Archive for June, 2015

How to run Ubuntu KVM host in an unprivileged LXC container

Friday, June 26th, 2015

I like things containerized. nice phone cases for iphone 7 It makes migration simple and painless. I also like my containers unprivileged. otterbox case for iphone 7 This of course brings some inconveniences while making huge strides ahead in terms of security. This is one of the reasons for having my KVM hosts containerized. The other is the fact that sometimes getting KVM on LXC host itself is cumbersome. Others have done significant work at bringing ease of VM operation to Linux, and I like to build on top of that work. iphone 7 plus protective phone cases This guide is for using Ubuntu KVM host inside unprivileged LXC container. (more…)

Ethernet/IP/TCP bitrate vs. packet size vs. segment size vs. efficiency vs. speed

Friday, June 26th, 2015

The shiny title says network interface supports 100 Mbit/s. Ok, I should get 100/8=12.5MB/s or 11.9MiB/s out of it, right? Right? Well, not exactly. As it turns out, running stacked protocols has its penalty. Let us explore what lies beneath. (more…)

RADIUS authentication against LDAP or Active Directory

Thursday, June 25th, 2015

This is a short guide on how to do a setup-and-forget for RADIUS authentication against LDAP or Active Directory services. iphone 6 case colourful

Software installation

Since I had previous success with CentOS 6 and radius server (small time investment into setup and configuration, it worked since then without any noticeable hiccup), that is what will also be used for this occasion. heavy duty iphone case 8 plus Install basic RADIUS packages:

Install LDAP driver:

This is the diff of changes to /etc/raddb configuration files that was performed, in order to get authentication against LDAP working:

Short summary, what you need to do:

  • configure connection to LDAP server (bind credentials, search filter)
  • enable LDAP authentication and authorization
  • define client that is allowed to use this radius service

Start the RADIUS service daemon:

And that is it.

Test your new service

You can use this oneliner to check whether authentication against LDAP server via RADIUS service actually works. This is how you do it:

Output of successful authentication attempt looks like this:

Look for “Access-Accept” message, as it signifies successful authentication.