LDAP Master/Provider configuration

LDAP Master/Provider configuration

Configure the LDAP Master as provider

File: provider.ldif

IOF>
# Add indexes to the frontend db.
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryCSN eq
-
add: olcDbIndex
olcDbIndex: entryUUID eq

#Load the syncprov and accesslog modules.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov
-
add: olcModuleLoad
olcModuleLoad: accesslog

# Accesslog database definitions
dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=accesslog
olcRootDN: cn=admin,dc=thor,dc=loc
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart

# Accesslog db syncprov.
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE
olcSpReloadHint: TRUE

# syncrepl Provider for primary db
dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpNoPresent: TRUE

# accesslog overlay definitions for primary db
dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olcAccessLogDB: cn=accesslog
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
olcAccessLogPurge: 07+00:00 01+00:00
<EOF

Copy de DB_CONFIG

shell# sudo -u openldap mkdir /var/lib/ldap/accesslog
shell# sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog/

Add the provider LDIF to the LDAP master

shell# ldapadd -Y EXTERNAL -H ldapi:/// -f provider.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
modifying entry "cn=module{0},cn=config"
adding new entry "olcDatabase={2}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}hdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}hdb,cn=config"
adding new entry "olcOverlay=accesslog,olcDatabase={1}hdb,cn=config"

LDAP Slave/Consumer configuration

LDAP Slave/Consumer configuration

Add the additional schema files

shell# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
shell# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
shell# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif

Configure the LDAP Slave as consumer

File: consumer.ldif

#Load the syncprov module.
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: syncprov

# syncrepl specific indices
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcSyncRepl
olcSyncRepl: rid=0 provider=ldap://LDAP-01.thor.loc bindmethod=simple binddn="cn=admin,dc=thor,dc=loc"
 credentials=XXXX searchbase="dc=thor,dc=loc" logbase="cn=accesslog"
 logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on
 type=refreshAndPersist retry="60 +" syncdata=accesslog
-
add: olcUpdateRef
olcUpdateRef: ldap://LDAP-01.thor.loc

Add the LDIF file to the configuration tree
shell# ldapadd -c -Y EXTERNAL -H ldapi:/// -f consumer.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=module{0},cn=config"
modifying entry "olcDatabase={1}hdb,cn=config"

Default Linux configuration services such as ssh, login, etc for authentication against a LDAP server

Default Linux configuration services such as ssh, login, etc for authentication against a LDAP server

Install the PAM ldap module and NSS lib

shell# apt-get install libnss-ldap libpam-ldap ldap-utils

Configure the libnss-ldap package
LDAP server URI: ldap://LDAP-02.thor.loc:389/
Distinguished name of the search base: dc=thor,dc=loc
LDAP version to use: 3
LDAP account for root: cn=admin,dc=thor,dc=loc
LDAP root account password: XXXX

The password is stored in /etc/libnss-ldap.secret

Configure the libpam-ldap package
Allow LDAP admin account to behave like local root? Yes
Does the LDAP database require login? No
LDAP administrative account: cn=admin,dc=thor,dc=loc
LDAP administrative password: XXXX

The password is stored in /etc/pam_ldap.secret

Local encryption algorithm to use for passwords: crypt

Automatic configure about PAM files

File: /etc/pam.d/common-auth
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_ldap.so use_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so

File: /etc/pam.d/common-account
account [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so
account [success=1 default=ignore]      pam_ldap.so
account requisite                       pam_deny.so
account required                        pam_permit.so

File: /etc/pam.d/common-password
password        [success=2 default=ignore]      pam_unix.so obscure sha512
password        [success=1 user_unknown=ignore default=die]     pam_ldap.so try_first_pass
password        requisite                       pam_deny.so
password        required                        pam_permit.so

File: /etc/pam.d/common-session
session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session required                pam_unix.so
session optional                        pam_ldap.so
session optional             pam_mkhomedir.so skel=/etc/skel umask=077

File: /etc/pam.d/common-session-noninteractive
session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session required                pam_unix.so
session optional                        pam_ldap.so

Manual NSS configuration

File /etc/nsswitch.conf

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       ldap
 

Base installation about slapd daemon

Base installation about slapd daemon

shell# apt-get install slapd ldap-utils

Provide the LDAP administrator password

Setting up libltdl7 (2.2.6b-2) …
Setting up libperl5.10 (5.10.1-17squeeze2) …
Setting up libslp1 (1.2.1-7.8) …
Setting up ldap-utils (2.4.23-7.2) …
Setting up odbcinst (2.2.14p2-1) …
Setting up odbcinst1debian2 (2.2.14p2-1) …
Setting up unixodbc (2.2.14p2-1) …
Setting up slapd (2.4.23-7.2) …
  Creating new user openldap… done.
  Creating initial configuration… done.
  Creating LDAP directory… done.
Starting OpenLDAP: slapd.

Test the slapd daemon
root@LDAP-02:~# ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: olcBackend={0}hdb,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}hdb,cn=config

Setup the SHA LDAP administrator password in the config database
shell# slappasswd
{SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXX

shell# ldapmodify -Y EXTERNAL -H ldapi:///
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

Cute & Paste

dn: olcDatabase={0}config,cn=config
add: olcRootPW
olcRootPW: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXX
modifying entry "olcDatabase={0}config,cn=config"

Display the LDAP server configuration

shell# slapcat
dn: dc=thor,dc=loc
objectClass: top
objectClass: dcObject
objectClass: organization
o: thor.loc
dc: thor
structuralObjectClass: organization
entryUUID: c4db9414-a018-1030-8c55-0544f97800ac
creatorsName: cn=admin,dc=thor,dc=loc
createTimestamp: 20111110185139Z
entryCSN: 20111110185139.949528Z#000000#000#000000
modifiersName: cn=admin,dc=thor,dc=loc
modifyTimestamp: 20111110185139Z

dn: cn=admin,dc=thor,dc=loc
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9bjMvbzA1UnFWTGFYTlBUMzlPZUxJNlBEZXNzZUhlN24=
structuralObjectClass: organizationalRole
entryUUID: c503f1b6-a018-1030-8c56-0544f97800ac
creatorsName: cn=admin,dc=thor,dc=loc
createTimestamp: 20111110185140Z
entryCSN: 20111110185140.214073Z#000000#000#000000
modifiersName: cn=admin,dc=thor,dc=loc
modifyTimestamp: 20111110185140Z

Configure the LDAP database

File: config.ldif

IOF>
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=thor,dc=loc
-
replace: olcRootDN
olcRootDN: cn=admin,dc=thor,dc=loc
-
replace: olcAccess
olcAccess: to attrs=userPassword by dn="cn=admin,dc=thor,dc=loc" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=thor,dc=loc" write by * read
-
<EOF

shell# ldapmodify -Y EXTERNAL -H ldapi:/// -f config.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"

Test the new configuration

sheel# ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
Enter LDAP Password:
dn: olcDatabase={1}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcLastMod: TRUE
olcRootPW: {SSHA}n3/o05RqVLaXNPT39OeLI6PDesseHe7n
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcSuffix: dc=thor,dc=loc
olcRootDN: cn=admin,dc=thor,dc=loc
olcAccess: {0}to attrs=userPassword by dn="cn=admin,dc=thor,dc=loc" write by a
 nonymous auth by self write by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to dn.base="" by * read
olcAccess: {3}to * by dn="cn=admin,dc=thor,dc=loc" write by * read
 

Basic bind nameserver master/slave configuration

DNS Master server

shell@master> cat /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "thor.loc" {
        type master;
        file "/etc/bind/db.thor.loc";
        notify yes;
        also-notify { 192.168.1.132; };
        allow-transfer { 192.168.1.132; };
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.1.168.192";
        notify yes;
        also-notify { 192.168.1.132; };
        allow-transfer { 192.168.1.132; };
};
 

shell@master> cat /etc/bind/db.thor.loc
$TTL 24h
@                       IN      SOA     thor.loc. root.thor.loc. (
                                2               ; Serial
                                3h              ; Refresh
                                30m             ; Retry
                                7d              ; Expire
                                3h)             ; Minimum TTL

; Nameservers
@                       IN      NS      thor.loc.
@                       IN      A       192.168.1.131

@                       IN      NS      thor.loc.
@                       IN      A       192.168.1.132

; Hosts
Xen.thor.loc.           IN      A       192.168.1.6

; Web-Servers Pool
Web-01.thor.loc.        IN      A       192.168.1.101
larete.thor.loc.        IN      A       192.168.1.101

; Sql-Servers Pool
Sql-01.thor.loc.        IN      A       192.168.1.111

; File-Servers Pool
File-01.thor.loc.       IN      A       192.168.1.121

; DNS-Servers Pool
DNS-01.thor.loc.        IN      A       192.168.1.131
DNS-02.thor.loc.        IN      A       192.168.1.132

; Mail-Servers Pool
Mail-01.thor.loc.       IN      A       192.168.1.141

; LDAP-Servers Pool
LDAP-01.thor.loc.       IN      A       192.168.1.151
LDAP-02.thor.loc.       IN      A       192.168.1.152

; Log-Servers Pool
Log-01.thor.loc.        IN      A       192.168.1.161

; Desktop Pool
Debian-01.thor.loc.     IN      A       192.168.1.201

; Subdomains
 

shell@master> cat /etc/bind/db.1.168.192.0
$TTL    24h

1.168.192.in-addr.arpa.   IN  SOA   DNS-01.thor.loc.   root.thor.loc (
        1          ; serial number
        3h         ; refresh time
        30m        ; retry time
        7d         ; expire time
        3h         ; negative caching ttl
)

; Nameservers
1.168.192.in-addr.arpa.         IN      NS      192.168.1.131.

; Hosts / PTR
6.1.168.192.in-addr.arpa.       IN      PTR     Xen.thor.loc.

; Web-Servers Pool
101.1.168.192.in-addr.arpa.     IN      PTR     Web-01.thor.loc.
101.1.168.192.in-addr.arpa.     IN      PTR     larete.thor.loc.

; Sql-Servers Pool
111.1.168.192.in-addr.arpa.     IN      PTR     Sql-01.thor.loc.

; File-Servers Pool
121.1.168.192.in-addr.arpa.     IN      PTR     File-01.thor.loc.

; DNS-Servers Pool
131.1.168.192.in-addr.arpa.     IN      PTR     DNS-01.thor.loc.
132.1.168.192.in-addr.arpa.     IN      PTR     DNS-02.thor.loc.

; Mail-Servers Pool
141.1.168.192.in-addr.arpa.     IN      PTR     Mail-01.thor.loc.

; LDAP-Servers Pool
151.1.168.192.in-addr.arpa.     IN      PTR     LDAP-01.thor.loc.
152.1.168.192.in-addr.arpa.     IN      PTR     LDAP-02.thor.loc.

; Log-Servers Pool
161.1.168.192.in-addr.arpa.     IN      PTR     Log-01.thor.loc.

; Desktop Pool
201.1.168.192.in-addr.arpa.     IN      PTR     Debian-01.thor.loc.
 

DNS Slave server

shell@slave> cat /etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "thor.loc" {
        type slave;
        file "/var/lib/bind/db.thor.loc";
        masters { 192.168.1.131; };
        allow-transfer { none; };
};

zone "1.168.192.in-addr.arpa" {
        type slave;
        file "/var/lib/bind/db.1.168.192";
        masters { 192.168.1.131; };
        allow-transfer { none; };

};
 

run “xrdb -merge ~/.Xresources” to upload X default database properties; for example Xterm console

File: ~/.Xresources

! X database properties
! run "xrdb -merge ~/.Xresources" to upload and override X default database properties
! font properties check "xfontsel"
XTerm*font: -dec-terminal-medium-r-normal–14-140-75-75-c-80-iso8859-1
! Background color
XTerm*background:       black
! Text color
XTerm*foreground:       gray
! Cursor color
XTerm*cursorColor:      red
! Cursor blink
XTerm*cursorBlink:      true
! Startup as login shell
XTerm*loginShell:       true
! Number of saved lines for scroll
XTerm*saveLines:        1000
! internalBorder betweeen characters and the windows border
XTerm*internalBorder:   10
! geometry
XTerm.vt100.geometry:   90×90
! scrollbar
XTerm*scrollBar:        true
XTerm*scrollTtyOutput:  false

Setup a local network name server using Bind9

Bind9 Configuration files to deploy a local network name server alias "thor.loc":

/etc/bind/named.conf.local

zone "thor.loc" {
        type master;
        file "/etc/bind/db.thor.loc";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/db.1.168.192";
};

/etc/bind/db.thor.loc

$TTL 24h
thor.loc.                 IN      SOA     DNS-01.thor.loc. root.thor.loc. (
                                1               ; Serial
                                3h              ; Refresh
                                30m             ; Retry
                                7d              ; Expire
                                3h)             ; Minimum TTL
; Nameservers
thor.loc.                           IN      NS    192.168.1.103.

; Hosts
Web-01.thor.loc.           IN      A       192.168.1.100
Sql-01.thor.loc.              IN      A       192.168.1.101
File-01.thor.loc.             IN      A       192.168.1.102
DNS-01.thor.loc.           IN      A       192.168.1.103
Mail-01.thor.loc.            IN      A       192.168.1.104
Gateway-01.thor.loc.    IN      A       192.168.1.105
Debian-01.thor.loc.      IN      A       192.168.1.200

/etc/bind/db.1.168.192 

$TTL 24h

1.168.192.in-addr.arpa. IN SOA DNS-01.thor.loc. root.thor.loc (
                                                          1             ; serial number
                                                          3h          ; refresh time
                                                          30m      ; retry time
                                                          7d         ; expire time
                                                         3h)        ; negative caching ttl

; Nameservers

1.168.192.in-addr.arpa.               IN        NS        192.168.1.103.

; Hosts
100.1.168.192.in-addr.arpa.       IN        PTR      Web-01.thor.loc.
101.1.168.192.in-addr.arpa.       IN        PTR      Sql-01.thor.loc.
102.1.168.192.in-addr.arpa.       IN        PTR      File-01.thor.loc.
103.1.168.192.in-addr.arpa.       IN        PTR      DNS-01.thor.loc.
104.1.168.192.in-addr.arpa.       IN        PTR      Mail-01.thor.loc.
105.1.168.192.in-addr.arpa.       IN        PTR      Gateway-01.thor.loc.
200.1.168.192.in-addr.arpa.       IN        PTR      Debian-01.thor.loc.

/etc/resolv.conf

search thor.loc
nameserver 192.168.1.103

/etc/network/interfaces

# The primary network interface
auto eth1
iface eth1 inet static
     address 192.168.1.103
     network 192.168.1.0
     netmask 255.255.255.0
     broadcast 192.168.0.255
     gateway 192.168.1.1
     dns-nameservers 192.168.1.103

Syncronize files using rsync between ssh servers ssh-keygen id_dsa id_dsa.pub

The objective is syncronize files between a production and a development Webservers.

Connect to que production and development SSH Servers and make the public and the private keys.

shell@local> ssh x@X.mialojamiento.es

shell@X.mialojamiento.es> ssh-keygen -tdsa

shell@local> ssh y@Y.dyndns.org

shell@Y.dyndns.org> ssh-keygen -tdsa

Production and development systems makes two different files id_dsa and id_dsa.pub. id_dsa.pub is the public key.

Now copy the public key from the production server to the development server and viceversa. Use the autorized_keys file about your user that you can locate in the ~/.ssh directory.

shell@X.mialojamiento.es> cat id_dsa.pub | ssh y@Y.dyndns.org "cat – >> /home/y/.ssh/authorized_keys"
shell@Y.dyndns.org> cat id_dsa.pub | ssh x@X.mialojamiento.es "cat – >> /home/x/.ssh/authorized_keys"

Test the configuration

shell@X.mialojamiento.es> ssh -l y Y.dyndns.org

shell@Y.dyndns.org> ssh -l x X.mialojamiento.es

Syncronize files and directories

shell@Y.dyndns.org> rsync -e ssh -avzn x@X.mialojamiento.es:/home/x /var/www/

Its done 

Using the Debian apt-cacher package (caching .deb and source packages) to deploy a local network APT repository

The objective is that my Debian servers pool can share a same cached package repository downloaded from a official Debian repository.

It is not a mirror repository, apt-cacher only save the most frequently and necessary packages downloaded. For example updates about the base system.

Download one time a package and before share it with all common distribution servers available in the farm.

shell> apt-cache show apt-cacher

Package: apt-cacher

Priority: optional

Section: net

Installed-Size: 308

Maintainer: Mark Hindley <mark@hindley.org.uk>

Architecture: all

Version: 1.6.12

…

Description: Caching proxy for Debian package and source files

Apt-cacher performs caching of .deb and source packages which have been

downloaded by local users. It is most useful for local area networks with slow

internet uplink.

.

When a package is requested, the cache checks whether it already has the

requested version, in which case it sends the package to the user immediately.

If not, it downloads the package while streaming it to the user at the same

time. A local copy is then kept for use by other users.

.

Apt-cacher has been optimized for best utilization of network bandwidth and

efficiency even on slow low-memory servers. Multiple ways of installation are

possible: as a stand-alone HTTP proxy, as a daemon executed by inetd or as a

CGI program. Client machines are configured by changing APT’s proxy

configuration or modification of access URLs in sources.list.

.

The package includes utilities to clean the cache (removing obsolete package

files), generate usage reports and import existing package files. Experimental

features include a simple package checksum verification framework, optional

IPv6 support and pre-fetching of new packages (upgrade candidates).

.

Apt-cacher can be used as a replacement for apt-proxy, with no need to modify

client’s /etc/apt/sources.list files (and even reusing its config and cached

data), or as an alternative to approx.

shell> apt-install apt-cacher

apt-cache configuration file (/etc/apt-cacher/apt-cacher.conf)

“Default directory to save downloaded packages. The first runtime apt-cacher will populate the defined directory.”

cache_dir=/master/apt-cacher

“Disable the automatic cleaning. By default apt-cacher clean repository each 24 hours”.

clean_cache=0

apt-cacher repository directory permissions

“If you use a different directory remember update the permission before work with it”

shell>chown www-data:www-data -R /master/apt-cacher

apt-cache configuration file (/etc/default/apt-cacher)

"Enable the start up daemon at operating system boot time"

AUTOSTART=1

apt-proxy configuration file (/etc/apt/apt.conf.d/01proxy)

“Define the use of apt-cacher en each server that are present in the Debian server pool . If the file directive is not present create it.”

Acquire::http::Proxy “http://hostname:3142″;

apt-cacher daily usage report

“Check the use of apt-cacher in the URL. Data is updated every 24 h by default.”

http://hostname:3142/report

“Sample 24 h report”

The usb-Microsoft_Microsoft®_Nano_Transceiver_v1.0-mouse crash the X start up.

I detected the problem looking the /var/log/Xorg.0.log X log file. For start up the X I changed the /etc/X11/xorg.conf X config file to disable the Discovering and Add devices Server Flag that came from enable by default in the X configuration file. This section was no present then i added it in the default configuration file.

Section “ServerFlags”

option “AutoAddDevices” “off”

EndSection

In the Mouse “InputDevice” section I changed all Options except “ZaxisMappin”

Section “InputDevice”

# generated from default

Identifier “Mouse0″

Driver “mouse”

Option “Buttons” “5″

Option “Device” “/dev/input/mouse2″

Option “Name” “PS/2 Mouse”

Option “Protocol” “explorerps/2″

Option “ZAxisMapping” “4 5″

EndSection

I found the device checking the /dev/input/by-id directory

usb-Logitech_USB_Keyboard-event-if01 -> ../event4

usb-Logitech_USB_Keyboard-event-kbd -> ../event3

usb-Logitech_USB_Keyboard-event-mouse -> ../event5

usb-Logitech_USB_Keyboard-mouse -> ../mouse1

usb-Microsoft_Microsoft®_Nano_Transceiver_v1.0-event-kbd -> ../event2

usb-Microsoft_Microsoft®_Nano_Transceiver_v1.0-event-mouse -> ../event1

usb-Microsoft_Microsoft®_Nano_Transceiver_v1.0-kbd -> ../js0

usb-Microsoft_Microsoft®_Nano_Transceiver_v1.0-mouse -> ../mouse0

usb-PIXART_USB_OPTICAL_MOUSE-event-mouse -> ../event6

usb-PIXART_USB_OPTICAL_MOUSE-mouse -> ../mouse2

There was present two mouse devices and my X was trying to use the ../mouse0 device that did not work.

I checked about two device files and /dev/input/mouse2 seems like work when I moved a few the mouse. /dev/input/mouse0 did not work.

shell> cat /dev/input/mouse2

����8��8��8���8��8��8��8��8��8��(�(�(�(�(�(�8������8��8��8������������������^C