couple of things to look at for AD auth in ESX 3

http://www.vmware.com/pdf/esx_authentication_AD.pdf
You should additionally check for:
1) Firewall
/usr/sbin/esxcfg-firewall –allowoutgoing –openport 389,tcp,out,in,LDAP We need to allow outgoing and outgoing for port 389. 2) Time.
It’s probably best to sync time with the AD server with NTP. Just configure the /etc/ntp.conf and /etc/ntp/step-tickers files with the AD.]]>

use cat /dev/null instead of rm

1) I check disk space.
[root@supp01 Adon_RHEL_4]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 1011M 464M 496M 49% /
/dev/sda1 99M 12M 82M 13% /boot
none 133M 0 132M 0% /dev/shm
/dev/sda6 494M 8.1M 460M 2% /tmp
/dev/sda2 2.0G 541M 1.3G 29% /usr
/dev/sda3 2.0G 614M 1.2G 33% /var
/dev/sda8 61G 960M 57G 2% /vmimages 2) I see that the VM is running and there are processes that have the file open.
[root@supp01 Adon_RHEL_4]# fuser vmware.log
vmware.log: 571 572 573 19874 19875 19882 3) I fill up the file.
[root@supp01 Adon_RHEL_4]# cat /dev/zero >> vmware.log
cat: write error: No space left on device 4) The filesystem is full.
[root@supp01 Adon_RHEL_4]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 1011M 1012M 0 100% /
/dev/sda1 99M 12M 82M 13% /boot
none 133M 0 132M 0% /dev/shm
/dev/sda6 494M 8.1M 460M 2% /tmp
/dev/sda2 2.0G 541M 1.3G 29% /usr
/dev/sda3 2.0G 614M 1.2G 33% /var
/dev/sda8 61G 960M 57G 2% /vmimages 5) I wipe the file out.
[root@supp01 Adon_RHEL_4]# cat /dev/null > vmware.log 6) I no longer have a full filesystem anymore.
[root@supp01 Adon_RHEL_4]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 1011M 464M 496M 49% /
/dev/sda1 99M 12M 82M 13% /boot
none 133M 0 132M 0% /dev/shm
/dev/sda6 494M 8.1M 460M 2% /tmp
/dev/sda2 2.0G 541M 1.3G 29% /usr
/dev/sda3 2.0G 614M 1.2G 33% /var
/dev/sda8 61G 960M 57G 2% /vmimages 7) Processes still have the file open.
[root@supp01 Adon_RHEL_4]# fuser vmware.log
vmware.log: 571 572 573 19874 19875 19882]]>

How to update ESX 3 with yum

esxupdate –force –easy -r http://host.domain.com/build/esx/esx301 … epos.32039 update If not outright stupid, it is a bit idiotic to do this on a production box. What you can do is point your yum.conf to the CentOS servers and download their updates for Redhat Enterprise Linux and update the packages since ESX is just a modified version of Redhat. Here’s how you do it. [base]
name=CentOS-$releasever – Base
baseurl=http://mirror.centos.org/centos/3.8/os/$basearch/ #released updates
[update]
name=CentOS-$releasever – Updates
baseurl=http://mirror.centos.org/centos/3.8/updates/$basearch/]]>

Postfix SASL w/ Cyrus / LDAP

testsaslauthd -u alton -p If that’s not working, you may need to set the configuration file – probably /etc/sasl/saslauthd.conf You can use strace to see what it’s looking for. /usr/lib/sasl/smtpd.conf or /usr/lib/sasl2/smtpd.conf strace -o /tmp/postfix.txt -fael -p 1765
1765 is the process id for master. Oct 5 17:35:20 chunli postfix/smtpd[17574]: fatal: no SASL authentication mechanisms
Oct 5 17:35:21 chunli postfix/master[1765]: warning: process /usr/lib/postfix/smtpd pid 17574 exit status 1
Oct 5 17:35:21 chunli postfix/master[1765]: warning: /usr/lib/postfix/smtpd: bad command startup — throttling
Oct 5 17:37:37 chunli postfix/smtpd[17620]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechan
isms
Oct 5 18:17:04 chunli postfix/smtpd[20694]: unable to dlopen /usr/lib/sasl2/libdigestmd5.so.2: /usr/lib/sasl2/libdigestmd5.so.2: cannot open shared object file: No such file or directory
Oct 5 18:17:04 chunli postfix/smtpd[20694]: unable to dlopen /usr/lib/sasl2/libotp.so.2: /usr/lib/sasl2/libotp.so.2: cannot open shared object file: No such file or directory
Oct 5 18:17:04 chunli postfix/smtpd[20694]: unable to dlopen /usr/lib/sasl2/libsql.so.2: /usr/lib/sasl2/libsql.so.2: cannot open shared object file: No such file or directory Found the ones I needed in cyrus-sasl-plain-2.1.20-16tr.]]>

How to get tcpdump from Virtual Switches in ESX 3

1) Install VMware-esx-supptools-3.0.0-1.i386.rpm from the ESX 3 cd.

2) You can then run “/usr/lib/vmware/support/esxnet-support man” and learn how to use the tool, but …

3) To get a trace from the portgroup, you’ll need to run:

/usr/lib/vmware/support/esxnet-support trace -z -p Network0

Network0 of course will need to change to your portgroup name.

Another thing you can do is create a portgroup and put it in promiscuous mode. Then, run tcpdump in that guest that’s in that portgroup.