Linux documentation: 2012

Saturday, November 10, 2012

Free Linux Tutorials | Linux Howtow's | Linux Basics: How Filter Keywords in Squid Proxy Server

Free Linux Tutorials | Linux Howtow's | Linux Basics: How Filter Keywords in Squid Proxy Server: In This video we will learn how to filter keywords using Access Control List in squid proxy server

Free Linux Tutorials | Linux Howtow's | Linux Basics: How to Host Multiple Domains on Single IP

Free Linux Tutorials | Linux Howtow's | Linux Basics: How to Host Multiple Domains on Single IP: We are going to learn in this tutorial how to host multiple domains on a single IP. Bind Installation ———————- yum install bind bind-ut...

Free Linux Tutorials | Linux Howtow's | Linux Basics: Linux DNS Server (Bind) Configuration on CentOS 5....

Free Linux Tutorials | Linux Howtow's | Linux Basics: Linux DNS Server (Bind) Configuration on CentOS 5....: Linux DNS Server (Bind) Configuration on CentOS 5.5

Free Linux Tutorials | Linux Howtow's | Linux Basics: Squid Proxy Authentication Using ncsa_auth Helper

Free Linux Tutorials | Linux Howtow's | Linux Basics: Squid Proxy Authentication Using ncsa_auth Helper: This will only allow authorized users to use proxy server. nobody can access internet without username and password

Saturday, November 3, 2012

How to set password for website

Inside the <Directory >….. </Directory> add the following content
AuthType Basic
AuthName "Private Documentation Repository"
AuthUserFile /var/www/html/.htpasswd
Require valid-user

Create username and password for your website
htpasswd -c /var/www/html/.htpasswd htuser

New password:
Re-type new password:
Adding password for user htuser

Your username and password will save in this file /var/www/html/.htpasswd

Check for apache syntax error
/usr/sbin/apachectl -t
Syntax OK

Now reload/restart the apache server. Use one of the following comment to restart the apache server

service httpd restart

Now go to your website and access it.

NIC Bonding in rhel5

Bonding in rhel5
Red Hat Enterprise Linux allows administrators to bind multiple network interfaces together into a single channel using the bonding kernel module and a special network interface called a channel bonding interface. Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy.

The following is a sample channel bonding configuration file:
#vi /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.1.27
NETMASK=255.255.255.0
NETWORK=10.0.1.0
USERCTL=no

After the channel bonding interface is created, the network interfaces to be bound together must be configured by adding the MASTER= and SLAVE= directives to their configuration files. The configuration files for each of the channel-bonded interfaces can be nearly identical.

For example, if two Ethernet interfaces are being channel bonded, both eth0 and eth1 may look like the following example:

#vim /etc/sysconfig/network-scripts/ifcfg-ethX
DEVICE=ethX
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no

In this example replace X with the Numerical Value of the interface

Far Channel Bounding interface to be valid, The Kernel Module Must be Loaded. To ensure that the module is Loaded when the Channel bounding interface is brought up.

#vim /etc/modprob.conf
The following Lines in
alias bond0 bonding
options bond0 mode=balance-alb miimon=100

Then
#modprobe bonding

# service network restart

# ifconfig

Configure SFTP Server using chroot jail in Linux

Release:
RedHat Enterprise Linux, CentOS
Openssh 5.6P1

Problem:
Configure the sftp-server on a per-user-basis (restrict users to their individual home directory) using chroot() jail in RedHat Enterprise Linux

Solution:

1)      Install the OpenSSH latest version that must support the chroot() function

2)      Configure Openssh to use its internal sftp subsystem by editing the sshd_config file

# vi /etc/ssh/sshd_config

Replace
Subsystem sftp /usr/local/libexec/sftp-server
by
Subsystem sftp internal-sftp

3)      Now configure the chroot() by using match rule, add the below entries in the end of the sshd_config file

# vi /etc/ssh/sshd_config

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Note: Here %u represents username, that means all the users in the sftponly group home directories are chrooted. Also chroot directory must be owned by root.

4)      Add one new group named as sftponly

# groupadd sftponly

5)      Create a new user to use retricted sftp. First create a user's home directory after that add the user

# mkdir /home/test
# useradd -g sftponly test
# usermod -d / test

Note: In here, create a home directory as a root user, while adding the user one warning comes like this, "useradd: warning: the home directory already exists"

6)      Now test the configuration from client side

[root@server Desktop]# sftp test@192.168.2.201
Connecting to 192.168.2.201...
test@192.168.2.201's password:
sftp> ls
IN
sftp> cd IN
sftp> ls
sftp> mput 1.png
Uploading 1.png to /IN/1.png
1.png 100% 90KB 90.4KB/s 00:00
sftp> ls
1.png
sftp> bye

7)      Test the SFTP-Server function from the windows client use the “WinSCP” or “Filezilla”

Wednesday, October 31, 2012

DATE AND TIME SETTINGS

SET DATE AND TIME

date -s "2 OCT 2006 18:00:00"

You can also simplify format using following syntax:
 # date +%Y%m%d -s "20081128"

Linux Set Time

# date +%T -s "10:13:13"

SET TIME TO CMOS TIME OR SET SYSTEMHARDWARE TIME TO SYSTEM TIME

hwclock --systohc
This will set the hardware clock to the current system time. You can also do the inverse:
hwclock --hctosys
To display what date/time the hardware clock is currently set to:
hwclock --show

Tuesday, October 30, 2012

Solution: kernel rebuild on redhat

Boot system from Linux CD and give linux rescue command on boot screen

Select language to English

Select Keyboard layout to US

Press enter on continue and it will search for linux on hard disk

We don't need networking for this operation so select no

Rescue mode will mount system image under the/mnt/sysimage folder press ok

now change chroot to/mnt/sysimage

mkdir /a        (creat /a dir)

cat /proc/sys/dev/cdrom/info :
CD-ROM information, Id: cdrom.c 3.20 2003/12/17

    drive name:             hdc
    drive speed:            1
    drive # of slots:       1
    Can close tray:         1
    Can open tray:          1
    Can lock tray:          1
    Can change speed:       1
    Can select disk:        0

mount /dev/hdc /a       (so that cdrom is mount to /a)

cd /a
rpm -ivh kernel-(whatever the kernel version)

Now reboot the system and remove Linux CD from CDROM

Have fun!!!

[1]    Install VNC Server to operate Server with GUI remotely from Windows client.
[root@dlp ~]# yum -y install tigervnc-server
[root@dlp ~]# su - cent                                                 # switch to a user you'd like to config VNC

[cent@dlp ~]$ vncpasswd                                            # set VNC password

Password: # input

Verify:        # confirm

[cent@dlp ~]$vncserver :1                                                                                # start

xauth: creating new authority file /home/cent/.Xauthority
New 'dlp.server.world:1 (cent)' desktop is dlp.server.world:1
Creating default startup script /home/cent/.vnc/xstartup
Starting applications specified in /home/cent/.vnc/xstartup
Log file is /home/cent/.vnc/dlp.server.world:1.log
[cent@dlp ~]$ vncserver -kill :1                                        # stop

Killing Xvnc process ID 2187
[cent@dlp ~]$ vi /home/cent/.vnc/xstartup     #twm & # last line: make it comment

exec gnome-session &                                 # run Ghome
# run with diplay number '1', screen resolution '800x600', color depth '24'

[cent@dlp ~]$ vncserver :1 -geometry 800x600 -depth 24

and restart the vncserver . so that the vncserver will open in fullview in client system.

[2]    Install VNC viewer on client computer next. Download from the site below to install.
http://www.realvnc.com/products/free/4.1/download.html
Start VNC viewer after installing. Then following scrren is shown. Input [(Server's hostname or IP address):(display number)] like following example.

[3]    Password is required. Input VNC password you set in the section [1].

[4]    Just connected.

Thursday, July 19, 2012

LDAP-SAMBA PDC

INSTALLATION AND CONFIGURATION OF LDAP-SAMBA PDC

OPERATING SYSTEM = CENTOS 5.6

IP ADDRESS = 192.168.2.88

HOSTNAME = PDC.HBN.LOCAL

TASK: TO ADD WINDOWS CLIENT TO LINUX LDAP – PDC DOMAIN.

Step1: Disable FireWall, SeLinux
edit /etc/hosts file like:--

root@pdc ~]# cat /etc/hosts

192.168.2.88 pdc.hbn.local pdc

127.0.0.1 pdc.hbn.local pdc localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

And set ip address 192.168.2.88 and hostname –fqd should be pdc.hbn.local

Vim /etc/sysconfig/network :

NETWORKING=yes

NETWORKING_IPV6=no

HOSTNAME=pdc.hbn.local

Step 2: Install ldap with yum

yum -y install openldap-servers openldap-clients:

Step3: [root@pdc ~]# slappasswd -s password -h {MD5}

{MD5}X03MO1qnZdYdgyfeuILPmQ==

Step4: edit the /etc/openldap/slapd.conf

[root@pdc ~]# vim /etc/openldap/slapd.conf like:---

database bdb

suffix "dc=hbn,dc=local"

rootdn "cn=Manager,dc=hbn,dc=local"

# Cleartext passwords, especially for the rootdn, should

# be avoided. See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

# rootpw secret

# rootpw {crypt}ijFYNcSNctBYg

rootpw {MD5}X03MO1qnZdYdgyfeuILPmQ==

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory /var/lib/ldap

# add at the bottom
    access to attrs=userPassword
    by self write
    by dn="cn=Manager,dc=hbn,dc=local" write
    by anonymous auth
    by * none
    access to *
    by dn="cn=Manager,dc=hbn,dc=local" write
    by self write
    by * read

Step5:

[root@pdc ~]#cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@pdc ~]#/etc/init.d/ldap start
[root@pdc ~]#chkconfig ldap on
[root@pdc ~]#cd /usr/share/openldap/migration
[root@pdc ~]#vim migrate_common.ph

#search these lines and edit like

# Default DNS domain

$DEFAULT_MAIL_DOMAIN = "hbn.local";

# Default base

$DEFAULT_BASE = "dc=hbn,dc=local";

Step6 : migrate the credintials to main ldap base file

[root@pdc ~]#cd /usr/share/openldap/migration

[root@pdc migration]#./migrate_base.pl > base.ldif
[root@pdc migration]# ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f base.ldif

Enter LDAP Password: (enter LDAP password on step 3)

adding new entry "dc=hbn,dc=local"

adding new entry "ou=Hosts,dc=hbn,dc=local"

adding new entry "ou=Rpc,dc=hbn,dc=local"

adding new entry "ou=Services,dc=hbn,dc=local"

adding new entry "nisMapName=netgroup.byuser,dc=hbn,dc=local"

adding new entry "ou=Mounts,dc=hbn,dc=local"

adding new entry "ou=Networks,dc=hbn,dc=local"

adding new entry "ou=People,dc=hbn,dc=local"

adding new entry "ou=Group,dc=hbn,dc=local"

adding new entry "ou=Netgroup,dc=hbn,dc=local"

adding new entry "ou=Protocols,dc=hbn,dc=local"

adding new entry "ou=Aliases,dc=hbn,dc=local"

adding new entry "nisMapName=netgroup.byhost,dc=hbn,dc=local"

Step7:

[root@pdc migration]# useradd test1

[root@pdc migration]# passwd test1

Changing password for user test1.

New UNIX password:

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@pdc migration]# useradd test2

[root@pdc migration]# passwd test2

Changing password for user test2.

New UNIX password:

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password:

passwd: all authentication tokens updated successfully

[root@pdc migration]# grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd

[root@pdc migration]# grep "x:[5-9][0-9][0-9]" /etc/group > group

[root@pdc migration]# ./migrate_passwd.pl passwd > passwd.ldif

[root@pdc migration]# ./migrate_group.pl group > group.ldif

[root@pdc migration]# ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f passwd.ldif

Enter LDAP Password: (enter LDAP password on step 3)

adding new entry "uid=nfsnobody,ou=People,dc=hbn,dc=local"

adding new entry "uid=sabhaskar,ou=People,dc=hbn,dc=local"

adding new entry "uid=test1,ou=People,dc=hbn,dc=local"

adding new entry "uid=test2,ou=People,dc=hbn,dc=local"

adding new entry "uid=cent,ou=People,dc=hbn,dc=local"

adding new entry "uid=fedora,ou=People,dc=hbn,dc=local"

[root@pdc migration]# ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f group.ldif

Enter LDAP Password: (enter LDAP password on step 3)

adding new entry "cn=nfsnobody,ou=Group,dc=hbn,dc=local"

adding new entry "cn=sabhaskar,ou=Group,dc=hbn,dc=local"

adding new entry "cn=test1,ou=Group,dc=hbn,dc=local"

adding new entry "cn=test2,ou=Group,dc=hbn,dc=local"

adding new entry "cn=cent,ou=Group,dc=hbn,dc=local"

adding new entry "cn=fedora,ou=Group,dc=hbn,dc=local"

Step8: samba installation

[root@pdc migration]# yum -y install samba

Downloading Packages:

(1/4): libsmbclient-3.0.33-3.39.el5_8.i386.rpm | 909 kB 00:02

(2/4): samba-client-3.0.33-3.39.el5_8.i386.rpm | 5.7 MB 00:12

(3/4): samba-common-3.0.33-3.39.el5_8.i386.rpm | 6.7 MB 00:15

(4/4): samba-3.0.33-3.39.el5_8.i386.rpm | 16 MB 00:36

Complete!

[root@pdc migration]# cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/schema/samba.schema

[root@pdc migration]# vim /etc/openldap/slapd.conf

# add the line to this file

include /etc/openldap/schema/samba.schema

# and modify this line in same file

access to attrs=userPassword,sambaLMPassword,sambaNTPassword
            by self write
            by dn="cn=Manager,dc=hbn,dc=local" write
            by anonymous auth
            by * none

root@pdc migration]# /etc/rc.d/init.d/ldap restart

Stopping slapd: [ OK ]

Starting slapd: [ OK ]

Setup this LDAP-SAMBA PDC is openldap-client
[root@pdc migration]# setup

select Authentication Configuration
check boxes: Use ldap and use ldap Authenication, MD5
change server to: 192.168.2.88

and Base DN to: dc=hbn,dc=local

[root@pdc migration]# vim /etc/pam.d/system-auth

#add this line

session optional pam_mkhomedir.so skel=/etc/skel umask=077

____________________________________________________________-----

[root@pdc ~]# vim /etc/ldap.conf

(Add these line to file)

base dc=hbn,dc=local

ssl no

tls_cacertdir /etc/openldap/cacerts

pam_password md5

uri ldap://192.168.2.88/

___________________________________________________________

Step9:

installation of smbldap tools , for this task we need to install epel package on centos 5.6.

I manually download the epel package from http://www.wiki.centos.org/

[root@pdc migration]# yum --enablerepo=epel -y install smbldap-tools

[root@pdc migration]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

[root@pdc migration]# cp /usr/share/do

doc/ dogtail/

[root@pdc migration]# cp /usr/share/doc/smbldap-tools-0.9.6/smb.conf /etc/samba/smb.conf

[root@pdc migration]# service ldap restart

Stopping slapd: [ OK ]

Starting slapd: [ OK ]

[root@pdc migration]# vim /etc/samba/smb.conf

(I just modify and add few lines to this file)

____________________________________________________________________________________

[global]

passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

preserve case = yes

admin users = admin

enable privileges = yes

delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"

show add printer wizard = yes

time server = Yes

passwd program = /usr/sbin/smbldap-passwd -u "%u"

nt acl support = No

netbios name = PDC-SRV

printing = cups

ldap passwd sync = yes

logon script = logon.bat

min passwd length = 3

dos charset = CP932

workgroup = HBNLOCAL

os level = 65

ldap admin dn = cn=Manager,dc=hbn,dc=local

printcap name = cups

security = user

short preserve case = yes

dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"

delete user script = /usr/sbin/smbldap-userdel "%u"

max log size = 100000

log level = 0

log file = /var/log/samba/log.%U

guest account = nobody

load printers = Yes

ldap user suffix = ou=People

add group script = /usr/sbin/smbldap-groupadd -p "%g"

delete group script = /usr/sbin/smbldap-groupdel "%g"

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

mangling method = hash2

logon drive = H:

deadtime = 10

create mask = 0640

map to guest = Bad User

domain master = Yes

winbind trusted domains only = yes

encrypt passwords = Yes

winbind use default domain = yes

logon home = /home/netlogon

passdb backend = ldapsam:ldap://127.0.0.1/

case sensitive = no

wins support = yes

ldap machine suffix = ou=Computers

ldap group suffix = ou=Group

server string = Samba Server %v

ldap suffix = dc=hbn,dc=local

unix password sync = yes

logon path =

directory mask = 0750

add user script = /usr/sbin/smbldap-useradd -m "%u"

set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

syslog = 0

unix charset = UTF-8

preferred master = Yes

domain logons = Yes

#The shares should look like this

[netlogon]

path = /home/netlogon/

browseable = No

read only = yes

[profiles]

path = /home/profiles

read only = no

create mask = 0600

directory mask = 0700

browseable = No

guest ok = Yes

profile acls = yes

csc policy = disable

# next line is a great way to secure the profiles

#force user = %U

# next line allows administrator to access all profiles

#valid users = %U "Domain Admins"

[printers]

comment = Network Printers

#printer admin = @"Print Operators"

guest ok = yes

printable = yes

path = /home/spool/

browseable = No

read only = Yes

printable = Yes

print command = /usr/bin/lpr -P%p -r %s

lpq command = /usr/bin/lpq -P%p

lprm command = /usr/bin/lprm -P%p %j

# print command = /usr/bin/lpr -U%U@%M -P%p -r %s

# lpq command = /usr/bin/lpq -U%U@%M -P%p

# lprm command = /usr/bin/lprm -U%U@%M -P%p %j

# lppause command = /usr/sbin/lpc -U%U@%M hold %p %j

# lpresume command = /usr/sbin/lpc -U%U@%M release %p %j

# queuepause command = /usr/sbin/lpc -U%U@%M stop %p

# queueresume command = /usr/sbin/lpc -U%U@%M start %p

[print$]

path = /home/printers

guest ok = No

browseable = Yes

read only = Yes

valid users = @"Print Operators"

write list = @"Print Operators"

create mask = 0664

directory mask = 0775

[public]

path = /tmp

guest ok = yes

browseable = Yes

writable = yes

[root@pdc ~]# vim /etc/smbldap-tools/smbldap_bind.conf

slaveDN="cn=Manager,dc=hbn,dc=local"

slavePw="password"

masterDN="cn=Manager,dc=hbn,dc=local"

masterPw="password"

_____________________________________________________________

[root@pdc migration]# mkdir /home/netlogon

[root@pdc migration]# chmod 777 /home/netlogon/

[root@pdc migration]# service smb start

Starting SMB services: [ OK ]

Starting NMB services: [ OK ]

[root@pdc migration]# smbpasswd -W

Setting stored password for "cn=Manager,dc=hbn,dc=local" in secrets.tdb

New SMB password:

Retype new SMB password: (I just set the ldap password only for this)

Step10:

root@pdc migration]# cd /usr/share/doc/smbldap-tools-0.9.6/

[root@pdc smbldap-tools-0.9.6]# chmod 777 configure.pl

[root@pdc smbldap-tools-0.9.6]# ./configure.pl

(It will ask ldap server details and samba details , just provide the required )

Step 11:

[root@pdc smbldap-tools-0.9.6]# smbldap-populate

Populating LDAP directory for domain HBNLOCAL (S-1-5-21-3415407115-311491748-1151047458)

(using builtin directory structure)

entry dc=hbn,dc=local already exist.

entry ou=People,dc=hbn,dc=local already exist.

entry ou=Group,dc=hbn,dc=local already exist.

adding new entry: ou=Computers,dc=hbn,dc=local

adding new entry: ou=Idmap,dc=hbn,dc=local

adding new entry: uid=root,ou=People,dc=hbn,dc=local

adding new entry: uid=nobody,ou=People,dc=hbn,dc=local

adding new entry: cn=Domain Admins,ou=Group,dc=hbn,dc=local

adding new entry: cn=Domain Users,ou=Group,dc=hbn,dc=local

adding new entry: cn=Domain Guests,ou=Group,dc=hbn,dc=local

adding new entry: cn=Domain Computers,ou=Group,dc=hbn,dc=local

adding new entry: cn=Administrators,ou=Group,dc=hbn,dc=local

adding new entry: cn=Account Operators,ou=Group,dc=hbn,dc=local

adding new entry: cn=Print Operators,ou=Group,dc=hbn,dc=local

adding new entry: cn=Backup Operators,ou=Group,dc=hbn,dc=local

adding new entry: cn=Replicators,ou=Group,dc=hbn,dc=local

entry sambaDomainName=HBNLOCAL,dc=hbn,dc=local already exist. Updating it...

Please provide a password for the domain root:

Changing UNIX and samba passwords for root

New password:

Retype new password:(same the ldap password only)

Step12:

(now creating users and groups for windows machines )

[root@pdc smbldap-tools-0.9.6]# smbldap-groupadd -a admin

[root@pdc smbldap-tools-0.9.6]# smbldap-useradd -am -g admin admin

[root@pdc smbldap-tools-0.9.6]# smbldap-passwd admin

[root@pdc smbldap-tools-0.9.6]# smbldap-useradd -am -g admin bhaskar

[root@pdc smbldap-tools-0.9.6]# smbldap-passwd bhaskar

####### the above section completed the ldap-samba pdc server ###################333

Here I used windows xp as client and given ip address 192.168.2.36

Machine name is clientxp

Add primary dns is 192.168.2.88 (ldap server)

Add wins is 192.168.2.88 (ldap server)

Steps->> right click my computer >> properties>>computer name>>

Click change >> when new window appears >> click more there you mention >> hbn.local>>

Now provide samba domain name which is in this case HBNLOCAL

It will ask smbldap user name and password . I just enter bhaskar and its password .

The windows machine is joined the LDAP-SAMBA PDC Server succefully.