Powered By Blogger

Monday, 24 September 2012

Installing and Configuring Kerberos, Samba, and Winbind on Ubuntu Server 5

Steps

Step 1: Install the Required Packages

Note: Enter Y when asked if you want to install the additional packages


apt-get install krb5-user
apt-get install winbind samba

Step 2: Edit the /etc/krb5.conf File


Code:
[logging]
    default = FILE10000:/var/log/krb5lib.log
[libdefaults]
    ticket_lifetime = 24000
    default_realm = DOMAIN.INTERNAL
    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
    DOMAIN.INTERNAL = {
        kdc = domainserver.domain.internal
        admin_server = domainserver.domain.internal
        default_domain = DOMAIN.INTERNAL
}
[domain_realm]
    .domain.internal = DOMAIN.INTERNAL
    domain.internal = DOMAIN.INTERNAL
Step 3: Edit /etc/samba/smb/conf

Notes: Change the NETBIOS name parameter to be correct for the server. Make a backup copy of the original file!!!

1) Make the edits. The configuration shown is the bare minimum and doesn't share anything.

Code:
[global]
        security = ads
        netbios name = CMHRG02
        realm = DOMAIN.INTERNAL
        password server = domainserver.domain.internal
        workgroup = DOMAIN
        idmap uid = 500-10000000
        idmap gid = 500-10000000
        winbind separator = +
        winbind enum users = no
        winbind enum groups = no
        winbind use default domain = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        domain master = no
2) Test the configuration with the testparm command

Step 4: Edit /etc/nsswitch.conf to look like the example below

Code:
passwd:         compat winbind
group:          compat winbind
shadow:         compat
hosts:          files dns wins
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis
Step 5: Modify the PAM settings

1) /etc/pam.d/common-account should contain only the following lines

Code:
account sufficient pam_winbind.so
account required  pam_unix.so
2) /etc/pam.d/common-auth should contain only the following lines

Code:
auth    sufficient      pam_winbind.so
auth    required        pam_unix.so nullok_secure use_first_pass
3) Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below

Code:
password   required   pam_unix.so nullok obscure min=4 max=50 md5
4) Make sure the /etc/pam.d/common-session file contains the following line

Code:
session required        pam_mkhomedir.so umask=0022 skel=/etc/skel
Step 6: Make a directory to hold domain user home directories

Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file

Code:
mkdir /home/DOMAIN
Step 7: Initialize Kerberos

1)
Code:
kinit domain_admin_account@DOMAIN.INTERNAL
Next check to be sure you got a ticket from the domain controller

2)
Code:
klist
Step 8: Join the system to the

Code:
net ads join -U domainadminuser@DOMAIN.INTERNAL
Step 9: Restart Samba-related Services (Or reboot the server)

Note: The order is important

Code:
/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start
Step 10: Restart SSH and Test Connectivity

Note: If you rebooted the server in the previous step, just try and login.

Code:
/etc/init.d/ssh restart

ssh useraccount@server
If you can login using your active directory username and password then everything is working!

Step 11: Configure SUDO

1) First create a group in Active Directory called UnixAdmins and add the names of people whom you want to be able to use sudo to admin the server.

2) Next, add the UnixAdmins group to the /etc/sudoers so these users can use sudo

Code:
%UnixAdmins ALL=(ALL) ALL


HELPFUL COMMAND LINES

1) List the derived UNIX GID values for Active Directory groups

Code:
for gid in $(wbinfo -r <username>); \
do SID=$(wbinfo -G $gid);GROUP=$(wbinfo -s $SID); echo $gid is $GROUP; done
2) See the Active Directory SID for a particular named user

Code:
wbinfo –n <username>
Posted by at No comments:
Labels: , , ,

Sunday, 23 September 2012

SELinux setsebool and getsebool commands

                    The setsebool is used to set SELinux boolean value i.e. various configurtions can be enabled or disabled using this tool. In other words, the setsebool command switches on and off the protection of Selinux. Type getsebool -a to see all such options which can be enabled or disabled at run time:

Code:
getsebool -a
For example, if httpd_disable_trans set to 1, it will disable SELinux protection for Apache web server. To disable it, enter:
Code:
setsebool httpd_disable_trans 1
To enable it, enter:
Code:
setsebool httpd_disable_trans 0
The following should give you a pretty complete listing of all the samba switches:
Code:
getsebool -a | grep "*samba*"
Posted by at 1 comment:
Labels: , ,

Wednesday, 19 September 2012

How to reset concrete5 admin password in local server.

                             Concrete5 admin password reset

                           To reset admin password in concrete5 you have  to enter new md5 password to users table (user we want to change the value for) in mysql database, but with a slight modification.
                            We first need to generate the md5 hash using the **password_salt value for our concrete5 installation.                         
   **salt  value which will be found in config/site.php.>
 
  Steps:
 
1, Get your password_salt Value from 
    config/site.php file

2 Create a new php file (Eg:test.php) 
   in your webdirectory.

3. Add the following code in the file

<?php echo md5('password'.':'.'salt'); ?>

Here replace 'password'  with the password of your wish and 'salt' with
 salt  value which will be found in config/site.php.

4. Access/run the file in the browser and copy the value displayed in
the browser.
5, Take the resulting MD5 hash and set it for your user in mysql like below or use phpmyadmin to update database.

 update User set uPassword = 'the_resulting_hash'
where uName = 'username';
  
**You can even easier use the md5 MySQL function
 directly like:
 
update Users set uPassword = md5('password:salt')
where uName = 'username'; 
 Here replace 'password'  with the password of your wish and 'salt' with  salt  value which will be found in
 config/site.php.
Posted by at No comments:
Labels: ,

Friday, 14 September 2012

How to Install Oracle Java 7 on Ubuntu 12.04 LTS with Webupd8's PPA

Here is how to Install Oracle Java 7 on Ubuntu 12.04 LTS using Webupd8's PPA
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer
Java 7 installation process only waiting until the end. After completion of the java 7 installation, to test that your browser supports Java, you can visit http://www.java.com/en/download/testjava.jsp
oracle java 7 How to Install Oracle Java 7 on Ubuntu 12.04 LTS
To check through the terminal console:
vijay@vijaypc:~$ java -version
java version “1.7.0_05″
Java(TM) SE Runtime Environment (build 1.7.0_05-b05)
Java HotSpot(TM) Server VM (build 23.1-b03, mixed mode)
Posted by at No comments:
Labels: , ,
Subscribe to: Comments (Atom)