Skip to content

Test your sql skills online

Very nice 5 questions quiz about SQL performance

http://use-the-index-luke.com/3-minute-test/

Posted in MySQL.

No comments

By admin August 19, 2011

Learn Perl in about 2 hours 30 minutes

Quality links are always welcome :)

I’m using Perl from time to time and it is very hard to switch between programming languages without quality references. For quick Perl course, check the next link

Learn Perl in about 2 hours 30 minutes

Posted in Programming.

1 comment

By admin August 1, 2011

phpMyAdmin with mod_fcgid – http auth with CGI

One of the mod_fcgid benefit is using different user for executing scripts in different directories (for example every hosted virtual domain has its own system user which can only execute his own scripts). This is a some kind of protection so one exploited site can’t harm other hosted domains (of course, chmod 600 on config files is a MUST).

Unf. phpmyadmin has problems with php in CGI mode. When using HTTP basic authentication, phpMyAdmin kept popping up the authentication dialog over and over again. The solution is to create .htaccess file inside phpmyadmin web dir with next content

RewriteEngine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

According to phpmyadmin documentation, when using PHP in CGI mode, the authentication data is not passed over to the script by default and the lines in .htaccess shown above should fix this problem.

Posted in Apache.

No comments

By admin July 29, 2011

Disk usage analysis

Taking care about disk usage is a very good habit. There are several options for this and now I will only describe df and du commands.

The df utility displays the disk space usage on all mounted filesystems.

[root@abc ~]# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      35772016  20297132  13628408  60% /
/dev/sda1               101086     17692     78175  19% /boot
tmpfs                   513044         0    513044   0% /dev/shm

Adding the -T option (type) will print the filesystem type. Also, the good idea is to add -h option because df measures the size in 1K blocks, which is difficult for a desktop user to recalculate.

Now we have

[root@abc ~]# df -h -T
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
              ext3     35G   20G   13G  60% /
/dev/sda1     ext3     99M   18M   77M  19% /boot
tmpfs        tmpfs    502M     0  502M   0% /dev/shm

As you can see, it is much easier to understand.

You can use the du command to determine which files or directories need to be deleted or reduced. A simple du will print usage for the present working directory and its subdirectories, along with the size of each directory.

du directory will print the size of an particular dir.

Avilable options:
-h – print the size of the podcasts directory in a more readable format
-c – prints the grand total size of the directory at the end.
-a – displays the file names along with directories
-s – display a summary, without showing all of the subdirectories.

For example, du -ch | grep total prints just one line with the total size of the directory.

Posted in Other, Tips & Tricks.

No comments

By admin July 11, 2011

Fedora 15…

Thanks but no thanks…

Posted in Other.

1 comment

By admin June 10, 2011

Switching from Windows to Linux – is it possible ?

Few days ago I had a failure with my computer. The Windows installation on C partition decided to die. It was impossible to recover it and the only solution was to backup my emails, desktop and my documents, then format.

Luckily I had a dual boot with Mint Linux and it was extremely easy to backup my files… Also, like I said a few days ago, I became a father and the whole day was like the days before… Tea is very nice baby and she had a very nice schedule (eat, sleep, dump) and yesterday was the same. While I was in “the father loop” I decided to abandon Windows XP.

The reasons:

  • it is an old OS and Win 7 works much better
  • I’m lazy and I don’t have enough time to reinstall it. I will keep the Win XP license sticker just like a note that I had a Win XP on this notebook.

What exactly do I need from my computer:

  • LAMP (done)
  • Winbox (done via Wine)
  • Netbeans, Eclipse (they work better on Linux)
  • MySQL workbench (it works perfectly on Linux)
  • Putty, Pidgin, Skype, XChat, Firefox, Chrome, Thunderbird, … (done)
  • Photoshop (Gimp can be used for the basic image manipulation. I already gave up from my professorial photography career so I can live without Photoshop)
  • Corel (maybe Inkscape can be a replacement… I’m still not sure…I didn’t use Corel for years and I don’t need it at all.)
  • TrueCrypt (it works fine)

Three days after I switch to Linux, I’m still trying to forget on Windows. For now, I’m doing well.

Don’t worry… I still didn’t forget on FreeRadius howtos. I’m working on the next post about Freeradius and MySQL. Also, I have a few tricks which you should consider in case you want to tune your MySQL and FreeRadius.

Best regards

Edit:

Ten days later, I’m still struggling. :)

Posted in Linux, Other, Windows.

1 comment

By admin April 25, 2011

Time out

This post won’t be long… Actually I became a father 20 days ago and this blog will be “on hold” until I find some time.

This is my first child and the feeling is GREAT. The baby girl and the mother are fine and all we’re actually doing is a some kind of loop “eat-sleep-dump”..

See ya later fellas…

Posted in Other.

No comments

By admin April 16, 2011

MySQL Performance – Howto – part 1 (high performance tuning scripts)

Often the server admin has little control over the applications which uses MySQL and it is hard to find the bottlenecks. This blog post can’t bring the peace in the world, or help NASA to finally land on the Mars. Instead those tasks, I’ll try to solve something else and present my own experiences with MySQL storage engines (at least for MyISAM and InnoDB as the most popular).
Continued…

Posted in CentOS, MySQL, Tips & Tricks.

2 comments

By admin March 21, 2011

FreeRadius install howto (3)

In this post I will say something about FreeRadius config files, database connection, basic instruction how to insert user in database, etc. Before you step inside this post, I recommend reading part 1 and part 2.

I suppose you’re using RH based distros (Red Hat, CentOS, Fedora,..) and you already installed FreeRadius from source (config files are located in /usr/local/etc/raddb/). Now lets get back to FreeRadius source dir (the place where you extracted the tar.gz).

Inside redhat dir you can find freeradius-radiusd-init script which can be used for easy start/stop radiusd process. Copy this script to /etc/init.d/ dir

# cp freeradius-radiusd-init /etc/init.d/radiusd

Now open /etc/init.d/radiusd script and change the next lines

exec=${exec:=/usr/sbin/$prog}
config_dir=${config_dir:=/etc/raddb}
config=${config:=$config_dir/radiusd.conf}
pidfile=${pidfile:=/var/run/$prog/$prog.pid}
lockfile=${lockfile:=/var/lock/subsys/radiusd}

into

exec=${exec:=/usr/local/sbin/$prog}
config_dir=${config_dir:=/usr/local/etc/raddb}
config=${config:=$config_dir/radiusd.conf}
pidfile=${pidfile:=/usr/local/var/run/$prog/$prog.pid}
lockfile=${lockfile:=/var/lock/subsys/radiusd}

Save changes and exit from editor. (Notice above that we actually changed the path from / to /usr/local/)

Now you can easily start/stop radiusd process.

[root@ms /]# service radiusd
Usage: /etc/init.d/radiusd {start|stop|status|restart|condrestart|try-restart|reload|force-reload}

Also, you can exec chkconfig –level 235 radiusd on to start radiusd on boot.

Now lets get back to our setup.

I suppose you have at least one NAS (A Network Access Server (NAS) is a system that provides access to a network. In some cases also known as a Terminal Server or Remote Access Server (RAS).) NAS is a CLIENT for your radiusd server so please do not mess users and clients. Freeradius doesn’t interact with your users directly so “radius client” is another term for NAS.

The first step is to add your NAS to client list and to create a unique password. Inside clients.conf (/usr/local/etc/raddb/clients.conf) you can find the next lines

#client 192.168.0.0/24 {
#       secret          = testing123-1
#       shortname       = private-network-1
#}

Uncomment those lines and set up client IP address according to your addresses. In the example shown above, all IPs from 192.168.0.0/24 network will be able to use your radiusd server.

You can allow any IP with

client 0.0.0.0/0 {
       secret          = mysecret
       shortname       = myNAS
}

which means all IPs in the world can use my radius server (which is not recommended)…

To allow only one IP (in this case 192.168.0.15),

client 192.168.0.15 {
       secret          = mysecret
       shortname       = myNAS
}

Delete user Cleartext-Password := “password” line from users because we don’t need this any more.

Stop radiusd and start in debugging mode (radiusd -X).

You should see the similar lines

...............
radiusd: #### Loading Clients ####
 client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "testing123"
        nastype = "other"
 }
 client 192.168.0.15 {
        require_message_authenticator = no
        secret = "mysecret"
        shortname = "myNAS"
 }
...........

This means that radiusd will allow NAS with IP address 192.168.0.15 and secret mysecret. Ctrl+C to stop radiusd.

In case you want to use MySQL with freeradius, you should do the next steps. Before anything, you need to create a database for freeradius.

Connect as root to your mysql and exec next queries.

CREATE USER 'radius'@'localhost' IDENTIFIED BY  'radpass';
GRANT USAGE ON * . * TO  'radius'@'localhost' IDENTIFIED BY  'radpass';
CREATE DATABASE IF NOT EXISTS  `radius` ;
GRANT ALL PRIVILEGES ON  `radius` . * TO  'radius'@'localhost';

Another option is to use admin.sql script from raddb/sql/mysql dir.

CREATE USER 'radius'@'localhost';
SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('radpass');
GRANT SELECT ON radius.* TO 'radius'@'localhost';
GRANT ALL ON radius.radacct TO 'radius'@'localhost';
GRANT ALL ON radius.radpostauth TO 'radius'@'localhost';

This script will set a little bit safer permissions where radius will be able only to write radacct and radpostauth tables. (Do not forget to change default username/pass shown above).

The next step is to import default Freeradius tables (the sql files can be found inside raddb/sql/mysql dir). You should import nas.sql and schema.sql. The nas.sql will create a table for your NASes. It is much easier to maintain the NAS list inside database then inside clients.conf. Also, you can add more fields to nas table so you can do other operations with your NAS.

After this operations you should have something like:

[root@ms mysql]# mysql -u radius -p
Enter password:
Welcome TO the MySQL monitor.  Commands END WITH ; OR \g.
Your MySQL connection id IS 23387
Server version: 5.0.77-log SOURCE distribution
 
TYPE 'help;' OR '\h' FOR help. TYPE '\c' TO clear the buffer.
 
mysql> USE radius;
Reading TABLE information FOR completion OF TABLE AND COLUMN names
You can turn off this feature TO GET a quicker startup WITH -A
 
DATABASE changed
mysql> SHOW TABLES;
+------------------+
| Tables_in_radius |
+------------------+
| nas              |
| radacct          |
| radcheck         |
| radgroupcheck    |
| radgroupreply    |
| radpostauth      |
| radreply         |
| radusergroup     |
+------------------+
8 ROWS IN SET (0.00 sec)
 
mysql>

Now we have a working database and we need to configure FreeRadius to use SQL.

radiusd.conf

Open radiusd.conf file (/usr/local/etc/raddb/radiusd.conf), and uncomment $INCLUDE sql.conf line inside modules section. Save changes and exit.

sql.conf

Open sql.conf and edit next lines

        # Connection info:
        server = "localhost"
        #port = 3306
        login = "radius"
        password = "radpass"
 
        # Database table configuration for everything except Oracle
        radius_db = "radius"

to fit your settings (database name, username and password).

dialup.conf

Then open /usr/local/etc/raddb/sql/mysql/dialup.conf and find the next lines (near the end)

 # Uncomment simul_count_query to enable simultaneous use checking
        simul_count_query = "SELECT COUNT(*) \
                             FROM ${acct_table1} \
                             WHERE username = '%{SQL-User-Name}' \
                             AND acctstoptime IS NULL"

Sometimes you will need to check users for simultaneous use and uncommenting sql in session section and uncommenting the query shown above will help you to do this.

default

Now open /usr/local/etc/raddb/sites-available/default and uncomment sql lines inside authorize, accounting and session sections. You can uncomment sql inside post-auth section too if you want to log login attempts (notice that this is not recommended for production servers. Your database can grow and eat up all free space in case someone tries to brute force your NAS.).

Then comment the next lines: files inside authorize section, detail, unix and radutmp inside accounting section and radutmp inside session section.

Please note that those lines we commented above are not important for now and commenting those lines can improve performance. Also, note that detail should remain uncommented in case you want to create ‘detail’ed log of the packets for accounting requests. You will need this in case you want to proxy accounting to another server.

Then save the file and check your config with radiusd -X (debugging mode).

After this you should see something like

rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4

which means your freeradius server successfully connected to MySQL database.

There are hundreds of options inside the files shown above and it is impossible to explain all of them. Read comments inside config files and try to figure yourself about them. If you’re using another database scheme, you will need to set up sql.conf and dialup.conf according to your tables. All parameters are editable and it is very easy to understand them. For example if you have a large number on users (1000-xxxx) open sql.conf and increase num_sql_socks from 5 to 15 or 20.

You should not change/delete any other lines in the config file without reading and understanding the comments!

Populating tables and testing

This is the most important part. Before you continue, you need to know what actually do you want from FreeRadius. Which kind of connection do you expect, etc. Also, you need to know something about tables, attributes, operators, etc.

This is it for now…. Next time we will add some users inside database and see what we can do.

Stay tuned…

Posted in CentOS, FreeRadius, Networks.

12 comments

By admin March 20, 2011

FreeRadius install howto (2)

Last post about FreeRadius (available on this LINK) introduced FreeRadius and basic installation steps (install from RPM and directly from source). My advice is to install from source (frequent updates, less bugs, etc). Also, please remember that FreeRadius is active project and you should always stick to the official site and wiki. Very often all of the documentation on “third party” web sites is outdated.
Continued…

Posted in FreeRadius, Networks.

19 comments

By admin March 10, 2011