Monthly Archives: April 2012
.net MVC with JASIG-CAS
Using official .net Cas client and modify web.config Register casClientConfig Section <configSections> <section name=”casClientConfig” type=”DotNetCasClient.Configuration.CasClientConfiguration, DotNetCasClient”/> <!– Other custom sections here –> </configSections> Place a configuration element directly under the root element. <casClientConfig casServerLoginUrl=”https://server.example.com/cas/login” casServerUrlPrefix=”https://server.example.com/cas/” serverName=”https://client.example.com:8443″ notAuthorizedUrl=”~/NotAuthorized.aspx” cookiesRequiredUrl=”~/CookiesRequired.aspx” redirectAfterValidation=”true” renew=”false” singleSignOut=”true” ticketValidatorName=”Cas20″ serviceTicketManager=”CacheServiceTicketManager” /> Register CasAuthenticationModule with the ASP.NET pipeline by adding it to theandsections as demonstrated in the following configuration blocks. <system.web> <!– Other system.web elements here –> <httpModules> <add name=”DotNetCasClient” type=”DotNetCasClient.CasAuthenticationModule,DotNetCasClient”/> <!– Other modules here –> </httpModules>
JASIG-CAS debug trace
JASIG-CAS provide SSO for web application. CASify a web application could make your application enjoy SSO. Debug trace a CAS session Getting the lt ticket from login screen, e.g. curl –cookie-jar /tmp/c1.cookie -X GET -v https://cas.example.com/cas/login?service=http://www.abc.com|grep lt Get the login ticket,LT-XXXXXX…, ready for the step. Provide username & password & the LT ticket curl -X POST -d “username=usrsid&password=verysecret<=LT-XXXXX…” –cookie /tmp/c1.cookie –cookie-jar /tmp/c2.cookie -v https://cas.example.com/cas/login?service=http://www.abc.com You may need to include execution & _eventId in the post data for recent version of CAS server Afterward, you should get the service ticket, ST-XXXXX…., now. Also, /tmp/c2.cookie contain the cookie of TGC. Laster, you
Password sychronize between Samba & Linux
As Samba & LDAP are using difference password storing scheme, their password value cannot be share even store on the LDAP. There are several ways to synchronize them, as following only point out one of the possible ways.
log4net in mvc3
log4net may be used for .net appliction to server for logging.
Master browser for the DOMAIN in SAMBA
Network browsing is convenient but causing a lot of headaches for administrator. The most 1st rule is setting up a WINS server could help a lot. When your network environment having multiple-domains and some of them are crossing multiple-subnets will cause you a lot or troubles.
File sharing supporting NT ACL as most possible
The file access control in NT is much more complex than UNIX. In general, UNIX only support the ACL in read/write/execute for User/Group/Other of a file or directory. While NT could be far more complex than that, e.g. granting read permission for group1 and all access for group2.
Samba as a PDC for pre 2k domain
In conclude, our setup should meet the following requirement: ADS domain controller is not supported Domain user DB is stored in the LDAP User entries are shared with UNIX Password of the user for windows & Linux are synchronized Domain group is supported
Daily operation for Samba
User operation To add/delete/modify user in the DOMAIN you could using Running USRMGR.exe in a domain workstation with privilege user pdbedit net sam set, e.g, force user to change their password Group operation Running USRMGR.exe in a domain workstation with privilege user net rpc group Windows joining the domain Windows machine could join the domain as usual, there are no special precaution. Samba joining the domain Some notes for Samba domain member server. Since, Samba require physical user passwd entries exist for correct operation. To let samba joining the domain, the samba member server should install nss_ldap & configure the
Adding strong name to existing DLL
The dll should have strong name to let you add them to GAC. The procedure follow could help you signing the dll without using source.
Samba & LDAP
Our aim is setting up a SAMBA server under Linux and making it as a PDC for windows machine.