Citrix XenApp

Your Journey towards cloud.

Virtualization Picking up Speed

Are your Skills keeping up? Skill up. Be Relevant

Are you a System Admin

Learn Citrix XenApp, Its future.

Citrix XenApp

Industry-leading virtualization platform for building cloud.

Cloud Computing in Demand

Learn how to build cloud on Citrix XenApp.

Showing posts with label Red Hat. Show all posts
Showing posts with label Red Hat. Show all posts

Sunday, 15 July 2012

How to mount samba share on Linux client

Samba can be used to allow connectivity between Linux and Windows. Samba can be used to share printers, share directories, connect to an windows domain, and many other useful features.

In order to mount your samba share to your Linux client open up the /etc/fstab file and insert the following line into this file

//172.19.12.137/Music /mnt/samba cifs credentials=/etc/accessfile 0 0

Now create a new file: /etc/accessfile with following contents
username=Suhail
password=some_password
Save the above file and restart your Linux client (or type command mount -a),
after restart you should now able to access the share content from the samba server
under /mnt/samba directory.

This is preferred over having passwords in plaintext in a shared file, such as /etc/fstab. Be sure to protect any credentials file properly and also note that there should not be any extra space in this file.

It there are any space in this credentials file you might get the following error on trying to mount the file system
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

Saturday, 14 July 2012

How to Convert smbpasswd to tdbsam on Samba

The latest release of Samba offers many new features including new password database backends not previously available. Samba version 3.0.0 fully supports all databases used in previous versions of Samba. However, although supported, many backends may not be suitable for production use.

The tdbsam backend provides an ideal database back-end for local servers, servers that do not need built-in database replication, and servers that do not require the scalability or complexity of LDAP. The tdbsam back-end includes all of the smbpasswd database information as well as the previously-excluded SAM information. The inclusion of the extended SAM data allows Samba to implement the same account and system access controls as seen with Windows NT/2000/2003-based systems.

The tdbsam backend is recommended for 250 users at most. Larger organizations should require Active Directory or LDAP integration due to scalability and possible network infrastructure concerns.

Convert smbpasswd to tdbsam: enter as root on the command line:
      pdbedit -i smbpasswd:/etc/samba/smbpasswd -e tdbsam:/etc/samba/passdb.tdb
      And ensure the global section of smb.conf has such an entry:
      passdb backend = tdbsam

Friday, 13 July 2012

Creating Recycle Bin for Samba storage

Samba is mainly used to share the files between Linux and windows and many times it happens that user deletes the file from the samba server and later wants to get back deleted files which is not possible with the default configuration of samba server.

The best option is to have a "Recycle bin" for every users on the samba server.
Here is an example of modifying the home directories of your users in samba configuration file
[homes]
comment = Home Directory
valid users = %S
browsable = no
guest ok = no
read only = no
vfs object = recycle
recycle:repository = RecycleBin
recycle:keeptree = yes
recycle:exclude = *.tmp, *.bak
The “vfs object” line calls in the plug-in that enables recycle bin capability.  On the other lines, you’re setting the name of the recycle bin directory, telling Samba to preserve the whole structure of any directories that a user may delete, and finally, telling it to not keep certain types of files.

Thursday, 12 July 2012

Transfer Linux user to Samba users

To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:

1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:

# cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

If the system uses NIS, type the following command:

# ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.

2. Change the permissions of the Samba password file so that only root has read and write permissions:

# chmod 600 /etc/samba/smbpasswd

3. The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):

# smbpasswd username

4. Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:

encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

5. Make sure the smb service is started by typing the command service smb restart at a shell prompt.

Wednesday, 11 July 2012

Sync users' Samba passwords with their system passwords

The pam_smbpass PAM module can be used to sync users' Samba passwords with their system passwords when the passwd command is used. 
If a user invokes the passwd command, the password the uses to log in to the system as well as the password he must provide to connect to a Samba share are changed.

To enable this feature, add the following line to /etc/pam.d/system-auth 
below the pam_cracklib.so invocation:

password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass

Tuesday, 10 July 2012

Sync Samba and Unix password

The pam_smbpass PAM module can be used to sync users’ Samba passwords with their system passwords. 
If a user invokes the passwd command, the password he uses to log in to the system as well as the password he must provide to connect to a Samba share are changed.

To enable this feature, 
add the following line to /etc/pam.d/system-auth below the pam_cracklib.so invocation:


password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass

Sunday, 8 July 2012

Mount Samba share using fstab

To mount a Samba share when Linux system comes up after reboot

edit the /etc/fstab file and put entry as follows for your Windows/Samba share:

//ntserver/share /mnt/samba smbfs username=username,password=password 0 0


For example,
if you want to mount a share called //ntserver/docs then you need to write following entry in /etc/fstab file:

//192.168.0.1/share /mnt/samba smbfs username=sohail,password=passwd123 0 0

Friday, 6 July 2012

Using Samba As File Server in Linux with guest(Anonymous) login and read-write access


1. Create a folder for share purpose
    mkdir sharedrive

2.Give full access to that folder
   chmod 777 sharedrive

3.Edit smb conf file
 vi /etc/samba/smb.conf

[global]
# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = WORKGROUP
                                                                               
# server string is the equivalent of the NT Description
   server string = Samba Server
                                                                            
map to guest = bad user
                                                                              
encrypt passwords = yes
lanman auth = Yes
                                                                               
[Guest Share]
       comment = Guest access share
       path = /sharedrive
       guest ok = yes
       writeable = yes
       create mask = 777

4.Test smb.conf file
 testparm

5.Restart the service
service smb restart

6.chkconfig smb on

Thursday, 5 July 2012

Setting Hostname(Computer Name) in Linux (RedHat)

Edit the following files with vi


1.
           /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1    localhost.localdomain localhost
192.168.0.20    sohail.bom.labs.net

2.

          /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=sohail.bom.labs.net

Wednesday, 4 July 2012

Configure ipaddress in linux

1.edit the file with vi

vi/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.20
NETMASK=255.255.255.0
GATEWAY=192.168.0.1


2.To put Dns Server ip address
vi /etc/resolv.conf
nameserver=192.168.0.10

3.restart the network service
service network restart

Friday, 22 June 2012

Lock User Accounts After Too Many Login Failures

Add the following two lines highlighted in blue to the /etc/pam.d/system-auth file as shown below:
 
auth        required      /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_tally.so
                           onerr=fail no_magic_root
auth sufficient /lib/security/$ISA/pam_unix.so likeauth
                           nullok
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_tally.so 
                           per_user deny=5 no_magic_root reset
account sufficient /lib/security/$ISA/pam_succeed_if.so uid
                           < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
                           use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so


The first added line counts failed login and failed su attempts for each user. 
The default location for attempted accesses is recorded in /var/log/faillog.

Sunday, 6 May 2012

VSFTPD - limit the number of simultaneous connections for a single IP address

By default VSFTPD allows unlimited connection from the same client IP address.

1: Open vsftpd.conf file

Use text editor such as vi to edit /etc/vsftpd.conf or /etc/vsftpd/vsftpd.conf file:
# vi vsftpd.conf

2: Setup limitation

Set up the max_per_ip=4 (this will limit simultaneous connection to 4 number only)
max_per_ip=4

3: Restart vsftpd

# /etc/init.d/vsftpd restart 

Saturday, 5 May 2012

Get Hostname from IP address

To get the hostname from the IP address.
The simplest way is to use the “host” utility provided by Gnu/Linux. Just run…

poison:~ # host 64.233.187.99
99.187.233.64.in-addr.arpa domain name pointer jc-in-f99.google.com.
poison:~ #


This will query the name server and provide you with the hostname of the IP address.By default it will query the nameserver listed in the /etc/resolv.conf file.

Friday, 4 May 2012

Quick configuration of NFS

NFS Consists of the following:

/etc/exports –> /etc/exports contains all the NFS shares

/usr/sbin/exportfs -r
#exportfs -r is used to synchronize nfsd in memory with the /etc/exports file
#Use exportfs -v to see which shares nfsd is currently exporting

/etc/rc.d/init.d/nfslock - which has 2 parts
/sbin/rpc.lockd
/sbin/rpc.statd

/etc/rc.d/init.d/nfs - which has 3 parts
/usr/sbin/rpc.rquotad
/usr/sbin/rpc.mountd
/usr/sbin/rpc.nfsd

At bare minimum you need to have portmap (or portmapper), mountd (or rpc.mountd), and nfsd (or rpc.nfsd) running; otherwise NFS isn’t running.

#Sample nfs /etc/exports file:
/home/ftp/pub (ro,insecure,all_squash)
/home/ftp/pub adminsvr(rw,insecure,all_squash)

#Above we have two entries, one for everyone, and one
for the adminsvr machine.

Thursday, 3 May 2012

How To disable telnet service

Login as root to your server:

Edit /etc/xinetd.d/telnet
# vi /etc/xinetd.d/telnet

Search for: "disable = no"
Change it to: disable = yes

Save and Exit

Restart xinted
# /etc/rc.d/init.d/xinetd restart

Wednesday, 2 May 2012

How to disable CTRL-ALT-DEL from rebooting a Linux system

The action taken for CTRL-ALT-DEL is defined in /etc/inittab and if we will look in that file we will see a line similar to the one from bellow :
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

If we want to disable this action we only have to change this line. 
We can delete it, comment it, or even replace it with something like:
 
ca:12345:ctrlaltdel:/bin/echo "CTRL-ALT-DEL is disabled"

After making any changes to the inittab file, 
you will have to tell init to reload it, in order to activate the changes. 
To do that, simply run as root:
init q

Tuesday, 1 May 2012

Allow normal user to mount cdrom

By default, this device is not accessible by all of your users. To allow users to mount the CDROM drive, login as root and execute the following command

# chmod a+r /dev/cdrom

This will allow any user on your Linux system to mount the CDROM drive from their console or desktop.

Sunday, 6 March 2011

Install Vmware tools in Linux

1.Mount Vmware Tools to cdrom

2.Copy it to Home directory
   cp /mnt/cdrom/VMwareTools-8.8.2-590212.tar.gz /

3.Untar
    tar zxf VMwareTools-8.8.2-590212.tar.gz

4.change to the unzipped directory
   cd vmware-tools-distrib/

5.Install
   ./vmware-install.pl                 

Wednesday, 2 March 2011

Shutdown or Restart redhat Linux

1.For Shutdown
          poweroff

2.For Restart
          reboot

       

Tuesday, 1 March 2011

Configure Dhcp Server with Red Hat Linux

1. Configure /etc/dhcpd.conf -
                  Does not exist by default
          Copy sample from the DHCP documentation.[ i.e Do this : # cp dhcpd.conf.sample /etc/dhcpd.conf ]
                  Delete everyting in it and keep this much


 Now your new /etc/dhcpd.conf should look like this :
  vi /etc/dhcpd.conf
   ================
   ddns-update-style interim;
   ignore client-updates;
   
    subnet 192.168.0.0 netmask 255.255.255.0
    {
   
      # The range of IP addrs the server will issue to DHCP enabled PC clients
      # booting up on the network
   
        range 192.168.0.100 192.168.0.120;   

      # Set the amount of time in seconds that a client may keep the IP address
     
    default-lease-time 21600;
    max-lease-time 43200;

      # Set the default Gateway to be used by the PC clients
      # This put the word --> GATEWAY=192.168.0.1 in ../ifcfg-eth0

        option routers 192.168.0.1;

      # Don't forward DHCP requests from this NIC interface to any other NIC
      # interfaces
      # Put this on if you have multiple NICs

        option ip-forwarding off;

      # Set the broadcast address and subnet mask to be used by the DHCP clients

        option broadcast-address 192.168.0.255;
    option subnet-mask 255.255.255.0;

      # Set the DNS server to be used by the DHCP clients
      # This puts the word --> nameserver=192.168.0.100 in /etc/resolv.conf

        option domain-name-servers 192.168.0.100;

      # If you specify a WINS server for your Windows clients, include this :
 
        option netbios-name-servers 192.168.1.100;

      # You can also assign specific IP addresses based on the clients'
      # ethernet MAC address as follows (Host's name is "laser-printer")
       
    host laser-printer
    {
      hardware ethernet 08:00:2b:4c:59:23;
      fixed-address 192.168.0.222;
    }
    }

2. touch /var/lib/dhcp/dhcpd.leases   or else DHCP server will NEVER start
                                      and not required from RH7.2 onwards  bcos it already exists

3. service dhcpd start

4.set dhcpd for auto run
       chkconfig --list dhcpd
      dhcpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off

      chkconfig dhcpd on
     dhcpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off


 Testing :-------

 dhcpd -f  - whether DHCP server is up and running
 dhcpd -T  - if dhcpd.leases is OK
 dhcpd -t  - if dhcpd.conf syntax is OK

See man dhcp-options

  Client ------

1. /etc/sysconfig/network-scripts/ifcfg-eth0    Change static to dhcp
    or
    use netconfig

2. reboot or service network restart or even better "ifdown/ifup eth0"

What all can a DHCP server provide Clients ?

1. IP                  - range
2. netmask             - option subnet-mask
3. BC                  -  boot Client
4. nameserver          - 'option domain-name-servers'
5. domain              - 'option domain-name'
6. NIS domain          - 'option nis-domain-name'
6. MAC addr-based IP   - 'hardware ethernet' and 'fixed-address'
7. default lease time  - 'default-lease-time'
8. max lease time      - 'max-lease-time'
9  gateway             - 'option routers'
   For netbios/Samba      option netbios-node-type 2
                          option netbios-name-server