2011/11/14 ~ 2011/11/21 德國dusseldorf醫療展
150 歐(當然不夠)
同事
地鐵
ICE火車
房舍
哦哦哦, 電瓶電燈
後內變
宿舍旁車站
吃到怕的東西
dusseldorf招牌(倒立的人)
科隆大教堂
作者: william
sort your array (java)
1:
ArrayList aArrayList = new ArrayList
2:
public YourClass implements Comparator {
…
…
private int id;
public int getID(){
return id;
}
public int compare(YourClass o) {
return this.getID()-o.getID();
}
}
3:
Collections.sort(aArrayList );
java convert byte to unsigned integer
android chinese byte length
postfix+dovecot+sasl+activate direcotory (centos 6)
1. vi /etc/dovecot/conf.d/10-auth.conf uncommand the following setting #!include auth-ldap.conf.ext as !include auth-ldap.conf.ext
2. vi /etc/dovecot/conf.d/auth-ldap.conf.ext
auth_username_format = %Lu
passdb ldap {
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb static {
args = uid=501 gid=501 home=/home/vmail/%u
}
3. vi /etc/dovecot/dovecot-ldap.conf.ext
hosts = ad_server_ip
base = dc=test,dc=com,dc=tw
ldap_version = 3
auth_bind = yes
ldap_version = 3
auth_bind_userdn = test%u
pass_filter = (&(objectclass=person)(uid=%u))
ps. uid and gid must the same with postfix and directory in linux server
ex: create one user “vmail”
user id is 501 , gid is 501
4. postfix’s main.cf
virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:501
virtual_gid_maps = static:501
virtual_alias_maps = hash:/etc/aliases,ldap:/etc/postfix/ldap-aliases-inner.cf
#smtp auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
#additional param
message_size_limit = 40960000
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
bounce_queue_lifetime = 1d
maximal_queue_lifetime = 1d
data_directory = /var/db/postfix
header_checks = regexp:/etc/postfix/header_checks
smtp_host_lookup = native, dns
…
5. vi /etc/postfix/ldap-users.cf
server_host = ad_server_ip
search_base = dc=test,dc=com,dc=tw
version = 3
query_filter = (&(objectclass=*)(mail=%s))
result_attribute = samaccountname #Account from DC
result_format = %s/Maildir/
bind = yes
bind_dn = cn=ldap,cn=Users,dc=test,dc=com,dc=tw
bind_pw = ldappassword
6. vi //etc/sysconfig/saslauthd
# Directory in which to place saslauthd’s listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run “saslauthd -v” to get a list
# of which mechanism your installation was compiled with the ablity to use.
#MECH=pam
MECH=ldap
# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=”-O /etc/postfix/saslauthd.conf -c -r”
7. vi /etc/postfix/saslauthd.conf
ldap_servers: ldap://ad_server_ip:389/
ldap_search_base: dc=test,dc=com,dc=tw
ldap_auth_method: bind
ldap_version: 3
ldap_bind_dn: cn=ldap,cn=Users,dc=test,dc=com,dc=tw
ldap_bind_pw: ldappassword
ldap_filter: (sAMAccountName=%u)
8. vi /etc/postfix/ldap-aliases-inner.cf
server_host = ad_server_ip
search_base = dc=test,dc=com,dc=tw
#scope = sub
query_filter = (memberOf:1.2.840.113556.1.4.1941:=CN=%s,OU=aliases_inner,DC=test,DC=com,DC=tw)
result_attribute = mail
result_format = %s
version = 3
bind = yes
bind_dn = cn=ldap,cn=Users,dc=test,dc=com,dc=tw
bind_pw = ldappassword
multi ip on single network interface
linux root 密碼忘了怎麼辦
在本機之前操作,重開機 開機參數後面加上 single 即可passwd root 改密碼,再重開機就ok了 grub edit> kernel /vmlinuz-2.6.18-92.el5 ro root=LABEL=/ rhgb quiet single
如何在CentOS 6 下安裝VPN SERVER(l2tp over ipsec with pre-shared key)
如何在CentOS 6 下安裝VPN SERVER(l2tp over ipsec with pre-shared key)
1. 安裝openswan, ppp , libpcap-devel
直接用CentOS裏面即可
2. 安裝xl2tpd(1.2.8)(http://www.xelerance.com/services/software/xl2tpd/)
解開後進入該目錄,執行
make
此時已經可以看到xl2tpd這個檔案了
cp xl2tpd /usr/local/sbin/
mkdir /etc/xl2tpd
cp examples/xl2tpd.conf /etc/xl2tpd/
cp examples/ppp-options.xl2tpd /etc/ppp/options.xl2tpd (這是給以下ppp使用的 sample)
3. 安裝rp-l2tpd (彌補xl2tpd 1.2.4 無法完整編譯)
http://sourceforge.net/projects/rp-l2tp/
下載後解開,進入該目錄,後執行
./configure
make
cp handlers/l2tp-control /usr/local/sbin/
mkdir /var/run/xl2tpd
ln -s /usr/local/sbin/l2tp-control /var/run/xl2tpd/l2tp-control
4. xl2tpd 設定
修改/etc/xl2tpd/xl2tpd.conf
ip range = 您希望對方可以得到哪些ip
local ip = server 對內ip
ex:
[lns default]
ip range = 192.168.0.11-192.168.0.13
local ip = 192.168.0.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
5. 修改 /etc/ppp/options.xl2tpd
ms-dns = 內部ms dns的ip
ex:
ipcp-accept-local
ipcp-accept-remote
ms-dns 192.168.0.2
noccp
auth
crtscts
idle 1800
mtu 1410
mru 1410
defaultroute
debug
lock
proxyarp
connect-delay 5000
6. ipsec 設定(預先共用金鑰)
6.1 設定 psk (pre-shared-key)
vi /etc/ipsec.d/william.secrets
###############################
%any: PSK “your shared key”
server_ip: PSK “your shared key”
###############################
其中 server_ip 是您的server 對外ip,
“your shared key”是你的共用金鑰
6.2 vi /etc/ipsec.conf
#############################################
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: “none” for (almost) none, “all” for lots.
# klipsdebug=none
# plutodebug=”control parsing”
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
# Enable this if you see “failed to find any available worker”
nhelpers=0
#You may put your configuration (.conf) file in the “/etc/ipsec.d/” and uncomment this.
#include /etc/ipsec.d/*.conf
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=<你的對外ip>
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
############################################
7. ppp 設定
vi /etc/ppp/chap-secrets
加上
william * test *
其中william 是帳號, test是密碼
8. 修改 /etc/rc.local , 加上
8.1 開啟nat,底下192.168.0.0是內部ip範圍(eth1是您的對外網卡)
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE
8.2 允許ip_forward
echo “1” > /proc/sys/net/ipv4/ip_forward
8.3 確認server是否自動啟動, 或是加在/etc/rc.local
/etc/rc.d/init.d/ipsec start
/usr/local/sbin/xl2tpd -D &
9. 重開機(reboot),確認是否完備
ps.
1.要驗證ipsec 請執行
ipsec verify
要記得看log,有時候會遇到不預期的情形,此時就可以看log解決
/var/log/secure
/var/log/message
2. 若還有問題,請嘗試以下設定
vi /etc/sysctl.conf
#########################################################
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
########################################################
測試環境
linux CentOS 6
kernel 2.6.32
—————————–
windows xp client
(一) 新增連線
1. 開始->設定->網路連線->新增連線精靈
2. 選擇連線到公司網路(使用指定撥號或是vpn)
3. 選擇虛擬私人網路連線
4. 輸入名稱(可以隨意選)
5. 輸入vpn server IP
(二) 修改設定
1. 找出此VPN連線的TCP/IP設定, 選進階設定, 拿掉”使用遠端網路的預設匣道”
2. 找出”預先共用金鑰”,然後輸入PSK(pre-shared key),請看上面步驟6的金鑰密碼
3. 若是xp, 請取消勾選”要求資料加密(如果沒有加密就中斷連線)”
這樣就可以了
日期 2011.07.18
william http://fromtw.blogspot.com
amavis&postfix multi domain setting
1. postfix
/etc/postfix/relay_domains
2. amavisd
@local_domains_maps=read_hash(“/etc/postfix/relay_domains”);
2011/7/3 阿里山單車自我挑戰
