Skip to content

configure

Configuring ownCloud 9 & Active Directory / LDAP Plugin Successfully

With this step-by-step guide, you will have your ownCloud 9 (and earlier) cloud server authenticating against Active Directory or LDAP correctly in no time!

Introduction

 

Recently, I went through the process of setting up a brand new ownCloud 9.1 server, after my previous ownCloud server had seen upgrades from 6.x all the way up to 8x.  If you’ve used ownCloud that long, you know the abundant changes and improvements that have been made along the way did not come without their growth pains; especially if you delved into encryption.  So, I decided to start fresh.  I use Active Directory to provide a centralized authentication source for everything in my personal “cloud,” so after setting up my new Dropbox clone, the first thing I needed to do was configure the LDAP user and group backend plugin.  I had a lot of problems getting the Active Directory usernames to match the ownCloud usernames, instead of showing a long string off numbers.  It was a lot of confusing UID, UUID, SAMAccountName and DN related confusion.  There aren’t any great guides to keep you from getting a headache, so I decided to make one.

 

Problems with the LDAP user and group backend plugin

 

It’s pretty straight forward to get an ownCloud server authenticating against and Active Directory server, but the biggest problem I’ve seen is the mapped usernames end up being long strings of numbers in ownCloud.  Although the display names are correct in owncloud, the actual username for all AD mapped logins, by default, are a long unique string makes things difficult.  For one, if you need to get to a users ownCloud data folder, there’s no intuitive way of knowing who’s is who’s folder from the command line.

With this step-by-step guide, you will have your ownCloud server authenticating against Active Directory / LDAP, with the following benefits:

 

  • The ownCloud username will match the Active Directory / LDAP username (no long incomprehensible string of numbers)
  • Any user added to a specified group created in Active Directory will automatically have ownCloud login privileges.
  • ownCloud users will be able to login using their username or email address (if specified in AD) interchangeably.

These three pluses make everything very seemless and saves a lot of headaches. So, lets get started.

Click Here to Continue Reading!

How to add a vLAN to a Cisco UCS using Unified Computing System Manager

Cisco’s UCS platform is an amazing blade infrastructure.  They are extremely reliable, very fast, and easily expanded.  Today, I’m going to briefly go over how to add a vLAN to your Cisco UCS setup, using the Cisco Unified Computing System Manager.  This guide assumes you have already configured the vLAN on your network and you have trunk-enabled ports being fed into your UCS and/or Fabric switches.

 

Go ahead and log into the Cisco UCS Manager.  Once you have logged in, select the LAN tab, then VLANs (in the left column).  Once there, click the New button, up at the top, and then Create VLANs.

 

For the VLAN Name/Prefix, give the VLAN a unique identifiable name.  In the VLAN IDs field, you need to enter to exact vLAN ID that was assigned to the vLAN when you configured it on your network infrastructure.  Once you have filled in those two fields, click OK.

 

Click Here To Continue Reading!

How To Install & Configure Fail2Ban On Ubuntu 14.04 LTS To Block Brute Force Attacks Against SSH and Apache Web Server

As you’ve probably heard me say before, if you have a public facing Linux server, meaning one or more open or forwarded ports, Fail2Ban absolutely must be installed. Fail2Ban monitors log files for excessive login attempts, also called Brute Force attacks. They are extremely common place on the internet. I have never had a public facing server that has gone more than a few days without some hacker trying to brute force it. These attacks go like this. Someone writes a script, or uses a program, that reads a bunch of possible usernames from a text file that has nothing but millions of usernames. There is also a text file with millions of passwords. The script will attempt to go through all username and password combinations until it finds one that can login successfully. Obviously, if you get a hundred or more login attempts from one IP address, nothing good will ever come from that IP so it pretty safe to assume it should be blocked, at least for some period of time.

Fail2Ban does precisely this. It constantly watches any log file you tell it to watch, and when a certain number of login attempts are logged from an IP address, Fail2Ban will automatically create an iptables rule to block all traffic from that IP address for a given period of time. Because brute force attacks take a long, long time, blocking one early on pretty much eliminates the possibility of a successful attack. SSH is the most common service / port for brute force attacks, from my experience. With FTP and POP3 (email) coming in second and third. It’s a no-brainer to set up Fail2Ban to automatically block attacks. It gives you much needed protection and security for your servers. So, here we go.

How to Install Fail2Ban on Ubuntu 14.04 LTS (Trusty)

First and foremost, let’s make sure apt is updated.

#  sudo apt-get update

Now we can install Fail2Ban. Since there is an aptitude package already, we will use that to install.

#  sudo apt-get install fail2ban

Surprisingly, that’s all you need to do to install it. You do, however, need to edit the main configuration file for Fail2Ban, which is jail.conf. Lets go ahead and open it up with nano and take a look.

#  sudo nano /etc/fail2ban/jail.conf

Click Here To Read The Entire Tutorial

How To Enable Data Deduplication In Windows Server 2012 On An Existing Volume

I have a very large RAID 6 array that is used to store movies, tv shows, personal files, and various other things. It’s formatted capacity is about 36TB. Believe it or not, it’s pretty much full. It currently consists of 20x2TB hard drives and I really don’t want to add any more drives to it in its current form. Later this year I’m planning on building a new array to replace it, using fewer 6TB or 8TB drives. The server that manages the array had Server 2008R2 installed. After getting down to the last few gigs of free space it dawned on me, why not install Server 2012 R2 and set up data deduplication. I’ve read some pretty impressive articles online, where people were able to reclaim up to 60% of their storage using the dedup mechanism in Server 2012. So, I went ahead and upgraded. I started poking around and it wasn’t very obvious enabling dedup, so I put this guide together to help you get started.

Enabling Deduplication in Server 2012 R2

First, we need to install the Data Deduplication service. It’s part of File and Storage Services. Open Server Manager, select Local Server in the left side pane, then go to the Add Roles and Features wizard, under Manage.

Screen Shot 2015-05-14 at 1.55.06 PM

Go through the first few windows, and when you get to Server Roles, you need to make sure Data Deduplication is selected, at minimum, under File and Storage Services. This is also a good opportunity to install any other roles or services you might be interested in.

Screen Shot 2015-05-14 at 1.53.02 PM

Click Here To Read The Entire Tutorial!