Blog | Zefrain's Blog

How To Download Packages With Dependencies Locally In Ubuntu, Debian, Linux Mint, Pop OS

October 27, 2022 · One min read

How To Download Packages With Dependencies Locally In Ubuntu, Debian, Linux Mint, Pop OSLink Text

Method 1

$ sudo apt-get install --download-only <package_name>

All downloaded files will be saved in /var/cache/apt/archives directory.

$ sudo dpkg -i *

Method 2

if we have installed packages already, use the apt-rdepends

$ sudo apt install apt-rdepends

apt download $(apt-rdepends vim | grep -v "^ ")

if we get errors like this

E: Can't select candidate version from package debconf-2.0 as it has no candidate

delete version specified in name like this

$ apt-get download $(apt-rdepends vim | grep -v "^ " | sed 's/debconf-2.0/debconf/g')

Then

$ sudo dpkg -i *

ms_ad_key_concepts_schema

October 25, 2022 · One min read

AD architectural

https://docs.aws.amazon.com/zh_cn/directoryservice/latest/admin-guide/ms_ad_key_concepts_schema.html

references

Lockdown: unsigned module loading is restricted

October 20, 2022 · One min read

Lockdown: unsigned module loading is restricted

restart
press F2
more settings
Secure Boot
Disable

debug busy process

October 19, 2022 · One min read

How to debug a busy process (no response)

logging

error occured?

`pstack $PID`

whether there are many locks waiting

execute multiple statements in an "if" statement

October 13, 2022 · One min read

use progn

(defun MyFunction(input)
  (let ((NEWNUM (find input num)))
    (if (find input num)                ; if this
        (progn
          (setq num NEWNUM)
          (FUNCT2))                     ; then execute both of these ;
      (list 'not found))))              ; else output this

references
- can-you-execute-multiple-statements-in-an-if-statement

iptables port map

October 11, 2022 · One min read

iptables port map

需要先开启linux的数据转发功能

$ vi /etc/sysctl.conf，将net.ipv4.ip_forward=0更改为net.ipv4.ip_forward=1
$ sysctl -p  //使数据转发功能生效

更改iptables，使之实现nat映射功能

将外网访问192.168.75.5的80端口转发到192.168.75.3:8000端口。

$ iptables -t nat -A PREROUTING -d 192.168.75.5 -p tcp --dport 80 -j DNAT --to-destination 192.168.75.3:8000

将192.168.75.3 8000端口将数据返回给客户端时，将源ip改为192.168.75.5

$ iptables -t nat -A POSTROUTING -d 192.168.75.3 -p tcp --dport 8000 -j SNAT --to 192.168.75.5

查看nat，可以使用命令：iptables -t nat –list检查nat列表信息

references

[iptables实现端口映射][https://www.cnblogs.com/dongzhiquan/p/11427461.html]

SSSD and Active Directory

July 20, 2022 · One min read

SSSD and Active Directory

install packages:

$ sudo apt install sssd-ad sssd-tools realmd adcli sssd-tools sssd libnss-sss libpam-sss adcli packagekit

join domain

$ sudo realm discover -v $DOMAIN
$ sudo realm join $DOMAIN

edit /etc/sssd/sssd.conf

$ vim /etc/sssd/sssd.conf

[sssd]
domains = ad1.example.com
config_file_version = 2
services = nss, pam

[domain/ad1.example.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD1.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ad1.example.com
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad

# the following is not shown in ubuntu documentation,
# but is necessary for version after 22
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = permissive

automatically create home directory


$ sudo pam-auth-update --enable mkhomedir

check

$ getent passwd $USERNAME@$DOMAIN

$ sudo login

ad-client login: $USERNAME@$DOMAIN
Password: 
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-24-generic x86_64)
...
Creating directory '/home/john@ad1.example.com'.
john@ad1.example.com@ad-client:~ 

references
- SSSD and Active Directory

Member Server in an Active Directory Domain

July 20, 2022 · One min read

Member Server in an Active Directory Domain

Install packages:

$ sudo apt install realmd samba libnss-winbind samba-common-bin libpam-winbind winbind

Edit /etc/resolv.conf

nameserver # BD server ip address

find realm

$ sudo realm discover

Realm join

$ sudo realm join -v --membership-software=samba --client-software=winbind $DOMAIN REALM

edit /etc/nsswitch.conf

passwd:         files systemd winbind
group:          files systemd winbind

automatically create home directory

$ sudo pam-auth-update --enable mkhomedir

see references for more detail

references
- Member Server in an Active Directory Domain

How to block yum from upgrading obsoleted package?

July 20, 2022 · One min read

How to block yum from upgrading obsoleted package?

$ sudo yum --setopt=obsoletes=0 install obsoleted-package

or edit /etc/yum.conf

obsoletes=0

references
- How to block yum from upgrading obsoleted package?

How to Clear Cache in Linux?

July 18, 2022 · One min read

How to Clear Cache in Linux?

Clear PageCache only.

$ sync; echo 1 > /proc/sys/vm/drop_caches

Clear dentries and inodes.

$ sync; echo 2 > /proc/sys/vm/drop_caches

Clear pagecache, dentries, and inodes.

$ sync; echo 3 > /proc/sys/vm/drop_caches

references:
- Documentation for /proc/sys/vm/drop_caches

Method 1​

Method 2​

AD architectural​

Lockdown: unsigned module loading is restricted​

How to debug a busy process (no response)​

logging​

pstack $PID​

iptables port map​

SSSD and Active Directory​

How to block yum from upgrading obsoleted package?​

Method 1

Method 2

AD architectural

Lockdown: unsigned module loading is restricted

How to debug a busy process (no response)

logging

`pstack $PID`

iptables port map

SSSD and Active Directory

How to block yum from upgrading obsoleted package?