Do not install OpenLDAP on a Windows DC.
Yeesh.
11.14.2005
11.10.2005
NetApp Filer :: Troubleshooting Cheat Sheet
---------- ---------- ----------
Packet Tracing on a NetApp Filer ::
Login to the CLI (console), and follow these steps -
1. pktt start e0 -b 1m -i 192.168.136.130
2. pktt status e0 ( should show some traces )
3. pktt dump e0 -f/mytrace.trc
4. pktt stop all
5. File is created at C$ of filer
6. Make a CIFS connection to the Filer from a Windows box, and point to \\\C$
7. Obtain the file "mytrace.trc"
8. Open "mytrace.trc" with either ethereal or packetizer
Be sure that step #4 is done, or pktt will fill up the C$ vol.
---------- ---------- ----------
NFS Troubleshooting ::
Wcc -u ---------- UNIX-type Credentials
>exportfs -c host pathname ro|rw|root #Checks access cache for host permission
>exportfs -s pathname #Verifies the path to which a wol is exported
>exportfs -f #Flush cache access entries and reload
>exportfs -r #Ensures only persistent exports are loaded
NFS error 70 - stale file handle --
>vol read_fsid
# mount --- Will display what protocol being used for mounting ( in a unix host )
# mount -o tcp < >
Out of inodes --
1. Check % used of inodes by:
Filer> df -i
2. To increase:
Filer> maxfiles < vol name >
> df -i /vol/vol0
OR
>maxfiles #This will display the number of usable inodes on the vol
To change:
>maxfiles
---------- ---------- ----------
CIFS Troubleshooting ::
Wcc -s domain\name -----windows - match with /etc/lclgroups.cfg file - ANY changes here will require a reboot
Wcc -u username --------------unix
Cifs domaininfo - Provides the Filer DNS entry
Rdfile /etc/rc --------- Will have further DNS info
Options wafl
Should see unix Pcuser
/etc/usermap
/etc/passwd these two files are read at the first time
Cannot Ping DNS server --
A.
1. Enter the host address in DNS
2. Make sure that there is no deny/untrusted entry in /etc/rc file
3. Check the filer view - > Networking -> DNS entry
4. If the qtree is created and shared for CIFS access, make sure that the qtree settings are correct, otherwise we may get an "access denied" error.
B.
1. Check DNS servers, must point to itself and must have at least "4,5" services - AD
C.
1. Check where the Filer is currently pointing to (DNS)
Filer> priv set diag
Filer> registry walk auth
If required to rerun cifs setup, the old registry can be deleted, as -
Filer> registry deltree auth
D.
Net view \\filername should show all shares from the Windows side and cifs shares should show from the Filer side
But, when the share is accessed from a Windows machine, we may get "No Network Provider Present". Ping works, drives are OK - can access. But, the cifs shares may not work. In the Filer side we see ‘Called name not present ( 0x82)". Cifs resetdc also gives the same message.
Check :
1. If the Filer and the Windows DC are rebooted at the same time (due to, say, a power failure) failure this is seen. The Filer needs to boot first, and then DC
2. Make sure that there are no virus-scan related activities running on that host. A Virus scan on a Windows host or Filer can also make this happen.
Trust Relationships - Multi-domain --
When a trust is newly established, "No Logon Server Available" may popup upon accessing the Filer.
Cifs resetdc #This makes it work. I don't know why.
Disable WINS on interface e0 (if the site requirement is to go by DNS only) --
Filer> ifconfig e0 -WINS (the Filer will now no longer communicate with the WINS server)
---------- ---------- ----------
Common CIFS Errors ::
LSAOpenPolicy2 : Exception rpc_s_assoc_grp_max exceeded --
Veritas Backup Exec 9.1 : mycomputer -> shares -> sessions shows Veritas Backup Exec Administrative account connections for every share in filer. One connection per share and it grows each and every day as well as stays there each and everyday. This must be wiped out.
Clock Skew --
Time Not synchronizing/+5/-5 min skewed ahead
Options timed
Timed.enable on
Timed.servers ntp2.usno.navy.mil:
Rdate
The above sets the Filer to Timed.servers ntp2.usno.navy.mil. The DC clock for a CIFS domain must be within 5 minutes (+/-) of the NetApp Filer.
---------- ---------- ----------
ONTAP upgrade process ::
1. Download the software to a Windows client
2. Create a cifs shares to /etc
3. Double click thedownloaded .exe file
4. Extract the files on the top of /etc
5. RUN the downloaded command
Packet Tracing on a NetApp Filer ::
Login to the CLI (console), and follow these steps -
1. pktt start e0 -b 1m -i 192.168.136.130
2. pktt status e0 ( should show some traces )
3. pktt dump e0 -f/mytrace.trc
4. pktt stop all
5. File is created at C$ of filer
6. Make a CIFS connection to the Filer from a Windows box, and point to \\
7. Obtain the file "mytrace.trc"
8. Open "mytrace.trc" with either ethereal or packetizer
Be sure that step #4 is done, or pktt will fill up the C$ vol.
---------- ---------- ----------
NFS Troubleshooting ::
Wcc -u
>exportfs -c host pathname ro|rw|root #Checks access cache for host permission
>exportfs -s pathname #Verifies the path to which a wol is exported
>exportfs -f #Flush cache access entries and reload
>exportfs -r #Ensures only persistent exports are loaded
NFS error 70 - stale file handle --
>vol read_fsid
# mount --- Will display what protocol being used for mounting ( in a unix host )
# mount -o tcp < >
Out of inodes --
1. Check % used of inodes by:
Filer> df -i
2. To increase:
Filer> maxfiles < vol name >
> df -i /vol/vol0
OR
>maxfiles
To change:
>maxfiles
---------- ---------- ----------
CIFS Troubleshooting ::
Wcc -s domain\name -----windows - match with /etc/lclgroups.cfg file - ANY changes here will require a reboot
Wcc -u username --------------unix
Cifs domaininfo - Provides the Filer DNS entry
Rdfile /etc/rc --------- Will have further DNS info
Options wafl
Should see unix Pcuser
/etc/usermap
/etc/passwd these two files are read at the first time
Cannot Ping DNS server --
A.
1. Enter the host address in DNS
2. Make sure that there is no deny/untrusted entry in /etc/rc file
3. Check the filer view - > Networking -> DNS entry
4. If the qtree is created and shared for CIFS access, make sure that the qtree settings are correct, otherwise we may get an "access denied" error.
B.
1. Check DNS servers, must point to itself and must have at least "4,5" services - AD
C.
1. Check where the Filer is currently pointing to (DNS)
Filer> priv set diag
Filer> registry walk auth
If required to rerun cifs setup, the old registry can be deleted, as -
Filer> registry deltree auth
D.
Net view \\filername should show all shares from the Windows side and cifs shares should show from the Filer side
But, when the share is accessed from a Windows machine, we may get "No Network Provider Present". Ping works, drives are OK - can access. But, the cifs shares may not work. In the Filer side we see ‘Called name not present ( 0x82)". Cifs resetdc also gives the same message.
Check :
1. If the Filer and the Windows DC are rebooted at the same time (due to, say, a power failure) failure this is seen. The Filer needs to boot first, and then DC
2. Make sure that there are no virus-scan related activities running on that host. A Virus scan on a Windows host or Filer can also make this happen.
Trust Relationships - Multi-domain --
When a trust is newly established, "No Logon Server Available" may popup upon accessing the Filer.
Cifs resetdc #This makes it work. I don't know why.
Disable WINS on interface e0 (if the site requirement is to go by DNS only) --
Filer> ifconfig e0 -WINS (the Filer will now no longer communicate with the WINS server)
---------- ---------- ----------
Common CIFS Errors ::
LSAOpenPolicy2 : Exception rpc_s_assoc_grp_max exceeded --
Veritas Backup Exec 9.1 : mycomputer -> shares -> sessions shows Veritas Backup Exec Administrative account connections for every share in filer. One connection per share and it grows each and every day as well as stays there each and everyday. This must be wiped out.
Clock Skew --
Time Not synchronizing/+5/-5 min skewed ahead
Options timed
Timed.enable on
Timed.servers ntp2.usno.navy.mil:
Rdate
The above sets the Filer to Timed.servers ntp2.usno.navy.mil. The DC clock for a CIFS domain must be within 5 minutes (+/-) of the NetApp Filer.
---------- ---------- ----------
ONTAP upgrade process ::
1. Download the software to a Windows client
2. Create a cifs shares to /etc
3. Double click thedownloaded .exe file
4. Extract the files on the top of /etc
5. RUN the downloaded command
Smurfs. Network Security. Evil.
Sad that I am *STILL* seeing that companies (large, small, and in the middle) are not protected from smurf attacks. And I don't mean the little blue fellas, either.
Defining Strategies to Protect Against TCP SYN
Denial of Service Attacks
http://cio.cisco.com/warp/public/707/4.html
Defining Strategies to Protect Against UDP Diagnostic
Port DoS Attacks
http://cio.cisco.com/warp/public/707/3.html
For the love of all things IT ...if you are at risk on either of the above, FIX IT NOW.
Please ...pretty please ...with sugar ...
Defining Strategies to Protect Against TCP SYN
Denial of Service Attacks
http://cio.cisco.com/warp/public/707/4.html
Defining Strategies to Protect Against UDP Diagnostic
Port DoS Attacks
http://cio.cisco.com/warp/public/707/3.html
For the love of all things IT ...if you are at risk on either of the above, FIX IT NOW.
Please ...pretty please ...with sugar ...
Why Linux Sucks (as a desktop OS)
Reposted without permission from http://www.vbrad.com/pf.asp?p=articles/art_linux_sucks.htm. I will gladly remove the post if I have to.
What brought this article on is availability of cheap PCs, sub $300 PCs from mass merchandisers like Walmart. These PCs are loaded with various Linux distros like Mandrake, for instance. The assumption is that these PCs are being bought by first time users (or maybe as a second PC) who are not computer experts or light Windows users. I've recently witnessed three instances of where these PCs were purchased, then the hard drive was reformatted and a copy of Windows was installed. I am sure there is more of that going on. The obvious conclusion here is that Linux for whatever reason did not pass the grade. Here are some reasons, in my opinion.
It has been written about to death. KDE & GNOME have released their respective excellent wares, but still, Linux is not making inroads at the desktop level. And chances are that it will never make them, unless some radical changes are undertaken by respective leaders of key Linux projects (kernel, X, desktop). Actually latest KDE & GNOME are rivaling Windows at this point, but it doesn't matter. The problem is the modularization and clear separation of kernel, X and the desktop environments from each other. This division has caused Linux to be poorly integrated. Actually, the problem has several faces.
Problem #1. The integration of device (and otherwise) drivers into the system. Case and point. RedHat 8 and 9 provide no ability to access WinXP NTFS volumes. They claim is that they can't provide this functionality because of its unsettled legal nature. Now a nice man (woman?) at linux-ntfs.sourceforge.net provides this ability. But how was this done? He took the original RedHat kernel, compiled the module that provides NTFS access and added the module to the kernel. Users can download the RPM that takes care of all the complexity. A couple more simple steps and voila - you can access your XP share. There are more examples like this where the user can add new functionality to the system by recompiling the kernel. In this case, because so many people need it, someone has taken initiative and provided a ready-made replacement kernel. Most of the cases are not like that. And herein lies the problem. Users don't want to recompile kernel or its modules - they want ready made solutions. Even power users don't want to recompile kernel. Period.
Keep in mind, I am NOT complaining that RH doesn't include NTFS support. I am bringing up an objection to manner in which users add functionality to their system.
Consider how support for other file systems is implemented in Windows. No one needs to recompile anything. Instead you simply run an installation that installs a dynamic device driver (.vxd) to handle foreign file i/o. For examples, see www.sysinternals.com.
Problem #2. Video drivers & X. Somehow it came to be that the Xfree is the one and final arbiter when it comes to displays, video drivers and functionality. They release their wares on a fairly slow schedule. So, if you got a brand spanking new video card, you are pretty much stuck waiting for the next release. This is the case mostly when you just bought a new PC (which will most likely be loaded with windows). You install Linux on the second partition, but alas the install reverts to a generic video driver. Sucks for you.
I understand if they release new functionality for X on a slow schedule - that's fine. But drivers should be released separately as soon as they are available.
Problem #3. Plug & Play. Unfortunately for Linux, its constituent parts are not tightly integrated. As a result, when I plug my USB digital camera (or mouse, printer, etc) into the PC, absolutely nothing happens. In Windows, you get the 'Add New Hardware' wizard (or something similar). In WinXP, it is even better: if the system can find a signed driver for the device on its own, it simply installs it without any user intervention and you can use it immediately. That's what I call true Plug & Play. In fact, the first time I encountered this feature, it took me for a loop. Years of dealing with PCs have conditioned me to a familiar routine: connect hardware, install the drivers and pray that it works. So after installing WinXP for the first time, I connected an Epson USB printer and sat patiently waiting for the 'New Hardware Found' box. Instead, all I got (and missed the first time around) was a little icon in the system tray and a popup tooltip informing me that new hardware has been detected and software for it installed. I hope we see more of this in the future.
What brought this article on is availability of cheap PCs, sub $300 PCs from mass merchandisers like Walmart. These PCs are loaded with various Linux distros like Mandrake, for instance. The assumption is that these PCs are being bought by first time users (or maybe as a second PC) who are not computer experts or light Windows users. I've recently witnessed three instances of where these PCs were purchased, then the hard drive was reformatted and a copy of Windows was installed. I am sure there is more of that going on. The obvious conclusion here is that Linux for whatever reason did not pass the grade. Here are some reasons, in my opinion.
It has been written about to death. KDE & GNOME have released their respective excellent wares, but still, Linux is not making inroads at the desktop level. And chances are that it will never make them, unless some radical changes are undertaken by respective leaders of key Linux projects (kernel, X, desktop). Actually latest KDE & GNOME are rivaling Windows at this point, but it doesn't matter. The problem is the modularization and clear separation of kernel, X and the desktop environments from each other. This division has caused Linux to be poorly integrated. Actually, the problem has several faces.
Problem #1. The integration of device (and otherwise) drivers into the system. Case and point. RedHat 8 and 9 provide no ability to access WinXP NTFS volumes. They claim is that they can't provide this functionality because of its unsettled legal nature. Now a nice man (woman?) at linux-ntfs.sourceforge.net provides this ability. But how was this done? He took the original RedHat kernel, compiled the module that provides NTFS access and added the module to the kernel. Users can download the RPM that takes care of all the complexity. A couple more simple steps and voila - you can access your XP share. There are more examples like this where the user can add new functionality to the system by recompiling the kernel. In this case, because so many people need it, someone has taken initiative and provided a ready-made replacement kernel. Most of the cases are not like that. And herein lies the problem. Users don't want to recompile kernel or its modules - they want ready made solutions. Even power users don't want to recompile kernel. Period.
Keep in mind, I am NOT complaining that RH doesn't include NTFS support. I am bringing up an objection to manner in which users add functionality to their system.
Consider how support for other file systems is implemented in Windows. No one needs to recompile anything. Instead you simply run an installation that installs a dynamic device driver (.vxd) to handle foreign file i/o. For examples, see www.sysinternals.com.
Problem #2. Video drivers & X. Somehow it came to be that the Xfree is the one and final arbiter when it comes to displays, video drivers and functionality. They release their wares on a fairly slow schedule. So, if you got a brand spanking new video card, you are pretty much stuck waiting for the next release. This is the case mostly when you just bought a new PC (which will most likely be loaded with windows). You install Linux on the second partition, but alas the install reverts to a generic video driver. Sucks for you.
I understand if they release new functionality for X on a slow schedule - that's fine. But drivers should be released separately as soon as they are available.
Problem #3. Plug & Play. Unfortunately for Linux, its constituent parts are not tightly integrated. As a result, when I plug my USB digital camera (or mouse, printer, etc) into the PC, absolutely nothing happens. In Windows, you get the 'Add New Hardware' wizard (or something similar). In WinXP, it is even better: if the system can find a signed driver for the device on its own, it simply installs it without any user intervention and you can use it immediately. That's what I call true Plug & Play. In fact, the first time I encountered this feature, it took me for a loop. Years of dealing with PCs have conditioned me to a familiar routine: connect hardware, install the drivers and pray that it works. So after installing WinXP for the first time, I connected an Epson USB printer and sat patiently waiting for the 'New Hardware Found' box. Instead, all I got (and missed the first time around) was a little icon in the system tray and a popup tooltip informing me that new hardware has been detected and software for it installed. I hope we see more of this in the future.
6.08.2005
The WWW and Color - Which is best?
Digital Web Magazine - Feature: The Red Queen Color Theory
This gives an excellent basis for color schema discussion. The Red Queen Theory of color selection on the WWW.
This gives an excellent basis for color schema discussion. The Red Queen Theory of color selection on the WWW.
6.01.2005
Everything you want ...nothing you don't.
What?
Yep, my thoughts exactly. This little blogspace is here as a catch-all of tech notes, industry innovations, and geeky ramblings.
Don't be surprised if you fall asleep reading it. It isn't intended for the general public ...
and it is NOT formatted to fit your TV screen. So there.
Yep, my thoughts exactly. This little blogspace is here as a catch-all of tech notes, industry innovations, and geeky ramblings.
Don't be surprised if you fall asleep reading it. It isn't intended for the general public ...
and it is NOT formatted to fit your TV screen. So there.
Subscribe to:
Posts (Atom)
