Server Monkey is looking for tutorial writers to join our staff. Interested applicants can send a quick introduction of themselves to apply@server-monkey.com

Server 2003 & 2008 – DHCP Mac Address Filtering

posted by Quinntin

Hello everyone! One thing I wanted to post about today was mac address filtering using DHCP on Windows Server 2003. The Microsoft DHCP team has a utility just for this called the Mac Filter Callout. It is essentially a DLL file, a .txt file and some registry settings that allow you to administer the DHCP filtering on your server. While MAC addresses can be spoofed – I think this is a good first step or even a good step depending on your environment (personally I am a fan of RADIUS authentication).

The tool is downloadable here http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-02-09-83-36/MacFilterCalloutInstaller.zip It will install several files in the following locations MacFilterCallout.dll and SetupDHCPMacFilter.rtf to %SystemRoot\%system32 on a 32bit system and %SystemRoot%\SysWOW64 on a 64bit system.

Make the following registry changes:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters

Key Name Key Type Description
CalloutDlls REG_MULTI_SZ The location of the MacFilterCallout.dll
CalloutEnabled DWORD 0 = Disable MacFilterCallout
1 = Enable MacFilterCallout
CalloutErrorLogFile REG_MULTI_SZ Log path. If this registry key is not specified, callout dll will output errors %WINDIR%\System32\Log.txt
CalloutInfoLogFile REG_MULTI_SZ Info log path. If this key is not present, no information messages will be logged.
CalloutMACAddressListFile REG_MULTI_SZ This is the name and location of the MAC filtering list you’re going to be creating next.

 

Mac Address List format:

#MACList.txt

MAC_ACTION = {ALLOW / DENY}

#List of MAC Addresses:

000a0c0d1254     #lab-server1

000d0c4a6723     #lab-server2

  • File supports comments. Comments can be entered following a ‘#’ sign. Any text followed by ‘#’ till the end of line is treated as a comment.
  • First line in the file (excluding comments) should specify the action. Action can be either ALLOW or DENY
    • When action is specified as ALLOW, all requests from MAC address present in this list will be served by DHCP servers. All requests originating from MAC address not present in this list will be ignored.
    • When action is specified as DENY, all request from MAC address present in the list will be ignored by DHCP servers. All requests from MAC addresses not present in this list will be severed by DHCP server.
    • Only one action out of ALLOW or DENY can be specified in MAC Address List File
  • MAC address should be specified in format XXXXXXXXXXXX (where X can be hex digit 0 – F).There should not any delimiter such as -, : in MAC address. Each MAC address should be specified in separate line.
  • If there is any error in MAC Address List File, it will be logged into CalloutErrorLogFile or default error log file. Following is expected behavior of dll in cases of errors
    • If the action is not specified correctly, then DHCP server will function as if there is no callout dll i.e. none of the requests will be ignored.
    • If one or more MAC addresses are not specified correctly, then in this case those MAC address entries will be ignored. Error for the same will be logged in error log file.

Once you are ready to start using the Mac Address filtering and you have your registry changes and Mac Address List filled out the way you like go ahead and perform the following:

Stop the DHCP Servive

Start the DHCP service. When DHCP server is started, event 1033 will be logged if Callout DLL is loaded correctly by the DHCP server.

1 Comment


Hello!

posted by Quinntin

Hello everyone, just signed up as a blogger/writer here. I hope to bring some new content to the site and some valuable info for everyone.

No Comments


Verify Email Password With Telnet

posted by Mark Muyskens

The quickest way to verify an email password is by using telnet. The few steps below will show you how to do so;

telnet server-monkey.com 110

+OK Hello there.
USER tut@server-monkey.com
+OK Password required.
PASS testpassword
+OK logged in.
quit
+OK Bye-bye.
Connection closed by foreign host.

No Comments


How To Install IonCube Loader on WHM/Cpanel

posted by Mark Muyskens

Download It;

wget http://downloads.ioncube.com/loader_download /ioncube_loaders_lin_x86.tar.gz
tar zfx ioncube_loaders_lin_x86.tar.gz
mv ioncube /usr/local

Find PHP.ini
php -i | grep php.ini

Edit your php.ini
pico /usr/local/lib/php.ini or nano /usr/local/lib/php.ini

Add Extension to PHP.ini
zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.2.so

Restart Apache
service httpd restart

Check
php -v
PHP 5.2.10 (cli) (built: Aug 10 2009 05:47:14)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with the ionCube PHP Loader v3.1.34, Copyright (c) 2002-2009, by ionCube Ltd.
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

1 Comment


Back The F:\ Up!

posted by Mark Muyskens

Remember kids, always be on the safe and back the f:\ up!

This random post brought to you by Mozy; for an ultimate kick ass backup solution visit Mozy.com today!

P.S. Enter “mark@server-monkey.com” as your referrer and get additional diskspace TOTALLY FREE!

No Comments


Exim Cheatsheet

posted by Mark Muyskens

While surfing the web, I discovered this great cheat sheet for troubleshoot mail issues in cPanel/DirectAdmin or any exim mail server.

You can check it out at;
http://bradthemad.org/tech/notes/exim_cheatsheet.php

No Comments


Chattr, a more indepth look

posted by Thor Erik

Chatter is a utility you’d find on most Linux systems, it’s sole purpose is to change file attributes.

when you use Chattr you’ll probably use it in symbolic mode, this means you will be using +, – and =(plus, minus and equals) plus either of the attributes: A, S, a, c, D, d, I, i, j, s, T, t, u.

Symbols

+ adds a attribute

- removes a attribute

= causes the attribute to be the only

Attributes

a (small A) is append only, this only allows someone to add to a file.

c (small C) is compressed

d (small D) is no dump

i (small I) is immutable, meaning no delete for anyone, not even root

j (small J) is journaling

s (small S) is secure deletion, incase you want to remove a file completely with no way of recovery(except IBAS)

t (small T) is no tailing

u (small U) is undeleteable

A (capital A) is no atime updates

D (capital D) is synchronousdirectory updates

S (capital S) is synchronous updates

T (capital T) is top of directory hierarchy, useful for important files

Options

As with most commands you got options as well

chattr got most of the common ones:

-R, recursive

-V, verbose

-f, suppress most errors

-v, version

options go first of course

Common use

most of the time you won’t use all of these options, but some you will run into quite often would be

chattr +i/chattr =i to protect files from accidental deletion

chattr +T to make a important file top of the file listings

chattr +d to prevent dumping of a file

and in some rare cases
chattr +ad to only allowing appending and prevent backup using

dump

, this could be useful for log files etc. that you only want to be appended to and not backed up

Source: man chattr

No Comments


.htaccess to redirect domain to subfolder

posted by Mark Muyskens

Here’s a quick htaccess edit that will redirect your domain to a subfolder;

RewriteEngine On

Options +FollowSymlinks

RewriteBase /

RewriteCond %{HTTP_HOST} www.domainname [OR]

RewriteCond %{HTTP_HOST} domainname

RewriteCond %{REQUEST_URI} !subfolder/

RewriteRule ^(.*)$ subfolder/$1 [L]

No Comments


Keep your clocks in sync

posted by Thor Erik

An issue I’ve come across a lot is that clocks don’t stay correct for a long time…

Now some smart heads thought up a way to fix that, it’s called NTP, Network Time Protocol.

Setting it up is easy:

on RHEL/Fedora/CentOS:

centos ~ # yum install ntp

on Debian and debian based distributions:

debian ~ # apt-get install ntp

(everything is root of course)

on debian you are done now, NTPD should be started, of course if you want to specify your own NTP server or NTP pool, you just edit /etc/ntp.conf

on RHEL it’s just a few more steps:

chkconfig ntpd on

ntpdate pool.ntp.org

/etc/init.d/ntpd start

and that should be it, please do know that if it’s a VPS forget about NTP, the system time is inherited from the host, unless you run it on a windows host(ex. Windows 2008 or in my debian server’s case, Windows 2008 R2 and using Hyper-V)

The error you get will be something like this:

ntpdate[18411]: step-systime: Operation not permitted

after trying to run ntpdate pool.ntp.org

On Windows it’s all a hell lot easier(in gui that is)

Right click on the clock and choose Adjust time and date

go to the Internet time tab.

then click the button saying Change settings.

make sure the checkbox is checked, and if you prefer a different ntp server, change it from time.microsoft.com (but it’s good as well, NTP takes latency into account when setting clock)

Windows does not support ntp pools, so please define a proper NTP server.

1 Comment


Mozy

posted by Mark Muyskens

Lets face it. Most of us suck when it comes to backing up our systems, but what if there was a quick, simple, painless way of backing up you system without the headaches of extra work.

Well, now there is! Mozy is the ultimate backup solution for quick and painless backups. Simply signup for an account, download the software, and select your folders, ITS THAT SIMPLE! Mozy provides unlimited backups for the low price of $4.95 per month. Still not sure if you want to use this service? Mozy offers 2GB of storage COMPLETELY FREE. No credit card needed, no setup fees,  no expiration date, BUT ABSOLUTELY FREE! You’ll be up and running within minutes!

What are you waiting for! Give it a try today!

Signup now at https://mozy.com/?ref=JARRZH

Use the above referral line or enter “mark@server-monkey.com” as your referral and we both get extra storage space! Signup now!

No Comments


« Previous Entries