EIGRP (Enhanced Interior Gateway Routing Protocol), is a Cisco proprietary routing protocol (until recently). When a router runs EIGRP, it keeps a copy of its neighbors routing table. If I router cannot find a route it its, or its neighbor's routing table, it will query its neighbors who in turn query their neighbors.
Exactly how routing protocols work is serious business, but dont worry we are not going to go into that here. Below is the process that I used to setup EIGRP on a Cisco 2811.
Before we do anything, lets get into Configuration mode (conf t).
Your first step is going to be to enable IP Routing on your device. But before you do so, make sure that you have configured a Gateway of Last Restort. I did not and had to hook up the old console cable.
The IP of this router is 10.1.0.2, and its directly connected to 10.1.0.1, which is its last resort first hop, so lets configure that .
The Cisco Catalyst 3506G is a layer 3 switch which went end-of-life in 2009. For the home lab its a pretty nice switch to have due to its layer 3 support and gigabit speed. Mine is the model seen to the left, 24 gigabit ports and 4x1gb SFP uplinks.
The Cisco Catalyst 3560 is available with one of two software images:
IP Base software includes advanced quality of service (QoS),
rate limiting, access control lists (ACLs), Open Shortest Path First
(OSPF) for routed access, and IPv6 functionality.
IP Services software provides a broader set of
enterprise-class features, including advanced hardware-based IP Unicast
and IP Multicast routing, as well as policy-based routing (PBR).
Anyway, gathered here are a few manadatory resources for the Cisco Catalyst 3560G.
A few weeks ago i published a Quick and Easy Samba Configuration Guide, which can be found here. After messing around with samba on and off since then I have learned a few things that I wanted to document before I totally forgot them. So lets down to business.
Samba Password Failures
So I have read a few things here and there that say that passwords can be a sticky issue in samba. Such was the case for me when I was trying to set a simple password of “myuser” for the user myuser.
As you can see below I got a bit of output from the command however in the end I was able to add the user, I quick check of google showed that the output below was supposed to be bogus anyway.
# smbpasswd -a myuser
New SMB password:
Retype new SMB password:
tdbsam_open: Converting version 0.0 database to version 4.0.
tdbsam_convert_backup: updated /var/lib/samba/private/passdb.tdb file.
for type 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0
Added user myuser
But when I attempted to test with the samba client I got the following error
So at this point I decided to change the password to something more complex and tried again and this time no issues at all. Just to be cheeky, I then changed the password for myuser back to “myuser” and it worked again.
Lesson learned here if if you see this message try changing your password to something else.
Troubleshooting Samba Share Write Issues
Holy Cow, this one was driving me nuts and I probably spent a good hour trying to fix it. And the fix was super easy. Below I am just trying to put a file on the share using smbclient
# smbclient //localhost/samba -U myuser
Enter myuser’s password:
Domain=[WORKGROUP1] OS=[Unix] Server=[Samba 3.5.10-125.el6]
smb: \> put /var/tmp/test test
NT_STATUS_ACCESS_DENIED opening remote file \test
I tried selinux, various smb.conf changes, checking ip tables, and in the end the issue was as simple as permissions on the directory
chmod 2775 /shared/samba
Once I set this everything worked fine.
Additional Smb.conf Configuration Items
Just do get samba up and running on a basic level you don’t really have to know too many configuration directives, and most of those are documented in smb.conf anyway. However there are a few more options that I think are either useful or interesting. They are below.
admin users – a user configured as an admin user can perform actions as root.
invalid users – any user here is denied access, even if the group that the user is a member of has access.
Finally I have found it! Citrix's XenServer switch configuration best practices document.
While everyone in the world has blog posts and documentation regarding how to set up and configure bridged networks in Xen, they hardly ever go into the physical switch configuration required.
This is the document that you will need to pass along to your friendly Network Administrator, as they will more than likely not be familar with networking for Xen as its much different from networking for Vmware ESX.
The contents of the document above are outlined below.
Change the following options on the switches for XenServer ports:
Enable PortFast on XenServer connected ports. PortFast allows a switch port running Spanning Tree Protocol (STP) to go directly from blocking to forwarding mode by skipping the learning and listening modes. PortFast should only be enabled on ports connected to a single host. Port must be an 802.1q trunk port if you are using VLANS and the port must be in access mode. Ports used for storage should have PortFast enabled. Note: It is important that you enable PortFast with caution, and only on ports that do not connect to multi-homed devices such as hubs or switches.
Disable Port Security on XenServer connected ports. Port security prevents multiple MAC addresses from being presented to the same port. In a virtual environment, you see multiple MAC addresses presented from Virtual Machines to the same port. If you have enabled Port Security, it shuts down the port.
Disable Spanning Tree Protocol on XenServer connected ports. Spanning Tree Protocol must be disabled if you are using Bonded or teamed NICs in a virtual environment. Spanning Tree Protocol should be disabled because of the nature of Bonds and NIC teaming, to avoid failover delay issues when using bonding.
Disable BPDU guard on XenServer connected ports. BPDU is a protection setting part of the STP that prevents you from attaching a network device to a switch port. When you attach a network device, the port shuts down and has to be enabled by an administrator. A PortFast port should neverreceive configuration BPDUs. Note: When BPDUs are received by a PortFast port, it indicates another bridge is connected to the port, and it indicates that there is a possibility of a bridging loop formation during the Listening and Learning phases. In a valid PortFast configuration, configuration BPDUs should never be received, so Cisco switches support a feature called PortFast BPDU Guard, which is a feature that shuts down a PortFast-enabled port in the event a BPDU is received. This feature ensures that a bridging loop is not formed, because the switch's shutting down the port removes the possibility of a loop forming.
Dell™ OpenManage™ Server Administrator is Dell's version of the HP System Management Homepage, as it allows you to log into a web interface to view system configuration, health, and performance statistics. Its availible for free and runs in Windows and Linux.
Dell makes the install easy on Linux due via a public rpm repo. The steps below outline the simple install process.