Friday, June 6, 2008
Bonding Network Interfaces
Should have the GATEWAY defined in /etc/sysconfig/network and the ifcfg-xxxx config file. Just in one. Try to use save vendor of NIC for network bonding.
Xen DomU server different time zone
I am in the testing stages of Xen right now and have discovered that you only need to run ntp on the Dom0 host. The DomU hosts get updated from the Dom0 server. What if you want to run a DomU in a different time zone?
For a RHEL 4/5 DomU edit /etc/sysconfig/clock and set the appropriate timezone OR create a symbolic link in /etc called localtime that points to the time zone desired.
For a RHEL 4/5 DomU edit /etc/sysconfig/clock and set the appropriate timezone OR create a symbolic link in /etc called localtime that points to the time zone desired.
Changing Time Zone CL style
Set system time RHEL 5. Probably works for RHEL3 and 4 but not tested. The time zone files are listed in /usr/share/zoneinfo. Simply, cd to /etc directory and create a symbolic link to change the time of the system. Make sure you are pointing to the correct time zone.
cd /etc
ln -sf /usr/share/zoneinfo/Americas/Los_Angeles localtime
Note using the date command will not overwrite this setting. Using date -s hour:min and then running date again, the time is not changed.
In addition to make sure the system time comes up correct again, you can edit /etc/sysconfig/clock and make sure tha appropriate time zone is listed.
Note: the /etc/localtime take precidense over the /etc/sysconfig/clock file.
cd /etc
ln -sf /usr/share/zoneinfo/Americas/Los_Angeles localtime
Note using the date command will not overwrite this setting. Using date -s hour:min and then running date again, the time is not changed.
In addition to make sure the system time comes up correct again, you can edit /etc/sysconfig/clock and make sure tha appropriate time zone is listed.
Note: the /etc/localtime take precidense over the /etc/sysconfig/clock file.
Monday, May 19, 2008
Argument list too long error
I was trying to view the contents of a large growing directory used by Sendmail (/var/spool/mqueue). When I tried to run an ls or tar the contents, I kept getting the error: Argument list too long.
I found this very helpful reference to circumvent this issue at the following URL:
http://www.cyberciti.biz/faq/argument-list-too-long-error-solution/
Also here is another explanation:
http://www.linuxjournal.com/article/6060
I found this very helpful reference to circumvent this issue at the following URL:
http://www.cyberciti.biz/faq/argument-list-too-long-error-solution/
Also here is another explanation:
http://www.linuxjournal.com/article/6060
Tuesday, November 20, 2007
Linux AD Integration without AD Schema modifications
Note: Some of these instructions were taken from the book entitled "Windows & Linux Integration"
This was tested on RHEL AS4 and SuSE 10.2 using Winbind which requires no changes to the AD schema. Winbind's UID mappings are independent on every Linux workstation.
You must have a AD domain controller to connect to. If the name of your domain is domain.com then your computer name must be in the domain.com subdomain.
Otherwise, domain membership will NOT work!!!
You must also have an administrative account that is allowed to join computers to the AD domain.
Before you do anything make a backup copy of the following files which will be edited by the authconfig tool in RHEL 4 and the YaST2 config tool in SuSE 10.2.
/etc/nsswitch.conf
/etc/krb5.conf
/etc/krb.realms
/etc/krb.conf
/etc/samba/smb.conf
/etc/pam.d/login
/etc/pam.d/sshd
RHEL /etc/pam.d/gdm
SuSE/etc/pam.d/xdm
RHEL AS4
SuSE 10.2
Troubleshooting:
Once the computer has been successfully added to the domain you can try to ssh like this:
ssh AD\\username@servername
Or Login to the console like this:
AD\username
Enter password
In both cases you should automatically be put in your home directory /home/AD/username
This was tested on RHEL AS4 and SuSE 10.2 using Winbind which requires no changes to the AD schema. Winbind's UID mappings are independent on every Linux workstation.
You must have a AD domain controller to connect to. If the name of your domain is domain.com then your computer name must be in the domain.com subdomain.
Otherwise, domain membership will NOT work!!!
You must also have an administrative account that is allowed to join computers to the AD domain.
Before you do anything make a backup copy of the following files which will be edited by the authconfig tool in RHEL 4 and the YaST2 config tool in SuSE 10.2.
/etc/nsswitch.conf
/etc/krb5.conf
/etc/krb.realms
/etc/krb.conf
/etc/samba/smb.conf
/etc/pam.d/login
/etc/pam.d/sshd
RHEL /etc/pam.d/gdm
SuSE/etc/pam.d/xdm
RHEL AS4
- authconfig The majority of the configuration can be accomplished with the authconfig utility. Authconfig will display 2 lists. On the left is a list of sources of user information; these resources are consulted to determine a user's full name, user ID, group ID, and so forth. On the right is a list of valid authorities to authenticate a user's password.
- Make sure to leave "Use MD5 Passwords" and "Use Shadow Passwords" selected since we want to introduce an additional way to authenticate and not remove the local authentication. Select "Use Winbind" and "Use Winbind Authentication". See below for the settings I entered.
Security Model: (*) ads
( ) domain
Domain: "Your Domain Name"
Domain Controllers: FQDN of your AD controller
ADS Realm: AD Realm
Template Shell: ( ) /bin/false
( ) /sbin/nologin
( ) /bin/sh
(*) /bin/bash
( ) /bin/tcsh
Note: DO NOT SELECT THE JOIN DOMAIN BUTTON AS IT WILL NOT PROVIDE ANY INFORMATION AS TO WHETHER IT WORKED OR NOT!!
Select the OK button. When you select ok you will see a message similar to the following:
[dlopez@developer ~]$ sudo authconfig
Shutting down Winbind services: [FAILED]
Starting Winbind services: [ OK ] - Although authconfig configures "most" of the critical authentication-related files in the system correctly, the system still doesn't have what it needs to create local home directories for users.
Without a local home directory login attempts for any user will fail. - Configure PAM to Create Home Directories As Needed. Since Linux doesn't have a registry or notion of user profiles, the home directory is crucial. There are many ways to login to a Linux system we are going to edit 3 files so that home directories get created automatically when a user logs in via any of those 3 methods. The files are:
/etc/pam.d/sshd (ssh access)
/etc/pam.d/login (console access)
/etc/pam.d/gdm (GUI login - gnome)
Add the following line to each of the files listed above:
session required pam_mkhomedir.so skel=/etc/skel umask=0077 - Samba is a suite of services and client applications that provide Windows file-sharing protocols to Linux clients and servers. Winbind (the thing that gets us authentication to AD) is part of the Samba suite. Here Samba configuration is still required on the Linux client to tell the system exactly where to create the home directories when users login via AD. It's all configured in the /etc/samba/smb.conf file.
- First create the parent directory.
mkdir /home/AD
In the real-world you will replace AD with the Windows NT-style "short" name of your AD domain "IN ALL CAPS". If you try with lowercase, it won't work.
- Set permissions on the newly created directory.
chmod 755 /home/AD
- Next edit the smb.conf file and add the following line to the "[global]" section of the config file.
template homedir = /home/%D/%U
The %D variable is replaced with the NT-style short Windows domain name, and the %U variable is replaced with the Windows user logon name in lowercase.
- Restart winbind service: service winbind restart
- First create the parent directory.
- Join the computer to the domain:
(as root) [dlopez@developer ~]$ sudo net ads join -U administrator
administrator's password:
Using short domain name -- AD
Joined 'HOSTNAME' to realm 'DOMAIN.COM'
Check you can resolve your domain controller's IP address.
Make sure to just enter administrator username and not AD\administrator.
Make sure time is close for client and Kerberos server.
Make sure SELinux is set to permissive. Or edit the SELinux policy accordingly.
SuSE 10.2
- YaST2 -> Network Services -> Windows Domain Membership Enter the domain name: DOMAIN.COM. Check the boxes next to:
Also use SMB Information for Linux Authentication, Create home directory on login, Offline Authentication. - Select the Finish button and you should receive a pop-up that this computer is not joined to the domain yet. Enter the authenticated users name and password in order to join the computer to the domain. Upon success your computer will be joined to the domain.
- Without a local home directory login attempts for any user will fail!!!
- Configure PAM to Create Home Directories As Needed. Since Linux doesn't have a registry or notion of user profiles, the home directory is crucial. There are many ways to login to a Linux system we are going to edit 3 files so that home directories get created automatically when a user logs in via any of those 3 methods. The files are:
/etc/pam.d/sshd (ssh access)
/etc/pam.d/login (console access)
/etc/pam.d/xdm (GUI login - gnome)
Add the following line to each of the files listed above:
session required pam_mkhomedir.so skel=/etc/skel umask=0077 - Samba is a suite of services and client applications that provide Windows file-sharing protocols to Linux clients and servers. Winbind (the thing that gets us authentication to AD) is part of the Samba suite. Here Samba configuration is still required on the Linux client to tell the system exactly where to create the home directories when users login via AD. It's all configured in the /etc/samba/smb.conf file.
- First create the parent directory.
mkdir /home/AD
In the real-world you will replace HUMNET with the Windows NT-style "short" name of your AD domain "IN ALL CAPS".
If you try with lowercase, it won't work.
- Set permissions on the newly created directory.
chmod 755 /home/AD
- For SuSE 10.2 the following line was added by the GUI in the smb.conf file:
template homedir = /home/%D/%U'''
The %D variable is replaced with the NT-style short Windows domain name, and the %U variable is replaced with the Windows user logon name in lowercase.
- Restart winbind service: sudo /sbin/service winbind restart
- First create the parent directory.
- Test by pressing Crtl+Alt+F2 to switch to a login console. Enter AD\username and type AD username's password. It should log you in successfully.
Troubleshooting:
Once the computer has been successfully added to the domain you can try to ssh like this:
ssh AD\\username@servername
Or Login to the console like this:
AD\username
Enter password
In both cases you should automatically be put in your home directory /home/AD/username
Subscribe to:
Posts (Atom)
