Tag Archives: server

Wrong network location profile causes issues with Windows Failover Cluster

Hi folks,

The other day I was pulling hair from my head trying to configure a Windows Failover Cluster intended for an SQL Server Availability Group setup.

During the cluster validation stage I always got this message:

The Windows Firewall on node node01.domain.local is not properly configured for failover clustering.
In particular, the ‘Public’ firewall profile is enabled on adapter ‘node01.domain.local – SLOT 1 PORT 2’.
The ‘Failover Clusters’ rule group is not enabled in firewall profile ‘Public’.
This may prevent some network communication between cluster nodes.

The OS install and networking part was already configured by a someone else and it was a pretty straightforward installation.

The issue turned out to be caused by the 2 NICs we have for iSCSI traffic which did not have a gateway configured.

Windows uses gateways to identify networks. If it doesn’t have a gateway configured, or if it can’t successfully ping it, it will not be able to identify the network it’s connected to and will assume it’s a public one.

Network cards in Windows can be connected to one of these type of networks:
– Public
– Private
– DomainAuthenticated

By default, the public network location type is assigned to any new networks when they are first connected.

A public network is considered to be shared with the world, with no protection between the local computer and any other computer. Therefore, the Windows Firewall rules associated with the public profile are the most restrictive.

As part of the Windows Failover Cluster validation/creation there are checks to verify connectivity (between cluster nodes, active directory, etc.).

These were the settings I had:
Before

All I needed to do was to move all non-domain network interfaces into the private profile:

After

After the change the cluster creation went without issue.

This small detail be easily missed and can cause a lot of headaches and lost time investigating failover clusters.

Cheers!

How to setup vsftpd FTP on Ubuntu Linux

vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast.
Using this instructions, you can set up vsftpd on variuos linux distros. This tutorial will show you how to set up your own ftp in Ubuntu Linux.

1. Install vsftpd

2. Change the configurations file
Open the vsftpd.conf configuration file with a text editor. The file is located in the /etc directory.

Once you are editing the file, you’ll want to make a few changes. Change this:

To this:

This will disallow anonymous access to your FTP server. Unless you have a really good reason for permitting anonymous access, and you know what you’re doing in terms of network security, I’d recommend leaving the anonymous access off. Especially if your Ubuntu FTP server is sitting on the Internet.

Of course, with anonymous access off, you’ll need to permit local users to log in. Do this by changing this directive:

To this:

(Putting a # in front of a line disables it; this is called “commenting it out”.)

3. Adding a “fake” shell
Edit the /etc/shells file and add a non-existent shell name like /bin/false, for example. This fake shell will limit access on the system for FTP users.

/bin/false is our added no-existent shell. With Red Hat Linux, a special device name /dev/null exists for purposes such as these.

4. Setup an FTP user account
It’s important to give to your strictly FTP users no real shell account on the Linux system. In this manner, if for any reasons someone could successfully get out of the FTP chrooted environment, it would not have the possibility of executing any user tasks since it doesn’t have a bash shell. First, create new users for this purpose.
This has to be separate from a regular user account with unlimited access because of how the chroot environment works. Chroot makes it appear from the user’s perspective as if the level of the file system you’ve placed them in is the top level of the file system.
Use the following command to create users in the /etc/passwd file. This step must be done for each additional new user you allow to access your FTP server.

– The mkdir command will create the ftp/ftpuser directory under the /home directory to handle all FTP users’ home directories we’ll have on the server.
– The useradd command will add the new user named ftpuser to our Linux server.
– Finally, the passwd command will set the password for this user ftpuser.

Once you’ve made these changes, restart the vsftpd service with this command:

5. Override config option specified in the manual page, on a per-user basis (optional)
If you want to make custom changes in the behaviour of the ftp server on a per-user basis, you should know that vsftpd has a powerful option that allows you to do this.
If you set user_config_dir to be /etc/vsftpd_user_conf and then log on as the user “chris”, then vsftpd will apply the settings in the file /etc/vsftpd_user_conf/chris for the duration of the session. The format of this file is detailed in the manual!
Please note that not all settings are effective on a per-user basis. For example, many settings only prior to the user’s session being started. Examples of settings which will not affect any behviour on a per-user basis include listen_address, banner_file, max_per_ip, max_clients, xferlog_file, etc.

Monitor your downtime


easy.MEDIA launched a website monitoring service (www.e-nagios.com) based on nagios.
The service offers SMS/Email notification to meet your need for mobility.
The servers/websites will be crossed-monitored to avoid false alarms.

Installing NoMachine NX on Ubuntu 7.10

NX allows you to run remote X11 sessions even across slow or low-bandwidth network connections, making it possible to start sessions from clients running on Windows, Linux, Mac OS X and Solaris platforms to servers running, at present, on Linux or Solaris. Note that development for extending server support to Windows and Mac OS X platforms is in progress.

NX, thanks to exclusive X protocol compression techniques and an integrated set of proxy agents, improves the power of the X Window System to transparently run graphical desktops and applications through the network, by reducing round-trips and implementing strict flow-control of data traveling through low-bandwidth links. Even on slow or low-bandwidth network connections, you can get impressive performance thanks to NX’s lazy encoding algorithm and NX’s capability to automatically tune itself to network bandwidth and latency parameters.

Moreover, NX also can connect to remote RDP and VNC servers, relying on the rdesktop and TightVNC clients by encapsulating the RDP or RFB session within the X11 session.

Here’s a screenshot:

Diagrams showing how NX works. (Copyright NoMachine)

Session shadowing

Desktop sharing

An X11 session

Look at the screenshots below to find out how to get started with NX:

First download the files for the server from here.

For Ubuntu, use NX Free Edition for Linux DEB – i386.

You’ll need to download three files: client, node and server.

Change your working directory to the location where you saved the package and install it by running from a console:

For detailed instructions on how to install the NX Client, NX Node and NX Server packages, please look here.
sudo dpkg -i nxclient_3.1.0-2_i386.deb
sudo dpkg -i nxnode_3.1.0-3_i386.deb
sudo dpkg -i nxserver_3.1.0-2_i386.deb

After installing the server, on your Windows computer, download nxclient for Windows and install it.

Once it’s installed, run it, and enter the IP address of your Linux computer to connect, give it a session name for your own reference, and choose your connection speed.

Here you can download the manual or you can view it online here.

HOWTO: Create a FTP server with user access (proftpd)

A. The GUI way (for beginners only)

For those who are new to linux and don’t want to use a FTP server without GUI, or just for those who don’t use often their FTP server and wish to set it
quickly without a high level of security, there is a GTK GUI for proftpd.
Be careful, it’s less secure than configuring yourself your server.

1. Install proftpd and gproftpd with synaptic or with this command:
Code:

2. Play with the GUI and set up quickly your server.

Feel free to post here if you have some problems with gproftpd but it shouldn’t be too hard to use (it took me 2 minutes to set up a small FTP server ).

B. The secure way

1. Install proftpd with synaptic or with this command:
Code:

2. Add this line in /etc/shells file (sudo gedit /etc/shells to open the file):
Code:

Create a /home/ftp directory:
Code:

Create a user named ftp_user which will be used only for ftp access. This user don’t need a valid shell (more secure) therefore select /bin/false shell
for ftp_user and /home/ftp as home directory (property button in user and group window).
To make this section clearer, i give you the equivalent command line to create the user, but it would be better to use the GUI (System -> Administration -> User -> Group) to create the user since users here often got problems with the user creation and the password (530 error) with the command line, so i really advice to use the GUI :
Code:

In ftp directory create a download and an upload directory:
Code:

Now we have to set the good permissions for these directories:
Code:

3. OK, now go to the proftpd configuration file:
Code:

and edit your proftpd.conf file like that if it fit to your need:

Code:

Ok you have done proftpd configuration. Your server is on port 1980 (in this exemple) and the access parameters are
user: ftp_user
password: the one you’ve set for ftp_user

4. To start/stop/restart your server:
Code:

To perform a syntax check of your proftpd.conf file:
Code:

To know who is connected on your server in realtime use “ftptop” command (use “t” caracter to swich to rate display), you can also use the “ftpwho”
command.