv4 show interface
You will see the MTU set to 1500 bytes
You will also see the interface index
If you want to set up static routes
route add 10.10.11.0(the network) mask 255.255.255.0 10.10.11.2 (next hop) if 17
10.10.11.2 is my heart beat ip.
17 is the interface index for the heartbeat interface
Make sure we can connect to the iSCSI target
ping the target from all nodes
start iSCSI initiator
Fill in the target address 192.168.1.199 click quick connect
select the disks you want to connect to and click connect
Go into disk management
You should see the drives
iSCSI or fibre channel are presented at the block level to the OS
Re-scan disks
right click do new simple volume (quorum only needs to be 500mb, alot of people select 1GB)
New simple volume
Assign a drive letter
Assign a file system
Accocation unit defauilt
Volume lable Quorum
quick format
Re-scan on the other node
When you make a change to an iSCSI disk on one node, it will propagate to the other hosts
Typical configuration
At least one host (to access the storage)
At least 2 switches (for iSCSI traffic only)
MD3000i and the hard disks inside
1 - Install the MDSM software on the host
Download the MSDM from dell website
Extract or mount the CD and select Install MD3000i Storage SW
Allow it to make some reg changes and install MDSM
Choose a full installation (installs drivers needed to provide iSCSI stores to this host)
Restart the host
2 - Upgrade to the latest firmware
Many users have had issues with the MD3000.
If you call dell with an issue one the first things they will check are that the firmware is up to date. Upgrade this to the latest before you start creating disk groups etc. Upgrading later will be tricky because you will need full backups of the data and the configuration of the SAN.
Dell have also started sending our replacment hard disks with the later firmware on them and you'll need to downgrade the firmware on them before they will work in your unit.
The firmware fixes alot of issues and you don't want any issues on a device like this which will probably contain your backups, critical file store, virtual hard disks and databases.
Also update all windows servers to latest updates, looks for hotfixes for iSCSI and MPIO.
3 - Configure the Storage
Run the MD3000i Configuration Utility
Configure -> Discover Array -> Automatic
Make sure both controllers are added to the MDSM if you have two controllers.
Rename the Array
Fill in a password (store that somewhere safe)
Specify the management ports (fill in IP addresses, *see note below)
Configure the iSCSI ports (fill in IP addresses)
Configure CHAP if requried (can do it later if needed)
Apply settings
Save your configuration file
Choose not to configure the array
Configure the host
* A note on selecting IP addresses
I advise you use IP addresses that are easy to understand.
For example:
Enclosure 0, Controller 0, iSCSI 0 = 192.100.100.100
Enclosure 0, Controller 0, iSCSI 1 = 192.100.100.101
Enclosure 0, Controller 1, iSCSI 0 = 192.100.101.100
Enclosure 0, Controller 1, iSCSI 1 = 192.100.101.101
Enclosure 1, Controller 0, iSCSI 0 = 192.101.100.100
and so on
This will make troubleshooting easier if you have to do it later on.
4 - Configure vDisks, volumes and assignments in the MDSM
Start the MDSM on the host
On the Configure tab, configure host access (who can access this storage)
Configure a hot spare (in case of a failure)
Create a vDisk, select manual, select the RAID level, select the disks you want
For example 3 disks in RAID5 with a hot spare.
Select capacity, name it and
Assign it to a host
Assign a LUN (usually 0 is a boot disk)
4 - Attach the vDisk to the host via iSCSI
Start iSCSI Initiator on the host (full install fills in the details for you)
Log On
Initialize the disk, format and assign a drive letter.
5 - Load balance your disks across the two controllers if you have them
You should alertante the preferred path across the two controllers if you have two. This will provide basic load balancing. Also if something happens to a controller you should known about it straight away. The disks will failover to the working controller. They will failback when you replace the faulty controller. There is much more you can do on array tuning, but this is a basic start. You should disk about which disks are busy during the day and night.
More on the switches
Depending on your set up, you may need more than 2 switches for heatbeat/live migration networks. If you do that you'll need enough NIC's on your hosts to accommodate this.
You will want gigabit switches and gigabit network cards in your hosts
You will want to enable jumbo frame on your network interfaces and swtich ports
MD3000 snapshots
Start MDSM
Go to configure -> Create snapshot virtual disk.
In order to ensure consistancy you need to halt all IO
Select the volume click next
select simple
Enter the snapshot name and repo name (dates,test etc)
Map to second host which you will be testing on
Microsoft hyper-v cluster
Must be enterprise or datacenter for cluster
All must be in the domain
Alt menu advanced -> Advanced settings (set domain int to be first bound)
DOMAIN int
heart beat
iSCSI
Also configure iSCSI(MTU should be configured to 9000 bits)
Needs to be set all the way through the network on all interfaces
Check IPs on
heartbeat
iSCSI
DOMAIN int
Turn off firewall on heartbeat and iSCSI network
They should be attached to their own switches (or VLANs)
There should be no internet access to the heartbeat or iSCSI networks
They should be physically/logically segmented away
ipconfig /all
make sure we can ping between heart beat network
netsh int ipv4 show interface
You will see the MTU set to 1500 bytes
You will also see the interface index
If you want to set up static routes
route add 10.10.11.0(the network) mask 255.255.255.0 10.10.11.2 (next hop) if 17
10.10.11.2 is my heart beat ip.
17 is the interface index for the heartbeat interface
Make sure we can connect to the iSCSI target
ping the target from all nodes
start iSCSI initiator
Fill in the target address 192.168.1.199 click quick connect
select the disks you want to connect to and click connect
Go into disk management
You should see the drives
iSCSI or fibre channel are presented at the block level to the OS
Re-scan disks
right click do new simple volume (quorum only needs to be 500mb, alot of people select 1GB)
New simple volume
Assign a drive letter
Assign a file system
Accocation unit defauilt
Volume lable Quorum
quick format
Re-scan on the other node
When you make a change to an iSCSI disk on one node, it will propagate to the other hosts
Subscribe to:
Posts (Atom)