Category Archives: Windows

How I built a Apache front-end for a Windows Share with SSL and LDAP Authentication

Posted on by

When my company migrated from Exchange 2003 to Exchange 2007 public folder became a big issue. Public folders where used to share documents to our road-warriors. So to fix this we installed a sharepoint server

The problem is that the sharepoint install was like using a rocket propelled grenade to kill a fly. It became more of a problem than a nice way to distribute documents to the people on the road.

So I decided to set up a web-based front-end running apache that points to the windows share that everyone in our office uses.

1. Setting up the virtual machine in our VMware vSphere cluster

OS and SSH

I started by installing a basic Debian 5 server without the GUI stuff. I also installed SSH for remote access..

VMware Tools

I installed VMware tools on the newly created VM.

# apt-get install build-essential
# mount /cdrom
# cp /cdrom/VMware* /tmp
# umount /cdrom
# cd /tmp
# tar xvfz VMware*.gz
# cd vmware-tools-distrib/
# ./vmware-install.pl

2. Webserver

Apache 2.2

I installed apache2.2 by running the following command.

# aptitude install apache2

PHP5

PHP is not actually a part of this setup but I figured that I would install it for future use..

# aptitude install php5 libapache2-mod-php5
# /etc/init.d/apache2 restart

Add support for MySQL in PHP

# aptitude install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-json
# /etc/init.d/apache2 restart

3. Mount the Windows Share as part of the filesystem.

I mounted the share to the /var/www (to make it simple)..

# apt-get install smbfs
# update-rc.d -f umountnfs.sh remove
# update-rc.d umountnfs.sh stop 15 0 6 .

I added the following to the fstab: (I have substituted the actual paths and share names with < … >)

//<Windows fileserver>/<Windows share> /var/www/<Windows share> smbfs iocharset=utf8,file_mode=0777,dir_mode=0777,user=<domain>/<username>,password=<password>,gid=33 0 0

To mount the share:

mount -a

4. Security settings

Block access to http://<serverURL>/<Windows share> over port 80 (unencrypted)

I added the following to the /etc/apache2/sites-enabled/000-default

<Directory /var/www/<Windows share> >
Deny from All
</Directory>

Activate support for LDAP authentication in Apache

I created the following symlinks for mod_ldap and mod_authnz_ldap from /etc/apache2/mods-available to mods-enabled

SSL and LDAP authentication

I started by activating SSL by creating a symlink from ssl configuration file (/etc/apache2/sites-available/default-ssl) to the /etc/apache2/sites-enabled directory.

The I made the following changes to the configuration file.

<Directory /var/www/<Windows share> >
    Order deny,allow
    Deny from All
    AuthType Basic
    AuthName "<Name of the share>"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    AuthLDAPURL ldap://<Windows domaincontroller>:389/dc=<domain>,dc=<local>?sAMAccountName?sub
    AuthLDAPBindDN "cn=<Bind user that checks the AD>,ou=<some ou with the user>,dc=<domain>,dc=local"
    AuthLDAPBindPassword <password for the binduser>
    Satisfy any
    require valid-user
</Directory>

5. Creating the redirect from http to https

Pretty much every user will open http://<serverURL>/<Windows share> instead of https://<serverURL>/<Windows share>. So I have to create an automatic redirect.

I created the following /var/www/index.php file.

<?php
header( 'Location: https://<serverURL>/<Windows share>');
phpinfo();
?>

6. Nicer looking icons on my index page

I didn’t like the standard Apache index look so I did the following.

# cd /tmp
# apt-get install bzr
# bzr get http://code.ecchi.ca/apache-tango-icons
# ./install.sh

I have also changed the /etc/apache2/mods-enabled/autoindex.conf

IndexIgnore .??* ~* Thumbs.db *.lnk SyncToy_*
IndexStyleSheet "/icons/style.css"

I created/changed the /usr/share/apache2/icons/style.css with the following content.

body {
        font: 85% Arial,Helvetica,Sans-serif;
        color: #444;
        line-height: 2.2em;
        background: #f9f7f5;
}
a:link, a:visited { color: #4265a7; }
.entry a:link, .entry a:visited { font-weight: bold; }
a:hover { color: #993333; }

address {display: none}
table {
border-collapse: collapse;
width: 80%;

}
td, th {
  padding: 2px;
}

References

  1. Debian install ISOs
  2. How to install Apache, mysql etc.
  3. Apache authentication, LDAP etc.
  4. Better lookling icons for the index listing

Linked: Help! My SQL Server Log File is too big!!! | TechRepublic

Posted on by

Great post about shrinking SQL server 2005 log files.

Shrinking the File

Once you have identified your problem and have been able to truncate your log file,  you may need to shrink the file back to a manageable size.  You should avoid shrinking your files on a consistent basis as it can lead to fragmentation issues.  However, if you’ve performed a log truncation and need your log file to be smaller, you’re going to need to shrink your log file.  You can do it through management studio by right clicking the database, selecting All Tasks, Shrink, then choose Database or Files.  If I am using the Management Studio interface, I generally select Files and shrink only the log file.

This can also be done using TSQL.  The following query will find the name of my log file.  I’ll need this to pass to the DBCC SHRINKFILE command.

SELECT name FROM sys.database_files WHERE type_desc = 'LOG'

Once I have my log file name, I can use the DBCC command to shrink the file.  In the following command I try to shrink my log file down to 1GB.

DBCC SHRINKFILE ('SalesHistory_Log', 1000)

Also, make sure that your databases are NOT set to auto-shrink.  Databases that are shrank at continuous intervals can encounter real performance problems.

Help! My SQL Server Log File is too big!!! | TechRepublic.

Export a list of all computers in an AD OU

Posted on by

Today I struggled with the problem of exporting a list of computers in a Windows Domain OU to a simple text file. The purpose of the text file is to act as an input for some other neat scripts.

I stumbled across a post on thebackroomtech.com that made the it seem like a piece of cake.

To export a list of all computers and non domain controller servers in an Active Directory OU, use dsquery.exe.  For example, to export all computers in mydomain.com’s servers OU to machines.txt :

DSQUERY COMPUTER “OU=servers,DC=mydomain,DC=com” -o rdn -limit 1000 > c:\machines.txt

Simple and nice!