IBM Lotus Domino: Layman’s approach to move Archive’s to new partition

---

Scenario:

We are using IBM’s Lotus Domino 8.x on Windows 2008 R2 with following folders structure.

• D:\LOTUS\DOMINO\DATA\MAIL   > 500 GB , users inbox
• D:\LOTUS\DOMINO\DATA\MAIL\ARCHIVE > 1000 GB , users archived mails

Archiving policy is enabled on the server-end which runs on a weekly basis, It moves One year old email from the inbox folder to ARCHIVE folder with a_username structure. Disk Space was getting low in D: partition therefore I had added new drive (E:) and wanted to move user ARCHIVE(s) to new partition E:\ARCHIVE

There were few solutions to perform the operation, Online & Offline.

With Online approach we could use the Domino’s builtin MOVE operation (via domino admin client) in which we dont have to take any shutdown, but then we would need to get the timing right. If the mailfiles are not moved into the new folder before our  scheduled , server archive runs then new archive files will be created which may complicate things.

But since I was able to afford 2 hours down time I took the OS cut/paste option.

---

I did following

1. Quit the Domino via Admin Client, then Stop the Domino Services via SERVICES.
2. Moved (Cut n Paste) ARCHIVE folder from D to E: drive (e:\archive2 folder)
3. In D:\LOTUS\DOMINO\DATA\MAIL folder , I created a text file called ARCHIVE.DIR
   In text file put I added path E:\ARCHIVE).
4. Start Domino Server service (Or better to restart the server).

& all went fine.

I am big fan of Domino’s own MOVE operation, but after few months, I will be replacing this machine with new server, then it would be a problem to move the archives again. there fore above Operation was a good choice from Layman’s management perspective 🙂

Hope it will help someone with same situation.

---

Regard's
~Syed Jahanzaib~

Enable `radpostauth` table for Radius Manager

Following post was tested with DMA,

For better approach you may want to see following …

Freeradius External Auth BASH Script & RADPOSTUATH logging with customized reply message !

---

Freeradius is a well known billing system which is commonly used by ISP’s worldwide due to its reliability,  highly customizable and versatility. Many 3rd party vendors have made some good GUI fronted to manage the FR back-end engine.

It also sues mysql to facilitate logging of various users details. One of the table called radpsotauth which can hold information about users successfull/failed login attempts. Using this table, we can compliment our own GUI or 3rd party fronted (for easy management of freeradius engine) like DMASoftlab radius manager Authentication Log section so that admin / support can see users authentication logs. With some modification we can add useful information for quick troubleshooting example why user denied the authentication request, either invalid mac, wrong password, or account expired.

Note to *.*

• You can add UNLAG query as well to apply IF statement, and add REPLY result according to your requirements.
• This post was written for some reference purposes & will be updated as per request.
• This guide is incomplete post. But it can be used as a reference as well for future retrieval

Example:

As we can see in above image that in Radius Reply column, it clearly showing why user is denied like invalid mac address , account expires, invalid service reference (when user account id disabled in dma).

To enable these features we have to perform few steps as following …

 

---

RADDB DEFAULT CONFIG

First we need to edit the default sites config file for raddb.

Edit following file

nano /usr/local/etc/raddb/sites-available/default

Now search for “post-auth {” section

To make it simple and copy-paste format, Use following

post-auth {
sqlippool
reply_log
exec
sql
Post-Auth-Type REJECT {
sql
attr_filter.access_reject
}
}

As showed in the image below …

Save & Exit.

---

#DIALUP.CONF Section

Edit the post-auth section in /usr/local/etc/raddb/sql/mysql/dialup.conf file

At the end of this file you will see “postauth_query” section. You need to change it

Old post-auth query

After changing

or copy paste text as below…

#######################################################################
# Authentication Logging Queries
#######################################################################
# postauth_query - Insert some info after authentication
#######################################################################

postauth_query = "INSERT INTO ${postauth_table} \
(username, pass, reply, authdate, nasipaddress, mac) \
VALUES ( \
'%{User-Name}', \
'%{%{User-Password}:-%{Chap-Password}}', \
'%{reply:Packet-Type} - %{reply:Reply-Message}', \
'%S', \
'%{NAS-IP-Address}', \
'%{Calling-Station-Id}')"

Save & Exit.

---

#Alter the RADPOSTAUTH table using mysql cmd …

Using mysql cmd, we will perform 2 functions

1. Increase the REPLY column length to accommodate longer reply messages display properly
2. Add the MAC Address column so we can detect the calling user device mac address

mysql -uroot -pPASSWORD
use radius;
ALTER TABLE radpostauth MODIFY `reply` VARCHAR( 100 );
ALTER TABLE radpostauth ADD COLUMN mac TEXT;
exit

---

Restart the RADIUSD service

service radiusd restart

using CMD, you can now see the authentication log table

mysql -uroot -pPASSWORD -e “use radius; select * from radpostauth;”

& you will see the information

1 JOHN     123456     Access-Reject - The account has expired=21      2017-08-15 [14:14:05       192.168.1.1         10:FE:ED:33:BD:AX

---

Notes:

• You can modify the messages appearing in the different columns, you can add your own customized columns as well like called station, or others
• You can add UNLAG query as well to apply IF statement, and add REPLY result according to your requirements.
• It can chew up your disk space, so try to make text shortest possible, like error codes only, not the whole text.
• scheduled a cron job so that it can empty the table on weekly/monthly basis so that it may not swallow disk space plus performance should remain optimal.
• If used in heavy environment it can put considerable strain on your system resources by putting large quantity of mysql INSERT queries into the table.

 

 

---

Regard’s
Syed Jahanzaib