Skip navigation

Category Archives: Ubuntu

Join Active Directory domain with Ubuntu Hardy and Likewise-Open

Installing is simple as Likewise-open is now in the repositories:

sudo apt-get install likewise-open

However, I got an error message when trying to join the domain:

“Error: Unable to resolve DC name [code 0x00080026]resolving 'test.example.org' failed. Check that the domain name is correctly entered. Also check that your DNS server is reachable, and that your system is configured to use DNS in nsswitch."

Having checked the nsswitch.conf and resolve.conf files, and having followed the advice on the Ubuntu forums about setting a static IP for the domain joining process,  I checked the  nsswitch.conf file again and found that the entries for winbind were missing.

My revised /etc/nsswitch.conf looked like:

# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind lwidentity
group:          compat winbind lwidentity
shadow:         compat winbind

hosts:          files dns winbind
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

IPtables in Ubuntu Gutsy

Ok, well I’ve just had my first unpleasant surprise with Ubuntu Gutsy. Just checked my IPtables rules as i’m at home effectively outside my firewall just testing my security, and it seems that by default, the ruleset is set to allow all traffic…..I’m pretty shocked….. when stacked side by side with Fedora, which i’ve been using at work, which is downright agressive about security from the word go. Ubuntu by it’s very nature is aimed at making Linux more accessible, and from reading the Ubuntu forums the majority of new users wouldn’t even consider checking…

I appreciate that most people seem to think that a firewall is unnecessary on a Linux box, as no daemons are running on a default install – but suppose (as I do) you then install an SSH server, and you want Windows machines on your network to access files….and a plethora of other bits and pieces – eventually you end up with loads of holes.  I’d rather find out an application doesn’t work until I open corresponding ports than have data visible from the public internet…

My untouched IPtables config looked like this:

roachy@roachy-laptop:~$ sudo iptables –list
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Then after modification (yes I cheated and used Firestarter!)

roachy@roachy-laptop:~$ sudo iptables –list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp — 192.168.2.1 anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp — 192.168.2.1 anywhere
ACCEPT 0 — anywhere anywhere
ACCEPT icmp — anywhere anywhere limit: avg 10/sec burst 5
DROP 0 — anywhere 255.255.255.255
DROP 0 — anywhere 192.168.2.255
DROP 0 — BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 — anywhere 224.0.0.0/8
DROP 0 — 255.255.255.255 anywhere
DROP 0 — anywhere 0.0.0.0
DROP 0 — anywhere anywhere state INVALID
LSI 0 -f anywhere anywhere limit: avg 10/min burst 5
INBOUND 0 — anywhere anywhere
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere LOG level info prefix `Unknown Input’

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp — anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere LOG level info prefix `Unknown Forward’

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp — 192.168.2.11 192.168.2.1 tcp dpt:domain
ACCEPT udp — 192.168.2.11 192.168.2.1 udp dpt:domain
ACCEPT 0 — anywhere anywhere
DROP 0 — 224.0.0.0/8 anywhere
DROP 0 — anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 — 255.255.255.255 anywhere
DROP 0 — anywhere 0.0.0.0
DROP 0 — anywhere anywhere state INVALID
OUTBOUND 0 — anywhere anywhere
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere LOG level info prefix `Unknown Output’

Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp — anywhere anywhere state RELATED,ESTABLISHED
LSI 0 — anywhere anywhere

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER 0 — anywhere anywhere
LOG tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ‘
DROP tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ‘
DROP tcp — anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp — anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ‘
DROP icmp — anywhere anywhere icmp echo-request
LOG 0 — anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ‘
DROP 0 — anywhere anywhere

Chain LSO (1 references)
target prot opt source destination
LOG_FILTER 0 — anywhere anywhere
LOG 0 — anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ‘
REJECT 0 — anywhere anywhere reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp — anywhere anywhere
ACCEPT tcp — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp — anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp — 192.168.2.11 anywhere tcp dpt:www
ACCEPT udp — 192.168.2.11 anywhere udp dpt:www
ACCEPT tcp — 192.168.2.11 anywhere tcp dpts:netbios-ns:netbios-ssn
ACCEPT udp — 192.168.2.11 anywhere udp dpts:netbios-ns:netbios-ssn
ACCEPT tcp — 192.168.2.11 anywhere tcp dpt:microsoft-ds
ACCEPT udp — 192.168.2.11 anywhere udp dpt:microsoft-ds
ACCEPT tcp — 192.168.2.11 anywhere tcp dpt:https
ACCEPT udp — 192.168.2.11 anywhere udp dpt:https
LSO 0 — anywhere anywhere

Quite a significant difference…..

Syncing Data between Laptop and Desktop

I frequently flit between using a laptop and a desktop for work (both Ubuntu),

and I use a lot of files on the go. I’ve always just copied the files across from the

laptop when I returned to the office, but it’s not really efficient, as I had to either

a) copy all data – which could be several GB

b) select individual files, of which there were often loads.

I just stumbled across a small application called Unison though, and it’s pretty easy toinstall and configure. Potentially using this method, you could even sync securely over the web, as it uses SSH :)

First install OpenSSH server

$sudo apt-get install openssh-server

Then install unison :

$ sudo apt-get install unison unison-gtk

You then need to modify the profile (you can either set up a new one or modify the default) in ~/.unison

$sudo pico default.prf

Under the profile, you should have the local root path, remote (SSH) root path, and then any paths that you want to include, followed by any paths to exclude:

# Unison preferences file

root = /home/roachy/ root = ssh://roachy@10.204.4.35/ path = work/ path = Music/ ignore = Path work/archive/*

Save the file and either run the GUI version

$unison-gtk

or the command line version

$unison

:)

Avant Window Navigator on Ubuntu Gutsy

Just been rebuilding my Ubuntu Gutsy box after it had really started to crawl – mainly due to me playing with too many bits of software trying to learn new things. The advantages of hosting a separate partition for /home have saved me loads of time and effort as all my data is separate to the OS, so a quick format and within 10 mins I have a shiny new system.

Anyway, one of the things I find essential now on a desktop is AWN (Avant Window Navigator) – it adds that nice Mac dock at the bottom of the screen. The steps to install are as follows:

First add the repository containing AWN:

$sudo pico /etc/apt/sources.list

Add the following lines:

## Avant Window Navigator

deb http://download.tuxfamily.org/syzygy42/ gutsy avant-window-navigator

deb-src http://download.tuxfamily.org/syzygy42/ gutsy avant-window-navigator

Download/install/remove the reaocard

$wget http://download.tuxfamily.org/syzygy42/reacocard.asc

$sudo apt-key add reaocard.asc

$rm reaocard.asc

Install Avant Window Navigator

$sudo apt-get install avant-window-navigator-bzr

For extra applets, just add

$sudo apt-get install awn-core-applets-bzr

Done :)