Tuesday, 21 June 2016

How to install OpenLDAP Server/Client and Configure on RHEL 6 Centos 6


Step 1. Install OpenLDAP packages via YUM 
#yum install openldap*

Step 2. Now generate a encrypted password for Administrator User That is "Manager"
#slappasswd 
New password: redhat
Re-enter new password: redhat
{SSHA}dXK/BmC+DrrbwvAWYaPvA5omy6EqvUnX

The above command will generate the password something like 
"{SSHA}dXK/BmC+DrrbwvAWYaPvA5omy6EqvUnX

NOTE: You need to copy above generated password

Step 4. Now Configure OpenLDAP Server, so edit the following file:
#vim /etc/openldap/slapd.d/"cn=config"/"olcDatabase={2}bdb.ldif"

Inside this file do the following changes:
olcSuffix: dc=example,dc=com

olcRootDN: cn=Manager,dc=example,dc=com

Inside this file create the following lines:
olcRootPW: <PASTE YOUR ENCRYPTED PASSWORD HERE>
olcTLSCertificateFile: /etc/pki/tls/certs/example.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem


:wq (save and exit) 


Step 5. Now specify the Monitoring privileges 
#vim /etc/openldap/slapd.d/"cn=config"/"olcDatabase={1}monitor.ldif"

Inside this file search the following "cn=manager,dc=my-domain,dc=com" 
and change this into "cn=Manager,dc=example,dc=com"


:wq (save and exit)

Step 6. Now copy the sample database file 
#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

You need to change owner and group ownership of this Database
#chown -R ldap:ldap /var/lib/ldap/

Now update the database
#updatedb 


Step 7.  Configure OpenLDAP to listen on SSL/TLS 
#vim /etc/sysconfig/ldap 

SLAPD_LDAPS=yes #(default is no)

:wq (save and exit)


Step 8. Now you need to create a certificate for OpenLDAP Server. you can configure CA Server or something else, But in this example, I am creating a self sign certificate. 

# openssl req -new -x509 -nodes -out /etc/pki/tls/certs/example.pem -keyout /etc/pki/tls/certs/examplekey.pem -days 365

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:New Delhi
Organization Name (eg, company) [Default Company Ltd]:Example, Inc.
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:ldap.example.com
Email Address []:root@ldap.example.com

Step 9. You need to change owner and group ownership of certificate and keyfile
#chown -Rf root:ldap /etc/pki/tls/certs/example.pem 
#chown -Rf root:ldap /etc/pki/tls/certs/examplekey.pem

You can also check, owner and group ownership changed or not
# ls -l /etc/pki/tls/certs/example*


Step 10. Start/Restart the service of OpenLDAP
# service slapd restart
#chkconfig slapd on

Step 11. Now you need to create base objects in OpenLDAP. 

NOTE: base objects means you have to create dn: for domain name, for OUs, so to creating dn:, you have to defining objectclass. 

there are two ways, (1). you can create it manually (2). you can use migration tools. In this example I am using migration tools. 

#yum install migrationtools 

# cd /usr/share/migrationtools/
# ls

You will see lot of files and scripts here. So you need to change some predefined values according to your domain name, for that do the following:

# vim migrate_common.ph

on the Line Number 61, change "ou=Groups" 
  $NAMINGCONTEXT{'group'}             = "ou=Groups";

 on the Line Number 71, change your domain name 
 $DEFAULT_MAIL_DOMAIN = "example.com";

on the line number 74, change your base name 
$DEFAULT_BASE = "dc=example,dc=com";

on the line number 90, change schema value
$EXTENDED_SCHEMA = 1;

:wq (save and exit)


Now generate a base.ldif file for your Domain, use the following:
#./migrate_base.pl > /root/base.ldif

If you want to migrate your local users and groups on LDAP do the following:
first I am creating 5 local users and groups and then I will migrate to LDAP. 

#mkdir /home/guests
#useradd -d /home/guests/ldapuser1 ldapuser1
#useradd -d /home/guests/ldapuser2 ldapuser2
#useradd -d /home/guests/ldapuser3 ldapuser3
#useradd -d /home/guests/ldapuser4 ldapuser4
#useradd -d /home/guests/ldapuser5 ldapuser5

Now assign the password 
#passwd ldapuser1
#passwd ldapuser2
#passwd ldapuser3
#passwd ldapuser4
#passwd ldapuser5

Now you need to filter out these users from /etc/passwd to another file:
#getent passwd | tail -n 5 > /root/users

Now you need to filter out password information from /etc/shadow to another file:
# getent shadow | tail -n 5 > /root/passwords

Now you need to filter out user groups from /etc/group to another file:
# getent group | tail -n 5 > /root/groups

Now you have to generate ldif file of these filtered out files of users, passwords, and groups

So Open the following file to change the location of password file
# vim migrate_passwd.pl 

Inside this file search /etc/shadow and change it to /root/passwords and then save and exit

NOTE: "/etc/shadow" will be available approx the line number of 188. 

Now generate a ldif file for users 
# ./migrate_passwd.pl /root/users > /root/users.ldif

Now Generate a ldif file for groups 
# ./migrate_group.pl /root/groups > /root/groups.ldif

Step 12. Now it' time to upload these ldif file to LDAP Server 

#ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /root/base.ldif 

# ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /root/users.ldif

# ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /root/groups.ldif 

NOTE: It will as a password of "Manager", you have to type the password which you generated in encrypted format. 

Now you can use "ldapsearch" command 

# ldapsearch -x -b "dc=example,dc=com"

Step 13. Now you need to share LDAP Users Home Directories via NFS they can mount the home directory on client machine. 

#vim /etc/exports 

/home/guests    192.168.48.0/255.255.255.0(rw,sync)

:wq (save and exit)

# service nfs restart 
# chkconfig nfs on
# service iptables stop 
# chkconfig iptables off


Step 14. Now you need to copy your LDAP Server certificate in to /var/ftp/pub/. 
# cp -rvf /etc/pki/tls/certs/example.pem /var/ftp/pub/
# ln -s /var/ftp/pub/ /var/www/html/
# service vsftpd restart
# chkconfig vsftpd on
# service httpd restart 
# chkconfig httpd on

Now go to the Client Machine and configure it to use LDAP Server. 

# authconfig-gtk 

Click on "Identity & Authentication" Tab 
Click on drop down menu in "User Account Database" and Select "LDAP"
in LDAP Search Base DN: dc=example,dc=com
in LDAP Server: ldap://ldap.example.com
Select the check Box of "Use TLS to encrypt connections
Click "Download CA Certificate
In Certificate URL: type http://ldap.example.com/pub/example.pem
Click "OK"

# getent passwd ldapuser1

Now Configure your client machine to access the home directory as well 
# vim /etc/auto.master

create the following New Line 
/home/guests    /etc/auto.guests

:wq (save and exit)

# vim /etc/auto.guests
*       -rw     ldap.example.com:/home/guests/&

# service autofs reload

#su - ldapuser1

Friday, 17 June 2016

can't boot windows 8 after installing centos 7

The "/etc/grub2.cfg" is not updated even if it's detecting the windows partition at the terminal.

run the below command

#grub2-mkconfig

check the section "### BEGIN /etc/grub.d/30_os-prober ###", and copied the menu entry from there in the terminal

add the menu entry to the grub2 config file "/etc/grub2.cfg" in the same section "### BEGIN /etc/grub.d/30_os-prober ###"

finally, boot to the windows os

If got a warning of my /boot partition is almost full

Remove the old kernels safely if you have.

Do the following to keep just the last 2 kernels on your system, to keep /boot clean

1 - Edit /etc/yum.conf and set the following parameter

#vim /etc/yum.conf


installonly_limit=2

This will make your package manager keep just the 2 last kernels on your system(including the one that is running)

2 - Install yum-utils:

#yum install yum-utils

3- Make an oldkernel cleanup:

#package-cleanup --oldkernels --count=1

If you have more than one increase the count in above command.




Done. This will erase in a good fashion the old kernels.

Tuesday, 14 June 2016

How to Install And Configure PXE Server And Client On CentOS 6.5


About PXE Server

PXE Server, stands for preboot execution environment, is used to enable a network computer to boot only from a network interface card.

This method will be very helpful, if a System Administrator wants to install many systems which doesn’t have a CD/DVD device on the network.

PXE environment needs a DHCP server that distributes the IP addresses to the client systems, and a TFTP server that downloads the installation files to the PXE clients.

DHCP is used to find PXE servers and TFTP is used to download files to PXE client. These files are then stored into the client computer RAM memory and executed. PXE protocol client then boots independently of hard disks or operating systems.

PXE server will run on the same server as DHCP server.
You don’t need any CD/DVD or USB bootable drives to install client systems. Just, copy the ISO images on the PXE server and start installing your Linux clients via network using PXE server.

Requirements :-

DHCP Server
tftp-server
Syslinux
http
SELinux disabled on PXE server.
IP tables stopped on PXE server.
Network Card with PXE Option ROM (client). Client computers support booting over the network. You should check each computer's BIOS for this option.
You must a assign a static IP address to your DHCP server’s network interface card.
Install and Configure PXE Server!

1. Install the following packages for setting up PXE environment.
Install All Necessary Packages using yum :-
# yum install httpd xinetd syslinux tftp-server -y

2. Configure PXE Server

    Stop the firewall service.

    # service iptables stop

    Disable Selinux.
   
    # vim /etc/sysconfig/selinux

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted   
   
    Now a reboot is required for selinux settings to  take effect.
   
    # reboot

    Copy the following TFTP configuration files to the /var/lib/tftpboot/ directory.
   

    # cd /usr/share/syslinux/
    # cp pxelinux.0 menu.c32 memdisk mboot.c32 chain.c32 /var/lib/tftpboot/
    # ll /var/lib/tftpboot/


    Edit file /etc/xinetd.d/tftp

    # vim /etc/xinetd.d/tftp
   
    Enable TFTP server. To d0 this, change “disable=yes” to “no”.
   

    # default: off
    # description: The tftp server serves files using the trivial file transfer
    # protocol.  The tftp protocol is often used to boot diskless
    # workstations, download configuration files to network-aware printers,
    # and to start the installation process for some operating systems.
    service tftp
    {
             socket_type             = dgram
             protocol                   = udp
             wait                         = yes
             user                         = root
             server                      = /usr/sbin/in.tftpd
             server_args             = -s /var/lib/tftpboot
               isable                   = no
             per_source             = 11
             cps                         = 100 2
            flags                        = IPv4

    Next, create a directory to store CentOS installation ISO image. and mount the image to that     directory as shown below. I have CentOS 6.5 64bit ISO image on my /opt/mnt/Centos     directory.

    # mkdir /var/lib/tftpboot/Centos6_x86_64
    # ll /var/lib/tftpboot/Centos6_x86_64
    # mount -o loop /opt/CENTOS/CentOS-6.5-x86_64-bin-DVD1.iso /var/lib/tftpboot/Centos6_x86_64/
  
 # ll /var/lib/tftpboot/Centos6_x86_64/
    total 682
    -r--r--r-- 2 root root     14 Nov 29  2013 CentOS_BuildTag
    dr-xr-xr-x 3 root root   2048 Nov 29  2013 EFI
    -r--r--r-- 2 root root    212 Nov 28  2013 EULA
    -r--r--r-- 2 root root  18009 Nov 28  2013 GPL
    dr-xr-xr-x 3 root root   2048 Nov 29  2013 images
    dr-xr-xr-x 2 root root   2048 Nov 29  2013 isolinux
    dr-xr-xr-x 2 root root 655360 Nov 29  2013 Packages
    -r--r--r-- 2 root root   1354 Nov 28  2013 RELEASE-NOTES-en-US.html
    dr-xr-xr-x 2 root root   4096 Nov 29  2013 repodata
    -r--r--r-- 2 root root   1706 Nov 28  2013 RPM-GPG-KEY-CentOS-6
    -r--r--r-- 2 root root   1730 Nov 28  2013 RPM-GPG-KEY-CentOS-Debug-6
    -r--r--r-- 2 root root   1730 Nov 28  2013 RPM-GPG-KEY-CentOS-Security-6
    -r--r--r-- 2 root root   1734 Nov 28  2013 RPM-GPG-KEY-CentOS-Testing-6
    -r--r--r-- 1 root root   3380 Nov 29  2013 TRANS.TB

    Now, Create a apache configuration file for PXE server under /etc/httpd/conf.d/ directory:
   
    # vim /etc/httpd/conf.d/pxeboot.conf
    Add the following lines:

    Alias /Centos6_x86_64 /var/lib/tftpboot/Centos6_x86_64
    <Directory /var/lib/tftpboot/Centos6_x86_64>
    Options Indexes FollowSymLinks
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1 192.168.1.0/24
    </Directory>
   
    Save and close the file.

     Restart the httpd services

    # service httpd restart
    Stopping httpd:                                          [  OK  ]
    Starting httpd:                                            [  OK  ]

    Then, create a configuration directory for PXE server:
   
    # mkdir /var/lib/tftpboot/pxelinux.cfg

    Create a PXE server configuration file"default" under "/var/lib/tftpboot/pxelinux.cfg" and add     the below entry

    # vim /var/lib/tftpboot/pxelinux.cfg/default
   
    default menu.c32
    prompt 0
    timeout 300
    ONTIMEOUT local
    menu title ########## PXE Boot Menu ##########
    label 1
    menu label ^1) Install CentOS 6 x86_64 Edition
    kernel Centos6_x86_64/images/pxeboot/vmlinuz
    append initrd=centos6_x86_64/images/pxeboot/initrd.img             method=http://192.168.1.34/      Centos6_x86_64 devfs=nomount
    label 2
    menu label ^2) Boot from local drive localboot


     KERNEL - defines the location from where the PXELINUX bootloader will load.
     APPEND - defines the location for PXE initrd image file to load.

    Restart the relevant services.
   
    # service xinetd restart
    Stopping xinetd:                                           [  OK  ]
    Starting xinetd:                                           [  OK  ]

3. Now Install and Configure DHCP Server.
   
DHCP stands for Dynamic Host Configuration Protocol. DHCP is a standardized network     protocol used on Internet Protocol networks for dynamically distributing network configuration     parameters, such as IP addresses for interfaces and services. DHCP Server can be any server     (Linux or Windows) that is used to distribute IP addresses automatically to the clients in the     network. Since, DHCP Server assigns IP addresses automatically to all systems, a system or     Network administrator need not to assign IP addresses manually to every single machine in the     network. DHCP is opt for system or Network administrator who is managing thousands of     systems.

    A note of warning: Do not use two or more DHCP servers at the same time in your network.         The client systems might not be able to get IP addresses from the multiple DHCP servers and it     leads to IP address conflict issue. If your Router or Switch has DHCP feature enabled by     default, you need to turn it off too.
   
    You should Install and configure DHCP server on your PXE server. To install and configure     DHCP server, refer the following steps :-

    # yum install dhcp
  
 In CentOS 6.x systems, we have to assign which interface you want your DHCP server to run     on in /etc/sysconfig/dhcpd file. In my case, I have only one Interface on my system (eth0), so I     assigned eth0.
    Edit file /etc/sysconfig/dhcpd

    # vim /etc/sysconfig/dhcpd

    Assign the network interface:   
    DHCPDARGS=eth0

    Save and close the file.

    Now, edit dhcpd.conf file,

    # vim /etc/dhcp/dhcpd.conf

    Make the changes as shown below.
    option domain-name "aetpl.org";
    option domain-name-servers secondary.aetpl.org;
    default-lease-time 600;
    max-lease-time 7200;
    authoritative;
    subnet 192.168.1.0 netmask 255.255.255.0 {
    range dynamic-bootp 192.168.1.20 192.168.1.25;
    option broadcast-address 192.168.1.255;
    option routers 192.168.1.1;

      allow booting;
           allow bootp;
            next-server 192.168.1.34;
       filename "pxelinux.0";
    }

    Save and close the file.

{ Note :-
Set the domain name to aetpl.org and domain-name servers to secondary.aetpl.org.
If this DHCP server is the official DHCP server for the local network, add the following line: authoritative;
Define the sunbet, range of ip addresses, domain and domain name servers as shown :
    subnet 192.168.1.0 netmask 255.255.255.0 {
    range dynamic-bootp 192.168.1.20 192.168.1.25;
    option broadcast-address 192.168.1.255;
    option routers 192.168.1.1;
      allow booting;
           allow bootp;
    This declaration allows BOOTP clients to get dynamic addresses.
If you want to assign a fixed IP address to your client, you should enter it’s MAC id and the IP address in the following directive. For example, I want to assign a fixed IP address 192.168.1.15 to my centos client, hence I modified the following directive as shown below.
    [...]
    host centos-client {
     hardware ethernet 00:22:64:4f:e9:3a;
     fixed-address 192.168.1.15;
    }
    [...]


In your dhcp server make sure you add these lines.
    next-server 192.168.1.34;
       filename "pxelinux.0";
    as these define the address of your tftp server and the file to look for after getting the IP Address     from dhcp server.

    Now, restart the dhcp server.
   
    # service dhcpd start
    Starting dhcpd:                                            [  OK  ]

4. Restart all the services to complete the configuration.
    # service xinetd restart
    # service httpd restart
    # service dhcpd restart

    Make sure the services start after reboot
    # chkconfig httpd on
    # chkconfig xinetd on
    # chkconfig dhcpd on

5. PXE Client Configuration
The client may be any system that has network boot enabled option (PXE boot). You can enable this option in your Bios settings.Boot a machine and select the option of Network Boot from Bios. You should see Pxe Menu screen.


CentOS6.5: yum Error: rpmdb open failed

“yum update” took much time when processing “running transaction”, so I killed the process. After that I saw the following errors when issuing yum update.

 # yum update -y

rpmdb: Thread/process 21307/140433616029440 failed: Thread died in Berkeley DB library

error: db3 error(-30974) from dbenv->failchk: DB_RUNRECOVERY: Fatal error, run database recovery

error: cannot open Packages index using db3 -  (-30974)

error: cannot open Packages database in /var/lib/rpm

CRITICAL:yum.main:


Error: rpmdb open failed


You could solve this by removing __db.* files under /var/lib/rpm directory.

# ls /var/lib/rpm/

Basenames     __db.002  Dirnames     Installtid    Packages        Pubkeys         Sha1header

Conflictname  __db.003  Filedigests  Name          Providename     Requirename     Sigmd5

__db.001      __db.004  Group        Obsoletename  Provideversion  Requireversion  Triggername


remove __db.* files

# rm /var/lib/rpm/__db.00*


get it fixed.

# yum update –y

Loaded plugins: fastestmirror, refresh-packagekit, security

Loading mirror speeds from cached hostfile

Wednesday, 1 June 2016

How to view password of wireless(Wi-fi) in D-link router

Select the password, Right click on it -> Inspect Element -> Double Click the type="password" -> Change the value "password" with "text" i.e., type="text" and click anywhere. Hooray! You can now view the password!