Settings for SAMBA Shares to Play Nicely with MacOS

Add the following to the global section: min protocol = SMB2 ea support = yes vfs objects = fruit streams_xattr acl_xattr fruit:appl = yes fruit:metadata = stream fruit:model = MacSamba fruit:veto_appledouble = no fruit:posix_rename = yes fruit:zero_file_id = yes fruit:wipe_intentionally_left_blank_rfork = yes fruit:delete_empty_adfiles = yes fruit:locking = netatalk In the individual shares if you want … Read more

To Set the Console Text to Green with a Blinking Block Cursor

For Ubuntu: Update /etc/default/grub and add the quoted text to whatever is already there. GRUB_CMDLINE_LINUX_DEFAULT=”consoleblank=0 vt.cur_default=6 vt.color=2″ This will also set it so the console never blanks; adjust “consoleblank” to your own tastes (in seconds). After updating, you need to run a command to commit the changes to the kernel at next boot: /usr/sbin/update-grub For … Read more

Getting DKIM working

I used these two sites to figure out how to get DKIM working: https://wiki.debian.org/opendkim https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf Install opendkim and opendkim-tools cd /etc/dkimkeys opendkim-genkey -t -s mail -d technomancer.com Edit /etc/opendkim.conf: Domain technomancer.com KeyFile /etc/dkimkeys/mail.private Selector mail Socket local:/var/spool/postfix/opendkim/opendkim.sock # Specify the list of keys KeyTable file:/etc/dkimkeys/keytable # Match keys and domains. To use regular expressions in … Read more

Setting up DNSSEC in bind9

Install the bind9 packages. Make sure it’s enabled in named.conf.options: dnssec-validation auto; dnssec-lookaside auto; # Need to look up what this one is Generate the keys (pick an appropriate algorithm; today (22 Mar 2021),ECDSAP384SHA384 seems to be the “ideal”): dnssec-keygen -a ECDSAP384SHA384 -b 4096 -n ZONE technomancer.comdnssec-keygen -f KSK -a ECDSAP384SHA384 -b 4096 -n ZONE … Read more

Setting up freeradius on Ubuntu

Add client to /etc/freeradius/3.0/clients.conf client someclient.tek { ipaddr=172.22.42.4 secret=xxxxxxxxxxxxxxxxx shortname=internal-network login       = !root } Set daemon to run with group shadow in /etc/freeradius/3.0/radiusd.conf Uncomment unix type in /etc/freeradius/3.0/sites-available/default to enable reading of passwd/shadow information.