Windows supports mounting WebDAV shares as drives. WebDAV is a HTTP protocol for file access used by for example SharePoint.
net use Z: http://server/webdav /PERSISTENT:yes /USER:USER PASS
It does however not support basic auth by default (basic auth sends password in cleartext, which is bad). It took me some troubleshooting to figure it out so I thought I’d share my results. You’ll probably need basic knowledge of setting up and troubleshooting Apache sites as I’ve left out some details. See this tutorial on setting up basic WebDAV. The following builds on this tutorial, but adds digest auth in addition. Note that to mount WebDAV on Windows Server you need Desktop Experience feature installed.
First enable digest auth module:
Create the first user:
htdigest -c /var/www/webdav/passwd.dav webdav USER
And edit /etc/apache2/sites-available/default:
Options Indexes MultiViews
allow from all
Alias /webdav /var/www/webdav/mounts
Optional: Under the mounts-folder I wanted to share some SMB shares. I also wanted to combine all shared (multiple disks) into a single folder. Note the file_mode and dir_mode if you want write access. You also need standard web permissions on the folders (same as for any website).
//10.0.0.10/pub1 /mnt/pub1 cifs username=XXX,password=XXX,umask=222 0 0 //10.0.0.10/pub2 /mnt/pub2 cifs username=XXX,password=XXX,umask=222 0 0 //10.0.0.10/pub3 /mnt/pub3 cifs username=XXX,password=XXX,umask=222 0 0 //10.0.0.10/pub_rw /var/www/webdav/mounts/pub_rw cifs username=XXX,password=XXX,file_mode=0676,dir_mode=0676,gid=www-data 0 0 mhddfs#/mnt/pub1,/mnt/pub2,/mnt/pub3 /var/www/webdav/mounts/pub fuse defaults,allow_other 0 0
To combine folders (last line) you need mhddfs installed: apt-get install mhddfs
Some time ago I discovered that my (two) Active Directory controllers weren’t actually talking to each other too well. After some debugging I found that the local Windows Firewall was enabled on one of the AD controllers and it was basically blocking everything that had to do with AD. So I disabled it and all was well. All servers are located behind a firewall anyway, so the risk was minimal.
Now I thought it was about time to enable the firewall on my AD controllers again. And it turns out that, as usual, Microsoft lets the ports flow wild. There are three services that don’t have a fixed port: NTDS, NTFrs and NetLogon. Without a fixed port it is difficult to enable firewall for them. The local firewall can enable based on process, but my external can’t.
The good news is that you can set fixed ports for these services. This is described in the knowledge base article http://support.microsoft.com/kb/555381.
But who wants to read all that?
Here is the short version:
- Change registry to set fixed ports either by follow the knowledge base article or simply by running this .reg-file.
Note: As always when downloading .reg-files have a look at it first to see what it actually does.
Download, unzip, execute .reg-file, answer yes to question about importing it:
- Reboot the AD-controller.
- Note that if all servers are on same subnet you can increase security a lot by setting Scope to “My network (subnet) only”.
Enable Windows Firewall and set the following rules:
- Repeat on all AD controllers you want to enable firewall on.
- Make sure you check Event Log on other servers for errors related to enabling firewall.
|File and Printer Sharing||Already exist, must be enabled.
NOTE: If servers are not on local subnet you may need to modify Scope.
|3268||TCP||Global Catalog LDAP|
|53211||TCP||AD Replication||This was set by the .reg-file|
|53212||TCP||File Replication Service||This was set by the .reg-file|
|53213||TCP||NetLogon||This was set by the .reg-file|
|Remote Desktop||Optional: Recommended/required if you access server remotely.|
Varnish is a great http accelerator, “10 times faster than squid”. This partially due to its use of modern computer architecture. Although its main purpose is as a web server accelerator it can also be used as a traditional internet accelerator/cache. The web page FAQ says it requires a lot of work though.
But there is a simpler solution by having it cooperate with Squid. Not the most elegant solution, but for my cable modem it will be more than enough.
- Install Debian on a box.
- Install Squid and Varnish.
apt-get install squid varnish
- Edit /etc/squid/squid.conf (this is actually optional, but recommended):
Add the lines:
cache_dir ufs /var/spool/squid 10 2 4
- Edit /etc/default/varnish and set
- Restart Squid and Varnish:
- On your client computer set your HTTP PROXY server for HTTP (not HTTPS) to debianserverip port 8080.
DAEMON_OPTS=”-a :6081 \
DAEMON_OPTS=”-a :8080 \
-b localhost:8080 \
-b localhost:3128 \
Add the line: -f /etc/varnish/default.vcl \
after -b line.
Set how much disk space you want to use for cache in the line:
Note: For 32-bit systems keep it low (~1GB).