Friday, February 29, 2008

Configuration Bacula BAT in Ubuntu

Run in .../bacula-2.2.8/src/qt-console this file:

./build-depkgs-qt-console

then run in same directory:

make

Download qwt package for ubuntu:

qwt_5.0.1.orig.tar.gz

Unzip that and then under qwt-5.0.1.orig/qwt-5.0.1:

qmake

make

make install

add this line in user profile:

(for example for a user nemed UBUNTU => /home/ubuntu/.profile)


export LD_LIBRARY_PATH=/usr/local/qwt/lib:$LD_LIBRARY_PATH


Configure Bacula with option:
--with-qwt=/usr/local/qwt
--enable-bat

Copy BAT directory in /etc/bacula/:


cp -R /.../bacula-2.2.5/qt-console/ /etc/bacula/

Start BAT:

/etc/bacula/qt-console/bat -c /etc/bacula/bconsole.conf

Thursday, February 28, 2008

Bacula Configurations

Server configs:

bconsole.conf:

Director {
Name = ubuntu-dir
DIRport = 9101
address = your.ip.is.here
Password = "pUypIMLMok5sn0W4nFHi9n6fAi2LTFBBqrOwxsMOPF5C"
}


bacula-dir.conf:


Director { # define myself
Name = ubuntu-dir
DIRport = 9101 # where we listen for UA connections
QueryFile = "/etc/bacula/query.sql"
WorkingDirectory = "/var/bacula/working"
PidDirectory = "/var/run"
Maximum Concurrent Jobs = 1
Password = "pUypIMLMok5sn0W4nFHi9n6fAi2LTFBBqrOwxsMOPF5C"
Messages = Daemon
}
JobDefs {
Name = "DefaultJob"
Type = Backup
Level = Incremental
Client = ubuntu-fd
FileSet = "Full Set"
Schedule = "WeeklyCycle"
Storage = File
Messages = Standard
Pool = Default
Priority = 10
}
Job {
Name = "Client1"
JobDefs = "DefaultJob"
Write Bootstrap = "/var/bacula/working/Client1.bsr"
}
# Backup the catalog database (after the nightly save)
Job {
Name = "BackupCatalog"
JobDefs = "DefaultJob"
Level = Full
FileSet="Catalog"
Schedule = "WeeklyCycleAfterBackup"
# This creates an ASCII copy of the catalog
RunBeforeJob = "/etc/bacula/make_catalog_backup bacula bacula"
# This deletes the copy of the catalog
RunAfterJob = "/etc/bacula/delete_catalog_backup"
Write Bootstrap = "/var/bacula/working/BackupCatalog.bsr"
Priority = 11 # run after main backup
}
Job {
Name = "RestoreFiles"
Type = Restore
Client=ubuntu-fd
FileSet="Full Set"
Storage = File
Pool = Default
Messages = Standard
Where = /bacula-restores
}

FileSet {
Name = "Full Set"
Include {
Options {
signature = MD5
}
File = /home/
}

Exclude {
File = /proc
File = /tmp
File = /.journal
File = /.fsck
}
}
Schedule {
Name = "WeeklyCycle"
Run = Full 1st sun at 23:05
Run = Differential 2nd-5th sun at 23:05
Run = Incremental mon-sat at 23:05
}
Schedule {
Name = "WeeklyCycleAfterBackup"
Run = Full sun-sat at 23:10
}
FileSet {
Name = "Catalog"
Include {
Options {
signature = MD5
}
File = /var/bacula/working/bacula.sql
}
}

# Client (File Services) to backup. This Client is in server!!
Client {
Name = ubuntu-fd
Address = 10.66.66.31
FDPort = 9102
Catalog = MyCatalog
Password = "iBtT8iPwJUvgQDzx9NXYCgqpYqVJSZpfJaSPys2OFaUO" # password for FileDaemon
File Retention = 30 days # 30 days
Job Retention = 6 months # six months
AutoPrune = yes # Prune expired Jobs/Files
}
# Definition of file storage device
Storage {
Name = File
# Do not use "localhost" here
Address = 10.66.66.31 # N.B. Use a fully qualified name here
SDPort = 9103
Password = "GXbfLMxsWxQbhCQyYW5IZoDEISB/VEq6fdmNgR4AaTQh"
Device = FileStorage
Media Type = File
}
# Generic catalog service
Catalog {
Name = MyCatalog
dbname = bacula; user = bacula; password = ""
}

# Reasonable message delivery -- send most everything to email address
# and to the console
Messages {
Name = Standard

mailcommand = "/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: %t %e of %c %l\" %r"
operatorcommand = "/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: Intervention needed for %j\" %r"
mail = root@localhost = all, !skipped
operator = root@localhost = mount
console = all, !skipped, !saved
append = "/var/bacula/working/log" = all, !skipped
}

# Message delivery for daemon messages (no job).
Messages {
Name = Daemon
mailcommand = "/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula daemon message\" %r"
mail = root@localhost = all, !skipped
console = all, !skipped, !saved
append = "/var/bacula/working/log" = all, !skipped
}
# Default pool definition
Pool {
Name = Default
Pool Type = Backup
Recycle = yes # Bacula can automatically recycle Volumes
AutoPrune = yes # Prune expired volumes
Volume Retention = 365 days # one year
}

# Scratch pool definition
Pool {
Name = Scratch
Pool Type = Backup
}Console {
Name = ubuntu-mon
Password = "sHa1X/38oyCYM/oGkjW/WL4yY/fQF2vie/1dSm9HuuvD"
CommandACL = status, .status
}

#Ubuntu Client

Job {
Name = "Aspirin"
Type = Backup
Client = aspirin-fd
FileSet = "Full Set"
Schedule = "WeeklyCycle"
Storage = File
Messages = Standard
Pool = Default
Write Bootstrap = "/var/bacula/working/aspirin.bsr"
}

# Client (File Services) to backup
Client {
Name = aspirin-fd
Address = 10.66.66.41
FDPort = 9102
Catalog = MyCatalog
Password = "iBtT8iPwJUvgQDzx9NXYCgqpYqVJSZpfJaSPys2OFaUO" # password for
File Retention = 30d # 30 days
Job Retention = 180d # six months
AutoPrune = yes # Prune expired Jobs/Files
}

#Windows Client
Job {
Name = WinClient
Type = Backup
Client = winclient-fd
FileSet = WindowsFileSet
Schedule = WeeklyCycle
Storage = File
Messages = Standard
Pool = Default
Write Bootstrap = "/var/bacula/working/winclient.bsr"
}
# Client (File Services) to backup
Client {
Name = winclient-fd
Address = 10.66.66.50
FDPort = 9102
Catalog = MyCatalog
Password = "iBtT8iPwJUvgQDzx9NXYCgqpYqVJSZpfJaSPys2OFaUO"
File Retention = 30d # 30 days
Job Retention = 180d # six months
AutoPrune = yes # Prune expired Jobs/Files
}

#File set for WINDOWS
FileSet {
Name = WindowsFileSet
Enable VSS = yes
Include {
File = c:/programme/openvpn/config
Options {
}
}
}

bacula-sd.conf:

Storage { # definition of myself
Name = ubuntu-sd
SDPort = 9103 # Director's port
WorkingDirectory = "/var/bacula/working"
Pid Directory = "/var/run"
Maximum Concurrent Jobs = 20
}

Director {
Name = ubuntu-dir
Password = "GXbfLMxsWxQbhCQyYW5IZoDEISB/VEq6fdmNgR4AaTQh"
}

Director {

Name = ubuntu-mon
Password = "oazZu/8Zt0VL8W8SmfmdOAfp1fZcalzKgLyFXP8tCIQQ"
Monitor = yes
}

Device {
Name = FileStorage
Media Type = File
Archive Device = /backup #Target Directory or Device
LabelMedia = yes; # lets Bacula label unlabeled media
Random Access = Yes;
AutomaticMount = yes; # when device opened, read it
RemovableMedia = no;
AlwaysOpen = no;
}

Messages {
Name = Standard
director = ubuntu-dir = all
}

###########################
Configuration for windows Client:

bacula-fd.conf:

FileDaemon { # this is me
Name = winclient-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = "C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Bacula\\Work"
Pid Directory = "C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Bacula\\Work"
Maximum Concurrent Jobs = 2
}

#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = ubuntu-dir
Password = "iBtT8iPwJUvgQDzx9NXYCgqpYqVJSZpfJaSPys2OFaUO"
}


# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = ubuntu-dir = all, !skipped, !restored
}

#######################
Configuration for Ubuntu Client:

bacula-fd.conf:

# List Directors who are permitted to contact this File daemon
#
Director {
Name = ubuntu-dir
Password = "iBtT8iPwJUvgQDzx9NXYCgqpYqVJSZpfJaSPys2OFaUO"
}

#
# "Global" File daemon configuration specifications
#
FileDaemon { # this is me
Name = aspirin-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/bacula/working
Pid Directory = /var/run
Maximum Concurrent Jobs = 20
}

# Send all messages except skipped files back to Director
Messages {
Name = Standard
director = ubuntu-dir = all, !skipped, !restored
}

Install Bacula Backup Software

1. Download these files from http://sourceforge.net/project/showfiles.php?group_id=50727

bacula-2.0.3.tar.gz
depkgs

2. run:

apt-get install g++


3. run:
ln -s make /usr/bin/gmake

4. Create a bacula directory, into which you will place both the Bacula source as well as the dependency package.

5. Detar the depkgs into the bacula directory.

6. cd bacula/depkgs

7. make

8. Configure and install MySQL
download and install mysql-server from www.mysql.com/downloads:

dpkg -i mysql-server-5.0_5.0.21-3ubuntu1_i386.deb
dpkg -i libmysqlclient15-dev_5.0.21-3ubuntu1_i386.deb


9. apt-get install zlib1g-dev

10. Detar the Bacula source code preferably into the bacula directory discussed above.

11. Configure Bacula:

./configure --with-mysql --enable-smartalloc --with-openssl
make
make install

12. from /etc/bacula run:

./grant_mysql_privileges

./create_mysql_database

./make_mysql_tables

13. Start Bacula:

/etc/bacula/bacula start

14. Interface with Bacula using the Console program:

/etc/bacula/bconsole

Wednesday, February 20, 2008

Useful Links for OpenVPN

http://www.windows-stupidities.com/Stupid13.htm
http://www.debian-administration.org/articles/35
http://www.djatlantic.net/?p=252
http://www.shorewall.net/OPENVPN.html
http://openvpn.net/index.php/documentation/howto.html
http://www.linuxjournal.com/article/7949
http://www.dd-wrt.com/wiki/index.php/OpenVPN
http://brneurosci.org/linuxsetup71.html
http://brneurosci.org/vpn.html
http://www.terminal23.net/2007/08/openvpn_20_on_ubuntu_704.html
http://howto.landure.fr/gnu-linux/debian-4-0-etch-en/
install-and-setup-openvpn-on-debian-4-0-etch

http://www.thebakershome.net/?q=node/56
http://halfy.wordpress.com/2007/10/12/
setting-up-openvpn-209-on-ubuntu-606/

Tuesday, February 19, 2008

Set up OpenVPN GUI on Windows XP

1. Download openvpn.se gui

http://openvpn.se/files/install_packages/
openvpn-2.0.9-gui-1.0.3-install.exe


(at the time of writing)

2. Click on the file for installation:
- Make sure you select or deselect these times

* deselect “AutoStart OpenVPN GUI”
* Select “My Certificate Wizard”
* Select “Hid the TAP-Win* Virtual Ethernet Adapter”

- Click Next or OK until installation is done

3. put “client.ovpn” in c:\Program Files\OpenVPN\config\

4. Copy these files from server to c:\program files\openvpn\config:
ca.crt
home.crt
home.key

5. Edit the client.ovpn:

remote my-server-1 1194

to :

remote 10.66.66.47 1194 (The IP for server)

and:

ca ca.crt
cert home.crt
key home.key

to:

ca C:\\Programme\\OpenVPN\\config\\ca.crt
cert C:\\Programme\\OpenVPN\\config\\home.crt
key C:\\Programme\\OpenVPN\\config\\home.key


6. run Openvpn-gui.

You should see the a small icon with two red spots / retangular shapes on the notification area (bottom right of your screen). If you put your mouse cursor over it, a small tool tip would pop up indicating “OpenVPN GUI”.

To connect to VPN server:
1. Right click on the mentioned icon
2. Select Connect

To disconnect from VPN server:
1. Right click on the mentioned icon
2. Select Disconnect

Install OPENVPN on Ubuntu

Install the necessary software

I am going to configure openVPN as routing and not as Bridge.

Enter these commands on both the server and the client.

apt-get install openvpn openssl rdate


Now on the server side issue these commands

cd /usr/share/doc/openvpn/examples/easy-rsa/
cp * /etc/openvpn -R
cd /etc/openvpn
. ./vars (Be carefull there is a blank between two points)
./clean-all
./build-ca

Now create the certificates for the server

./build-key-server server

Now create the certificate for the client site

./build-key home

you can call it anything, I called it home

you can create as many keys as you need from this point for as many clients as you want, once you have finished issue this command.

./build-dh

Configure the server side

cd /usr/share/doc/openvpn/examples/sample-config-files/
cp server.conf.gz /etc/openvpn/
cd /etc/openvpn/
gunzip server.conf.gz
vim server.conf

Look for these lines

ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem

and change to these ones

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem

uncomment the client-to-client directive to enable clients to be able to connect to each others through the VPN, and not only to the server.

Here is my SERVER.CONF:

port 1194

;proto tcp
proto udp

dev tap
;dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret

dh /etc/openvpn/keys/dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt
client-to-client
;duplicate-cn

keepalive 10 120
comp-lzo

persist-key
persist-tun

status openvpn-status.log

verb 3


Configure the client

First you need to copy the certificates from the server to the client, be sure to make this in a secure way, either using scp or a USB Key in order to keep your files secure.

the needed files are:

ca.crt
home.crt
home.key (should be kept secret)

and they are in the server's directory /etc/openvpn/keys/

now you have copied all these files to the client open a console on the client and

cd /usr/share/doc/openvpn/examples/sample-config-files/
cp client.conf /etc/openvpn/
cd /etc/openvpn/
vi client.conf

Look for these lines

ca ca.crt
cert client.crt
key client.key
remote my-server-1 1194

and change them for these ones.

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/home.crt
key /etc/openvpn/keys/home.key
remote [the.ip.of.server] 1194
that is all, unless you have made some other changes on the server side, as for example change from UDP to TCP to the default port, so you will have to change that also on the client side.

Start the server

openvpn /etc/openvpn/server.conf

if everything goes ok, you should see something like this,

Sat Jul 14 11:12:11 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007
Sat Jul 14 11:12:11 2007 Diffie-Hellman initialized with 1024 bit key
Sat Jul 14 11:12:11 2007 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 14 11:12:11 2007 TUN/TAP device tun0 opened
Sat Jul 14 11:12:11 2007 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Jul 14 11:12:11 2007 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Jul 14 11:12:11 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 14 11:12:11 2007 GID set to nogroup
Sat Jul 14 11:12:11 2007 UID set to nobody
Sat Jul 14 11:12:11 2007 UDPv4 link local (bound): [undef]:1194
Sat Jul 14 11:12:11 2007 UDPv4 link remote: [undef]
Sat Jul 14 11:12:11 2007 MULTI: multi_init called, r=256 v=256
Sat Jul 14 11:12:11 2007 IFCONFIG POOL: base=10.8.0.4 size=62
Sat Jul 14 11:12:11 2007 IFCONFIG POOL LIST

Sat Jul 14 11:12:11 2007 Initialization Sequence Completed

Start the client

openvpn /etc/openvpn/client.conf

the output should look like this

Sat Jul 14 15:40:36 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jan 21 2007
Sat Jul 14 15:40:36 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Jul 14 15:40:36 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jul 14 15:40:36 2007 LZO compression initialized
Sat Jul 14 15:40:36 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jul 14 15:40:36 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 14 15:40:36 2007 Local Options hash (VER=V4): '41690919'
Sat Jul 14 15:40:36 2007 Expected Remote Options hash (VER=V4): '530fdded'
Sat Jul 14 15:40:36 2007 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Jul 14 15:40:36 2007 UDPv4 link local: [undef]
Sat Jul 14 15:40:36 2007 UDPv4 link remote: 200.87.61.90:1194
Sat Jul 14 15:40:36 2007 TLS: Initial packet from 200.87.61.90:1194, sid=408d696e 88814e22
Sat Jul 14 15:40:37 2007 VERIFY OK: depth=1, /C=bo/ST=bo/L=santacruz/O=go2linux.org/CN=OpenVPN-CA/emailAddress=gerencia@alketech.com
Sat Jul 14 15:40:37 2007 VERIFY OK: depth=0, /C=bo/ST=bo/O=go2linux.org/CN=server/emailAddress=gerencia@alketech.com
Sat Jul 14 15:40:38 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jul 14 15:40:38 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 14 15:40:38 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jul 14 15:40:38 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 14 15:40:38 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jul 14 15:40:38 2007 [server] Peer Connection Initiated with 200.87.61.90:1194
Sat Jul 14 15:40:39 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jul 14 15:40:39 2007 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Jul 14 15:40:39 2007 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jul 14 15:40:39 2007 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jul 14 15:40:39 2007 OPTIONS IMPORT: route options modified
Sat Jul 14 15:40:39 2007 TUN/TAP device tun0 opened
Sat Jul 14 15:40:39 2007 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Sat Jul 14 15:40:39 2007 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Sat Jul 14 15:40:39 2007 GID set to nogroup
Sat Jul 14 15:40:39 2007 UID set to nobody

Sat Jul 14 15:40:39 2007 Initialization Sequence Completed


If you arrived to this point you have your VPN stablished.

Then, you need to make one machine (the remote machine you want to connect to) publically visible.
Go to that machine and connect to the Internet. Go to No-IP.com.

Open an account at No-IP (it's free). In the No-IP setup screens (on their web site),
set up the information for your machine (they call it a "host"). Give your host a name (such
as "MyOffice") and select an extension to be added after "No-IP".
If you selected ".biz", for example, your machine will have the public name "myoffice.no-ip.biz".
Since the name you choose must be unique, No-IP provides a number of different extensions;

keep trying until your name is approved.

Install ddclient and set it with No-IP account:

apt-get install ddclient

Monday, February 11, 2008

LDAP Configuration

Module Config for LDAP-USERADMIN in Webmin:

given=0
imap_login=cyrus
alias_same=0
multi_fields=0
samba_def=1
mailfmt=0
other_class=top person posixAccount shadowAccount inetOrgPerson organizationalPerson
imap_def=0
samba_gclass=sambaGroupMapping
imap_folders=old public sent-mail
secmode=0
auth_ldap=/etc/libnss-ldap.conf
shells=fixed,passwd,shells
imap_class=SuSEeMailObject
samba_class=sambaSamAccount
slappasswd=/usr/sbin/slappasswd
md5=0
quota_support=0
default_min=
group_props=
addressbook=
random_password=
passwd_stars=
ldap_tls=0
default_warn=
group_fields=
charset=
login=cn=Manager,dc=copp,dc=net
imap_props=
pre_command=
base_gid=10001
user_files=
homedir_perms=0700
user_base=ou=Users,dc=copp,dc=net
domain=
default_inactive=
gother_class=
ldap_port=389
imap_folderalt=
pass=.
group_base=ou=Groups,dc=copp,dc=net
given_class=
fields=
imap_pass=
display_max=
home_style=0
group_mod_props=
ldap_host=127.0.0.1
default_max=
imap_host=
default_secs=
samba_props=
props=sn:${USER}
base_uid=10001
default_group=Domain Users
quota=
home_base=/data/home
default_shell=/bin/bash
samba_gid=
maillocaladdress=
default_other=1
noclash=
post_command=
samba_domain=S-1-5-21-1939531223-1054826667-1329343603
mod_props=
default_expire=

PS: The red items must be changed