How to Configure NIS Server (Network Information Services)

Network Information Services (NIS) enables you to create user accounts that can be shared across all systems on your network. The user account is created only on the NIS server. NIS clients download the necessary username and password data from the NIS server to verify each user login.

An advantage of NIS is that users need to change their passwords on the NIS server only, instead of every system on the network. This makes NIS popular in computer training labs, distributed software development projects or any other situation where groups of people have to share many different computers.

The disadvantages are that NIS doesn't encrypt the username and password information sent to the clients with each login and that all users have access to the encrypted passwords stored on the NIS server.

§ We need to have a main Linux server, having a large amount of disk space and will be used as both the NIS server and NFS-based file server.

§ Users logging into the PCs will be assigned home directories on server and not on the PCs themselves.

§ Each user's home directory will be automatically mounted with each user login on the PCs using NFS.

§ NIS RPMs need to be installed on the server and client as ypserve and yp-tools are on the server, and ypbind and yp-tools are on the client.

1. Configure Server as an NFS server to make its /home directory available to the Linux workstations.

2. Configure Client as an NFS client that can access Server's /home directory.

3. Configure Server as an NIS server.

4. Create a user account (nisuser) on Server that doesn't exist on Client. Convert the account to a NIS user account.

5. Configure Client as an NIS client.

6. Test a remote login from Server to Client using the username and password of the account nisuser.

Steps to configure the NFS server

1. Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.

/home *(rw,sync)

2. NFS will read the /etc/exports file for the new entry, and make /home available to the network with the exportfs command.

#exportfs -a

3. Make sure the required nfs, nfslock, and portmap daemons are both running and configured to start after the next reboot.

# chkconfig nfslock on

# chkconfig nfs on

# chkconfig portmap on

# service portmap start

Starting portmapper: [ OK ]

# service nfslock start

Starting NFS statd: [ OK ]

# service nfs start

Starting NFS services: [ OK ]

Starting NFS quotas: [ OK ]

Starting NFS daemon: [ OK ]

Starting NFS mountd: [ OK ]

We have successfully configured our NFS Server.

We also need to configure the NFS clients to mount their /home directories on the NFS server.

1. Here we have to make sure the required netfs, nfslock, and portmap daemons are running and configured to start after the next reboot.

# chkconfig nfslock on

# chkconfig netfs on

# chkconfig portmap on

# service portmap start

Starting portmapper: [ OK ]

# service netfs start

Mounting other filesystems: [ OK ]

# service nfslock start

Starting NFS statd: [ OK ]

2. We can keep a copy of the old /home directory, and create a new directory /home on which we'll mount the NFS server's directory.

# mv /home /home.save

# mkdir /home

3. Here we have to make sure that we can mount Server's /home directory on the new /home directory we had just created. Unmount it once everything looks correct.

# mount *.*.*.*:/home /home/

# umount /home

4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs unmounts the directory.

#/etc/auto.master

/home /etc/auto.home --timeout 600

5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a \ character at the end to continue on the next line.

#/etc/auto.home

* --fstype=nfs *.*.*.*:/home/&

6. Start autofs and make sure it starts after the next reboot with the chkconfig command.

# chkconfig autofs on

# service autofs restart

Stopping automount:[ OK ]

Starting automount:[ OK ]

All newly added Linux users will now be assigned a home directory under the new remote /home directory.

Configuration of The NIS Server

Install the NIS Server Packages

ypserve and yp-tools on the server

Edit Your /etc/sysconfig/network File

#/etc/sysconfig/network

NISDOMAIN="domainname"

Edit Your /etc/yp.conf File

NIS servers also have to be NIS clients themselves, so we'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or localhost.

# /etc/yp.conf - ypbind configuration file

ypserver 127.0.0.1

# service portmap start

Starting portmapper: [ OK ]

# service yppasswdd start

Starting YP passwd service: [ OK ]

# service ypserv start

Setting NIS domain name DOMAINNAME: [ OK ]

Starting YP server services: [ OK ]

# chkconfig portmap on

# chkconfig yppasswdd on

# chkconfig ypserv on

Required NIS Server Daemons

Portmap == The foundation RPC daemon upon which NIS runs.

Yppasswdd == Lets users change their passwords on the NIS server from NIS clients

Ypserv == Main NIS server daemon

Ypbind == Main NIS client daemon

For the portmap info.

# rpcinfo -p localhost

Initialize Your NIS Domain

# /usr/lib/yp/ypinit -m

Note: Be sure portmap is running before trying this step or you'll get errors, such as:

failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating group.bygid...

You will have to delete the /var/yp/DOMAINNAME directory and restart portmap, yppasswd, and ypserv before you'll be able to do this again successfully.

Start The ypbind and ypxfrd Daemons

# service ypbind start

Binding to the NIS domain: [ OK ]

Listening for an NIS domain server.

# service ypxfrd start

Starting YP map server: [ OK ]

# chkconfig ypbind on

# chkconfig ypxfrd on

Make Sure The Daemons Are Running

All the NIS daemons use RPC port mapping and, therefore, are listed using the rpcinfo command when they are running correctly.

# rpcinfo -p localhost

program vers proto port

100000 2 tcp 111 portmapper

100000 2 udp 111 portmapper

100003 2 udp 2049 nfs

100003 3 udp 2049 nfs

100021 1 udp 1024 nlockmgr

100021 3 udp 1024 nlockmgr

100021 4 udp 1024 nlockmgr

100004 2 udp 784 ypserv

100004 1 udp 784 ypserv

100004 2 tcp 787 ypserv

100004 1 tcp 787 ypserv

100009 1 udp 798 yppasswdd

600100069 1 udp 850 fypxfrd

600100069 1 tcp 852 fypxfrd

100007 2 udp 924 ypbind

100007 1 udp 924 ypbind

100007 2 tcp 927 ypbind

100007 1 tcp 927 ypbind

Add NIS User

# useradd -g users nisuser

# passwd nisuser

Changing password for user nisuser.

New password:

Retype new password:

passwd: all authentication tokens updated successfully.

# cd /var/yp

# make

gmake[1]: Entering directory `/var/yp/DOMAINNAME'

Updating passwd.byname...

Updating passwd.byuid...

Updating netid.byname...

gmake[1]: Leaving directory `/var/yp/DOMAINNAME'

Configuring The NIS Client

Run authconfig

The authconfig or the authconfig-tui program automatically configures your NIS files after prompting you for the IP address and domain of the NIS server.

# authconfig-tui

Once finished, it should create an /etc/yp.conf file that defines, amongst other things, the IP address of the NIS server for a particular domain. It also edits the /etc/sysconfig/network file to define the NIS domain to which the NIS client belongs.

# /etc/yp.conf - ypbind configuration file

domain DOMAINNAME server *.*.*.*

#/etc/sysconfig/network

NISDOMAIN=DOMAINNAME

Start The NIS Client Related Daemons

Start the ypbind NIS client, and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot.

# service portmap start

Starting portmapper: [ OK ]

# service ypbind start

Binding to the NIS domain:

Listening for an NIS domain server.

# chkconfig ypbind on

# chkconfig portmap on

Test Logins via The NIS Server

Logging In Via Telnet

Try logging into the NIS client via telnet if it is enabled

# telnet 192.168.1.2

Trying 192.168.1.2

Connected to 192.168.1.2.

Escape character is '^]'.

Red Hat Linux release 9 (Shrike)

Kernel 2.4.20-6 on an i686

login: nisuser

Password:

Last login: Sun Nov 16 22:03:51 from 192-168-1-100

[nisuser@Client nisuser]$

Logging In Via SSH

Try logging into the NIS client via SSH.

# ssh -l nisuser 192.168.1.102

nisuser@192.168.1.102's password:

[nisuser@Client nisuser]$

Linux Startup Services

Startup services are services run at boot time. They may be provided by daemon programs running in the background or are one time only programs run during the bootup to provide some function to the system. Here we can have a brief overview of these services. Those services that can be started using Redhat's linuxconf program. Not all are necessarily daemon programs. Also it is possible to set up other startup programs, daemons, or services that are not included in this list. There are 3 basic categories to these services.

• A one time only program run at bootup to provide a function to the system such as kudzu, or keytable.
• A program run as a daemon upon startup that provides system services such as gpm, autofs, cron, and atd.
• A program run as a daemon upon startup that provides networking services such as dhcpd, bootparamd, arpwatch, gated, and httpd.

amd		Runs the automount daemon for remote filesystem mounting such as nfs.
apmd		Monitors battery status and can shut down the system if power is low.
arpwatch		Keeps track of ethernet IP address parings what are resolved using the ARP protocol. This allows system administrators to note new IP addresses being used. It maintains a database in /var/arpwatch/arp.dat.
atd		Runs commands scheduled by the "at" program at their scheduled times. Jobs are stored in /var/spool/at
autofs		Also called the automount daemon, it is used to automatically mount filesystems on demand. It is especially worthwhile for working with removeable media such as floppies or CD ROM disks.
bootparamd		Allows remote computers to boot from a Linux box using the BOOTP network protocol. This allows the remote computer to get its IP address if the server knows the hardware address of the remote machine. The DHCP protocol is an upgrade to this protocol since it is more automated.
crond		A daeman that executes scheduled commands according to the /etc/crontab file. It can be used to clean up temporary files in /tmp and /var/tmp and other places.
dhcpd		Provides DHCP services to "lease" out IP addresses to remote machines.
firewall
gated		Provides routing services for BGP and other protocols. Alternative to routed. Supports IGP (Interior gateway protocol) and EGP (Exterior Gateway Protocol).
gpm		Provides mouse support to Linux.
httpd		The Apache hypertext transfer protocol Web server.
identd		Server implementing the TCP/IP proposed standard IDENT user identification protocol in RFC 1413. It returns user information to a remote host that a user is requesting a service from. Also called auth.
inet		The internet super daemon (inetd) that provides all the services specified in /etc/inetd.conf.
innd		The Usenet news server
isdn		Provides ISDN (networking interface) services. See the isdnctrl man page for more information. The isdnctrl program is used to set up isdn interfaces. Pertinent files are /etc/sysconfig/activeisdn, /dev/isnnctrl, /etc/sysconfig/provider, and /var/log/isdn.log.
keytable		Loads the appropriate keyboard map from /etc/sysconfig/keyboard. This does not set up a daemon program to reside in the background, but just loads the keyboard keytable and the system font.
kudzu		Detects and configures new or changed hardware on a system. This program is run once when the system boots and does not run as a daemon in the background.
ldap		Lightweight directory access protocol package which provides client/server based directory database services which runs on UNIX platforms over TCP/IP. RFC is 1777.
linuxconf		According to Redhat it is a post startup hook for linuxconf. It does not run as a daemon.
lpd		Provides printing services to Linux. It is a print spooler daemon.
mars-nwe		Loads the MARS Netware compatible file and print server daemon called nwserv. Allows a Linux machine to be used as a file and printserver for netware based clients using IPX/SPX.
mcserv		Allows users on remote machines to use the midcommander file manager to work with files. It uses the PAM library for authentication.
named		Provides DNS services. It is a name server used to translate local IP addresses to names and vice-versa.
netfs		Mounts and unmounts Network Fils System (NFS), Windows (SMB), and Netware (NCP) file systems. The mount command is used to perform this operation and no daemon is run in the background.
network		Brings up all the network interfaces under the directory /etc/sysconfig/network-scripts. Also controls IP_forwarding and IP_defrag.
nfs		Provides Network File System server services
nfslock		NFS file locking service. Starts the daemons rpc.locked and rpc.statd. The rpc.statd daemon implements the Network Status Monitor (NSM) RPC protocol which is a reboot notification service used to implement file lock recovery when an NFS server crashes and reboots.
nscd		The name switch cache daemon. which handles password and group lookups for running programs and caches the information for the next query. Normally this daemon is used to support NIS.
pcmcia		Provides access to PCMCIA (PC Cards) services configured in the /etc/exports file.
portmap		Provides Remote Procedure Call (RPC) support for other protocols like NFS.
postgresql		Runs the postgres database and provides SQL services. It runs the daemon postmaster.
pulse		Heartbeat daemon for monitoring the health of lvs (Redhat clustering services) cluster nodes. This tool is used for clustering machines.
pxe		A preboot execution environment (PXE) server. Allows network boot of other PXE machines. PXE is a standard developed by Intel for a means of booting various operating systems on remote machines.
random		Saves and restores a random value used to generate better random numbers for security. No daemon program is invoked for this operation.
routed		Provides for automatic router table updates using the RIP dynamic routing information protocol.
rstatd		The rstat protocol allows users on a network to get performance information for any machine on the network. Runs the rpc.rstatd daemon which provides performance statistics retrieved from the kernel usually by using the "rup" command.
rusersd		Provides services that allow users to find one another over the network.
rwalld		Provides users with an ability to use the rwall command to write messages on remote terminals.
rwhod		The rwho protocol lets remote users get a list of all users logged onto a machine by running the rwho daemon.
sendmail		The sendmail mail transport agent daemon used to move e-mail from one machine to another.
smb		Provides SMB (Samba) client/server services which include file and print services. It allows Linux computers to exchange file and printer services with Microsoft Windows based systems.
snmpd		Provides Simple Network Management Protocol support to Linux.
squid		Runs the squid proxy web server
syslog		System logging daemon which records system events to log files usually in the directory "/var/log". The actual name of the daemon is klogd.
xfs		X font file server
xntpd		Starts the Network Time Protocol NTPv3 daemon. NTP provides a means to synchronize time and coordinate time distribution in a large, diverse internet operating at all speeds. RFC 1305 describes this protocol.
ypbind		Binds YP/NIS clients to a yellow pages server. NIS (Network Information Service) is a name service created by Sun.
yppasswdd		Allows users to change their passwords on systems running YP/NIS
ypserv		This daemon provides the YP/NIS (Network Information System) server functions

Linux Deamons

Here we can have a brief overview of miscellaneous daemons running on the system and their function.

init		The first process to start after the kernel. It controls the system runlevel and adapts any child whose parent dies.
nmbd		Responds to netbios name service requests for Samba works in conjunction with Samba which is why it is not mentioned under startup services..
update (kupdate)		Does a sync every 30 seconds. A sync is an updating of memory pages, or virtual memory pages that have been changed, but not saved to the swap disk
bdflush (kflushd)		Started by update - does a more imperfect sync more frequently
(kpiod)
(kswapd)
getty		Listens for connections at terminals

Run Level Services

You will notice that there are quite a lot of services enabled on your system. But many runlevel services (Stand-Alone Services) are not related services like kudzu which is responsible for detecting and configuring new and/or changed hardware on your system. This service is only run during the boot process. Ensure not to disable runlevel services that are needed by the system to run smoothly.

Here are examples of Red Hat Runlevel System Services which you may or may not want to enable:

• gpm needed if you want to use the mouse at the console
• kudzu important for detecting new hardware
• syslog important for syslog services
• netfs needed only if there are NFS shares that should be mounted at boot time
• network important for starting network interfaces (e.g. eth0, eth1, bonding,...)
• random used for the system entropy pool
• atd needed if the at(1) service is used instead of cron
• apmd Advanced Power Management (APM) daemon is used for laptops and some desktops
• isdn needed if ISDN is being used
• iptables needed if Netfilter (iptables) Firewall is being used
• ip6tables needed if ip6tables Firewall is being used
• pcmcia not needed on servers - needed for laptops
• irqbalance important for distributing interrupts across all CPUs
• sendmail needed if Sendmail is used - Procmail should be used which is more secure
• autofs needed if automounter is used - production applications should not be dependent on automounter
• sshd important for logins via SSH
• portmap needed if e.g. NFS is being used
• nfslock needed if NFS shares are mounted
• nfs needed if server runs the NFS server
• mdmonitor needed only if software RAID is being used
• crond important for running cron jobs
• xinetd needed if xinetd services are being used, see /etc/xinetd.d/ for list of services
• cups needed if CUPS is used for the printing system
• rhnsd needed if server should connect to RHN to check for software updates etc.
• sysstat needed to reset system statistics logs
• audit needed only if Linux Audit Subsystem (LAuS) should run for collecting system call audit records
• psacct needed only if kernel process accounting information is needed
• smartd important for monitoring disk problems if hard disks support SMART technology
• netdump important if kernel oops data and memory dumps should be sent to a Netdump server for server crashes

The start/stop scripts of all runlevel services can be found in the /etc/init.d directory. For example, if you don't know what the atd service does, go to/etc/init.d and open the file atd. And in the script look for lines that start programs. In the atd script the "daemon /usr/sbin/atd" line starts the binary atd. Now having the name of the program that is started by this service, you can check the online pages of atd by running man atd. This will help you to find out more about a system service.

To permanently disable e.g. the runlevel service nfs, run:

chkconfig nfs off

To immediately disable the runlevel service nfs, run:

/etc/init.d/nfs stop

Add user in LDAP Database using Script

Adding the user in LDAP database using the script

#!/bin/bash

adduser $1

passwd $1

cat /etc/passwd | grep $1  >> /tmp/changeldappasswd.tmp

/usr/share/openldap/migration/migrate_passwd.pl /tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp

cat /tmp/changeldappasswd.ldif.tmp | sed s/padl/mydomain/ > /tmp/changeldappasswd.ldif

ldapadd -f /tmp/changeldappasswd.ldif -x -D "cn=Manager,dc=mydomain,dc=com" -w secret

rm -rf /tmp/changeldappasswd.*

OUTPUT: 

ldapadd -f changeldappasswd.ldif -x -D "cn=Manager,dc=mydomain,dc=com" -w secret adding new entry "uid=test,ou=People,dc=mydomain,dc=com"

Output of  this script will be like this (if you want to check the temporary files before completion)

# cat /tmp/changeldappasswd.ldif

dn: uid=test,ou=People,dc=mydomain,dc=com

uid: test

cn: test

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword: {crypt}$1$RilVIlhw$yUZNJ8VpXDxr9xzsOQ6pi1

shadowLastChange: 14268

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 503

gidNumber: 503

homeDirectory: /home/test

Configuring The LDAP Client

When we have configured our LDAP server properly, we can configure and test the client.

Edit the ldap.conf configuration file

LDAP clients are configured using the /etc/openldap/ldap.conf file. We need to make sure that the file refers to the LDAP server's IP address for the mydomain.com. The file should look like this:

HOST x.x.x.x

BASE dc=mydomain,dc=com

Edit the /etc/nsswitch file

The /etc/nsswitch.conf file defines the order in which the Linux operating system searches login databases for login information.

Here we want to configure it to first search its /etc/passwd file. If it doesn't find the user password information there, it goes to the LDAP server. The easiest way set this up is to use the /usr/bin/authconfig-tui command or using the setup command and there select Authentication Configuration:

1. Select use LDAP.
2. Give the LDAP server's IP address, which is x.x.x.x.
3. Give the base DN as dc=mydomain,dc=com
4. Do not select TLS.
5. Use MD5 and shadow passwords.

After finishing the same, once check the details in /etc/nsswitch.conf file and make sure it has references to LDAP.

Create Home Directories On The LDAP Client

Check if ldapuser is Missing From the /etc/passwd file

We can look for ldapuser by searching the /etc/passwd file with the grep command. There should be no response.

# grep ldapuser /etc/passwd

Create The Home Directory For ldapuser On The LDAP Client

 # mkdir /home/ldapuser

# chmod 700 /home/ldapuser/

HOW TO CONFIGURE LDAP SERVER

First we need to make sure that these required LDAP Server RPMs are installed on our LDAP server such as openldap-2.3.27-5.

Other required LDAP Server RPMS

openldap-clients-2.3.27-5

openldap-devel-2.3.27-5

nss_ldap-253-3

openldap-servers-2.3.27-5

compat-openldap-2.3.27_2.2.29-5

Required LDAP RPMS for Client Machine

We will have to make sure that the following packages are installed on our LDAP client.

openldap-2.3.27-5

openldap-devel-2.3.27-5

openldap-clients-2.3.27-5

nss_ldap-253-3

Configuring The LDAP Server

While we are going to configure LDAP Server, for this we must create an LDAP database and into which we can import the /etc/passwd file.

Here are the steps by step procedure:

1.       Create a Database Directory

In Redhat Enterprise Linux, LDAP by default use  /var/lib/ldap directory to put all the databases. For the example, create a dedicated mydomain.com directory, which should be owned by the user ldap. No need to create ldap user, because this user always created during the RPM installation.

# mkdir /var/lib/ldap/mydomain.com

# chown ldap:ldap /var/lib/ldap/mydomain.com

2.       Create an LDAP "root" password

Only the LDAP root user can create, import data, and export data into an LDAP database. Encrypted password is required for root user. We can create it with the slappasswd command and paste the result in the LDAP configuration file.

# slappasswd

New password:

Re-enter new password:

{SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ

3.       Create a Test Account Named ldapuser

Here we are creating a ldapuser account for testing purpose, using this command.

# useradd -g users ldapuser

# passwd ldapuser

Changing password for user ldapuser.

New password: 

Retype new password: 

passwd: all authentication tokens updated successfully.

4.       Edit the slapd.conf file

The LDAP server's daemon is named slapd and its configuration file is named /etc/openldap/slapd.conf. Update it with:

• A database of the default type bdb using the domain suffix mydomain.com made up of domain components (DCs) mydomain and com.
• The root user with a common name (CN), or nickname, of Manager who, as expected, is part of the mydomain and com DCs.
• The encrypted version of the LDAP root password as well as the location of the LDAP database.

The configuration file syntax to configure LDAP is:

database        bdb

suffix          "dc=mydomain,dc=com"

rootdn          "cn=Manager,dc=mydomain,dc=com"

rootpw          secret

rootpw          {SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ

directory       /var/lib/ldap/mydomain.com

5.       Create Your LDAP Database

This process involves migrating our system’s authentication files to the LDAP database which we will need to create. Here’s what we need to do:

1. Update our file location database with the updated command.  

# updatedb

2. Locate migrate_common.ph file. Here we can see it is located in the /usr/share/openldap/migration/ directory.

# locate migrate_common.ph

Output :     /usr/share/openldap/migration/migrate_common.ph

3. We have to edit this file and replace all instances of the string “padl” with the string “mydomain”. Padl is the website used by some of the LDAP development team. We need our domain to be “mydomain” instead so it matches our /etc/openldap/slapd.conf file. The migrate_common.ph file will be used later by the migration script.

4. Copy the DB_CONFIG.example starter file to our ldap database directory of /var/lib/ldap/mydomain.com.

# cp /etc/openldap/DB_CONFIG.example  /var/lib/ldap/mydomain.com/DB_CONFIG

5. Now we have to migrate our system authentication files using the migrate_all_offline.sh script that should reside in the same directory as the migrate_common.ph file.

# /usr/share/openldap/migration/migrate_all_offline.sh

Creating naming context entries...

Migrating groups...

Migrating hosts...

...

...

...

Preparing LDAP database...

=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)

=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) slapadd: could not add entry dn="cn=raid-am,ou=Services,dc=mydomain,dc=com"(line=16432): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) Migration failed: saving failed LDIF to /tmp/nis.ldif.E14499

6. LDAP would not start unless the files in the database directory are owned by the ldap user. Use the chown command to do this.

# chown -R ldap:ldap /var/lib/ldap/mydomain.com

7. Start LDAP and make sure it should start on reboot.

# service ldap start

Starting slapd: [  OK  ]

# chkconfig ldap on

Now we are ready to go forward! As our database has been created.

Test the LDAP database

For the testing purpose, we can view all the LDAP database entries at the same time with the ldapsearch command; this is a good test to make sure that we have all the correct functionality.

# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

OUTPUT should be like this 

# echo, Services, mydomain.com

dn: cn=echo,ou=Services,dc=mydomain,dc=com

objectClass: ipService

objectClass: top

ipServicePort: 4

ipServiceProtocol: ddp

cn: echo

# rje, Services, mydomain.com

dn: cn=rje,ou=Services,dc=mydomain,dc=com

objectClass: ipService

objectClass: top

ipServicePort: 5

ipServiceProtocol: udp

ipServiceProtocol: tcp

cn: rje

# test, People, mydomain.com

dn: uid=test,ou=People, dc=mydomain,dc=com

uid: test

cn: test

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSQxJFJpbFZJbGh3JHlVWk5KOFZwWER4cjl4enNPUTZwaTE=

shadowLastChange: 14268

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 503

gidNumber: 503

homeDirectory: /home/test

# search result

search: 2

result: 0 Success

# numResponses: 323

# numEntries: 322

THIS IS NOT A COMPLETE RESULT OUTPUT, ITS ONLY A PART OF OUTPUT

WORKING WITH TAPE DRIVES

Naming of SCSI tape device

The st driver provides the interface to a variety of SCSI tape devices under Linux.

• First (auto rewind) SCSI tape device name: /dev/st0
• Second (auto rewind) SCSI tape device name: /dev/st1
• First the non-rewind SCSI tape devices: /dev/nst0
• Second the non-rewind SCSI tape devices: /dev/nst1

Naming of IDE tape device

The ht driver provides the interface to a variety of IDE tape devices under Linux.

• First (auto rewind) IDE tape device name: /dev/ht0
• Second (auto rewind) IDE tape device name: /dev/ht1
• First the non-rewind IDE tape devices: /dev/nht0
• Second the non-rewind IDE tape devices: /dev/nht1

 

Find out at which block you are with mt command:

 

# mt -f /dev/st0 tell

 

 

Check if tape drive is online: # mt -f /dev/st0 status

OUTPUT :

SCSI 2 tape drive:

File number=0, block number=0, partition=0.

Tape block size 0 bytes. Density code 0x40 (DLT1 40 GB, or Ultrium).

Soft error count since last status=0

General status bits on (41010000):

BOT ONLINE IM_REP_EN

 

Rewind tape drive:# mt -f /dev/st0 rewind

 

Erase tape drive: # mt -f /dev/st0 erase

Copy some content to a tape drive : # tar -cvf /dev/st0 /content_path/content.archive

List files on a tape: # tar -tvf /dev/st0

Restore from the tape: # tar -xvf /dev/st0

Restore an specific archive: # tar xvf /dev/st0 /folder/archive.dmp

 

Backup directory /www and /home with tar command (z - compressed):

# tar -czf /dev/st0 /www /home

 

Restore /www directory:

# cd /
# mt -f /dev/st0 rewind
# tar -xzf /dev/st0 www

 

Unload the tape:

# mt -f /dev/st0 offline

 

You can go BACKWARD or FORWARD on tape with mt command itself:
Go to end of data:# mt -f /dev/nst0 eod

Goto previous record:# mt -f /dev/nst0 bsfm 1

Forward record:# mt -f /dev/nst0 fsf 1

 

tar backup on tape through ssh

# tar -cvzf /www | ssh root@station.domain.com "cat > /backup/www.tar.gz"

OR

# tar zcvf - /www | ssh root@192.168.1.101 "cat > /backup/www.tar.gz"

Output:

tar: Removing leading `/' from member names

/www/

/www/n/xx.in/

/www/c/zasx.asd/

....

..

You can also use dd command for clarity purpose:

# tar cvzf - /www | ssh root@192.168.1.101 "dd of=/backup/www.tar.gz"

It is also possible to dump backup to remote tape device:

# tar cvzf - /www | ssh ssh root@192.168.1.101 "cat > /dev/st0"

OR

you can use mt to rewind tape and then dump it using cat command:

# tar cvzf - /www | ssh ssh root@192.168.1.101 $(mt -f /dev/st0 rewind; cat > /dev/st0)$

You can restore tar backup over ssh session:

# ssh root@192.168.1.101 "cat /backup/www.tar.gz" | tar zxvf - 

How To Create LVM Partition

Hello Friends,

 

My friend asked me a query regarding the LVM Creation with a new harddisk. So i thought that it might be helpfull to all my friends using LVM on Linux.

 

To create LVM partition when we have a new hard disk installed on our server/system.

 

STEP 1. fdisk /dev/hdb    // create a partition in second HD

 

Now show the partition table on your system using p command.

 

Command (m for help): p          // show partition table

OUTPUT
Disk /dev/hdb: ---.- GB, xxxxxxxxxx bytes
xxxx heads, xx sectors/track, xxxxxx cylinders
Units = cylinders of xxxxx * xxx = xxxxxxxx bytes
 
Device Boot   Start   End   Blocks   Id   System     
 

// nothing

 

Create a new partition using n option

 

Command (m for help): n     // create partition

Command action
  e    extended
  p    primary partition (1-4)

p    // primary

Partition number (1-4): 1   // partition number

First cylinder (x-xxxxx, default 1):   // First cylinder

Using default value 1  Last cylinder or +size or +sizeM or +sizeK (x-xxxxx, default xxxxx):    // Last cylinder

Using default value xxxxx

 

After creation of new partition we need to see our partition table.

 

Command (m for help):  p   // show partition table

 

OUTPUT
Disk /dev/hdb: xxx.x GB, xxxxxxxxxxxx bytes
xxx heads, xx sectors/track, xxxxx cylinders
Units = cylinders of xxxxxxx * xxx = xxxxxxx bytes
 
   Device Boot Start End      Blocks   Id  System 
  /dev/hdb1      x   xxxxx  xxxxxxxxxx 83  Linux     // created

 

Command (m for help): t      // change partition type

Selected partition 1    // number

Hex code (type L to list codes): L    // show list of type

 

Hex code (type L to list codes): 8e    // Linux LVM

Changed system type of partition 1 to 8e (Linux LVM)
 
Command (m for help): p    // show partition table

 

OUTPUT
Disk /dev/hdb: xxx.x GB, xxxxxxxxxxx bytes
xxx heads, xx sectors/track, xxxxx cylinders
Units = cylinders of xxxxx * xxx = xxxxxxxxx bytes
 
Device Boot Start  End       Blocks         Id      System

/dev/hdb1     x     xxxxx    xxxxxxxx   8e   Linux LVM    // changed

 
Command (m for help):  w    // save and exit

 

STEP 2. fdisk -l /dev/hdb // show status

 

 

STEP 3. Now we need to create Physical Volume

 

pvcreate /dev/hdb1      // create Physical Volume

 

If we need to specify partition size, use command as below

 

pvcreate --setphysicalvolumesize 100G /dev/hdb1

 

 

To display status of Physical volume (Optional)

 

pvdisplay /dev/hdb1        // display status

 

STEP 4. We can change the volume size of Physical volume (Optional)

 

pvresize --setphysicalvolumesize 100G /dev/hdb1

 

STEP 5. To show the physical volume

pvs /dev/hdb1

 

STEP 6.  To Scan the Physical volume

pvscan  /dev/hdb1

 

 

Now we can create Logical Volume, using the following steps.

 

1.     lvcreate –L 10G –n lvm1 vg0

2.     lvdisplay // to display the logical volumes.

3.     lvextend –L 20G /dev/vg0/lvm1

4.      resize2fs /dev/vg0/lvm1   //Most important thing to do in last 

 

Note: Here i have used xxx for any number, depands on the size of the harddisk.

IE 8.0 shook the Market Share

Hello Friends,

I got good news for Internet Explorer users while I was searching about market share of web browsers. Internet Explorer 8.0 usage share long jumped after its beta2 release. Within three days of its release, usage share was already 500% above the peak beta 1 usage share.

 
As all of us know that beta 1 was primarily a developer's preview, beta 2 is the first release to have the new features intended for the final release. These features include a much improved address bar, private mode browsing, better tabs and improved navigation.

 

As Internet Explorer beta2 version is adding some new features including WebSlices and Activities. In the second beta release, Activities are renamed to Accelerators.

 

Some of the features and changes for the Beta 2 compared to Beta 1.

§                     InPrivate

§                     Delete Browsing History

§                     Search Suggestions

§                     User Preference Protection

§                     Caret Browsing

§                      Accelerators (previously known as Activities)

§                     Web Slices (previously known as WebSlices)

§                     Suggested Sites

§                     Tab Color Grouping

§                     Automatic Crash Recovery

§                     SmartScreen Filter (previously known as the Safety Filter)

§                     Tab isolation

 

Removed features

§                     Inline AutoComplete

§                     The option to delete files and settings stored by addons or ActiveX controls.

§                     CSS Expressions are no longer supported in Internet Explorer 8 Standards mode

 

Reference: http://marketshare.hitslink.com/report.aspx?sample=19&qprid=34&qpcustom=Microsoft+Internet+Explorer+8.0

http://en.wikipedia.org/wiki/Internet_explorer_8

Windows Data Backup on Linux Server (SyncBack Details)

Hello Friends,

As I have posted my earlier post regarding Windows Data Backup on Linux Server, after reading the comments, I came to know the curiosity my friends to know more about this. As a blogger it becomes my responsibility to give more n more details to my friends.

I am feeling pleasure to give the details. Its completely one time installation and become tension free of your data backup.

Benefits :

1. Modes – Easy/Expert

2. Backup

3. Synchronization

4. Restoration

5. Finding your files (On Source & Destination)

6. Backup Scheduling

Friends, SyncBack works in two modes that are Easy & Expert modes. In Easy mode, we can take and restore backup from one device to another while in Expert mode, we can take and restore backup on remote machines/devices.

SyncBack can be used for Backup of data from Source to Destination and also supports synchronization i.e. compares the files on both source and destination.

Restoration can be done from Destination to Source but Running a restore operation is not reversible. So always be sure of data before restoration.

Data Selection on source and place for data store on destination is very simple. Data can be stored on FTP Server and Samba Server in Expert mode only.

SyncBackSE will run on the following Windows operating systems:

SyncBackSE requires Windows 2000, Windows XP, or Windows 2003

For more details, I think this site is good : http://www.2brightsparks.com/tutorials/tutorials-hub.html. (It will give you lot of help)

How to configure Yum Server & Client Configuration

Few days back, We were creating a network for an institute. I had installed a Linux workstation on LAN but after installation I need to install some more packages as per the requirement of client. Though I need to copy packages from CD’s again n again and due to unavailability of Internet, I was unable to use yum update/install from internet.

It was a repeated task for me to do on all workstations, so I made my own YUM SERVER which was very helpful for me to install workstation and update any package through my YUM Server.

Then I thought to share my experience with all my friends who are using Linux and face same kind of conditions and waste our time in installing dependencies n all.

This is the quickest and short method to finish our work in time.

Yum Configuration

For making YUM SERVER

First copy to cd/dvd in the directory /var/ftp/pub

#mount /dev/cdrom /mnt
#cp -rvf /mnt/* /var/ftp/pub
#cd /var/ftp/pub
#cp Server/repodata/……… .xml Server
#cp VT/repodata/………….xml VT
#cp Cluster/repodata/……….xml Cluster
#cp ClusterStorage/repodata/……….xml ClusterStorage
#
#rpm -ivh createrepo.......................
#createrepo -vg ………….xml Server
#createrepo -vg ………….xml VT
#createrepo -vg ………….xml Cluster
#createrepo -vg ………….xml ClusterStorage

#cd /etc/yum.repos.d
#vi server.repo
[Server]
name= Yum Server Repository
baseurl=file:///var/ftp/pub/Server
gpgcheck=0

[VT]
name=Yum VT Server
baseurl=file:///var/ftp/pub/Server
gpgcheck=0

[Cluster]
name=Yum Cluster Server
baseurl=file:///var/ftp/pub/Cluster
gpgcheck=0

[ClusterStorage]
name=Yum ClusterStorage Server
baseurl=file:///var/ftp/pub/ClusterStorage
gpgcheck=0

#yum clean all
#yum list
#yum grouplist

Now here you can see your yum is working.

OK.

Now u test it so install any package.

#yum install system-config-kickstart*

If you want to install a group

#yum groupinstall “Virtualization”

if u want to remove it then

#yum remove system-config-kickstart*

Now Server configurations are done.

Its time to configure on client machine


For making CLIENT

#chkconfig vsftpd on

make a repository file
#cd /etc/repos.d

#vi client.repo

[Server]
name=client server yum
baseurl=ftp://x.x.x.x/pub/Server
gpgcheck=0

[VT]
name=client server yum
baseurl=ftp://x.x.x.x/pub/VT
gpgcheck=0

[Cluster]
name=client server yum
baseurl=ftp://x.x.x.x/pub/Cluster
gpgcheck=0

[ClusterStorage]
name=client server yum
baseurl=ftp://x.x.x.x/pub/ClusterStorage
gpgcheck=0

#yum list




Now u install any package or you go to GUI and see add remove program its working fine and package option are coming that means ok. But note it client should be connected to server in LAN.

Hope, you will also got help from my experience. In case you need any kind of help, please mail me on gaur.vibhor@gmail.com.

Windows Data Backup on Linux Server

I had a work to take backup of Windows Data Server on my Linux based backup server.

As a user, i never tried for such kind of things specially merging the data of two different platforms. Mostly services offered by the Windows are different from Linux. In Win XP, could not find a suitable service to backup and synchronization of data on live server.

I tried many Open Source utilities like Cygwin, Amanda Backup etc. These are very hectic and needs a lot of hardware involvement and requires a lot of settings.

One of my friends suggested me to try SyncBack at least once.



Its amazing, all the things which i needed found and works, in a very simple graphical settings.

For further queries, please contact me on mail id gaur.vibhor@gmail.com.