Monday, September 10, 2012

NTP on RHEL


The NTP is used to synchronize a pc’s time with a reference time source. Under CentOS / RHEL you can use NTP or OpenNTPD server software. Both package provides client and server software programs for time synchronization.
Install NTP on RHEL

 To install the ntp, just enter this command at the terminal:

 [root@server ~]$  yum install ntp

 To make the ntpd start at boot time, use this commands:

 [root@server ~]$  chkconfig ntpd on

 Set your own time zone

 After installation, edit the default ntp configuration:

 [root@server ~]$  nano /etc/ntp.conf

 Commented out/remove the default CentOS servers,you can add your own time-servers here to synchronize with, lists:

 http://www.pool.ntp.org/en/
http://www.pool.ntp.org/zone/europe or
http://www.pool.ntp.org/zone/north-america

 Default NTP time-servers

 # Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org

 This is a really good idea which uses round-robin DNS to return an NTP server from a pool, spreading the load between several different servers. Even better, they have pools for different regions – for instance, if you are in India, you can use

 server 0.in.pool.ntp.org
server 1.in.pool.ntp.org
server 2.in.pool.ntp.org
server 3.in.pool.ntp.org

 instead of use default one.

 Adjusting iptables 

 NTP uses UDP port 123 to conduct its business, either connecting out to another NTP server or accepting incoming connections. If you have iptables filtering incoming traffic on the main NTP server in your cluster you’ll need to open port 123 to UDP traffic to allow the other servers to connect to it.

 You can open port 123 for UDP traffic with the following arguments for iptables:

 [root@server ~]# vi /etc/sysconfig/iptables

 Add the following rules

 -I INPUT -p udp –dport 123 -j ACCEPT
-I OUTPUT -p udp –sport 123 -j ACCEPT

 After you are done with the configuration, just start the ntp service:

 [root@server ~]# service ntpd start

 To check if the NTP service is synchronizing:

 [root@server ~]# ntpq -pn

 To check the synchronization log:

 [root@server ~]# tail -f /var/log/messages

 Now compare your time with your systems time

 [root@server ~]# date
Posted by at No comments:

Monday, September 3, 2012

Samba Server Configuration


  

Graphical Configuration

To configure Samba using a graphical interface, use the Samba Server Configuration Tool.The Samba Server Configuration Tool is a graphical interface for managing Samba shares, users, and basic server settings. It modifies the configuration files in the /etc/samba/ directory. Any changes to these files not made using the application are preserved.

To use this application, you must be running the X Window System, have root privileges, and have thesystem-config-samba RPM package installed. To start the Samba Server Configuration Tool from the desktop, go to the System (on the Panel) => Administration => Server Settings => Samba or type the command system-config-samba at a shell prompt (for example, in an XTerm or a GNOME terminal).


Figure: - Samba Server Configuration Tool

The first step in configuring a Samba server is to configure the basic settings for the server and a few security options. After starting the application, select Preferences => Server Settings from the pull-down menu
  
On the Basic tab, specify which workgroup the computer should be in as well as a brief description of the computer. They correspond to the workgroup and server string options in smb.conf.


The Security tab contains the following options:
Authentication Mode — this corresponds to the security option. Select one of the following types of authentication.

ADS — The Samba server acts as a domain member in an Active Directory Domain (ADS) realm. For this option, Kerberos must be installed and configured on the server, and Samba must become a member of the ADS realm using the net utility, which is part of the samba-client package. Refer to the net man page for details. This option does not configure Samba to be an ADS Controller. Specify the realm of the Kerberos server in the Kerberos Realm field.

Domain — The Samba server relies on a Windows NT Primary or Backup Domain Controller to verify the user. The server passes the username and password to the Controller and waits for it to return. Specify the NetBIOS name of the Primary or Backup Domain Controller in the Authentication Server field.
The Encrypted Passwords option must be set to Yes if this is selected.

Server — The Samba server tries to verify the username and password combination by passing them to another Samba server. If it cannot, the server tries to verify using the user authentication mode. Specify the NetBIOS name of the other Samba server in the Authentication Server field.
Share — Samba users do not have to enter a username and password combination on a per Samba server basis. They are not prompted for a username and password until they try to connect to a specific shared directory from a Samba server.

User — (Default) Samba users must provide a valid username and password on a per Samba server basis. Select this option if you want the Windows Username option to work.

Encrypt Passwords — This option must be enabled if the clients are connecting from a system with Windows 98, Windows NT 4.0 with Service Pack 3, or other more recent versions of Microsoft Windows. The passwords are transferred between the server and the client in an encrypted format instead of as a plain-text word that can be intercepted.

Guest Account — when users or guest users log into a Samba server, they must be mapped to a valid user on the server. Select one of the existing usernames on the system to be the guest Samba account. When guests log in to the Samba server, they have the same privileges as this user. This corresponds to the guest account option.

After clicking OK, the changes are written to the configuration file and the daemon is restarted; thus, the changes take effect immediately. The Samba Server Configuration Tool requires that an existing user account be active on the system acting as the Samba server before a Samba user can be added. The Samba user is associated with the existing user account.


Figure :- Managing Samba Users
To add a Samba user, select Preferences => Samba Users from the pull-down menu, and click the Add User button. In the Create New Samba User window select a Unix Username from the list of existing users on the local system.

If the user has a different username on a Windows machine and needs to log into the Samba server from the Windows machine, specify that Windows username in the Windows Username field. The Authentication Mode on the Security tab of the Server Settings preferences must be set to User for this option to work. Also, configure a Samba Password for the Samba User and confirm it by typing it again. Even if you opt to use encrypted passwords for Samba, it is recommended that the Samba passwords for all users are different from their system passwords.

To edit an existing user, select the user from the list, and click Edit User. To delete an existing Samba user, select the user, and click the Delete User button. Deleting a Samba user does not delete the associated system user account.
The users are modified immediately after clicking the OK button.

To create a Samba share, click the Add button from the main Samba configuration window.


The Basic tab configures the following options:
Directory — The directory to share via Samba. The directory must exist before it can be entered here.

Share name — the actual name of the share that is seen from remote machines. By default, it is the same value as Directory, but can be configured.

Descriptions — A brief description of the share.

Writable — Enables users to read and write to the shared directory

Visible — Grants read-only rights to users for the shared directory. On the Access tab, select whether to allow only specified users to access the share or whether to allow all Samba users to access the share. If you select to allow access to specific users, select the users from the list of available Samba users.
The share is added immediately after clicking OK.


Command Line Configuration

Samba uses /etc/samba/smb.conf as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the command service smb restart.
To specify the Windows workgroup and a brief description of the Samba server, edit the following lines in your smb.conf file:

workgroup = WORKGROUPNAME
server string = BRIEF COMMENT ABOUT SERVER

Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong. The BRIEF COMMENT ABOUT SERVER is optional and is used as the Windows comment about the Samba system.

To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):

[sharename]
comment = Insert a comment here
path = /home/share/
valid users = bob Jon
public = no
writable = yes
printable = no
create mask = 0765

The above example allows the users bob and Jon to read and write to the directory /home/share, on the Samba server, from a Samba client.

  
#yum install samba*

#mkdir /samba

#vim /etc/samba/smb.conf
                workgroup=


copy last 7 lines & paste
                [samba]
                path=/samba
                browsable=yes
                read list=bob Jon
                hosts allow= .example.com/192.168.0.

:wq!
#testparm…….( Output of this command will give like below image)


#smbpasswd -a bob

#/etc/init.d/smb restart

#chkconfig smb on

#chcon -R -t samba_share_t /samba

#getsebool -a |grep samba

#setsebool -P samba_enable_home_dirs 1

#smbclient //192.168.0.45/samba -U


Connecting from a Windows PC to the Samba Server



We need to enter the samba user name & password as shows in above image.After this we can see all the shared folder on Samba Server.




Posted by at 1 comment:

Sunday, September 2, 2012


rhel-installation on vmware 



Posted by at No comments:

Wednesday, August 29, 2012

How to Configure DHCP Server


Configure DHCP Server
  • Subnet and netmask should be 192.168.0.0 255.255.255.0
  • Gateway Should be 192.168.0.254
  • DNS Sever Should be 192.168.0.254
  • Domain Name should be example.com
  • Range from 192.168.0.10-50

Configure dhcp server

In this example we will configure a dhcp server and will lease ip address to clients.
For this example we are using three systems one linux server one linux clients and one window clients.
dhcp rpm is required to configure dhcp server. check it if not found then install
rpm
Now check dhcpd service in system service it should be on
#setup
Select  System service
from list [*]dhcpd

To assign IP to dhcp server

DHCP server have a static a ip address. First configure the ip address 192.168.0.254 with netmask of 255.255.255.0 on server.
Run setup command form root user
 #setup
setup
this will launch a new window select network configuration
network configurations
now a new window will show you all available LAN card select your LAN card ( if you don't see any LAN card here mean you don't have install driver)
select lan devices in setup
assign IP in this box and click ok
assign ip address
click on ok, quit and again quit to come back on root prompt.
restart the network service so new ip address can take place on LAN card
 #service network restart
main configuration file of dhcp server is dhcpd.conf. This file located on /etc directory. If this file is not present there or you have corrupted this file, then copy new file first, if ask for overwrite press y
cp dhcpd sample file
now open /etc/dhcpd.conf
vi dhcpd
default entry in this file look like this 
dhcpd.conf
make these change in this file to configure dhcp server
remove this line # - - - default gateway
set option routers to 192.168.0.254
set option subnet-mask to 255.255.255.0
option nis domain to example.com
option domain-name to example.com
option domain-name-servers to 192.168.0.254
range dynamic-bootp to 192.168.0.10 192.168.0.50;
After change this file should look like this 
dhcpd.conf

excluding the above setting remaining all lines make it comment 

Linux Client configuration

Client configuration is very easy and straightforward. All you need to do is set ip address to dynamic in the properties of lan card. In linux
#setup
select  network configuration from menu list
Select  lan card and enter on ok
Select  USE DHCP and enter on ok
Now click on  quit
and  quit to come back on root prompt
Now restart the network service to obtain ip from dhcp server
service network restart

Window Client configuration

To configure windows system as dhcp clients open lan card properties and select tcp/ip and click on properties and setobtain ip address automatically
lan card porperties
Go on command prompt and check new ip address 
ipconfig

Check lease on DHCP server

you can check allocated address on server.
cat
cat lease
Posted by at No comments:

Configure nfs server


Configure nfs server

  • A linux server with ip address 192.168.0.254 and hostname Server
  • A linux client with ip address 192.168.0.1 and hostname Client1
  • Updated /etc/hosts file on both linux system
  • Running portmap and xinetd services
  • Firewall should be off on server
We suggest you to review that article before start configuration of nfs server. Once you have completed the necessary steps follow this guide.
Three rpm are required to configure nfs server. nfs, portmap, xinetd check them if not found then install
rpm
Now check nfs, portmap, xinetd service in system service it should be on
#setup
Select  System service
from list
[*]portmap [*]xinetd [*]nfs
Now restart xinetd and portmap service
service restart
To keep on these services after reboot on then via chkconfig command
chkconfig
After reboot verify their status. It must be in running condition
service status
now create a /data directory and grant full permission to it
mkdir
now open /etc/exports file 
vi exports
share data folder for the network of 192.168.0.254/24 with read and write access 
editing in exports
save file with :wq and exit
now restart the nfs service and also on it with chkconfig 
service nfs restart
also restart nfs daemons with expotfs 
exportfs
verify with showmount command that you have successfully shared data folder
showmount

configure client system

ping form nfs server and check the share folder 
showmount
now mount this share folder on mnt mount point. To test this share folder change directory to mnt and create a test file 
mount server directory
After use you should always unmount from mnt mount point
unmount
In this way you can use shared folder. But this share folder will be available till system is up. It will not be available afterreboot. To keep it available after reboot make its entry in fstab
create a mount point, by making a directory 
mkdir
now open /etc/fstab file 
vi fstab
make entry for nfs shared directory and define /temp to mount point
file fstab
Posted by at No comments:

Configure ssh server


Configure ssh server


  • A linux server with ip address 192.168.0.254 and hostname Server
  • A linux client with ip address 192.168.0.1 and hostname Client1
  • Updated /etc/hosts file on both linux system
  • Running portmap and xinetd services
  • Firewall should be off on server
We suggest you to review that article before start configuration of ssh server. Once you have completed the necessary steps follow this guide.
Three rpm are required to configure ssh server. openssh-server, portmap, xinetd check them if not found then install
rpm
Now check sshd, portmap, xinetd service in system service it should be on
 #setup
 Select  System service from list
 [*]portmap
 [*]xinetd
 [*]sshd
Now restart xinetd and portmap and sshd service
service restart
ssh restart
To keep on these services after reboot on then via chkconfig command
chkconfig
After reboot verify their status. It must be in running condition
service status
Create a normal user named bob

On Linux client

ping from ssh server and run ssh command and give root password
root login
By default ssh command will enable root session. If you want to login from normal user then specify his name with -l options.
ssh 192.168.0.254 -l bob
Posted by at No comments:

Tuesday, August 28, 2012

How to setup Telnet server in RHEL

For this example we are using three systems one linux server one linux clients and one window clients. To complete these per quest of telnet server
    •  linux server with ip address 192.168.0.254 and hostname Server
    • A linux client with ip address 192.168.0.1 and hostname Client1
    • A windows xp system with ip address 192.168.0.2 and hostname Client2
    • Updated /etc/hosts file on both linux system
    • Running portmap and xinetd services
    • Firewall should be off on server
Four rpm are required to configure telnet server. telnet, telnet-server, portmap, xinetd check them if not found then install

rpm

Now check telnet, portmap, xinetd service in system service it should be on
 #setup
Select  System service from list
[*]portmap
[*]xinetd
[*]telnet 
Now restart xinetd and portmap service

service restart
To keep on these services after reboot on then via chkconfig command
chkconfig
After reboot verify their status. It must be in running condition
service status
Create a normal user named user1

On Linux client

ping from telnet server and run telnet command and give user name and password






On Window client

ping from telnet server and run telnet command
telnet
Give user name and password







How to enable root login from telnet server

On linux server open file securetty
securetty
In the end of file add pts/0 to enable one telnet session for root. if you need to open more telnet session for root and add morepts/1 pts/2 and so on.
editing in securetty
Now restart xinetd and portmap service
service restart




Verfiy from window by login from root
root login telnet

Posted by at No comments:
Subscribe to: Posts (Atom)