X-Terminal & Linux login with a XP Machine and XDMCP on REDHAT LINUX

X-Terminal

Setup With Windows Machine:
Download X-ming software/tool from http://sourceforge.net/projects/xming/ and Install on windows XP system. And after Linux configuration open Xming in windows system.

Setup With Linux Machine:

Linux Configuration For a GUI Login
[root@sandeeplinux3 ~]#cat /etc/inittab
#
# inittab This file describes how the INIT process should set up
# the system in a certain run-level.
#
# Author: Miquel van Smoorenburg,
# Modified for RHS Linux by Marc Ewing and Donnie Barnes
#
# Default runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
id:5:initdefault:

Typically Linux Configures the choice of a test console login or a graphical GUI login the init script Configuration file /etc/inittab. In order to allow remote a GUI login, the system itself must be configured for a X11 GUI login.

Granting MS/Windows users remote GUI access to your system:
XDM login manager:
Edit file:

[root@sandeeplinux3 ~]#vi /etc/X11/xdm/Xaccess
Change from
# * #any host can get a login window
Change To
* #any host can get a login window

Edit file:

[root@sandeeplinux3 ~]#vi /etc/X11/xdm/xdm-config
Change from:
!DisplayManager.requestPort: 0
Change to:
DisplayManager.requestPort: 0

GDM Login manager:

Edit file:

[root@sandeeplinux3 ~]# vi /etc/X11/gdm/gdm.conf
Change last line from:
[xdmcp]
Enable=false
Change to:
[xdmcp]
Enable=true

Restart X-windows:
[root@sandeeplinux3 ~]# init 3
[root@sandeeplinux3 ~]# init 5

Note:
You can use the config tool /usr/sbin/gdmsetup to configure GDM
You can test the GDM login screen locally: X -query localhost :1

Testing By Linux Machine:

export DISPLAY=192.168.1.212:0 (Win Machine IP, In win machine must install xming s/w)
env |grep DIS (In this should show as DIS=192.168.1.212:0.0)
xterm

GUI REMOTE DESKTOP FROM LINUX TO WINDOWS

Configure above steps for Windows and Linux Machine and also follow next steps:

Linux Setup:

Click on link http://linuxsoft.cern.ch/scientific/42/x86_64/errata/bugfix-43.old/RPMS/ and download “xorg-x11-Xnest-6.8.2-1.EL.13.20.x86_64.rpm” package and install on linux machine.

Installation Steps:

[root@sandeeplinux3 ~]# rpm -qa |grep xorg-x11-Xnest-6.8.2-1.EL.13.20.x86_64.rpm (1st check whether package has installed default, if not installed then install that package)

[root@sandeeplinux3 ~]# rpm -i xorg-x11-Xnest-6.8.2-1.EL.13.20.x86_64.rpm (Install Xnest package)

Remote X Server access for Linux:

Use the X-Windows Xnest command to connect
Example:
[root@sandeeplinux3 ~]# /usr/bin/X11/Xnest -query 192.168.1.212:0 -geometry 1280x1024 :1

If your get the following error message:

Fatal server error:
Server is already active for display 0

This means you forget the “:1” at the end of the command and it defaulted to :0 which is your current desktop window thus causing a conflict.

X-Terminal & Remote Desktop with Firewall Enabling:

Make sure the system firewall rules allow XDMCP protocol to pass.
List firewall rules: iptables -L
Flush all firewall rules: iptables -F
The following ports and protocols must be able to pass through the firewall:
UDP: 177 (XDMCP)
TCP: 6000-6005 (X11 protocol)
TCP: 7100 (xfs: X font server)

Edit Iptable file:
[root@sandeeplinux3 ~]# vi /etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 177 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 6000:6005 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 7100 -j ACCEPT
:wq [save & exit]

[root@sandeeplinux3 ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]

Windows Setup:
Note: In windows system xming must be installed, keep Xming & Xlaunch on desktop.

Windows Desktop → click on Xlaunch → Select one window → Next → Select open session via XDMCP → connect to host 192.168.1.11 (xterminal sever IP) → Next → Next → Finish. → 192.168.1.11 system remote desktop will launch → give linux machine user name → password → Enter. → now remote desktop has connected on Windows XP machine from linux.

Thanks and Regards,
Sandeep CC

Testing NIS & NFS Users in REDHAT LINUX

NIS & NFS USER
This is Testing Example For NIS & NFS Server

NIS Server Side Configuration:
Create user and password in NIS server machine (sandeeplinux3)
[root@sandeeplinux3 ~]# useradd -g users nisnfs
[root@sandeeplinux3 ~]# passwd nisnfs
Changing password for user nisnfs.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

Add User in NIS machine
[root@sandeeplinux3 ~]# cd /var/yp/
[root@sandeeplinux3 yp]# make
gmake[1]: Entering directory `/var/yp/sandeep-NIS-SERVER'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/sandeep-NIS-SERVER'
Checke With user with NIS user
[root@sandeeplinux3 yp]# ypmatch nisnfs passwd
nisnfs:$1$QVtgvZ4p$WEAqYqjiOnnizEkFs5IEk.:516:100::/home/nisnfs:/bin/bash
[root@sandeeplinux3 yp]# getent passwd nisnfs
nisnfs:x:516:100::/home/nisnfs:/bin/bash
Share nisnfs user's Home directory in NFS server:
[root@sandeeplinux3 home]# vi /etc/exports
/home/nfsdir 192.168.1.10(rw,sync)
/home/nisnfs sandeeplinux2(rw,sync)
:wr [Save & Exit]
Make sure nisnfs user home directory has mounted in NFS server
[root@sandeeplinux3 home]# exportfs -ra
[root@sandeeplinux3 home]# exportfs
/home/nfsdir sandeeplinux2
/home/nisnfs sandeeplinux2
[root@sandeeplinux3 home]#

NFS Client Side Configuration:
Go to NFS Client Machine(sandeeplinux2) and create one directory in /home
[root@sandeeplinux2 home]# mkdir nisnfs
[root@sandeeplinux2 home]# ls -ltr
Checke with Directory user & group permission
[root@sandeeplinux2 home]# ls -ltr
drwxr-xr-x 2 root root 4096 Mar 4 12:29 nisnfs
Mount nisnfs user's home directory(sandeeplinux3 server) in (sandeeplinux2 client)/home/nisnfs directory
[root@sandeeplinux2 home]# mount 192.168.1.11:/home/nisnfs/ /home/nisnfs/
Check directory permission after mounting with NFS Server
[root@sandeeplinux2 home]# ls -ltr
drwx------ 5 nisnfs users 4096 Mar 4 2010 nisnfs
Note: After Mounting nisnfs home directory on client, it should be change like Server nisnfs user permissions.
Troubleshoot:
If once modified /etc/exports file in server machine and client machine not able to mount the shared directory means
Restart all services one by one in Server Machine & Client Machine.
Server Machine:
service portmap restart
service nfslock restart
service nfs restart
Client Machine:
service portmap restart
service nfslock restart
service netfs restart

NFS Server Configuration On REDHAT LINUX-4

NFS SERVER
Introduction:
Experimented NFS Server and Client
Note:
Server Name: sandeeplinux3 192.168.1.11
Client Name: sandeeplinux2 192.168.1.10
(While Configuring time firewall/iptables should be OFF, later will configure firewall with NFS server)

Requirement Of Packages: [almost all packages will install default while OS installing time]
[root@sandeeplinux3 ~]# rpm -qa |grep
Server: RedHat 4 (nfs-utils-1.0.6-65.EL4 , portmap-4.0-63, quota-3.12-5)

[root@sandeeplinux2 ~]# rpm -qa |grep
Clients: RedHat 4(nfs-utils- 1.0.6-65.EL4 , portmap 4.0-63, quota-3.12-5)

Server setup [sandeeplinux3 192.168.1.11]
Create the new directory that you will export, say /nfsdir, change the permission to 777 and mount the partition on it: (We can share the users home directories also, but for testing purpose we are sharing created new directory)
[root@sandeeplinux3 ~]# cd /home
[root@sandeeplinux3 home]# mkdir nfsdir
[root@sandeeplinux3 home]# chmod -R 777 nfsdir
[root@sandeeplinux3 home]# ls -ltr
drwxrwxrwx 4 root root 4096 Mar 3 12:20 nfsdir

Edit the file /etc/exports adding the line:
[root@sandeeplinux3 home]# vi /etc/exports
/home/nfsdir 192.168.1.10(rw,sync)
[Enter this line into /etc/export file, and give client IP or Name]


Secure the daemons with TCP wrappers: in the file /etc/hosts.deny add a line like this:
[root@sandeeplinux3 home]# vi /etc/hosts.deny
#192.168.1.11/sandeeplinux3: ALL
[root@sandeeplinux3 home]#

for each of the five daemons portmap, lockd, statd, mountd, rquotad. In the file /etc/hosts.allow the line should look like this:
[root@sandeeplinux3 home]# vi /etc/hosts.allow
#192.168.1.11/sandeeplinux3: 192.168.1.10/sandeeplinux2

Start the services:
[root@sandeeplinux3 ~]# service portmap start
Starting portmap: [ OK ]
[root@sandeeplinux3 ~]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@sandeeplinux3 ~]# service nfslock start [ OK ]

And add them to the start configuration with:
chkconfig portmap on
chkconfig nfs on
chkconfig nfslock on .
Verify that the daemons are running with
[root@sandeeplinux3 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32769 status
100004 2 udp 834 ypserv
100004 1 udp 834 ypserv
100004 2 tcp 834 ypserv
100004 1 tcp 834 ypserv
600100069 1 udp 835 fypxfrd
600100069 1 tcp 835 fypxfrd
100007 2 udp 882 ypbind
100007 1 udp 882 ypbind
100007 2 tcp 885 ypbind
100007 1 tcp 885 ypbind
100009 1 udp 654 yppasswdd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32779 nlockmgr
100021 3 udp 32779 nlockmgr
100021 4 udp 32779 nlockmgr
100021 1 tcp 32774 nlockmgr
100021 3 tcp 32774 nlockmgr
100021 4 tcp 32774 nlockmgr
100011 1 udp 634 rquotad
100011 2 udp 634 rquotad
100011 1 tcp 637 rquotad
100011 2 tcp 637 rquotad
100005 1 udp 639 mountd
100005 1 tcp 642 mountd
100005 2 udp 639 mountd
100005 2 tcp 642 mountd
100005 3 udp 639 mountd
100005 3 tcp 642 mountd
[root@sandeeplinux3 ~]#

Client Setup [192.168.1.10]
Secure the daemons with TCP wrappers: in the file /etc/hosts.deny add a line like:
[root@sandeeplinux2 ~]# vi /etc/hosts.deny
sandeeplinux2/192.168.1.10: ALL
for each of the five daemons portmap, lockd, statd, mountd, rquotad. In the file /etc/hosts.allow the line should look like this:
[root@sandeeplinux2 ~]# vi /etc/hosts.deny
sandeeplinux2/192.168.1.10: sandeeplinux3/192.168.1.11
Create a directory where you have to mount shared directory:

[root@sandeeplinux2 ~]# cd /home
[root@sandeeplinux2 home]# mkdir nfsdir
Start services
[root@sandeeplinux2 ~]# service portmap start
Starting portmap: [ OK ]
[root@sandeeplinux2 ~]# service netfs start
Mounting NFS filesystems: mount to NFS server '192.168.1.9' failed: server is down.
Mounting other filesystems: [ OK ]
[root@sandeeplinux2 ~]# service nfslock restart
Stopping NFS locking: [ OK ]
Stopping NFS statd: [ OK ]
Starting NFS statd: [ OK ]
[root@sandeeplinux2 ~]#

Verify that the services portmap and nfslock are running. The commands needed to verify, start and add this services to the running configuration are shown at the last two points of server setup. With the command
[root@sandeeplinux2 ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32769 status
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr
100021 1 tcp 32787 nlockmgr
100021 3 tcp 32787 nlockmgr
100021 4 tcp 32787 nlockmgr
100005 1 udp 702 mountd
100005 1 tcp 714 mountd
100005 2 udp 702 mountd
100005 2 tcp 714 mountd
100005 3 udp 702 mountd

With the daemons portmap, lockd, statd running you should be able to mount the remote directory. Try it typing:
Mount /home/nfsdir server directory on /home/nfsdir client machine
[root@sandeeplinux2 ~]# mount 192.168.1.11:/home/nfsdir/ /home/nfsdir/

NFS through IPTABLES Firewall Setup [Server Machine]
Enable portmap,nfs & nfslock port no.
[root@sandeeplinux3 ~]# cd /etc/sysconfig/
[root@sandeeplinux3 sysconfig]# vi iptables
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 2049 -j ACCEPT
:wr [Save & Exit]
[root@sandeeplinux3 ~]#service iptables restart

Note: Also need to enable nfslock port, for getting nfslock port no type rpcinfo -p check Port No for nfslock and enter in iptable file. In case any modification done in any NFS server related document of Iptables file then restart the firewall services.
Restart Iptables/Firewall Services
Troubleshoot:

Configure Samba On REDHAT LINUX-4

SAMBA SERVER

SAMBA SERVER
Samba uses /etc/samba/smb.conf as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the command service smb restart.
To specify the Windows workgroup and a brief description of the Samba server, edit the following lines in your smb.conf file:
workgroup = "WORKGROUPNAME"


Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong. To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):
[general]
path = /home/general/
valid users = tech,general
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users tech and general to read and write to the directory /home/general, on the Samba server, from a Samba client.
Encrypted Passwords:
Encrypted passwords are enabled by default because it is more secure. If encrypted passwords are not used, plain test password are used, which can be intercepted by someone using a network packet sniffer. It is recommended that encrypted passwords be used.
To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:
1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.
2. Change the permissions of the Samba password file so that only root has read and write permissions:
chmod 600 /etc/samba/smbpasswd
3. The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):
smbpasswd username
4. Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
5. Make sure the smb service is started by typing the command service smb restart at a shell prompt.
6. If you want the smb service to start automatically, use Chkconfig smb on

Starting and Stopping Samba the Server
On the server that is sharing directories via Samba, the smb service must be running.
View the status of the Samba daemon with the following command:
/sbin/service smb status
Start the daemon with the following command:
/sbin/service smb start
Stop the daemon with the following command:
/sbin/service smb stop
To start the smb service at boot time, use the command:
/sbin/chkconfig smb on

Creating Users & File,Folder Permissions

Create two users with password as general & tech

[root@localhost ~]# useradd general
[root@localhost ~]# passwd general

[root@localhost ~]# useradd tech
[root@localhost ~]# passwd tech

Create one group as gtssamba

[root@localhost ~]# groupadd gtssamba
[root@localhost ~]#

Add both user to gtssamba group

[root@localhost ~]# usermod -G gtssamba tech
[root@localhost ~]# usermod -G gtssamba general
[root@localhost ~]#

Check whether both users has added in gtssamba group

[root@localhost ~]# id tech
uid=507(tech) gid=512(tech) groups=512(tech),514(gtssamba)
[root@localhost ~]# id general
uid=508(general) gid=513(general) groups=513(general),514(gtssamba)
[root@localhost ~]#

Check with /etc/group file

[root@localhost ~]# cat /etc/group
root:x:0:root
tech:x:512:
general:x:513:
gtssamba:x:514:tech,general
[root@localhost ~]#

Give full group permissions to general home directory

[root@localhost home]# chmod g=rwx general
[root@localhost home]# ls -ltr
drwxrwx--- 3 general general 4096 Dec 14 11:33 general
drwx------ 3 tech tech 4096 Dec 14 11:34 tech
[root@localhost home]#

Add general directory/user to gtssamba group:

[root@localhost home]# chgrp gtssamba general
[root@localhost home]# ls -ltr
drwxrwx--- 3 general gtssamba 4096 Dec 14 11:33 general
drwx------ 3 tech tech 4096 Dec 14 11:34 tech
[root@localhost home]#

Give group special permission to general home directory

[root@localhost home]# chmod g+s general/
[root@localhost home]# ls -ltr
drwxrws--- 3 general gtssamba 4096 Dec 14 11:33 general
drwx------ 3 tech tech 4096 Dec 14 11:34 tech

Now check both users has got full permissions to access for general home directory,

1. go to general user and create some file folders

[general@localhost ~]$ mkdir general
[general@localhost ~]$ touch general.txt
[general@localhost ~]$ ls -ltr
-rw-rw-r-- 1 general gtssamba 0 Dec 14 12:01 general.txt
drwxrwsr-x 2 general gtssamba 4096 Dec 14 12:01 general

2. go to tech user and try to create some file and folders in general home directory,

[tech@localhost general]$ mkdir fromtech
[tech@localhost general]$ vi fromtech.txt
[tech@localhost general]$ ls -ltr
drwxrwsr-x 2 tech gtssamba 4096 Dec 14 12:02 fromtech
-rw-rw-r-- 1 tech gtssamba 11 Dec 14 12:02 fromtech.txt

3. try to modify all created files folder by both users.

[general@localhost ~]$ ls -ltr
total 28
-rw-rw-r-- 1 general gtssamba 0 Dec 14 12:01 general.txt
drwxrwsr-x 2 general gtssamba 4096 Dec 14 12:01 general
drwxrwsr-x 2 tech gtssamba 4096 Dec 14 12:03 fromtech
-rw-rw-r-- 1 tech gtssamba 25 Dec 14 12:03 fromtech.txt


SAMBA USER CREATION, SHARE HOME DIRECTORY & FILE PERMISSIONS.

Add both users in samba server (users password should be different than local login password)

[root@localhost ~]# smbpasswd tech
New SMB password:
Retype new SMB password:
[root@localhost ~]# smbpasswd general
New SMB password:
Retype new SMB password:
[root@localhost ~]#

Share both users home directory

Share & Give full permission to general home directory for both users,

[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# vi smb.conf (add bellow lines in end of the smb.conf page)


[GENERAL]
path = /home/general
broweable = yes
writeable = yes
write list = general tech
create mask = 0770
directory mask = 0770

Share & Give default permission to tech home directory for only tech local user.

[TECH]
path = /home/tech
valid users = tech
writeable = yes
create mask = 0700

START, RESTART & STOP SAMBA SERVER SERVICE

After sharing home directories for both user once restart smb service

[root@localhost ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@localhost ~]#

For getting status of samba server
[root@localhost ~]# service smb status
smbd (pid 3858 3857) is running...
nmbd (pid 3862) is running...
For stopping samba server
[root@localhost ~]# service smb stop
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]

For Starting samba server
[root@localhost ~]# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

In case any modification done in /etc/samba/smb.conf file then once restart the samba server/service.
[root@localhost ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]


Now check with Window local Samba machine.

Go to XP Machine

Go Start
|
Run
|
\\192.168.1.11 (Samba Server IP address)
|
tech (Samba User Name)
tech12345 (Samba user password)
|
Click On Tech shared folder & try with creatation of File & folders.



Go Start
|
Run
|
\\192.168.1.11 (Samba Server IP address)
|
general (Samba User Name)
general12345 (Samba user password)
|
Click On Tech shared folder & try with creatation of File & folders.


Now both users are having full permission for accessing/modifying/deleting/creating for general home directory.

SAMBA WITH FIREWALL SETUP:

[root@gtslinux3 ~]# vi /etc/sysconfig/iptables [check with Red bold ed sentence]
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1560:712733]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq [Save and exit]

[root@gtslinux3 ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
[root@gtslinux3 ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

Install & Configure phpMyAdmin tool on REDHAT LINUX-4

Install & Configure phpMyAdmin tool
Download Required Package From bellow Site:

Click on this link & download this package phpmyadmin-2.11.9.3-1.el4.rf
http://rpm.pbone.net/index.php3/stat/4/idpl/11978420/dir/redhat_el_4/com/phpmyadmin-2.11.9.3-1.el4.rf.noarch.rpm.html
[root@sandeeplinux3 ~]# ls -ltr
-rw-r--r-- 1 root root 4438372 Mar 24 13:08 phpmyadmin-2.11.9.3-1.el4.rf.noarch.rpm

Install phpMyAdmin Package:
[root@sandeeplinux3 IMP_rpm_packages]# rpm -i phpmyadmin-2.11.9.3-1.el4.rf.noarch.rpm
warning: phpmyadmin-2.11.9.3-1.el4.rf.noarch.rpm: V3 DSA signature: NOKEY, key ID 1aa78495
[root@sandeeplinux3 IMP_rpm_packages]#

Check & Edit config.inc.php file:
[root@sandeeplinux3 ~]# cd /usr/share/phpmyadmin/
[root@sandeeplinux3 phpmyadmin]# ls -ltr config.inc.php
-rw-r----- 1 root apache 1751 Oct 31 2008 config.inc.php
[root@sandeeplinux3 phpmyadmin]#

Note: Keep Original file as backup then edit the file
[root@sandeeplinux3 phpmyadmin]# cp config.inc.php config.inc.php.20100324
[root@sandeeplinux3 phpmyadmin]# ls -ltr config.inc.php*
-rw-r----- 1 root apache 1751 Oct 31 2008 config.inc.php
-rw-r----- 1 root root 1751 Mar 24 14:27 config.inc.php.20100324

[root@sandeeplinux3 phpmyadmin]#vi config.inc.php
/*
* This is needed for cookie based authentication to encrypt password in
* cookie
*/
$cfg['blowfish_secret'] = 'YOURPASSWORD'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

Note: In config.inc.php file modify with password, password should be any mysql user's password, should not enter root password for secure purpose. This password will allow for temp cookies.

Testing With Localhost: [Befor testing check with firewall settings, firewall setting given in the last]
Click On Browser and enter bellow address
http://localhost.localdomain/phpMyAdmin
Enter mysql user name & password
User name: sandeep
Password: sandeep123

Edit phpMyAdmin.conf file:

[root@sandeeplinux3 ~]# cd /etc/httpd/conf.d/
[root@sandeeplinux3 conf.d]# ls -ltr
-rw-r--r-- 1 root root 269 Mar 24 16:43 phpmyadmin.conf
Note: Keep Original file as backup then edit the file
[root@sandeeplinux3 conf.d]# cp phpmyadmin.conf phpmyadmin.conf.20100324
[root@sandeeplinux3 conf.d]# ls -ltr phpmyadmin*
-rw-r--r-- 1 root root 268 Mar 24 16:42 phpmyadmin.conf.20100324
-rw-r--r-- 1 root root 269 Mar 24 16:43 phpmyadmin.conf
[root@sandeeplinux3 conf.d]# vi phpmyadmin.conf
#
# Web application to manage MySQL
#

Order Deny,Allow
# Deny from all
Allow from 127.0.0.1Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin
[root@sandeeplinux3 conf.d]#

Testing With Clienthost:
Click On Browser and enter bellow address
http://192.168.1.11/phpMyAdmin OR http://sandeeplinux3/phpMyAdmin
Enter mysql user name & password
User name: sandeep
Password: sandeep123

Note: In phpmyadmin.conf file Deny from all this line make it as un-use/un-commant, modify this line starting with #, after modifiying this line should look like as # Deny from all. After editing this file we can access mysql databases from windows/client host by browsing as
http://192.168.1.11/phpMyAdmin or http://sandeeplinux3/phpMyAdmin

Firewall With php & phpMyAdmin:
Edit iptables file for enable 80 & 443 port
[root@sandeeplinux3 ~]# vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 443 -j ACCEPT

Service Restart:
[root@sandeeplinux3 ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]

Thanks & Regards,
Sandeep CC

Configuration Of PHP with MySQL on REDHAT LINUX-4

Server: sandeeplinux3 (192.168.1.11 Local Network IP)
Requirement:

php-pear-4.3.9-3.8 (default installed)
php-ldap-4.3.9-3.8 (default installed)
php-mysql-4.3.9-3.8 (Need to install)

Download Required Packages From RHEL4 CD:
(Packages are available on 4th CD)
[root@sandeeplinux3 ~]# cd /media/cdrecorder/
[root@sandeeplinux3 cdrecorder]#
[root@sandeeplinux3 RPMS]# ls -ltr php-mysql*
[root@sandeeplinux3 RPMS]# cp php-mysql-4.3.9-3.8.x86_64.rpm /root/IMP_rpm_packages/

Note: Need to Install php-mysql package.

Installation Of Required Packages:
[root@sandeeplinux3 IMP_rpm_packages]# rpm -i php-mysql-4.3.9-3.8.x86_64.rpm
warning: php-mysql-4.3.9-3.8.x86_64.rpm: V3 DSA signature: NOKEY, key ID db42a60e

[root@sandeeplinux3 RPMS]# rpm -qa |grep php
php-pear-4.3.9-3.8
php-mysql-4.3.9-3.8.x86_64.rpm
php-ldap-4.3.9-3.8
php-4.3.9-3.8

Start Services:

[root@sandeeplinux3 php]# service httpd start/stop/restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not determine the server's fully qualified domain name, using 192.168.1.11 for ServerName [ OK ]

Testing With PHP & HTTPD Services:
Create one php directory on /var/www/html

[root@sandeeplinux3 ~]# cd /var/www/html
[root@sandeeplinux3 html]#mkdir php
[root@sandeeplinux3 html]# ls -ltr
drwxr-xr-x 2 root root 4096 Mar 25 12:15 php
Create one example.php file and keep in /var/www/html/php directory
[root@sandeeplinux3 html]# cd php
[root@sandeeplinux3 php]# vi example.php
""
[""]
[]
[]
[]
[]
[]
[]
:wq [Save & Exit]

Click On Browser and enter bellow address from localhost or any client machine
http://localhost/php/example.php OR http://192.168.1.11/php/example.php OR http://sandeeplinux3/php/example.php

Note: If open the html web page by php directory then we can make sure that our php & httpd services are working fine.

Configure MySQL On REDHAT LINUX-4

Configuration Mysql on Redhat Linux4.

Setup:

Server: sandeeplinux3 (192.168.1.11 Local Network IP)

Requirement:

mysqlclient10-3.23.58-4.RHEL4.1 (default installed)
mysql-4.1.12-3.RHEL4.1 (default installed)
mysql-server-4.1.12-3.RHEL4.1 (Need to install)
mysql-4.1.12-3.RHEL4.1 (default installed)
perl-DBD-MySQL-2.9004-3.1 (Need to install)

Download Required Packages From RHEL4 CD:
(All packages are available on 4th CD)
[root@sandeeplinux3 ~]# cd /media/cdrecorder/
[root@sandeeplinux3 cdrecorder]#
[root@sandeeplinux3 RPMS]# ls -ltr mysql-server*
-rw-r--r-- 210 root root 2967401 Sep 13 2005 mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
[root@sandeeplinux3 RPMS]# cp mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm /root/IMP_rpm_packages/
[root@sandeeplinux3 RPMS]# ls -ltr perl-DBD*
[root@sandeeplinux3 RPMS]# cp perl-DBD-MySQL-2.9004-3.1.x86_64.rpm /root/IMP_rpm_packages/
[root@sandeeplinux3 RPMS]# cd
[root@sandeeplinux3 ~]#

Note: Need to Install 1st DBD-MySQL package or else while installing mysql-server package it will give warn massage/error, so need to install must DBD-MySQL package before mysql-server.

Installation Of Required Packages:
[root@sandeeplinux3 IMP_rpm_packages]# rpm -i perl-DBD-MySQL-2.9004-3.1.x86_64.rpm
warning: perl-DBD-MySQL-2.9004-3.1.x86_64.rpm: V3 DSA signature: NOKEY, key ID db42a60e
[root@sandeeplinux3 IMP_rpm_packages]# rpm -i mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm
warning: mysql-server-4.1.12-3.RHEL4.1.x86_64.rpm: V3 DSA signature: NOKEY, key ID db42a60e
[root@sandeeplinux3 IMP_rpm_packages]#

Start Services:
[root@sandeeplinux3 IMP_rpm_packages]# chkconfig mysqld on
[root@sandeeplinux3 IMP_rpm_packages]# service mysqld start
Initializing MySQL database: [ OK ]
Starting MySQL: [ OK ]
[root@sandeeplinux3 ~]# service mysqld status
mysqld (pid 2677) is running...
[root@sandeeplinux3 ~]#

Creating Mysql Root Account & Password for 1st time:
[root@sandeeplinux3 ~] # mysqladmin -u root password

Restore root password On Mysql (In case of forgot the password or misplaced):
[root@sandeeplinux3 ~]# service mysqld stop
Stopping MySQL: [ OK ]

[root@sandeeplinux3 ~]# mysqld_safe --skip-grant-tables --skip-networking &
[1] 3912
[root@sandeeplinux3 ~]# Starting mysqld daemon with databases from /var/lib/mysql
(Ctrl+C)

[root@sandeeplinux3 ~]# mysql -u root [In safe mode enter without password as root account)

mysql> use mysql

mysql> UPDATE user SET Password=PASSWORD("newpassword") WHERE User="root";

mysql> exit

[root@sandeeplinux3 ~]# service mysqld restart
STOPPING server from pid file /var/run/mysqld/mysqld.pid
100311 12:05:05 mysqld ended

Stopping MySQL: [ OK ]
Starting MySQL: [ OK ]
[1]+ Done mysqld_safe --skip-grant-tables –skip-networking

[root@sandeeplinux3 ~]# mysql -u root -p
Enter password: (Give New Password)

Change/Update the Mysql root Password:
[root@sandeeplinux3 ~]# mysqladmin -u root -p'oldpassword' password newpassword

Change Mysql Password for Users:
[root@sandeeplinux3 ~]# mysqladmin -u xyz -p'oldpassword' password newpassword
Create Normal Users: (Create user for particular one database)
mysql> grant all privileges on .* to username@"localhost" identified by 'password';
Query OK, 0 rows affected (0.00 sec)
OR
CREATE USER 'nisnfs'@'localhost' IDENTIFIED BY 'password';
Give all database permission to particular user:
mysql> grant all privileges on *.* to nisnfs@"localhost" identified by 'nisnfs123';
Query OK, 0 rows affected (0.00 sec) [we can give this permission to already created users or while creating new users]

Example Of Creating One Database:

[root@sandeeplinux3 ~]# mysql -u root -p [login as root or normal user & give password]
Enter password:

mysql> create database sandeep_system_information; [Create database name on sandeep_system_information]

mysql> show databases; [Check created database]
+--------------------------------+
| Database |
+--------------------------------+
| sandeep_system_information |
| mysql |
| test |
+--------------------------------+
3 rows in set (0.00 sec)
mysql>

mysql> use sandeep_system_information; [Select created database]
Database changed

mysql> create table Hardware_Information (Processor char(50),Harddisk char(50),RAM char(25),Optical_Drive char(25),Screen char(25),Keyboard char(25),Mouse char(25),UPS char(25),Wireless_Adapter char(25));
Query OK, 0 rows affected (0.00 sec) [Create Table as Hardware_Information]

mysql> show tables; [Check created table]
+--------------------------------------------+
| Tables_in_sandeep_system_information |
+--------------------------------------------+
| Hardware_Information |
+--------------------------------------------+
1 row in set (0.00 sec)
mysql>crate table Hardware_Information (SL int(10),Name char(10),Remark char(10));
Query OK, 1 row affected (0.00 sec) [Create some coloms in table]
mysql>insert into Hardware_Information ('1','monitor','good'); [feel some value in rows by columns]
mysql> select * from Hardware_Information; [Show filled rows and columns]
mysql> exit [come out from sql server]
mysql> drop database sandeep_system_information; [Delete database name on sandeep_system_information]

Firewall With Mysql:
Edit iptables file for enable 3306 port
[root@sandeeplinux3 ~]# vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 3306 -j ACCEPT

Network Printer On Windows Machine

NETWOK PRINTER INSTALLATION ON WINDOWS

Requirement:
1. XP/2000/2003 Operating System (I have made XP machine as Network Printer)
2. Printer (I Configured On HP Officejet 5600 Series)
3. Printer Drivers (Need to Install On Connecting Printer Machine)
4. IP Address In same range (Connect All Machines & Printer In Same LAN with same IP range)

Note: All Setup should be happen in Administrator account only (Connected Printer machine & Client Machine also)
Printer Connected IP Address: 192.168.1.11

Steps:

1.Install Printer Drivers on Connected Printer Machine in administrator account
2.Connect 'n' no of system on same network (LAN)
3.Assign IP address and gateway in same range
4.Go to Start→control panel & click on Printer & Faxes (Connected Printer Machine)
5.Right click on Printer & Faxes → Share → Share this Printer → Apply → OK .
6.Go to client machine and check connectivity with Installed Printer system with ping 192.168.1.11.
7. Go to Run → \\192.168.1.11 ( Printer Installed IP Address) → Printer & Faxes → Open → right click on shared printer → connect. (In Client Machine)
8.Try to give test Print.
9.You will get print out by configured printer machine (192.168.1.11).

Note: In case in client machine limited users need to use network printer then once you have to follow same procedure what you have done in admin account (Run → \\192.168.1.11 ( Printer Installed IP Address) → Printer & Faxes → Open → right click on shared printer → connect).


Regards,
Sandeep CC

Configure Network Printer On REDHAT LINUX

LINUX LOCAL & NETWORK PRINTER INSTALLATION


Note: For Installing Linux Network Printer 1st we have to configure Samba & Need to create some user for accessing Printer from Other/windows machine, so 1st try to configure samba with users.

Server Name: Sandeeplinux Server (192.168.1.11)
Printer Name: Sandeep_Samba_Server (192.168.1.11)

Local Printer Installation On Linux Machine:

Note: Connect Printer to Linux Machine & Keep it On, and try to install printer connected linux system monitor.

Right Click On desktop → Open Terminal → [root@sandeeplinux ~]# system-config-printer → (One Window will open) Click On New → Forward → Give Printer Name (Sandeep_Samba_Printer) → Select a Queue Type Locally-Connected (/dev/lp0 Hewlett-Packard LaserJet 1200) → Forward → Select Priter Model (LaserJet 1200) → Finish → Test with test file.

Network Printer Installation With Windows LAN: (Sandeep_Samba_Printer)

Samba Server Printer Configuration: (Sandeep_Samba_Printer)

Edit: /etc/samba/smb.conf file and enter bellow things,

[root@sandeeplinux3 ~]# cd /etc/samba/
[root@sandeeplinux3 samba]# vi smb.conf

[global]
workgroup = WORKGROUP
security = user
printcap name = cups
disable spools = Yes
show add printer wizard = No
printing = cups

[printers]
comment = All Printers
path = /var/spool/samba
printer admin = user1, user2
create mask = 0770
guest ok = Yes
printable = Yes
use client driver = Yes
browseable = Yes

[root@sandeeplinux3 ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@sandeeplinux3 ~]# service cupsd restart (If require then only restart)

Client Windows With Printer Configuration: (Sandeep_Samba_Printer)

Win XP → Go to Start → Run → \\192.168.1.11 → Enter → Samba User Name (user1) → Samba User Password (user112345) → you will get one shared printer name as Sandeep_Samba_Printer → Right Click → Connect → Next → Yes → OK → OK → Select HP Printer from left hand side window → Select HP Printer Model No from Right hand side → Next → Finish.

Test With Network Printer and Windows file

Create one test file → Edit → Print → Select → \\192.168.1.11\Sandeep_Samba_Printer\ → Apply → Print → Check whether you are getting print by Sandeep_Samba_Server (Printer).


Thanks & Regards,
Sandeep CC

NIS CONFIGURATION ON REDHAT LINUX

NIS SERVER CONFIGURATION (NETWORK INFORMATION SERVICE)

SERVER CONFIGURATION

Note: While NIS configuring time disable the firewall/iptables service (service iptables stop), later will configure firewall setting with NIS server.

Requirement:

1. Portmap (Default Installed)
2. Yp-tools (Default Installed)
3. Ypbind (Need To Install)
4. Ypserv (Need To Install)

Install Required Packages/tools:
[root@sandeep~]# rpm -i ypserv-2.13-5.x86_64.rpm (Install ypserv package)
[root@sandeep~]# rpm -i ypbind-1.17.2-3.x86_64.rpm (Install ypbind package)

Check Required Packages are Installed On NIS Server:
[root@sandeep ~]# rpm -qa portmap
portmap-4.0-63
[root@sandeep ~]# rpm -qa yp-tools
yp-tools-2.8-7
[root@sandeep ~]# rpm -qa ypbind
ypbind-1.17.2-3
[root@sandeep ~]# rpm -qa ypserv
ypserv-2.13-5
[root@sandeep ~]#

Edit Your /etc/sysconfig/network File
(You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. For the SANDEEP, call the domain SANDEEP-NIS-SERVER.)

[root@sandeep ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=sandeep
NISDOMAIN="SANDEEP-NIS-SERVER"

Edit Your /etc/yp.conf File
[root@sandeep ~]# vi /etc/yp.conf
# ypserver 192.168.1.11

Start the Key NIS server related daemons
Start the necessary NIS daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot
[root@sandeep]# service portmap start
Starting portmapper: [ OK ]
[root@sandeep]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@sandeep]# service ypserv start
Setting NIS domain name SANDEEP-NIS-SERVER: [ OK ]
Starting YP server services: [ OK ]
[root@sandeep]#

[root@sandeep]# chkconfig portmap on
[root@sandeep]# chkconfig yppasswdd on
[root@sandeep]# chkconfig ypserv on

[root@sandeep ~]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32769 status
100024 1 tcp 32769 status
100004 2 udp 862 ypserv
100004 1 udp 862 ypserv
100004 2 tcp 865 ypserv
100004 1 tcp 865 ypserv
600100069 1 udp 872 fypxfrd
600100069 1 tcp 874 fypxfrd
100009 1 udp 715 yppasswdd

Initialize Your NIS domain (Add Clients on NIS network)
[root@sandeep ~]# /usr/lib64/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers. sandeep is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a .
next host to add: sandeep
next host to add: sandeep1
next host to add: sandeep2
next host to add:

(Press Y and)

The current list of NIS servers looks like this:

sandeep
sandeep1
sandeep2

Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/SANDEEP-NIS-SERVER/ypservers...
gethostbyname(): Success
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/SANDEEP-NIS-SERVER'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/SANDEEP-NIS-SERVER'

sandeep has been set up as a NIS master server.

Now you can run ypinit -s sandeep on all slave server.
[root@sandeep ~]#

Start ypbind and ypxfrd Daemons:

[root@sandeep]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@sandeep]# service ypxfrd start
Starting YP map server: [ OK ]
[root@sandeep]# chkconfig ypbind on
[root@sandeep]# chkconfig ypxfrd on

Make sure daemons are running fine.
[root@sandeep ~]# rpcinfo -p localhost
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32769 status
100024 1 tcp 32769 status
100004 2 udp 862 ypserv
100004 1 udp 862 ypserv
100004 2 tcp 865 ypserv
100004 1 tcp 865 ypserv
600100069 1 udp 872 fypxfrd
600100069 1 tcp 874 fypxfrd
100009 1 udp 715 yppasswdd
[root@sandeep ~]#

Adding New NIS Users
[root@sandeep]# useradd -g users nisuser
[root@sandeep]# passwd nisuser
Changing password for user nisuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@sandeep]# cd /var/yp
[root@sandeep yp]# make
gmake[1]: Entering directory `/var/yp/NIS-SCHOOL-NETWORK'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/NIS-SCHOOL-NETWORK'
[root@sandeep yp]#

You can check to see if the user's authentication information has been updated by using the ypmatch command, which should return the user's encrypted password string.
[root@sandeep yp]# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::504:100::/home/nisuser:/bin/bash
[root@sandeep yp]

You can also use the getent command, which has similar syntax. Unlike ypmatch, getent doesn't provide an encrypted password when run on an NIS server, it just provides the user's entry in the /etc/passwd file. On a NIS client, the results are identical with both showing the encrypted password.
[root@sandeep yp]# getent passwd nisuser
nisuser:x:504:100::/home/nisuser:/bin/bash
[root@sandeep yp]#

FIREWALL CONFIGURATION WITH NIS SERVER:

Edit /etc/sysconfig/iptables file for Enabling NIS (ypbind/portmap port – 111), Enable port no 111 for TCP as well as UDP. (Two lines given bellow just add in iptables file and save & exit)

[root@sandeep ~]# cd /etc/sysconfig/
[root@sandeep sysconfig]# vi iptables

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 111 -j ACCEPT

:wq Enter (Save iptables file and exit)

Restart iptables service:
(Check service should not be [Fail],everything should be [OK])

[root@sandeep ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
[root@sandeep ~]#

Restart ypbind service:
(Once restart ypbind service, check whether it will restart or not after enabling 111 port & starting firewall)

[root@sandeep ~]# service ypbind restart
Shutting down NIS services: [ OK ]
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@sandeep ~]#


CLIENT CONFIGURATION:

Note: While NIS Client configuring time disable the firewall/iptables service (service iptables stop), later will configure firewall setting with NIS server.

Run authconfig

The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server
[root@sandeep2 ~]# authconfig-tui
Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.

Requirement Of Package for Client Machine:
1. Portmap
2. Yp-tools
3. Ypbind

[root@sandeep2 etc]# vi yp.conf
domain SANDEEP-NIS-SERVER server 192.168.1.11
[root@sandeep2 etc]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=sandeep2
NISDOMAIN=SANDEEP-NIS-SERVER

[root@sandeep2 etc]# cat nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis

Start The NIS Client Related Daemons
[root@sandeep2 etc]# service portmap start
Starting portmap: [ OK ]
[root@sandeep2 etc]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@sandeep2 etc]# chkconfig ypbind on
[root@sandeep2 etc]# chkconfig portmap on
[root@sandeep2 etc]#

Note:
Remember to use the rpcinfo -p localhost command to make sure they all started correctly.

[root@sandeep2 etc]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100024 1 tcp 32769 status
100011 1 udp 931 rquotad
100011 2 udp 931 rquotad
100011 1 tcp 934 rquotad
100011 2 tcp 934 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr
100021 1 tcp 32803 nlockmgr
100021 3 tcp 32803 nlockmgr
100021 4 tcp 32803 nlockmgr
100005 1 udp 952 mountd
100005 1 tcp 955 mountd
100005 2 udp 952 mountd
100005 2 tcp 955 mountd
100005 3 udp 952 mountd
100005 3 tcp 955 mountd
100007 2 udp 1020 ypbind
100007 1 udp 1020 ypbind
100007 2 tcp 1023 ypbind
100007 1 tcp 1023 ypbind


Verify Name Resolution

As the configuration examples refer to the NIS client and server by their hostnames, you'll have to make sure the names resolve correctly to IP addresses. This can be configured either in DNS, when the hosts reside in the same domain, or more simply by editing the /etc/hosts file on both Linux boxes.

[root@sandeep2 etc]# vi hosts [Enter server IP and Machine Name]
# Do not remove the following line, or various programs
# that require network functionality will fail.
192.168.1.9 sandeep1 sandeep1
192.168.1.10 sandeep2 sandeep2 192.168.1.10
192.168.1.11 sandeep sandeep
127.0.0.1 localhost.localdomain localhost
[root@sandeep2 etc]#

Test NIS Access To The NIS Server
[root@sandeep2 etc]# ypcat passwd
nisuser:$1$6x8OLUK/$hzSCrGreGmaLie4.bJhmZ/:509:100::/home/nisuser:/bin/bash
sandeep:$1$uYwOkipg$h9lz.9mf896yKl.uDZeOy/:513:513::/home/sandeep:/bin/bash
ftp1:$1$b/0QI9C.$NgdU6DmNXN.X5r3vHIQhf0:510:515::/home/ftp1:/bin/bash
general:$1$wi.oLbwp$QRQaqFCWi8SRoxO674gyg/:511:511::/home/general:/bin/bash
tech:$1$xEBawVW.$LLATEJY0lOrWWbOpId3TL1:512:512::/home/tech:/bin/bash
[root@sandeep2 etc]#

[root@sandeep2 etc]# ypmatch nisuser passwd
nisuser:$1$6x8OLUK/$hzSCrGreGmaLie4.bJhmZ/:509:100::/home/nisuser:/bin/bash
[root@sandeep2 etc]#

[root@sandeep2 etc]# getent passwd nisuser
nisuser:$1$6x8OLUK/$hzSCrGreGmaLie4.bJhmZ/:509:100::/home/nisuser:/bin/bash
[root@sandeep2 etc]#

Test Logins via The NIS Server
Logging In Via SSH
Click On SSH Secure Shell → Quick Connect → Host Name (Give Client IP Address) 192.168.1.10 → User Name (Give Created nisuser in server) nisuser → Connect → Password (nisuser123) → you will get bash screen [Last login: Wed Feb 10 12:59:46 2010 from 192.168.1.212
-bash-3.00$
]

FIREWALL CONFIGURATION WITH NIS CLIENT:
Edit /etc/sysconfig/iptables file for Enabling NIS (ypbind/portmap port – 111), Enable port no 111 for TCP as well as UDP. (Two lines given bellow just add in iptables file and save & exit)

[root@sandeep2 ~]# cd /etc/sysconfig/
[root@sandeep2 sysconfig]# vi iptables

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 111 -j ACCEPT

:wq Enter (Save iptables file and exit)

Restart iptables service:
(Check service should not be [Fail],everything should be [OK])

[root@sandeep2 ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
[root@sandeep2 ~]#

Restart ypbind service:
(Once restart ypbind service, check whether it will restart or not after enabling 111 port & starting firewall)

[root@sandeep2 ~]# service ypbind restart
Shutting down NIS services: [ OK ]
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@sandeep2 ~]#

Troubleshoot with NIS server & Client:
Note: If firewall is running in Server then client ypbind will not start, so 1st take care of firewall, stop firewall and restart ypbind in server, then restart firewall & ypbind in client machine then restart firewall in server, then you wont get any kind of error. [if you have started firewall in server machine then trying to start ypbind with firewall in client side you wont get OK result, you will be get only Fail result after long time so keep in mind that 1st restart ypbind in server → restart firewall & ypbind in client machine → then restart firewall in server]

FTP Configuration On REDHAT LINUX-4

REDHAT LINUX-4 FTP CONFIGURATION:

RHEL server comes with vsftpd which is the Very Secure File
Transfer Protocol (FTP) daemon. The server can be launched
via a xinetd or as standalone mode, in which case vsftpd
itself will listen on the network port 21.

STEPS:

Install vsftpd rpm by CD driver (vsftpd application is available in redhat OS CD)
Install Vsftpd:
root ]# /media
media]# ls -l
media] cp vsftpd-2.0.1-5.EL4.3.x86_64.rpm /var/
media]# exit
root ]# cd /var/
var]# ls -ltr
var]# rpm -i vsftpd-2.0.1-5.EL4.3.x86_64.rpm (rpm -i vsftpd-2.0.1-5.EL4.3.x86_64.rpm –nodeps) [Or else we can also use yum to install instead of rpm)
root ]#

Turn on Vsftpd Service:
root ]# service vsftpd start (For Stop @ root ]# service vsftpd stop/status)

Open FTP Port
root ]# cd /etc/sysconfig/
root ]# ls -l
root ]# vi iptables
(Append following line to open ftp port 21 before REJECT line:)
Ports: 20 for data transmission & 21 for ftp controller

root ]# -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
root ]# -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
root ]# (press Esc) :wq

Restart Iptables/Firewall
root ]# service iptables start

Test with FTP
root ]# ftp 192.168.1.25 (Try 1st test with same machine then go to other)

(The default configuration file is /etc/vsftpd/vsftpd.conf file. # vi /etc/vsftpd/vsftpd.conf)

Create the user.
useradd ftp1
passwd ftp1123

Edit FTP Conf file:-
root ]# vi /etc/vsftpd/vsftpd.conf
(Add this line at the end of the file)
userlist_deny=NO (This option use for ftp users, if you give NO then you have to add, needed users in /etc/vsftd.user_list or else if you give YES then all user have ftp permissions means any normal users can access ftp server)

Edit user_list file,
root ]# vi /etc/vsftpd.user_list
ftp1
(And add the above created users in this file to access FTP server)

Restart FTP services
/etc/init.d/vsftpd start/restart
chkconfig vsftpd on ( for permanent on )

* Create some user and password.
* Then Try with Windows system.

To Disable Root Directory

[root@server vsftpd]# vi vsftpd.conf
chroot_list_enable=YES ----> Remove #
chroot_list_file=/etc/vsftpd/chroot_list ----> Remove # & Give path of chroot_list file
[Create one file in /etc/vsftpd/chroot_list & Put users name, which users needed access of ftp]

Note:
We can transfer the data from Linux to Windows by using FTP (by using win XP machine), If we require to transfer data from Window to Linux (by using Linux machine) then we have to enable FTP port (21) in windows machine.

Linux Basic & Networking Commands

Hi Friends Check Basic & Networking Linux Commands,

USFULL COMMANDS:

1. history|head -n 100 [ For no of showing commands]
2. history [ History commands ]
3. mail [ Check mails ]
4. hostname [ Check hostname ]
5. ifconfig [ Check network configuration ] {In Root Previlage}
6. setup [ Setting network (IP) ]
7. service start/stop/restart/status [Strat/stop/restart the services]
8. ping [ Check network connection between 2 computers ]
9. iptables [ Regarding firewall ]
10. init 0 [ Shutdown ]
11. init 6 [ Restart ]
12. useradd < name > [ Create user account ]
13. passwd < user name > [ Set password for user ]
14. chkconfig [ updates and queries runlevel information for system services ]
15. chkconfig service_name on [ keep service continuesly on ]
16. cd < directory name > [ Change directory ]
17. ls -l [ list directory contents ]
18. cat < File name > [ Show file contents ]
19. mkdir < directory name > [ Create directory ]
20. touch < file name > [ Create file ]
21. vi < file name > [ Edit the file ]
22. rm < file name > [ Remove the file ]
23. clear [ Clean/Clear the desktop/shell ]
24. more < about name > [ Viewing more thing about that ]
25. man [ Meaning of the Concept ]
26. logout [ Logout from user account ]
27. shutdown [ Shutdown system ]
28. login [ Loging as user ]
29. cd .. [ Go to one step back (back directory) ]
30. su -l < user name > [ Switch user with password]
31. pwd [ Shows present working directoy ]
32. cp < Source file name > [ Copy the file ]
33. mv < Source file name > [ Move the files or directory ]
34. df [ Disk space ]
35. hostname [ Check system name ]
36. last [ Show listing of last logged in users ]
37. less [ Check for last some sentence of the file ]
38. crontab -eu < user name >[ Scheduling the job ]
39. date < dd/mm/yy > [ Check date ]
40. exit [ Exit from contents ]
41. whereis [ Locate the binary, source, and manual page files for a command ]
42. who [ Show who is logged on ]
43. echo [ display a line of text ]
44. which [ shows the full path of (shell) commands ]
45. dig [ DNS lookup utility ]
46. bc [ Calculator ]
47. mesg n [ control write access to your terminal ]
48. diff [ Difference between 2 files ]
49. grep < cat /etc/services|grep i ftp > [ Check for word ]
50. ps [ Check system proccess ]
51. du < file name > [ Check file uses space ]
52. chown [ Change file owner and group ]
53. chmod < -R > < u+rwx,g+rwx,o+rwx > < file name > [ Set the permission for file ]
(drw-r----- [file/directory permissions has show on)
(l --> Link, d --> Directory, p --> Pipe, c --> character device, b --> Block device)
(Permissions in NO's Read=4, Write=2, Executable=1)
54. tail < file name > [ It will show files last ten sentence ]
55. printenv < file name > [ print all or part of environment ]
56. tty [ Check for which terminal connected to which user ]
57. stty [ Change and print terminal line settings ]
58. rmdir < Directory name > [ Remove the directory ]
59. top [ Check system Process ]
60. mount < file name > [ Mount the file, file system ]
61. cal [ Display the calender ]
62. wc < file name > [ Word, Line, Carrector will count ]
63. route [ Show/manipulate the IP routing table ]
64. users [ It will show current user path ]
65. printf [ format and print data ]
66. uname [ Check OS version ]
67. cmp < file name 1 > < file name 2 > [ compare two files]
68. comm < file name 1 > < file name 2 > [ compare two sorted files line by line ]
69. netconfig < at root user only > [ Setup network configuration ]
70. alias < c=clear >[ Setup alias ]
71. vi /root/.bashrc [ This is for perment setting alias ] {In root previlage}
72. tar -cvf < file name.tar > [ Backup ]
73. fdisk -l [ Check for partitions ]
74. history -c [Clear full history commands]
75. startx [GUI mode]
76. init tab [Set the Run Level for GUI-5 & for Command Mode-3]
77. useradd -g [Add User to Group]
78. groupadd [create group]
79. groupmod [change group name]
80. rm -rf [Delete user home directory from /home directory]
81. userdel -r [this cmd will delete user with user's home directory from /home]
82. rm -rf [removing main directory with sub directory at a time]
83. smbpasswd [Create Samba user, normal user should be create before sbm user]
84. smbpasswd -x [Delete only Smb user]
85. df -h [check partitions, mounted partitions]
86. cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd (Recover /etc/samba smbpasswd file)
86. vi /root/.bashrc (setup for perment alias)
87. crontab -e 15 15 * * * /sbin/shutdown -h now [Setup cronjob for shutdown]
88. crontab -e 12 12 * * * /sbin/shutdown -r now [Setup cronjob for reboot]
89. # /etc/init.d/iptables start/restart/stop/status [Start the iptables file /etc/sysconfig/iptables]
90. rpm -i [Install rpm package]
91. [find Installed rpm package]
92. rpm -e |grep [Uninstall rpm package]
93. ls -ltr -filename* [find files in directory]
94. ps -aef [Check all running process ID's]
95. ps -aef |grep [Check Particular Process ID]
96. find |grep [Find word in file]
97. Command | grep [find word in command exp: ifconfig want to find 00:19:D1:13:A6:EE MAC then we can use]
98. cat \etc\service [All Port No, available]
99. system-config-network
100. du -hs [Check directory/folder size]
101. netstat -l [less will show currently listening servers]
102. mount 192.168.1.11:/home/sandeep/[server share directory] /home/sandeep/[client directory] [NFS share/mount directorys]
103. umount 192.168.1.11:/home/sandeep/[server share directory] /home/sandeep/[client directory] [NFS share/unmount directorys]
104. uname -a [Check Linux Machine name as well as OS version 32/64 bit]
105 rpcinfo -p [check running port No]
106 cat /var/lib/dhcpd/dhcpd.leases [Check connected clients to DHCP server]
107. service --status-all [Check all Running services]
108. free [Check RAM Size : free -k/m/g]
109. cat /proc/meminfo [Check Memory Size]
110. cat /proc/cpuinfo [Check Processor Details]
111. /usr/share/squid/errors/English [Modify all Squid Error/Warning notice]
112. ssh -l [Access remotely computer via command mode]
113. locate [Find File in whole system]
114. setenforce 0 [Disabling SELinux]
115. setenforce 1 [Enabling SELinux]
116. testparm -s [Check Error with Samba Server]
117. netstat -a [Check server/service Process running or not Ex: netstat -a | grep ftp]
118. rpm -ivh httpd-2.2.3-22.el5.i386.rpm apr-1.2.7-11.i386.rpm apr-util-1.2.7-7.el5.i386.rpm postgresql-libs-8.1.11-1.el5_1.1.i386.rpm [HTTPD CONFIGURATION]


119. Killing Particular session TTY
ps -ft [Session ID/No] Exp ps -ft pts/1
kill -9 PID of session

120. htpasswd /etc/squid/squid_password sandeep [add HTTP user/password for squid]

121. mount -o remount,rw /etc [In single user mode edit FSTAB file with write permission]

122. parted [It will view all primary and extended-logical drives] Next give print command to view..

123. getenforce [check selinux disable or enabled

124. iptables -L

125. cat /var/log/messages | grep DHCPACK [Check all Client connected DHCP server]

126. scp vnc-4_1_3-x86_linux.rpm root@172.16.4.205:/tmp/ [Copy to Remote System]

127. HISTTIMEFORMAT="%d/%m/%y %T " [Check History with time and date]
Thanks and Regards,
Sandeep CC