Posted by
ksanders
I recently had to rename a Windows server as part of a virtualization / server consolidation project. This server was part of a Samba controlled domain and I kept getting cryptic error messages, such as “access denied.”
Turns out no computer had ever likely been renamed in this domain, because it was missing the usermod command for renaming in the smb.conf.
To fix computer renaming in a samba ldap domain simply add:
rename user script = /usr/sbin/smbldap-usermod -r ‘%unew’ ‘%uold’
to your smb.conf
Which tells samba how to run the smbldap tools command for renaming a user/computer.
Related Tags: server, linux, IT, samba, windows
Posted by
ksanders
I got notified late this afternoon about a critical security vulnerability in zimbra. The email a bit short on details stating only:
This vulnerability allows unauthorized, remote access to files that are readable by the “zimbra user” account on the ZCS Mailbox Server (also known as mailbox service, or “mailboxd”).
All released versions (including the 6.0 betas) are affected. There is a link in the e-mail and also at support.zimbra.com.
Assuming you downloaded the patch to /tmp and are on Ubuntu and running ZCS 5.0.x (other linux ymmv), issue these three commands as root on each of your mailbox server.
#mkdir /opt/zimbra/save-07012009/ ; /etc/initd.d/zimbra stop
#mv /opt/zimbra/lib/jars/dom4j-1.5.jar ; /opt/zimbra/save-07012009/dom4j-1.5-lib.jar ; mv /opt/zimbra/jetty-6.1.5/common/lib/dom4j-1.5.jar /opt/zimbra/save-07012009/dom4j-1.5-common.jar ; cp /tmp/dom4j-1.5.jar /opt/zimbra/lib/jars/dom4j-1.5.jar ; cp /tmp/dom4j-1.5.jar /opt/zimbra/jetty-6.1.5/common/lib/dom4j-1.5.jar ; chown zimbra:zimbra /opt/zimbra/lib/jars/dom4j-1.5.jar ; chown zimbra:zimbra /opt/zimbra/jetty-6.1.5/common/lib/dom4j-1.5.jar
#/etc/init.d/zimbra start
Total downtime for us was less than 3 minutes per mailbox server.
There is no other information on the support pages and oddly enough no one in the forums seems to be talking about this either. I will update as I get more information.
Posted by
ksanders
I just finished setting up two GLPI servers and had the same issue on both. After much slogging though google with very little help, I found mention of ownership issues (not to be confused with permissions issues). The glpi folder and all files and subfolders must be owned by the user and group the web server is running as. (Typically “nobody”, “www-data”, or “apache”.) It doesn’t matter even if you set your permissions chmod 777, the ownership is what makes the difference.
Assuming your httpd’s user/group is www-data here’s what you need to do: (Bold is a command, regular is the output, highlights are added for emphasis.)
htdocs # ls -l
total 2
drwxrwxrwx 15 root root 4096 Nov 30 06:04 glpi
-rw-r–r– 1 root root 44 Nov 20 15:22 index.html
htdocs# chown -R www-data:www-data glpi
htdocs # ls -l
total 2
drwxrwxrwx 15 www-data www-data 4096 Nov 30 06:04 glpi
-rw-r–r– 1 root root 44 Nov 20 15:22 index.html