Et godt site til at test certificater på er:
http://www.digicert.com/help/index.htm?host=mailin01.jndata.dk:25

det fede ved denne cert checker, er at man kan difinere alternative porte, dvs. denne også kan bruges til at se på SSL certificater som bruges i forbindelse med SMTP TLS forbindelser.

En anden god site er Openssl commandline
http://www.madboa.com/geek/openssl/#cs-smtp

openssl s_client -connect remote.host:25 -starttls smtp
eller
openssl s_client -connect remote.host:25 -crlf -starttls smtp
alt efter MTA, Output bliver noget alla når det går godt:

openssl s_client -connect  mailin01.jndata.dk:25 -crlf -starttls smtp
CONNECTED(00000003)
depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=DK/ST=8600 Silkeborg/L=Frichsvej 18/O=JN Data A/S/OU=JN Data A/S/CN=mailin01.jndata.dk
   i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdzCCA+CgAwIBAgIQKQLNqZKomLm8KdgF843S6zANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
OTAyMTcwMDAwMDBaFw0xMTAyMTcyMzU5NTlaMIGGMQswCQYDVQQGEwJESzEXMBUG
A1UECBMOODYwMCBTaWxrZWJvcmcxFTATBgNVBAcUDEZyaWNoc3ZlaiAxODEUMBIG
A1UEChQLSk4gRGF0YSBBL1MxFDASBgNVBAsUC0pOIERhdGEgQS9TMRswGQYDVQQD
FBJtYWlsaW4wMS5qbmRhdGEuZGswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ALk+LtfavrxQIWMCjPWfjiHliMnxnTeMYFzMwA7A20Tney94J3xKjFBYUjh4u6zI
aD5zWi6zXznDmIya5BhFyFO4+kjDD0LhoeVHFV08H2RwYVURdSUJO9bw4LuJdp2g
lxQwl52VHxHIygphTP5RsXpGb/m6QlXjBIqF5Cyo1eAHAgMBAAGjggGuMIIBqjAy
BgNVHREEKzApghJtYWlsaW4wMS5qbmRhdGEuZGuCE21haWxvdXQxMi5qbmRhdGEu
ZGswCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0
cDovL2NybC52ZXJpc2lnbi5jb20vQ2xhc3MzSW50ZXJuYXRpb25hbFNlcnZlci5j
cmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRw
czovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCGSAGG+EIEAQYI
KwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AudmVyaXNpZ24uY29tMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBY
MFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUY
MCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjANBgkqhkiG
9w0BAQUFAAOBgQBQgdmcE6+4cIU8K2Oc6oleYJivNwV/ayBEHkUXkxeqampcZ0xr
yMUKqlbmGOCMvF+OqIWwLghnWENSK2x4KY4NRiARbtrV5hjShoJ6gE7zTG2hA/mK
G5mLDpkgFTdfCUzUrC3Yhne3cP9yFWUDRGLJy6HPOv1BqGVzKCSmKuyeWQ==
-----END CERTIFICATE-----
subject=/C=DK/ST=8600 Silkeborg/L=Frichsvej 18/O=JN Data A/S/OU=JN Data A/S/CN=mailin01.jndata.dk
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
No client certificate CA names sent
---
SSL handshake has read 2741 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 19FE276A7B999E00B9AACE36E0764D1C3DA92BCD13E385BA94EB7A8C4E389A8A
    Session-ID-ctx:
    Master-Key: 76A2D2DF4969D0D2E998D289756B329836DD3AD39B1B1055C11E70ECAFAA7AED2BD5E563828A542136305B75AF86EE01
    Key-Arg   : None
    Start Time: 1283243766
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 STARTTLS

eller vil man få en sådan output.

No client certificate CA names sent
---
SSL handshake has read 3022 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 60DEF783F755C96F7F8F8B51A46FA9FEE59EC31985DF3541FD9C1A79AFB4FE60
    Session-ID-ctx:
    Master-Key: 590CE493718260A532112F3BE959B7FEE7FA95E275BD9025B4251D66ECD46E89B78BA4BBA2DDD751D5F057BF54840100
    Key-Arg   : None
    Start Time: 1283240998
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

 

En installation af likewise-open på en Ubundu-lucid desktop

Linuxbruger@linuxbox:~$ sudo apt-get install likewise-open
[sudo] password for
Linuxbruger:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7
Suggested packages:
krb5-doc likewise-open-gui
The following NEW packages will be installed:
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7 likewise-open
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 3.402kB of archives.
After this operation, 10,1MB of additional disk space will be used.
Do you want to continue [Y/n]? y

Hvis man på nuværrende tidspunkt prøver at Join domainet vil man få nedestående error.

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
Joining to AD Domain:  
AD-Domain.local
With Computer DNS Name:
linuxbox.AD-Domain.local

administrator@
AD-Domain.LOCAL's password:

Error: Lsass Error [code 0x00080047]

40286 (0x9D5E) LW_ERROR_LDAP_SERVER_DOWN - Unknown error

Configurations scriptet kan ikke finde LDAP servern

Linuxbruger@linuxbox:~$ ping AD-Domain.local
ping: unknown host
AD-Domain.local

For at løse dette problem ligger vi domain navnet og en ip på en DC ind i hosts filen.

Linuxbruger@linuxbox:~$ sudo vi /etc/hosts
10.10.100.3 
AD-Domain.local

Herefter er det også nødvedig at ændre i nsswitch.conf

Linuxbruger@linuxbox:~$ sudo vi /etc/nsswitch.conf
ændre linjen:
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
til
hosts:          files dns

Genstart maskinen.

Linuxbruger@linuxbox:~$ sudo reboot

Nu er det mulig at JOIN domainet.

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
[sudo] password for
Linuxbruger:
Joining to AD Domain:  
AD-Domain.local
With Computer DNS Name:
linuxbox.AD-Domain.local

administrator@AD-Domain.LOCAL's password:
Warning: System restart required
Your system has been configured to authenticate to Active Directory for the
first time.  It is recommended that you restart your system to ensure that all
applications recognize the new settings.

SUCCESS
You should reboot this system before attempting GUI logins as a domain user.
Linuxbruger@linuxbox:~$

Vi genstarter iigen ;-)

Linuxbruger@linuxbox:~$ sudo reboot

og nu kan man logge ind med sin Windows Credentials og browse windows netværet med disse, dog har man ikke admin rettigheder på den lokale linux-box, dette kan dog ændres ved at tilføje ens bruger-id til via visudo.

AD-Domain\ADbruger@linuxbox:~$ ssh Linuxbruger@localhost

Linuxbruger@linuxbox:~$ sudo visudo
tilføj for en enkelt bruger

AD-Domain\\ADbruger ALL=(ALL) ALL

eller som grupper

%AD-Domain\\Dksil01_all   ALL=(ALL) ALL
%AD-Domain\\domain^admins ALL=(ALL) ALL

Hvorved at man undgåer nedestående fejl.

T-NERD\ADbruger@linuxbox:~$ sudo su
[sudo] password for
AD-Domain\ADbruger:
Your password will expire in 9 days

Your password will expire in 9 days

AD-Domain\ADbruger is not in the sudoers file.  This incident will be reported

    domainjoin-cli join likewisedemo.com Administrator

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
Joining to AD Domain:   AD-Domain.local
With Computer DNS Name: linuxbox.AD-Domain.local

This email address is being protected from spambots. You need JavaScript enabled to view it.'s password:

Error: Lsass Error [code 0x00080047]

40286 (0x9D5E) LW_ERROR_LDAP_SERVER_DOWN - Unknown error

Her er lidt om hvordan, jeg har opsat en debian server med asterisk til at benytte et par bluetooth mobiler som bærelinje for softphones.

Bluetooth

http://rc98.net/cellxfer - passkey-agent  ( skyldes at nokia 6310i ikke kan søge efter andet end bluetooth audiodevices, og derfor skal paring startes fra debian boxen)

http://www.voipphreak.ca/2008/page/9/  opsætning af chan_mobile til bluetooth

http://www.voip-info.org/wiki/view/chan_mobile

 http://www.saghul.net/blog/2007/08/29/howto-review-chan_mbile/

 http://www.voipphreak.ca/2008/10/30/installing-and-configuring-chan_mobile-for-bluetooth-presence-support-in-asterisk-16/

 

debian asterisk 1.6 install script

http://www.k1lnx.net/wiki/index.php/Asterisk_1.6_install_on_Debian_Lenny

http://www.k1lnx.net/wiki/index.php/Setting_up_streaming_Music_On_Hold

http://www.the-asterisk-book.com/unstable/faxserver-mit-iaxmodem-und-hylafax.html  asterisk fax server

En god måde at tilføje sine harddiske til /det/fstab er via UUID.

En harddisk's UUID kan nemt findes ved som Root køre kommandoen blkid, men først skal disken partitioneres og formateres.

fdisk -l

fdisk /dev/sdb

Brug m til at se hjælp, men ellers n opretter en nu partition og w gemmer partitions informationerne

Derefter skal disken formateres og herved opstår sdb1 og dennes UUID.

Der findes lidt forskellige kommandoer til dette formål.
mkfs           mkfs.cramfs    mkfs.ext3      mkfs.ext4dev   mkfs.msdos     mkfs.reiserfs  mkfs.xfs       
mkfs.bfs       mkfs.ext2      mkfs.ext4      mkfs.minix     mkfs.ntfs      mkfs.vfat

mkfs.ext3 /dev/sdb1

Nu kan UUID findes ved at køre.

blkid
/dev/sdb1: UUID="e6b1a4b3-8294-44bf-a030-33887bdfe6b1" TYPE="ext4"
/dev/sda: TYPE="promise_fasttrack_raid_member"
/dev/mapper/pdc_edfbhjgj1: UUID="3d515f29-d232-443b-8abe-c876c0b60c10" TYPE="ext4"
/dev/mapper/pdc_edfbhjgj5: UUID="7b107b57-e449-4c39-8d5a-bb07bb55bcef" TYPE="swap"

Som man kan se har jeg 2 diske i denne maskine.

/dev/sda er en WD Raption 10000 RPM sata harddisk, hvilket angiver sig selv lidt anderledes i linux systemet, via /dev/mapper/pdc_xxxxxxx
/dev/sdb1 er en standard 250GB harddisk hvor jeg har udviklingsdata liggende.

Fstab på denne maskine ser sådan ud

cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# / was on /dev/sda1 during installation
UUID=3d515f29-d232-443b-8abe-c876c0b60c10 /               ext4    errors=remount-ro 0       1
# swap was on /dev/sda5 during installation
UUID=7b107b57-e449-4c39-8d5a-bb07bb55bcef none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
#Ekstra disk

UUID=e6b1a4b3-8294-44bf-a030-33887bdfe6b1 /data           ext4    defaults        0       2


Når man tester mail konfigruationer er Telnet altid en god vej, men når man skal lege med email headers er mutt guld værd.

på debian installeres mutt ved:
apt-get install mutt

herefter skal man oprette en .muttrc file hvor man kan definere forskellige ting for mutt klienten.

vi .muttrc

# Customized headers
unmy_hdr *                      # remove all extra headers first.

my_hdr From: Nyhedemail fra Net-help.dk <This email address is being protected from spambots. You need JavaScript enabled to view it.>
my_hdr Sender: "Gud" <
This email address is being protected from spambots. You need JavaScript enabled to view it.>
my_hdr Reply-To: ""et har jeg aldrig sagt" <dev-Null
@net-help.dk>

Denne konfig vil gøre at Mutt email bliver afsendt fra This email address is being protected from spambots. You need JavaScript enabled to view it. på vejne af This email address is being protected from spambots. You need JavaScript enabled to view it. og alle reply's på disse email vil blive sendt til This email address is being protected from spambots. You need JavaScript enabled to view it..
mutt kan også konfigureres til mange andre fine ting.