Author: Dale Macartney

Converting VMware disk images to use in KVM

From time to time, you may have a need to convert a VMware based virtual disk image into some other format.

If you use KVM as your virtualization technology or perhaps you are migrating from VMware to KVM, you will need to convert your VMware disk images (.vmdk files) into a supported image type that you can use in KVM.

 

Individual Image files

If you have a single vmdk file, you can convert it with the below command.

qemu-img convert -f vmdk disk-image.vmdk -O raw disk-image.img

Continue reading “Converting VMware disk images to use in KVM” »

DNS Conditional forwarders with Mikrotik RouterOS

If you have been following some of my recent articles, you may have noticed that I am covering a few topics which are typical for joining multiple environments together.

One of these topics has been setting up DNS forwarding based on a per zone basis. This is a typical requirement for Active Directory Domain trusts and other related tasks.

This article will cover how to set up a DNS conditional forwarder on a RouterOS based device.

In this example, I will be using the below details

RouterOS Version:                  5.15
RouterOS IP Address:               10.0.0.254
Example.com DNS server IP Address: 10.0.1.11
Domain.com DNS server IP Address:  10.0.4.11

Continue reading “DNS Conditional forwarders with Mikrotik RouterOS” »

Authenticating Apache Virtual Hosts with Kerberos

Below is a quick walk through on setting up an Apache virtual host with kerberos authentication.

If you use or are looking to integrate single sign on into your websites or web based applications in your environment, this will be for you.

Example Details

In this article I will be setting up a new website called mysite.example.com, using the below details.

Web Server Name: web01.example.com
Web Server Operating System: Red Hat Enterprise Linux 6.3
Kerberos Realm: EXAMPLE.COM
Kerberos Username: testuser

Continue reading “Authenticating Apache Virtual Hosts with Kerberos” »

Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6

I am really very pleased to be writing this article as I’ve been wanting to see this functionality ever since I first started getting into FreeIPA and using Yubikeys.

If you are are Yubikey user/admin, chances are you are a little, if not very, frustrated that there is no simple way to centrally manage your users and key tokens.

The way most One Time Password(OTP) solutions work is based on a central server which maps a token to a user. Yubico however, use a local text file on each individual system, which map a username to a specific key token. This is a very clunky method, especially if you are managing very large numbers of servers.

Well, with a bit of work, and with huge thanks to Michal Ludvig, we now have a way of integrating Yubikey’s directly into an LDAP based directory server.

I came across his article on a Google+ post detailing how he has provided a way for this to become reality. I am still unbelievably impressed.
You can read his original article here. http://www.logix.cz/michal/devel/yubikey-ldap/

 

I have absolutely no intention of trying to steal any thunder away from what Michal has done here. It is truly fantastic.
In this article, I am simply providing a very quick and easy way of storing Yubikey token ID’s inside of FreeIPA 3.0 on Red Hat Enterprise Linux 6.4 (Beta)

I would also like to thank Gavin Spurgeon for his help in clarifying the inner workings of how the integration happens, specifically with FreeIPA as it was not as straight forward as I anticipated.

Continue reading “Integrating Yubikey Token details within LDAP with FreeIPA and Red Hat Enterprise Linux 6” »