Professional Documents
Culture Documents
This reports records our experience and understanding towards the upgradation of
institute's network and services. The work broadly captures
c)implementation and commissioning of the network and services according to the new
design.
The first major task for us was to document, how each service in the institute was
conffigured and to collect an inventory of the present hardware resources of the
institute. We also created forums documented communication of system issues and
brought out processes for documenting about the future systems.
After we had a fair idea of how present systems works and realizing some of the
drawbacks of present system we built a new network plan and redesigned the
configuration and usage policies of the network.
We rebuilt the gateway for the institute network and reconfigured services for version
control, learning management system, VOIP solution and mail solution. We also
introduced services like OTRS for ticketing. All these configuration and policies are well
documented and versioned.
Contents
1 Introduction 1
Bibliography 38
List of Figures
2.1 CACTI Screenshot : Screenshot of suspicious traffic . . . . . . 3
Introduction
Network and services are one of the important elements of any institute. Our institute
IIITM-K is an IT institute which promotes technology facilitated education programs and
learning. As cited in the institute website IIITM-K acts as a "networking institute of
institutions" that promotes both IT and its applications in diverse fields. So the networks
and systems is a critical element in an institute like IIITM-K.
We found that the existing networks and services were not efficient enough to meet the
institute requirements. The externally hosted services like mail, moodle and wiki were
found to be inaccessible from outside. The internal network and services in the institute
were not maintained and managed efficiently.
With Dr.Rene Ejury and systems team, the institute's network infrastructure was
analyzed which brought out several problems in the system. The analysis revealed the
following problems with the current set up.
Suspicious traffic in the network An investigation done analyzing the table log on the
gateway machine revealed some suspicious traffic on the network. Hence CACTI, a
monitoring tool, was installed to monitor the traffic. The bandwidth analysis graph of
CACTI, revealed unexpected peaks in the network traffic.
In the ffigure 2.1, on 10th of March a peak was occured. The normal traffic is 54k. But
on that time the peak was seemed to be more than 100k which was unexpected.
Further investigation through the system logs proved that a malicious software, is
installed in the gateway machine. This lead to the analysis of all the servers and most of
the servers are found to be infected.
This software was initiating a "Denial Of Service" attack or DOS attack which was
chocking the bandwidth in the institute. A temporary solution is achieved by removing
that software. But we cannot completely rely on this solution as such softwares usually
installs a "root-kit", which can give administrative powers to the attackers.
Figure 2.1: CACTI Screenshot : Screenshot of suspicious traffic
Insufficient Bandwidth Most of the web-servers of institution, which are accessible from
outside the institution network, are found to be very slow.
At present the institute has a 512kbps (1:4) broadband connection for the internal
browsing usage and for the external servers. On further analysis, it is found that the
current available bandwidth is not sufficient for the proper functioning of an institution
where the bandwidth is shared for browsing and running the web-servers. More over the
suspicious traffic mentioned above was also adding to the cause.
DoS Attack, installed Rootkits Malicious software has been identified on the servers
running on the institute. These so called 'root kits' have inffiltrated the servers and have
been generating unwanted traffic in the network, bringing to standstill all network related
services. The problems were diagnosed successfully and the full correction of the
problem is possible when we decommission the contaminated machines and reinstall
them cleanly.
Lack of documentation and communication It has come to our notice that the present
network and services lack documentation. There are no documents explaining the
reasons which led to decisions taken among the administrative group. There are also no
adequate documents available explaining the present network setup in the institute. The
services in the institute also lacks information on how it was installed, who installed
it,what are the policies used for that services and how to maintain the service. These
makes the running of the service completely dependent on a single person who has
installed the service and it becomes difficult to transfer the responsibilities.
Considering all the issues in the existing system mentioned above, we had several
discussions and brainstorming sessions about restructuring of the network and services.
The restructuring plan has to be full proof, avoiding the present defects in the system
and it should also take into consideration the future needs of the institute. To develop
the culture of documentation, all communications and discussions among the group
members is being documented in the snag mailing list. All the justifications for the
acceptance or rejection of proposed plans are also well documented in the mailing list.
After a series of discussions two alternative plans came out which are discussed below.
VLAN based separation of user groups According to this plan the whole institution will
come under a single network. Different user groups will be separated within the network
through VLANs. A VLAN is a virtual LAN and will behave exactly like a LAN. User
groups in IIITM-K are geographically separated. For example the sta_ user group spans
across NILA and Park Center. VLAN is a good solution in these scenarios. VLAN helps
to group a set of users spanning across different buildings under one virtual LAN.
1. As per the plan 1 some of the institution hosted servers will be running from the Park
Center. But Park Center lacks enough power backup to support these servers in case of
a power failure.
2. The current infrastructure of Park Center is not good enough to keep the server class
machines.
4. Number of lines from ISPs will be more if some servers are kept in Park Center and
some are in Nila as the servers are planned to use a different ISP from that of browsing.
Considering all the issues that came across, reached a second plan . IP based
separation of user groups As Nila has better infrastructure than Park Center for
maintaining the servers all the external services will be moved to Nila. Tra_c intensive
services like Wiki, Moodle and Mail are planned to be hosted on external servers. Rest
of the external services will be hosted from NILA servers.
Also with this plan, all the user groups will be separated with IP subnets instead of
VLANs. Di_erent IP subnets communicate through the router.
From the switch level diagram of the network in park center and Nila, we verified the
feasibility of VLAN on both places. It was found that VLAN was possible without any
change in the existing physical network layout. So we planned to shift to the VLAN
solution in a number of phases. The execution will be achieved in different phases. In
phase one we will not disturb the existing system but establish gateways on Park
Centre and Nila and connect them. In the next phase we decided to move all the
services to Nila. In the third phase VLAN solution will be achieved.
Configuration of Gateway The firewall rules in the institute were broken and that had
lead to the performance degradation of the network. We put up new gateway system
with a concrete firewall. In the present system all the firewall rules are included in a shell
script which could be run to put up the firewall. The external connections end up in this
firewall and all the packets are filtered at this machine.
The gateway systems acts as a router between two networks in the institute, the
parkcenter network and the Nila network. The linux routing table is used for routing the
packets to and from Parkcentre and Nila.
Chapter 3
We assisted Dr.Rene Ejury in setting up the HP ProLiant G4p Server for running the
services. The server was setup as software RAID machine with Logical Volume
Manager (LVM) above it. While installing with RAID, only one disk was available. The
second disk can be added later. The system is virtualized and each virtual server is
used for running di_erent services. As suggested by Dr.Rene Ejury, we tried with two
virtualization methods, XEN virtualization and OpenVZ virtualization.
The Xen virtualization can run many virtual servers on the same machine.
The virtual severs running on the xen virtualization will have separate kernels dedicated
and separate memory space allocated for each server.
The installation is very simple. First the kernel is to be installed to run the virtualization.
After the installation of the Xen virtualization, different virtual servers can be created and
run. The scheme chosen for naming the virtual servers is the zodiac or sun signs.
Available reserved IP addresses were used for the virtual servers. The table explains
the virtual servers, IP addresses, applications running on them. The detailed installation
steps are described in APPENDIX 5.4.
IP Name Location Services
OpenVZ is another virtualization in which only one kernel will be there, which will be
used by all the VPSs. The installation steps are described in APPENDIX 5.5.
IP Name Services
1. In the case of the xen virtualization each virtual servers will have its own kernel. So if
some applications need kernel modifications, it might be difficult to achieve.
2. From the references, it was found that networking and disk performance is better in
openVZ than in Xen. So OpenVZ virtualization is used to run the servers.
For all the services a mail server was required to send mails to all the people within the
group. This was installed on Debian with the help of package manager and configured.
The type of mail configuration chosen was : mail sent by smarthost; received via SMTP
or fetchmail. A smarthost can relay outgoing mails. The smarthost selected was :
mail.iiitmk.ac.in.
So whenever a mail is to be sent to some email-id it will go to the Institution mail server
from where it will be relayed to the destination address. Installation steps are can be
found in APPENDIX 5.8. Issues faced
The institution mail server was configured to block any outgoing mails. The relaying was
enabled only to the institution mail-ids. So it was not possible to implement the mail
server to send mail to external mail-ids.
The software for soft phones can be downloaded from the websites and for attaching
the hard phones you may need a zaptel card in your system. Many built in features are
there with asterisk. IVR(interactive voice response), conference calling, automatic call
distribution are a few examples of the features. You can even configure your asterisk
server for voicemail options.
Three main protocols can be used in asterisk : IAX2, SIP and H323. I have configured
the server to run between both IAX2 and SIP. Installation can be done in two ways,
either from the compiled flles or from the source code. In the first method already
compiled file will be available and you need only to install it from those _les. And in the
second method, first you have to get the source code and then compile it. After
compilation you have to install it.
An Asterisk server is installed in the Nila with the second method which is the
compilation of the source code. This method is chosen because the Institution requires
features like conference call. For configuring the Asterisk server to make conference
calls, a timing device is needed to synchronize the voices from di_erent persons. One
method is to get the zaptel device, and the other method is to install the zaptel package
and get the ztdummy which is a kernel module which will provide the same functionality
for the timing.
In the institution no ticketing system were available. All the user queries were done
manually. Even though the mailing list was used for this, it was not possible to track who
is doing what. With OTRS this can be solved.
Open Ticket Request System(OTRS) is a web based issue tracking system which is
open source and free. With OTRS installed in the institution it will be easier to handle
user queries and management tasks. User queries may include some malfunctioning
hardwares or servers. These queries can be handled by assigning tasks to relevant
sta_s and each assigning task is called ticket creation. Each ticket will have an owner
and a group of OTRS users who can handle that ticket. Tickets have a history from
which the life cycle of each ticket is visible. After the successful completion of the
request the ticket can be closed by the owner.
The detailed description of how OTRS is installed in the institution can be found in
APPENDIX 5.11.
Moodle is the learning managment system used in the institute. We learned and
documented the steps for the installation ,configuration and management of Moodle.
We also found in the existing moodle the username and password credentials of users
were owing as unencrypted packets in the network which could be easily sni_ed. And
the problem was critical because it was the same authentication credentials used for the
mail service in the institute.
For making Moodle secure it needs a secure HTTPS connection just for the login page
and then afterwards revert back to the normal HTTP URL for general speed. This option
is available in Moodle. This setting requires HTTPS to be speci_cally enabled on the
web server. Moodle uses Apache webserver and it has a module called modifies which
has the ability to encrypt communications. Enabling the ssl module on Apache and
secure login option in Moodle makes the login page of Moodle secure. Thus, when the
browser is communicating using SSL encryption, the HTTPS pre_x is used at the
beginning of the Uniform Resource Locator (URL) in the browser navigation bar.
Secure server set up uses public key cryptography to create a public and private key
pair. It needs a key and a certificate to operate a secure server. Web server can either
purchase a Certificate Authority-signed certificate or a
self-signed certificate.
We are using a self-signed certi_cate and the procedure for generating the self signed
certi_cate is given in the APPENDIX 5.13.
This helps us to track the history of changes to our data and even enable us to get back
to the older versions of the file.
SVN can be thought as a centralized _le server. The files in the central repository could
be managed and modified by a group of people. This helps to work collaboratively over
a piece of data. The system would keep track of the changes made to the data and also
who made the change.
The principle of programming course would be using SVN for versioning the course
contents, source codes of scripts and programs used for the automation of the course.
The students would be using SVN for versioning their assignments and other course
works.
There was an svn service running in the institute. The service had the following defects.
_ The svn service was running in the gateway machine of the institute which made it
difficult for the management of SVN service as anything done in that machine for
management of SVN service may possible
_ The svnserve process was running from the root which could invite
security threats.
_ Each and every repository in the institute was manged by the SVN
It also denied the opportunity for the users to manage or create their
own repository.
According to the new architecture the SVN service runs on a virtual Server.
Individual users have home directories on this machine. Users create and
To make the access to the svn server secure, users should be allowed only
ssh certi_cate access. Users manage their own repositories and svn-user au-
to those not having user accounts on SVNSERVER. This is very useful, for
The svnserve process is invoked by user svn and not root which makes it
secure. The svn group is given read/write permissions to all the user reposi-
tories so that svnserve process have access to those repositories.
The existing SVN server was not accessible to users in other organizations
because most organizations do not allow generic tra_c from inside an organi-
zation to outside the world. SVN server uses its own custom protocol which
the organizations _rewall may block and most organizations allow HTTP
and HTTPS access. We con_gured SVN server with Apache so that HTTP
Chapter 4
future developments
Considering all the requirements of the institution, a better plan for the
network was made. Most of the servers and systems are installed or re-
The gateways in the institution were con_gured. The new gateways have
scipts explaining each rule. The SVn service was con_gured for http access.
Asterisk was con_gured in the Park Center to create accounts for users,
voicemail box. A workshop was conducted on "How to Use Asterisk" to
Suggestions
_ Right now the server is available within the Institution only. It can be
external access.
Chapter 5
Appendices
5.1 APPENDIX : Plan I proposed
According to this plan the whole institution will come under a single network.
Di_erent user groups will be separated within the network using virtualiza-
tion . This can be achieved through VLANs. A VLAN is a virtual LAN and
will behave exactly like a LAN which will form a broadcast domain. Even
though the users are span across two buildings, user of same group can come
under the same VLAN. In order to achieve the communication between two
According to this plan the following VLAN categories will be there: Sta_,
In the Figure 5.1 with the help of ISPs the institution network will be con-
Park Center : In Park Center router, _rewall and proxy will be con_gured
on a Linux box. The Linux box is nothing but a machine which has Linux
installed in it. The Linux box is then connected to a CISCO switch which
In Park Center all the servers will be run in di_erent virtual servers. An HP
Then the router is connected to the switch which can be con_gured to have
To overcome all the stated issues of Plan I, decided to go for Plan II. As the
idea of hosting services from the Park Center is found to be bad, all the servers
are decided to move to Nila. Also with this plan, all the user groups will be
separated into di_erent networks rather than using VLANs. The communi-
The chosen IP address ranges are shown in Figure 5.2 Maintaining the mail
server, moodle and wiki is found to be di_cult for the system admins. The
suggestion of outsourcing the services came up. The services which are not
outsourced will be hosted from Nila which has better infrastructure. The servers will be
run from virtual servers.
Figure 5.2: Plan II : IP address distribution
To overcome all the stated issues of Plan I, decided to go for Plan II. As the
idea of hosting services from the Park Center is found to be bad, all the servers
are decided to move to Nila. Also with this plan, all the user groups will be
separated into di_erent networks rather than using VLANs. The communi-
The chosen IP address ranges are shown in Figure 5.2 Maintaining the mail
server, moodle and wiki is found to be di_cult for the system admins. The
suggestion of outsourcing the services came up. The services which are not
outsourced will be hosted from Nila which has better infrastructure. The servers will be
run from virtual servers.
Services
As per this plan the following services will be outsourced : Mail Server
and Wiki
VPS
the kernel. As the source of the kernel will be found only in the HN (Host
Node), it will return error if you try to install the zaptel in one of the Guest
system. So you have to install the zaptel in the Host system. Then load the
devices using
# modprobe zaptel
# modprobe ztdummy
Follow the same steps as described in APPENDIX 5.6. Then loaded the
This should be done from the HN. After that installed libpri and Asterisk in
18
For the Xen virtualization _rst we have to install the xen kernel and xen
bridge-utils xen-tools
After installing rebooted the system with the new kernel which is installed.
The xen con_guration _le xen-tools.conf can be found in the directory /etc/xen-
tools/. In the con_guration _le the lvm should be the name of volume group.
According to networking setup in the institution gave the networking param-
gateway : 192.168.0.2
subnetmask : 255.255.255.0
The default kernel and memory to use for the virtual servers is to be edited
After that created the VPS(Virtual Private Server). When a VPS is created
for the _rst time used the default con_guration _le. Using this command the
This will create the image for the virtual server. The con_guration _le for
# xm create /etc/xen/hostname.cfg -c
and
#xm list
will show all the VPSs running with the xen virtualization. After running
entered the VPS and set the required parameters, like IP, subnet etc.
19
Downloaded the openvz-kernel and installed the kernel in the machine. Then
rebooted the machine with the new kernel. The command
# uname -a
showed the new kernel. After that installed the user level tools for OpenVZ.
_ vzctl
_ vzquota
The system is ready to run the VPSs. For running the VPSs OS templates
are required. Two option were available, download from the website or create
wget http://download.openvz.org/template/precreated/
debian-4.0-i386-minimal.tar.gz
A VPS is created with an ID. Along with the creation of the VPS a con_g-
uration _le is also created in the location /etc/vz/conf. For running a VPS
1. onboot : vzctl set 101 {onboot yes {save . This is required if you
20
_ Enter the VPS : vzctl enter 101 Also can enter the system using ssh.
For installing from the source code, _rst got the source code from the digium
1. Zaptel : provides some of the kernel modules required for some of the
features
After getting the listed packages compiled them in the given order.
downloaded _les are tar _les. So made a untar of all the _les. Then changed
directory to /zaptel-1.2. Followed the steps given below for the zaptel instal-
lation
Linux build system are needed before the compilation. Some of the
install_prereq
./install_prereq test
21
./install_prereq install
the machine.
ure
installation of libpri changed the directory to the libpri folder. Followed these
steps in order to install libpri in the machine.
Error during Installations Got this error while installing the asterisk
package :
The issue is solved by installing libncurses-dev package which was done by,
After installing the server, ran the server using : asterisk -vvvc which opened
CLI>
Typing help will show all the possible commands for the server.
There are lots of con_guration _les coming with the asterisk installation. All
those _les are located in /etc/asterisk. cd /etc/asterisk will lead you there.
The main four con_guration _les used for the con_guration are :
1. sip.con_g
2. extensions.conf
3. voicemail.conf
4. meetme.conf
All these con_guration _les use a scripting language. Editing these _les will
iax.conf
[asha]
type = friend
host = dynamic
context=friends
secret=333
callerid=asha
qualify = yes
permit=192.168.0.0/255.255.255.0
type : Type can be friend, peer or user. By setting type you can set up
whether the user must be able to receive calls or make calls or both.
friend: both inbound and outbound calls.
Considering the above example asha's type is friend. So she can make calls
peer : outbound calls Suppose asha is a peer and in that case she can only
Now when asha is a user, she can only receive calls. No calls can be made
23
by her.
host : Host is made dynamic in the above example. Otherwise we can give
a particular IP address.
context : You have to mention the context of each users. The users can call
within the contexts, but if the user from context-1 want to make a call to a
secret : Secret is the password given to the user to register in the asterisk
server.
permit : By this you are permitting the users to make calls within the LAN.
extensions.conf
Here you will edit your dial plan. It is through this Dial Plan, you will be
telling your server what all actions the server has to do when a call is made
from one phone to another. This again uses a script which you can edit. This
Consider the case of asha who is using the IAX protocol with number as 100.
When some other person dials the number 100, then asha's phone will ring
for 50 seconds. If she is not picking up the phone then the caller will enter the
voicemail box where he/she can leave a message and hang up. Otherwise (if
asha is attending the call) that person can talk to her and then the connection
can be hanged.
Now in the given example a second part is given which is the voicemail dial
plan. By dialing 8100 asha can access her voicemail box. When she dials
the number she will be asked for a password which is being con_gured in the
voicemail.conf. If the password given by her is right she can listen to the
IVR (interactive voice response) where she can choose the right option and
listen to the voicemails. Also she will receive a mail noti_cation in her mail
voicemail.conf
Here the voicemail options are con_gured. You can listen to your voicemail,
you can have a password for your voicemail box, you can receive e-mail about
the voicemails you are receiving etc. Consider the following example :
In the example you are con_guring for asha. Her number is 100 and her
word is 333 which she has to respond to the Interactive Voice Response(IVR)
when she dials to 8101. And an e-mail noti_cation will be sent to the e-mail
address which is mentioned. Now for the e-mail to be sent, you have to install
a mail server.
meetme.conf
Here in this _le, server is con_gured for making conference calls. Inside
rooms, you can have di_erent rooms where many people can participate in
[rooms]
Here in the server there are two rooms, 1234 and 2345. An entry should
also be made in the extensions.conf for the conference room. Suppose three
people want to participate in a conference. So dialing that number will reach
the conference room. So all those who want to be in the conference have to
VPS
# dpkg-reconfigure exim4-confg
Yes
otrs.iiitmk.ac.in
127.0.0.1
(empty)
mail.iiitmk.ac.in
Yes
otrs.iiitmk.ac.in
No
series switch
As you can see in the _gure 5.4 with the CISCO router formed three VLANs.
Connected three machines to the VLAN switch one directly and the other
to the switch, that will be in the default VLAN which is VLAN1. So machine
comes under VLAN2 and the other two machines come under VLAN3.
# telnet 172.168.0.10
which will asked for the password. By giving the password entered the switch.
Switch# enable
which asked for the switch password and then reached the privileged mode.
switch(config)# end
(here the vlan-id was given as 2 and name as faculty) Thus reached the
Now con_gured the interfaces in order to make come under the VLAN. The
Now this command will show all your interfaces and their state.
This lead to interface con_guration mode. After that chose access as the
mode.
Switch(config-if)# end
Thus con_gured the gigabitethernet0/5 interface for vlan 3. After that tried
some pings which proved that experiment is successful. After the con_gura-
tion the two machine coming under VLAN3 is found to be reachable (pinging
1. Apache2
2. Mysql
Debian is the system system chosen for the installation of OTRS. Both the
prerequisites were available in the aptitude package manager of Debian. Us-
Then installed otrs using : aptitude install otrs2 This installed otrs2 and
external email id's. The mail server used was exim4. The con_guration of
components to work.
These are:
_ Apache2
_ Mysql
_ PHP5
Steps:
INSTALL APACHE2
INSTALL PHP5
http://<ipaddress>/test.php
Browser will display a PHP page with informations about PHP. INSTALL
MYSQL
INSTALL MOODLE
Moodle download package can be downloaded from the site or get it using
wget from command line. Installation from aptitude:
Installation will ask for the Webserver, Database etc. After that modify the
_le /etc/moodle/con_g.php.
CFG->wwwroot = 'http://ipaddress/moodle'
DATABASE creation.
cd /var/www
cd /var/www
Create Database
sudo mysql -u root -p
> quit
like database name , database password etc, on this pages creates con_g.php
_le. Finally Moodle home page will be displayed and the administrator user
can login and perform the rest of the con_guration. Now enjoy Moodling.
has to create his own key. Running following command on the terminal will
creates the key.
.....................++++++
.................++++++
e is 65537 (0x10001)
prompt to enter Company Name, Site Name, Email Id, etc. Once entering
of details is complete, CSR will be created and stored in the server.csr _le.
prompt:
The above command will prompt to enter the passphrase. On entering the
or the certi_cate.
HTTPS should listen on port number 443. For that add the following line
Listen 443
NameVirtualHost *:80
<Virtualhost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
-----------
-----------
</Virtualhost>
Then add following changes to /etc/apache2/sites-available/ssl
NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
-----------
-----------
</Virtualhost>
Reload apache:
Restart Apache:
sudo /etc/init.d/apache2 restart
Logout and login into Moodle. Now secure https connection is enabled for
login page. All the other pages will be on normal http Now enjoy Secure
moodling...
The passphrase will be asked each time when the apache starts. It causes
problems when the machine boots up after some reason like the power failure.
That means there should be someone to enter the passphrase.so removing the
passphrase is good.
cp server.key server.key.org
Then,
First thing we did was the installation of Apache,Subversion and the module
libapache2-svn.
svn created mini _le system that is versioned. Project and Repository are
used as synonyms.
http://www.iiitmk.ac.in/svn
/var/www/svn
This is the root of svn. Under this there are either repositories or sub-
svn/
ample:
emacs /etc/http/conf.d/subversion.conf
# /projects/project1
# --------
<Location /svn/projects/project1>
DAV svn
SVNPath /var/www/svn//projects/project1
</Location>
# /projects/project1
# -------------------
<Location /svn/projects/project1>
DAV svn
SVNPath /var/www/svn//projects/project1
AuthType Basic
AuthUserFile /var/www/svn//projects/project1/passwd
Require valid-user
</Location>
6. Restart apache
/etc/init.d/restart
Steps for adding a new user If you want to add a user to project :
As per the current system layout if authenticated users are there it will be
maintained at _le called 'passwd'. so you can add a user with these command
htpasswd -b <project repo path>/passwd <username> <password>
or
which will prompt to enter a new password.Used when the password should
create a new passwd _le.So you may lose all the old users.
or
Example:
[2] Meggelen, Jim Van; Madsen Leif and Smith, Jared: Asterisk The Future
http://wiki.openvz.org/Main_Page
2003.
http://www.iiitmk.ac.in/wiki/index.php/IIITM-K_How-to_
Knowledge_Base/Moodle_Installation
http://www.iiitmk.ac.in/wiki/index.php/Asterisk_:_The_Voip/
Installation_On_Debian_asterisk
http://doc.otrs.org/2.2/en/html/
[9] Rose.V, Asha; Gopal.N, Girish; Kuruvilla, Mithu; Ejury, Rene: How to
http://www.iiitmk.ac.in/wiki/index.php/IIITM-K_How-to_
Knowledge_Base/How_to_setup_a_server_with_RAID%2CLVM_and_
Virtualization
http://asteriskguru.org/board/
http://forum.openvz.org/
https://help.ubuntu.com/7.10/server/C/httpd.html#
https-configuration
http://www.iiitmk.ac.in/wiki/index.php/IIITM-K_How-to_
Knowledge_Base/Secure_Moodle