Dialing extension on a remote Asterisk Server through IAX trunk

Open the config extensions_additional.conf

Go to the context of the concerned IVR.

add the Line

exten => _<Dial Pattern>,1,dial(iax2/<Trunk Name>/${EXTEN})

eg: exten => _5xxx,1,dial(iax2/OFFICE3/${EXTEN})
When this is done, a pattern with 5 followed by 3 digits ,ie, an extension will be forwarded to the remote asterisk server using IAX2 trunk

So that an extension of an elastix server can be dialled from a remote server.

Once the file is edited

Reload asterisk.

Creating a new MySQL ODBC DSN and importing it in Microsoft Excel

1. Download the MySQL ODBC Connector Driver and Install it. 
 http://dev.mysql.com/downloads/connector/odbc
2. Go to Control Panel > Administrative Tools > Data Sources (ODBC)
3. Select User DSN. Click Add
4. Select the MySQL ODBC Driver. Click Finish
5. In the 'MySQL Connector/ODBC Data Source Configuration' dialog box, enter the following details.
•   Data Source Name
•   Description
•   TCP/IP Server
•   Port (Default 3306)
•   User 
•   Password
•   Database
6. Click Test. If connection is OK, "Connection Successful" Dialog Box Appears. Click OK

This creates a User MySQL ODBC DSN. 

Now we have to configure it in Microsoft Excel.

1. Open Microsoft Excel.
2. click Data Tab.
3. Click Connections
4. In the Workbook Connections Wizard, Click Add
5. Click 'Browse For More'.
6. In the dialog box, Click New Sources.
7. In the 'Data Connection Wizard',  Select ODBC DSN and Click Next
8. Select the DSN Created Earlier.
9. Click Next and then Finish.
10. Now in the 'Data' Tab of Excel,  Click Existing Connection.
11. Open the Database that we added.
12. In the import Wizard, Click OK.

The data from the DB will be imported in the Excel Sheet.

VM Not starting - "VM is in Use error" - VMWare

Not able to launch the VMware session after a PC crash.

The following error message was being displayed, “  Taking ownership of this virtual machine failed. The virtual machine is in use by an application on your host computer."


Solution:

Close the VMware Player. Open up the Explorer . Go to the location of the VMDK in your explorer. 
Delete all the*.LCK files. You might also need to delete directories that works as Locks (ends in LCK)



Now start the Virtual Machine.

Outlook Hyperlink problem - "This operation has been cancelled due to restrictions"

While opening a hyperlink present in an email in OUTLOOK, We might face the following error 

"This operation has been cancelled due to restrictions. Please contact your system administrator."
This happens because MS - OUTLOOK needs IE to be the default application to open the Hyperlinks.
The following can be done to solve this issue.

EDIT Registry
1. Start, click Run, type Regedit in the Open box, and then click OK.2. Browse to HKEY_CURRENT_USER\Software\Classes\.html3. Right click the value for the .html key and select Modify…4. Change the value from “ChromeHTML” to “htmlfile” (or from FireFoxHTML to htmlfile)5. Repeat for .htm, shtml, .xht, .xhtml, .xhtm keys6. Repeat these steps for htm and .shtml keys if they exist. You may also want to check the xhtml and xhtm keys. 


Reset Web Settings
1. Close Outlook2. Open Internet Explorer.3. On the Tools menu, click Internet Options.4. Click the Advanced tab, and then click the Reset button.5. On the Programs tab, under Internet programs, click Set Programs, then “Set your Default Programs”, select your OUTLOOK program and click “Set this program as Default”. Repeat for Internet Explorer.6. Click OK and close the dialogs.

GEOM ELI FULL DISK ENCRYPTION

Boot up with FreeBSD Live CD. Start bsdinstall.

When installation reaches partitioning, select ‘shell’.

Partitioning

# gpart create  –s gpt ada0

1 .Create Boot Block

# gpart add –t freebsd-boot –s 64k ada0

# gpart bootcode  –b /boot/pmbr  –p /boot/gptboot  –i 1 ada0

2 .Create and format Boot partition

# gpart add –t freebsd-ufs –s 256m ada0

# newfs /dev/ada0p2

3. Create and initialize encrypted partition

# gpart add –t freebsd-ufs ada0

# geli init –bl 256 /dev/ada0p3                       (Pass phrase will be prompted.)

# geli attach /dev/ada0p3                   (Pass phrase will be prompted. Device /dev/ada0p3.eli will be created.)

# newfs /dev/ada0p3.eli

4. Mount file systems to /mnt

# mount /dev/ada0p3.eli /mnt

# mkdir /mnt/boot2

# mount /dev/ada0p2 /mnt/boot2

5. Continue Installation

# exit

Once the installation ends, enter into a ‘shell’ to make final changes.

Final Changes

1. Move /boot to /boot2/

# mv /mnt/boot  /mnt/boot2/.

2. Edit loader.conf

# vi /boot2/boot/loader.conf

Add the following lines.

geom_eli_load=”YES”

vfs.root.mountfrom=”ufs:/dev/ada0p3.eli”

3. Edit fstab

Add the following lines

/dev/ada0p2                /boot2              ufs       rw,noatime      1          1

/dev/ada0p3.eli                        /                       ufs       rw,noatime      1          1

TWO NODE PACEMAKER FAIL SAFE CLUSTER WITH FLOATING IP ADDRESS (CentOS 6.3)

On both the nodes

1. Install Pacemaker

yum install pacemaker

2. Create configuration files for COROSYNC

cp /etc/corosync/corosync.conf.example    /etc/corosync/corosync.conf

vi /etc/corosync/service.d/pcmk

service {

        name: pacemaker

        ver: 1

}

3. Install CRMSH

wget -P /etc/yum.repos.d/ http://download.opensuse.org/repositories/network:/ha-clustering/CentOS_CentOS-6/network:ha-clustering.repo

yum install crmsh

4. Start Services

service corosync start

service pacemaker start

chkconfig corosync on

chkconfig pacemaker on

On Primary Node

1. Configure Pacemaker using CRM

crm configure property stonith-enabled=false

crm configure primitive ClusterIP ocf:heartbeat:IPaddr2 params ip=192.168.124.110 cidr_netmask=24 op monitor interval=30s

crm configure primitive postfix ocf:heartbeat:postfix op monitor interval=60s depth="0" timeout="20s"

crm configure property no-quorum-policy=ignore

crm configure rsc_defaults resource-stickiness=100

crm configure order postfix-after-ip mandatory: ClusterIP postfix

crm configure colocation postfixWithIP INFINITY: postfix ClusterIP

The status of the cluster nodes can be checked using the following commands :

crm status

crm resource show

Samba with Windows AD-Integration

Prerequisites

1. Software
   • Samba > 3.0.20
   • Kerberos MIT/Heimdal
   • ntp
   • often cups-Server
2. Permissions/Users
   • root-user on the server
   • an AD user with the permission to join AD

Steps

1. The time between DC's and the Samba server must be in sync
   • use ntp
2. configure your Kerberos environment kinit must be running fine
3. configure your smb.conf
   • security = ADS
4. join into the domain
   • kinit
   • net ads join
5. start the services
   • nmbd
   • smbd
   • winbindd

Setting Up Kerberos

The first thing to do is to set up the kerberos keys so that they work. Remember that kerberos is time-dependent, so you may have to make sure that the machine time is correct using a protocol like NTP.

Below is a working krb5.conf file.

Note: Letters are case sensitive in this case!!!!!

Without capitalization of your realms and .domain_realm, kerberos won't be able to connect.

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

[libdefaults]

default_realm = WINDOWS.DOMAIN.COM

dns_lookup_realm = false

dns_lookup_kdc = false

ticket_lifetime = 24h

forwardable = yes

[realms]

WINDOWS.DOMAIN.COM = {

kdc = windows.domain.com

admin_server = windows.domain.com

default_domain = windows.domain.com

}

[domain_realm]

.kerberos.server = WINDOWS.DOMAIN.COM

.windows.domain.com = WINDOWS.DOMAIN.COM

[kdc]

profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]

pam = {

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false

}

Save the file. Once the file is saved you can test it with this command:

kinit admin@WINDOWS.DOMAIN.COM.

Remember, again, capitals are important. This should ask you for the password for the user account "admin", and then tell you if you have successfully logged in.

Setting up Samba

Samba is the software that allows you to connect Linux and UNIX clients to a Window's domain in the same way as you would a Windows 2000/XP machine. There are three important components, smbd, nmbd, and winbind, which all use the same configuration file: /etc/samba/smb.conf. Check the example configuration file below:

#GLOBAL PARAMETERS

[global]

workgroup = MIDGARD

realm = WINDOWS.DOMAIN.COM

preferred master = no

server string = Linux Test Machine

security = ADS

encrypt passwords = yes

log level = 3

log file = /var/log/samba/%m

max log size = 50

printcap name = cups

printing = cups

winbind enum users = Yes

winbind enum groups = Yes

winbind use default domain = Yes

winbind nested groups = Yes

winbind separator = +

idmap uid = 600-20000

idmap gid = 600-20000

;template primary group = "Domain Users"

template shell = /bin/bash

[homes]

comment = Home Direcotries

valid users =%S

read only = No

browseable = No

[printers]

comment = All Printers

path = /var/spool/cups

browseable = no

printable = yes

guest ok = yes

A few important switches that might need a bit of explanation.

Now, test the parameters file, and correct any syntax errors, using the command "testparm". It should print out that everything is okay, and a warning about the + sign possibly causing problems with domain joins. This can be safely ignored.

Now to join your machine to the active directory. You will need the user-name and password to a Domain Administrator account to do this. The command you need to join the domain is net ads join -U sadwrn. This should then ask you for a password, and print a domain join notice.

To check that you have succesfully joined the domain, there are several things you can test.

• net ads join -U administrator Test the connection to the Active Directory.
• wbinfo -u Should now list all the members of the domain.
• wbinfo -g Should now list all the groups available in the domain.

• wbinfo -a username%password checks to see if username using password can connect to the domain.

• should wbinfo fail to return all groups or users in the active directory, simply increase the idmap gid upper boundary and restart winbind and SMB until all users and groups are produced in the list.

Adding this list to the password list.

The next step is to get the passwd command to check the winbind list for usernames and groups. This is fairly straight forward as it only involves changing one file, /etc/nsswitch.conf and at that fairly minimally. Of course, backup this file before changing it.

passwd: files winbind

shadow: files winbind

group: files winbind

#hosts: db files nisplus nis dns

hosts: files dns wins

# Example - obey only what nisplus tells us...

#services: nisplus [NOTFOUND=return] files

#networks: nisplus [NOTFOUND=return] files

#protocols: nisplus [NOTFOUND=return] files

#rpc: nisplus [NOTFOUND=return] files

#ethers: nisplus [NOTFOUND=return] files

#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: db files

netmasks: files

networks: files dns

protocols: db files

rpc: files

services: files

netgroup: files

publickey: nisplus

automount: files

aliases: files nisplus

Note that the following files (and symlinks) must be present in the system /lib directory:

libnss_winbind.so

libnss_winbind.so.2 -> libnss_winbind.so

libnss_wins.so

libnss_wins.so.2 -> libnss_wins.so

Now all that remains is setting up PAM authentication.

Setting up PAM Authentication for Active Directory.

On RedHat, changing the PAM configuration is as easy as changing one file, the /etc/pam.d/system-auth file. This file is responsible for directing the services that require authentication to the right mechanism to get a response. Change the file as follows:

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required /lib/security/$ISA/pam_env.so

auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok

auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass

auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet

account sufficient /lib/security/$ISA/pam_winbind.so use_first_pass

account required /lib/security/$ISA/pam_permit.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow

password sufficient /lib/security/$ISA/pam_winbind.so use_first_pass

password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so

session required /lib/security/$ISA/pam_unix.so

session required /lib/security/$ISA/pam_winbind.so use_first_pass

Save the file, and change to another virtual terminal. Try logging in as a Member of the Active Directory. This should work, though you WILL see an error about missing home-directory (don't worry about that, we'll fix that later). If you have had a a previous user account on that machine that matches the log-in from the Active Directory, you will need to comment it out. (comment, not delete, that way you can restore if things go wrong). Check as many users as you can, until you feel comfortable that the mechanism works. ALERT! Remember to ensure that ROOT can still log in.

Authenticating share users and groups against active directory

Yeah, this one took me about a day too.

[Pictures]

comment = Directory for storing pictures

path= /usr/local/pictures

Valid Users =@WINDOWS.DOMAIN.COM+group WINDOWS.DOMAIN.COM+user

writable=yes

browseable=yes

@WINDOWS.DOMAIN.COM+group gives any member of the 'group' on WINDOWS.DOMAIN.COM access to this share.

WINDOWS.DOMAIN.COM+user gives 'user', single user members of WINDOWS.DOMAIN.COM, access to this share.

Configuring Samba

The Samba configuration (tested on 3.0.24) should contain these values:

[global]

passdb backend = tdbsam

idmap backend = ad

idmap uid = 100-20000000

idmap gid = 100-20000000

winbind nss info = rfc2307

RESTART SERVICES smb, nmb and winbind

# service smb restart
# service nmb restart
# service winbind restart

Permissions

AD users and groups may be designated as file and directory owners, and whitespace may be used in group names hwoever must be escaped by backslash. chown, chgrp,setfacl, and getfacl all function with active directory users and groups.