Upload
others
View
12
Download
0
Embed Size (px)
Citation preview
Administering GroupWise Administering GroupWise on Linuxon Linux
Danita ZanrèCaledonia
2
Agenda
•ConsoleOne on Linux•Using ConsoleOne on Linux as your “central” GroupWise administration point•Understanding Mount Points•Learning to Live without Agent Consoles•Helpful Linux commands and tools
3
ConsoleOne on Linux
•ConsoleOne on Linux works generally the same as on Windows with a few caveats•Must authenticate to the tree each time you load C1 on Linux•Must select the domain each time you open ConsoleOne•Must convert UNC paths for all domains to local file system•Some “quirks” to choosing drop-down options•Some options are not available
4
Accessing Domains on other Servers
Locations of domains, post offices, gateways, libraries, software directories, etc. are stored in GroupWise databases in UNC format
GroupWise snapins for Linux must “translate” the UNC paths to mount points on the local Linux file system
5
Accessing File Systems
•Use NCP to access domains on NetWare servers or OES2 Linux servers•Use SMB/CIFS to access domains on SLES or Windows servers – 7.02 or better•Using NFS will result in File Lock (820E) errors•Remember that Linux is case sensitive
6
File Locking Issues
NCP™
•set cross_protocol_locks=1
Samba file system•GroupWise®7 SP2 only
NFS •not recommended
7
File System Configuration
•NCP™ volumes-ncpconset cross_protocol_locks=1-Posix permissionsVOLUME mail /opt/novell/groupwise/mail
Inherit_POSIX_Permissions/etc/opt/novell/ncpserv.conf entries
8
GroupWise Linux Mount Directory
•Allows you to specify a base location that contains the mount points for the domains you work with
• Default is “/mnt”
9
GroupWise Linux Mount Directory
•Dialog pops up the first time you use ConsoleOne on Linux
•You can also access it via Tools|GroupWise System Operations|System Preferences|Linux Settings
10
Determining Mount Points
Consider the following network:
Platform Local path UNC
NWDomai n NetWare NWServer NWServer/ GW:\NWDom \\ NWServer\ GW\NWDom
LXDomai n Linux Linux Server \\ Linux Server\ var\ gw\lxdo m
NTDomai n Windows WinServ er \\ WinSer ver\ GW\NTDom
Domai n name
Server / machi ne name
/var/ gw/lxdo m (/var direct ory is shared as “var”)
D:\GW\NTDom (D: \GW direct ory is shar ed as “GW”)
11
Creating Mount Points
Mount points would be created as follows:
base mount point for NetWare server for Linux server “var” share on Linux server for Windows server “GW” share on Windows server
12
Mounting File Systems
The following commands will mount the file systems locally:
For NetWare or Linux with NCP:ncpmount -S server -A 123.123.123.123 -U userid -P
password /mnt/NWServer
For Linux without NCP:mount -t smbfs -o username=<user>,password=<pass> //LinuxServer/GW /mnt/LinuxServer/GW
For Windows:mount -t smbfs -o username=<user>,password=<pass> //WinServer/GW /mnt/WinServer/GW
13
Running Agents
Agents are typically run as daemons, and have no Console on Linux.
You can run the agents with a Console, but it is usually done for troubleshooting only.•run the agent with –show
• /opt/novell/groupwise/agents/bin/gwpoa @po.poa –show
14
Learn to love the HTTP Monitors
Rather than running agents with the Consoles (which requires that the server be left “logged in”), use the HTTP Monitors.
Set up HTTP Monitors for most agents during installation, or from within ConsoleOneUsing HTTP Monitors – access with
•http://server:7180 (MTA)•http://server:7181 (POA)•http://server:9850 (GWIA)
15
Learn to love the HTTP Monitors
Rather than running agents with the Consoles (which requires that the server be left “logged in”), use the HTTP Monitors.
Set up HTTP Monitors for most agents during installation, or from within ConsoleOne
16
Configuring the HTTP Port
17
Configuring the HTTP User/Password
18
Using HTTP
•Be sure to create an HTTP user and password for your agents. •This is neither a GroupWise nor an eDirectory user – this is a user that you “make up” for the purposes of managing GroupWise•A password is very important – there are many administrative tasks that can be completed right in the HTTP monitor, such as restarting agents, changing settings, etc. (some of this will change in Bonsai)
Demo
© Novell Inc, Confidential & Proprietary
20
Managing GroupWise® on Linux
•GUI applications• ssh –X • Install• GWCheck• ConsoleOne®
•Text application• gwcheckt
© Novell Inc, Confidential & Proprietary
21
Custom tools
•Health check scripts•Management scripts•Code deployment scripts•Core file (coredump) management scripts
© Novell Inc, Confidential & Proprietary
22
Healthcheck scripts
• Check to see if agent is running every minute
• Restart the agent if not running• Login to agent (POP/IMAP/SMTP)• If login fails, restart agent
© Novell Inc, Confidential & Proprietary
23
Agent management scripts
• Default GroupWise script (grpwise)• Check agents and restart if not running• Restart agents• Stop all agents
© Novell Inc, Confidential & Proprietary
24
Other scripts
Code deployment scripts• Use rsync to update code on servers• Pull code or push code
Core management scripts• Compresses and uploads core files to webserver
25
Telnet
The telnet utility is very similar to what you are used to in Windows.You can use telnet to help determine if a GroupWise agent is listening. If youtelnet to the host on the proper port, it should reply with:
“Trying <ip address>…Connected to <ip address>”
To stop the connection – use control ]. Then type quit at the telnet> prompt.
If you get “telnet: connect to address <ip address>: Connection refused”, then theagent isn’t responding on that port.
With linux, you do not need to set localecho, it will echo the characters that youtype by default.
26
Netstat
The netstat utility prints connection and port information. It is able to do muchof what tcpcon does on NetWare.netstat -aWill list all ports, not just those for listennetstat -l -p --numeric-portsShows the Listening Ports, the PID, and the numeric port information
27
ifconfig
ifconfig will be used most like ipconfig on Windows (although it has other purposes)
If no arguments are given, ifconfig displays the status of thecurrently active interfaces.
If a single interface argument is given, it displays the status of the given interface only
If a single -a argument is given, it displays the status of all interfaces, even those that are down.
28
Process Monitoring - PS
ps gives a snapshot of the current processes. If you wanta repetitive update of this status, use top.
To check to see if a particular process is running:
ps -A | grep gwpoa
This will show if the POA is loaded
29
Process Monitoring - PS
ps aux | grep gwroot 16129 4.0 1.7 31276 13368 pts/2 SN 16:06 0:00 ./gwmta --show@/opt/novell/groupwise/agents/share/ngwldom.mta
ps -a | grep gw16129 pts/2 00:00:00 gwmta
30
Process Monitoring - TOP
31
Process Monitoring - ksysguard
32
Process Monitoring - gnome-system-monitor
33
nohup
nohup runs the given COMMAND with hangupsignals ignored, so that the command can continuerunning in the background after you log out
Similar to the & to “background” a process
34
sudo
sudosudo allows a permitted user to execute a command as the superuser or anotheruser, as specified in the sudoers file. Netware doesn’t have a similar command.
35
sudo - cont.
su
visudo
add to the sample #%wheel area:
%gwadmin ALL=(ALL) ALL
save via :wq (vi commands) :q! To exit without saving.
create a group called gwadmin
add the appropriate users to the group
36
Disk Space Usage - df
dfThis utility will report disk space usage on linux.df –h will display information in a “humanreadable”format
37
File Space Usage
duThis utility will report on file space usage.
du –h will display information in a “human-readable”format. This information is listed by directory totals.
du –ah will list all information for each file in thecurrent directory and down
38
Kill
The command kill sends the specified signal to the specifiedprocess or process group. If no signal is specified, the TERMsignal is sent. The TERM signal will kill processes which do notcatch this signal.
kill 2237
39
killall
killall sends a signal to all processes running any of the specifiedcommands.
Example:killall gwpoakillall gwmta
40
Installing RPMs
•Some samples:••rpm -Uvh novell-groupwise-agents.rpm••rpm --force novell-groupwise-agents.rpm
41
insserv
insservThis utility allows you to setup services to run on linux at startup. It is used to add scripts to the /etc/init.d rc#.d directories.
Samples:insserv grpwise (this will enable the GroupWise init script)insserv –r grpwise (this will remove the GroupWise init script)
I've had to do this occasionally when it “looks” like GroupWise should start up at boot, but for some reason does not. Redoing the insserv fixes that.
42
ssh
ssh (SSH client) is a program for logging into aremote machine and for executing commands ona remote machine. It is intended to providesecure encrypted communications between twountrusted hosts over an insecure network. X11connections and arbitrary TCP/IP ports can alsobe forwarded over the secure channel.
ssh -X [email protected] run/usr/ConsoleOne/bin/ConsoleOne
43
ssh - Windows
Putty
Xming
44
Front-ending GWIA
•Take a look a these stats:•Attempted Connects : 2137460 ( 100.0% )
•Invalid (No Such Recipient) : 1283401 ( 60.0% )•Valid (Recipient Confirmed) : 854059 ( 39.9% )••Total Not Delivered Mail : 714214 ( 33.4% ) ( 83.6% )• Not Delivered - Spam : 99755 ( 4.6% ) ( 11.6% ) ( 13.9% )• Not Delivered - Virus : 661 ( 0.0% ) ( 0.0% ) ( 0.0% )• Not Delivered - Banned : 22 ( 0.0% ) ( 0.0% ) ( 0.0% )• Not Delivered - BadH : 1272 ( 0.0% ) ( 0.1% ) ( 0.1% )• Not Delivered - GreyList : 612504 ( 28.6% ) ( 71.7% ) ( 85.7% )••GreyList Validations : 22230 ( 3.6% )••Total Delivered Mail : 139845 ( 6.5% ) ( 16.3% )•
45
Blocking some mail before it gets to the GWIA
•Since most of UCE/UBE messages that are blocked by postgrey come from•unresolvable or dynamically-assigned addresses, you can check only•those suspicious clients by postgrey and let others pass unchecked, by•configuring postfix as follows:••
46
Postgrey
•http://postgrey.schweikert.ch/••http://lists.ee.ethz.ch/postgrey/msg01214.html
47
Postfix Changes
•---- main.cf ----• smtpd_restriction_classes =• check_greylist•• check_greylist = check_policy_service inet:127.0.0.1:10023•• smtpd_recipient_restrictions =• permit_mynetworks• ...• reject_unauth_destination• check_client_access regexp:/etc/postfix/check_client_fqdn
48
Postgrey configuration
••---- check_client_fqdn ----• /^unknown$/ check_greylist• /^[^\.]*[0-9][^0-9\.]+[0-9]/ check_greylist• /^[^\.]*[0-9]{5}/ check_greylist• /^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]/ check_greylist• /^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9]/ check_greylist• /^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\./ check_greylist• /^(dhcp|dialup|ppp|adsl)[^\.]*[0-9]/ check_greylist••----
49
GWIA Changes
•Change your GWIA “listen” port to something else (26?)••or••Set GWIA to listen on a specific IP address
50
Q & A