Reading a text file into bash with a for loop can produce unexpected results if a line in the text file has spaces in it.

If you had a text file with this line in it:

d/NON STUDIO/NON STUDIO105/Cavanaugh_M0228867.jpg

And you were to read it with this simple script:

for i in `cat image.list `;
do
echo $i
done

You would get the following output which is probably not what you wanted:

STUDIO105/Cavanaugh_M0228867.jpg
d/NON

If you use while instead of for and unstset the <acronym title="Internal Field Seperator">IFS</acronym> like this:

while IFS= read line
do
: do whatever with $line
done < FILENAME

You will get the desired output of:

d/NON STUDIO105/Cavanaugh_M0228867.jpg

I can never get css right first time, hopefully reading this might help me

I have just spent a weekend setting up a samba 3.0.0 / ldap domain. It had moments of extreme pain - mostly related to the following…

1. the samba ldap tools do not create full accounts for use with nss_ldap and pam_ldap - nice of them to tell us
2. the documentation and error messages are Not Good - and there isn’t full, obvious documentation that states what nss_ldap and pam_ldap require as objectTypes.
3. different versions of pam_ldap / nss_ldap require different objectTypes
4. gentoo’s version is happy with a group just being a posixGroup
5. RedHat 8.0’s version requires top to be an objectType in a group otherwise it just won’t work
6. a user must have objectType account as well as posixAccount
7. openldap on gentoo/pam_ldap does not support md5 passwords - use crypt (even plain doesn’t work out of the box)
8. pam_ldap on gentoo (possibly others) does not react well to the ldap server being changed under it (/etc/ldap.conf) and the only way I could get it to respond to the new server was by rebooting the machine :-/
9. For some reason the samba add machine to domain failed to produce a correct ldap entry for one of the machines (not known why yet) and this then buggered up the entry of furthur machines. Got errors to do with repeated sambaSid values and machines refused to join domains due to the user not being an administrator (this was patently not correct). Sometimes the machines would add to the domain, but it was intermittant. The only solution was to delete back to and including the entry which had the faulty entry. The entry was faulty because there was not uid number created with it, so the sambaSid was not created correctly. This took the better part of two days to sort out. This means I had to be in work over the weekend

swaks is fantastic PERL script: you can do things like

swaks -t jsmith@uk.company.com -s mailserver -q RCPT -f jsmith@uk.company.com

…and it logs the IO on screen.

There is a changelog for it here.

Hubs are completely dumb, afaik they do not even have ethernet addresses, they just broadcast everything from one port on all other ports. Which means if 2 machines on a 10 port hub are chatting at 100meg full duplex, all the other machines on the other 8 ports are pretty much stuffed ;(

Switches perform the same roll as hubs (i.e. connect machines together) but they learn which ethernet addresses are connected to which port and only send traffic out of that port. If a packet fails when the switch has sent it down a port it thought the machine was connected to it will then revert to hub mode and broadcast that packet out of all ports until it learns where the machine is. make sense?

You can get 2 (roughly) kinds of switches, unmanaged and managed. unmanaged are cheaper and simple, they still learn etc. but they are black boxes, you can see what they are doing or alter their behavior. Managed switches on the other hand will have some management IP address which you can either ssh/telnet (sometimes web-browse) to. From there you can configure things about the switch. Things like turn ports off, set them to be 100meg/Full duplex (rather than auto negotiate) etc, etc.

Routers are solely for making routing decisions based on pre-configured routing tables. Things like this network is connected to this bit of wire etc. They do no necersarily have to have preconfigured routes, procotols such as BGP/EGP/RIP exist so routers can discover routes auto-magically

Now you understand that, some switches can route too! 😉

Yep certainly you can.

Our main firewall has a routing table like this:

[root@shaggy /root]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     172.16.1.254    255.255.255.0   UG    0      0        0 eth1
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
217.158.83.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         217.158.83.1    0.0.0.0         UG    0      0        0 eth0

The first rule says anything for 192.168.1.* should be sent to the router at

172.16.1.254 (our internal firewall).

The middle three routes are for each of the ip addresses on the machine, all

machines will have a route like this, on for each ip. They just tell the box

which networks are attached to which network card. So in this case 217.158.83.*

is attached to eth0.

The last line (0.0.0.0) is the default route, so anything that hasn’t matched

a rule above this in the table gets sent to 217.158.83.1. And it already knows

how to find 217.158.83.1 because of the previous 217.158.83.0 line.

somebody asked about this, so i knocked out this quick email:

The netmask tells the tcp stack which range of ip’s are on the local

network, i.e. any packets for ip’s in this range can jut be dumped

onto the local net and the other machine will find them. Conversely

anything outside the netmask should be sent to the default router.

If you had:

box A:
ip: 192.168.1.1
netmask: 255.255.255.0

box B:
ip: 192.168.1.2
netmask: 255.255.255.0

Assuming they were cabled correctly, they would just find each other,

because the netmask of 255.255.255.0 says 192.168.1.1 - 192.168.1.255

is on the local net.

If you changed box B to 192.168.2.2 it wouldn’t know how to

reach box A anymore and would therefore send all packets to its default gateway

How they get their IP addresses is up to you, with 2 machines the

easiest

is to pick some yourself and assign them. If they are not connected to

the internet then you can pick anything you like but they probably

should

be from the non-routable sets (see below). If you have a few machines

you

could use DHCP to allocate auto-magically at boot time.

from rfc 1918….

3. Private Address Space

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for
private internets:

      10.0.0.0        -   10.255.255.255  (10/8 prefix)
      172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
      192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

According to the group mapping section of the Samba HOWTO Collection you need to set up the default groups if you are setting up Samba for LDAP. Remember to set up your smbldap_conf.pm file first and then do something like this:

/usr/share/samba/scripts/smbldap-groupadd.pl -g 512 domadm
/usr/share/samba/scripts/smbldap-groupadd.pl -g 513 domuser
/usr/share/samba/scripts/smbldap-groupadd.pl -g 514 domguest
/usr/share/samba/scripts/smbldap-groupadd.pl -g 515 domcomps
/usr/share/samba/scripts/smbldap-groupadd.pl -g 516 domconts
net groupmap add rid=512 ntgroup="Domain Admins" UNIXgroup=domadm
net groupmap add rid=513 ntgroup="Domain Users" UNIXgroup=domuser
net groupmap add rid=514 ntgroup="Domain Guests" UNIXgroup=domguest
net groupmap add rid=515 ntgroup="Domain Computers" UNIXgroup=domcomps
net groupmap add rid=516 ntgroup="Domain Controllers" UNIXgroup=domconts
/usr/share/samba/scripts/smbldap-useradd.pl -a -u 500 -g domadm -n -A 1 -N Domain -S Administrator Administrator
/usr/share/samba/scripts/smbldap-passwd.pl Administrator

Please note that this does not set up the complete groups that Windows DC’s provide, but gives enough to start with a basic system and you can build it from there.

I am currently setting up a new Samba 3.0 server with an LDAP backend both for the POSIX (UNIX) accounts and for the samba accounts. The aim is to enable the less technical back office staff to be able to deal with user administration from a windows client, leaving me to do more web brow^H^H^H^H^H^H^H^H work on the servers. This section of the blog will mainly be a write up of all the stuff I find that helps me on the way… To start with here are some useful links:

Setting up LDAP authentication

Setting up samba as a PDC

Advanced samba / LDAP

Although the samba entries seem to apply to samba 2 which has some differences with LDAP compared to samba 3.

How cool is this (Broken link ~~http://www.stud.tu-ilmenau.de/~siha-in/software.html#ae~~), lets you make diagrams like the one below.