Terminal server has exceeded maximum number of allowed connection

I have been playing with windows 2003 server seldomly and when i did, i got this horrible problem when i tried logging in via remote desktop connection.

 So, to solve this type of problem:

1. Log on on to the physical server as administrators
2. Go to Administrative Tools / Terminal Services Manager
3. Select Actions / Connet to Computer
4. logoff or disconnect sessions that are currently on.
5. That’s it! retry RDC again and you should be connected again….

On remote:

 open: run in windows and type this.

1.) mstsc /admin
2.) Enter and login as normal or administrator user.
3.) Done!!

Joomla login issues after upgrade to 1.5.23

This problem was found during upgrades of joomla site from version 1.5.x to 1.5.23

It applies to the login modules and its components having major problem in comprofiler that appear when you tried logging in, forgot password or trying to register.

 This problem occurs using Community Builder comprofiler components.

Workaround:

1. Logged in to your joomla administrator website, go to the components menu > community builder > tools
2. Try syncing the users, lots of error will appear as if the users are not sync.
3. Check > Check Community Builder Database and you will see where the error is coming from.
4. You should see problem like this highlighted in red > Avatars and thumbnails folder: /home/folder/public_html/published/images/comprofiler/ is NOT writeable by the webserver.
5. Change the permission to correct the errors in red and then try to resync the users again.
6. Refresh and check the logins and its should go back to normal..
7. Enjoy!

BE WARNED!!!

Default templates will also be replaced, be sure to backup your templates! this happen to me as i used rhuk_milkyway, the logo has been replaced with defaults AND without any warnings….

Installation of BIND using RHEL 6 Based on Selinux

Its been a while since i post new tutorials and found some time again in doing so, what i share to you today is the installation of BIND based on the new Red Hat Enterprise Linux 6 running SELINUX. This version of bind 9.7 is running on Fedora Core starting with version 13 (i think) and on CentOS 5.6.Understanding the new features of Bind 9.7 can be read on this links.
http://cdns.net/DNSSEC.pdf

So lets get started.
1. First of all check the base installation of BIND rpm’s
- Requirements in installing Bind (minimum)

[root@linuxiph ~]# rpm -qa | grep -i bind
bind-utils-9.7.0-5.P2.el6.i686
bind-libs-9.7.0-5.P2.el6.i686
bind-9.7.0-5.P2.el6_0.1.i686

and then:

[root@linuxiph ~]# rpm -ql bind
—
—
—
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
/var/run/named

[root@linuxiph ~]#chkconfig named on - set the daemon to start during reboot
[root@linuxiph~]#service named start - starting bind
Starting named:                                            [  OK  ]
[root@klinuxiph named]#

2. Check for rndc status:
[root@linuxiph ~]# rndc status
version: 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1
CPUs found: 2
worker threads: 2
number of zones: 16
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
[root@linuxiph ~]#

3. Check Selinux status

[root@linuxiph named]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          disabled
Policy version:                 24
Policy from config file:        targeted

Otherwise,
[root@linuxiph named]# setenforce 1 -  to have it enabled.

POINTERS: at this point:: Please never attempt to replace /etc/named.conf and  named.rfc1912.zones with the one that
comes with the sample. Also, avoid replacing the contents of /var/named as this will make the bind unusable all through out the installation because of access denied issues.

Why SELINUX i say? well, based on Redhat, selinux is far more secure than using chroot, its one of my main reason why i did not choose to install it.

YOU HAVE BEEN WARNED!

So lets continue…

Since bind requirements was already installed, we can now modify /etc.named.conf and create forward and reverse zones.

For my installation, i use linuxiph.com as my example, you can replace this domain if it is a private network or production network, works very much the same except for the IP Address.

4. Edit /etc/hosts - here’s mine

[root@linuxiph named]# cat /etc/hosts
192.168.0.197   pinoy. linuxiph.com      pinoy   # Added by NetworkManager
127.0.0.1       localhost.localdomain   localhost
::1             localhost6.localdomain6 localhost6

5. Modify /etc/named.conf
[root@linuxiph named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        #listen-on port 53 { 127.0.0.1; 192.168.0.197; };
        listen-on port 53 { any; };
        #listen-on-v6 port 53 { ::1; };
        listen-on-v6 port 53 { any; };
        directory       “/var/named”;
        dump-file       “/var/named/data/cache_dump.db”;
        statistics-file “/var/named/data/named_stats.txt”;
        memstatistics-file “/var/named/data/named_mem_stats.txt”;
        allow-query     { localhost; 192.168.0.0/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file “/etc/named.iscdlv.key”;
};

logging {
        channel default_debug {
                file “data/named.run”;
                severity dynamic;
        };
};

zone “.” IN {
        type hint;
        file “named.ca”;
};

zone “linuxiph.com” IN {
  type master;
  file “linuxiph.com.zone.signed”;
  notify yes;
};

zone “0.168.192.in-addr.arpa” IN {
  type master;
  file “192.168.0.zone”;
  allow-update { none; };
};

include “/etc/named.rfc1912.zones”;
===========================================================

Note:

For basic testing, you can disable this features to avoid browsing issues when bind starts: your browsing froze if this features
Left un attended. Re-enable this feature once the key sign has been generated and used.

       dnssec-enable no;
       dnssec-validation no;

I will explain as to why did  my file in my forward zone become -  “linuxiph.com.zone.signed”
Answer: You need to generate keys to be able to use bind properly without any disturbance to browsing. DVL issues.
*.signed file was created using dnssed-signzone

6. So here’s my initial forward zone:

[root@linuxiph named]# cat linuxiph.com.zone
$ORIGIN linuxiph.com.
$TTL 86400
@         IN  SOA  pinoy.linuxiph.com.  root.pinoy.linuxiph.com. (
              2001062504  ; serial
              21600       ; refresh after 6 hours
              3600        ; retry after 1 hour
              604800      ; expire after 1 week
              86400 )     ; minimum TTL of 1 day
;
;
          IN  NS     pinoy.linuxiph.com.
linuxiph     IN  A      192.168.0.197
;
;
@         IN  MX     10  mail.linuxiph.com.
mail      IN  A      192.168.0.197
;
;
; This sample zone file illustrates sharing the same IP addresses
; for multiple services:
;
ftp       IN  CNAME  linuxiph.com.
www       IN  CNAME  linuxiph.com;
;

=======================================
$include Klinuxiph.com.+005+64086.key   ;ZSK
$include Klinuxiph.com.+005+30064.key   ;KSK

This line should be included in the forward zone when the keys has been generated: will be doing that shortly.
By default, this line is NOT added for testing purposes or otherise commented it.
==========================================

7. Since my server is a stand alone server, it will also serve’s as my reverse zone server.

[root@linuxiph named]# cat 192.168.0.zone
$ORIGIN 0.168.192.in-addr.arpa.
$TTL 86400
@  IN  SOA  pinas.linux.iph.  root.pinas.linuxiph.com. (
       2001062501  ; serial
       21600       ; refresh after 6 hours
       3600        ; retry after 1 hour
       604800      ; expire after 1 week
       86400 )     ; minimum TTL of 1 day
;
@  IN  NS   pinas.linuxiph.com.
;
197  IN  PTR  pinas.linuxiph.com.

8. Edit /etc/resolv.conf

[root@linuxiph named]# vim /etc/resolv.conf
# Generated by NetworkManager
search pinoy.linuxiph.com
nameserver 127.0.0.1
nameserver 202.126.40.5
nameserver 222.127.143.5
~
9. Edit windows dns and include the linux dns server.

ipconfig /all should output something like this.

DNS Servers . . . . . . . . . . . : 192.168.0.197 - dns server ip should be on top of the list
                                                 202.126.40.5
                                                 222.127.143.5

10. Test it!

Check if port :53 is running
 netstat -anp|grep :53
[root@linuxiph named]#  netstat -anp|grep :53
tcp        0      0 192.168.0.197:53            0.0.0.0:*                   LISTEN      1763/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      1763/named
tcp        0      0 :::53                       :::*                        LISTEN      1763/named
udp        0      0 192.168.0.197:53            0.0.0.0:*                               1763/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               1763/named
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               1328/avahi-daemon:
udp        0      0 :::53                       :::*                                    1763/named

open port 53 in IPTABALES
#iptables -A INPUT -p tcp –dport 53 -j ACCEPT
#iptables -A INPUT -p udp –dport 53 -j ACCEPT

OR

#add the all source in iptables:
#iptables -A INPUT -p tcp -s 0/0 –dport 53 -j ACCEPT
#iptables -A INPUT -p udp -s 0/0 –dport 53 -j ACCEPT

When you check the iptables list, output should be like this.
ACCEPT     tcp  –  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
ACCEPT     udp  –  0.0.0.0/0            0.0.0.0/0           udp dpt:53

dns server:
[root@linuxiph named]# dig pinoy.linuxiph.com
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> pinoy.linuxiph.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31204
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;pinoy.linuxiph.com.            IN      A

;; ANSWER SECTION:
pinoy.linuxiph.com.     86400   IN      A       192.168.0.197

;; AUTHORITY SECTION:
linuxiph.com.           86400   IN      NS      pinoy.linuxiph.com.

;; Query time: 1 msec
;; SERVER: 192.168.0.197#53(192.168.0.197)
;; WHEN: Sun May 15 00:22:53 2011
;; MSG SIZE  rcvd: 66

in windows:
C:\Users\Ruel>nslookup pinoy.linuxiph.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.0.197

DNS request timed out.
    timeout was 2 seconds.
Name:    pinoy.linuxiph.com
Address:  192.168.0.197
============================================================================

11. so lets generate dnssec keys.
Short and brief explanation can be found on this link
-https://www.os3.nl/2009-2010/students/marcus_bakker/cia/assignments/week4

We will be generating ZSK(Zone Signing Key) and KSK(Key Signing Key), please read the links for explanation on this. Mine is shortcut - sorry

-ZSK
[root@linuxiph named]#dnssec-keygen -a RSASHA1 -n ZONE -r /dev/urandom -b 1024 linuxiph.com

-KSK
[root@linuxiph named]#dnssec-keygen -a RSASHA1 -n ZONE -f KSK -r /dev/urandom -b 2048 linuxiph.com

4 files has been generated namely
 Klinuxiph.com.+005+30064.key
 Klinuxiph.com.+005+30064.private
 Klinuxiph.com.+005+64086.key
 Klinuxiph.com.+005+64086.private

Attach the *.key files inside linuxiph.com.zone or uncomment it if you accidentally add the lines on previous occassions - This is the forward zone files, we will not touch the reverse zone.

$include Klinuxiph.com.+005+64086.key   ;ZSK
$include Klinuxiph.com.+005+30064.key   ;KSK

Create the sign file using - dnssec signzone

/usr/local/sbin/dnssec-signzone -o linuxiph.com  -k Klinuxiph.com.+005+30064 linuxiph.com.zone Klinuxiph.com.+005+64086.key

Where:
-o linuxiph.com - the domain you want to generate the keys
-k Klinuxiph.com.+005+30064 - KSK files
linuxiph.com.zone  -Forward Zone files
Klinuxiph.com.+005+64086.key - KSK Files

And why ZSK and KSK:
Klinuxiph.com.+005+30064 - KSK - 1 year expiration using this keys
Klinuxiph.com.+005+64086.key -ZSK - 1 month expiration using this keys

Then do #rndc reload

12. Ok, so to test it

[root@linuxiph.com named]# nslookup
> set type=RRSIG
> pinoy.linuxiph.com
Server:         192.168.0.197
Address:        192.168.0.197#53

pinoy.linuxiph.com      rdata_46 = A 5 3 86400 20110613015211 20110514015211 64086 linuxiph.com. YSuBYVt/t3+yWlAmSqmKCwqt7ZPvkRemMHM/Dioe1ZKDhPXUFlHcjDIr +XppCi/qr2VPm28in5S8ibG9c6pp7T1xmU/OJapE1WXU4AihxDrHdObY VRfIDmvvZRigZaO/apLXqqdu/wlJkZeGuMSZxJuIDMWvPWi723vC/33g Lg0=
pinoy.linuxiph.com      rdata_46 = NSEC 5 3 86400 20110613015211 20110514015211 64086 linuxiph.com. qJUODY142YAWTF2XZ2wO2IZ98OQwdDPr+ugI8GJQ2IywcjmUsxAb1R5x yzJCpAuyYARI29Txowt5BU01WcQ+wnA9Xw+npAqdCb6S4geZDQhzQhOb tCmcALiy9mSpH99gM7RlSVMk+h4fv3iRDqXnhm3dopJME8bSRAIWrc89 exI=
>

In /var/log/messages - you should have output something like this:

 named[6067]: zone linuxiph.com/IN: loaded serial 2011062504 (DNSSEC signed)
==========================================================================
Before the topic starts, i mention Selinux, right?

Here’s the error you will be getting because of this security.

#selinux is in Enforcing as of this moment…

#service named restart
-check /var/log/messages

now compare and enable permissive
#setenforce 0
#sestatus
Current mode:                   permissive
#service named restart
#cat /var/log/messages

check again /var/log/messages
certain degrees of problem can be seen in enforcing outpout, Some of the error i found are the following.

Some common problem like this can be found annoying:
named[29057]: the working directory is not writable

solution
chmod g+w /var/named

This appear because of selinux enabled!
named[28854]: logging channel ‘default_debug’ file ‘data/named.run’: permission denied
named[28854]: isc_log_open ‘data/named.run’ failed: permission denied

To solve this:
 restorecon -R -v /var/named/data/* -  should make it writable

 #setenforce 1 - setting again selinux to enforcing

 I havent done Re-sign of the keys as of this writing, either i will post the howtos or should i wait the ZSK to expire before i re-sign the keys.

Something i missed? feel free to comment…

Linux caching only dns server

ok, i made the shortcut to make caching name server work in less time.

1. First step is to check the tools installed:

Caching nameserver

Fortunately, setting up a caching nameserver is easy using RHEL ( Fedora RPMs or CentOS. The following RPMs need to be installed on the machine acting as the nameserver (use rpm -qa to determine if these packages are installed):

• bind (includes DNS server, named)

• bind-utils (utilities for querying DNS servers about host information)

• bind-libs (libraries used by the bind server and utils package)

• bind-chroot (tree of files which can be used as a chroot jail for bind)

• caching-nameserver (config files for a simple caching nameserver)

2. A caching nameserver forwards queries to an upstream nameserver and caches the results. Open the file /var/named/chroot/etc/named.conf and add the following lines to the global options section:

     forwarders { xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; }; #IP of upstream ISP nameserver(s)

     forward only; #rely completely on our upstream nameservers

The block above will cause the caching name server to forward DNS requests it can’t resolve to your ISP nameserver. Save the named.conf file and then assign 644 permissions:
chmod 644 named.conf
Check the syntax using the named-checkconf utility provided by the bind RPM:
named-checkconf named.conf
Correct any syntax errors (watch those semicolons) named-checkconf reports. Monitoring the /var/log/messages file may also be helpful in debugging any errors.
We now need to set the local resolver to point to itself for DNS resolution. Modify the /etc/resolv.conf file to the following:

nameserver 127.0.0.1

If you are running a DHCP server on your router make sure your /etc/resolv.conf file does not get overwritten whenever your DHCP lease is renewed. To prevent this from happening, modify /etc/sysconfig/network-scripts/ifcfg-eth0 (replace eth0 with your network interface if different) and make sure the following settings are set:

BOOTPROTO=dhcp
PEERDNS=no
TYPE=Ethernet

Go ahead and start the nameserver as root and configure to start in runlevels 2-5:
service named start
chkconfig named on

 3. 

Testing

The bind-utils RPM contains tools we can use to test our caching nameserver. Test your nameserver using host or dig and querying redhat.com:

dig redhat.com . . ;; Query time: 42 msec ;; SERVER: 127.0.0.1#53(127.0.0.1)

From the above dig query you can see it took 42 msec to receive the DNS request. Now test out the caching ability of your nameserver by running dig again on the redhat.com domain:

dig redhat.com . . ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1)

We dropped from 42 msec to 1 msec after the previous DNS query was cached. Caching is working! Let’s now put the cache to work by configuring the clients to use the new caching nameserver.

Client Configuration

For Linux and Windows clients you may have a couple of options for your resolver configuration depending on your network environment:

1. If you have a router and your client’s IP address is assigned via DHCP from the router, then you can use the router to assign the primary nameserver during the DHCP lease requested from the client. Log in to your router and make sure your primary nameserver points to your caching nameserver IP address in the router DHCP settings.

2. For Linux clients, you can set up the resolver in the same procedure as the nameserver by modifying the /etc/resolv.conf file. For Windows clients you will need to set the nameserver IP address in the Control Panel -> Network Connections -> TCP/IP -> Properties -> Use the DNS Server Address option. NOTE: The Windows DNS server option may vary depending on your version.

Test your new client configuration(s) using dig. You can use the nslookup command for Windows clients. Your DNS requests should have similar response times as we saw earlier when testing the nameserver directly.

NOTE: If you are running a firewall on the nameserver system, make sure clients have access to port 53. An example iptables rule for the 192.168.15.0/24 subnet would be:

iptables -A INPUT -s 192.168.15.0/24 -p udp –dport 53 -j ACCEPT
service iptables save

DONE!!

Easisest way of changing Linux (CentOS, Fedora, RedHat) Hostname

Use the echo command to replace the contents of /proc/sys/kernel/hostname with your new host name.

# echo hostname.com > /proc/sys/kernel/hostname

Then restart the network interfaces:

# /etc/init.d/network restart Shutting down interface venet0:  [  OK  ] Shutting down loopback interface:  [  OK  ] Bringing up loopback interface:  [  OK  ] Bringing up interface venet0: RTNETLINK answers: File exists RTNETLINK answers: File exists [  OK  ]

Now you can use the hostname command to verify that it has changed.

 Be it known that it will not touch or changed any thing in /etc/hosts use it at your own Descretion =)

Installing WATS in Joomla Frontend

I was installing the support ticket for joomla and having found problem installing it in the frontend.

So while i solve the problem, i found this solution to solve my issues:

1. Login to admin control panel then go to Menus -> main menu and add new
 
2. By adding new menu items you need to provide Title and alias

3. click “change type” and look for waticksystem components then save. 

This will create links in the frontend, its up to you to published it publicly or for registered users only.

Done!

How to Install MySQL Database Using Yum groupinstall on CentOS

 Its been a while since I posted a new tutorials.

 Today, i found an interesting topic about MySQL installation simultaneously using yum, straightforward installation and quite neat:

You can find the reference at the bottom of this topic, ENJOY!

How to Install MySQL Database Using Yum groupinstall on CentOS

by Ramesh Natarajan on April 28, 2010

In this article, let us review how to install MySQL on CentOS using yum. Instead of searching and installing mysql and related packages one-by-one, it is better to install MySQL using yum groups.

If you are interested in installing the full LAMP stack, refer to our earlier article on how to install/upgrade LAMP using yum.

1. Identify the Group name of MySQL Packages

yum grouplist displays all package groups that are available in the repository. As shown below, mysql package group is called “MySQL Database”.

# yum grouplist | grep -i mysql   MySQL Database

2. What is bundled in the “MySQL Database” group?

yum groupinfo displays all the packages that are bundled in a group. This displays the mandatory, default and optional packages that are available in that particular group.

As shown below, “MySQL Database” group contains 1 mandatory package, 6 default packages, and 5 optional packages.

# yum groupinfo "MySQL Database"Group: MySQL Database Description: This package group contains packages useful for use with MySQL. Mandatory Packages:   mysql Default Packages:   MySQL-python   libdbi-dbd-mysql   mysql-connector-odbc   mysql-server   perl-DBD-MySQL   unixODBC Optional Packages:   mod_auth_mysql   mysql-bench   mysql-devel   php-mysql   qt-MySQL

3. Install the “MySQL Database” group using yum groupinstall

yum groupinstall will install the “MySQL Database” group of packages as shown below.

# yum groupinstall "MySQL Database"

Resolving DependenciesDependencies Resolved

Transaction Summary=========================Install     12 Package(s)Update       0 Package(s)Remove       0 Package(s)         

Installed:  MySQL-python.i386 0:1.2.1-1 libdbi-dbd-mysql.i386 0:0.8.1a-1.2.2  mysql.i386 0:5.0.77-4.el5_4.2  mysql-connector-odbc.i386 0:3.51.26r1127-1.el5  mysql-server.i386 0:5.0.77-4.el5_4.2  perl-DBD-MySQL.i386 0:3.0007-2.el5  unixODBC.i386 0:2.2.11-7.1    

Dependency Installed:  libdbi.i386 0:0.8.1-2.1 libdbi-drivers.i386 0:0.8.1a-1.2.2  libtool-ltdl.i386 0:1.5.22-7.el5_4  mx.i386 0:2.0.6-2.2.2 perl-DBI.i386 0:1.52-2.el5  

Complete!

Note: If you are having some issues during the installation, verify the full mysql install log to see what you are missing.

4. Verify MySQL Installation

Execute rpm -qa, to confirm that the mysql related packages are installed.

# rpm -qa | grep -i mysqlMySQL-python-1.2.1-1mysql-5.0.77-4.el5_4.2mysql-connector-odbc-3.51.26r1127-1.el5mysql-server-5.0.77-4.el5_4.2libdbi-dbd-mysql-0.8.1a-1.2.2perl-DBD-MySQL-3.0007-2.el5

Check the /etc/passwd and /etc/group to make sure it has created a mysql username and group.

# grep mysql /etc/passwdmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash

# grep mysql /etc/groupmysql:x:27:

5. MySQL Post installation – Execute mysql_install_db

mysql_install_db program will setup the necessary grant tables. The mysql_install_db program gets executed as part of the rpm installation. But, it doesn’t hurt to execute the mysql_install_db program again to make sure the grant tables are setup properly.

# /usr/bin/mysql_install_db --user=mysqlInstalling MySQL system tables…OKFilling help tables…OK…..The latest information about MySQL is available on the web at http://www.mysql.com

6. Start MySQL Server

# service mysqld statusmysqld is stopped

# service mysqld startStarting MySQL:                                            [  OK  ]

7. Verify that the MySQL server is up and running.

# /usr/bin/mysqladmin version/usr/bin/mysqladmin  Ver 8.41 Distrib 5.0.77, for redhat-linux-gnu on i686Copyright (C) 2000-2006 MySQL ABThis software comes with ABSOLUTELY NO WARRANTY. This is free software,and you are welcome to modify and redistribute it under the GPL license

Server version		5.0.77Protocol version	10Connection		Localhost via UNIX socketUNIX socket		/var/lib/mysql/mysql.sockUptime:			39 sec

Threads: 1  Questions: 2  Slow queries: 0  Opens: 12  Flush tables: 1Open tables: 6  Queries per second avg: 0.051

# /usr/bin/mysqlshow

+————————-+|     Databases             |+————————-+| information_schema   || mysql                       || test                          |+————————-+

# /usr/bin/mysqlshow mysqlDatabase: mysql

+——————————+|          Tables                |+——————————+| columns_priv                    || db                                   || func                                 || help_category                   || time_zone_transition_type || user                                 |+——————————-+

Stop and start the mysql server again to make sure they are no issues.

# service mysqld stopStopping MySQL:                                            [  OK  ]

# service mysqld startStarting MySQL:                                            [  OK  ]

8. Change the MySQL root account password

Change the MySQL root account password to something secure.

# mysql -u rootWelcome to the MySQL monitor.  Commands end with ; or g.Your MySQL connection id is 5Server version: 5.0.77 Source distribution

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the buffer.

mysql> select host, user from mysql.user;

+———–+———+| host      | user       |+———–+———+| 127.0.0.1 | root     || localhost |             |+———–+———+

5 rows in set (0.00 sec)

mysql> set password for ‘root’@'localhost’ = PASSWORD(’DoNotTell$AnyBody’);Query OK, 0 rows affected (0.00 sec)

mysql> set password for ‘root’@'127.0.0.1′ = PASSWORD(’DoNotTell$AnyBody’);Query OK, 0 rows affected (0.00 sec)

Make sure you are able to login to MySQL using the new password as shown below.

# mysql -u rootERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: NO)

# mysql -u root -pEnter password:Welcome to the MySQL monitor.  Commands end with ; or g.Your MySQL connection id is 7Server version: 5.0.77 Source distribution

Type ‘help;’ or ‘h’ for help. Type ‘c’ to clear the buffer.

mysql>

Reference: http://www.thegeekstuff.com/2010/04/yum-groupinstall-mysql-database/

Using client certificate with Apache and Subversion

I somehow came across on this SSL using apache and subversion, it might be useful to some of us!

 

This is not a typical use case for anyone who uses the client certificate with Apache and Subversion.  In general, the client certificate is used for all Apache requests including the SVN related ones. This use case is bit different, and uses client certificates for all Apache requests, but not for Subversion requests. This sounds like a straightforward configuration in Apache configuration file, but it is not.

Usual workaround

The SSLVerifyClient optional directive is used to enforce client certificate based authentication. If it is specified at the <Location /> directive, all non-Subversion requests goes through client certificate based authentication. The SSLVerifyClient none directive is used to avoid using client certificate based authentication. If it is specified at the <Location /svn> directive, the Subversion requests do not  go through this authentication.

413 — Request Entity Too Large

If we use the above workaround, we face 413 Request Entity Too Large while uploading large files using POST method. This is due to bug 12355. According to this bug report, if SSLVerifyClient optional directive is specified at <Location /> directive, the user will face this issue. The bug report claims that it is fixed in Apache 2.0.55, but I faced this issue even in Apache 2.2.11.

The work around is to specify SSLVerifyClient optional at the virtual host level. But then, this setting can be overridden only using <Directory> directive. In our case, it can not be overridden using <Location /svn> directive. Thus the client certificate based authentication is enforced even for SVN requests.

SSLRenegBufferSize directive in Apache 2.2.12

The issue 413 Request Entity Too Large error is occurred when the SSL Renegotiation is attempted, because we specified SSLVerifyClient optional at <Location /> directive. The default size is 2048 bytes, which is not sufficient. In Apache 2.2.12, SSLRenegBufferSize directive is introduced precisely to configure the buffer size. I have not tried this in Apache 2.2.12 yet.

Snippet from Apache 2.2.12 changelog file.

*) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
   size of the buffer used for the request-body where necessary
   during a per-dir renegotiation. PR 39243. [Joe Orton]

The Hack to overcome this issue

We can not use SSLVerifyClient optional at virtual host level. We also can not let SVN requests go through client certificate based authentication.

We skipped the client based authentication for specific servlets which supports file upload, as far as Apache is concerned. We modified the code to still authenticate using client certificate only for these servlets. By using the following directive we fixed this issue. We also avoid specifying the SSLVerifyClient optional directive at <Location /> directive.

<LocationMatch “^/servlets/(?!(fileUpload1|fileUpload2))”>

  SSLVerifyClient optional
  SSLVerifyDepth 2
</LocationMatch>
 

This is not a perfect solution, but it solves the problem on hand. We should upgrade to Apache 2.2.12 and verify if SSLRenegBufferSize directive fixes the problem cleanly.

About the Author

Bhuvaneswaran Arumugam is part of an Engineering Team, customizing the flagship product CollabNet TeamForge as per the client requirements. He spends some time contributing to the Open source projects Subversion and Ubuntu. In recent times, he worked on adding new sections in the Ubuntu Server Guide for the next release, Karmic. You can follow Bhuvaneswaran on Twitter: http://twitter.com/livecipher

User file ownership using vista

Well, its been a while since i was not posting blogs on this, untill recently i found a good way to edit windows file using user ownership.

So to begin with, follow this steps.

First, open an administrator command prompt by typing cmd into the start menu search box, and hit the Ctrl+Shift+Enter key combination.

To take ownership of the file, you’ll need to use the takeown command.

At the command prompt type: takeown /f c:\windows\system32\file.dll

That will give you ownership of the file, but you still have no rights to delete, move and rename it.  Next, you need to run the cacls command to give yourself full control rights to the file:

At the command prompt type: cacls c:\windows\system32\file.dll /G your username:F

Make sure that you replace “your username” with your username exactly as it is spelled for the currently active user account on your computer.

At this point, you should be able to change the file.  Rename the file from file.dll to file.dll.old.  Next, copy the new source file that you downloaded from above to c:\windows\system32.

Once the file has been replaced you need to set the permissions back to its original state.  Locate nlasvc.dll in c:\windows\system32 in the Windows File Manager.  Right mouse button click on the file and choose Properties.

Click Security tab; Click Advanced button; Click Owner tab; Click Edit button; Click Other User or Group and type in NT SERVICE\TrustedInstaller.

Press Ok on all dialogs until all property dialogs are closed.  Restart the PC and you should be back in business.

backup server

Im looking for a good backup server and this is the one i found using linux, i will be adding more.

Bacula server for linux

www.http://www.dirvish.org/
http://wiki.edseek.com/howto:dirvish#installing_dirvish

Copyright notice in Joomla 1.5x

1 day ago when i changed my joomla template, the copyright notice appear on all my page. This prompt me to look for solution in removing the notice.

I found it in the joomla forum.

Here’s how:

Thats it! simple isnt it…

Reference: http://forum.joomla.org/viewtopic.php?f=32&t=276726&start=0

Problem with sh404sef

I found this problem while installing the sh404sef, good thing is…there is procedures in reinstalling it.

HERE’s HOW!

Uninstall sh404

As stated, sometimes you may have to uninstall sh404 totally in order to upgrade. First, perform a manual uninstall and upgrade. If this doesn’t work, then you can delete all the sh404 files via FTP. All these should be deleted:

• the folder (= directory): components/com_sef
  
• the folder: administrator/com_sef
  
• the files: shCustomTags.php, shCustomtags.xml — these are in /modules/
• any file or folder with sh404sef in its name in the /media/ directory (they are used for holding configs while upgrading)

After this you should be able to reinstall or upgrade. 
 

sh404sef configuration unwriteable

Another reason for upgrade or config failures is that file permissions are too tight. You don’t have high enough permissions set on the files in order to write to them. You can change this in the CMS backend (Site >> Global Configuration >> Server tab — file permissions); or via FTP; or via the server control panel (cPanel, Ensim) File Manager. If this doesn’t work then it could be that your server settings are not correct - the file ownership setting is wrong.

But try uninstalling / deleting the old sh404 version completely first. You shouldn’t lose any URLs or meta, they are in the database and the new sh404 version will retrieve them. I have never lost any data when upgrading, even when I had to delete files and folders via FTP. But you could play safe and get a DB backup though.

Reference:

http://www.a3webtech.com/index.php/install-sh404.html

 HERE’s Another Info!

This component rewrites Joomla! URLs to be Search Engine Friendly. It has plugins, for handling various components, can work without .htaccess, build up meta tags automatically or manually, and more. Please note this is still beta software, which means that we are still in the debugging process and some functions or behaviors may change in next version.

Joomla Front Page Slide Show V2

I came across this problem in Joomla 1.5.x in installing FPSS V2.

So to tweak it, follow this…

FOR JOOMLA 1.5.x
—————————————–
The J1.5 changes to the above examples are…

Code:

<jdoc:include type=”modules” name=”fpss” />
 
instead of

Code:

<?php mosLoadModules(’fpss’,-2);?>

and to add this “fpss” module position in joomla, you need to edit the XML file of your joomla’s template. For example, if you’re using the default “rhuk_milkyway” template, simply navigate to templates/rhuk_milkyway, edit templateDetails.xml and add the line

Code:

<position>fpss</position>
 
at the bottom of the “positions” block, so

Code:

    *

          <positions>
              <position>breadcrumb</position>
              <position>left</position>
              <position>right</position>
              <position>top</position>
              <position>user1</position>
              <position>user2</position>
              <position>user3</position>
              <position>user4</position>
              <position>footer</position>
              <position>debug</position>
              <position>syndicate</position>
          </positions>

will become

Code:

/*    <positions>
        <position>breadcrumb</position>
        <position>left</position>
        <position>right</position>
        <position>top</position>
        <position>user1</position>
        <position>user2</position>
        <position>user3</position>
        <position>user4</position>
        <position>footer</position>
        <position>debug</position>
        <position>syndicate</position>
                <position>fpss</position>
    </positions> */

That’s it!

 To put the FPSS in your front page. put  <jdoc:include type=”modules” name=”fpss” /> code above

 ”<jdoc:include type=”component”

After that create module template and name it Frontpage Slidesshow removing the default templates created during installation.

 Thats it!

 Reference:

http://forum.joomlaworks.gr/index.php?action=printpage;topic=3262.0

 UNINSTALL/REINSTALL

Do this when uninstalling:

You must fully uninstall the component and the module and reinstall it again.
Please do the following:

- Uninstall all FPSS components and modules
- Make sure the following folders do not exist
administrator/components/com_fpss
components/com_fpss
modules/mod_fpss

Then re-install. If the files did not properly get deleted previously then it’s either a server files permission issue OR you uploaded the new version without uninstalling the old one.

Joomla login

I was modifying my website using joomla login modules only to find out that the main culprit is in the joomla templates.css and not the login modules templates! Took me almost a day to find out what is really going on…what a crap!!

Culprit can be found in the templates area itself:

/* blue */input,button {    border:1px solid #74a0dd;
    background: #transparent;
}

Changed the border color to your liking

I used this on templates siteground-j15-14

Thats it!!

google apps

For my reference in setting apps for my own domain in google with so much rich features:

http://www.google.com/support/a/

Buying domains in google:

http://www.google.com/a/cpanel/domain/new

DNS

I found this site quite interesting founded by this young hindi.

http://anuragbhatia.com/web-hosting/dns/dns-zone-propagation-time/

and some dns related check up

www.dnsstuff.com

Great!

PMI or PMP

While browsing the net about PMP, i think this reference can help a lot if you you are planning to take the PMP Exam later on.

Test Prep Tips for PMP Certification Adapted From: PMP Certification For Dummies Printer-ready version Studying for the PMP exam is time consuming and demanding. Following are some suggestions on how to make the test-prep process easier and more enjoyable: Keep your study materials handy wherever you go. Any time you’re waiting or have a few minutes to kill, read your material. Take practice exams and look at what you got right, what you got wrong, and what you’ve learned since your previous attempt. Use the simulation exam from the Computer Based Training (CBT) course on the accompanying CD. Because the exam format is also computer-based, the simulation exam will help prepare you for the real exam. Keep the scores as a motivator to do better. Try making your study session a quiz to challenge yourself. Do your homework Because you need to know many ordered lists and definitions for the exam, concentrate your efforts at the highest levels. The high-level ordered lists are The five process groups The nine knowledge areas The 39 component processes When you start memorizing the ordered lists for the nine knowledge areas and the 39 component processes, the first step is to become familiar with the definitions. Don’t focus your energy on memorizing the definitions just yet. Focus your effort on memorizing the lists, in order. Later, you can dive into the definitions. Following are some key terms you need to know: Constraints Assumptions Every management (subsidiary project) plan and its supporting detail The feedback loop for (subsidiary or knowledge area) project plan updates. (They may be called something else depending on their knowledge areas — for example, schedule updates rather than time updates.) Historical information (always an input) Organizational policies (always an input) Organizational procedures (almost always a technique) Corrective actions Change requests Lessons learned (always an output) Work results (output of execution, an input to control) The work breakdown structure Decomposition Expert judgment Project charter Scope statement Statement of work It’s easier to learn these ordered lists as pairs or groupings of terms. For example, it’s easy to see the logical grouping among corrective action, change requests, and lessons learned. An example of pairing is with any subsidiary management plan in any knowledge area; it’s paired with some type of supporting detail. Other pairs include assumptions and constraints, work results (exact definitions change in different knowledge areas), and change requests. Be on the lookout for how the processes for each of the following terms flow, how the output of one process becomes the input of another: Assumptions and constraints Change requests and corrective action The management plans (as an output of planning and an input to both execution and control) Make note of their exceptions — for example, where change requests are an input or where they are an output. Execution outputs include the paired items’ work results (the exact definition may be different in different knowledge areas) and change requests. Know in which process the subsidiary project plan for that process starts or first appears. It will generally start in a planning process. Be careful because some planning processes don’t necessarily include planning in the term. For example, the schedule management plan is an output to Schedule Development. In the controlling processes, the only two processes that don’t include the word control are Scope Verification (Scope) and Performance Reporting (in Communications). Both are overall processes. Make sure that you know the differences between the core and facilitating processes in each knowledge area. Know the tools and techniques, especially where they involve further analysis. Know the tools and techniques of the risk area especially, including Performance Reporting in Communications, Time, Quality, and Cost. Look for question patterns Being able to detect patterns in the questions helps you eliminate bad choices and select the correct answer. Here are our guidelines for deciphering repeated patterns: Is the question looking for a match to the pattern or the exception to the pattern? Is the question looking for an input, tool and technique, or an output? What process group does the question cover? What are the process results? These objectives are outputs. What knowledge area does the question cover? Two basic types of patterns are matching and exception: Matching: A question that calls for a matching pattern names a series of items and asks you to pick the item in the responses that’s most nearly like the others. For example, banana is a match for apple, orange, and grapefruit. Possible exam question: Which of the following processes belongs to Risk? Exception: The exception pattern presents you with a list of items and asks you to identify the one that doesn’t belong: Among apple, brick, orange, and grapefruit, brick is the exception. Another term for an exception pattern is a mismatch. Possible exam question: Which of the following processes does not belong to Risk? Look for key words and phrases in the question such as: Best or worst First or last Belongs to or does not belong Must or except for Most effective or least effective First or last Greatest or least Most helpful or least helpful Not including Key activity Preferred response

Related Articles PMP Certification: Identifying the Scope of a Project PMP Certification: Creating the Project Plan PMP Certification: Controlling Risk Getting to Know the OSI Model for the CCNA Exam Unmasking the Subnet Mask for the CCNA Exam

Related Titles CompTIA A+ Certification All-In-One Desk Reference For Dummies MCSE Designing a Windows 2000 Directory Services Infrastructure For Dummies CCNP All-in-One Desk Reference For Dummies  PMP Certification For Dummies CCNA For Dummies, 2nd Edition

Tutorials

My best linux hangout..

http://www.linuxhomenetworking.com/ http://www.howtoforge.com/howtos/linux/centoshttp://www.linuxfoundation.org/en/OpenPrinting/Database/Documentation

My best damn video tutorials:

CBT: -TrainSignal: -

Awesome!!

Network Calculator

A very important tools for network administrators!!

http://www.subnet.persianadmins.com/subnet.htm

Cisco Kron

In short crontabs!!

http://www.en.persianadmins.com/article/cisco/Cisco_Scheduled_Command_2007090321.html