Category: Debian

Configuring Dovecot to authenticate FreeIPA users using Kerberos (with Single Sign On)

monitorI have also posted this article on the FreeIPA.org project wiki which is linked here

The below details will walk you through how to add a Red Hat Enterprise Linux 6.2 system to an IPA domain, and then configure Dovecot to allow single sign on to user mailboxes with IMAP/S.

Details of this example are as follows

   Domain name: example.com
   IPA Server: ds01.example.com
   Dovecot Server: mail01.example.com
   IPA Client: workstation01.example.com
   IPA User: user1 and user2

Please Note: This guide describes using SSL combined with Dovecot to deliver IMAPS support. This guide is not designed to cover how to create a valid SSL vertificate. This guide uses the default dovecot generated certificate and it is HIGHLY recommended that if you wish to deploy this into a production environment, that you replace this certificate with your own trusted/validated certificate Read more

Deploying Postfix with LDAP (FreeIPA) virtual aliases and Kerberos Authentication

monitorFor those of you looking for a way to set up Postfix so your client base can login with Single Sign On, this article is for you.

Here we will be walking through configuring postfix for the following criteria:

  1. LDAP based User lookups (In this article I have used FreeIPA 3.0)
  2. Single Sign On authentication for mail sending.
  3. Enabling TLS based connections using FreeIPA as the Certificate Authority.

Please be aware that this article does not cover accessing a user’s mailbox as this is covered in the following article.

Before I continue I’d like to thank Loris Santamaria and Anthony Messina from the freeipa-users@redhat.com mailing list for their assistance in getting this solution working.

Details used in this article are as follows:
FreeIPA Servers: ds01.example.com, ds02.example.com
Postfix Server: mail.example.com
IPA Test user: ipauser1

Read more

PingTunnel

monitor

Tunnel your tcp traffic through ICMP echo/ reply packets or UDP 53(DNS) packets

So you are at a local coffee shop with your laptop and see an open access point that you want to connect to. You connect to the AP and open up your favorite webrowser, only to find that you are presented with a page that asks for a code for you to proceed with your internet cravings. WTF !! Many places such as coffee shops provide you with wireless internet connectiviy at a small cost (usually more than the coffee you purchased). You recieve a code when you purchase the coupon for wireless access and then you go onto your webrowser, enter that in and the you’re good to go. Well for almost everything digital, there is most likely a walkaround to do things and in this case there is. Enter the world of protocol tunneling. The basic idea behind this is to transfer data from one protocol or port number, using another protocol (or port number). Read more

Helpful log parsing tips

tux_awk1Most programs and services produce logs. When a user visits an apache web server, the service will most likely keep a log of that request, along with the date and requester’s ip address. Other details might be logged as well. Here us an example of some entries in a logfile:

192.168.1.20 - - [21/Sep/2011:11:04:40 +1000] "GET / HTTP/1.0" 200 468
192.168.1.20 - - [21/Sep/2011:11:07:48 +1000] "GET /login.php HTTP/1.0" 200 6433

Log files would usually contain hundreds of such entries, most, if not all of which are important to us. If there is an issue with a service, perhaps there is an entry in the logfile that can tell us why. Another scenario is where management require some statistical information. For example, how many unique IP addresses visited their website in the past hour and what pages did they visit. Or which web pages are the most frequently visited. Read more

1 2 3