All Database Backup and Restore

           To backup all  of your MySQL databases, you’ll need to use  mysqldump which comes  with mysql. If you have MySQL installed, you probably have mysqldump installed already.

To backup all databases use the following command:

 mysqldump -uroot -ppassword --all-databases > BackupDB.sql
 or
mysqldump -uroot -p --all-databases > BackupDB.sql

To restore all database use the following command:

mysql -u root -p < BackupDB.sql

Troubleshooting:

ERROR 1556 (HY000) at line 75485: You can't use locks with log tables.

Solution :

You may need to disable “--lock-tables” option on your dump statement ie –lock-tables=0 . 

mysqldump -uroot -ppassword --all-databases --lock-tables=0 > BackupDB.sql

Explanation:

   when we use “–lock-tables” option, the current table which is being backed up will be operating on “read only” mode to avoid further write operations during the time. The cached querry which containing “write’ operation will be executed later once after the table dump has been done. 

Basic commands for the Linux vi Editor

Command	Description
i	insert mode, (ESC to exit insert mode) allows text to be entered on the screen
a	Append to right mode
/word	Move to the occurrence of "word"
n	Locate the next occurrence
w	Advance to the next word
e	Advance to the next end of a word
b	Move to the previous word
3b	Move backward 3 words
yy	Copy line (then move cursor and use p to paste after current cursor line)
dd	delete line
3dd	delete 3 lines
D	Delete remainder of a line
dw	Delete word
x	Delete character
o	Open space for new line below the cursor line
O	Open a line above the cursor
CTRL-w	Move back a word in append mode
u	Undo last
U	Undo all changes to current line
.	In command mode, repeat the last text changing the command on the current line
:w newfilename	save the file to newfilename from the command mode
:wq	save and quit
:q!	quit without saving
r	replace then typa a character ot be replaced with r then return to break up a line
J	join 2 lines
s	substitute (sentence) typed text over a character, ESC when done
cw	change word
c	change part of a line from the cursor to the end of the line
cc	substitute new text for aline, ESC when done
h	move the cursor back one space
H	move the cursor to the highest line on the screen
L	move the cursor to the lowest line on the screen
M	position the cursor at the midpoint on the screen
G	last line in the file
0 (zero)	Move the cursor to the beginning of the line it is on
view filename	Open a file for viewing only
set number	Turn on line numbers
set nonumber	Turn off line numbers
Options
autoindent	(ai ctrl-d to move to the left
showmatch	match brackets and parenthesis
tabstop=4
wrapmargine(wm)	when line is wrapped (80-value)
:2 copy 4	Place a copy of line 2 after line 4.
:1,4 copy 7	(lines 1-4)
:n	Access the next file for editing

Change Windows 8 Product Key After Install.

                           Change Windows 8 Product Key After Install.

1. Launch the Start Menu and type in command prompt or cmd so that it shows up on your start menu search list. Right click on the Command Prompt shortcut and select Run As Administrator.
2. At the administrator command prompt, type in "slmgr.vbs -ipk <insert your product key here>"
   
   slmgr.vbs -ipk 00000-00000-00000-00000-00000
3. To activate windows after changing the key, run "slmgr.vbs -ato"

RHCA Exam Questions

 An RHCE certification is earned by a Red HAT Certified System Administrator  who has demonstrated the knowledge, skill, and ability required of a  system administrator responsible for Red Hat Enterprise Linux systems.Find below demo RHCA  Exam questions and answers.


Package Management

QUE 1:- Configure your server to use a separate YUM repository.

Solution: -
# vim /etc/yum.repos.d/server.repo
[Base]
Name=rhcsa
baseurl=ftp ://< server IP add>/pub/<path>
gpgcheck=0
enable=1
# yum clean all
# yum list all

QUE 2:- Build a simple rpm package. Download the redhat-release SRPM from the materials directory in server machine

Solution: - Open a web browser and type URL http://server.example.com/pub/materials and download
Redhat-release package under /root
# yum install rpm-build
# rpm –ivh redhat-release-6-6.0.0.24.el6.src.rpm
# cd /root/rpmbuild
# cd SPECS
# rpmbuild –ba redhat-release.spec (here -ba =build binary & source package)
# cd

Security & Access Management

QUE 3:- How you can use firewall or tcpwrappers as a Security measure.
Note: tcpwrappers used as a Security measure for RHCSA Exam So Firewall wiil be disable

Solution: -
# iptables –F
# chkconfig iptables off
# service iptables save
# service iptables stop
# service iptables status
Note: - Tcpwrappers are measures in “/etc/hosts.allow” and “/etc/hosts.deny”.

QUE 4:- Selinux must be in enforcing mode

Solution: -
# vim /etc/sysconfig/selinux
SELINUX=enforcing
# setenforce 1 (to set selinux mode)
# getenforce (to view selinux mode)
Enforcing
# reboot

Kernel management

QUE 5.1:- Configure the Kernel parameter for forwarding your IP or Enable IP forwarding.

Solution: - # vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl –p

QUE 6.1:- Add the kernel parameter “kernctl=5” to the kernel command line in “/boot/grub/grub.conf”
Or
QUE 6.2:- Pass a kernel boot line argument “sysvctl”, make it permanent & it should be displayed by
“cat /proc/cmdline”.

Solution: - Open a grub.conf file and edit the kernel arguments
# vim /boot/grub/grub.conf
Kernctl=5 Or sysvctl
# reboot
Check the modified kernel arguments using command line
# cat /proc/cmdline
SSH server

QUE 7.1:-Configure SSH Server. Only example.com domain's persons can come in to your machine and
“remote.test” domain's persons cannot for SSH.
Or
QUE 7.2:-Configure SSH access as follows:
1. “Harry” has remote SSH access to your machine from within example.com.
2. Clients within “my133t.org” should NOT have access to ssh on your system.

Solution: - # chkconfig sshd on
# service sshd restart
# vim /etc/hosts.allow
sshd: .example.com
# vim /etc/hosts.deny
sshd: .remote.test Or sshd: .my133t.com
(Note: while using hosts.deny & hosts.allow file wild cards should not be used)

Scheduling Tasks

QUE 8.1:- To Deny cron service for sarsha user and allow cron service for all users
Or
QUE 8.2:- “bertarm” should not set crontab for himself; other users must configure crontab for themselves.

Solution: - Create said user if user does’ not exit
# useradd sarsha or # useradd bertarm
# passwd sarsha or # passwd bertarm
# vim /etc/cron.deny or # vim /etc/cron.deny
Sarsha bertarm
Note: By default all user access cron service

Advance Filesystem Administration

QUE 9.1:- Download iso file from server under “/root” and Mount iso file in “/mnt/virtdisk”
Or
QUE 9.2: “boot.iso” is available in /root directory. Mount it under “/mnt/discimg” directory for permanently.

Solution: -
# yum install wget
# cd /root
# wget http://server.example.com/pub/disk.iso
# mkdir /mnt/virtdisk
# vim /etc/fstab
/root/disk.iso /mnt/virtdisk iso9660 defaults,loop 00
# mount -a
# df -Th

QUE.10.1:- Connecting to Cold Storage SAN that will be configured to access its own dedicated iscsi target,
iscsi target IP is 172.24.48.254, iscsi target iqn.201009.com.example:rdisks.serverX, Partition, format
and mount to “/cold storage”

Solution: - Install iscsi package
# yum install iscsi*
Connect to the target
# iscsiadm -m discovery -t st -p 172.24.48.254
Then display your iscsi target with start iqn
# vim /etc/iscsi/initiatorname.iscsi
InitatorName=iqn.2010-09.com.example:rdisks.serverX
# chkconfig iscsid on
# service iscsid restart
# iscsiadm -m node -T iqn.2010-09.com.example:rdisks.serverX –p 172.24.48.254 –l
# tail /var/log/messages (determine the device name of the iscsi device in the log files)
# fdisk /dev/sda (Create a partition table on the device as required)
# mkfs.ext4 /dev/sda1 (create a file system on partition)
# mkdir /coldstorage (create a mount point for partition)
# blkid /dev/sda1 (determine UUID of partition)
# vim /etc/fstab (create partition mountable on every reboot)
UUID=XXXX-XXXX-XXXX-XXXX /coldstorage ext4, _netdev 00
# mount -a
# df -Th

QUE 10.2:- ISCSI server is available in host.domain60.example.com (172.24.60.250) server for you.
a. Create a 1200 MiB partition.
b. Format it by ext4 filesystem.
c. Copy a file from ftp://rhgls.domain60.example.com/pub/iscsi/iscsi.txt
d. DOT NOT make any modifications to the content of iscsi.txt
e. This partition must be permanently available by “/etc/fstab”.

Solution: - Install iscsi package
# yum install iscsi* wget
Connect to the target
# iscsiadm -m discovery -t st -p 172.24.60.250
Then display your iscsi target with start iqn
# vim /etc/iscsi/initiatorname.iscsi
InitatorName=iqn.2010-09.com.example:rdisks.serverX
# chkconfig iscsid on
# service iscsid restart
# iscsiadm -m node –T iqn.2010-09.com.example:rdisks.serverX –p 172.24.60.250 –l
# tail /var/log/messages (determine the device name of the iscsi device in the log files)
# fdisk /dev/sda (Create a partition table on the device as required)
# mkfs.ext4 /dev/sda1 (create a file system on partition)
# mkdir /coldstorage (create a mount point for partition)
# blkid /dev/sda1 (determine UUID of partition)
# vim /etc/fstab (create partition mountable on every reboot)
UUID=XX-XX-XX-XX /coldstorage ext4, _netdev 00
# mount -a
# df –Th

DNS Server administration

QUE 11:- Configure a caching-only DNS server that forwards requests to the physical host system

Solution: -
# yum install bind
Modify the named configuration file
# vim /etc/named.conf
listen-on port 53 {any ;};
listen-on port 53 {any ;};
allow-query {localhost; 172.24.48.0/24 ;};
forwarders {172.24.48.254 ;};
Dnssec-query no;
# chkconfig named on
# service named restart
Test from the desktop X system (where X is a machine number)
# host serverX.example.com 172.24.48.X (where X is a machine number)

NFS Server Administration

QUE 12.1:- Export your “/common” directory via NFS to the example.com domain only.

Sol:
# mkdir /common
# vim /etc/export
/common *.example.com(ro,sync)
# chcon -R --reference=/var/ftp/pub /common
# exportfs -ra
# chkconfig nfs on
# service nfs restart
# showmount -e x.x.x.x (where as x.x.x.x is IP of nfs server)

QUE 12.2:- Export “/share” directory, allow example.com and deny all. The exported directory must be automatically mounted under “/net/misc/serverX”.

Solution: - # mkdir /share
# vim /etc/exports
/share *.example.com(ro,sync)
# exportfs -ra
# chkconfig nfs on
# service nfs restart
# showmount -e x.x.x.x (Where as x.x.x.x is IP of nfs server)
# vim /etc/auto.master
/net/misc/serverX /etc/auto.misc (Where X is a your machine number)
# vim /etc/auto.misc
Share -ro,sync,intr serverx.example.com:/share
(Where as serverx is nfs server)
# service autofs stop
# service autofs start
# chcon -R --reference=/var/ftp/pub /share (setting Selinux permission)
# cd /net/misc/serverX
# cd share
FTP Server Administration
QUE 13.1:- Configure ftp server. Make access to example.com and deny all.
Or
QUE 13.2:-Configure FTP access on your system:
a. Clients within the example.com domain should have anonymous FTP access.
b. Clients outside example.com should NOT have access to your service.
Solution: -
# yum install vsftpd ftp
# chkconfig vsftpd on
# service vsftpd restart
# vim /etc/hosts.deny
Vsftpd: ALL EXCEPT .example.com
QUE 14:- Set up drop-box for anonymous upload should be enabled on “/var/ftp/upload”, Anonymous
Should connects as wx and allow for only your domain
Solution: - Open a Configuration File and uncomment a line
# vim /etc/vsftpd/vsftpd.conf
anon_upload_enable=YES
anon_mkdir_write_enable=YES
# mkdir /var/ftp/upload
# chgrp ftp /var/ftp/upload
# chmod 730 /var/ftp/upload
# yum install libsemanage*
# yum install libsemanage-python
# yum install policycoreutils*
# chkconfig vsftpd on
# service vsftpd restart
# semanage fcontext -a –t public_content_rw_t ‘/var/ftp/upload (/.*)?’
# restorecon -vvFR /var/ftp/upload
# getsebool -a | grep ftp
# setsebool -P allow_ftpd_anon_write=1
# setsebool -P allow_ftpd_full_access=1
# setsebool -P ftp_home_dir=1

Samba Server Administration

QUE 15.1:- Configure CIFS server. Share /share directory in such a way that only persons sitting in example
domain whose workgroup is RHCEGROUP and the name of the share will be share. The share
must be read only and the share must be browseable and accessible by user jerry only.

Solution: - Install samba package
# yum install samba
Open smb.conf file and edit
# vim /etc/samba/smb.conf
workgroup = RHCEGROUP (Edit a line)
hosts allow = 127. 172.24.48. (Open semicolon and edit line)
[share]
comment = samba server
path = /share
writable = no
browseable = yes
valid users = jerry
# Smbpasswd -a jerry
# chkconfig smb on
# service smb restart
# getsebool -a | grep samba
# setsebool -P samba_create_home_dirs=1
# setsebool -P samba_domain_controller=1
# setsebool -P samba_enable_home_dirs=1
# setsebool -P samba_export_all_ro=1
# setsebool -P samba_export_all_rw=1
# setsebool -P use_samba_home_dirs=1
# getsebool -a | grep smb
# setsebool -P allow_smbd_anon_write=1
# smbclient //server.example.com/share -u jerry
Password:
Smb:\>

QUE 15.2:- Share the “/common” directory via SMB:
a. Your SMB server must be a member of the STAFF workgroup
b. The share’s name must be common
c. The common share must be available to example.com domain clients only.
d. The common share must be browseable.
e. Harry must have read access to the share, authenticating with the same password roxicant, if
necessary.

Solution: - Install samba package
# yum install samba
Open smb.conf file and edit
# vim /etc/samba/smb.conf
workgroup = STAFF (This is name of workgroup)
hosts allow = 127. *.example.com (Open semicolon and edit line)
[common] (This is share name)
comment = Samba Server
path = /common (This is shared path)
writable = no (Write access can be mentioned here)
browseable = yes
valid users = Harry (Valid user should be mentioned here)
# Smbpasswd -a harry (set samba login passwd for harry as “roxicant”)
# chkconfig smb on
# service smb restart
# getsebool -a | grep samba
# setsebool -P samba_export_all_ro=1 (Setting read only access to shared path)
# getsebool -a | grep smb
# setsebool -P allow_smbd_anon_write=0 (Setting anonymous access off)
# smbclient //server.example.com/share -u jerry (accessing samba share)
Password:
Smb:\>

Web Server Administration

QUE 16.1:- Configure the http server with document root is the default path. Get your html page from the
server server.example.com/pub/serverX.html. Do not change the contents of your html page.
Or

Solution: - 1. Install the packages required for configuring http server
# yum install httpd wget
2. Configure http server with document root default path
# vim /etc/httpd/conf/httpd.conf
< VirtualHost *:80>
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost > (Where X is a your machine number)
3. Setting html page from given path
# cd /var/www/html
# wget http://server.example.com/pub/serverX.html
# mv serverX.html index.html
# chcon -R --reference=/var/www/html index.html
# chkconfig httpd on
# service httpd restart
4. Testing http server
# elinks http://serverX.example.com (Where X is a machine number)

QUE 16.2:- Extend by your web server to host virtual site wwwX.example.com. Document root should be
“/var/www/virtual”. Get your html page from server “server/pub/wwwX.html” to its document
root as index.html. John should be able to write contents to /var/www/virtual

Solution: - Open Configuration file & uncomment the line “NameVirtualHost *:80” to enable virtual hosting
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80 (Uncomment this line to enable virtual hosting)
< VirtualHost *:80>
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost >
(Where as “wwwX.example.com” is virtual host name)
# mkdir /var/www/virtual
# cd /var/www/virtual
# wget http://server.example.com/pub/wwwX.html
# mv wwwX.html index.html
# chcon -R --reference=/var/www/html /var/www/virtual
# chkconfig httpd on
# service httpd restart
# elinks http://wwwX.example.com (Where X is a machine number)
Enable Access control to filesystem for giving write access to John to “/var/www/virtual”
# vim /etc/fstab
/dev/mapper/GLSvg-GLSroot / ext4 defaults,acl 1 1
(Note by default need to enable acl in rhel6)
# mount -o remount; /
# mount
# setfacl -m u:john:rwx /var/www/virtual

QUE 16.6:- Extend by your web server to host local site localhost.localdomain. Document root should be
“/var/www/localhost”. Get your html page from server server/pub/local.html to its doc root as index.html.

Solution: - Open Configuration file and last 7 line Copy and paste. Change the lines number (1, 2, 3, 4, 7) and
uncomment changes line. (Line number 5 and 6 will be commented)
# vim /etc/httpd/conf/httpd.conf
< VirtualHost *:80>
ServerAdmin root@serverX.example.com (Where X is a your machine number)
DocumentRoot /var/www/localhost
ServerName localhost.localdomain
</VirtualHost >
# mkdir /var/www/localhost
# cd /var/www/localhost
# wget http://server.example.com/pub/local.html
# mv local.html index.html
# chcon -R --reference=/var/www/html /var/www/localhost
# chkconfig httpd on
# service httpd restart
# elinks http://localhost.localdomain

QUE 20:- Creating a Custom Self-Signed Certificate for servserX.example.com that will expire after a year.
The certificate should have the following characteristics: The key should be 1024 bits and should not
be encrypted Country code = local country State = local state Locality = local city Organization =
Red Hat Inc. Common name = serverX.example.com

Solution: - 1. Install following packages for generating certificate
# yum install crypto-utils mod_ssl
# genkey --days 365 serverX.example.com
Provide the appropriate input as required while generating certificate & note down the
path of newly generated certificate file & certificate key
2. Open the /etc/httpd/conf.d/ssl.conf”file & change the path of “SSLCertificateFile” & “SSLCertificateFile” as follows
# vim /etc/httpd/conf.d/ssl.conf
# SSLCertificateFile /etc/pki/tls/certs/localhost.crt (old path)
SSLCertificateFile /etc/pki/tls/certs/serverX.example.com.crt
# SSLCertificateKeyFile /etc/pki/tls/private/localhost.key (old path)
SSLCertificateKeyFile /etc/pki/tls/private/serverX.example.com.key
3. Restart the httpd service
# service httpd restart

QUE 16.2: Implement a web server for the site http://station.domain60.example.com, and then perform the
following steps:
a. Download ftp://server1.example.com/pub/rhce/station.html
b. Rename the downloaded file to index.html
c. Copy this index.html to the DocumentRoot of your web server.
d. DO NOT make any modifications to the content of index.html.

QUE 16.4:- Extend your web server to include a virtual host for the site http://www.domain60.example.com
then perform the following steps:
a. Set the DocumentRoot to /var/www/virtual
b. Download ftp://server1.example.com/pub/rhce/www.html
c. Rename the downloaded file to index.html
d. Place this index.html in the DocumentRoot of the virtual host.
e. DO NOT make any modifications to the content of index.html
f. Ensure that harry is able to create content in “/var/www/virtual”.

QUE 16.5: - Create a secret directory in the default DocumentRoot of http://host.domain60.example.com
a. Download ftp://server1.example.com/pub/rhce/station.html to secret directory
b. Rename the downloaded file to index.html
c. DO NOT make any modifications to the content of index.html
d. “secret” is access by any user from your localhost only
e. Other networks host should be deny to access secret.

Mail Server Administration

QUE 17.1:- Configure Postfix. Set up Intranet E-mail for user john. John’s mail should me spooled to
/var/spool/mail/john. Your server should accept from remote networks.

Solution: - # yum install postfix
Open a main.cf config file and edit the line
# vim /etc/postfix/main.cf
myhostname = serverX.example.com (Uncomment a line and edit)
mydomain = example.com (Uncomment a line and edit)
myorigin = $myhostname (Uncomment a line)
myorigin = $mydomain (Uncomment a line)
inet_interfaces = all (Uncomment a line)
#inet_interfaces = localhost (Comment a line)
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
(Uncomment a line)
mynetworks =127.0.0.1/8, 172.24.48.0/24 (Uncomment a line and edit)
relay_domains = $mydestination (Uncomment a line)
relayhost = $mydomain (Uncomment a line)
#chkconfig postfix on
#service postfix restart

QUE 17.2:- Configure SMTP mail service according to the following requirements:
a. Your mail server should access mail from remote hosts and localhost.
b. Harry must be able to receive mail from remote hosts
c. Mail delivered to harry should spool into the default mail spool for harry i.e. “/var/spool/mail/harry”.

Solution: -
QUE 18:- Configure a POP3 server. Allow only example.com network and deny all for POP3 server.

Solution: - # yum install dovecot
Open dovecot.conf file and uncomment a line
# vim /etc/dovecot/dovecot.conf
Protocols = imap pop3 lmtp
# chkconfig dovecot on
# service dovecot restart
# vim /etc/hosts.deny
dovecot: ALL EXCEPT .example.com

QUE 19.1:- Configure mail aliases. User jerry should get the mail of principal.
Solution: - # vim /etc/aliases
Principal: jerry
# newaliases

QUE 19.2:-Configure an email alias from your MTA such that mail sent to admin is received by the local user
Natasha.
Solution: -

Shell Scripting

QUE 21.1:- Using Bash shell Scripts write a shell scripts for the following:
1) Type a “redhat” than display your output “linux”
2) Type a “linux” than display your output “redhat”
3) If both option are not using than display your output “redhat linux”


QUE 21.2:- Write a shell script as naming bar.sh stored on /root which meet following requirements:
1. When we give input as “foo”, it should print “bar”
2. If we give input as “bar”, it should print “foo”
3. If we give any other input rather than foo or bar, it should print “/root/bar.sh foo|bar” as an error.

Installing and Configuring Kerberos, Samba, and Winbind on Ubuntu Server 5

Steps

Step 1: Install the Required Packages

Note: Enter Y when asked if you want to install the additional packages


apt-get install krb5-user
apt-get install winbind samba

Step 2: Edit the /etc/krb5.conf File

Code:

[logging]
    default = FILE10000:/var/log/krb5lib.log
[libdefaults]
    ticket_lifetime = 24000
    default_realm = DOMAIN.INTERNAL
    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
    DOMAIN.INTERNAL = {
        kdc = domainserver.domain.internal
        admin_server = domainserver.domain.internal
        default_domain = DOMAIN.INTERNAL
}
[domain_realm]
    .domain.internal = DOMAIN.INTERNAL
    domain.internal = DOMAIN.INTERNAL

Step 3: Edit /etc/samba/smb/conf

Notes: Change the NETBIOS name parameter to be correct for the server. Make a backup copy of the original file!!!

1) Make the edits. The configuration shown is the bare minimum and doesn't share anything.

Code:

[global]
        security = ads
        netbios name = CMHRG02
        realm = DOMAIN.INTERNAL
        password server = domainserver.domain.internal
        workgroup = DOMAIN
        idmap uid = 500-10000000
        idmap gid = 500-10000000
        winbind separator = +
        winbind enum users = no
        winbind enum groups = no
        winbind use default domain = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        domain master = no

2) Test the configuration with the testparm command

Step 4: Edit /etc/nsswitch.conf to look like the example below

Code:

passwd:         compat winbind
group:          compat winbind
shadow:         compat
hosts:          files dns wins
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines

Code:

account sufficient pam_winbind.so
account required  pam_unix.so

2) /etc/pam.d/common-auth should contain only the following lines

Code:

auth    sufficient      pam_winbind.so
auth    required        pam_unix.so nullok_secure use_first_pass

3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below

Code:

password   required   pam_unix.so nullok obscure min=4 max=50 md5

4) Make sure the /etc/pam.d/common-session file contains the following line

Code:

session required        pam_mkhomedir.so umask=0022 skel=/etc/skel

Step 6: Make a directory to hold domain user home directories

Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file

Code:

mkdir /home/DOMAIN

Step 7: Initialize Kerberos

1)

Code:

kinit domain_admin_account@DOMAIN.INTERNAL

Next check to be sure you got a ticket from the domain controller

2)

Code:

klist

Step 8: Join the system to the

Code:

net ads join -U domainadminuser@DOMAIN.INTERNAL

Step 9: Restart Samba-related Services (Or reboot the server)

Note: The order is important

Code:

/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start

Step 10: Restart SSH and Test Connectivity

Note: If you rebooted the server in the previous step, just try and login.

Code:

/etc/init.d/ssh restart

ssh useraccount@server

If you can login using your active directory username and password then everything is working!

Step 11: Configure SUDO

1) First create a group in Active Directory called UnixAdmins and add the names of people whom you want to be able to use sudo to admin the server.

2) Next, add the UnixAdmins group to the /etc/sudoers so these users can use sudo

Code:

%UnixAdmins ALL=(ALL) ALL

HELPFUL COMMAND LINES

1) List the derived UNIX GID values for Active Directory groups

Code:

for gid in $(wbinfo -r <username>); \
do SID=$(wbinfo -G $gid);GROUP=$(wbinfo -s $SID); echo $gid is $GROUP; done

2) See the Active Directory SID for a particular named user

Code:

wbinfo –n <username>

SELinux setsebool and getsebool commands

                    The setsebool is used to set SELinux boolean value i.e. various configurtions can be enabled or disabled using this tool. In other words, the setsebool command switches on and off the protection of Selinux. Type getsebool -a to see all such options which can be enabled or disabled at run time:

Code:

getsebool -a

For example, if httpd_disable_trans set to 1, it will disable SELinux protection for Apache web server. To disable it, enter:

Code:

setsebool httpd_disable_trans 1

To enable it, enter:

Code:

setsebool httpd_disable_trans 0

The following should give you a pretty complete listing of all the samba switches:

Code:

getsebool -a | grep "*samba*"

How to reset concrete5 admin password in local server.

                             Concrete5 admin password reset

                          To reset admin password in concrete5 you have  to enter new md5 password to users table (user we want to change the value for) in mysql database, but with a slight modification.
                            We first need to generate the md5 hash using the **password_salt value for our concrete5 installation.                        

   **salt  value which will be found in config/site.php.>

  Steps:

1, Get your password_salt Value from 

    config/site.php file

2 Create a new php file (Eg:test.php) 

   in your webdirectory.

3. Add the following code in the file

<?php echo md5('password'.':'.'salt'); ?>

Here replace 'password'  with the password of your wish and 'salt' with
 salt  value which will be found in config/site.php.

4. Access/run the file in the browser and copy the value displayed in
the browser.

5, Take the resulting MD5 hash and set it for your user in mysql like below or use phpmyadmin to update database.

 update User set uPassword = 'the_resulting_hash'
where uName = 'username';

**You can even easier use the md5 MySQL function

 directly like:

 
update Users set uPassword = md5('password:salt')
where uName = 'username'; 

 Here replace 'password'  with the password of your wish and 'salt' with  salt  value which will be found in

 config/site.php.

How to Install Oracle Java 7 on Ubuntu 12.04 LTS with Webupd8's PPA

Here is how to Install Oracle Java 7 on Ubuntu 12.04 LTS using Webupd8's PPA
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer
Java 7 installation process only waiting until the end. After completion of the java 7 installation, to test that your browser supports Java, you can visit http://www.java.com/en/download/testjava.jsp

To check through the terminal console:
vijay@vijaypc:~$ java -version
java version “1.7.0_05″
Java(TM) SE Runtime Environment (build 1.7.0_05-b05)
Java HotSpot(TM) Server VM (build 23.1-b03, mixed mode)

Phpmyadmin installation error.

 After installing  phpmyadmin in webserver with apache2, mysql-server, php5  machine may  presented with this error when  navigated to phpmyadmin page.

"The mysqli extension is missing. Please check your PHP configuration. <a href=”Documentation.html#faqmysql” target=”documentation”><img src=”./themes/pmahomme/img/b_help.png” width=”11″ height=”11″ alt=”Documentation” title=”Documentation” /></a>"

 Cause:
May installed Apache2 and PhP5 but it didn’t include the PhP5-mysql

Solution:
If you have installed mysql-server then you need to run this command:
sudo apt-get install php5-mysql
and then reload the server.

  

Normalizing terminal prompt (or putty prompt) after catting a binary file

Some binaries or some command output (unexpected) can contain control sequence which can cause a terminal to interpret it as changing character set. That's why the prompt becomes unreadable and keystrokes abnormal (lines).

To fix this, there are few possible solutions:

 $ echo -e '\017'
or
 $ reset
or
 $ stty sane

How to fix ssh timeout problems

 There are 2 ways to fix it.

    1,Server Fix
    2,Client Fix

            Only need to do one of them .For server fix  you’ll need root access, so  it’s probably safer to do the client fix rather than the server fix.

    SERVER FIX.

• On the server, login as root and edit /etc/ssh/sshd_config and add the line:
  

  ClientAliveInterval 60

   Restart sshd on the server after you save the file.
  
  
  CLIENT FIX
   
•  The other wayis for your desktop machine to send those keep alive messages. As root on your desktop (or client) machine, edit /etc/ssh/ssh_config and add the line:
  

  ServerAliveInterval 60

  That will send send a message to the server every 60 seconds, keeping the connection open.

Runlevel in Ubuntu

                    In various linux flavours runlevels are set in /etc/inittab file.But in Ubuntu there is no /etc/inittab  because Ubuntu uses upstart to define startup services and runlevel.
     
  Anyway, you can still use inittab,by  simply create one. By default ubuntu uses

/etc/init/rc-sysinit.conf instead of /etc/inittab.

One can read more deatils in  /usr/share/doc/upstart/README.Debian.gz

And keep in mind that Ubuntu do not use standard runlevel meaning as other 

linux distros/unix OS.

Old standard was:

• 0 - shutdown
• 1 - single user mode
• 3 - multiuser text mode
• 5 - multiuser graphical mode
• 6 - reboot

but Ubuntu uses:

• 0 - shutdown
• 1 - single user mode
• 2 - multiuser graphical mode
• 6 - reboot

Runlevel

A runlevel is a preset operating state on a Unix-like operating system.
A system can be booted into (i.e., started up into) any of several runlevels, each of which is represented by a single digit integer. Each runlevel designates a different system configuration and allows access to a different combination of processes (i.e., instances of executing programs).
The are differences in the runlevels according to the operating system. Seven runlevels are supported in the standard Linux kernel (i.e., core of the operating system). They are:

0 - System halt; no activity, the system can be safely powered down.
1 - Single user; rarely used.
2 - Multiple users, no NFS (network filesystem); also used rarely.
3 - Multiple users, command line (i.e., all-text mode) interface; the standard runlevel for most Linux-based server hardware.
4 - User-definable
5 - Multiple users, GUI (graphical user interface); the standard runlevel for most Linux-based desktop systems.
6 - Reboot; used when restarting the system.
By default Linux boots either to runlevel 3 or to runlevel 5. The former permits the system to run all services except for a GUI. The latter allows all services including a GUI.
In addition to the standard runlevels, users can modify the preset runlevels or even create new ones if desired. Runlevels 2 and 4 are usually used for user defined runlevels.
The program responsible for altering the runlevel is init, and it can be called using the telinit command. For example, changing from runlevel 3 to runlevel 5, which allows the GUI to be started, can be accomplished by the root (i.e., administrative) user by issuing the following command:

telinit 5

Booting into a different runlevel can help solve certain problems. For example, if a change made in the X Window System configuration on a machine that has been set up to boot into a GUI has rendered the system unusable, it is possible to temporarily boot into a console (i.e., all-text mode) runlevel (i.e., runlevels 3 or 1) in order to repair the error and then reboot into the GUI. The X Window System is a widely used system for managing GUIs on single computers and on networks of computers.
Likewise, if a machine will not boot due to a damaged configuration file or will not allow logging in because of a corrupted /etc/passwd file (which stores user names and other data about users) or because of a forgotten password, the problem can solved by first booting into single-user mode (i.e. runlevel 1).
The runlevel command can be used to find both the current runlevel and the previous runlevel by merely typing the following and pressing the Enter key:

/sbin/runlevel

The runlevel executable file (i.e., the ready-to-run form of the program) is typically located in the /sbin directory, which contains mostly administrative tools and which by default is not in the user's PATH (i.e., the list of directories in which the system searches for programs). Thus, it is usually necessary to type the full path of the command as shown above rather than just the name of the command itself.
The default runlevel for a system is specified in the /etc/inittab file, which will contain an entry such as id:3:initdefault: if the system starts in runlevel 3, or id:5:initdefault: if it starts in runlevel 5. This file can be easily (and safely) read with a command such as cat, i.e.,

cat /etc/inittab

As an alternative to telinit, the runlevel into which the system boots can be changed by modifying /etc/inittab manually with a text editor. However, it is generally easier and safer (i.e., less chance of accidental damage to the file) to use telinit. It is always wise to make a backup copy of /etc/inittab or any other configuration file before attempting to modify it manually.

Linux Set Date

Use the following syntax to set new data and time:
date --set="STRING"
For example, set new data to 2 Oct 2006 18:00:00, type the following command as root user:
# date -s "2 OCT 2006 18:00:00"
OR
# date --set="2 OCT 2006 18:00:00"
You can also simplify format using following syntax:
# date +%Y%m%d -s "20081128"

Linux Set Time

To set time use the following syntax:
# date +%T -s "10:13:13"

Install the Oracle JDK 6 in Linux

Due to license issues Ubuntu will no longer distribute Oracle's JDK and JRE. There are no more supported java releases from Ubuntu - Ubuntu officially supports OpenJDK and OpenJRE implementation of Java which is the base for Oracle's own implementation. The instructions below provide a guide to install the official Oracle JDK 6. You will need to regularly update this manually to ensure your installation maintains recommended security and stability fixes. 1, Download the 32bit or 64bit Linux "compressed binary file" - it has a ".bin" file extension 2,Give it permissions to execute              chmod 777 [version]-linux-i586.bin 3, Extract it.               ./[version]-linux-i586.bin 4, JDK 6 package is extracted into ./jdk1.6.0_x directory, for example ./jdk1.6.0_30. 5,   Just rename it to jdk and move to /usr/lib/jvm        mv jdk1.6.0_30 jdk       sudo mkdir /usr/lib/jvm      sudo mv jdk /usr/lib/jvm 6, Update system paths in /etc/environment                      JAVA_HOME=/usr/lib/jvm/jdk PATH=$PATH:$HOME/bin:$JAVA_HOME/bin export JAVA_HOME export JAVA_BIN export PATH ...................................................................................................................................Vijay.

RESETTING MYSQL ROOT PASSWORD IN WINDOWS

1. Log on to your system as Administrator.
2. Stop the MySQL server if it is running. For a server that is running as a Windows service, go to the Services manager: From the Start menu, select Control Panel, then Administrative Tools, then Services. Find the MySQL service in the list and stop it.
   If your server is not running as a service, you may need to use the Task Manager to force it to stop.
   
3. Create a text file containing the following statements. Replace the password with the password that you want to use.
   

   UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
   FLUSH PRIVILEGES;

   Write the UPDATE and FLUSH statements each on a single line. The UPDATE statement resets the password for all root accounts, and the FLUSH statement tells the server to reload the grant tables into memory so that it notices the password change.
   
4. Save the file. For this example, the file will be named C:\mysql-init.txt.
5. Open a console window to get to the command prompt: From the Start menu, select Run, then enter cmd as the command to be run.
6. Start the MySQL server with the special --init-file option (notice that the backslash in the option value is doubled):
   

   C:\> C:\mysql\bin\mysqld-nt --init-file=C:\\mysql-init.txt
   

   If you installed MySQL to a location other than C:\mysql, adjust the command accordingly.
   The server executes the contents of the file named by the --init-file option at startup, changing each root account password.
   You can also add the --console option to the command if you want server output to appear in the console window rather than in a log file.
   If you installed MySQL using the MySQL Installation Wizard, you may need to specify a --defaults-file option:
   

   C:\> "C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe"
            --defaults-file="C:\\Program Files\\MySQL\\MySQL Server 5.0\\my.ini"
            --init-file=C:\\mysql-init.txt
   

   The appropriate --defaults-file setting can be found using the Services Manager: From the Start menu, select Control Panel, then Administrative Tools, then Services. Find the MySQL service in the list, right-click it, and choose the Properties option. The Path to executable field contains the --defaults-file setting.
   
7. After the server has started successfully, delete C:\mysql-init.txt.

Bash script to create multiple database with different username and password - using by reading multiple files with bash.

#!/bin/bash
## copyright vijayakumarcs

MYSQLADM="root"
MYSQLADMPASS="password"
MYSQLADMIP="localhost"
function readfiles()
{
local FD1=7
local FD3=9
    local FD2=8
    local file1=$1
    local file2=$2
        local file3=$3
    local eof1=0
    local eof2=0
local eof3=0
exec 9<$file3
exec 7<$file1
exec 8<$file2

while [[ $eof1 -eq 0 ]]
    do
if read data1 <&$FD1;  
then
read data2 <&$FD2
read data3 <&$FD3
           



mysql -u "$MYSQLADM" -h "$MYSQLADMIP" -p"$MYSQLADMPASS" mysql -e "CREATE DATABASE $data1; GRANT ALL PRIVILEGES ON  $data1.* TO $data2@localhost IDENTIFIED BY '$data3';"
else
eof1=1
   
fi
    done
}

readfiles user1 user2 user3

FSMO Roles in Active Directory

Windows 2000/2003 Multi-Master Model

A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows 2000/2003 deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, "the last writer wins"), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the "last writer wins" approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact.
For certain types of changes, Windows 2000/2003 incorporates methods to prevent conflicting Active Directory updates from occurring.

Windows 2000/2003 Single-Master Model

To prevent conflicting updates in Windows 2000/2003, the Active Directory performs updates to certain objects in a single-master fashion.
In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 4.0), in which the PDC is responsible for processing all updates in a given domain.
In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

Schema Master:

The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.

Domain naming master:

The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest.

Infrastructure Master:

When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role.

Relative ID (RID) Master:

The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain.  Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain.

PDC Emulator:
 
The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.
The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner.
In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:

• Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
• Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
• Account lockout is processed on the PDC emulator.
• Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator.
• The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.

This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.
At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

LDAP Authentication for Subversion on Ubuntu Feisty

A useful post regarding svn configuration on ubuntu severs... This URL will give you more information regarding svn server and its configuration files.

http://www.itguyonline.com/blog/2007/05/02/ldap-authentication-for-subversion-on-ubuntu-feisty/

https://help.ubuntu.com/community/Subversion

DB2 database on Ubuntu

Downloading DB2

The express edition is free, and can be downloaded from Download DB2 Express-C. You’ll need to register for an IBM id if you don’t already have one.

Extracting and installing

Use the command tar -zvxf db2exc_975_LNX_x86.tar.gz to extract the gzipped file. Run the installer using sudo ./db2setup, and choose “Install a Product” on the left menu. The installation process is quite straightforward after this point.

Troubleshooting libaio.so.1 'not found' when running db2setup

I faced the following problem when I ran the setup script:

$ sudo ./db2setup
ERROR: 
   The required library file libaio.so.1 is not found on the system. 
   Check the following web site for the up-to-date system requirements
   of IBM DB2 9.7
   http://www.ibm.com/software/data/db2/udb/sysreqs.html
   http://www.software.ibm.com/data/db2/linux/validate  
  Aborting the current installation ...
  Run installation with the option "-f sysreq" parameter to force the installation.

To fix it, I had to run sudo apt-get install libaio-dev to install the missing package.

Verifying the Installation

The following command verifies the db installation and configured instances:

sudo /opt/ibm/db2/V9.7/bin/db2val -a

Creating a database

Switch to the user account that is the owner of the instance (db2inst1 is the default).

$ su db2inst1

Switch to the bash shell if necessary:

$ bash

Under this user account, you can run DB2 commands as illustrated below. Note that the create database command takes time - it took several minutes on my machine.

$ db2 create database test
DB20000I  The CREATE DATABASE command completed successfully.
$ db2 connect to test

   Database Connection Information

 Database server        = DB2/LINUX 9.7.5
 SQL authorization ID   = DB2INST1
 Local database alias   = TEST

$ db2 "create table test.technonstop(id int, username varchar(200))"
DB20000I  The SQL command completed successfully.
$ db2 "INSERT INTO test.technonstop VALUES(1, 'abdullah')"
DB20000I  The SQL command completed successfully.

Troubleshooting

If you're unable to run any db2 command, the db2 environment variables may not have been sourced. To do it, run the following command at the terminal, replacing db2inst1 with the instance owner.

. /home/db2inst1/sqllib/db2profile

Protecting Your Pages with htaccess

When you create a .htaccess file, all of the files within that directory, as well as
any subdirectories, are protected by that .htaccess file. Any .htaccess files above
 that directory are also used.
You can control access to specific files or specific types of files by using wildcards or
 filenames in the opening <Files> tag of the .htaccess file.
Use multiple <Files> tags in a single .htaccess file to restrict files with different access controls.

Example of .htaccess content to limit the access of the website to Local Area Network only.

 # limit access to local area network only
<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 192.168.151.0/24
# This will limit the access only from 192.168.151.0 to 192.168.151.255
</Limit>

 To add password protection to your pages, you need to do the following two things:

1. Create a text file on your server that will store your username and password.
2. Create a special file called .htaccess in the folder you want to protect.

1,Creating the password file

The first step is to create a simple text file that will store your username and password, separated by a colon (:). The small catch is that the password must be encrypted. Luckily, there are many free web-based utilities that will encrypt the password for you. Try one of these:

• 4WebHelp's online .htpasswd encryption tool
• Alterlinks .htaccess password generator
• htmlite's htpasswd encryption page

Simply enter your desired username and password in one of these pages and submit the form. You'll get back a string similar to the following:

2,Creating the .htaccess file

you need to put the following code in your .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Folder"
Require valid-user

/full/path/to/.htpasswd should be the full path to the .htpasswd file that you uploaded earlier. The full path is the path to the file from the Web server's volume root - for example, /home/username/.htpasswd or C:\wwwroot\username\.htpasswd. (If you're not sure of the full path to your site or home directory, ask your Web hosting company for this info.)
The above .htaccess file will password protect all files in the folder that it is placed in, and all sub-folders under that folder too. So if you wanted to password protect your entire site, you would place the .htaccess file in your Web root folder.

Protecting a file

To password protect just a single file in a folder, use the following .htaccess file:

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Page"

<Files "mypage.html">
  Require valid-user
</Files>

This will password protect just the mypage.html file in the folder where you put the .htaccess file.

HylaFAX.- open source fax server

Installation

Based on http://www.aboutdebian.com/fax.htm

• Install hylafax

aptitude update
aptitude install hylafax-server

• Connect the external modem. Make sure you have a parallel cable to serial cable. External Modem needs to be connected to a serial port. Then:

Configure

faxsetup

• press Enter and you'll see a lot of text fly by. Answer Yes to adding a Fax Master alias.
• For a user to received fax-related mail enter the user account you created for yourself during the Debian installation.
• Four configuration parameters will be listed and you'll be prompted as to their correctness. Press Enter to accept these values. You'll then be asked if you want to run faxaddmodem to set up the software to use the modem. Press Enter to accept the default Yes response.
• Enter the correct ttyS designation for the serial port(make sure your modem is connected to serial port not the parallel port) your fax-modem is connected to (ttyS0 is for COM1). You'll be prompted for quite a few values. For most you can accept the default values by pressing Enter. The values you'll want to enter are:

        * Country code (1 for US)
        * Area code
        * Phone number of fax modem
        * Local identification string (this should be something like 'My Fax Server' as it is printed on the tag line of outgoing faxes)
        * Long distance dialing prefix (1 in US)
        * International dialing prefix (011 in US)
        * Dial string rules file (accept the default)
        * Tracing during normal server operation (accept the default)
        * Tracing during send and receive operations (accept the default)
        * Protection mode for received fax - enter 0644
        * Protection mode for session logs - enter 0644
        * Protection mode for ttySx - enter 0666
        * Rings to wait before answer
          Note: The default is 1 but setting it to 0 establishes your server as a "Send Only" fax system
        * Modem speaker volume (valid values are OFF QUIET LOW MEDIUM HIGH (you may want to set it to HIGH for testing purposes as you can change it to OFF later)
        * Command line arguments for getty (accept the default)
        * Pathname of TSI ACL file (accept the default)
        * Pathname of Caller-ID ACL file (accept the default)
        * Tag line font file (accept the default)
        * Tag line format string (accept the default)
        * Time before purging UUCP lock (accept the default)
        * Hold UUCP lockfile during data calls (accept the default)
        * Hold UUCP lockfile during voice calls (accept the default)
        * Percent good lines to accept (accept the default)
        * Max consecutive bad lines to accept (you may want to reduce the default 5 to 3)
        * Max number of pages to accept in a received fax (you may want to increase the default value of 25)
        * Syslog facility name for ServerTracing messages (the default is 'daemon' but you could change it to 'local7' if you're logging to a remote syslog server)
        * Set UID to 0 (accept default)
        * Use priority job scheduling (accept default)

• You'll then be asked to confirm the values that you entered and then the utility will query to modem to determine the fax classes that it supports.
• Even if your modem supports both Class 1 and Class 2 you should set it to Class 1 for compatibility with all fax machines.
• You will then be asked for values specific to the modem. Just press Enter to accept the default values as they are a result of the modem query and the class you selected. You'll then be prompted to confirm these values by pressing Enter.
• The non-default scheduler values will then be displayed with a confirmation prompt. The Area Code may not be correct. If so, answer No and correct any erroneous values. You may also want to increase the time value for "Timeout when converting PostScript documents" if you fax long documents but you can just press Enter to accept the default values for the rest of the values.
• Answer No when asked if you want to configure another modem.
• Accept the default Yes answer to run faxmodem on your newly configured modem to verify settings. You'll then be returned to the shell prompt.
• If you want to manually edit the file that contains these settings do so with the command:

vi /etc/hylafax/config.ttyS0

• You have to run the faxaddmodem utility to create this file first though.
• Next we'll set up HylaFAX to run automatically when you boot the system. Check the configuration file:

vi /etc/default/hylafax

• to make sure there's no # character at the beginning of the line containing RUN_HYLAFAX=1. Exit the editor.

Configure Incoming Settings

• One last item that is to let HylaFAX know who is allowed to send faxes. You can use a modified subnet address to let everyone on your network submit faxes to the server. Edit the hosts.hfaxd file with the command:

vi /etc/hylafax/hosts.hfaxd

• As an example, if your using a subnet address for your network of 192.168.10.0 enter the following line into the hosts.hfaxd file:

192\.168\.10\.:::

• Likewise, if your using a subnet address of 172.16.0.0 your hosts.hfaxd file entry would be:

172\.30\.:::

• You can enter as "wide" of a network address or multiple narrower address entries as you'd like. If you'd like to restrict access to specific users you can enter their individual IP addresses. When done, save the file and exit the editor.

NOTE:  You will see the paths /var/spool/hylafax and /var/spool/hylafax/etc specified in HylaFAX documentation and utilities. Do NOT edit the files in these directories. The files are duplicated in the /etc/hylafax directory. If you ever want to manually edit the configuration files, only edit the files in the /etc/hylafax directory.

• Reboot the system by typing reboot and you'll have yourself a fax server!(Reboot is not necessary. Restart of hylafax would do just fine.)

Fax Status

• To see a status of a fax server. Type

faxstat -s

Sending Fax

In general the list of all the software is here, but you can just go to the once we reference below. http://www.hylafax.org/content/Client_Software

Linux

You can use Gfax or Kde Print Fax. You install it Gfax by:

apt-get update
apt-get install gfax

Then Go to Application then Office then Gfax.

• This needs to be tested but:

Now i can do fax from OpenOffice, TextEditor, etc..

1. Install GFax from apt-get install gfax
2. Configure GFax with your Fax Server (HylaFAX).. I hope you know how to do it..
   Ok, you can test your GFax configuration by test send a fax with Text Editor (Applications -
Accessories)
3. To make it work with openoffice, run /usr/lib/openoffice/program/spadmin  (with root access), you
 do sudo -i, or whatever.
4. You add fax / pdf converter from spadmin GUI, fill the command with: gfax (TMP)
5. That's it... you save the configuration
6. Try fax an openoffice document

1st time i try fax with Fax Printer, it hang..
then i tried fax with PDF Converter and set the PDF Folder, then after fax, i close the GFax and not
hang. 

Windows

• On windows you would use this Win print Hylafax software. You can download it at http://winprinthylafax.sourceforge.net/
• To get the addressbook working with winprinthylfax, you can setup folder called hylafaxaddressbook and i int create 2 empty files called "names.txt and numbers.txt"
• ADMINISTRATION:Download program called WHFC which will tell you the status of the hylafax servers.

Mac

PBX, Dial 9 before number

• Add this to your config.ttyS14 files, you can replace 9 with 8 or any other number.

ModemDialCmd: ATDT9,%s

• Pause: The comma (,) dial modifier causes the modem to pause while dialing ATD9,17731231234
• Pause and wait for dial tone: The W causes a modem to wait for an dial tone signal before dialing the number that follow the W. ATDT 9 W 17731231234

ModemDialCmd: ATDT9,W%s

• Final Modem Dial Cmd on the system could look like this:

ModemDialCmd: ATDT9,W%s

• 9 says dial 9; comma says wait; W says wait for dial tone; %s says dial this number
• Also see ModemAtCommandSet
• If you experience no dial tone in your logs try something like:

ModemDialCmd:     ATX3DT8,,,%s

AT - picks up the phone, X3- disables dial tone check, DT tells it to use tone, dial 8, then ",,," for wait, then the phone number.

Adding users

• You need a user on your system

adduser dept1

• Fill in the username and password, etc
• Then add user to hylafax. First find out what is your new user UID
• Type:

cat /etc/group

• Find your user. It should be something like dept1:x:1001: so this user UID is 1001
• Now tell hylafax about it

faxadduser -p password -u 1001 username

• To see what users are already in do:

cat /var/spool/hylafax/etc/hosts.hfaxd 

Hardware

Modem Model:

1. US Robotics 56K External Fax modem; 5686E (Does not come with cable) (around $100)
2. Amigo AME-CA95 RS232, External V.92 DATA/FAX/TAM Modem or External Conexant V.92 modem (around $25 or less)-(newegg.com)

Serial Card:

1. Startech.com 4 Multi Port Serial PCI Card
2. Startech.com 2 Port Serial PCI Card

Done with simple setup

Done. Everything beyond this point is for setting up multiple incoming/outgoing fax modems.

Multiple Incoming Fax Lines

Multi port Serial PCI card, ttyS

• There's really no limit to the number of serial cards Linux can support, but there is a kernel configuration parameter for the number of supported serial ports.(CONFIG_SERIAL_8250_NR_UARTS)
• Currently the limit in Debian supported ports is 4. (read on for more then 4 port support)
• So if you have a 2 port serial card you want to add to your pc, here is what you do.
• If you connect more modems or when you buy a serial pci card you will want to know which ttyS port they are using. You can do it by :

dmesg |grep tty

• You should see something like:

faxserver:~# dmesg |grep ttyS
ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
ttyS14 at I/O 0xdf08 (irq = 209) is a 16550A
ttyS15 at I/O 0xdf10 (irq = 209) is a 16550A

• If you installed another serial pci card (2 port or 4 port), you can see if it was detected by typing:

lspci -v

This should list something like:

0000:02:00.0 Serial controller: NetMos Technology PCI 9835 Multi-I/O Controller (rev 01) (prog-if 02 [16550])
        Subsystem: LSI Logic / Symbios Logic 2S (16C550 UART)
        Flags: medium devsel, IRQ 209
        I/O ports at df08 [size=8]
        I/O ports at df10 [size=8]
        I/O ports at df18 [size=8]
        I/O ports at df20 [size=8]
        I/O ports at df28 [size=8]
        I/O ports at df30 [size=16]

• As you can see the IRQ should be the same as the one specified in dmesg.
• Install setserial. This program will let you control serial port better.

apt-get update
apt-get install setserial

• Then try:

setserial -g /dev/ttyS*

• If you don't see a ttyS#(ex. ttyS14) in /dev/ you will need to create ttyS14 device.

ls /dev/ttyS*

• So in my case I am missing ttyS14, ttyS15 in /dev/ folder

MAKEDEV ttyS14
MAKEDEV ttyS15

• Now run setserial -g /dev/ttyS* again and you should see your new serial ports.
• Plug in your modems and Run:

faxaddmodem

• Select the new ttyS and you are done setting up multiple fax machines.

Fax Dispatch

• Fax dispatch is a custom script that one can create for Hylafax to specify nonstandard delivery options. (Standard is /var/spool/hylafax/recvq/)
• If you want to have multiple fax destination folders for each fax you have. (ttyS1, ttyS14, ttyS15, etc...)
• Create Fax Dipatch file in /etc/hylafax/

touch /etc/hylafax/FaxDispatch

• Sample Fax Dispatch file might look like this: http://www.infocopter.com/know-how/hylafax/fax-dispatch.html
• Copy and past below to your /etc/hylafax/FaxDispatch. This will dispatch faxes to different folders based on device.
• Make sure you have created appropriate folders. (In this case dept1, dept2, and change device names to your names.

##      $Id: FaxDispatch,v 1.2 2003/05/04 23:49:41 darren Exp $
##
## Default FaxDispatch file - routes all inbound faxes to FaxMaster as PDF
##
## Consult the faxrcvd(8C) man page for more information
##

#SENDTO=faxMaster;                               # by default email to FaxMaster
#FILETYPE=pdf;                                   # in PDF format


##
## This excerpt from the man page gives you an idea of what's possible here
##
## You can route by sender's TSI
#case "$SENDER" in
#       *1*510*526*1212*) SENDTO=sam;;          # Sam's test rig in Berkeley
#       *1*415*390*1212*) SENDTO=raster@asd;;   # 7L Xerox room, used for scanning
#       *5107811212)      SENDTO=peebles@mti;;  # stuff from home
#esac

## and/or by device
#case "$DEVICE" in
#       ttyS1)            SENDTO=john;;         # all faxes received on ttyS1
#       ttyLT0)           SENDTO=mary@home;;    # all faxes received on ttyLT0
#       ttyS2)            SENDTO=myemail@example.com,myotheremail@example3.com;;         # all faxes received on ttyS1
#esac

## and/or by device
FOLDER="/var/spool/hylafax/recvq/"
FULLPATH="${FOLDER}${FILENAME}.tif"
case "$DEVICE" in
ttyS14)   mv $FULLPATH /var/spool/hylafax/recvq/dept1/;;    # all faxes received on ttyS14
ttyS15)   mv $FULLPATH /var/spool/hylafax/recvq/dept2/;;    # all faxes received on ttyS15
esac

## and/or by caller id
#case "$CIDNUMBER" in
#       435*)        SENDTO=lee; FILETYPE=pdf;; # all faxes from area code 435
#       5059627777)  SENDTO=amy; FILETYPE=tif;; # Amy wants faxes in TIFF
#esac

• If you would like to print and then move the file you would replace the relevant code with this below:
• Make sure you install printer first. DebianPrinting
• Size of a page was added here to make sure 11x14 pages are printed properly.

## and/or by device
FOLDER="/var/spool/hylafax/recvq/"
FULLPATH="${FOLDER}${FILENAME}.tif"
case "$DEVICE" in
ttyS14)   /usr/bin/tiff2ps -w 8.5 -h 11 -a $FILE |lpr -P kyocera; mv $FULLPATH /var/spool/hylafax/recvq/dept1/;;    # all faxes received on ttyS14
ttyS15)   /usr/bin/tiff2ps -w 8.5 -h 11 -a $FILE |lpr -P kyocera; mv $FULLPATH /var/spool/hylafax/recvq/dept2/;;    # all faxes received on ttyS15
esac

FaxNotify

• When fax fails to send, user gets an email notifying of a failure. Default is to just sent an email with a job number. To make sure they get a copy of what they actually sent we need to add FaxNotify to /etc/hylafax.
• Create FaxNotify in /etc/hylafax/
• Inside put

RETURNFILETYPE=pdf;

View faxes through internet browser

• To do that install apache web server

apt-get update
apt-get install apache2

• Now add a link to your faxes

cd /var/www
ln -s /var/spool/hylafax/recvq fax

Now open a broswer and go to http://localhost/fax/, or by your ip address