LDAP, Lightweight Directory Access Protocol

http://funlinuxfun.blogspot.com/

LDAP, Lightweight Directory Access Protocol, a directory service internet protocol runs over Transmission Control Protocol/internet Protocol (TCP/IP) that that email and other programs use to look up information from a server.

Every email program has a personal address book, but how do you look up an address for someone who’s never sent you email? How can an organization keep one centralized up-to-date phone book that everybody has access to?

That question led to development of a standard called DIRECTORY SERVICES which supports the capability to locate certain types of information easily, efficiently, and quickly.

A directory is a set of objects with attributes organized in a logical and hierarchical manner. A simple example is the telephone directory, which consists of a list of names (of either persons or organizations) organized alphabetically, with each name having an address and phone number associated with it.

For example, the entry for Rohit Mehta might have the following attributes:

cn: Rohit Mehta
mail: rohitmehta.linux@gmail.com
telephoneNumber: 9663399899
telephoneNumber: 080-40022300
roomNumber: 353


Lightweight Directory - Directories are kind of like a database but not really. A directory is a specialized
database that is optimized for lookups. Unlike a traditional RDBMS, LDAP is not designed to show
complex relationships between relations. Imagine if 99% of your actions on were going to be simple
"selects", and you wanted anyone, anywhere to be able to do these selects over the Internet. This is
where LDAP excels. Examples of directories are the TVGuide, the phone book, a library card
catalog, and DNS.

"Give me the phone number of John Smith."

"Give me all the tv shows that are on tonight on the Sci-Fi channel."

Access Protocol - LDAP is an outgrowth of the x.500 standard. LDAP is an open standard,
unlike many other proprietary directory solutions. Most of the directory-like solutions that were
out on the market are now very similar to LDAP. Some of these solution providers, Sun and
 Microsoft specifically, have designed JNDI and ADSI APIs so that you can connect with any
 kind of directory service. This is kind of like ODBC or JDBC is to an RDBMS.
 
Cool things you can do with LDAP
 
-Contact Management

-Users and Security

-Image storage

-Document Management

-Store business logic - actual code or SQL statements
  

How does SSH(Secure Shell) works

http://funlinuxfun.blogspot.com/
You must have done remote file sharing and remote logins. Have you ever thought that whether your communication over the channel  is   secure or not. If you are using tools/utilities like ftp , telnet then you are not secure. SSH acronym for Secure Shell enables you to have transfer over the network in the encrypted manner.

This is how SSH works:
When a user attempts for a remote login using SSH ,for the first time it prompts for the generation of keys. SSH uses asymmetric Encryption. Asymmetric encryption also allows for digital certificates.

Two types of key are generated:

Private key : This key is kept only with the user who generated the key and is used for encrypting the messages before sending them over the network.

Public key : This key is distributed to all the users with which you want to encrypt your communication .Remote system uses this key to decrypt the encrypted messsages which is sent by the user to the remote  machines.

This is how SSH actually works:

SENDER:

generate public/private key pair : P and S
 publish public key P .guard private key S
encrypt message M with private key S
 send recipient S(M)

RECIPIENT:

decrypt with sender’s public key to recover M=P(S(M))

For making remote login through ssh :
At the hash prompt:

#ssh 192.168.1.1

then type yes for the generation of the keys and then enter the password for the remote system and you are logged into the system

Enjoy the encrypted communication and stay away from network hacks.

How To Set A Password For Grub At Boot Time in linux

http://funlinuxfun.blogspot.com/
Grub is the linux default bootloader.

Setting up a password in grub is quite an easy task.you can set the password just at boot time to prevent anyone from logging into the system in any mode.

here is how to do it.

Enter the command line and type

#grub-md5-crypt

you will be prompted to enter the password..after entering the password twice you will be provided with a encrypted value as shown below..

copy this encrypted value.

now open the grub.conf file.

#vi /boot/grub/grub.conf

and enter the line

passwd   –md5    $1$Tqro5/$pkEbG8f4igg0oZRCoWznb1

where the above encrpted value is the one generated at the time when you entered the password.

also enter

lock

at the end of the red hat container as shown in the figure below.

come out of the editor and then reboot.

#init 6

now at startup you will be asked for the password.

press ‘p’ for password.

and enter the password.

How to Break root password in redhat/linux

http://funlinuxfun.blogspot.com/
Root account in linux is the supreme account holding all the privildges to manage and configure  your system.

Sometimes non-root users wish to login into the root account but doesn’t have the password or in times some bad users change the root password which disables root-user to login ,hence he need to change the password for his account  and setup a new password

Here are the all steps to change/break  password for root in linux even if previous password is not known:

Step 1:)

When the first  grub screen like the below snapshot appears  press ‘e’ on linux line entry:

Step2)

After preesing “e” in the previous step the snapshot similar to the below snapshot appears. Move to the line which contains the word ‘kernel’ and  press  ‘e’

Step3)

Go to end of that line and after rhgb quiet write  1 as in the snapshot below…this means that you are setting your kernel to boot into single user mode also known as the maintenance mode.

Step4)

Then press “enter ” and then  ‘b’ to boot the system into run level 1:
Step5)

Now wait for the prompt and  write the following command :
#passwd root

Now the password for root account has been changed and try login with the new account:

How To Make A NFS Share

http://funlinuxfun.blogspot.com/
NFS(Network File System) is a viable solution for sharing disk space between two linux/unix machines/servers. NFS uses a standard client/server architecture. The server portion consists of physical disks containing shared file system and several daemons that make shared file system visible and available for use by NFS clients. NFS clients simply mount the exported file system, known as NFS mounts.
Note: While making a nfs share we should export directories only under / directory and only the local file systems.
Some of the important nfs daemons are:
.rpcbind
.nfs
.netfs
.nfslock
.portmapper
Steps for making a NFS share and exporting the nfs share to the client:

Step1.)Generally all the linux versions comes with the nfs package installed. One can check using:

#rpm –aq |grep nfs

redhat-config-nfs-1.1.3-1
nfs-utils-1.0.1-3.9

Step2.) Configure the /etc/exports file. It is the main nfs configuration file and has two columns.
The first column lists the directories you want to make available to the network. The second column has two parts. The first part lists the networks or DNS domains that can get access to the directory, and the second part lists NFS options in brackets.
eg:
/home 192.168.1.0/24(rw,sync) #this meas that home directory is exported to 192.168.1.0 domain

with read,write permissions.

sync option ensures that file data cached in memory is automatically written to the disk after the completion of any disk data copying operation.

rw can be replaced by ro for making the share read only.

Step 3. ) Use chkconfig command to start nfs services at the boot time
# chkconfig nfs on
# chkconfig nfslock on
# chkconfig rpcbind on

Step 4.)Use the init scripts in the /etc/init.d directory to start the nfs and RPC rpcbind daemons.
#service rpcbind start
#service nfs start
#service nfslock start

Step 5.)Check nfs services by:
#rpcinfo -p #for local machine
#rpcinfo -p hostname #for remote machine

Step 6.)We can check the mounts using:
#showmount -e

Step 7.)When no directories have yet been exported to NFS, use the following command.
#exportfs -a
When adding a shared directory, you can use the following command to export only the new entries.
#exportfs -r

Step 8.)Configuring the nfs client:
Start the nfs daemons on the nfs client also:
Use the chkconfig command to configure the required nfs and RPC rpcbind daemons to start at boot:
#chkconfig nettfs on
#chkconfig nfslock on
#chkconfig rpcbind on

Use the init scripts in the /etc/init.d directory to start the nfs and RPC rpcbind daemons:

# service rpcbind start
# service netfs start
# service nfslock start

Test whether NFS is running correctly:
#rpcinfo -p

Step 9.)On the nfs client add the shared mount entry in the /etc/fstab file:
vi /etc/fstab
#Directory Mount Point Type Options Dump FSCK
192.168.1.100:/home /mnt/nfs nfs defaults 0 0

save and quit from the file

Reload the fstab file by:
#mount -a

Step 10.)Now we can access the nfs share by going into directory in which we have mounted the export on the client side.

How To Configure YUM Server/Yum Repository

http://funlinuxfun.blogspot.com/
Sometimes one may find himself in dependcy resolution problem while installing rpm packages on linux. Yum(Yellowdog update manager) server is a viable solution to it which holds the repository of linux packages and allows users to take packages .Client can easily install packages with simple commands using the yum installer .Which protocol does yum uses for the tranfer of packages from client to server side?

yum uses ftp protocol for the transfer of packages from client to server side.

Configuring the yum server:

Step1:)Mount the linux dvd/iso to some preexisting directory.

#mount /dev/cdrom /mnt/

Step2:) Intsall the vsftpd package and createrepo package:

#rpm –ivh vsftpd-2.0.5-12.el5
#rpm –ivh createrepo-0.4.11-3.el5

Step3:)Copy the entire DVD to /var/ftp/pub directory:

# cp -rvf /mnt/* /var/ftp/pub/

Step4:)Move to the pub direcorty:

# cd /var/ftp/pub/
#cp Server/repodata/comps-rhel5-server-core.xml Server
# cd Server/
#createrepo -vg comps-rhel5-server-core.xml /var ftp/pub/Server

Step5:)Restart vsftpd service

#service vsftpd restart

Step6:)To enable service start at the boot time type the following command:

#chkconfig vsftpd on
yum server has been established and can be used for downloading the packages.

Configuring the yum client:

Step1:)Create the yum repository file.

#vi /etc/yum.repos.d/ser.repo
enter the following configuration lines.
[Server]
name=any meaningful name
baseurl=ftp://192.168.1.1/pub/Server #enter the ip adress of the yum server
baseurl=file:///var/ftp/pub/Server #if both client and server are same machine
gpgcheck=0
save and exit.
Now you can easily download packages using the yum command:
For more options go to man yum.conf

How To Install And Configure Vyatta As An Internet Gateway

http://funlinuxfun.blogspot.com/
Vyatta is a popular open source alternative for cisco routerand is a security software which is available as a bootable live CD iso and as a Citrix XenServer & VMWare virtual appliance.

It allows for the easy configuration for routers in your network and is free of cost.

This installation is for all the machines supporting Vmware server or Vmware Workstation and also for the system on which vyatta needs to be installed on base system.
All versions include the current Vyatta feature set and are suitable for evaluation and test environments.

Here are some steps for how two configure vyatta as an internet gateway…

Step1.)For installing vyatta we need a live cd or if using a vmware server/workstation then download vyatta vmware appliance.

Step2.)Download the latest version from here

Step3.)Either use a live cd throughout the process or install it on the hard disk and if using Vmware go to next step. For installing vyatta on hard disk put the live cd and on the system .

Login into the vyatta machine with user root and password vyatta and type install-systemat the prompt to run installation and then the installer launches. The installer is an interactive install script that prompts you for some basic information and confirmation during the install.

Step4.)If using a vmware appliance for vyatta installation first unzip it and then open the .vmdk file through Vmware console open menu. Then turn the virtual machine on. Login into the virtual machine as user vyatta or root with password vyatta for both accounts.

Step5.)Next we need to configure network interfaces in vyatta.

Step6.)Type the following at the command prompt:

vyatta@vyatta:~$ configure
[edit]
vyatta@vyatta# set interfaces ethernet eth0 address
192.168.1.21/24
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# exit
exit
vyatta@vyatta:~$

Step7.)From another host on the same subnet, ping the interface to ensure that it is up.

Step8.)From a Linux or Windows command prompt, enter the following command
(substituting the IP address you assigned to the interface):
ping 192.168.1.81

If the Vyatta system is reachable, you will see replies from it in response to the
pings.
If so, your system is installed and accessible on your network.

Step9.)vyatta@vyatta:~$ configure

[edit]

vyatta@vyatta# set system host-name R1 ##configuring hostname in vyatta

[edit]

vyatta@vyatta:#commit

vyatta@R1# set interfaces ethernet eth0 address
192.0.2.21/24
[edit]

vyatta@R1# set interfaces ethernet eth1 address
192.168.1.254/24
[edit]
vyatta@R1# commit

vyatta@R1# show interfaces
ethernet eth0 {
address 192.0.2.21/24
hw-id 00:40:63:e2:e4:00
}
ethernet eth1 {
address 192.168.1.254/24
hw-id 00:13:46:e6:f6:87
}
loopback lo {
}
[edit]

Step10.)Define a NAT rule

vyatta@R1# set service nat rule 1 source address 192.168.1.0/24
[edit]
vyatta@R1# set services nat rule 1 outbound-interface eth0
[edit]
vyatta@R1# set service nat rule 1 type masquerade
[edit]
vyatta@R1# commit
[edit]

Step11.)reboot the system and use vyatta as an internet gateway.

How To Add Proxy Server Settings In Mozilla Web Browser

http://funlinuxfun.blogspot.com/
Sometimes for security reasons one may wish to connect to internet through proxy server

So what is a proxy Server.

Proxy Server is a server that acts as a path between the server and a client. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server.

A proxy server has two main  purposes:

• To keep machines behind it anonymous.
• To speed up access to a resource (via caching). It is commonly used to cache web pages from a web server.

Proxy server can be placed anywhere in between the user local computer and the destination internet.

For connecting system to the internet via proxy server we need to modify setting in the web browser .

Here I am using firefox for this configuration . For other browsers the step may vary slightly but after reading this article it will be easily set .

In the Menu option at the top go to Tools->Options

then go to advanced section

Then go to network tab and add the proxy server’s address in the manual pxoxysettings.

you can add settings for ftp ,http,ssl in the section.

Now enjoy the proxy server settings and be secure on your way to internet browsing.

How To Access And Control A Remote Linux System Using Vncviewer

http://funlinuxfun.blogspot.com/
Now one can easily enjoy the desktop terminal services of a remote linux  machine easily on its own linux/Windows desktop.Vncviewer is    the answer to this.

So what is a vncviewer?

Vncviewer is a viewer(client) for virtual network computing.Vncviewer is an Xt-based client application for the VNC (Virtual Network  Computing) system. It can connect to any VNC-compatible server such as Xvnc or WinVNC, allowing you to control desktop environment  of a different machine.

It is relatively straightforward to display and access a Linux desktop from a system anywhere else on a network or the internet by using Virtual Network Computing (VNC). This can be achieved regardless of whether that system is running Linux, Windows or Mac OS X.. The more impressive thing about this is that it can be set up for free with only a little time and knowledge.

For enabling vnc settings three things are required:

1. A VNC services enabled on the  Linux system whose desktop needs to be accessed.

2. A VNC viewer client installed on the system on which you want to display your Linux desktop.

3. A connection between the two systems.

Here are some  simple steps that will help you in setting the vncserver and allowing others to have  access to your desktop.

Step:1)Firstly you need to install vnc-server rpm on your server system.

Give the following command to install vnc packages:

#rpm –ivh  vnc-server-4.1.2-14.el5

#rpm –ivh  vnc-4.1.2-14.el5

Step:2)On your Linux system desktop whose desktop need to be accessed, go at the top and click on the System—>Preferences—>Remote desktop

Similar to thepicture below

After clicking on remote desktop a dialog box similar to below one will get  displayed:

Here check the first box i.e Allow other users to view your desktop.

There are other options also available like do you want to have password authentication and want to allows the remote system to control your desktop or not.

Step 3:)On the client side install the vnc packages:

To install the vnc package, at the prompt type:

#rpm –ivh  #rpm –ivh  vnc-4.1.2-14.el5

Step 4:)At the command prompt,just type the following command

#vncviewer

The following dialog box will get appeared.

Enter the ip of the remote machine and enjoy the services

It worked for me like this:

How To configure a samba share on redhat/linux

http://funlinuxfun.blogspot.com/
Sometimes your network may consists of Windows and Linux system.Samba server is the viable solution for file and printer sharing between linux and windows machines. Samba allows files and printers to be shared by all the systems in a network.
For networks having only Linux system we should go forNFS server.On how to configure NFS share read this
Samba server uses the SMB protocol for sharing files and printers across the network.

For configuration for samba server we need to install samba rpm packages.
For installing package:
# rpm -ivh samba
If your system supports yum installation use:
# yum –y install samba

If your system does not support yum installation you can configure yum server for your network. For

The default configuration file for samba is /etc/samba/smb.conf which allows users to view their home directories as a Samba share. It also shares all printers configured for the system as Samba shared printers.

If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the following command .
# services smb restart.

To specify the Windows workgroup , edit the following lines in your smb.conf file:
workgroup = WORKGROUPNAME
If you want to restrict users to access samba share only form your domain then
In section1:
host allow = your domain ip-address

To create a samba share which can be accessed on windows.Go to the last section of the configuration file for samba and add the following lines

[sharename]
comment = Insert a comment here
path = /home/share/
valid users = tfox carole
public = no
writable = yes
printable = no

You then need to add samba password for the valid users which will access the samba share on the windows machine

#smbpasswd –a username

#service smb restart

To enable service start after the reboot:

#chkconfig smb on

Samba also provides you with a utility called testparm for checking its default configuration file.
# testparm
The above command will show you all the shared folders and printers.

One can also login into the samba share on linux machine with the following command.

#smbclient //ip-address/share-name –U username
Enter the password prompted for and access the samba share.