August 2019
M T W T F S S
« Jul    
 1234
567891011
12131415161718
19202122232425
262728293031  

Categories

WordPress Quotes

Nothing is predestined: The obstacles of your past can become the gateways that lead to new beginnings.
Ralph Blum
August 2019
M T W T F S S
« Jul    
 1234
567891011
12131415161718
19202122232425
262728293031  

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (268)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (1)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Uncategorized (29)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

22 visitors online now
1 guests, 21 bots, 0 members

Hit Counter provided by dental implants orange county

HOW TO CREATE LVM USING PVCREATE, VGCREATE, LVCREATE, AND LVEXTEND COMMANDS

HOW TO CREATE LVM USING PVCREATE, VGCREATE, LVCREATE, AND LVEXTEND COMMANDS

What is LVM?

LVM is a tool for logical volume management which includes allocating disks, striping, mirroring and resizing logical volumes. With LVM, a hard drive or set of hard drives is allocated to one or more physical volumes.

How to setup LVM in RHEL 7

Once the physical disk space has been made available to the host, run the following command to identify the disk location:

fdisk -l

Disk /dev/sdb: 4294 MB, 4294967296 bytes, 8388608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x5eee65f8
The output of the above command identifies the location of the 4 GB disk as being located in /dev/sdb. The next step involves issuing the following command (replace /dev/sdv with the output you receive from the above command):

[root@slave ~]# fdisk /dev/sdb
Typ Type n to create a new partition and press enter three times until you reach the Last sector prompt. Enter +4GB here and press enter. Type in w and press enter to make the changes live. Issuing partprobe makes the partition live without rebooting the host.

[root@slave ~]# partprobe
The next step involves creating a physical volume.

[root@slave ~]# pvcreate /dev/sdb1
Physical volume “/dev/sdb1” successfully created
Run a pvscan to pickup the changes.

[root@slave ~]# pvscan
PV /dev/sda2 VG rhel lvm2 [7.51 GiB / 0 free]
Total: 1 [7.51 GiB] / in use: 1 [7.51 GiB] / in no VG: 0 [0 ]
We now need to create a volume group.

[root@slave ~]# vgcreate roldy /dev/sdb1
Volume group “roldy” successfully created
Inside of this volume group, we will now create a logical partition.

[root@slave ~]# lvcreate roldy –name snookicoco /dev/sdb1 -L 200MB
Logical volume “snookicoco” created
Format the file system with xfs using the below command:

[root@slave ~]# mkfs.xfs /dev/roldy/snookicoco
meta-data=/dev/roldy/snookicoco isize=256 agcount=4, agsize=12800 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=51200, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Create a folder on the host which will be mapped to this storage:

[root@slave ~]# mkdir /snookicoco
In order to edit the fstab, we will need to obtain the UUID of the volume. The UUID can be easily obtained via the blkid command.

[root@slave ~]# blkid
/dev/sda1: UUID=”46814065-a338-4860-a3f8-781b132987c6″ TYPE=”xfs”
/dev/sda2: UUID=”3gzDCV-lPFf-8hKA-Kojk-XI01-T7SR-xfK8fd” TYPE=”LVM2_member”
/dev/sdb1: UUID=”QCrBPH-KPEw-PZ3c-xDs0-nUVE-esuL-AZorqV” TYPE=”LVM2_member”
/dev/mapper/rhel-root: UUID=”dddea344-415f-4b2b-811f-8d7eac492f9e” TYPE=”xfs”
/dev/mapper/rhel-swap: UUID=”e7128c41-27b0-45ad-8f20-ddf7ce444aa1″ TYPE=”swap”
/dev/mapper/roldy-snookicoco: UUID=”ae3cc85c-158f-4075-9025-5db0998c1d73″ TYPE=”xfs”
It’s now time to mount the partition using the fstab.

[root@slave ~]# vi /etc/fstab
Copy the UUID across to a new line in the fstab, add the local mount point and specify the file system as per the below entry:

# /etc/fstab
# Created by anaconda on Thu Sep 18 00:41:01 2014
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk’
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root / xfs defaults 1 1
UUID=46814065-a338-4860-a3f8-781b132987c6 /boot xfs defaults 1 2
/dev/mapper/rhel-swap swap swap defaults 0 0
UUID=”ae3cc85c-158f-4075-9025-5db0998c1d73″ /snookicoco xfs defaults 1 2
~
~
Verify that the mount point is now listed.

[root@slave ~]# df -hk | grep snookicoco
/dev/mapper/roldy-snookicoco 201388 10400 190988 6% /snookicoco
How to extend a logical volume

Extending logical volumes is possible thanks to the lvextend utility.

lvextend -L +500M /dev/coco/chops

SETTING UP A LOCAL NFS SERVER

On the NFS Server, we will need to install the following packages:

yum -y install portreserve quota rpcbind nfs4-acl-tools.x86_64 nfs-utils.x86_64
# service rpcbind start
# chkconfig rpcbind on
# service nfs start
# chkconfig nfs on
The next step is to make the physical mount point (in this example, it’s /ilovecoco). We then need to update the /etc/exports file. Add the physical mount point we just created, and then add the IP address of the remote machine with any mapping options (in this example, we added rw,sync as mount options).

[root@memberserver ~]# mkdir /ilovecoco
[root@memberserver ~]# vi /etc/exports
[root@memberserver ~]# cat /etc/exports
/ilovecoco 192.168.56.102(rw,sync)
Make the export file active by issuing the following commands:

[root@memberserver ~]# exportfs -r
[root@memberserver ~]# exportfs -a
On the server, we can now verify that the NFS mount is active by issuing the following command:

[root@memberserver ~]# showmount -e
Export list for memberserver:
/ilovecoco 192.168.56.102
We can now try and access this NFS share from a remote host.

[root@master ~]# showmount -e 192.168.56.103
clnt_create: RPC: Port mapper failure – Unable to receive: errno 113 (No route to host)
The above error message is a result of the firewall blocking access. Firewall access now needs to be setup. For the purposes of testing, I enabled ALL ports on the firewall.

[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -A INPUT -j ACCEPT
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.4.21 on Wed Oct 22 19:29:57 2014
*nat
:PREROUTING ACCEPT [984:75513]
:INPUT ACCEPT [4:234]
:OUTPUT ACCEPT [1209:57593]
:POSTROUTING ACCEPT [1209:57593]
:OUTPUT_direct – [0:0]
:POSTROUTING_ZONES – [0:0]
:POSTROUTING_ZONES_SOURCE – [0:0]
:POSTROUTING_direct – [0:0]
:POST_public – [0:0]
:POST_public_allow – [0:0]
:POST_public_deny – [0:0]
:POST_public_log – [0:0]
:PREROUTING_ZONES – [0:0]
:PREROUTING_ZONES_SOURCE – [0:0]
:PREROUTING_direct – [0:0]
:PRE_public – [0:0]
:PRE_public_allow – [0:0]
:PRE_public_deny – [0:0]
:PRE_public_log – [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o enp0s8 -g POST_public
-A POSTROUTING_ZONES -o enp0s3 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i enp0s8 -g PRE_public
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Wed Oct 22 19:29:57 2014
# Generated by iptables-save v1.4.21 on Wed Oct 22 19:29:57 2014
*mangle
:PREROUTING ACCEPT [7214:4652078]
:INPUT ACCEPT [7212:4650926]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5282:434260]
:POSTROUTING ACCEPT [5312:439910]
:FORWARD_direct – [0:0]
:INPUT_direct – [0:0]
:OUTPUT_direct – [0:0]
:POSTROUTING_direct – [0:0]
:PREROUTING_ZONES – [0:0]
:PREROUTING_ZONES_SOURCE – [0:0]
:PREROUTING_direct – [0:0]
:PRE_public – [0:0]
:PRE_public_allow – [0:0]
:PRE_public_deny – [0:0]
:PRE_public_log – [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp0s8 -g PRE_public
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Wed Oct 22 19:29:57 2014
# Generated by iptables-save v1.4.21 on Wed Oct 22 19:29:57 2014
*security
:INPUT ACCEPT [6204:4571149]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5282:434260]
:FORWARD_direct – [0:0]
:INPUT_direct – [0:0]
:OUTPUT_direct – [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Wed Oct 22 19:29:57 2014
# Generated by iptables-save v1.4.21 on Wed Oct 22 19:29:57 2014
*raw
:PREROUTING ACCEPT [7241:4653776]
:OUTPUT ACCEPT [5282:434260]
:OUTPUT_direct – [0:0]
:PREROUTING_direct – [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Wed Oct 22 19:29:57 2014
# Generated by iptables-save v1.4.21 on Wed Oct 22 19:29:57 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [17:1800]
:FORWARD_IN_ZONES – [0:0]
:FORWARD_IN_ZONES_SOURCE – [0:0]
:FORWARD_OUT_ZONES – [0:0]
:FORWARD_OUT_ZONES_SOURCE – [0:0]
:FORWARD_direct – [0:0]
:FWDI_public – [0:0]
:FWDI_public_allow – [0:0]
:FWDI_public_deny – [0:0]
:FWDI_public_log – [0:0]
:FWDO_public – [0:0]
:FWDO_public_allow – [0:0]
:FWDO_public_deny – [0:0]
:FWDO_public_log – [0:0]
:INPUT_ZONES – [0:0]
:INPUT_ZONES_SOURCE – [0:0]
:INPUT_direct – [0:0]
:IN_public – [0:0]
:IN_public_allow – [0:0]
:IN_public_deny – [0:0]
:IN_public_log – [0:0]
:OUTPUT_direct – [0:0]
-A INPUT -j ACCEPT
COMMIT
# Completed on Wed Oct 22 19:29:57 2014
[root@master ~]# showmount -e 192.168.56.103
Export list for 192.168.56.103:
/ilovecoco 192.168.56.102
Lets now try manually mapping up this mount using the mount command.

[root@master ~]# mkdir /ialsolovesnooki
[root@master ~]# mount 192.168.56.103:/ilovecoco /ialsolovesnooki
[root@master ~]# df -hk | grep /ialsolovesnooki
192.168.56.103:/ilovecoco 7022592 1447680 5574912 21% /ialsolovesnooki
[root@master ~]# ls -lrt /ialsolovesnooki
total 0
-rw-r–r–. 1 root root 0 Oct 23 2014 mycatsarethebest
Lets now get fancy and map this mount on demand using the autofs auto mounting daemon service. We’ll need to install autofs first.

[root@master ~]# yum -y install autofs
[root@master ~]# service autofs start
Redirecting to /bin/systemctl start autofs.service
[root@master ~]# chkconfig autofs on
Note: Forwarding request to ‘systemctl enable autofs.service’.
We also need to install nfs-utils and nfs4-acl-tools on the client host:

[root@localhost ~]# yum -y install nfs-utils.x86_64 nfs4-acl-tools.x86_64
/etc/auto.misc has several helpful examples which we will draw inspiration from to mount our NFS share. The line which we are interested in is the #linux line.

[root@slave /]# cat /etc/auto.misc
#
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# Details may be found in the autofs(5) manpage
cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
# the following entries are samples to pique your imagination
#linux -ro,soft,intr ftp.example.org:/pub/linux
#boot -fstype=ext2 :/dev/hda1
#floppy -fstype=auto :/dev/fd0
#floppy -fstype=ext2 :/dev/fd0
#e2floppy -fstype=ext2 :/dev/fd0
#jaz -fstype=ext2 :/dev/sdc1
#removable -fstype=ext2 :/dev/hdd
Lets now edit the master mapping file.

[root@slave /]# vi /etc/auto.master
/meow /etc/auto.coco
It’s important to ensure that the filename begins in auto. It can end in anything, i.e. auto.duck.

[root@localhost meow]# vi /etc/auto.coco
reow -ro,soft,intr 192.168.56.103:/ilovecoco
Restart autofs.

[root@localhost meow]# service autofs restart
Redirecting to /bin/systemctl restart autofs.service
Now try and access the mount:

[root@localhost meow]# cd /
[root@localhost /]# cd meow
[root@localhost meow]# cd reow
[root@localhost reow]# ls -lrt
total 0
-rwxrwxrwx. 1 root root 0 Oct 22 19:57 mycatsarethebest

CONNECT RHEL7 TO AN OPEN LDAP SERVER

e LDAP server will be named instructor.example.com in this procedure.

Install the following packages:

# yum install -y openldap openldap-clients openldap-servers migrationtools net-tools.x86_64
Generate a LDAP password from a secret key (using redhat):

# slappasswd -s redhat -n > /etc/openldap/passwd
Generate a X509 certificate valid for 365 days:

# openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout /etc/openldap/certs/priv.pem -days 365
Generating a 2048 bit RSA private key
…..+++
…………..+++
writing new private key to ‘/etc/openldap/certs/priv.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:instructor.example.com
Email Address []:
Secure the content of the /etc/openldap/certs directory:

# cd /etc/openldap/certs
# chown ldap:ldap *
# chmod 600 priv.pem
Prepare the LDAP database:

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Generate database files (don’t worry about error messages!):

# slaptest
53d61aab hdb_db_open: database “dc=my-domain,dc=com”: db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
53d61aab backend_startup_one (type=hdb, suffix=”dc=my-domain,dc=com”): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
Change LDAP database ownership:

# chown ldap:ldap /var/lib/ldap/*
Activate the slapd service at boot:

# systemctl enable slapd
Start the slapd service:

# systemctl start slapd
Check the LDAP activity:

# netstat -lt | grep ldap
tcp 0 0 0.0.0.0:ldap 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ldap [::]:* LISTEN
To start the configuration of the LDAP server, add the cosine & nis LDAP schemas:

# cd /etc/openldap/schema
# ldapadd -Y EXTERNAL -H ldapi:/// -D “cn=config” -f cosine.ldif SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=cosine,cn=schema,cn=config”
# ldapadd -Y EXTERNAL -H ldapi:/// -D “cn=config” -f nis.ldif SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=nis,cn=schema,cn=config”
Then, create the /etc/openldap/changes.ldif file and paste the following lines (replace password with the previously created password):

To get the password which was previously generated:

# cat /etc/openldap/passwd
{SSHA}98bGGGdL+aj/TFVayaTsKj/xkfDZaYsRua1pge
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}98bGGGdL+aj/TFVayaTsKj/xkfDZaYsRua1pge

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/cert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: -1

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=authd by dn.base=”cn=Manager,dc=example,dc=comd by * none
Send the new configuration to the slapd server:

# ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “olcDatabase={2}hdb,cn=config”
modifying entry “olcDatabase={2}hdb,cn=config”
modifying entry “olcDatabase={2}hdb,cn=config”
modifying entry “cn=config”
modifying entry “cn=config”
modifying entry “cn=config”
modifying entry “olcDatabase={1}monitor,cn=config”
Create the /etc/openldap/base.ldif file and paste the following lines:

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
Build the structure of the directory service:

# ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f base.ldif adding new entry “dc=example,dc=com”
adding new entry “ou=People,dc=example,dc=com”
adding new entry “ou=Group,dc=example,dc=com”
Create two users for testing:

# mkdir /home/guests
# useradd -d /home/guests/ldapuser01 ldapuser01
# passwd ldapuser01 Changing password for user ldapuser01.
New password: user01ldap
Retype new password: user01ldap
passwd: all authentication tokens updated successfully.
# useradd -d /home/guests/ldapuser02 ldapuser02
# passwd ldapuser02 Changing password for user ldapuser02.
New password: user02ldap
Retype new password: user02ldap
passwd: all authentication tokens updated successfully.
Go to the directory for the migration of the user accounts:

# cd /usr/share/migrationtools
Edit the migrate_common.ph file and replace in the following lines:

$DEFAULT_MAIL_DOMAIN = “example.com”;
$DEFAULT_BASE = “dc=example,dc=com”;
Create the current users in the directory service:

# grep “:10[0-9][0-9]” /etc/passwd > passwd
# ./migrate_passwd.pl passwd users.ldif
# ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f users.ldif
adding new entry “uid=ldapuser01,ou=People,dc=example,dc=com”
adding new entry “uid=ldapuser02,ou=People,dc=example,dc=com”
# grep “:10[0-9][0-9]” /etc/group > group
# ./migrate_group.pl group groups.ldif
# ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f groups.ldif
adding new entry “cn=ldapuser01,ou=Group,dc=example,dc=com”
adding new entry “cn=ldapuser02,ou=Group,dc=example,dc=com”
Test the configuration with the user called ldapuser01:

# ldapsearch -x cn=ldapuser01 -b dc=example,dc=com
Add a new service to the firewall (ldap: port tcp 389):

# firewall-cmd –permanent –add-service=ldap
Reload the firewall configuration:

# firewall-cmd –reload
Edit the /etc/rsyslog.conf file and add the following line:

local4.* /var/log/ldap.log
Restart the rsyslog service:

# systemctl restart rsyslog
Edit the hosts file on the server:

# cat /etc/hosts
192.168.56.106 instructor.example.com
LDAP Client configuration

Add the same hosts file entry on the client:

# cat /etc/hosts
192.168.56.106 instructor.example.com
Install the following packages:

# yum install -y openldap-clients nss-pam-ldapd
Run the authentication menu:

# authconfig-tui
Choose the following options:

– Cache Information
– Use LDAP
– Use MD5 Passwords
– Use Shadow Passwords
– Use LDAP Authentication
– Local authorization is sufficient
In the LDAP Settings, type:

Use TLS
ldap://instructor.example.com
dc=example,dc=com
Note: Don’t use TLS if you specify ldaps.

Put the LDAP server certificate into the /etc/openldap/cacerts directory when asked.

Open another terminal window, and cd /etc/openldap/cacerts.

cd /etc/openldap/cacerts
wget http://instructor.example.com/cert.pem .
Close authconfig-tui.

Test the connection to the LDAP server (the ldapuser02‘s line of the /etc/passwd file should be displayed):

# getent passwd ldapuser02
ldapuser02:x:1001:1001:ldapuser02:/home/guests/ldapuser02:/bin/bash

Install NFS on the LDAP Server

We need to install NFS on the LDAP server. Note: it’s not required to have the LDAP server and the NFS server on the same machine, it’s only easier.

The first step is to install all the necessary packages for NFS. Once these packages are installed, each package needs to be enabled and started.

# yum -y install portreserve quota rpcbind nfs4-acl-tools.x86_64 nfs-utils.x86_64
# systemctl enable rpcbind
# systemctl start rpcbind

# systemctl enable nfs-server
# systemctl start nfs-server

# systemctl enable nfs-lock
# systemctl start nfs-lock

# systemctl enable nfs-idmap
# systemctl start nfs-idmap

# systemctl enable nfs-idmap
# systemctl start nfs-idmap

We now need to update the /etc/exports file.

# vi /etc/exports
/home/guests 192.168.56.105(rw,sync)
Once the config file is saved, we will now need to export the file.

# exportfs -avr
exporting 192.168.56.105:/home/guests
Ensure that iptables/firewalld allow communication using NFS.

Setup the LDAP client

The first step is to install openldap-clients, nss-pam-ldapd, autofs and nfs-utils.

# yum install -y openldap-clients nss-pam-ldapd autofs nfs-utils
Lets enable and start the autofs daemon.

# systemctl enable autofs
# systemctl start autofs
I’m also modifying the hosts file to include a mapping for instructor.example.com which will point to 192.168.56.104.

# cat /etc/hosts
192.168.56.104 instructor.example.com
We’ll now connect the LDAP client up to our OpenLDAP server.

# authconfig-tui

authconfig-1

authconfig-2

authconfig-3

DO NOT CLICK ON OK, just yet!

Open a separate SSH session to the client and cd to /etc/openldap/cacerts/.

# cd /etc/openldap/cacerts/
We’re now going to copy across the certificate from the LDAP server to this directory.

# wget http://instructor.example.com/cert.pem .
Switch back to the original SSH session with authconfig-tui open. Press Ok.

Restart the host.

# shutdown -r now
Once the host has started up, run the following getent command to ensure that you can successfully connect to the OpenLDAP server.

# getent passwd ldapuser02
ldapuser02:x:1001:1001:ldapuser02:/home/guests/ldapuser02:/bin/bash
We’ll verify that we can access the NFS share which we previously setup on the OpenLDAP + NFS server.

# showmount -e instructor.example.com
Export list for instructor.example.com:
/home/guests 192.168.56.106,192.168.56.105
Create a new indirect /etc/auto.guests map and paste the following line:

* -rw,nfs4 instructor.example.com:/home/guests/&
Add the following line at the beginning of the /etc/auto.master file:

/home/guests /etc/auto.guests
Restart autofs:

# systemctl restart autofs
Test the configuration:

# su – ldapuser02
Last login: Sun Oct 26 20:37:23 EDT 2015 on pts/0
[ldapuser02@localhost ~]$ ls -lrt
total 0
-rwxrwxrwx. 1 ldapuser02 ldapuser02 0 Oct 26 18:20 testfile

HOW TO SETUP THE NTP SERVICE IN RHEL7

Install the NTP package:

# yum install -y ntp
Activate the NTP service at boot:

# systemctl enable ntpd
Start the NTP service:

# systemctl start ntpd
The NTP configuration is in the /etc/ntp.conf file.

To quickly synchronize a server, type:

# systemctl stop ntpd
# ntpdate ntp.internode.on.net
5 Jul 10:36:58 ntpdate[2190]: adjust time server 95.81.173.74 offset -0.005354 sec
# systemctl start ntpd

Redhat 7.2 Reset Password

Edit grub2 boot menu, press e key for edit.

Move your cursor ( HINT: move to end of the line with CTRL+E )
on rhgb quiet keywords and replace them with init=/bin/bash
Once you edit the boot line as show above press CTRL + x to start booting your system into a single mode.

# mount | grep root

In order to mount our partition with Read/Write flag we use mount with a remount option as follows:

# mount -o remount,rw /

# passwd

SELinux relabeling
The additional step which needs to be taken on SELinux enables Linux system is to relabel SELinux context. If this step is ommited you will not be able to login with your new root password. The following command will ensure that the SELinux context for entire system is relabeled after reboot:

# touch /.autorelabel

# exec /sbin/init

Rebuilding the initrd RHEL 3, 4, 5 and initramfs RHEL 6, 7

Rebuilding the initrd (RHEL 3, 4, 5)

# cp /boot/initrd-$(uname -r).img /boot/initrd-$(uname -r).img.$(date +%m-%d-%H%M%S).bak
# mkinitrd -f -v /boot/initrd-$(uname -r).img $(uname -r)

If you are in a kernel version different to the initrd you are building (including if you are in Rescue Mode) you must specify the full kernel version, without architecture:

# mkinitrd -f -v /boot/initrd-2.6.18-348.2.1.el5.img 2.6.18-348.2.1.el5

Rebuilding the initramfs (RHEL 6, 7)

# cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.$(date +%m-%d-%H%M%S).bak
# dracut -f -v

If you are in a kernel version different to the initrd you are building (including if you are in Rescue Mode) you must specify the full kernel version, including architecture:

# dracut -f /boot/initramfs-2.6.32-220.7.1.el6.x86_64.img 2.6.32-220.7.1.el6.x86_64

Fedora 20 automount nfs fs with autofs

Fedora 20 automount nfs fs with autofs
# yum install autofs

# cat /etc/auto.misc
#
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# Details may be found in the autofs(5) manpage

cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
RemoteDownload -rw,soft,intr 192.168.1.100:/Download

# the following entries are samples to pique your imagination
#linux -ro,soft,intr ftp.example.org:/pub/linux
#boot -fstype=ext2 :/dev/hda1
#floppy -fstype=auto :/dev/fd0
#floppy -fstype=ext2 :/dev/fd0
#e2floppy -fstype=ext2 :/dev/fd0
#jaz -fstype=ext2 :/dev/sdc1
#removable -fstype=ext2 :/dev/hdd

# systemctl start autofs.service
# systemctl enable autofs.service
ln -s ‘/usr/lib/systemd/system/autofs.service’ ‘/etc/systemd/system/multi-user.target.wants/autofs.service’
[root@localhost maccu]# showmount -e serious
Export list for serious:
/Download *

# ls /misc/RemoteDownload/

Single User mode is password protected by the root password on RHEL 7

# RHEL 5
# ——————————————————————————————

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q

# RHEL 6
# ——————————————————————————————

# Edit /etc/inittab and add “su:S:wait:/sbin/sulogin” before ‘initdefault’ line:

vi /etc/inittab
[…]
su:S:wait:/sbin/sulogin
id:3:initdefault:

# Edit /etc/sysconfig/init and replace “SINGLE=/sbin/sushell” with “SINGLE=/sbin/sulogin”:

vi /etc/sysconfig/init
[…]
# Set to ‘/sbin/sulogin’ to prompt for password on single-user mode
# Set to ‘/sbin/sushell’ otherwise
SINGLE=/sbin/sulogin

# RHEL 7
# ——————————————————————————————

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
[…]

[Service]
Environment=HOME=/root
WorkingDirectory=/root
ExecStartPre=-/bin/plymouth quit
ExecStartPre=-/bin/echo -e ‘Welcome to emergency mode! After logging in, type […]
ExecStart=-/bin/sh -c “/usr/sbin/sulogin; /usr/bin/systemctl –fail –no-block default” <--- Type=idle StandardInput=tty-force StandardOutput=inherit StandardError=inherit KillMode=process IgnoreSIGPIPE=no SendSIGHUP=yes

maybe-recordio

Install and use maybe-recordio script

Maybe-recordio is a little script written by John M. Simpson which makes it possible for an SMTP service to selectively enable recordio for certain IPs, so you can see what they are doing without filling up your log files with a lot of extra stuff you don’t need to see from other addresses.

With this script, you can debug SMTP session coming from a determined IP

Additionnal information can be found on http://qmail.jms1.net/scripts/#maybe-recordio
Install it

cd /downloads/scripts
wget http://qmail.jms1.net/scripts/maybe-recordio
cp /downloads/scripts/maybe-recordio /usr/local/bin/
chmod 755 /usr/local/bin/maybe-recordio

Activate it by modifying the file /service/qmail-smtpd/run (and/or /service/qmail-smtpdssl/run for SMTP SSL) by un-commenting RECORDIO

# djb’s “recordio” can be used to log the raw SMTP conversations.
# http://qmail.jms1.net/scripts/#maybe-recordio is a script which allows you
# to log only certain conversations (for debugging issues with specific
# clients, without killing your log files.)

RECORDIO=”recordio”

Restart the service

qmailctl restart

Restarting qmail:
* Stopping qmail-smtpdssl.
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
* Restarting qmail-smtpdssl.

Add the IP you want to monitor into the file /etc/tcp.smtp

xx.xx.xx.xx:allow,USE_RECORDIO=”1″ (where xx.xx.xx.xx is the IP you want to monitor)

qmailctl cdb

Analyze your logs in the file /var/log/qmail/qmail-smtpd/current (you can see the detailed SMTP session coming from the IP you want to monitor)