Acme Evil

#service ldap restart
之後顯示如下訊息：

正在停止 slapd: [ 確定 ]
正在為 slapd 檢查設定檔案: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/ldap: (2)
Expect poor performance for suffix dc=taes,dc=tp,dc=edu,dc=tw. config file testing [ 確定 ]
正在啟動 slapd: [ 確定 ]

上面的所顯示的錯誤訊息裡的DB_CONFIG file 在/etc/openldap/DB_CONFIG.example，複製到/var/lib/ldap裡，改成DB_CONFIG，然後重新啟動LDAP即可。

初始資料庫時，下了
# smbldap-populate
結果出現以下的錯誤訊息，找了很久，在網路上搜尋了很久也沒有結果，雖然知道是驗證方面出了問題，但是不知道哪裡錯了？因為每個相關檔案都檢查無誤。最後，發現的原因真是令人噴飯。解決方法在文章最底部！

Use of uninitialized value in substitution (s///) at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 135, line 73.
Populating LDAP directory for domain taes (S-1-5-21-947298777-4161204931-40633681)
(using builtin directory structure)

adding new entry: dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 2.
adding new entry: ou=Users,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 3.
adding new entry: ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 4.
adding new entry: ou=Computers,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 5.
adding new entry: ou=Idmap,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 6.
adding new entry: uid=root,ou=Users,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 7.
adding new entry: uid=nobody,ou=Users,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 8.
adding new entry: cn=Domain Admins,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 9.
adding new entry: cn=Domain Users,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 10.
adding new entry: cn=Domain Guests,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 11.
adding new entry: cn=Domain Computers,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 12.
adding new entry: cn=Administrators,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 16.
adding new entry: cn=Account Operators,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 18.
adding new entry: cn=Print Operators,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 19.
adding new entry: cn=Backup Operators,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 20.
adding new entry: cn=Replicators,ou=Groups,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 21.
adding new entry: sambaDomainName=taes,dc=taes,dc=tp,dc=edu,dc=tw
failed to add entry: modifications require authentication at /usr/sbin/smbldap-populate line 499, line 21
Please provide a password for the domain root:
Use of uninitialized value in substitution (s///) at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 135, line 73.
No such object at /usr/lib/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 353.

解決的方法很簡單，修改/etc/openldap/slapd.conf這個檔案裡的rootpw位置，rootpw前面不能有空格，有的話就會出現以上的錯誤訊息，拿掉就好了！

With a teacher research program and the use of SQL call, suddenly the network is interrupted. Ping DNS Server and Firewall do not get reply. The first reaction is: firewall was crash again! (Last week, an unknown crash) Go to the mainframe to reboot the firewall, but not solve the problem, watch the firewall log and found some session will suddenly coursing through and error. Suspect a client of LAN be got virus and cause the Internet paralysis; DNS Server reopened after it opened. But good times never often, is only for 1 minutes. Originally guess: "The catch virus PC users should not use the Internet, thus shutdown, the Internet has returned to good" Waiting for a 20 minutes still no improvement, at time has ping any servers with no replies. Why all of the servers? Even if the network traffic congestion, at least there will be the occasional one or two reply correct. Then suddenly to a telephone conversation, reminded "Maybe the switch hub that connect all the servers was crashing?" It's right, all reopened were get after switch hub reboot. However, why switch hub crash for no reason at all?
--------
下午正與某位老師研究SQL的使用以及程式的呼叫，突然網路都斷線了。Ping DNS和防火牆卻得不到Reply回應，第一個反應就是：防火牆又掛了！(上星期才不明的掛了一次) 到了主機房再重開防火牆，沒有解決問題，進防火牆看日誌檔，發現某些session會突然飆高且error，懷疑是區域網路中有一台Client中毒了，而造成網路癱瘓；重開DNS Server之後卻通了。只是，好景不常，只通了一分多鐘。本來猜測："中毒的PC使用者應該是覺得網路不能使用了，因而關機，所以網路又恢復順暢，等他在關機就好了。"等了一、二十分鐘還沒有改善，這時候已經Ping不到任何一台Server了，為什麼會Ping不到全部的Server呢？就算網路塞車，至少也會有偶爾的一、二個reply才對。這時突然來了一通電話，提醒了"會不會是串接所有主機的Switch Hub掛掉了？" 果然，重開Switch Hub一切就恢復正常了。可是，為什麼無緣無故Switch Hub會掛掉呢？

A teacher said he did not enter his own folder, the folder when the double click will show "You do not have this folder competence." Checked it, the original folder authority is being replaced by others, and as long as add his account with write, read, execute can be.

1, Sign in by Domain\Admins.
2, On the folder, right-click and select "Content."
3, "Safety "-->"Add New."
4, "Advanced "-->" Immediately Find "-->" join the domain account "-->"OK."
5, Granting authority, please note that do not check "Full Control". Full Control may cause Domain\Admins can not manage the folder, if the people leave, they must use other methods to loot the authority.
--------
某個老師說他不能進他的資料夾，當雙鍵該資料夾時，會出現"您沒有此資料夾權限"。查了一下，原來是資料夾權限被換成其他人了，只要加他的帳號及修改、讀取、執行權限即可。

1、以Domain\Admins的身分登入。
2、在該資料夾上點擊滑鼠右鍵，選擇"內容"。
3、"安全性"-->"新增"。
4、"進階"-->"立即尋找"-->"欲加入權限之帳號"-->"確定"。
5、給予權限，請注意，請勿在"完全控制"上打勾。完全控制有可能造成Domain\Admins未來無法管理該資料夾，如果該人離職，就必須另外用方法取回權限。

Received letters from the ICST, ask all units block the relay station's IP, is because some unknown malicious mail will be bogus ICST name of those relay stations to send. If received, do not open. Its characteristics are as follows:

寄件者:service@icst.org.tw

主旨：USB 2.0外接式硬碟安全刪除方案

附件名稱：外接式硬碟安全刪除.doc

This malicious code of the relevant information are as follows:

Path:
C: \ Documents and Settings \ \ Local Settings \ Temp \ 2.tmp (file name may change)

Registry:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run

Value:
Data: C: \ Documents and Settings \ \ Local Settings \ Temp \ 2.tmp

Proposed units monitor and stop following relay station IP :

202.177.19.62

211.21.187.20

211.20.70.75

211.20.80.190

211.20.80.100
------------
日前收到國家資通中心來信，希望各單位擋掉一些中繼站IP，是因為有些不明的惡意郵件會冒充國家資通中心的名義以那些中繼站來發送，如有收到請勿開啟，特徵如下：

寄件者:service@icst.org.tw

主旨：USB 2.0外接式硬碟安全刪除方案

附件名稱：外接式硬碟安全刪除.doc

此惡意程式的相關資訊如下：

路徑：
C:\Documents and Settings\\Local Settings\Temp\2.tmp ( 檔名可能會改變 )

Registry：
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Value:
Data: C:\Documents and Settings\\Local Settings\Temp\2.tmp

建議有關單位監控並阻擋以下中繼站IP

202.177.19.62

211.21.187.20

211.20.70.75

211.20.80.190

211.20.80.100