Lock User Accounts After Too Many Login Failures

Add the following two lines highlighted in blue to the /etc/pam.d/system-auth file as shown below:

auth        required      /lib/security/$ISA/pam_env.so
auth        required      /lib/security/$ISA/pam_tally.so

                           onerr=fail no_magic_root
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth

                           nullok
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so
account     required      /lib/security/$ISA/pam_tally.so 

                           per_user deny=5 no_magic_root reset
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid

                           < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok

                           use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

The first added line counts failed login and failed su attempts for each user. 

The default location for attempted accesses is recorded in /var/log/faillog.

Read More

Web Interface Logon process in Citrix

Web Interface(WI) logon process:

1. User enter URL of WI server and logs on.
2. Web Interface server contacts XML broker, xml broker authenticates user and returns application list
3. User clicks on application
4. Web Interface server contacts XML broker
5. XML broker contacts ZDC to find least loaded server,
6. ZDC returns IP of least loaded server to XML broker
7. XML broker returns IP address of least loaded server to Web Interface
8. Web Interface creates ICA file with IP of least loaded server and returns it to client
9. Browser launches ICA client and connects directly to server using ICA files sent from Web Interface

Read More

Adding Second Farm to web Interface

Open the first farm and:

Open the Access Management Console at Web Interface Server,

click “Configuration Tool” 

-> “Web Interface” 

--> right click on the site you created 

and select “Manage Server Farm” 

-> Add second Farm

Read More

Backup Access Data Store and Restore

While there is no built-in backup scheduler with Access, Presentation Server includes the DSMAINT BACKUPcommand for backing up Access Data Stores only. Citrix recommends that this command be executed daily using a scheduler script.
WARNING! Do not attempt to backup Microsoft SQL Server or Oracle databases using this command.
MDB: A file with the MDB file extension is a Microsoft Access Database file.
Moving / Restoring an Access Database
Access to a valid backup or Copy of the Data Store is assumed before the following procedure is started.
Moving an Access Database
To move an Access database, complete the following procedure:

1. Copy the Data Store file named “MF20.mdb” in the %system%\Program Files\Citrix\Independent Management Architecture\ folder from the source server to the target server, which will be the new Data Store host.
2. On the new host server, create a new File DSN by using the Microsoft ODBC manager pointing to the Data Store, as shown in the following screen shots:

3. Close the ODBC manager because you have created the required DSN file.
   The next task requires you to edit the registry settings.
   Caution! This fix requires you to edit the registry. Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.


4. Run the Registry Editor and change the value of the following registry key from <blank> to ImaAccess.dll
   HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\DatabaseDriver


5. Open a command prompt and run the following command to configure IMA and use the new DSN file.
   dsmaint config


6. is a sample for your reference:
   dsmaint config /user:citrix /pwd:citrix /dsn:<full path to the newly created DSN file from Step 2>.

Note: You can drag and drop the DSN file into the command prompt to avoid typing the wrong path.

6. Run the following command from the command prompt to stop the IMA Service and recreate the Local Host:
   dsmaint recreatelhc


7. On all the remaining servers in the farm, run the following command, where <DirectServername> is the name of the new host server.
   dsmaint failover <DirectServername>

Restoring an Access Database
It is assumed that the following tasks are completed before starting the procedure to restore an Access database:

• You have rebuilt or reinstalled XenApp to recover from a failure.
•  You have a working XenApp server up and running with IMA started.
• You have access to a backup copy of the old Access Data Base (MF20.mdb) created by the DSMAINT BACKUP command or some other method.

To restore an Access database, complete the following procedure:

1. Stop the IMA Service and copy the existing MF20.mdb file to a safe location.
   Note: You will be replacing this file with your backup MF20.mdb.


2. Copy the Data Store file named “MF20.mdb” from the backup source to the target server and save it in the %system%\Program Files\Citrix\Independent Management Architecture\ folder.
   Note: The IMA Service must be stopped before starting the next task.


3. Open a command prompt and run the dsmaint config command to configure IMA and use the existing MF20.dsn file.
   Following is a sample of the preceding command:

dsmaint config /user:citrix /pwd:citrix /dsn:<full path to the .dsn file >.

Note: You can drag and drop the DSN file into the command prompt to avoid typing the wrong path.

     4.    Run the following command from the command prompt to recreate the Local Host cache and any other servers in the farm so they are aware of the new information:
            dsmaint recreatelhc
            Note: Do not forget to stop IMA before you run the preceding command.

Read More

3 Ways to Access Your Linux Partitions From Windows

If you’re dual-booting Windows and Linux, you’ll probably want to access files on your Linux system from Windows at some point. Linux has built-in support for Windows NTFS partitions, but Windows can’t read Linux partitions without third-party software.

This list is focused on applications that support the Ext4 file system, which most new Linux distributions use by default. These applications all support Ext2 and Ext3, too – and one of them even supports ReiserFS.

Ext2Fsd

Ext2Fsd is a Windows file system driver for the Ext2, Ext3, and Ext4 file systems. It allows Windows to read Linux file systems natively, providing access to the file system via a drive letter that any program can access.
You can have Ext2Fsd launch at every boot or only open it when you need it. While you can theoretically enable support for writing to Linux partitions, I haven’t tested this. I’d be worried about this option, myself – a lot can go wrong. Read-only support is fine, though, and doesn’t have a risk of messing
anything up.

The Ext2 Volume Manager application allows you to define mount points for your Linux partitions and change Ext2Fsd’s settings.

If you didn’t set Ext2Fsd to autostart at boot, you’ll have to go into Tools –> Service Management and start the Ext2Fsd service before you can access your Linux files. By default, the driver automatically mounts and assigns drive letters to your Linux partitions, so you don’t have to do anything extra.

You’ll find your Linux partitions mounted at their own drive letters in Windows Explorer. You can access the files on them from any application, without the hassle of copying files to your Windows partition before accessing them.

This partition’s file system as actually EXT4, but Ext2Fsd can read it fine, anyway. If you’re looking for your personal files, you’ll find them in your /home/NAME directory.

 

 

DiskInternals Linux Reader

Linux Reader is a freeware application from DiskInternals, developers of data recovery software. In addition to the Ext file systems, Linux Reader also supports ReiserFS and Apple’s HFS and HFS+ file systems. It’s read-only, so it can’t damage your Linux file system.

Linux Reader doesn’t provide access via a drive letter – it’s a separate application you launch to browse your Linux partitions.

Linux Reader shows previews of your files, making it easy to find the right one.

If you want to work with a file in Windows, you’ll have to save the file from your Linux partition to your Windows file system with the Save option. You can also save entire directories of files.

 

Ext2explore

It’s an open-source application that works similarly to DiskInternals Linux Reader — but only for Ext4, Ext3, and Ext2 partitions. It also lacks file previews, but it has one advantage: it doesn’t have to be installed; you can just download the .exe and run it.

The Ext2explore.exe program must be run as administrator or you’ll get an error – you can do this from the right-click menu.

To save some time in the future, go into the file’s properties window and enable the “Run this program as an administrator” option on the Compatibility tab.

As with Linux Reader, you’ll have to save a file or directory to your Windows system before you can open it in other programs.

Read More

3 Easy Ways to Connect to Windows Shared Folders from Linux

Connecting to file servers is something most people do on a daily basis even without thinking about it. In Linux, it may not be intuitive how to quickly connect to a samba or ftp server without a separate program. Here are a few different ways to connect to a remote file server without needing to touch a terminal.

Using Keyboard Shortcut

You can connect to a server by opening the run application window with the Alt+F2 keyboard shortcut. You will just need to specify the server type by adding the protocol at the beginning of the command. For example smb:// will connect to a samba share; other supported protocols are ssh, ftp, sftp, http, and https.

Note: In the example below my server name is playground and the shared folder is called music.

If your server requires a password to connect, fill out the next window that pops up and select how long you would like it to store your password.

A Nautilus window will automatically open with the server you just connected to, and you should have a shortcut under places on the left side and a shortcut on your desktop.

From GNOME Menu

If you are using Ubuntu, and many other GNOME based distributions, you will have a places menu on your top menu bar. Open that menu and click connect to server.

A new window will open up with a drop down so you can select what type of server you are connecting to.

For a samba/cifs server select Windows share and fill out the required information.

Note: Unlike the run application window, you do not need the slashes to connect here.

Alternatively, you can also get to the connect to server window from Nautilus’ file menu.

With a Shortcut

If you would like instant access to the connect to server window from your GNOME menu bar right click on the menu you would like to add the shortcut to and click add to panel.

In the window that pops up, search for “connect” and connect to server should be one of the results. Highlight the shortcut and click add at the bottom of the window.

Now you will have an additional shortcut on your GNOME bar for easy access.

Read More

Connect Your iPhone, iPod Touch, or Android Phone to a Wi-Fi Network

Have you ever wanted to connect your phone or mobile device to a Wi-Fi network at home or your favorite coffee shop but aren’t sure how? Today we’ll take a look at how to connect to Wi-Fi on an iPhone, iPod Touch, and Android devices.

iPhone / iPod Touch

Note: We are using version 4.0 of the iPhone OS

Find and select the Settings icon on your iPhone or iPod Touch.

Select Wi-Fi from the Settings menu.

If your Wi-Fi setting currently set to Off, tap it to toggle On the Wi-Fi access.

Once your Wi-Fi is enabled you should see available networks appear below. Encrypted networks will show a padlock to the right of the name while “open” networks will not. Tap to select the network to join.

If you choose a network that requires a password, you’ll be prompted to enter it. Type in your password and select Join.

When connected, your network SSID will be indicated in blue with a check mark beside it.

To connect to a network with a hidden SSID, select Other.

You’ll need to know the SSID, Security type, and password. Enter that information and select Join.

  

Now you can browse to all your favorite websites and connect to other devices on your Wi-Fi network.

Android

Note: We are using Android 2.1 for our examples.

On your Android device, select the Settings icon.

 

Under Settings, choose Wireless & networks.

Next, select Wi-Fi settings.

If Wi-Fi is not already turned on, tap the check mark by Wi-Fi to turn it on. When Wi-Fi is enabled, available SSID’s will appear below. Encrypted networks will by indicated with a padlock icon. Select the network to which you’d like to connect.

If password protected, type in your password and select Connect.

You should now see that you are connected to the network.

To connect to a Wi-Fi network with a hidden SSID, select Add Wi-Fi network from the settings.

Then manually type in your SSID and password, and select your network security type. Select Save when finished.

 

Now you can browse the web through your Wi-Fi router or connect to other network devices.

 

Conclusion

Whether you want to connect to Wi-Fi to communicate to other devices or just save on your phone’s data usage, it’s pretty easy to do on your iPhone, iPod Touch, or Android phone.

Read More