Windows Server – VM System Date/Time
We all know how important System Date/Time is; whether the server is in VM or not.
Right now, I have one problem that I cannot resolve, Time Server in my VM Machines. Our user called me and said that the timestamp on their application is wrong. I checked the Time is our Server and true enough the time is advance by 8 hours.
I reconfigured the Date and Time Settings, Changed the Time Zone, Region and Languages to no avail. The time didn’t change a bit. Changing the Date and Time manually resolved the issue but eventually, the same problem will come back and knock at your door. Have to fix this the proper way.
This problem exists for number of days now and the VM/Server is already in production with temporary solution.
Go back to google and search for another solution, but I was looking for this for days now. Nothing is registering on my mind… same solution, different wordings… Got to wake up. Have a break and take some coffee. Go back in my workstation, staring at my VM’s settings while taking coffee.
Clicking on each options one by one, Hardware, Management, back to Hardware again, Management. Until I emptied my coffee and shoot it in the trash bin (darn! coffee drips on my shirt!) – Counted! 2 point for System Admin 0 for problem resolution.
When I faced my workstation I noticed that my screen is in Management à Integrated Services All Service Offered and on the right side there’s TIME SYNCHRONIZATIOOOONNN.
I immediately disabled the Time Synchronization on my Test VM and log in. Check the system date and… DARN! No changes! System Date/Time is still off. I remembered that Windows has one rule in making system changes. You have to restart the machine for the changes to take effect.
Reboot the VM. Waiting for VM to boot. Waiting… waiting… waiting…
VM booted. Login and check the System Date/Time. Yeheeyyy! System date is now CORRECCCT!
2 points for System Admin and 2 points for problem resolved. Game clock 0.0 and the game is sets for an Over Time.
Alfresco – Desktop Action
How’s your Alfresco doing?
In my case, we’re going for implementation after weeks of testing and some modifications.
Well, I don’t want to see those CheckIn/Checout in every folder (and my user’s agree with me). My users keeps asking me about it (wishper: I changed the File Server for some users without their knowledge for testing. Don’t do this or your head will ROLL!). For them Alfresco is like the same Windows File Server. I like it that way for simplicity and I will introduce more functionality when we role out the entire Alfresco system.
NOTE: To disable the feature, you have to put a comment on each property.
<– Enclosed in this arrow are comments
–>
1st – I want to change the Alfresco name into my company name.
Crate a file /opt/alfresco/tomcat/shared/classes/alfresco/extension/webclient_en_US.properties and put your company name
# cd /opt/alfresco/tomcat/shared/classes/alfresco/extension/
# vi webclient_en_US.properties
and put
company_home=Your Company Name
2nd – disable the URLFileName and the Desktop actions. These are the extra files that you see in every folder and everytime you create a folder. For me I don’t see them helping my users to deal with their files/folder.
Edit the /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/fileServers/default/file-servers-context.xml
# cd /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/fileServers/default
# vi file-servers-context.xml
Look for the following and comment it like below
<!– Add a URL file to each folder that links back to the web client –>
<!–
<property name=”URLFileName”>
<value>__Alfresco.url</value>
</property>
–>
and for Desktop Actions
<!–
<bean>
<property name=”name”>
<value>CheckInOut</value>
</property>
<property name=”filename”>
<value>__CheckInOut.exe</value>
</property>
</bean>
<bean>
<property name=”name”>
<value>JavaScriptURL</value>
</property>
<property name=”filename”>
<value>__ShowDetails.exe</value>
</property>
<property name=”scriptName”>
<value>alfresco/desktop/showDetails.js</value>
</property>
</property>
<property name=”attributeList”>
<value>anyFiles</value>
</property>
<property name=”preprocess”>
<value>copyToTarget</value>
</property>
</bean>
–>
Restart your Alfresco and check your alfresco in windows file explorer.
How was it? Now, it’s just like the old Windows File Server right?!
Installing Apache and PHP
Have you installed a database server and wish you could have installed a web server and php on it to so that you can create your own script to manage the database?
Unfortunately, I came across that situation.
Installing new daemon/server into Linux is an easy task and you don’t have to restart your server. This is a good news for you, that means no downtime for database server.
Let’s start with the installation.
1. Install the Apache Server – Linux server will download some files to be installed and after installing the Apache server, apt-get will start it for you.
# apt-get install apache2
Now, you have a running web server. To test your server:
- Apache – type into your URL “http://<Apache.Server.IP.Address>” and you should have
2. Install PHP5 – Linux server will download all files needed to install PHP5 into your server then apt-get will restart the web server for you.
# apt-get install php5
If web server is not restarted, don’t worry about it for now coz, we have to install the PHP5 module for your web server.
3. Install PHP5 module for Apache
# apt-get install libapache2-mod-php5
If your web server was not restarted, you have to restart it manually.
# /etc/init.d/apache2 restart
To test PHP5, create info.php to view the PHP5 configuration.
<?php
phpinfo();
?>
Check PHP5 configuration in your browser, type in “http://<Apache.Server.IP.Address>/info.php” and you should see the PHP5 configuration.
And… You’re done!
Mounting nfs share on boot
Have you encountered that your mounted nfs folder disappeared after the server reboot (for whatever reason)?
Very frustrating huh?!
I will show you how to mount and will not lose the connection.
Let’s check what are the shared folder exported from our NFS server.
# showmount -e <nfs.server.ip.address>
The program ‘showmount’ is currently not installed. You can install it by typing:
apt-get install nfs-common
showmount: command not found
Arg!!! showmount is not installed. Have to install it first using apt-get.
# apt-get install nfs-common
Now we can view the shared folder from our NFS server.
# showmount -e <nfs.server.ip.address>
Export list for <nfs.server.ip.address>:
/mnt/<shared_folder> <nfs.server.ip.address>/255.255.255.0
Let’s try to mount it to test if we will not encounter any problem in mounting the shared folder.
# mount <nfs.server.ip.address>:/mnt/<shared_folder> /home/<user>/<new_folder>
We can check the newly mounted share using df.
# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda3 48425796 3339580 42626264 8% /
udev 509032 248 508784 1% /dev
none 509032 0 509032 0% /dev/shm
none 509032 112 508920 1% /var/run
none 509032 0 509032 0% /var/lock
none 509032 0 509032 0% /lib/init/rw
<raid.server.ip.address>:/mnt/<shared.folder> 511900416 139367936 346531840 29% /home/<user>/<new_folder>
Neat! It was mounted without any problem.
Mounting it without losing it on boot is not that hard. We have to edit the /etc/fstab
# vi /etc/fstab
Add this line at the bottom the details that you saw when you viewed the shared folder from our NFS server (see above).
<raid.server.ip.address>:/mnt/<shared.folder> /home/<user>/<new_folder> nfs rw 0 0
Reboot the server and watch the magic as it happens.
Check the mounted shared folder using df.
Neat!
Add Alfresco on bootup
Ola amigos y amigas
Just finished everything from Alfresco with CIFS a few days ago. I have to test everything from start to simulate all the changes that I made is working properly.
Reboot the server.
Check the Alfresco in my browser. It’s not working, expected result.
But, I want my Alfresco to start at boot so that I don’t have to manually start it everytime I boot my server.
Let’s see…
I need to add alfresco script to start-up application.
# cd /opt/alfresco/33G
# update-rc.d alfresco.sh defaults
update-rc.d: warning: /etc/init.d/alfresco.sh missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/alfresco.sh …
/etc/rc0.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc1.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc6.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc2.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc3.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc4.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc5.d/S20alfresco.sh -> ../init.d/alfresco.sh
#
Reboot the machine again. Now, Alfresco started. Nice!
Tried Alfresco in Windows Explorer. No dice.
Just remembered that I have to run the iptables again. Argg!
I need to create the iptables script and execute it on boot like alfresco script.
# cd /etc/init.d
# vi alfresco.iptables
Put in the iptables commands
#!/bin/bash
# Flash all IPTables rule
iptables -F
iptables -t nat -F# Accept all INPUT, Forward and Output
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT# IPTables forwarding samba port to Alfresco
iptables -A INPUT -p udp -m state –state NEW –dport 137 -j ACCEPT
iptables -A INPUT -p udp -m state –state NEW –dport 138 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 139 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 445 -j ACCEPT#IPTables for Alfresco
iptables -t nat -A PREROUTING -p udp –dport 137 -j REDIRECT –to-ports 1137
iptables -t nat -A PREROUTING -p udp –dport 138 -j REDIRECT –to-ports 1138
iptables -t nat -A PREROUTING -p tcp –dport 139 -j REDIRECT –to-ports 1139
iptables -t nat -A PREROUTING -p tcp –dport 445 -j REDIRECT –to-ports 1445
Make it executable and run update-rc.d again.
# chmod 755 alfresco.iptables
# update-rc.d alfresco.iptables defaults
update-rc.d: warning: /etc/init.d/alfresco.iptables missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/alfresco.iptables …
/etc/rc0.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc1.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc6.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc2.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc3.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc4.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc5.d/S20alfresco.sh -> ../init.d/alfresco.iptables
#
Reboot Alfresco Server again.
Test Alfresco.
Isn’t it nice when your application runs perfectyly 😀
Alfresco with CIFS
After successfull configuration on Alfresco authenticating in Active Directory. We will try the hardest part in Alfresco configuration.
Alfresco with CIFS
I tried configuring this for weeks now to no avail. Search in Google, Yahoo, Bing, etc. No luck still.
Finally I hit a jackpot!
Let me tell you how I did it.
I only edit the /opt/alfresco/tomcat/shared/classes/alfresco-global.properties and didn’t touch any file other than this. Remember to put your configuration at the end of the file.
Authentication chain should be alfrescoNtlm, passthru and ldap.
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
why 3?
Based on Alfresco Wiki – ldap can synchronize with Active Directory (which is what we did in previous blog) while passthru can do authentication for CIFS. Read carefully the Note, it will save you a head ache.
Alfresco NTLM, passthru and ldap configuration for CIFS
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false
passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
Authentication domain can be left blank while the authentication server
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=<NetBIOS.DOMAIN>\\<Your.ActiveDirectory.IP.Address>
I don’t want unknown users to connect into my Alfresco server.
ntlm.authentication.sso.enables=false
ntlm.authentication.mapUnknownUserToGuest=false
I don’t want to use FTP
passthru.authentication.authenticateFTP=false
Define the administrator accounts separated by coma. In my case, I want my Administrator account.
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
Ldap Synchronisation – have to define the authentication type and the authentication server url
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<Your.ActiveDirectory.IP.Address>:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
We need to provide the Active Directory account with Administrator privileges to bind with Active Directory.
ldap.synchronization.java.naming.security.principal=<NetBIOS>\\administrator
ldap.synchronization.java.naming.security.credentials=<Administrator.password>
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)
Synchronization for group and user per domain.
ldap.synchronization.groupSearchBase=cn\=users,dc=<your.domain>,dc=com
ldap.synchronization.userSearchBase=cn\=users,dc=<your.domain>,dc=com
The query that we want to pass to Active Directory
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true
CIFS Configuration.
cifs.disableNativeCode=false
cifs.enabled=true
cifs.serverName=<Alfresco.server.name>
cifs.domain=<NetBIOS.Domain>
cifs.hostannounce=true
cifs.sessionTimeout=500
cifs.ipv6.enabled=false
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138
cifs.netBIOSSMB.sessionPort=1139
cifs.WINS.autoDetectEnabled=true
Save and start Alfresco.
I’m accessing alfresco as alfresco_user. That means I don’t have privilege to use SMB ports. IPTables comes in handy. (whisper: I got this from Alfresco wiki ;))
# iptables -F
# iptables -t nat -F
# iptables -P INPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -t nat -A PREROUTING -p tcp –dport 445 -j REDIRECT –to-ports 1445
# iptables -t nat -A PREROUTING -p tcp –dport 139 -j REDIRECT –to-ports 1139
# iptables -t nat -A PREROUTING -p udp –dport 137 -j REDIRECT –to-ports 1137
# iptables -t nat -A PREROUTING -p udp –dport 138 -j REDIRECT –to-ports 1138
In my case I opened three terminal, one is for Alfresco log monitoring in case there’s an error and second is to modify alfresco-global.properties and the third is to start/stop alfresco.
alf_start.sh
Neat eh! No error. We’ll try to connect to Alfresco from windows xp.
ERROR [org.alfresco.fileserver] java.lang.IllegalArgumentException: NetworkFile does not implement NetworkFileStateInterface
ERROR [org.alfresco.fileserver] at org.alfresco.jlan.server.filesys.cache.FileStateLockManager.lockFile(FileStateLockManager.java:147)
ERROR [org.alfresco.fileserver] at org.alfresco.jlan.smb.server.NTProtocolHandler.procLockingAndX(NTProtocolHandler.java:2104)
ERROR [org.alfresco.fileserver] at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:299)
ERROR [org.alfresco.fileserver] at org.alfresco.jlan.smb.server.SMBSrvSession.runHandler(SMBSrvSession.java:1366)
ERROR [org.alfresco.fileserver] at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1458)
ERROR [org.alfresco.fileserver] at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:105)
ERROR [org.alfresco.fileserver] at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:153)
ERROR [org.alfresco.fileserver] at java.lang.Thread.run(Thread.java:619)
What?! Error again! (went to pantry and get a coffee)
Troubleshooting:
Checking the iptables rules
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp — anywhere anywhere tcp dpt:microsoft-ds redir ports 1445
REDIRECT tcp — anywhere anywhere tcp dpt:netbios-ssn redir ports 1139
REDIRECT udp — anywhere anywhere udp dpt:netbios-ns redir ports 1137
REDIRECT udp — anywhere anywhere udp dpt:netbios-dgm redir ports 1138Chain POSTROUTING (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destination
Everything seems to be in order.
I will try connecting to the ports from my Linux box.
# smbclient -U andy \\\\<Alfresco.server.IP.Address>\\alfresco -p 1139
Enter andy’s password:
Domain=[<NetBIOS.Domain>] OS=[Java] Server=[Alfresco CIFS Server 5.1.0]
smb: \> ls
. D 0 Tue Jul 13 16:06:10 2010
. D 0 Tue Jul 13 16:06:10 2010
__Alfresco.url R 134 Tue Jul 20 15:49:37 2010
Data Dictionary D 0 Tue Jul 13 16:06:10 2010
Guest Home D 0 Tue Jul 13 16:06:11 2010
User Homes D 0 Tue Jul 13 16:06:11 2010
Sites D 0 Tue Jul 13 16:06:26 2010
Web Projects D 0 Tue Jul 13 16:06:52 2010
Web Deployed D 0 Tue Jul 13 16:06:53 201040000 blocks of size 2097152. 36000 blocks available
smb: \>
That’s good. Linux box was able to connect to Alfresco. Port forwarding is working perfectly. But not Windows XP. Why?! (Thinking… sipping coffee)
Wait. I used port 1139 instead of 139, Windows is using port 139 and not 1139. I’ll try it again, this time I will connect my Linux box to port 139.
# smbclient -U andy \\\\<Alfresco.server.IP.Address>\\alfresco -p 139
Enter andy’s password:
Connection to <Alfresco.server.IP.Address> failed (Error NT_STATUS_CONNECTION_REFUSED)
BAM! Error! NT_STATUS_CONNECTION_REFUSED (Thinking… Pulling my hair)
That means port 139 is closed. If it’s closed we need to open it.
# iptables -A INPUT -p udp -m state –state NEW –dport 137 -j ACCEPT
# iptables -A INPUT -p udp -m state –state NEW –dport 138 -j ACCEPT
# iptables -A INPUT -p tcp -m state –state NEW –dport 139 -j ACCEPT
# iptables -A INPUT -p tcp -m state –state NEW –dport 445 -j ACCEPT
IPTables above will accept new connection on ports 137, 138, 139 and 445 so that redirection will take effect otherwise, IPTables will drop the connection on the said ports.
Try again. Test Alfresco from windows xp.
Good! Good! no error. I was able to connect.
Let’s try to copy file to Alfresco.
Neat! Accepting ports in 137, 138, 139 and 445 solved the problem.
Ha! Ha! Ha!
Hope you’ll be happy like me 😉
Alfresco with Active Directory
If you have not read my Basic Alfresco Installation read it now before going here.
We will going to configure Alfresco to authenticate using Active Directory so that our Windows users can use Alfresco. We will not have any Alfresco account.
Alfresco’s configuration file is alfresco-global.properties, you can find it in /opt/alfresco/tomcat/shared/classes. Make sure to backup the original file, in case you mess up with it.
Basic configuration is already defined and we will add our configuration at the bottom of the file.
Authentication Chain will be passthru with ldap
authentication.chain=passthru1:passthru,ldap1:ldap
Passthru configuration. I don’t want guest users to login into my Alfresco and access my files.
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false
Passthru authentication. We are not going to use CIFS/Samba and FTP, thus we are going to disable it.
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false
We have to define the Active Directory server where Alfresco users will be authenticated and define the Administrator account who’s going to configure our Alfresco.
passthru.authentication.servers=<Your.AD.Server.IP.Address>
passthru.authentication.domain=<Netbios Domain>
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=<Your.Active.Directory.Administrator.Account>
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
Ldap authentication configuration. I don’t want an LDAP authentication rather I want a passthru authentication
ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://<Your.AD.Server.IP.Address>:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
Ldap Synchronization. You have to define the user that has an administrative account in your Active Directory. This account will login to your Active Directory Server to pull all your users.
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=<Netbios Domain>\\<administrator.privilege.account>
ldap.synchronization.java.naming.security.credentials=<administrator.privilege.account.password>
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)
We are going to synchronize all users and groups from your Domain.
ldap.synchronization.groupSearchBase=cn\=users,dc=<company.domain>,dc=com
ldap.synchronization.userSearchBase=cn\=users,dc=<company.domain>,dc=com
Other default ldap synchronization configuration
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
We want to synchronize the changes that we made from our Active Directory
synchronization.synchronizeChangesOnly=true
We are not going to use CIFS/Samba
cifs.enabled=false
Start your Alfresco and monitor your log.
$ cd /opt/alfresco
$ ./alf_start.sh
$ tail -f alfresco.log
Everything seems to be ok.
From your browser, type in your Alfresco server with port 8080
http://<Your.Alfresco.Server.IPAddress>:8080/alfresco
Login using your Active Directory account
while your Alfresco Share is
http://<Your.Alfresco.Server.IPAddress>:8080/share
Next time, I will configure Alfresco with CIFS/Samba. I read that this is tough to configure.
Wish me luck!
Alfresco basic installation
What is Alfresco?
From wikipedia:
Alfresco is an enterprise content management system for Microsoft Windows and Unix-like operating systems. Alfresco comes in two flavours[2]. Alfresco Community Edition is free software, LGPL licensed open source and open standards. Alfresco Enterprise Edition is commercially & proprietary licensed open source, open standards and enterprise scale. Its design is geared towards users who require a high degree of modularity and scalable performance.
From Samaxes:
A lot of people still misunderstand the purpose of Alfresco. Alfresco is not yet a full WCM (Web Content Management) like Joomla or Drupal, but an ECM (Enterprise Content Management).
Alfresco, at its core, is a general purpose content repository with content management services. It can be used to manage all your business documents and transform them in web-ready formats (HTML, PDF) and categorize them linking into overall site navigation and index pages.
Did he say, manage all your business documents and transform them into web-ready formats? That’s what I’m looking for.
I’m going to install one for me to see what it really offers.
All installation must be done as root. Otherwise you have to do a sudo on each command.
# sudo su
After installing your linux server for Alfresco. You have to upgrade it. I mean, you have to download and install all the fixes for your linux version.
# apt-get upgrade
Install all the Alfresco pre-requisite
# apt-get install mysql-server sun-java6-jdk imagemagick swftools openoffice.org-core openoffice.org-java-common openoffice.org-writer openoffice.org- impress openoffice.org-calc
Add your JAVA_HOME settings in your System-wide environment viriables. This will enable all users to use the JAVA environt when they login into the system. Edit the environment file and add JAVA_HOME=”/usr/lib/jvm/java-6-sun/” at the end of the line
# vi /etc/environment
To use the newly added environment variable, it’s either you have to logout and login again so that the JAVA environment variables will be added into your session or reload the System-wide environment. I prefer to reload the environment variables without re-login.
# source /etc/environment
After installing the pre-requisite applications now, Alfresco installation.
I prefer to install 3rd party application in /opt to separate the linux application from other application. This helps me in managing and administration.
# makdir -p /opt/alfresco/33G
Have to change the permission of the newly created folder for alfresco_user.
# chown -R alfresco_user:alfresco_user /opt/alfresco
Download alfresco using alfresco_user
# exit
$ cd ~
$ mkdir download
$ cd download
$ wget http://dl.alfresco.com/release/community/build-2860/Alfresco-Community-3.3g-Linux-x86-Install?dl_file=release/community/build-2860/Alfresco-Community-3.3g-Linux-x86-Install
Change Alfresco’s permission and Install
$ chmod 744 Alfresco-Community-3.3g-Linux-x86-Install.bin
$ ./Alfresco-Community-3.3g-Linux-x86-Install.bin
Follow the installation procedure
After the installation, run alfresco for the first time.
$ cd /opt/alfresco/33G
$ ./alf_start.sh
Check Alfresco log for error.
$ tail -f alfresco.log
Running good… good… Error! Error!
ERROR [org.alfresco.repo.content.transform.magick.AbstractImageMagickContentTransformerWorker] ImageMagickContentTransformerWorker not available: 06130000 Failed to perfo rm ImageMagick transformation:
Execution result:
os: Linux
command: [/usr/local/bin/convert, /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformerWorker_init_source_5931186726648279134.gif[0], /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformerWorker_init_target_339515008452978855.png]
succeeded: false
exit code: 1
out:
err: Cannot run program “/usr/local/bin/convert”: java.io.IOException: error=2, No such file or directory
16:06:05,588 ERROR [org.alfresco.repo.content.transform.RuntimeExecutableContentTransformerWorker] Failed to start a runtime executable content transformer:
Execution result:
os: Linux
command: [/opt/alfresco/bin/pdf2swf, -V]
succeeded: false
exit code: 1
out:
err: Cannot run program “/opt/alfresco/bin/pdf2swf”: java.io.IOException: error=2, No such file or directory
The error is “Cannot run program /usr/local/bin/convert”. Checking if the file really exist, Alfresco’s right. There’s no convert in /usr/local/bin.
We have to find (It’s better if we find the missing file as root) those applications and fix it according to Alfresco’s configuration. First problem is convert.
$ sudo find / -name convert -print
Found it! It’s in /usr/bin and not in /usr/local/bin, as per Alfresco’s configuration.
/usr/bin/convert
/usr/local/bin/convert
We will going to fix it by creating a link from /usr/bin to /usr/local/bin so that Alfresco can detect it.
$ sudo ln -s /usr/bin/convert /usr/local/bin/convert
Do the same for converter and pdf2swf
Restart Alfresco and check for error
$ cd /opt/alfresco/33G
$ ./alf_stop.sh
$ ./alf_start.sh
$ tail -f alfresco.log
Looks good eh! Seeing Alfresco started without error.
Wait! Wait! I saw some warning on JVM.
18:11:31,144 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM – v1.6.0_20-b02; maximum heap size 494.938MB
18:11:31,144 WARN [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM – WARNING – maximum heap size 494.938MB is less than recommended 512MB
Ok! Ok! We will fix it too.
We have to expand the JVM memory to solve this warning. Go to Alfresco install home, in my installation it’s in /opt/alfresco/33G, and edit the alfresco.sh file, and modify the JAVA_OPTS:
From:
export JAVA_OPTS=’-Xms128m -Xmx512m -XX:MaxPermSize=128m -server’
To:
export JAVA_OPTS=’-Xms256m -Xmx1024m -XX:MaxPermSize=512m -server’
Restart Alfresco again.
18:32:17,312 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM – v1.6.0_20-b02; maximum heap size 989.875MB
Very good! Whew!
Now, log-in to Alfresco from your favorite browser:
http://<Alfresco.server.ip.address>:8080/alfresco
Log-in as admin, depends on what account/password you define during your installation. In my case, it’s:
username: admin
password: admin
That’s it for now. Next time we will configure alfresco with Active Directory.
Filtering using Squid
Typical office set-up always have an internet connection. Even stores have one and they are fast! Thanks to wireless internet. But, in a office of 30 or more employees with 1MBPS connection, you will have a different experience. That’s because some of your users are downloading mp3’s, movies, etc while working. Those downloads will slow down your internet not to mention the internet advertisement being displayed in most of the website that your users visited.
Hit google and research! <ding!> I found a solution – Proxy Server. Proxy’s main function is to cache the most visited web sites. But wait, proxy is not only to cache most visited websites, it can do filtering too.
Did I say filtering? Yes, you’re right filtering. I know, most of users will hate you for doing this. They’ll feel that they’re being suppressed of right to access the internet and everything. Ha! ha! ha! I know I’ve been in your shoes.
But, What can you do? Your network is slowing down and you need to speed up the sending/receiving of email, the important websites for research. Managers needs to communicate and do research. Besides, the company needs to make money, right? Otherwise, the company cannot pay your salaries, bla bla bla.
As the System or Network Administrator you need to speed up the internet connection without increasing the bandwidth ‘coz bigger bandwidth costs money.
It’s time to install SQUID proxy server!
There are number of proxy server on the internet why squid? Squid has been around for years and it’s stable and fast but most of all you can configure it according to your need. (whisper: most important, it’s my personal favorite!)
Let’s dig in into business.
Below is the basic configuration to run squid proxy but, we are not interested in that configuration, we are more interested in filtering of websites and internet advertisement, slowing down downloads and stuff.
#General Setup
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
http_port 3128 transparent
icp_port 0
request_body_max_size 10240 KB
cache_mem 64 MB
cache_replacement_policy heap LFUDA
cache_dir ufs /opt/squid/cache 6000 16 256
access_log /var/log/squid/access.log squid#Replace “server_hostname” with the hostname of your Ubuntu machine
visible_hostname <server name>refresh_pattern -i .deb$ 0 50% 28800
refresh_pattern -i .rpm$ 0 50% 28800
refresh_pattern -i .tgz$ 0 50% 28800
refresh_pattern -i .exe$ 0 50% 28800
refresh_pattern -i .cab$ 0 50% 28800
refresh_pattern -i .zip$ 0 50% 28800
refresh_pattern -i .rar$ 0 50% 28800
refresh_pattern -i .arj$ 0 50% 28800
refresh_pattern -i .jpg$ 0 50% 28800
refresh_pattern -i .gif$ 0 50% 28800
refresh_pattern -i .bmp$ 0 50% 28800
refresh_pattern -i .mov$ 0 50% 28800
refresh_pattern -i .avi$ 0 50% 28800
refresh_pattern -i .mpg$ 0 50% 28800
refresh_pattern -i .mpeg$ 0 50% 28800
refresh_pattern -i .wmv$ 0 50% 28800
refresh_pattern -i .mp3$ 0 50% 28800
refresh_pattern -i .wav$ 0 50% 28800
refresh_pattern -i .bin$ 0 50% 129600# caching TTL and DNS
negative_ttl 1 minutes
positive_dns_ttl 15 hours
negative_dns_ttl 1 minutes
half_closed_clients offacl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE
Now that you have the basic configuration we will add the Access Lists.
You have to define your IP networks
acl Servers src 192.168.1.0/24
acl Production src 192.168.2.0/24
acl back-office src 192.168.3.0/24
acl sales src 192.168.4.0/24
acl Management src 192.168.5.0/24
Define the web sites that you want to deny and give full speed and most important slow down the downloads.
acl fullspeed dstdomain “/etc/squid/fullspeed.dat”
acl DeniedSites dstdomain “/etc/squid/deniedsites.dat”
acl slow_it_down url_regex -i “/etc/squid/slow_this_down”
Access Lists for ftp
# acl www_ports src 80 443
acl ftp_ports src 21
acl localhost src 127.0.0.1/32
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE
Define who can and don’t access the internet
http_access allow manager localhost our_network
http_access allow manager localhost
http_access allow servers back-office sales management
http_access allow PURGE
http_access allow localhost
http_access deny manager
http_access deny PURGE
http_access deny DeniedSites
Define the FTP account for anonymous FTP download. Change domain for your domain name
ftp_user Squid@<domain>.com
ftp_passive off
Now, for serious stuff.
We don’t want to delay our Servers and management’s traffic. Don’t forget to include your IP Address.
delay_parameters -1/-1 means that they have no limit in using the internet. That includes you 😉
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow cubic-server fullspeed management networkadmin
For the Second delay pool.
we want to delay downloading files mentioned in slow_it_down.
The numbers here are values in bytes;
40000/500000 = 40 kbps download speed and 25 MB bucket for the network
15000/250000 = 15kbps download speed with 25 MB bucket for each user
after downloaded files exceed about 250000 bytes, they will continue to download at about 5000 bytes/s
delay_class 2 2
delay_parameters 2 40000/500000 15000/250000
delay_access 2 allow slow_it_down production back-office sales
That’s it. Reload squid’s configuration.
# service squid reload
or
# /etc/init.d/squid reload
After configuring your proxy, it’s time to define the denied websites, etc.
create a file named deniedsites in /etc/squid
# vi /etc/squid/deniedsites
and add the sites that you want to deny.
.youtube.com
.facebook.com
.friendster.com
.video.msn.com
.megavideo.com
.doubleclick.net
.bannerconnect.net
.ads.clicksor.com
.ads.overclock.net
.ads.ozonemedia.co.in
.statcounter.com
.207.net
.2mdn.net
.advertising.com
.atdmt.com
.atwola.com
.intellitxt.com
.kanoodle.com
c.live.com
.msads.net
.ads1.msn.com
.rad.msn.com
c.msn.com
.pointroll.com
.revsci.net
.llnwd.net
.ugamsolutions.com
.zedo.com
sg.adserver.yahoo.com
pagead2.googlesyndication.com
.blip.tv
.dailymotion.com
Wait a minute. Did I just include youtube, facebook and friendster? Now, that’s a serious problem. I will have a lot of question from the users. Yes, you will hehehe and be ready to answer all of them or send out an IT Advisory that the company’s internet is slowing down bla bla bla. You need to be creative on this 🙂
The rests are internet advertising sites.
As for downloading of files, you have to define the extension name of the files that you want to slow down.
.ftp
.mp3
.vqf
.rpm
.zip
.avi
.mpeg
.mpe
.mpg
.qt
.ram
.rm
.raw
.wav
.mov
Now, define the web sites that can be downloaded very fast
.google.com
.yahoo.com
.<your domain>.com
NOTE: Be on guard always, users might get back on you on what you’ve done on the internet hehehe
putty as an alternative to hyperterminal
New laptop’s don’t come with Serial connection anymore. That’s a problem if your studying/configuring cisco routers. Cisco can only configured with console cable.
I searched ebay and found the RS232 to USB converter but, the driver that comes with it is not working.
I seeked help from all friendly google for the driver and found one that works for me.
Now that I installed the driver, I can now proceed with my study.
I’m going to use putty instead of hyperterminal (windows vista and windows 7 does not have hyperterminal). Below are the procedures on how I configured putty to access my cisco router.
Plug your console cable to cisco router and the RS232 (female) to RS232 (male) of converter and plug the USB in your laptop. Now, you have to check the communication port number from Computer Management (Start –> Control Panel –> Administrative Tools –> Computer Management –> Device Manager and look at Port (COM & LPT).
Open putty and configure:
a. Select Serial from Connection Type
b. Specify the COM Port number in Serial line, check the Com port from above.
c. Speed should be 9600
d. Click on Serial from Category to configure additional Options
e. Flow Control should be None.
f. Click on Window from Category and change the line of scroll back. I use 500,000
g. Go back to Session and save the configuration
Now, power your router and click Open (putty).
Wait for the magic to happen.
Viola! You have your router console terminal.
Andoy lang's Blog 