Организуем систему резервного копирования для малого и среднего офиса Алексей Бережной # default: off # description: SWAT is the Samba Web Admin Tool. # Use swat to configure your Samba server. # To use SWAT, connect to port 901 # with your favorite web browser. service swat { port = 901 socket_type = stream wait = no user = root server = /usr/sbin/swat log_on_failure += USERID disable = no } [root@backupsmall vol0]# su [root@backupsmall vol0]# ls /dev/sd* [root@backupsmall vol0]#fdisk -l [root@backupsmall vol0]# fdisk /dev/sdb Command (m for help): n Partition number (1-4): 1 Command (m for help): p Command (m for help): w [root@backupsmall vol0]# mkfs.ext3 /dev/sdb1 [root@backupsmall vol0]# tune2fs -c 0 -i 0 /dev/sdb1 [root@backupsmall vol0]# mkdir /vol0 [root@backupsmall vol0]# mount -t ext3 /dev/sdb1 /vol0 [root@backupsmall vol0]# vi /etc/fstab LABEL=/ / ext3 defaults 1 1 /dev/sdb1 /vol0 ext3 defaults 0 0 /dev/sdc1 /vol1 ext3 defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 LABEL=SWAP-sda2 swap swap defaults 0 0 [global] workgroup = VAI.LAN server string = Backup Server LTO4 passdb backend = tdbsam username map = /etc/samba/smbusers ldap ssl = no cups options = raw [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [backup0] comment = Backup0 path = /vol0/backup0 valid users = backuper admin users = backuper read only = No browseable = No [backup1] comment = Backup0 path = /vol1/backup1 valid users = backuper admin users = backuper read only = No browseable = No ----------------------------------------------------------------------------------------------------------------- Резервирование и восстановление объектов Active Directory в Windows Server 2008/2008 R2 Сергей Яремчук > servermanagercmd -install Backup-Features > ocsetup WindowsServerBackup > wbadmin Start Backup -backupTarget:E: -allCritical > wbadmin Start SystemStateBackup -backupTarget:E: > bcdedit /copy {default} /d "Directory Service Repair Mode" > bcdedit /set "{df127c16-2ec7-11de-bc25-000c2971dfb5}" safeboot dsrepair > bcdedit /enum > wbadmin get versions > wbadmin start systemstaterecovery –version:05/21/2009-21:02 -BackupTarget:\\computer\backup -machine:server-ad > ntdsutil ntdsutil: snapshot снимок: activate instance ntds снимок: create снимок: quit ntdsutil: quit > adrestore -r user > ntdsutil ntdsutil: snapshot снимок: list all снимок: mount 4 > dsamain -dbpath C:\$SNAP_200904230019_VOLUMEC$\Windows\NT DS\ntds.dit -ldapPort 10000 > ldifde -r "(name=user)" -f export.ldf -t 10000 > ldifde -i -z -f import.ldf > dsget user cn=user,ou=ou1,dc=domain,ds=ru -s localhost:10000 -memberof | dsmod group -c -addmbr cn=user,ou=ou1,dc=domain,ds=ru > ntdsutil "authoritative restore" "restore object cn=user,ou=group,dc=domain,dc=ru" q q > ntdsutil "authoritative restore" "restore subtree ou=group,dc=domain,dc=ru" q q PS C:\> Set-ADForestMode –Identity domain.ru -ForestMode Windows2008R2Forest PS C:\> Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration, DC=domain,DC=ru’ –Scope Forest –Target ‘domain.ru’ PS C:\> Get-ADObject -Filter {displayName -eq "user"} -IncludeDeletedObjects | Restore-ADObject ----------------------------------------------------------------------------------------------------------------- Мониторинг Cisco IDS/IPS на примере модуля IDSM2 c помощью MRTG Часть 2 Андрей Дугин $head_lines .= <$router_name CPU load
System: $router_name in $html_syslocation
Maintainer: $html_syscontact
Description: $html_sysdescr
Resource: CPU.
ECHO # cfgmaker --nointerfaces \ --host-template=/etc/mrtg/templates/cpu-idsm \ --global "WorkDir: /var/www/mrtg/idsm" \ community_name@sensor1 \ community_name@sensor2 \ community_name@sensor3 \ community_name@sensor4 \ community_name@sensor5 > /etc/mrtg/idsm.cfg # mkdir /var/www/mrtg/idsm # indexmaker --nolegend \ --title="IDSM CPU" \ /etc/mrtg/idsm.cfg > /var/www/mrtg/idsm/index.html # vim /etc/cron.d/idsm-mrtg */5 * * * * root if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg/idsm.cfg ]; then env LANG=C /usr/bin/mrtg /etc/mrtg/idsm.cfg 2>&1 | tee -a /var/log/mrtg/idsm-mrtg.log ; fi ----------------------------------------------------------------------------------------------------------------- Делегируем права на перемещение учетных записей пользователей в Active Directory Часть 4. Завершение надстройки Вадим Андросов function dispatchDenyCommand(cmd) dim comment, ou, who comment = cmd.userMoveComment if comment = "" then comment = "empty" set who = getObject(cmd.userMoveExecutor) set ou = getObject(getAncestor(cmd.userMoveTarget, 3)) if canHeManageOU(ou, who) then dim chair, newChair, user set user = getObject(cmd.userMoveTarget) set chair = getObject(getParent(cmd.userMoveTarget)) set newChair = createMirroredChair(chair, cmd) newChair.moveHere cmd.userMoveTarget, vbNullString createBackLink getWaitingRoom(ou), "LDAP://" & user.name & "," & newChair.distinguishedName clearEmptyChair chair, cmd.userMoveTarget end if ou.delete DENY_COMMAND_CLASS, "CN=" & cmd.cn end function Листинг 1. Функция определения предка function getAncestor(path, levels) dim i getAncestor = path for i = 1 to levels getAncestor = getParent(getAncestor) next end function function createMirroredChair(srcChair, denyCmd) dim chairNumber, room set room = getWaitingRoom(getObject(srcChair.userMoveFrom)) chairNumber = getNextNumber(room, CHAIR_CLASS) createMirroredChair.userMoveFrom = getAncestor(srcChair.ADSPath, 2) createMirroredChair.userMoveWho = denyCmd.userMoveExecutor createMirroredChair.userMoveComment = denyCmd.userMoveComment createMirroredChair.userMoveWhen = toUTC(now) createMirroredChair.userMoveDisabled = srcChair.userMoveDisabled createMirroredChair.setInfo end function Листинг 2. Преобразование времени к типу UTC Function toUTC(dat) dim offsetMin offsetMin = getTimeZoneOffset toUTC= dateadd("n", offsetMin, dat) end function Листинг 3. Вычисление смещения времени для часового пояса function getTimeZoneOffset() if timeZoneOffset = "?" then dim oShell, atb set oShell = CreateObject("WScript.Shell") atb ="HKEY_LOCAL_MACHINE\System\CurrentControlSet\" & "Control\TimeZoneInformation\ActiveTimeBias" timeZoneOffset = oShell.RegRead(atb) end if getTimeZoneOffset = timeZoneOffset end function function clearEmptyChair(chairObj, whoWas) dim srcOU set srcOU = getObject(chairObj.userMoveFrom) chairObj.deleteObject(0) dim room, li set room = getWaitingRoom(srcOU) room.filter = Array(LINK_CLASS for each li in room if li.userMoveLink = whoWas then li.deleteObject(0) exit function end if next end function function dispatchAcceptCommand(cmd) dim ou, chair, whom, ouFrom, who set who = getObject(cmd.userMoveExecutor) set ou = getObject(getAncestor(cmd.userMoveTarget, 3)) if canHeManageOU(ou, who) then set whom = getObject(cmd.userMoveTarget) set chair = getObject(getParent(cmd.userMoveTarget)) whom.accountDisabled =chair.userMoveDisabled whom.setInfo ou.moveHere cmd.userMoveTarget, vbNullString clearEmptyChair chair, cmd.userMoveTarget end if ou.delete COMMAND_CLASS, cmd.name end function Листинг 4. Отмена перемещения function dispatchRollbackCommand(cmd) dim userMove, chair, srcPath, srcOU, who set userMove = getObject(cmd.userMoveTarget) set chair = getObject(userMove.parent) set who = getObject(cmd.userMoveExecutor) set srcOU = getObject(chair.userMoveFrom) if (chair.class = CHAIR_CLASS) and canHeManageOU(srcOU, who) then userMove.accountDisabled = chair.userMoveDisabled userMove.setInfo srcOU.moveHere userMove.ADSPath, vbNullString clearEmptyChair chair, cmd.userMoveTarget end if srcOU.delete COMMAND_CLASS, cmd.name end function function move(whomPath, wherePath, comment) dim userMove, fromOU if comment = "" then comment = "empty" move = "" set userMove = getObject(whomPath) set fromOU = getObject(userMove.parent) if not canCurrentManageOU(fromOU) then move = "Not enough right" exit function end if move = transferUserTo(userMove, wherePath, fromOU, comment) end function function transferUserTo(userMove, wherePath, fromOU, comment) dim toOU transferUserTo = "" set toOU = getObject(wherePath) if canCurrentManageOU(toOU) then toOU.moveHere userMove.ADSPath, vbNullString transferUserTo = "User moved" exit function end if enqueueHere userMove, fromOU, toOU, comment transferUserTo = "User enqueued" end function Листинг 5. Создание команды перемещения пользователя function enqueueHere(whomObject, fromOU, toOU, comment) dim cmd set cmd = fromOU.create(START_MOVE_COMMAND_CLASS, "CN=cmd_" & START_MOVE_COMMAND & "_" & whomObject.samAccountName) cmd.userMoveID = START_MOVE_COMMAND cmd.userMoveExecutor = "LDAP://" & info.userName cmd.userMoveFrom = fromOU.ADSPath cmd.userMoveWho = "LDAP://" & info.userName cmd.userMoveComment = comment cmd.userMoveWhen = toUTC(now) cmd.userMoveDisabled = whomObject.accountDisabled cmd.userMoveTo = toOU.ADSPath cmd.userMoveTarget = whomObject.ADSPath cmd.setInfo whomObject.accountDisabled = true whomObject.setInfo cmd.moveHere whomObject.ADSPath, vbNullString end function Листинг 6. Создание команды подтверждения перемещения function accept(whomPath) dim cmd, ou set ou = getObject(getAncestor(whomPath, 3)) set cmd = ou.create(COMMAND_CLASS, "CN=cmd_" & ACCEPT_COMMAND & "_" & getObject(whomPath).samAccountName) cmd.userMoveID = ACCEPT_COMMAND cmd.userMoveExecutor = "LDAP://" & info.userName cmd.userMoveTarget = whomPath cmd.setInfo end function Листинг 7. Определение родительского подразделения без использования регулярных выражений function getParent(path) getParent = “LDAP://” & right(path, len(path) - instr(1, path, ",", vbTextCompare)) end function (?:LDAP\:\\\\)? (?:(?:CN|OU)=[^,]*,)? (.*) function getParent(path) dim matches re.pattern = "(?:LDAP\:\/\/)?(?:(?:CN|OU)=[^,]*,)?(.*)" set matches = re.execute(path) getParent = "LDAP://" & matches(0).submatches(0) end function function ADSPath2Readable(path) dim matches, i, splitter re.pattern = "DC=([^,]*)" set matches = re.execute(path) ADSPath2Readable = "" for i = 0 to matches.count – 1 if i = 0 then splitter = "" else splitter = "." end if ADSPath2Readable = ADSPath2Readable & splitter & matches(i).submatches(0) next re.pattern = "(?:CN|OU)=([^,]*)" set matches = re.execute(path) for i = matches.count - 1 to 0 step -1 ADSPath2Readable = ADSPath2Readable & "/" & matches(i).submatches(0) next end function "\\marklar.ua\UserMoveSupport\exec\" function installMenu(className, id, name, scriptPath, action, locale) Set root= GetObject("LDAP://rootDSE") sPath = "LDAP://cn=" & className & "-Display,cn=" & locale & ",cn=DisplaySpecifiers," & sConfig Set obj= GetObject(sPath) sValue = id & "," & name & "," & scriptPath vValue = Array(sValue) obj.PutEx action, "adminContextMenu", vValue obj.SetInfo end function Листинг 8. Константы инициализации надстройки Const ADS_PROPERTY_APPEND = 3 Const ADS_PROPERTY_DELETE = 4 Const LOCALE_ENGLISH = "409" Const LOCALE_RUSSIAN = "419" Const prefix = "UserMove: " Const path = "\\marklar.ua\UserMoveSupport\exec\" Листинг 9. Создание дополнительных пунктов меню function installOUMenu(id, name, scriptPath, locale) installMenu "organizationalUnit", id, name, scriptPath, ADS_PROPERTY_APPEND, locale end function Листинг 10. Создание пунктов меню для английской локали function installEN installUserMenu 100, prefix & "Start", path & "enqueue.hta", LOCALE_ENGLISH installOUMenu 100, prefix & "Outcoming", path & "outcoming.hta", LOCALE_ENGLISH installOUMenu 110, prefix & "Incoming", path & "incoming.hta", LOCALE_ENGLISH end Function ----------------------------------------------------------------------------------------------------------------- Доступная виртуализация: Citrix XenServer 5.0 Андрей Панченко fdisk –l mkdir /mnt/usb mount /dev/sdb1 /mnt/usb mkfs –t ext3 /dev/sdb1 xe vm-export vm=Debian filename=/mnt/usb/Debian.xva umount /mnt/usb fdisk –l xe sr-list type=lvm params=uuid,name-label,PBDs xe pbd-unplug uuid=e1b07204-6424-f95a-dedc-0ca6bfe2f286 xe sr-destroy uuid=45bab772-3aab-1a7f-33fb-3346b1ab379d xe sr-create host-uuid=5d189b7a-cd5e-4029-9940-d4daaa34633d content-type=user name-label="Local EXT Storage" shared=false device-config:device=/dev/sda3 type=ext xe sr-list type=ext params=uuid,name-label xe pool-param-set default-SR=38525a18-7992-7905-ac73-468a03812ee5 uuid=6d87b954-db74-3414-cf64-d5568971069d xe pool-param-set suspend-image-SR=38525a18-7992-7905-ac73-468a03812ee5 uuid=6d87b954-db74-3414-cf64-d5568971069d xe sr-list uuid=38525a18-7992-7905-ac73-468a03812ee5 params ----------------------------------------------------------------------------------------------------------------- Cистема видеоконференций OpenMeetings Сергей Яремчук [mysqld] default-character-set=utf8 character-set-server=utf8 bind-address = 127.0.0.1 [client] default-character-set=utf8 $ sudo /etc/init.d/mysql restart $ sudo /etc/init.d/mysql restart $ sudo apt-get update $ sudo apt-get install openoffice.org-headless openoffice.org-base openoffice.org-writer openoffice.org-calc openoffice.org-impress openoffice.org-draw openoffice.org-math openoffice.org-filter-mobiledev openoffice.org-filter-binfilter msttcorefonts pstoedit libpaper-utils ttf-dejavu unset DISPLAY/usr/bin/soffice"-accept=socket,host=localhost,port=8100;urp; StarOffice.ServiceManager" -nologo -headless –nofirststartwizard $ chmod +x ./ooс.sh $ sudo ./ooс.sh $ netstat -an | grep 8100 $ sudo /etc/init.d/mysql restart $ sudo apt-get install imagemagick ghostscript swftools xfonts-base $ sudo apt-get install sun-java6-jre sun-java6-jdk $ sudo adduser --group red5 $ sudo adduser red5 --gid 1002 --system --home /usr/lib/red5 --disabled-password $ sudo chown -R red5:red5 /usr/lib/red5/ $ wget –c http://openmeetings.googlecode.com/files/openmeetings_0_8_rc2.zip $ unzip openmeetings_0_8_rc2.zip $ sudo mv -v red5-0.8.RC3-build-hudson-red5_jdk6_stable-79_2/* /usr/lib/red5/ $ ls /usr/lib/red5 $ grep -i port /usr/lib/red5/conf/red5.properties http.port=5080 https.port=8443 rtmp.port=1935 rtmpt.port=8088 mrtmp.port=9035 proxy.source_port=1936 proxy.destination_port=1935 $ sudo /usr/lib/red5/red5.sh if [ -z "$RED5_HOME" ]; then export RED5_HOME=`pwd`; fi $ cd /usr/lib/red5 $ sudo ./red5.sh $ netstat -an | grep 1935 $ netstat -an | grep 5080 $ export JAVA_HOME=/usr/lib/jvm/java-1.6.0-sun/ $ mysql -uroot -p mysql> create database openmeetings; mysql> grant all on openmeetings.* to openmeetings@localhost identified by "om_user_pass"; $ cd /usr/lib/red5/webapps/openmeetings/conf $ ls $ cp mysql_hibernate.cfg.xml hibernate.cfg.xml openmeetings om_user_pass com.mysql.jdbc.Driver org.hibernate.dialect.MySQLMyISAMDialect jdbc:mysql://localhost/openmeetings?autoReconnect=true&useUnicode=true&createDatabaseIfNotExist=true&characterEncoding=utf-8 jdbc:mysql://localhost/openmeetings $ sudo dpkg -i install_flash_player_10_linux.deb $ java -jar /usr/lib/red5/webapps/openmeetings/jod/jodconverter-cli-2.2.0.jar -p 8100 -f pdf test.ppt ----------------------------------------------------------------------------------------------------------------- Обзор проекта Gnash Игорь Штомпель apt-get install gnash apt-get install mozilla-plugin-gnash ----------------------------------------------------------------------------------------------------------------- Корпоративные VPN на базе Cisco Иван Панин clear crypto session crypto isakmp policy 1 hash md5 encryption 3des authentication pre-share group 2 crypto isakmp key cisco123 address 172.16.2.1 crypto isakmp key cisco124 address 172.16.3.1 crypto ipsec transform-set rtpset esp-des esp-md5-hmac access-list 102 permit ip 192.168.1.0 0.0.0.255 10.10.2.0 0.0.0.255 access-list 103 permit ip 192.168.1.0 0.0.0.255 10.10.3.0 0.0.0.255 crypto map rtp 2 ipsec-isakmp set peer 172.16.2.1 set transform-set rtpset match address 102 crypto map rtp 3 ipsec-isakmp set peer 172.16.3.1 set transform-set rtpset match address 103 exit interface GigabitEthernet0/1 ip address 172.16.1.1 255.255.255.0 ip tcp adjust-mss 1400 crypto map rtp crypto isakmp policy 1 hash md5 encryption 3des authentication pre-share group 2 crypto isakmp key cisco123 address 172.16.1.1 crypto ipsec transform-set rtpset esp-des esp-md5-hmac access-list 101 permit ip 10.10.2.0 0.0.0.255 192.168.1.0 0.0.0.255 crypto map rtp 2 ipsec-isakmp set peer 172.16.1.1 set transform-set rtpset match address 101 fastEthernet0/1 ip address 172.16.2.1 255.255.255.0 ip tcp adjust-mss 1400 crypto map rtp aaa new-model aaa authentication login local aaa authorization networkt authgroup local crypto isakmp policy 1 authentication pre-share group 2 hash md5 encryption 3de crypto isakmp client configuration address-pool local easy-vpn-group-dynpool crypto isakmp client configuration group authgroup key easyvpnpassowrd dns 192.168.1.254 domain company.ru pool easy-vpn-group-dynpool include-local-lan netmask 255.255.255.0 crypto ipsec transform-set rtpset esp-des esp-md5-hmac crypto dynamic-map rtp 100 set transform-set rtpset reverse-route crypto map rtp isakmp authorization list authgroup crypto map rtp client configuration address respond crypto map rtp 100 ipsec-isakmp dynamic rtp crypto logging session ip local pool easy-vpn-group-dynpool 10.10.1.2 10.10.1.5 access-list 101 permit udp any host 172.16.1.1 eq non500-isakmp access-list 101 permit udp any host 172.16.1.1 eq isakmp access-list 101 permit esp any host 172.16.1.1 access-list 101 permit ahp any host 172.16.1.1 access-list 101 permit icmp any any echo access-list 101 permit icmp any any echo-reply access-list 101 deny ip any any log ip inspect name FW isakmp ip inspect name FW tcp ip inspect name FW udp ip inspect name FW icmp interface GigabitEthernet0/1 ip address 172.16.1.1 255.255.255.0 ip access-group 101 in ip nat outside crypto map rtp ip inspect FW out interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip inspect FW in exit access-list 110 deny ip 192.168.1.0 0.0.0.255 10.10.1.0 0.0.0.255 access-list 110 permit ip 192.168.1.0 0.0.0.255 any route-map ISP permit 10 match ip address 110 ip nat inside source route-map ISP interface gi0/1 overload ip nat inside source static tcp 192.168.1.2 25 172.16.1.1 25 extendable access-list 111 deny tcp 10.10.1.0 0.0.0.255 host 192.168.1.2 eq smtp access-list 111 permit tcp any host 172.16.1.1 eq smtp route-map smtp-for-vpn permit 10 match ip address 111 ip nat inside source static tcp 192.168.1.2 25 172.16.1.1 25 route-map smtp-for-vpn extendable aaa authentication login authuser local username ezvpn privilege 0 password cisco120 crypto isakmp client configuration group easy-vpn-conn key cisco121 save-password crypto map rtp client authentication list authuser access-list 110 deny ip 192.168.1.0 0.0.0.255 10.10.5.0 0.0.0.255 access-list 101 permit ip 10.10.5.0 0.0.0.255 192.168.1.0 0.0.0.255 crypto ipsec client ezvpn easy-vpn-conn connect auto group ez-remote-group key cisco121 mode network-extension peer 172.16.1.1 username cisco password cisco120 xauth userid mode local interface vlan 1 ip address 172.16.1.4 255.255.255.0 crypto ipsec client ezvpn easy-vpn-conn interface Vlan 2 ip address 10.10.5.1 255.255.255.0 crypto ipsec client ezvpn easy-vpn-conn inside ip route 192.168.1.0 255.255.255.0 172.16.1.1 crypto isakmp policy 1 authentication pre-share crypto isakmp key cisco119 address 0.0.0.0 0.0.0.0 crypto IPsec transform-set rtpset esp-des esp-md5-hmac mode transport crypto IPsec profile vpnprof set transform-set rtpset interface Tunnel1 ! Полоса пропускания 1000 Кбит bandwidth 1000 ip address 10.10.1.1 255.255.255.0 ! Так как GRE добавляет дополнительные заголовки к IP-пакету, ! необходимо изменить значение MTU[2] на интерфейсе ip mtu 1400 no ip next-hop-self eigrp 1 ! Включаем NHRP с указанием идентификатора сети ip nhrp network-id 100001 ! Аутентификации (опционально) ip nhrp authentication cisco118 ! Автоматическое добавление соответствия между адресами ! spoke-маршрутизаторов ip nhrp map multicast dynamic ! NHRP NBA-адреса действительны в течении 10 минут ip nhrp holdtime 600 no ip split-horizon eigrp 1 ! Необходимо изменить значение MSS[2] ip tcp adjust-mss 1360 ! Задержка пропускной способности интерфейса ! (десятки микросекунд) delay 1000 ! Настройка соответствия между туннельным интерфейсом ! и физическим ! В качестве адреса отправителя в пакете выходящем ! из mGRE-интерфейса будет использоваться IP-адрес ! физического интерфейса, а адрес получателя будет ! выучен динамически с помощью протокола NHRP tunnel source Vlan1 tunnel mode gre multipoint tunnel key 100001 tunnel protection IPsec profile vpnprof interface Vlan1 ip address 172.16.1.1 255.255.255.0 interface Vlan2 ip address 192.168.1.1 255.255.255.0 router eigrp 1 network 10.10.1.0 0.0.0.255 network 192.168.1.0 0.0.0.255 no auto-summary crypto isakmp policy 1 authentication pre-share crypto isakmp key cisco119 address 0.0.0.0 0.0.0.0 crypto IPsec transform-set rtpset esp-des esp-md5-hmac mode transport crypto IPsec profile vpnprof set transform-set rtpset interface Tunnel1 bandwidth 1000 ip address 10.10.1.101 255.255.255.0 ip mtu 1400 ip nhrp authentication cisco118 ! Статическое соответствие между адресом mGRE-туннеля ! и физическим адресом hub-маршрутизатора !(первый адрес- адрес туннельного интерфейса, ! второй — адрес внешнего физического интерфейса) ip nhrp map 10.10.1.1 172.16.1.1 ! Адрес внешнего физического интерфейса hub-маршрутизатора ! указывается как получатель multicast-пакетов от локального ! маршрутизатора ip nhrp map multicast 172.16.1.1 ip nhrp network-id 100001 ip nhrp holdtime 300 ! Адрес туннельного интерфейса hub-маршрутизатора ! указывается как next-hop-сервер ip nhrp nhs 10.10.1.1 ip tcp adjust-mss 1360 delay 1000 tunnel source Vlan1 tunnel mode gre multipoint tunnel key 100001 tunnel protection IPsec profile vpnprof shared interface Tunnel2 bandwidth 1000 ip address 10.10.2.101 255.255.255.0 ip mtu 1400 ip nhrp authentication cisco118 ip nhrp map 10.10.2.1 172.16.1.2 ip nhrp map multicast 172.16.1.2 ip nhrp network-id 100002 ip nhrp holdtime 300 ip nhrp nhs 10.10.2.1 ip tcp adjust-mss 1360 delay 1000 tunnel source Vlan1 tunnel mode gre multipoint tunnel key 100002 tunnel protection IPsec profile vpnprof shared interface Vlan1 !ip address dhcp hostname Spoke1 ip address 172.16.1.101 255.255.255.0 interface Vlan2 ip address 192.168.101.1 255.255.255.0 router eigrp 1 network 10.10.1.0 0.0.0.255 network 10.10.2.0 0.0.0.255 network 192.168.101.0 0.0.0.255 no auto-summary ----------------------------------------------------------------------------------------------------------------- Очередное собрание ошибок. Прочитай и не делай так Андрей Луконькин Операция.НоваяПроводка(); Операция.Дебет.Счет=СчетПоКоду("23"); Операция.Дебет.Затраты=Затраты; Операция.Кредит.Счет=СчетПоКоду("10"); Операция.Кредит.Материалы=Материалы; Операция.Кредит.МестаХранения=МестаХранения; Операция.Количество=Количество; Операция.Записать(); Отбoр = НoвыйСтруктура("Номенклатура",ЭлементНоменклатуры); Отбoр = Нoвый Структура("Номенклатура",ЭлементНоменклатуры); Отбoр = Нoвый Структура("Номенклатура",ЭлементНоменклатуры); -----------------------------------------------------------------------------------------------------------------