Nasser Heidari

2010-02-17

FreeBSD: named[6107]: the working directory is not writable

Filed under: freebsd — Nasser Heidari @ 18:07

To fix this error, edit the following file:

/etc/mtree/BIND.chroot.dist

and change:

/set type=dir uname=root gname=wheel mode=0755

into:

/set type=dir uname=bind gname=wheel mode=0755

and then restart service:

# /etc/rc.d/named restart

From: http://www.howgeek.com/2009/12/02/bind-on-freebsd-7-2-error-named1531-the-working-directory-is-not-writable/

2010-02-16

FreeBSD 8: Poptop – Freeradius – Mysql

Filed under: freebsd — Nasser Heidari @ 01:34

I’ve Installed FreeBSD with Default Configuration, and then I need to Install required packages:

# pkg_add -r mysql51-server poptop
#  cd /usr/ports/net/freeradius2/
# make install clean && rehash
           - Don't forget here to select mysql

Now we have installed required packages, lets start configuration:
– we need to enable ip forwarding and nat, lets see my system configuration files:

# uname -a
FreeBSD BSD.linax.com 8.0-STABLE FreeBSD 8.0-STABLE #0: Mon Feb 15 07:57:39 IRST 2010     root@BSD.linax.com:/usr/obj/usr/src/sys/LINAX  i386

# cat /etc/rc.conf.local
defaultrouter="192.168.126.2"
ifconfig_em0="inet 192.168.126.130 netmask 255.255.255.0"
ifconfig_em1="inet 10.10.10.1 netmask 255.255.255.0"
gateway_enable="YES"
hostname="BSD.linax.com"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""                
#pflog_enable="YES"        
#pflog_logfile="/var/log/pflog" 
#pflog_flags=""

mysql_enable="YES"
radiusd_enable="YES"

pptpd_enable="YES"

# cat /etc/pf.conf

## TRANSLATION RULES (NAT)
nat on em0 inet proto { tcp, udp, icmp } from 172.16.1.0/24 to any -> 192.168.126.130

## FILTER RULES
pass in log all keep state
pass out log all keep state

Note:I’ve reconfigured and added following lines to my kernel to support nat, :
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ

– Configuring PPTP :

/usr/local/etc/pptpd.conf
nobsdcomp
proxyarp
localip 10.10.10.1
remoteip 172.16.1.1-155
pidfile /var/run/pptpd.pid
+chapms-v2
mppe-40
mppe-128
mppe-stateless
plugin radius.so
plugin radattr.so

/etc/ppp/ppp.conf
loop:
    set timeout 0
    set log phase chat connect lcp ipcp command
    set device localhost:pptp
    set dial
    set login
    set ifaddr 10.10.10.1 172.16.1.1-172.16.1.155 255.255.255.255
    add default HISADDR
    set server /tmp/loop "" 0177

loop-in:
    set timeout 0
    set log phase lcp ipcp command
    allow mode direct

pptp:
    load loop
    disable pap
    disable ipv6cp
    enable proxy
    accept dns
    enable MSChapV2
    enable mppe
    disable deflate pred1
    deny deflate pred1
    set dns 8.8.8.8
    set device !/etc/ppp/secure
    set radius /etc/ppp/radius.conf

/etc/ppp/secure
#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

/etc/ppp/radius.conf
auth 127.0.0.1  nasser
acct 127.0.0.1  nasser

– Configuring Mysql & FreeRadius :

# cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf
# sed -i.bak 's:/tmp/:/var/db/mysql/:'  /usr/local/etc/my.cnf
# mysql_install_db
# chown -R mysql:mysql /var/db/mysql/
# /usr/local/etc/rc.d/mysql-server start
# mysql -u root
          mysql> create schema radius;
          mysql> grant all on radius.* to 'radius'@'localhost' identified by 'radpass';
          mysql> flush privileges;
          mysql> \q
# mysql -u root radius < /usr/local/etc/raddb/sql/mysql/schema.sql

– Edit /usr/local/etc/raddb/sql.conf and enter the server, name and password details to connect to your MySQL server and the RADIUS database. The database and table names should be left at the defaults if you used the default schema. For testing/debug purposes, switch on sqltrace if you wish – FreeRadius will dump all SQL commands to the debug output with this on.

– Edit /usr/local/etc/raddb/radiusd.conf and uncomment $INCLUDE sql.conf and $INCLUDE sql/mysql/counter.conf .

– Edit /usr/local/etc/raddb/sites-enabled/default and add a line saying ‘sql’ to the authorize{} section (which is towards the end of the file). The best place to put it is just before the ‘files’ entry. Indeed, if you’ll just be using MySQL, and not falling back to text files, you could comment out or lose the ‘files’ entry altogether.

Also add a line saying ‘sql’ to the accounting{} section too between ‘unix’ and ‘radutmp’. FreeRadius will now do accounting to MySQL as well.
At the end your authorize and accounting should look something like this:

authorize {
	preprocess
        chap
        mschap
        unix
        sql
        expiration
        logintime
        noresetcounter
        dailycounter
        monthlycounter
        pap
}
accounting {
	acct_unique
        detail
        unix
        sql
        radutmp
        attr_filter.accounting_response
}

– now setup clients.conf:

 /usr/local/etc/raddb/clients.conf 
client 127.0.0.1 {
        secret          = nasser
        shortname       = PPTP
        nastype         = other
}

- OK , That's IT . lets create a user in mysql :

use radius;
INSERT INTO radgroupcheck (GroupName, Attribute, Value) VALUES ('normalusers', 'Auth-Type', 'MS-CHAP');
INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Compression','Van-Jacobson-TCP-IP' );
INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Protocol', 'PPP' );
INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Service-Type', 'Framed-User' );
INSERT INTO radusergroup (UserName, GroupName, priority) VALUES ('nasser', 'normalusers', 1);
INSERT INTO radcheck     (UserName, Attribute, Value)    VALUES ('nasser', 'Password', '123456');
INSERT INTO radcheck VALUES ('2','nasser','Login-Time',':=','Al0800-1200');
INSERT INTO radcheck VALUES ('','nasser','Max-Daily-Session',':=','3600');
INSERT INTO radreply     (UserName, Attribute, Value)    VALUES ('nasser', 'Framed-IP-Address', '172.16.1.33');

Now Reboot the Server.
you should able to connect this server via microsoft VPN Client from Windows .

Thanks to:
http://www.linux-bsd-central.com/index.php/content/view/8/
http://poripori.net/PPTPD_on_FreeBSD.html
http://www.frontios.com/freeradius.html
http://www.rensel.com/wireless/pppoe.cfm
http://www.altctrldel.com/blog/categories/Slackware/PoPToP – Freeradius – MySQL.txt
http://old.nabble.com/account-interim-update-from-pptp-server-td24068962.html
http://cipitunk.wordpress.com/2009/04/08/vpn-server-using-pptp-protocol-and-freeradius-as-aaa-implementation/
http://www.pingle.org/2006/04/11/getting-poptop-to-run-under-freebsd-5-6

2010-02-14

Extract and Restore a Single Table from a mysqldump File

Filed under: Linux — Nasser Heidari @ 11:05

Original Document : http://blog.tsheets.com

This script will parse a full mysqldump file and extract the necessary portions required to restore a single table. The output is printed to STDOUT, so you’ll want to redirect to a file from the command line, like so: extract_sql.pl > somefile.sql

# extract_sql.pl -t mytable -r mydumpfile > mytable.sql
# mysql -utest -ptest mydb < mytable.sql

2010-02-10

FreeBSD: Read Only File System

Filed under: Uncategorized — Nasser Heidari @ 08:03

#mount -u
#mount -a -t ufs
#swapon -a

Info: Network Security

Filed under: Uncategorized — Nasser Heidari @ 07:21

Unfortunately i should say it has been canceled, !!!
so we don’t have Network Security class Today.
Regards

2010-02-08

Mysql Backup Script

Filed under: Miscellaneous — Nasser Heidari @ 20:49

mysql_backup.sh :
——————————————————————————
#!/bin/sh
DATESTAMP=$(date +%F)
DIR=/files/MYSQL/backup/
DB_USER=backup
DB_PASS=’backup’
HOSTS=/files/MYSQL/HOST_LIST

# remove backups older than $DAYS_KEEP
DAYS_KEEP=30
find $DIR -mtime +$DAYS_KEEP -exec rm -f {} \; 2> /dev/null

# create backups securely
umask 006

for HOST in $(egrep ^[^#] $HOSTS | cut -f 1);
do
MYSQLDUMP=”/usr/bin/mysqldump –lock-tables=false -u $DB_USER -p”$DB_PASS” -h$HOST”
HOSTNAME=$(grep $HOST $HOSTS | cut -f2)
if [ ! -d $DIR$HOSTNAME ]; then
mkdir $DIR$HOSTNAME
fi
# list MySQL databases and dump each
DB_LIST=$(mysql -h $HOST -u $DB_USER -p”$DB_PASS” -Bs -e’show databases;’ | egrep -v “information_schema|test” | xargs )

for DB in $DB_LIST;
do
FILENAME=$DIR$HOSTNAME/$DB-$DATESTAMP.sql.gz
$MYSQLDUMP $DB | gzip > $FILENAME
done
done
——————————————————————————
HOST_LIST:
########################################################
# GRANT Select,USAGE ON *.* to backup@’backup_server’ IDENTIFIED BY ‘backup’;
# FLUSH PRIVILEGES;
########################################################
#ip name
192.168.2.26 srv1
192.168.2.25 mailserver
192.168.2.11 radius
192.168.11.127 cacti