blog
Table des matières
- 2026:
- 2025:
1 billet(s) pour avril 2026
| Notes ping ICMP | 2026/04/03 23:01 | Jean-Baptiste |
Lecteur réseau toujours monté grâce à SystemD et à un watchdog
Voir aussi
Tentative de création de montage CIFS avec chien de garde
/etc/systemd/system/mnt-plop.mount
[Unit] Description=Partage # PartOf=mnt-plop-watchdog.service # Requires=mnt-plop-watchdog.service # Requires demonte systematiquement le partage avant de le remonter à chaque frequence du watchdog. # Pour eviter ce pb nous utilisons Wants Wants=mnt-plop-watchdog.service [Mount] What=//127.0.0.1/shared Type=cifs Options=noexec,nosuid,nodev,rw,port=445,uid=66,gid=660,file_mode=0644,dir_mode=0755,noperm,credentials=/root/.cifs_plop Where=/mnt/plop # TimeoutSec semble ne pas avoir d effet # time ls -l /mnt/plop/ # ls: cannot access '/mnt/plop/': Host is down # real 0m10.183s TimeoutSec=10 ForceUnmount=yes DirectoryMode=755 [Install] WantedBy=remote-fs.target
/etc/systemd/system/mnt-plop-watchdog.service
[Unit] Description=Watch dog CIFS ConditionPathExists=/mnt/plop After=network.target # Wants=mnt-plop.mount # PartOf=mnt-plop.mount BindsTo=mnt-plop.mount # StartLimitIntervalSec=5s [Service] Type=simple Restart=always RestartSec=10 # Sleep est utilise car le mount depend du watchdog et le wathdog ne peut pas retourner OK si le montage n est pas actif # Pour contourner ce pb nous ajoutons un delai ExecStartPre=/usr/bin/sleep 5 ExecStart=mountpoint -q /mnt/plop [Install] WantedBy=remote-fs.target
chmod 644 /etc/systemd/system/mnt-plop.mount /etc/systemd/system/mnt-plop-watchdog.service
systemctl daemon-reload systemctl stop mnt-plop.mount mnt-plop-watchdog.service systemctl start mnt-plop.mount systemctl status mnt-plop.mount systemctl enable mnt-plop.mount systemctl status mnt-plop-watchdog.service journalctl -u mnt-plop.mount -u mnt-plop-watchdog.service -f
Le démarrage de l'Unit mnt-plop.mount démarrera automatiquement le chien de garde. L'arrêt de l'Unit mnt-plop.mount l'arrêtera automatiquement.
Cette solution fonctionne super bien, mais il y a bien plus simple
Solution (simple)
- Créer un Unit mount et un automount
- Dans automount
TimeoutIdleSec=0 - Activer et démarrer l'Unit mount et l'Unit automount
Exemple
/etc/systemd/system/mnt-plop.mount
[Unit] Description=Partage [Mount] What=//127.0.0.1/shared Type=cifs Options=noexec,nosuid,nodev,rw,port=445,uid=66,gid=660,file_mode=0644,dir_mode=0755,noperm,credentials=/root/.cifs_plop Where=/mnt/plop TimeoutSec=10 ForceUnmount=yes DirectoryMode=755 [Install] WantedBy=remote-fs.target
/etc/systemd/system/mnt-partage.automount
[Unit] Description=Automount Partage [Automount] Where=/mnt/plop TimeoutIdleSec=0 [Install] WantedBy=multi-user.target
chmod 644 /etc/systemd/system/mnt-plop.mount /etc/systemd/system/mnt-plop.automount systemctl daemon-reload systemctl enable --now mnt-plop.mount mnt-plop.automount
Notes LDAP
Voir :
- curl
Scripts :
- Paquet Debian “ldapscripts” : Add and remove users and groups (stored in a LDAP directory)
Interface Web de changement de MDP compte utilisateur :
Interface d'admin
Voir PhpLDAPadmin
apt-get install cockpit-389-ds
Interface WebUI
Création de compte LDAP
Trouver le ''uidNumber'' maximal
Si accès console sur le serveur :
slapcat |grep uidNumber |awk '{print $2}' |sort -n slapcat |grep gidNumber |awk '{print $2}' |sort -n
Sinon : Find max uidNumber on LDAP
Dans mon cas ça n'a pas fonctionné.
ldapsearch -H ldaps://your-ldap-domain -D "cn=Manager,dc=domain,dc=com" -W | awk '/uidNumber: / {print $2}' | sort | tail -n 1
Source : https://www.dynobin.com/linux-find-max-uidnumber-on-ldap/
Vérifier / lister les compte locké / verrouillés
ldapsearch -x -b "dc=acme,dc=fr" '(&(objectclass=shadowaccount)(shadowexpire=0))' uid
Les filtres
curl -u USERNAME 'ldap://192.168.0.66/CN=Users,DC=training,DC=local?sAMAccountName?sub?(ObjectClass=*)'
$ curl "ldap://localhost:1389/dc=example,dc=com?homephone?sub?cn=*amar" \
-u "cn=directory manager"
Enter host password for user 'cn=directory manager':
DN: uid=mathieu,ou=People,dc=example,dc=com
homephone: +1 225 216 5900
ldapsearch -x -LLL -H ldap://192.168.20.153:389 -D "admin" -w 'P@ssw0rd' -b "dc=acme,dc=fr" |egrep -5 -i --color openstack ldapsearch -x -LLL -H ldap://192.168.20.153:389 -D "admin" -w 'P@ssw0rd' -b "dc=acme,dc=fr" '(memberOf=CN=Openstack,OU=Groupes,dc=acme,dc=fr)' uid ldapsearch -x -LLL -H ldap://192.168.20.153:389 -D "admin" -w 'P@ssw0rd' -b "dc=acme,dc=fr" '(memberOf=CN=Openstack,OU=Groupes,dc=acme,dc=fr)' sAMAccountName
Afficher les membres d'un groupe CN
ldapsearch -x -LLL -D "admin" -y ~/.ldap_pass -b "CN=groupe1,OU=Ressources Exchange,DC=acme,DC=fr" member
Autre
ldapsearch -h ldap.acme.fr -D "admin@acme.local" -W -b "ou=04 - Direction technique,ou=Paris,dc=acme,dc=local" "(&(objectclass=user))" \ -s sub "(&(objectCategory=person)(objectClass=user)(sAMAccountName=*)(OU=Paris,OU=Groups,DC=acme,DC=local))" mail
- /etc/ldap/ldap.conf
BASE dc=acme,dc=fr URI ldap://192.168.20.153 SIZELIMIT 2000
echo -n P@ssw0rd > ~/.ldap_pass chmod 600 !$ ldapsearch -x -LLL -D "admin" -y ~/.ldap_pass -b "dc=acme,dc=fr" '(memberOf=CN=Openstack,OU=Groupes,dc=acme,dc=fr)' cn
Cherche le login d'un utilisateur
#echo |ldapsearch -E pr=1000 -D "admin" -y ~/.ldap_pass sAMAccountName |egrep -i marley echo |ldapsearch -LLL -o ldif-wrap=no -D "admin" -y ~/.ldap_pass sAMAccountName=marley sAMAccountName # MARLEY Robert, Utilisateurs, SERVICE_INFRA dn: CN=MARLEY Robert,OU=Utilisateurs,OU=SERVICE_INFRA sAMAccountName: MARLEY
No wrap
-o ldif-wrap=no
ldapsearch authentification Kerberos GSSAPI
export KRB5CCNAME=/var/lib/sss/db/ccache_ACME.LOCAL ldapsearch -H ldap://srv_ldap.acme.local -Y GSSAPI -N -b "DC=ACME,DC=SVC" "(sAMAccountName=user_01)" mail description 2>/dev/null | grep "dn:\|description:\|mail:"
Netgroup
nisNetgroupTriple correspond aux utilisateurs
memberNisNetgroup correspond aux autres netgroups
Netgroup
Voir http://articles.mongueurs.net/magazines/linuxmag67.html
- /etc/nsswitch.conf
netgroup: ldap
getent netgroup sysadmin getent netgroup $(hostname -s)
ipa netgroup-add --desc="Netgroup description" --nisdomain="example.com" example-netgroup ipa netgroup-add-member --users=user_name --groups=group_name --hosts=host_name \ --hostgroups=host_group_name --netgroups=netgroup_name group_nameame ipa netgroup-add-member --users={user1;user2,user3} \ --groups={group1,group2} example-group
nisNetgroupTriple: This can be used to describe a user (,bobby,example.com) or a machine name (shellserver1,,example.com). This attribute can have multiple values. memberNisNetgroup: This is a very powerful attribute. It is used to merge the attribute values of another netgroup into the current one by simply listing the name (cn) of the merging netgroup. This attribute can have multiple values as well.
+ : @QAUsers@@QASystems : 10. + : root : LOCAL + : @Admins : 10. - : ALL : ALL
account required pam_access.so accessfile=/etc/security/access.netgroup.conf
https://support.hpe.com/hpesc/public/docDisplay?docId=c02058091&docLocale=en_US
Autoriser l'accès que sur certains serveurs
- /etc/security/access.conf
+:root:ALL +:admin:ALL +:@srv1:ALL -:ALL:ALL
Dans notre exemple “srv1” correspond au hostname simple hostname -s de notre serveur
Pb
openldap sizelimit. Can't receive more than 500 entries
Solution -E pr=1000
Ou
- /etc/ldap/ldap.conf
SIZELIMIT 2000
LDAP script changement mot de passe en masse
Je viens de retrouver ce bout de code.
ldap_reset_account.sh
#! /bin/bash LDAP_BINDDN='cn=root,dc=acme,dc=corp' LDAP_PASS='' LDAP_SERVER='localhost' LDAP_PORT='3890' LDAP_SEARCHBASE='ou=people,dc=acme,dc=corp' PASS_OLD_TXT='password' FIC_TMP='/tmp/ldap-reset-password.ldif' FIC_CSV='/tmp/ldap-newpassword.csv' echo > $FIC_TMP echo "dn;mail;pass" > $FIC_CSV IFS_BCK="$IFS" IFS=$'\t\n' ALL_DN_ACCOUNT_OLDPASS="$(ldapsearch -p $LDAP_PORT -h $LDAP_SERVER -b $LDAP_SEARCHBASE "userPassword=$PASS_OLD_TXT" -D $LDAP_BINDDN -w $LDAP_PASS dn |grep ^dn:)" for DN in $ALL_DN_ACCOUNT_OLDPASS do PASS_NEW_TXT=$(cat /dev/urandom |tr -dc A-Za-z0-9 |head -c10 |tr -d "\n") # GENERATION FICHIER LDIF echo $DN >>$FIC_TMP echo "changetype: modify" >>$FIC_TMP echo "replace: userPassword" >>$FIC_TMP echo "userPassword: $PASS_NEW_TXT" >>$FIC_TMP echo >> $FIC_TMP # GENERATION CSV DN=$(echo $DN |sed -e 's/^dn: //') MAIL=$(ldapsearch -p $LDAP_PORT -h $LDAP_SERVER -b "$DN" -D $LDAP_BINDDN -w $LDAP_PASS mail |grep ^mail: |sed -e 's/^mail: //') echo "$DN;$MAIL;$PASS_NEW_TXT" echo "$DN;$MAIL;$PASS_NEW_TXT" >> $FIC_CSV done IFS="$IFS_BCK" echo "ldapmodify -p $LDAP_PORT -h $LDAP_SERVER -D $LDAP_BINDDN -w $LDAP_PASS -f $FIC_TMP"
Tuto LDAP
apt-get install slapd ldapscripts ldap-utils shelldap
Exemple d'un compte utilisateur
dn: uid=prenom.nom.ext,ou=users,dc=truc,dc=domainad,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: prenom nom
gidNumber: 5400
givenName: prenom
homeDirectory: /home/prenom.nom.ext
initials: JB
loginShell: /bin/bash
mail: prenom.nom.ext@entreprise.com
shadowExpire: -1
shadowFlag: 0
shadowLastChange: 10877
shadowMin: 8
shadowWarning: 7
sn: nom
title: System Administrator
uid: prenom.nom.ext
uidNumber: 5400
userPassword: {SASL}prenom.nom.ext@truc.domainad.net
Tester la config
slaptest
Langues et traduction
Voir aussi :
- codespell
Conjugaison
apt-get install verbiste verbiste-gnome
Dictionnaire
Stardict
Install
sudo apt-get install stardict-xmlittre
GoldenDict
Install
sudo apt-get install goldendict
Config
Dark Mode
git clone --depth 1 https://github.com/yozhic/GoldenDict-Full-Dark-Theme
Déplacer le dossier styles et le dossier fonts dans ~/.config/goldendict/
Langues
Lien direct pour le dictionnaire Babylon français/anglais, et pour l'anglais/français.
Correcteur orthographique
Fedora Linux 39 :
Le correcteur orthographique Aspell n’est plus fourni, remplacé avantageusement par hunspell ou enchant2
Langage Groovy
Voir aussi :
Hello world
#! /usr/bin/env groovy /* This is an example */ println "Hello World !"
Importer une class
/* #from java.util import Date #from java.text import SimpleDateFormat */ import java.util.Date import java.text.SimpleDateFormat
Fichier java .class
test.groovy
#! /usr/bin/env groovy println "Test1" class echo1 { def name; String hello() { println "Test2" return name } }
groovyc test.groovy
$ strings test.class |grep -i test test test.groovy Ltest; Test1 $ file *.class echo1.class: compiled Java class data, version 49.0 (Java 1.5) test.class: compiled Java class data, version 49.0 (Java 1.5)
$ groovy --classpath=. test Test1 $ groovy --classpath=. test.groovy Test1
Pb
Pb WARNING: An illegal reflective access operation has occurred
WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (file:/usr/share/groovy/lib/groovy-2.4.21.jar) to method java.lang.Object.finalize() WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.reflection.CachedClass WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release
Pb Error: Could not find or load main class test
$ java -cp . test Error: Could not find or load main class test Caused by: java.lang.NoClassDefFoundError: groovy/lang/Script
Solution
java -cp /usr/share/groovy/lib/groovy-2.4.21.jar:$PWD test
Pb Error: Main method not found in class xxx
$ java -cp /usr/share/groovy/lib/groovy-2.4.21.jar:$PWD echo1 Error: Main method not found in class echo1, please define the main method as: public static void main(String[] args) or a JavaFX application class must extend javafx.application.Application
Solution
Voir : https://www.yawintutor.com/main-method-not-found-javafx-application-class/
test.groovy
#! /usr/bin/env groovy package com.plop; public class Hello { public static void main(String[] args) { System.out.println("Hello World"); } }
java -cp /usr/share/groovy/lib/groovy-2.4.21.jar:$PWD com/plop/Hello
blog.txt · Dernière modification : de 127.0.0.1