Archive for category CentOS
http://tldp.org/HOWTO/LVM-HOWTO/upgraderoottolvm.html
Add hard drive to extend existing LVM volume
http://www.utahsysadmin.com/2009/12/08/add-hard-drive-to-extend-lvm/
Previously I posted how to add a hard drive and create a new volume in LVM. This time we’ll add a new hard drive and then increase or extend the size of an existing volume or partition. This is an example using an RHEL 5 derivative, OEL 5. The server is really a VM inside VMware vSphere 4, but that is of no consequence to what we are doing.
In this example, we have an existing /data partition of 350 GB. Well, it’s just not big enough, so we’ll add another 100 GB hard drive and give it to the /data partition.
After adding the 100 GB hard drive to the VM through vCenter, connect to the server through SSH or the console. Here’s the existing setup: Read the rest of this entry »
Install PHP 5.2 on CENTOS 5.4
Yep via Jason repo
http://www.jasonlitka.com/yum-repository/
> : ) yes!
En este articulo veremos una de las formas de instalar y configurar Squid para que autentique contra un servidor Windows 2003 con Active Directory.
Origen: Pablo Sarubbi – Efraim Wainerman
martes, 06 de marzo de 2007
En este articulo veremos una de las formas de instalar y configurar Squid para que autentique contra un servidor Windows 2003 con Active Directory.
Para ello elegimos la version Etch de Debian. Una vez instalada y actualizada procedemos a instalar el software complementario.
Mediante el uso del queridisimo comando apt-get install:
* squid
* squid-common
* samba-common
* libsmbclient
* smbclient
* libkrb53
* krb5-kdc
* krb5-config
* krb5-user
* winbind
Despues de asegurarnos que todos estos paquetes quedaron instalados tenemos que tocar un par de archivos de configuracion:
/etc/squid/squid.conf
# Active Directory configuration
auth_param basic program /usr/bin/ntlm_auth –helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid Proxy Server
auth_param basic credentialsttl 2 hours
# Solo permitir usar el proxy a los usuarios autenticados
acl authenticated_users proxy_auth REQUIRED
…
http_access allow authenticated_users
/etc/samba/smb.conf
[global]
netbios name = proxyserver
realm = DOMAIN.COM
workgroup = DOMAIN
security = ADS
password server = dc01.domain.com dc02.domain.com dc03.domain.com
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-20000
winbind enum users = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind use default domain = yes
encrypt passwords = yes
log level = 3 passdb:5 auth:10 winbind:5
/etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = DOMAIN.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DOMAIN.COM = {
kdc = dc01.domain.com:88
kdc = dc02.domain.com:88
kdc = dc03.domain.com:88
admin_server = dc01.domain.com:749
default_domain = DOMAIN.COM
}
[domain_realm]
.domain.com = dc01.domain.com
domain.com = dc01.domain.com
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
/etc/pam.d/samba
auth required pam_nologin.so
auth required pam_stack.so service=system-auth-winbind
account required pam_stack.so service=system-auth-winbind
session required pam_stack.so service=system-auth-winbind
password required pam_stack.so service=system-auth-winbind
/etc/pam.d/squid
auth required /lib/security/pam_stack.so service=system-auth-winbind
account required /lib/security/pam_stack.so service=system-auth-winbind
/etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
Luego, y esto es muy importante, con un usuario de administrador de la red, ejecutamos:
net ads join Servers/Linux -U AdminAcct -S dc01.domain.com
En teoria esto seria todo.
Suerte
Links:
1. http://www.squid-cache.org/Doc/FAQ/FAQ_long.html#winbind
2. http://info.ccone.at/INFO/Samba-2.2.12/winbindd.8.html
3. http://acd.ucar.edu/~fredrick/linux/samba3/
4. http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing_AD_Domain
Nota 1:
root# wbinfo -u –> para listar todos los usuarios de la red
root# wbinfo -g –> para listar todos los grupos de la red
root# getent passwd –> muestra los datos completos de cada usuario
root# getent group –> muestra los datos completos de cada grupo
LDAP AD
Hi
I’m batteling to get squid_ldap_auth to authenticate against M$
windows Active Directory 2008 with my config below
/usr/lib64/squid/squid_ldap_auth -b “OU=Organizational
Structure,DC=example,DC=co,DC=za” -h 10.*.*.250 -D
“CN=squid,OU=Other,OU=TC JHB,OU=Company,OU=Organizational
Structure,DC=example,DC=co,DC=za” -w “Password1″ -f
“(&(uid=%s)(objectclass=user))”
I have used a similar config on windows Active Directory 2003 and it
worked perfectly fine. Is there a catch to authenticating against the
2008 version of AD ? or have I missed some thing ..
How is the best way to debug this as squid does not log or output any
errors even when in debugging mode ..
when is run
[root@gregory-workstation ~]# /usr/lib64/squid/squid_ldap_auth -b
“OU=Organizational Structure,DC=techconcepts,DC=co,DC=za” -h
10.0.1.250 -D “CN=squid,OU=Other,OU=TC
JHB,OU=Company,OU=Organizational
Structure,DC=techconcepts,DC=co,DC=za” -w “Password1″ -f
“(&(uid=%s)(objectclass=user))” -v3
gregory.machin Password1
ERR Success
I get “ERR Success”
I believe I should get “OK”
How can I get more info out of this interface ?
Thanks in advance .
Squid authentication against Microsoft’s Active Directory
http://www.cyberciti.biz/tips/howto-configure-squid-ldap-authentication.html
Squid authentication against Microsoft’s Active Directory
I have not used group_ldap_auth helper against Microsoft’s Active Directory. But someone (user) pointed out the following solution. Add following configuration directive to squid.conf:
ldap_auth_program /usr/lib/squid/group_ldap_auth -b dc=my-domain,dc=de -h \
server.my-domain.de -p 636 -g distinguishedName -d CN=lookup,OU=Services,\
OU=Users,DC=my-domain,DC=de -w lookup -u cn -m member -o group -S -l \
/var/log/squid/ldaplog
acl ldap_backoffice ldap_auth static ‘CN=BackOffice,OU=Groups,dc=my-domain,dc=de’
acl ldap_management ldap_auth static ‘CN=Management,OU=Groups,dc=my-domain,dc=de’
acl ldap_it-service ldap_auth static ‘CN=IT-Service,OU=Groups,dc=my-domain,dc=de’
acl ldap_development ldap_auth static ‘CN=DEVELOPMENT,OU=Groups,dc=my-domain,dc=de’
http_access allow ldap_development
http_access allow ldap_backoffice
http_access allow ldap_management
http_access allow ldap_it-service
http_access deny all
rpm -e trouble: specifies multiple packages
Try
rpm -e --allmatches kernel-2.4.25-8tr
What is PacketFence?
http://www.packetfence.org/home.html
What is PacketFence?
PacketFence is a Free and Open Source network access control (NAC) system. PacketFence is actively maintained and has been deployed in numerous large-scale institutions over the past years. It can be used to effectively secure networks – from small to very large heterogeneous networks. PacketFence has been deployed in production environments where thousands of users are involved. Among the different markets are :
- banks
- colleges and universities
- engineering companies
- manufacturing businesses
- school boards
… and many more!
Released under the GPL, PacketFence offers an impressive amount of features.
how to create an ISO file LINUX
- Go to a terminal screen. You can usually right click on the desktop and choose this option from the drop-down menu.
- Type “dd if=/dev/cdrom of=/cdrom_image.iso”