Posts Tagged Linux

Virtual server changed

Last April I moved this website to a new virtual server with the same hosting provider. Previously I was on an OpenVZ platform. This was such a nightmare for me. I’ll explain the details in a bit. I really liked the hosting company, VPSLink, because of their communication practices, network speed and full-featured control panel. So I stuck with the same company but bought a new server on the Xen virtual platform. Now I’m much happier.

The real problem I had with OpenVZ was the lack of swap space. Swap space is disk space set aside by the operating system to be used as a stand-in for RAM when there is not enough RAM free to run all of your programs. Using swap space has a penalty and that is access time because program data has to be fetched from your hard drive before it can be used. Leased virtual servers typically are quite limited in the amount of RAM you are given so swap space is really a must unless your server will only be running 1-2 applications.

For example, my leased server is a one stop shop for website and email. To perform these tasks it needs these daemons running all of the time:

  • Apache webserver
  • Named/BIND DNS server
  • Spamassassin spam filter
  • Sendmail smtp
  • Dovecot IMAP server
  • Mysql database server

I should have known I was in for trouble when I couldn’t even start Apache + Named at the same time with their default configuration without running out of memory. I followed a few guides on the net and got their footprints trimmed down to a workable state. But the penalty was that now all of my applications were so memory constrained their performance suffered a bit. Furthermore, I was at the threshold of memory usage. Linux would routinely kill my dovecot mail processes to try to reclaim memory, this of course closed IMAP connections which I noticed from a client user perspective. I also could not run yum to update packages without running out of memory.

So one day I got fed up and bought a new server with the same company but the new server was Xen based. I couldn’t be happier now because I have swap space. Most of my applications are still quite fast and my dovecot processes are no longer getting killed.

Tags:

Samba doesn’t like special characters in ldap password

Ok, So I’m trying to set Linux Samba up as a filserver for Windows clients with Fedora Directory Server (FDS) ldap as the backend for user information. In the process you have to add a directive like this to your smb.conf.

security = user
passdb backend = ldapsam:ldap://ldapserver.com
ldap admin dn = cn=Directory Manager
ldap suffix = dc=ldapserver,dc=com
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
ldap password sync = yes

That tells samba to look in ldap for sambaSamAccounts. Only problem is you have to give samba the password for the administrator ldap account of “cn=Directory Manager”. You do that by running the command

smbpasswd -w my_password_in_clear_text

Only problem is some of us make complex passwords with special characters(!@#$%^&*()) in them. Since this accepts passwords on command line some of those special characters are parsed by the shell. So when I ran

net getlocalsid

I got errors like:

failed to bind to server ldap://ldapserver.com with dn="cn=Directory Manager" Error: Invalid credentials

Like I said, I bet you could fix this by escaping your special characters (ie replace $ with \$). But I needed to change my ldap directory manager password to not be the root linux password so I just removed all special characters and created a long plain-text password. I re-ran smbpasswd -w, and net getlocalsid and poof, it works!

Tags: , , ,