859
edits
Changes
Jump to navigation
Jump to search
Line 9:
Line 9: + + Line 54:
Line 56: + + + + + − Currently disabled.+ + + Line 115:
Line 124: − Followed by post-upgrade/reboot.+ + + Line 155:
Line 166: − + + + + + + − + + + Line 188:
Line 206: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→LDAP
Feel free to add notes and comments.
Feel free to add notes and comments.
{{Warning box|Code below is highly experimental. Do NOT try it on a production server.}}
===Commentary===
===Commentary===
Remember that IPv6 address are public facing. I have not done any work on firewalling.
Remember that IPv6 address are public facing. I have not done any work on firewalling.
Some other brief thoughts:
* Tunneled 6to4
* Native IPv6 block from ISP
* DHCP/DNS in Koozali
* Routed using public IP and private address space?
====Enable networking====
====Enable networking====
{{Warning box|Code below is highly experimental. TESTING ONLY. Do NOT try it on a production server as you will almost certainly get hacked}}
IPv6 currently disabled.
Get your Gateway IP "Server IPv6 Address:" and set it here:
Get your Gateway IP "Server IPv6 Address:" and set it here:
}
}
{{Warning box|If you run the following command your server will have a public IP and NO firewall. You have been warned}}
signal-event post-upgrade;signal-event reboot.
You should get an automatic IP assigned from your Hurricane pool.
You should get an automatic IP assigned from your Hurricane pool.
====Services====
====Services====
List of other affected services
List of other affected services and vague efforts to get IPv6 running for them.
httpd
httpd
email
email
smbd
smbd
mysql (already listens for tcp6/3313)
mysql (already listens for tcp6/3313)
ntpd (already listens on udp6/123)
ntpd (already listens on udp6/123)
sshd as below
sshd as below
SSH (bad hack here so careful as this may open your server up to remote access)
ldap as below
=====SSH===== (bad hack here so careful as this may open your server up to remote access)
mkdir /etc/e-smith/templates-custom/etc/ssh/sshd_config
mkdir /etc/e-smith/templates-custom/etc/ssh/sshd_config
ssh root@2001:470:1f13:3ff:2a9:b700:fe99:792c
ssh root@2001:470:1f13:3ff:2a9:b700:fe99:792c
=====LDAP=====
mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/slapd
nano /etc/e-smith/templates-custom/etc/sysconfig/slapd/40OPTIONS
Add this code:
{
{
# Any custom options
#SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 "
my $slapdOptions = "#Test";
my $logLevel = $ldap{LogLevel} || 256;
if ($IPv6{'status'} eq "enabled") {
$slapdOptions = "SLAPD_OPTIONS=\"-d $logLevel -s 0\" " ;
} else {
$slapdOptions = "SLAPD_OPTIONS=\"-4 -d $logLevel -s 0\" " ;
}
$OUT .= "# Any custom options\n";
$OUT .= "$slapdOptions\n";
}
Edited the unit file /usr/lib/systemd/system/ldap.service to comment out the Environment line and just leave the config file
#Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0"
EnvironmentFile=/etc/sysconfig/slapd
systemctl daemon-reload
systemctl restart ldap.service
'''However, /usr/sbin/cpu is not IPv6 aware and is unmaintained.'''
We can bypass this and force IPv4 by editing:
/etc/cpu-system.conf
Modify the template and change localhost to 127.0.0.1
[LDAP]
LDAP_HOST = 127.0.0.1
LDAP_PORT = 389
===Other notes===
===Other notes===