Search results for query "change username Linux"
- 135 messages
Re: [CentOS] [OT] Remote control of a WinXP machine from a Linux host
by John R Pierce
Marko Vojinovic wrote:
> Sorry for an off topic post, but a lot of you folks are sysadmins here or
> there, and just might have a suggestion... ;-)
>
> I have a WinXP machine that is to be unattended for a period of 3 years (yes,
> I know, it sounds ridiculous, but still...). What I need is remote access to
> it to perform regular system maintenance, virus cleanups, occasional software
> installations, reboots, config changes, etc.
>
> Of course, rdesktop would do it, or vnc server or something else. The problem
> is that this machine is behind a NAT, and I cannot access it remotely from
> outside (and I need access from whereever on the planet I may happen to be).
>
> Basically, I need to setup some type of ssh tunnelling from XP (machine A) to
> my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further
> to my laptop (machine C, Fedora 10) located elsewhere (possibly behind
> another NAT, I can't know in advance). I have root access for all three
> machines (A, B and C). Of course, all three are on different LANs.
>
>
if this remote XP machine is behind a NAT server that you can log onto
with SSH, then, from your local machine...
ssh -L 3390:private-ip-of-remote-XP-machine:3389
username@ip-or-hostname-of-remote-NAT-server
and use rdesktop (or XP MSTSC.EXE) to connect to localhost:3390 which
will be forwarded over the SSH tunnel to the remote XP machine's RDP
service. (Remote Desktop Protocol)
or, if this remote NAT is some sort of appliance router (linksys etc),
setup a port forward on said router to forward inbound TCP port XXXX to
ip-of-XP-machine:3389
and connect your rdesktop/mstsc.exe to ip-of-nat-server:XXXX
Windows remote desktop uses a fairly secure challenge/handshake
authentication protocol, so as long as all accounts on said remote XP
box have reasonably strong passwords, this is more secure than some
might think. Its certainly more secure than plain vanilla VNC
17 years, 2 months
Re: [CentOS] duqu
by Ljubomir Ljubojevic
Vreme: 12/07/2011 03:37 PM, Bowie Bailey piše:
> On 12/7/2011 7:07 AM, Lamar Owen wrote:
>> On Tuesday, December 06, 2011 08:06:55 PM James A. Peltier wrote:
>>> [Changing the port #] is completely and utterly retarded. You have done *NOTHING* to secure SSH by doing this. You have instead made it only slightly, and I mean ever so slightly, more secure. A simple port scan of your network would find it within seconds and start to utilize it.
>> Simple port scans don't scan all 65,536 possible port numbers; those scans are a bit too easy for IDS detection and mitigation. Most scans only scan common ports; the ssh brute-forcer I found in the wild only scanned port 22; if it wasn't open, it went on to the next IP address.
>>
>> Unusual port numbers, port knocking, and similar techniques obfuscate things enough to eliminate the 'honest' script-kiddie (that is, the one that doesn't know any more that what the log of the brute-forcer I found showed, that the kiddie was going by a rote script, including trying to download and install a *windows 2000 service pack* on the Linux server in question). This will cut down the IDS noise, that's for sure. And cutting down the information overload for the one tasked with reading those logs is important.
>>
>> Of course, it could be argued that if you have port 22 open and you get those kiddies, you can block all access from those addresses with something like fail2ban (and pipe into your border router's ACL, if that ACL table has enough entries available.....).
>
> Now there's an idea. Run your SSH server on a non-standard port and put
> something on port 22 that does nothing but listen for connections and
> then block any IP that tries to connect (via fail2ban or whatever).
> That way the script kiddies have no chance of getting in on port 22 and
> anyone who tries is now blocked on all ports or even blocked from the
> entire network.
>
Better yet. sshd could be upgraded to have dummy daemon on port 22. He
will accept connections, ask for password but will not be able to
resolve any usernames. Now THAT would be something.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
14 years, 3 months
Re: [CentOS] Samba help
by Jose Maria Terry Jimenez
El 15/11/17 a las 3:11, david escribió:
> Folks
>
> I have a Centos7 system (SOFA) and want to install a Samba share named
> "STUFF" for the machines inside my home. All users in my home have
> read access to the share, but only one user "me" has write
> permission. The configuration below worked just fine when the Samba
> system was on Centos 6, but did not work under Centos 7. The client
> machine is Windows 10. I have changed all "private" information for
> this message.
>
> The Centos 7 machine is running with SELINUX disabled, and effectively
> without firewall.
>
> Windows network browsing finds the computer, but not the share. (it
> used to find the share with Centos 6).
>
> The server name is SOFA
> The share name is STUFF
> the Workgroup name is MYGROUP
>
> The Linux account is "melinux"
> The logon name from windows is "me"
>
> I have issued the command
> smbpass -a me
> <password-for-me>
> <password-for-me>
>
> smb.conf contains:
> ---------------------------------------------
>
> # Samba Configuration
>
> [global]
> dns proxy = no
> hosts allow = 192.168. 127. 10. localhost
> hosts deny = ALL
> log file = /var/log/samba/%m.log
> max log size = 50
> netbios name = SOFA
> printcap name = /dev/null
> printing = bsd
> security = user
> server string = Samba %v on sofa
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> username map = /etc/samba/smbusers
> winbind use default domain = no
> workgroup = MYGROUP
> [STUFF]
> browsable = yes
> case sensitive = no
> comment = STUFF on sofa
> create mask = 0755
> directory mask = 0755
> force user = melinux
> guest ok = yes
> path = /home/samba-share
> write list = melinux
>
> ----------------------------------------------
>
> smbusers contains:
> ----------------------------------------------
>
> melinux = me
>
> ----------------------------------------------
>
> Where have I gone wrong? What changed from C6 to C7. Any advice
> would be appreciated.
>
> David
>
Is the path right? The permissions/owner/group are correct for your users?
Once i got fool looking for a similar problem and the share path was wrong!
8 years, 4 months
[CentOS-virt] Xen DomU's randomly freezing
by Daz Day
Hi,
I've tried hitting up the CentOS forums and thought I'd try here too as I
don't seem to be getting any bites.
We've been in the process of migrating all our hypervisors over to CentOS 7
using Xen. Once we had a few up and running we started to notice that the
DomU's would randomly freeze. They become unresponsive to any network
traffic, stop consuming CPU resources on the hypervisor and it's not
possible to log in to the console locally using:
virsh console <domain>
We can sometimes get as far as typing a username and hitting return, but
the DomU just hangs there. It doesn't seem to matter what Linux distro the
DomU is running, it affects them all. The only way we can get them back is
by destroying and recreating them (far from ideal!).
After a bit of research and digging around, we eventually found these 2
nuggets:
https://wiki.gentoo.org/wiki/Xen#Xen_domU_hanging_with_kernel_4.3.2B
https://www.novell.com/support/kb/doc.php?id=7018590
They both advise adding the command line argument:
gnttab_max_frames=256(the default is 32).
We applied this change and all hypervisors rand stable for around a week
until DomU's started freezing again (we've since tried even higher values,
to no avail). More research later led me to
https://bugs.centos.org/view.php?id=14258 and
https://bugs.centos.org/view.php?id=14284 (which are essentially the same
report). There hasn't really been any movement on these tickets
unfortunately, but I have +1'd them.
Have any others had issues with Xen and DomU's locking up in CentOS 7? Are
there any other fixes/workarounds? If any additional info is needed that
isn't already in the bug tickets or forum post, please let me know and I'll
be happy to provide whatever is required (these freezes are happening at
least once a day).
Any help would be much appreciated and would mean my Ops guys could get a
decent sleep!
Cheers
Darren
7 years, 11 months
Re: [CentOS] INSTALLING UPDATES-PROXY PROBLEM
by arun kumar
hey, iam extremly sorry for giving u trouble,
as u said i set the environment....
this is the outcome after that
[BTIS@WORKSTATION3 ~]$ env | grep -i http_proxy
http_proxy=http://asomavarapu@actrec.gov.in:dbsa121@10.100.15.3:8080
HTTP_PROXY=http://asomavarapu@actrec.gov.in:dbsa121@10.100.15.3:8080
[BTIS@WORKSTATION3 ~]$
and this is the file of .bash_profile that i edited
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$PATH:$HOME/bin
export PATH
export http_proxy="http://asomavarapu@actrec.gov.in:dbsa121@10.100.15.3:8080
"
export HTTP_PROXY="http://asomavarapu@actrec.gov.in:dbsa121@10.100.15.3:8080
"
then i tried the command yum check-updates ,then this is the outcome
[BTIS@WORKSTATION3 ~]$ yum check-update
Loaded plugins: fastestmirror, refresh-packagekit
Could not retrieve mirrorlist
http://mirrorlist.centos.org/?release=6&arch=i386&repo=os error was
14: PYCURL ERROR 22 - "The requested URL returned error: 407"
Could not retrieve mirrorlist
http://mirrorlist.centos.org/?release=6&arch=i386&repo=centosplus error was
14: PYCURL ERROR 22 - "The requested URL returned error: 407"
Could not retrieve mirrorlist
http://mirrorlist.centos.org/?release=6&arch=i386&repo=extras error was
14: PYCURL ERROR 22 - "The requested URL returned error: 407"
http://dl.google.com/linux/chrome/rpm/stable/i386/repodata/repomd.xml:
[Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 407"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository:
google-chrome. Please verify its path and try again
[BTIS@WORKSTATION3 ~]$
On Tue, Mar 27, 2012 at 3:39 PM, Prabhpal S. Mavi <
prabhpal(a)digital-infotech.net> wrote:
> Hi Arun,
>
> Please understand and do as Johnny advised, it will fix your problem.
> Thanks
> > On 03/27/2012 03:47 AM, arun kumar wrote:
> >> sorry for not mentioning before that iam new to linux
> >>
> >> i have full access to internet, this is an educational institution,
> >> every
> >> one have there seperate username and pasword for login...
> >> so i used the my username and password in the yum.conf file..
> >>
> >> i tried from GUI also like
> >>
> >> system->Administration-> software update ,then i got the
> >> folowing warning and error
> >>
> >> Software Update Viewer is running as a privileged user
> >> Package management applications are security sensitive.
> >> Running graphical applications as a privileged user should be avoided
> >> for
> >> security reasons.
> >>
> >> problem connecting to software source
> >>
> >> i also tried
> >> system->Administration->Add/Remove software
> >>
> >> iam not understanding what else to try
> >
> > <snip>
> >
> > If you do not have the Environment variable set for http_proxy, then
> > curl will not work. This seems like your problem to me.
> >
> > To see if you have http_proxy set as an environment variable, use this
> > command:
> >
> > env | grep -i http_proxy
> >
> > You need to check the above variable for both your "root user" and your
> > "local user" (local user's variables would be used if you are running
> > yum with sudo or su root ... root user would be used if you did "su -
> > root" or logged in directly as root.
> >
> > If the result is in caps, like this:
> >
> > HTTP_PROXY=http://my_username:mypassword@10.101.16.4:8080
> >
> > Then curl might have an issue, so also add it in lower case like this:
> >
> > http_proxy="http://my_username:mypassword@10.101.16.4:8080"
> >
> > So, If you do not have a lower case "http_proxy=", then you would set it
> > in your root's ".bash_profile" file and your local user's
> > ".bash_profile" file. This is the line you would add to both users
> > .bash_profile:
> >
> > export http_proxy="http://my_username:mypassword@10.101.16.4:8080"
> >
> > After making the change, log out and back in to have the variables take
> > effect and then check them again with the grep command above ...
> >
> > Once you have the correct lower case variable set for "http_proxy=" for
> > both your normal local user and for root, you should be able to use yum
> > and curl.
> >
> > <snip>
> >
> >>> If the proxy server requires a username and password, add these to the
> >>> URL. To include the username |yum-user| and the password |qwerty|, add
> >>> these settings:
> >>>
> >>> |# The Web proxy server, with the username and password for this
> >>> account
> >>> http_proxy="http://yum-user:qwerty@mycache.mydomain.com:3128"
> >>> export http_proxy|
> >>>
> >>> *Example 5. Profile Settings for a Secured Proxy Server*
> >>>
> >>> [Note] The |http_proxy| Environment Variable
> >>>
> >>> The |http_proxy| environment variable is also used by |curl| and other
> >>> utilities. Although |yum| itself may use |http_proxy| in either
> >>> upper-case or lower-case, |curl| requires the name of the variable to
> >>> be
> >>> in lower-case.
> >>>
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS(a)centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
>
>
> Thanks / Regards
> Prabhpal S. Mavi
> Email: prabhpal(a)digital-infotech.net
> Sent Through .Net Domain From iPhone
>
> _______________________________________________
> CentOS mailing list
> CentOS(a)centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Arun Kumar Somavarapu
Project-JRF
Dr. Prasanna's lab
TMC, ACTREC
Navi Mumbai-410210
14 years
[CentOS] Step-by-Step Tutorial: How to Deploy cPanel Web Hosting Control Panel version 11.74 on CentOS 7.5 Linux Server version 1805 in Amazon AWS Cloud
by Turritopsis Dohrnii Teo En Ming
Step-by-Step Tutorial: How to Deploy cPanel Web Hosting Control Panel version 11.74 on CentOS 7.5 Linux Server version 1805 in Amazon AWS Cloud
Secondary Subject/Topic: How to Setup a New Startup Web Hosting Company Using cPanel Web Hosting Control Panel version 11.74, CentOS 7.5 Linux Server version 1805, and Amazon AWS Cloud
Tertiary Subject/Topic: How to Startup Your Own Internet Business Like China's Billionaire Jack Ma. Will Teo En Ming Be Able to Emulate Jack Ma?
Objective: Experimental and Feasibility Studies for Teo En Ming's Startup Internet Business
AUTHOR OF THIS TUTORIAL: MR. TURRITOPSIS DOHRNII TEO EN MING (ZHANG ENMING) @ TIME TRAVELLER
ACADEMIC QUALIFICATIONS:
(1) Bachelor of Engineering (Second Class Lower Honours) in Mechanical Engineering from National University of Singapore (Graduated DEC 2006), with Electives in Aerospace Engineering
(2) Part Time Diploma (Conversion) in Computer Networking with 4 Distinctions from Singapore Polytechnic (Graduated 2017)
(3) Full Time Diploma in Mechatronics Engineering with Merit from Singapore Polytechnic (Graduated 1998)
(4) Certificate of Completion for CISCO Certified Network Associate (CCNA) 5-DAY Boot Camp from NTUC Learning Hub, Singapore, Year 2017
(5) National Infocomm Competency Framework (NICF) (Singapore) Certificate in Configuring a CISCO Router, Year 2017
(6) National Infocomm Competency Framework (NICF) (Singapore) Certificate in Configuring a CISCO Switch, Year 2017
(7) GCE "O" Levels with 7 A1s and 1 A2, Top Student Award, Graduated 1994
(8) Primary School Leaving Examination (PSLE) Score of 238, Graduated 1990
AGE: 40 YEARS OLD (as at 1ST SEPTEMBER 2018)
COUNTRY OF RESIDENCE: REPUBLIC OF SINGAPORE
DATE: 1ST SEPTEMBER 2018 SATURDAY
TIME: 8:30 PM SINGAPORE TIME, GREENWICH MEAN TIME+8
PRIMARY EMAIL: teo.en.ming AT gmail.com
SECONDARY EMAIL: teo.en.ming.BUSINESS AT gmail.com
DOCUMENT VERSION: 1809.01
COPYRIGHT (C) 2018 TURRITOPSIS DOHRNII TEO EN MING. This step-by-step tutorial is written by Teo En Ming in Singapore.
NB: This document consists of a total of 251 steps.
SECTION 1: DEPLOYING THE CPANEL DNSONLY DOMAIN NAME SERVERS
===========================================================
001. Login to your Amazon AWS Cloud account.
002. Click Services > Compute > EC2
003. Click Network and Security > Elastic IPs
004. Click Allocate new address. Click Allocate. New address request succeeded, for example, 13.58.134.234.
005. Click Instances > Instances. Click Launch Instance.
006. Click AWS Marketplace.
007. Search for CentOS.
008. Select CentOS 7 (x86_64) - with Updates HVM Amazon Machine Image (AMI). Click Continue.
009. Select General Purpose, t2.micro, 1 vCPU, 1 GB RAM (FREE TIER ELIGIBLE).
010. Click Next: Configure Instance Details.
011. Select Network: <Your VPC network>
012. Select Subnet: <Your subnet> | Public subnet | us-east-2a
013. Click Protect against accidental termination.
014. Click Next: Add Storage
015. Click Next: Add Tags
016. Enter Key = Name and Value = CPANEL NAME SERVER 1
017. Click Next: Configure Security Group
018. Click Select an existing security group
019. Select NS_SG (Name Server Security Group).
020. Click Review and Launch. Click Launch.
021. Select a key pair.
022. Click Network and Security > Elastic IPs.
023. Select Elastic IP 13.58.134.234.
024. Click actions > associate address.
025. Select Instance: CPANEL NAME SERVER 1
026. Click Allow Elastic IP to be reassociated if already attached.
027. Click Associate.
028. Login to CentOS 7 Linux Server using Putty. Use centos as username.
Follow the Installation Guide - cPanel DNSONLY Installation at https://documentation.cpanel.net/display/74Docs/Installation+Guide+-+cPanel…
SECTION 2: INSTALLING CPANEL DNSONLY NAME SERVER 1
==================================================
029. cd /home
030. sudo curl -o latest-dnsonly -L https://securedownloads.cpanel.net/latest-dnsonly
031. sudo sh latest-dnsonly
032. sudo /scripts/configure_firewall_for_cpanel
033. sudo passwd root
034. Go to https://13.58.134.234:2087 and login.
035. Click I Agree. Go to Step 2
036. Enter Server Contact Email Address.
037. Enter Server Hostname, for example, ns1.teo-en-ming-corp.com
038. Enter Primary Resolver, e.g. 8.8.8.8
039. Enter Secondary Resolver, e.g. 8.8.4.4
040. Click Save and Go to Step 3.
041. Click Skip this step and use my server's default settings.
042. Select BIND DNS Server.
043. Nameserver 1: ns1.teo-en-ming-corp.com
044. Nameserver 2: ns2.teo-en-ming-corp.com
045. Request another Elastic IP address in Amazon AWS Cloud as per steps above, e.g. 52.15.109.147
046. Click Configure Nameserver A Records
047. ns1.teo-en-ming-corp.com IPv4: 13.58.134.234
048. ns2.teo-en-ming-corp.com IPv4: 52.15.109.147
049. Click Finish.
050. Login to your domain registrar, e.g. godaddy.com
051. Select your domain name, e.g. teo-en-ming-corp.com
052. Click Manage DNS. Click Host names. Click Add.
053. Map ns1.teo-en-ming-corp.com to 13.58.134.234. Click Save.
054. Click Add.
055. Map ns2.teo-en-ming-corp.com to 52.15.109.147. Click Save.
056. Select your domain name, e.g. teo-en-ming-corp.com
057. Click Manage DNS.
058. Under Nameservers, click Change. Select Custom.
059. Under Nameserver, enter ns1.teo-en-ming-corp.com and ns2.teo-en-ming-corp.com
060. Log out from your domain registrar, e.g. godaddy.com
061. You should now be able to access https://ns1.teo-en-ming-corp.com:2087/
SECTION 3: INSTALLING CPANEL DNSONLY NAME SERVER 2
==================================================
062. Go to Amazon AWS Management Console.
063. Click Instances > Instances.
064. Click Launch Instance.
065. Click AWS Marketplace.
066. Search for CentOS.
067. Select CentOS 7 (x86_64) - with Updates HVM Amazon Machine Image (AMI). Click Continue.
068. Select General Purpose, t2.micro, 1 vCPU, 1 GB RAM (FREE TIER ELIGIBLE).
069. Click Next: Configure Instance Details.
070. Select Network: <Your VPC network>
071. Select Subnet: <Your subnet> | Public subnet | us-east-2a
072. Click Protect against accidental termination.
073. Click Next: Add Storage.
074. Click Next: Add Tags.
075. Enter Key = Name and Value = CPANEL NAME SERVER 2
075. Click Next: Configure Security Group
076. Click Select an existing security group
077. Select NS_SG (Name Server Security Group).
078. Click Review and Launch. Click Launch.
079. Select a key pair.
080. Click Launch Instances.
081. Click Network and Security > Elastic IPs.
082. Select 52.15.109.147.
083. Click Actions > Associate address.
084. Select Instance: CPANEL NAME SERVER 2
085. Click Allow Elastic IP to be reassociated if already attached.
086. Click Associate.
087. Login to CentOS 7 Linux Server using Putty. Use centos as username.
088. cd /home
089. sudo curl -o latest-dnsonly -L https://securedownloads.cpanel.net/latest-dnsonly
090. sudo sh latest-dnsonly
091. sudo /scripts/configure_firewall_for_cpanel
092. sudo passwd root
093. Go to https://ns2.teo-en-ming-corp.com:2087 and login.
094. Click I Agree. Go to Step 2.
095. Enter Server Contact Email Address.
096. Enter Server Hostname: ns2.teo-en-ming-corp.com
097. Enter Primary Resolver, e.g. 8.8.8.8
098. Enter Secondary Resolver, e.g. 8.8.4.4
099. Click Save and Go to Step 3.
100. Click Skip this stemp and use my server's default settings.
101. Select BIND DNS Server.
102. Nameserver 1: ns1.teo-en-ming-corp.com
103. Nameserver 2: ns2.teo-en-ming-corp.com
104. Click Configure Nameserver A Records
105. ns1.teo-en-ming-corp.com IPv4: 13.58.134.234
106. ns2.teo-en-ming-corp.com IPv4: 52.15.109.147
107. Click Finish.
SECTION 4: INSTALLING THE CPANEL WEB/VIRTUAL SERVER
===================================================
Follow the Installation Guide at https://documentation.cpanel.net/display/74Docs/Installation+Guide
108. Click Network and Security > Elastic IPs
109. Click Allocate new address. Click Allocate.
110. New address request succeeded, e.g. 18.223.26.190
111. Click Instances > Instances.
112. Click Launch Instance.
113. Click AWS Martketplace.
114. Search for CentOS.
115. Select CentOS 7 (x86_64) - with Updates HVM Amazon Mage Image (AMI). Click Continue.
116. Select General purpose, t2.micro, 1 vCPU, 1 GB RAM (FREE TIER ELIGIBLE).
117. Click Next: Configure Instance Details.
118. Select Network: <Your VPC network>
119. Select Subnet: <Your subnet> | Public subnet | us-east-2a
120. Click Protect against accidental termination.
121. Click Next: Add Storage.
122. Change Size (GiB) from 8 to 30. It is still free tier eligible.
123. Click Next: Add Tags.
124. Enter Key = Name and Value = CPANEL WEB SERVER
125. Click Next: Configure Security Group
126. Click Select an existing security group.
127. Select VS_SG (Virtual Server Security Group).
128. Click Review and Launch. Click Launch.
129. Select a key pair.
130. Click Launch Instances.
131. Click Network and Security > Elastic IPs.
132. Select 18.223.26.190
133. Click Actions > Associate address.
134. Select Instance: CPANEL WEB SERVER.
135. Click Allow Elastic IP to be reassociated if already attached.
136. Click Associate.
137. Login to CentOS 7 Linux Server using Putty. Use centos as username.
138. sudo passwd root
139. su - root
140. cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
141. /scripts/configure_firewall_for_cpanel
142. Go to https://18.223.26.190:2087 which is your Virtual Server and login.
143. Click I Agree. Go to Step 2.
144. Enter Server Contact Email Address.
145. Enter Server Hostname: cpanel.teo-en-ming-corp.com
146. Enter Primary Resolver, e.g. 8.8.8.8
147. Enter Secondary Resolver, e.g. 8.8.4.4
148. Click Save and Go to Step 3.
149. Click Skip this step and use my server's default settings.
150. Under Nameserver Configuration, select Disabled. DNS Server is not necessary for a Virtual Server.
151. Nameserver 1: ns1.teo-en-ming-corp.com
152. Nameserver 2: ns2.teo-en-ming-corp.com
153. Click Configure Nameserver A Records
154. ns1.teo-en-ming-corp.com IPv4: 13.58.134.234
155. ns2.teo-en-ming-corp.com IPv4: 52.15.109.147
156. Click Save and Go to Step 5.
157. Under FTP Configuration, select Pure-FTPD.
158. Click Enable Brute Force Protection. Select Everything.
159. Click Save and Go to Step 6.
160. Click Use filesystem quotas.
161. Click Finish.
162. Click Go to WHM.
163. Enable Global DCV Passthrough.
164. Enable The SSL/TLS Wizard in cPanel.
165. Click Save Settings.
SECTION 5: CONFIGURING CPANEL DNS CLUSTER
=========================================
SECTION 5.1: CONFIGURING DNS CLUSTER FOR THE PRIMARY NAME SERVER NS1.TEO-EN-MING-CORP.COM
=========================================================================================
166. Go to https://ns1.teo-en-ming-corp.com:2087
167. Click Clusters > DNS Cluster.
168. Click Enable DNS Clustering.
169. Click Return to Cluster Status.
170. Go to https://ns2.teo-en-ming-corp.com:2087
171. Click Clusters > DNS Cluster
172. Click Enable DNS Clustering.
173. Click Return to Cluster Status.
For the following steps, please refer to Part 3: How I Built a cPanel Hosting Environment on Amazon AWS at https://blog.cpanel.com/part-3-how-i-built-a-cpanel-hosting-environment-on-…
174. Go to https://ns1.teo-en-ming-corp.com:2087
175. Click Development > Manage API Tokens. API = Application Programming Interface.
176. Click Generate Token.
177. Enter name: NS1
178. Click Everything
179. Click Save.
180. Copy your API token from Name Server 1 to the clipboard.
181. Go to https://18.223.26.190:2087 which is your Virtual Server.
182. Click Clusters > DNS Cluster
183. Click Enable DNS Clustering
184. Click Return to Cluster Status.
185. Select Backend Type: cPanel
186. Click Configure.
187. Remote cPanel & WHM DNS host: ns1.teo-en-ming-corp.com
188. Remote server username: root
189. Paste the API token from Name Server 1.
190. Click Setup Reverse Trust Relationship
191. Set DNS Role to Synchronize Changes.
192. Click Submit.
193. Click Return to Cluster Status
194. Go to https://18.223.26.190:2087 which is your Virtual Server.
195. Click Development > Manage API Tokens.
196. Click Generate Token.
197. Enter Name: VS
198. Click Everything.
199. Click Save.
200. Copy the API Token from the Virtual Server to the clipboard.
201. Go to https://ns1.teo-en-ming-corp.com:2087
202. Click Clusters > DNS Cluster
203. Click Configure.
204. Remote cPanel & WHM DNS host: cpanel.teo-en-ming-corp.com
205. Remote server username: root
206. Paste the API Token from the Virtual Server.
207. Click Setup Reverse Trust Relationship.
208. Set DNS Role to Standalone.
209. Click Submit.
It says DNS Lookup Failed for cpanel.teo-en-ming-corp.com
210. Go to https://18.223.26.190:2087 which is your Virtual Server.
211. Click DNS Functions. Click Add an A Entry for Your Hostname.
212. Hostname: cpanel.teo-en-ming-corp.com
213. Server Main IP: 18.223.26.190
214. Click Add Entry.
Added cpanel.teo-en-ming-corp.com ok
You should now be able to ping cpanel.teo-en-ming-corp.com
215. Go to https://ns1.teo-en-ming-corp.com:2087
216. Click Clusters > DNS Cluster
217. Click Configure.
218. Remote cPanel & WHM DNS host: cpanel.teo-en-ming-corp.com
219. Remote server username: root
220. Copy the API Token from the Virtual Server.
221. Click Setup Reverse Trust Relationship.
222. Set DNS Role to Standalone.
223. Click Submit.
224. Click Return to Cluster Status.
SECTION 5.2: CONFIGURING DNS CLUSTER FOR THE SECONDARY NAME SERVER NS2.TEO-EN-MING-CORP.COM
===========================================================================================
225. Go to https://ns2.teo-en-ming-corp.com:2087
226. Click Development > Manage API Tokens
227. Click Generate Token
228. Enter Name: NS2
229. Click Everything
230. Click Save.
231. Copy the API Token from Name Server 2 to the clipboard.
232. Go to https://18.223.26.190:2087 which is your Virtual Server.
233. Click Clusters > DNS Cluster
234. Click Configure.
235. Remote cPanel & WHM DNS host: ns2.teo-en-ming-corp.com
236. Remote server username: root
237. Paste the API Token from Name Server 2.
238. Click Setup Reverse Trust Relationship.
239. Set DNS Role to Synchronize Changes.
240. Click Submit.
241. Go to https://ns2.teo-en-ming-corp.com:2087
242. Click Clusters > DNS Cluster
243. Click Configure.
244. Remote cPanel & WHM DNS host: cpanel.teo-en-ming-corp.com
245. Remote server username: root
246. Paste the API Token from the Virtual Server.
247. Click Setup Reverse Trust Relationship
248. Set DNS Role to Standalone.
249. Click Submit
250. Click Return to Cluster Status
SECTION 6: CONCLUSION
=====================
251. You should now be able to access your Virtual Server at https://cpanel.teo-en-ming-corp.com:2087/
===END OF TUTORIAL===
If you happen to find any mistake with my step by step tutorial, please drop me a message.
===BEGIN SIGNATURE===
Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017
[1] https://tdtemcerts.wordpress.com/
<https://tdtemcerts.wordpress.com/>[2] http://tdtemcerts.blogspot.sg/
<http://tdtemcerts.blogspot.sg/>[3] https://www.scribd.com/user/270125049/Teo-En-Ming
<https://www.scribd.com/user/270125049/Teo-En-Ming>===END SIGNATURE===
7 years, 7 months
RE: [CentOS] Mounting SMB shares for samba home dirs
by Craig White
On Tue, 2005-07-26 at 16:26 +1000, Nick Bryant wrote:
> > You can't have user permissions on 'foreign' file systems - all files
> > and folders are owned by whomever mounts it.
> >
>
> That explains the error then :)
>
> > You can download for free - Microsoft's SFU (Services for Unix) and
> > create NFS exports from the NAS Appliance and mount them on the
> > Linux/Unix system and share them but be prepared for some latency (I
> > sort of gave up on this concept myself). You could also create a 'DFS'
> > tree that has the 'base' on the Linux server and the subtrees on the NAS
> > appliance.
>
> Ok did this. Got NFS working on it... problem is that even though it doesn't
> bork with an error it still won't let me change the ownership. I think I
> know why but I don't know how to do a no_root_squash export on a W2k3 box of
> doom, and I won't go there on this list.
----
If I recall correctly, there was a check box on SFU when you create/edit
the nfs exports to 'allow root access' - I also use the username mapping
to map root <-> Administrator so Windows considers them to be one and
the same.
----
>
> >
> > Of course there is no reason that you can't direct Samba to create
> > Windows Users 'HOMES' share directly on/from the NAS appliance itself
> > and that is likely the best/fastest way to do it. Since the NAS Server
> > is 'joined' to the domain, it will have all the user accounts and can
> > happily deal with the ACL's for the home share.
>
> It seems a little more complex but sounds like it would be the way forwards.
> Do you have any more info on exactly how about you create a user with a
> non-local fs home dir?
----
If you use usermgr.exe or the pdbedit command, you can put in the paths
for their home and profile directories individually...
\\NAS\USERS\craig
\\NAS\PROFILES\craig
man pdbedit
----
>
> >
> > With Samba 3.0.x and LDAP or tdbsam backend, you can specify a unique
> > home and profile directory for each user and put them on different
> > servers if you wish.
> >
>
> It's running on samba 3 with tdb backend...
----
I tend to use LDAP and have some ability to edit ldif files directly
which isn't an option with tdb.
Craig
20 years, 8 months
Re: [CentOS] How to tell if I've been hacked?
by Bill Campbell
On Sat, Aug 22, 2009, Dave wrote:
>On Sat, Aug 22, 2009 at 6:49 AM, Bill Campbell<centos(a)celestial.com> wrote:
>> I review daily reports from over 50 systems every morning, checking changes
>> found, usually taking no more than 10 minutes a day. The key is to keep
>> the reports simple, and to make updating easy (and to have procedures that
>> monitor systems to be sure they's still alive and reporting in).
>
>So how do you track the inevitable changes? Not saying you can't, just
>curious. For me, when I look at a batch of changes, some of them are
>obviously stuff I've done, other stuff not so obvious. I also filter
>reports through a script that sort of does a diff and makes an attempt
>to limit the boilerplate. Sometimes it is a bit too terse.
First off, we don't allow automatic updates on most systems, much
preferring to do them manually making it pretty easy to refresh
the comparison database immediately after the update is complete.
The odds that a cracker will get in and do their dirty deeds
while this are going on are pretty low, and can probably be
ignored.
We handle pretty much all server stuff under the OpenPKG portable
package management system so things like spamassassin, amavisd,
clamav, and postfix are not the distribution versions, but those
from OpenPKG (which are generally updated more quickly then the
distribution's). A typical occurrence will be that we get an
e-mail saying that clamav is out of date from the nightly
freshclam update, I will pick up the new sources, update the
OpenPKG SRPM for it, and deploy it 40 or so systems running it,
and expect to see a corresponding set of notices the next morning
that files under clamav have changed.
The clusterssh program makes this sort of thing much more efficient
as one can execute shell commands on multiple systems simultaneously.
>> We create a file system initially, the same size as ``/'', and make a copy
>> of ``/'' in it identical except for the /etc/fstab entry. This is not
>> mounted in normal operations, but the system can be booted from it to get
>> to a clean system.
>
>Wow, elaborate. How do you protect this file system from intruders?
>Exterrnal and powerred off?
That's one way to do it. We also run a fair number of Linux
servers under VMware so periodic snapshots and backups simplify
the task.
I have not seen many successful cracks of Linux boxes that we
have configured from scratch. Some basic things can be done to
minimize the chances of cracks.
+ Create the baseline for intrusion detection tools before putting the
syste on line, and monitor it daily.
+ Configure openssh to refuse password authentication requiring
authorized_keys access.
+ Configure openssh with tcp_wrappers support, restricting access by IP
address and/or domain names. I consider this absolutely mandatory if
one needs to all username and password authentication.
+ Use fail2ban or similar techniques to quickly block IP addresses that
are found probing the system (don't forget to look at POP and IMAP
logs for failed login attempts).
+ Use /bin/false as the standard shell for accounts that don't have good
reason for shell access. This does not affect e-mail or most services
that a typical ISP customer needs.
+ Use OpenVPN for access. This works well even when in hotels with NAT
firewalls, and is not easily hacked anonymously.
+ Restrict access of webmin and usermin to local networks so they are
not vulnerable to outside attack. These services are available to
people outside connecting with OpenVPN.
+ Restrict webmail, pop, and imap access to secure connections using
https, tls, ssl. We have never been able to get the average ISP
customer to use good passwords, but every little bit helps.
Bill
--
INTERNET: bill(a)celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
bad economics will sink any economy no matter how much they believe this
time things are different. They aren't. -- Arthur Laffer
16 years, 7 months
[CentOS-es] Ayuda con SAMBA
by Mario Villela Larraza
hola amiguos tengo de nuevo problemas con mi servidor samba, ya esta
instalando y funcionando pero ahora mi problema es que no puedo
agregar un usuario con permisos tengo entrada a mis archivos pero como
invitado no puedo acceder con un usuario agregado ya con "smbuser"
tengo idea que el problema esta en el archivo de configuracion, lo
muestro aqui aver si aguien me puede ayudar con mi problema.
muchas gracias de antemano
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
# - When such options are commented with ";", the proposed setting
# differs from the default Samba behaviour
# - When commented with "#", the proposed setting is the default
# behaviour of Samba but the option is considered important
# enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.
# A well-established practice is to name the original file
# "smb.conf.master" and create the "real" config file with
# testparm -s smb.conf.master >smb.conf
# This minimizes the size of the really used smb.conf file
# which, according to the Samba Team, impacts performance
# However, use this with caution if your smb.conf file contains nested
# "include" statements. See Debian bug #483187 for a case
# where using a master file is not a good idea.
#
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = ARQUIS
# server string is the equivalent of the NT Description field
server string = Servidor De Archivos
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
# wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
; interfaces = 127.0.0.0/8 eth0
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
; bind interfaces only = yes
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000
# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
# syslog only = no
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
security = user
username map = /etc/samba/smbusers
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam
obey pam restrictions = yes
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan
<<kahan(a)informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user
########## Domains ###########
# Is this machine able to authenticate users. Both PDC and BDC
# must have this setting enabled. If you are the BDC you must
# change the 'domain master' setting to no
#
; domain logons = yes
#
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of the user's profile directory
# from the client point of view)
# The following required a [profiles] share to be setup on the
# samba server (see below)
; logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
# logon path = \\%N\%U\profile
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
# logon home = \\%N\%U
# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd
# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.
# The following assumes a "machines" group exists on the system
; add machine script = /usr/sbin/useradd -g machines -c "%u machine
account" -d /var/lib/samba -s /bin/false %u
# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
# load printers = yes
# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
# socket options = TCP_NODELAY
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
# Domain Master specifies Samba to be the Domain Master Browser. If this
# machine will be configured as a BDC (a secondary logon server), you
# must set this to 'no'; otherwise, the default behavior is recommended.
# domain master = auto
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
# The following was the default behaviour in sarge,
# but samba upstream reverted the default because it might induce
# performance issues in large organizations.
# See Debian bug #368251 for some of the consequences of *not*
# having this setting and smb.conf(5) for details.
; winbind enum groups = yes
; winbind enum users = yes
# Setup usershare options to enable non-root users to share folders
# with the net usershare command.
# Maximum number of usershare. 0 (default) means that usershare is disabled.
; usershare max shares = 100
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
#======================= Share Definitions =======================
# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
[homes]
comment = /home/mario/infra;
browseable = no
valid users = %S
writable = yes
# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
; read only = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
; create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
; directory mask = 0700
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server. Un-comment the following parameter
# to make sure that only "username" can connect to \\server\username
# This might need tweaking when using external authentication schemes
; valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
; share modes = no
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; read only = yes
; locking = no
; path = /cdrom
; guest ok = yes
# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
[Infra] comment = Directorio del servidor Infraestructura
path = /home/mario/infra
guest ok = no
read only = Yes
write list = administrador
directory mask = 0755
create mask = 0644
aparte cree un archivo donde registro los usuarios que pueden acceder
que se llama smbusers y este solo tiene el sigueiente texto
usuario_linux = "usuario_windows"
16 years, 4 months
Re: [CentOS] Connecting to a Novell Server
by Rob Lines
So it took a while to get a few days free to test this and work up our
internal documentation (thank you vmware)
Paul, your process was excellent. We were able to change a few things in
our environment because we are not using IPX for communication.
For our users the process has been condensed down to:
------
How do I access the Novell Servers?
Open a terminal window and su - root to get a root shell.
Go to the directory with the yum configuration files with cd
/etc/yum.repos.d and open the CentOS-Base.repo file.
Find the [update] section and add the line exclude=kernel kernel-smp to the
bottom of the entry.
Find the [centosplus] section and change the enabled=0 to enabled=1 and add
the line includepkg=kernel kernel-smp to the end of the entry.
Check what kernel type you are using. Run the command uname -r and look at
the end of the output for the tag smp
If there was no smp in the last output update the kernel with the command
yum update kernel. If the output had smp update the kernel with the command
yum update kernel-smp.
Download the IPX utils and NCPFS rpms. (We rebuild the two srpms once and
house them on an internal web server)
Install the rpms with the command rpm -i ipxutils-2.2.6-5.i386.rpm and rpm
-i ncpfs-2.2.6-5.i386.rpm
Reboot the machine so that it boots with the new kernel and log back in.
Make a directory in your home directory for the NW01 server with the command
mkdir nw01
To actualy connect to the novell servers use the following command ncpmount
-S NW01 -A x.x.x.x nw01 -U USERNAME.users.tree -P PASSWORD replace the
USERNAME and PASSWORD with your Novell username and password.
It will give no output if it completes sucessfuly. To check it go into the
nw01 folder with cd nw01 and list the files with ls it should display the
shares that you have access to on the main file server.
This command can be added to a script so that you do not have to type it
every time. Make a new file in your home directory called novell.sh with the
command touch novell.sh then open it in an editor. Add the following lines
to the file and make sure to replace the username and password with your
username and password
#!/bin/bash
ncpmount -S NW01 -A x.x.x.x nw01 -U USERNAME.users.tree -P PASSWORD
Now make the file exicutable by you and remove the permisions for anyone
else to read the file with the command chmod 700 novell.sh
Now you can just run your script novell.sh to connect to the novell servers.
-----
We did find that due to the use of the IP based servers that gtknw2
application would not properly mount those servers. The simple script above
does the same thing.
Paul, and everyone else thank you for the help.
Rob
On 1/27/07, Paul <subsolar(a)subsolar.com> wrote:
>
> On Fri, 2007-01-19 at 08:45 -0500, Rob Lines wrote:
> >
> >
> > On 1/18/07, Paul <subsolar(a)subsolar.com> wrote:
> > On Thu, 2007-01-18 at 11:50 -0500, Jay Lee wrote:
> > > Mike Fedyk wrote:
> > > > Rob Lines wrote:
> > > >> I am trying to connect our centos 4.4 machines to our
> > Novell Netware
> > > >> 5 servers.
> > > >>
> > > >> The goal is to allow the centos 4.4 clients to connect to
> > the server
> > > >> and access shared folders. We are not looking for a
> > single sign-on
> > > >> style solution just the ability to connect.
> > > >
> > > > Check into using ncpfs with centos. If not, then see if
> > netware can
> > > > serve to nfs or smb/cifs clients.
> > > ncpfs is only in the centosplus kernel I believe. I also
> > found it buggy
> > > and horribly slow.
> >
> > Yes, you need to be using the CentOS Plus kernel and build the
> > NCPFS
> > rpms from fedora so you can mount the volumes.
> >
> > It also does not hurt to have IPX enabled on Netware &
> > Linux ... we have
> > IPX enabled yet because we still use DOS and the old moldy 2.x
> > client
> > still seems to work best for our use.
> >
> > I can see if dig out the information on what I did for the one
> > C4
> > station I setup
> >
> > I definatly would like to see that info if you can find it.
> >
> > The one question that I do have is what effect the move to the CentOS
> > Plus kernel would have other than allowing us access to the ncpfs?
> > The users are power users that mostly maintain their own machines and
> > handle their own updates. What issues could come up by using the new
> > kernel rather than the base one?
> >
> > Thank you,
> > Rob
> >
>
> OK here is what I've done so far ...
>
> == Configure the CentOS Plus repository on the workstation ==
>
> Edit the /etc/yum.repo.d/CentOS-Base.repo file and make the following
> changes:
>
> Find the [update] section and add the following line:
> exclude=kernel kernel-smp
>
> Find the [centosplus] section and change
> enabled=0
> To
> enabled=1
> Then add the line
> includepkg=kernel kernel-smp
>
> Install the CentOS Plus kernel with the command "yum update kernel",
> once the new kernel is installed reboot the machine.
>
>
> == Compile and Install the networking utilities ==
>
> Download the ncpfs source RPM from the fedora core 6 repository
>
> Install the ncpfs source rpm and edit the following lines in the spec
> file
> change the line
> chmod 755 $RPM_BUILD_ROOT/usr/bin/ncpmount
> $RPM_BUILD_ROOT/usr/bin/ncpumount
> to
> chmod 4755 $RPM_BUILD_ROOT/usr/bin/ncpmount
> $RPM_BUILD_ROOT/usr/bin/ncpumount
>
> Build the actual RPMs using the command "rpmbuild –ba SPECS/ncpfs.spec"
> after which you will have ipxutils and ncpfs RPMs under the RPMS/i386
> directory.
>
> Install ipxutils & ncpfs RPMs built above
>
>
> == Enable IPX Networking on the System ==
>
> Edit /etc/sysconfig/network and add the following lines
> IPX=yes
> IPXAUTOPRIMARY=off
> IPXAUTOFRAME=off
> IPXINTERNALNODENUM=0
> IPXINTERNALNETNUM=0
>
> Edit /etc/sysconfig/networking/devices/ifcfg-eth0 and add the following
> lines:
> IPXACTIVE_802_2='yes'
> IPXPRIMARY_802_2='yes'
> IPXNETNUM_802_2='0xb0320002' (the netnum needs to be the correct one for
> the facility)
>
> Restart the networking subsystem with the "service network restart"
> command, and then test IPX connectivity by issuing the "slist" command.
> If the workstation has IPX connectivity you should receive a list of
> local servers.
>
>
> == Building and Installing GUI client for Novell Netware ==
>
> Download the source file gtknw2-0.3.tar.bz2 for gtknw2 from
> gtknw2.sourceforge.net and then untar the application with the command
> "tar jxvf gtknw2-0.3.tar.bz2".
>
> To build the application you will need the gtk2-devel package and it's
> requirements besides the compiler and usual requirements.
>
> To build the application, perform the following commands:
> cd gtknw2-0.3
> ./configure
> make
> su –c make install
>
> Keep an eye out for errors during the configure & make steps.
>
>
> == Configuring the GUI client to auto launch at login ==
>
> Login as the user you want the login front end to automatically launch
> for and go into "Applictions|Preferences|More Preferences|Sessions"
> configuration tool and click on the "Startup Programs" tab and
> add /usr/local/bin/gtknw2 to the startup program list.
>
>
> I still have not figured out how to have it automatically log out of
> netware when the user does ... anybody with suggestions I'm all ears.
>
> Paul
>
> _______________________________________________
> CentOS mailing list
> CentOS(a)centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
18 years, 11 months