Use db2ldif to backup LDAP configuration and user data.
cd /var/ds5/slapd-global ./db2ldif -n "NetscapeRoot" -a /var/tmp/prod_backup_NetscapeRoot.ldif cd /var/ds5/slapd-global ./db2ldif -n "userRoot" -a /var/tmp/prod_backup_userRoot.ldif
News for December 2008
Backup Sun Directory Server using db2ldif
Allow VPN PPTP Traffic through Cisco ASA
To allow VPN PPTP traffic through your Cisco ASA, use inspect pptp.
asa# conf t asa(config)# policy-map global_policy asa(config-pmap)# class inspection_default asa(config-pmap-c)# inspect pptp asa(config-pmap-c)# exit asa(config-pmap)# exit asa(config)# exit
iPhone Full Body Coverage with Zagg InvisibleSHIELD
For all the iPhone owners out there, I highly recommend you pick up the Zagg InvisibleSHIELD. With the InvisibleSHIELD, my iPhone is completely protected from scratching while maintaining the original iPhone look and feel. Prior to using the InvisibleSHIELD, I was using a hard shell case from Griffin which made the iPhone slightly more bulky and less attractive.
Take a look at the demo video from Zagg to see how the iPhone looks with the InvisibleSHIELD applied – http://www.zagg.com/support/demovideo.php
Zagg also provides a video on how to install the InvisibleSHIELD - http://www.zagg.com/support/installvideo.php
Perl LDAP Search Filter Methods
Here are some examples on how to use the Net::LDAP filter.
Method 1 – Search for both person & mail:
(& (objectClass=person) (objectClass=mail)) filter => "(& (objectclass=person) (objectclass=mail) )",
Method 2 – Search for either (or) person or mail:
filter => "(| (objectclass=person) (objectclass=mail) )",
Enabling traceroute on Cisco ASA
To allow any of the devices inside your network to perform a traceroute on the Internet. You’ll need to enable setup a access-list which allows icmp echo-reply & time-exceeded.
access-list outside_to_inside permit icmp any any echo-reply access-list outside_to_inside permit icmp any any time-exceeded access-group outside_to_inside in interface outside
user@host ~ $ traceroute -I www.google.com traceroute: Warning: www.google.com has multiple addresses; using 64.233.169.99 traceroute to www.l.google.com (64.233.169.99), 64 hops max, 60 byte packets <removed some hops here on purpose> 9 216.239.48.108 (216.239.48.108) 14.780 ms 19.313 ms 16.400 ms 10 64.233.175.111 (64.233.175.111) 16.388 ms 64.233.175.109 (64.233.175.109) 18.220 ms 17.279 ms 11 216.239.49.149 (216.239.49.149) 16.927 ms 216.239.49.145 (216.239.49.145) 18.281 ms 216.239.49.149 (216.239.49.149) 19.312 ms 12 yo-in-f99.google.com (64.233.169.99) 15.279 ms 15.314 ms 20.127 ms Note: Use -I to use ICMP ECHO instead of UDP. You can also use -n to avoid dns lookups for each hop.
Sun ILOM Hostname & Network Configuration
Below is an example of configuring the Sun T5220 ILOM Hostname & Network. Once you have configured the network, you can then ssh to the console on the Sun T5220. There is an example below. In summary:
- Console in via serial, my recommendation is you run `tip hardwire` from another box so you do not need to attach a machine
- Login as root
- Password is changeme
- Change the hostname from its default hostname of SUNSPxxxxxxxx
- Configure the IP address
$ tip hardwire connected SUNSPxxxxxxxxxx login: root Password: Waiting for daemons to initialize... Daemons ready Sun(TM) Integrated Lights Out Manager Version 2.0.4.20.c Copyright 2007 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Warning: password is set to factory default. -> cd /SP /SP -> set hostname=console Set 'hostname' to 'console' -> cd /SP/network /SP/network -> set pendingipdiscovery=static Set 'pendingipdiscovery' to 'static' -> set pendingipaddress=10.10.10.50 Set 'pendingipaddress' to '10.10.10.50' -> set pendingipnetmask=255.255.255.0 Set 'pendingipnetmask' to '255.255.255.0' -> set pendingipgateway=10.10.10.1 Set 'pendingipgateway' to '10.10.10.1' -> set commitpending=true Set 'commitpending' to 'true' -> set state=enabled Set 'state' to 'enabled'
Simple Traffic Analysis on Cisco ASA
You can use the capture command on the Cisco ASA for some simple traffic analysis.
access-list capture_ip_traffic permit ip any any capture capture_ip_traffic access-list capture_ip_traffic interface outside show capture capture_ip_traffic
You can also copy the pcap file to a system and use Wireshark to analyze the traffic.
Downloading latest Cisco SNMPv2 MIBs for Net-SNMP
For more information, visit Cisco MIBs
cd wget ftp://ftp-sj.cisco.com/pub/mibs/v2/v2.tar.gz cd /usr/share/snmp/mibs tar xvfz ~/v2.tar.gz
Configure SSH to Cisco ASA VPN
Your syslog is showing “Flow terminated by TCP Intercept” when a VPN user attempts to ssh to the ASA. To allow ssh and also ADSM to the ASA, you will need to enable management access.
management-access insideNetApp ONTAP Adding Default Gateway via Command Line
Here’s the syntax you need to use to add a default gateway on a NetApp filer. Don’t forget the metric.
route add 0.0.0.0 IP_GATEWAY_ROUTER 1