ideallorn

统计

最新评论

2012年5月10日 #

Linux加入Windows域实践

参考:
    Joining Samba to a Windows 2008 R2 Domain (http://itscblog.tamu.edu/joining-samba-to-a-windows-2008-r2-domain/)
    Linux加入Windows域之完美解决方案 (http://wenku.baidu.com/view/b680831014791711cc79179d.html)
    CentOS使用Winbind与AD集成认证 (http://hi.baidu.com/jiasha2008/blog/item/0607620167d58c04738da5b7.html)
    利用Samba做Linux和Windows整合 (http://wenku.baidu.com/view/d6fa146d58fafab069dc02e2.html)

总结:
   走setup, 使用winbind验证
     需要知道域控的机器名和有域管理员权限的帐号密码      
       net join -w 域名 -S 预控的全名 -U 拥有域管理员权限的帐号      
       net join -w XXXMASTER -S rnop-dci03.IS.AD.XXX.COM -U xxx

然后按照后面的命令来一遍

kinit domainuser@DOMAIN.COM
klist
net ads join -U domainadminuser
$ /etc/init.d/smb start
$ /etc/init.d/winbind start
$ chkconfig smb on
$ chkconfig winbind on

net ads keytab create -U domainadminuser
klist -ke

$ /etc/init.d/smb restart
$ /etc/init.d/winbind restart

net ads info
net ads testjoin

wbinfo -t
wbinfo -u
wbinfo -g

wbinfo -a domainuser
id domainuser
再加入下行自动创建啊home目录的到 /etc/pam.d/system-auth-ac
   session required pam_mkhomedir.so silent skel=/etc/skel umask=0077
打完收工

posted @ 2012-05-10 10:19 releng 阅读(430) | 评论 (0)编辑 收藏

2012年4月17日 #

Automated build causes ResolveKeySource failed unexpectedly.(zz)

Automated build causes ResolveKeySource failed unexpectedly.

http://codehunter-uk.blogspot.com/2009/02/automated-build-causes-resolvekeysource.html

I came across this error the other day after updating our ClickOnce manifest to be signed with a new digital certificate with a password. After searching google I discovered that this error was down to the fact that the user account that the automated build service was running under had never come across the certificate so msbuild was attempting to prompt the service with a password dialog box, needless to say this doesn’t end well and you get “The "ResolveKeySource" task failed unexpectedly”. The solution is to import the digital certificate into the personal store of the account the service is running under.

To do this follow these simple steps.

  1. Logon to the machine the automated build service is running on.
  2. Run the management console (start->run->mmc)
  3. Add the Certificates snap-in.
  4. Choose Service account, then Local computer.
  5. Now you should see a list of services pick the automated build service.
  6. Right click <ServiceName>\Personal choose All Tasks –> Import
  7. Navigate to the digital certificate.
  8. You must not enable strong private key protection.
  9. Finish the wizard.

posted @ 2012-04-17 16:24 releng 阅读(149) | 评论 (0)编辑 收藏

2012年2月17日 #

MsBuild woes from http://www.elpauer.org/?p=955

MsBuild woes

Why

Do you use WCF? Do you generate your datacontracts by means of postbuild events? Have you tried msbuild and seen a “cannot build XXXXX.csproj because DataContracts.cs was not found” error? Then keep reading.

What

MsBuild is the “next generation” nmake for Visual Studio. It’s been available since .NET 2.0 and has been bundled with Visual Studio since MSVC2008.

Same project files…

You don’t need to feed msbuild special project files (such as the Makefiles nmake required), it is smart enough to understand Visual Studio solutions.

… yet slightly different behavior

MsBuild does not behave 100% like Visual Studio (devenv), specifically in regards to:

  1. Dependencies
  2. When events are run
  3. When byproducts and referenced projects are copied

In general, this will affect you whenever you use postbuild events to generate source code or binaries which are required immediately.

In the project I am involved now, this is especially important when generating datacontracts. We use a Visual Studio post-build event.

Dependencies

There are two kinds of ways to express project-to-project dependencies:

  • Project to project references (Add Reference->Project tab) [this mechanism also handles gathering the referenced output file as well]. For .csproj, this is persisted as a <ProjectReference> item in the project file.
  • Explicitly specified dependencies (Solution properties->Project Dependencies) [with this mechanism you would usually also add a File Reference to the referenced output yourself]. This writes the “ProjectSection(ProjectDependencies)” section in the .sln.

There seems to be a long standing bug which makes msbuild not take all the dependencies into account.

As a consequence, a solution may build fine in Visual Studio (devenv) but not build at all with msbuild. I would say this bug is fixed in VS2010SP1, but I cannot tell 100% sure because I have not performed enough testing.

In addition to that, never add a dependency as a reference-to-DLL if that DLL is part of of your solution (.sln). Both MsBuild and DevEnv will choke when you switch from Debug to Release, because you would be setting a reference to a Debug DLL from a Release project, or viceversa (unless you use $(ConfigurationName) in your path, of course, but people rarely remember to do that).

When events are run

MsBuild runs the postbuild event before copying the byproducts to the output path

Visual Studio (devenv) runs the postbuild event after copying the byproducts to the output path

This can be solved by writing an AfterBuild event manually in the .csproj, but it is quite inconvenient because there is no GUI in Visual Studio to add, edit or remove AfterBuild events. You are alone with your text editor.

When byproducts and references are copied

As said above, msbuild runs the postbuild event before copying the byproducts. No only that: msbuild runs the postbuild event before copying the referenced projects (DLLs) to the output path.

Visual Studio (devenv), on the other hand, runs the postbuild event after copying the byproduct and its referenced projects to the output path.

In summary

DevEnv

  1. Compile
  2. Copy byproducts (DLLs, executables, etc)
  3. Copy byproducts’ referenced project output (DLLs, etc)
  4. Run postbuild event

MsBuild

  1. Compile
  2. Run postbuild event
  3. Copy byproducts (DLLs, executables, etc)
  4. Copy byproducts’ referenced project output (DLLs, etc)

Workaround

If you need the compilation byproducts in the post-build event (as is generally the case when generating datacontracts in the postbuild event), you will need a workaround.

You would think it’d be possible to tell MsBuild to behave like devenv, right? Wrong. It is not possible.

The only possible workaround I have found is to manually copy the result of the compilation to the output path in the postbuild event. Something like this:

call “%VS100COMNTOOLS%\vsvars32.bat”

if exist “$(ProjectDir)Temp” del /s /f /q “$(ProjectDir)Temp”

copy $(ProjectDir)\obj\$(ConfigurationName)\$(TargetName).dll .

svcutil /t:metadata /dataContractOnly /directory:$(ProjectDir)Temp\DataContract $(TargetName).dll

svcutil /t:code /dataContractOnly /r:$(ProjectDir)..\MyProject.Data.DataContract\bin\$(ConfigurationName)\MyProject.Data.dll /directory:$(ProjectDir)..\$(ProjectName).DataContract /out:DataContracts.cs $(ProjectDir)Temp\DataContract\*.xsd

(where “.” is the output path, the solution generally runs from there; usually you will only need to copy & paste this line to your postbuild event).

Not nice, but it works.

posted @ 2012-02-17 18:07 releng 阅读(305) | 评论 (0)编辑 收藏

2012年2月9日 #

Web2py 无耻Patch笔记之一 MSSQL Trusted_Conection

工作需要做个小网站,机缘巧合选择了web2py. 没有用Django的原因是之前三年前整过Django 但是当时没怎么整明白 有心理阴影了 ....

Web2py上手还是比较简单的,但问题还是不少 (v1.99.4).
按说明上的MSSQL的设置来连接MSSQL DB 没问题, 前提是你用的是数据库用户登录。
但想我公司这种用windows authentication就麻烦了. 只好自己改.

db.py里面我这么写
  
msdb = DAL('mssql://user:passwd@msdbserver/msdb?Trusted_Conection=Yes')

gulon/dal.py里面的l2209行里我无耻的改动如下
            if uri.find('Trusted_Conection') > 0:
                cnxn ='SERVER=%s;PORT=%s;DATABASE=%s;Trusted_Conection=Yes;%s' % (host, port, db, urlargs)
            else:
                cnxn = 'SERVER=%s;PORT=%s;DATABASE=%s;UID=%s;PWD=%s;%s' \
                % (host, port, db, user, password, urlargs)

总之是可以Trusted_Conection windows authentication连接操纵数据库了.

posted @ 2012-02-09 18:28 releng 阅读(302) | 评论 (0)编辑 收藏

2009年3月4日 #

svn: error while loading shared libraries: /usr/local/lib/libsvn_ra_dav-1.so.0: cannot restore segment port after reloc: Permission denied

http://wiki.yfang.cn/bin/view/MyTroubleShooting/Svn:ErrorWhileLoadingSharedLibraries:Libsvn_ra_dav-1_so_0:CannotRestoreSegmentPortAfterReloc:PermissionDenied

最简单的方法就是关闭 SELinux

问题描述

  • 时间 2008.10.14
  • 环境 CentOS5
  • 症状 正常安装svn后执行不能
# 执行svn命令,会提示
[root@localhost lib]# svn
svn: error while loading shared libraries: /usr/local/svn-1.4.0/lib/libsvn_ra_dav-1.so.0:
cannot restore segment prot after reloc: Permission denied

问题原因和解决方案

  • 非常快的排除了系统文件权限(就是那个chmod能改的lrwxrwxrwx)可能,因为这是一个符号链接,一直追过去权限没有问题
  • 不卖关子,这个问题的原因是因为SELinux被Enable但是没有配置过libsvn_ra_dav-1.so.0文件的security context的原因,为了检查这个问题,你可以执行下面的命令来确认
# sestatus [-v] 
# 注意里面 SELinux status: enabled 部分

# 其他方法也可以查看,比如
cat /selinux/enforce
1 代表 enforcing 状态, 0 代表 permissive 状态

# 或者下面这个更直观
getenforce
  • 通常有两种解决方案
    • 方案一:避开问题,如果你提出了这个问题并为之困惑,我基本上可以判断你并不熟悉SElinux的工作性质,甚至从来没有注意过它的存在。基于这种考虑, 如果你联系你们的服务器管理员后确认SElinux不是你们系统中必须的,那么把它干掉吧。具体方法是执行setenforce disabled来禁用selinux,或者至少setenforce permissive来用warning代替禁止你工作的error级错误,这样Selinux就不再强悍的把你挡掉了。同样的配置实现在CentOS5 或者RHEL5中可以通过system-config-securitylevel-tui来设定,它包装了这个小功能。
    • 方案二:继续Enable SElinux的情况下,你需要针对这件事做的操作也很简单,执行下面的命令更改security context就可以了,问题是,你可能今后亦然遇到这种类似的问题,你需要比较了解SElinux的机制和你的应用程序的底层调用。
chcon -t texrel_shlib_t /usr/local/svn-1.4.0/lib/libsvn_ra_dav-1.so.0

多说两句

  • SElinux对于Linux新手来说可能是一个比较难于理解的工具,对于一般的新手系统管理员来说,你可以先跳过这个工具,简单的disable掉它。
  • SElinux很大程度上解决了简单的权限认证不能够保证系统真正安全的问题,是美国军方提出的。所以对于系统复杂,分工详细,安全要求比较高的系统来 说,这是一个好东西,不过同时带来的是较为复杂的设置(一般非常强大的可定制工具都是这样),要求管理员对系统和程序比较了解,否则可能把自己希望的服务 挡掉继而出现本文提到的类似问题。
  • 感兴趣的朋友可以直接查看SElinux的官方文档,来获取更多消息。

SElinux可能涉及到的命令

# 查看SElinux Enable情况
sestatus
getenforce

# 设定SElinux是否启用
setenforce

# 防火墙管理的TUI,可以设定Selinux状态
system-config-securitylevel-tui

# 查看当前用户security context
id -Z

# 查看文件security context
ls -Z
ls --lcontext
ls --scontext

# 查看运行进程的security context
ps -eZ

# 更改文件security context
chcon

# 重置文件security context
restorecon

# 根据已有的挡掉的log生成允许的规则,可以帮助你调试当前规则
cat /var/log/message | audit2allow
audit2allow -d #这个是从dmesg里读

posted @ 2009-03-04 13:20 releng 阅读(1680) | 评论 (0)编辑 收藏

2009年2月20日 #

RH64位系统上编译安装SVN

SVN在RH32位系统上通常按照常规的方法很容易编译通过,但到了64位系统上却经常会出现等链接错误

subversion-1.4.5/neon/src/.libs/libneon.a: could not read symbols: Bad value

collect2: ld returned 1 exit status

Google了一下,找到如下解决方法

1. 解压两个包后
$ tar jxvf subversion-1.4.5.tar.bz2 .
$ tar jxvf subversion-deps-1.4.5.tar.bz2 .

2. 分别编译 apr,apr-util, neon (一样的configure 选项)
cd apr
./configure --prefix=$HOME --without-berkeley-db --with-editor=/usr/bin/vim --with-apr=$HOME --with-apr-util=$HOME --with-neon=$HOME --without-apxs --without-apache --enable-shared --with-ssl
make && make install
...
3. 最后再编译svn
./configure --prefix=$HOME --without-berkeley-db --with-editor=/usr/bin/vim --with-apr=$HOME --with-apr-util=$HOME --with-neon=$HOME --without-apxs --without-apache --enable-shared --with-ssl
make && make install


posted @ 2009-02-20 11:40 releng 阅读(649) | 评论 (0)编辑 收藏

2009年2月5日 #

Dump&Load project cross repos in SVN

  • dump the source repos (sandbox)
        -bash-3.00$ sudo svnadmin dump /var/svnroot/sandbox > sbdump
...
* Dumped revision 1870.
* Dumped revision 1871.
* Dumped revision 1872.
  • filter the specified project from source repos dump file
        -bash-3.00$ sudo cat sbdump | svndumpfilter include msmp > msmpdump
...
-bash-3.00$ ls *dump
msmpdump sbdump
  • load the project to dest repos with specified parent path
        -bash-3.00$ sudo svnadmin load /var/svnroot/svn1 --parent-dir /trunk/src < msmpdump
...

posted @ 2009-02-05 17:01 releng 阅读(153) | 评论 (0)编辑 收藏

Add open-terminal in the right click on Fedora 6+

  • yum install nautilus-open-terminal

posted @ 2009-02-05 16:49 releng 阅读(677) | 评论 (0)编辑 收藏

Solve the conflict between service 'messagebus' and 'openldap' on Fedora 9

  • add 'bind_policy soft' in /etc/ldap.conf

posted @ 2009-02-05 16:49 releng 阅读(217) | 评论 (0)编辑 收藏

Print with linage on gvim

  • set printoptions=number:y

posted @ 2009-02-05 16:48 releng 阅读(191) | 评论 (0)编辑 收藏

仅列出标题  下一页