Friday, May 22, 2009

FreeBSD 6.3 and FreeBSD-7 Xen hosting

I've been playing around with the FreeBSD-7.x and FreeBSD-6.x Xen DomU support (thanks to Kip Macy) and documenting all of the strange bits needed to make a fully working environment.

I've managed to figure out all the right incantations to build the DomU, run the DomU and for the most part, keep the DomU up and running.

I may offer FreeBSD DomU support to Xenion customers with part proceeds being donated back to the FreeBSD project. 

Let me know if you're at all interested in this!

Solaris 10, Active Directory, Squid-2.7, NTLM. Eww.

I've been working on another Solaris 10 and Active Directory + Squid NTLM integration project. I think that I've finally coaxed out the niggling bits from all of this.

In summary (thus far);

The latest Solaris 10 ships with a "sun free software" Samba package with Kerberos and Active Directory already working. Good.

It -may- still have the 8 character password limit in the "net ads join" command (for "logging in" the server into the Active Directory.) Eww.

The Kerberos setup is a bit crack smoking but reasonably trivial. The trick is making sure the realm is setup right (capitalise the realm in the kerberos configs) and that the server queries the Active Directory DNS or things just don't work. (Active Directory DNS is used to discover services - eg ldap, kerberos, wins, etc.)

The default LDAP query results in Active Directory is limited to 1000 entries. So "wbinfo -u" doesn't return all the users from a large Active Directory.

Figuring out why/when to restart winbind; when to purge the winbind idmap/usermap tdb files is very Eww. I need to properly understand what is going on there.

Make sure the damned server is NTP synched to the AD servers.

I need to make certain that the Active Directory Kerberos is returning renewable tickets.

The winbind separator works best when its "+" apparently. Again, not sure why. I need to document all of this.

Having tightly controlled firewalls makes a 1 day job take a week; but it has shown me all the random communication which happens. For example, Samba uses LDAP-over-UDP on this setup to do the initial net join..

There's more to come as I finalise this installation. I'll publish the install guides on my website.

Thursday, May 21, 2009

Downtime - web hosting services

There was a brief outage today on the web hosting services cluster. I've kicked the relevant service hard and things seem to be working again.

I'm looking forward to Sunday's upgrade and shuffle - I'll be able to do a lot more with what I have after that.

Monday, May 18, 2009

Current outage

I lost connectivity to the data centre a few minutes ago. It looks like all the WAIX participants down there are offline.

.. nope, its back now. I wonder what the problem was. There wasn't a power loss in the data centre so it looks like a problem with the backhaul to WAIX.

Thursday, May 14, 2009

Hosting Referral Special!

G'day everyone,

I'm running a little referral campaign for May and June 2009. Existing clients who bring in three new clients get three months free.

Don't be shy!