Friday, June 27, 2014

CentOS Samba 4 - Active Directory Domain Controller


With the recent stable release of Samba 4, it is possible to create a compatible Active Directory Domain Controller that runs on the Linux platform. Samba 4 has been in beta for years now, but with the stable release as of December 11, 2012 you should now have a compelling argument for implementing Samba into your enterprise IT network. Samba 4 is a complete re-working of the Samba code and to sum it up best is to simply quote from the Samba 4 website:
“Samba 4 is available for download via the Samba Website or from the Git repository. In short, you can join a Windows (all recent releases should be supported) machine to a Samba 4 domain, and it will behave much as it does in AD, including Kerberos domain logins where applicable. The official press release can be found on the Samba website.”

The Setup

For detailed information of configuring and setup of Samba 4 it is best to refer to the Samba4 HOWTO.
The following is how to setup and configure a basic Samba 4 domain controller running on CentOS 6.3 or 6.4. Once configured and installed, you can then administer Active Directory using Microsoft's Remote Server Administration Tools from a Windows XP, Vista, or 7 client that supports Active Directory. Note: your Windows client must be a Professional, Business or Ultimate edition.
This howto assumes you have the following:
  • functioning basic server running CentOS 6.3 or 6.4 x86_64 with root access
  • your CentOS server is using an IP address of 192.168.0.2 (change to your liking)
  • FQDN of 'samba.mydomain.com(change to your liking)
  • default gateway IP address: 192.168.0.1 (change to your network gateway)
  • a Windows XP, Vista or 7 client that supports Active Directory
  • disabled SELinux (disabled to reduce complications)
  • DNS forwarding IP address using OpenDNS: 208.67.222.222 (change to you liking)

Download and Installation

NOTE: All commands here are run as 'root' user. You do not need to be root for all commands (which is recommended) but for simplicity sake root will be used here to eliminate confusion.
1. Login as root and update your server
# yum update
2. Install the following packages required for installing and building Samba 4:
# yum install glibc glibc-devel gcc python* libacl-devel krb5-workstation krb5-libs pam_krb5
3. Query your rpm database to find any instances of older samba packages:
# rpm -qa | grep samba
4. If there are any older samba packages remove them with YUM:
# yum remove samba-winbind-client samba-common samba-client
5. Install git to dowload the latest Samba 4 version:
# yum install git-core
6. Use a directory of your choice and download the latest version of samba from git:
# git clone git://git.samba.org/samba.git samba-master
7. Reboot the server as a precaution so that all packages or kernel updates will be applied:
# shutdown -r now
8. Login again as root and then build samba:
# cd samba-master
# ./configure --enable-debug --enable-selftest
# make
9. If everything reports okay you can then install samba:
# make install
You should now have samba installed to '/usr/local/samba'.

Provision Samba 4

The provision step sets up a basic user database, and is used when you are setting up your Samba4 server in its own domain.
As root issue this command:
# /usr/local/samba/bin/samba-tool domain provision
The 'domain provision' tool should pick defaults for you automatically. Change to your configurations if necessary:
Realm [MYDOMAIN.COM]: Domain [MYDOMAIN]: (press Enter)
Server Role (dc, member, standalone) [dc]: (press Enter)
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: (press Enter)
DNS forwarder IP address (write 'none' to disable forwarding) [192.168.0.1]: 208.67.222.222
Administrator password: <your_secret_admin_password>
Retype password:
If above was successful, stdout should look similar to this:
Creating CN=MicrosoftDNS,CN=System,DC=mydomain,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: samba
NetBIOS Domain: MYDOMAIN
DNS Domain: mydomain.com
DOMAIN SID: S-1-5-xx-xxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx
NOTE: You may need to remove the '/usr/local/samba/etc/smb.conf' file if you are re-running the provision command. If you encounter any errors when running the provision command, you may need to install the necessary missing packages or fix errors and then run './configure', 'make' and 'make install' commands again as stated above. Remember to do a  'make clean' in the root of your 'samba-master' directory  before running 'make' again.
If the provision setup was successful reboot the server:
# shutdown -r now

Start Samba 4 AD DC

Start the samba daemon:
# /usr/local/samba/sbin/samba
If you would like Samba to start at boot, append the following to your '/etc/rc.d/rc.local' file:
/usr/local/samba/sbin/samba

Testing Samba as an Active Directory DC

Verify you are indeed running the correct version of Samba. Your version should start with version 4 (note: samba daemon must be running):
# /usr/local/samba/sbin/samba -V
Version 4.1.0pre1-GIT-c1fb37d
Verify you are running the correct samba-client version:
# /usr/local/samba/bin/smbclient --version
Version 4.1.0pre1-GIT-c1fb37d
Now run this command to list the shares on your Samba4 server:
# /usr/local/samba/bin/smbclient -L localhost -U%
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-c1fb37d] 

 Sharename       Type      Comment 
 ---------       ----      ------- 
 netlogon        Disk      
 sysvol          Disk      
 IPC$            IPC       IPC Service (Samba 4.1.0pre1-GIT-c1fb37d) 
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-c1fb37d] 

 Server               Comment 
 ---------            ------- 

 Workgroup            Master 
 ---------            -------

 

Configure DNS

You will need to edit your '/etc/resolv.conf' and '/etc/sysconfig/network-scripts/ifcfg-eth0' file so that Samba will use it's internal DNS correctly. If you specified a forwarding DNS server when you provisioned earlier, DNS should work correctly (you can verify this in /usr/local/samba/etc/smb.conf). Here is an example of my current '/usr/local/samba/etc/smb.conf' file:
# cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
netbios name = SAMBA
server role = active directory domain controller
dns forwarder = 208.67.222.222

[netlogon]
path = /usr/local/samba/var/locks/sysvol/mydomain.com/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
Edit your '/etc/resolv.conf' file to look like this:
# Generated by NetworkManager
domain mydomain.com
nameserver 192.168.0.2
Next you need to edit '/etc/sysconfig/network-scripts/ifcfg-eth0' so DNS is changed here also. It should look something like this:
DEVICE="eth0"
BOOTPROTO="none"
DEFROUTE="yes"
DNS1="192.168.0.2" #MUST CHANGE THIS TO YOUR HOST IP ADDRESS!!
GATEWAY="192.168.0.1"
HWADDR="86:C4:C1:0D:29:AD"
IPADDR="192.168.0.2"
IPV4_FAILURE_FATAL="yes"
IPV6INIT="no"
NAME="System eth0"
NM_CONTROLLED="yes"
ONBOOT="yes"
PREFIX="24"
TYPE="Ethernet"
Reboot the server for all network changes and DNS to take effect.


Testing DNS

Make sure that samba is running and then test to make sure that DNS is working properly. Run the following commands and compare the output to what is shown:
# host -t SRV _ldap._tcp.mydomain.com.
_ldap._tcp.mydomain.com has SRV record 0 100 389 samba.mydomain.com.

# host -t SRV _kerberos._udp.mydomain.com.
_kerberos._udp.mydomain.com has SRV record 0 100 88 samba.mydomain.com.

# host -t A samba.mydomain.com.
samba.mydomain.com has address 192.168.0.2
The answers you get should be similar to the ones above (adjusted for your DNS domain name and hostname). If you get any errors, carefully check your system logs and your '/etc/resolv.conf' and '/etc/sysconfig/network-scripts/ifcfg-eth0' files.

Disable Firewall (Optional)

To reduce the chances of problems you can completely disable the firewall on the Samba 4 server. Once you have successfully joined a Windows client to the domain you could then re-enable the firewall and configure IP Tables correctly.
To use the menu-based firewall utility, install this package:
# yum install system-config-firewall
Then issue this command for the menu-based firewall configuration:
# /usr/bin/system-config-firewall-tui
Disable the firewall and then reboot the server.

Configure Kerberos

In CentOS 6.3 or 6.4, kerberos is handled by the '/etc/krb5.conf' file. Make a backup copy of this original file, and then replace the existing file, if any, with the sample from /usr/local/samba/share/setup/krb5.conf.
# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
Edit the file and replace ${REALM} with the value you chose for the '--realm' parameter of the provision command earlier, make sure to enter the realm in uppercase letters. It should look something like this:
# cat /etc/krb5.conf
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true

Testing Kerberos

The simplest test is to use the 'kinit' command as follows:
# kinit administrator@MYDOMAIN.COM
Password for administrator@MYDOMAIN.COM:
Warning: Your password will expire in 41 days on Sun Feb 3 14:21:51 2013
NOTE: You must specify your domain realm MYDOMAIN.COM in uppercase letters!!
'kinit' will not give you any output. To verify that Kerberos is working, and that you received a ticket, run the following:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@MYDOMAIN.COM

Valid starting Expires Service principal
12/23/12 15:39:28 12/24/12 01:39:28 krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
renew until 12/24/12 15:39:19

NTP (Network Time Protocol)

Make sure that 'ntpd' is running and installed. If 'ntpd' is not installed you can install it with YUM:
# yum install ntp
Enable ntpd:
# /etc/init.d/ntpd start
Also, use the 'chkconfig' command to have ntpd run at boot:
# chkconfig ntpd on
NOTE: CORRECT TIME IS IMPORTANT FOR KERBEROS TO FUNCTION CORRECTLY. MAKE SURE NTPD IS RUNNING ON THE SAMBA SERVER AND THAT YOU SET THE WINDOWS CLIENT TO THE MOST ACCURATE TIME POSSIBLE! THE WINDOWS CLIENT TIME SHOULD BE SET TO THE EXACT TIME OF THE SAMBA 4 SERVER WITHIN A FEW SECONDS IF POSSIBLE.

Configure Windows Client to Join Domain

The following will describe how to add a Windows 7 client to the samba DC. For other versions of Windows the same principle should be the same.
To simplify and to limit errors with DHCP, we will assign a static IP address to our Windows 7 client NIC. Configure your network device as follows:
win7 client IP settings
Click 'OK' to save the changes.
Now bring up a command prompt in windows and ping the Samba DC:
ping 192.168.0.2
Verify that DNS is working correctly by pinging the FQDN:
ping samba.mydomain.com
If you get replies from both then this is a good sign and should mean that your Samba DC is functional. Also, you may need to reboot Windows for network settings to take effect.

Configure Date, Time and Time Zone on Windows Client

Active Directory uses Kerberos as the backend for authentication. Kerberos requires that the system clocks on the client and server be synchronized to within a few seconds of each other. If they are not synchronized, then authentication will fail for apparently no reason. Adjust your date, time and time zone accordingly on your Windows client to match your Samba 4 server.
Windows 7 Date and Time

 

Join Windows 7 Client to the Domain

1. Right-click 'My Computer' icon and choose 'Properties'
2. From the left-side pane click 'Advanced system settings'
3. Choose the 'Computer Name' tab and click 'Change...'
4. Select option 'Domain', and insert MYDOMAIN.COM. If this fails just try MYDOMAIN.
5. When it requests a username and password, type 'Administrator' as the username and then enter your password. (password = the password you used when you ran the 'samba-tool domain provision' command)
6. You should get a message box stating 'Welcome to the MYDOMAIN.COM domain'
7. Click OK on this message box and the Properties window, and you will then be instructed to restart your computer.
8. After restarting you should be presented with the normal login dialog. Click on 'Switch User' button.
9. Choose 'Other user' and then enter in the following:
Windows 7 domain login
Press 'Enter' or the arrow button.
10. You should then authenticate and then login to Windows.

Install Windows Remote Administration Tools

To install the GUI tools to manage the domain you must install the Remote Server Administration Tools. This will allow you easily manage the domain using Active Directory.
Windows 7
2. Follow the 'Install RSAT' instructions
3. Enable the necessary components in 'Control Panel -> Programs -> Turn Windows features on or off -> Remote Server Administration Tools'
4. You may need to add the Administrative Tools to your start menu. Right-click 'Start button' and select 'Properties -> Start Menu tab - Customize... -> System administrative tools - Display on the All Programs menu'

Managing Samba 4 AD DC from Windows 7 Client

This is beyond the scope of this article. For further information please refer to the Samba4 HOWTO

Configure the Firewall

Once you have been able to successfully have your windows clients attach to your Samba 4 DC, it is prudent to renable the firewall on your CentOS 6.3 Samba 4 DC. Simply run the firewall command again:
# /usr/bin/system-config-firewall-tui
Configure the firewall to have AT LEAST these ports open:
53, TCP & UDP (DNS)
88, TCP & UDP (Kerberos authentication)
135, TCP (MS RPC)
137, UDP (NetBIOS name service)
138, UDP (NetBIOS datagram service)
139, TCP (NetBIOS session service)
389, TCP & UDP (LDAP)
445, TCP (MS-DS AD)
464, TCP & UDP (Kerberos change/set password)
1024, TCP (AD?)

For RSAT tools and extras other ports may need to be opened. Microsoft has a list of the port required which you can find here: http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Tuesday, June 17, 2014

Create 70 connection at time from you machine to Server

@ echo off
color 35
echo +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
echo "Warring : Before starting this scripts"                                  +
echo "you must know about your current login user %homepath%"                +
echo "Server name or IP, Service port: edit scripts and"                       + 
echo "Replace username{vikas}"                                                 + 
echo "Server {smtp2.saharanect.in}"                                            +
echo "And service port"                                                        +
echo .                                                                         +
echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
pause
cls
color 8a
echo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
echo ^^^^^^^^^^^^^^^^^^^^^ WelCome To Vikas Scripts ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^+
echo "This scripts will create only 70 connection from this machine to server"        +
echo "If you need more connection start this scripts on another system"               +
echo "Why 70 only? you machine virtual port capacity"                                 +
echo "Please read "http://en.wikipedia.org/wiki/Ephemeral_port"                       +
echo "Press inter to start or Ctrl+C to stop & find tracking result in {Output.log_}" +
echo .                                                                                +
echo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
pause                                                                      

@echo off

c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
c:\Windows\System32\runas.exe /user:vikas  /savecred "telnet smtp2.saharanext.in 25" && echo "connection establist done"   >> output.log
echo on

Saturday, June 14, 2014

Red Hat Unveils Red Hat Enterprise Linux 7, Redefining the Enterprise Operating System


  • Red Hat further raises the bar for enterprise IT infrastructure - Red Hat Enterprise Linux 7 designed to meet both modern datacenter and next-generation IT requirements for cloud, Linux Containers, and big data
  • Now generally available, Red Hat Enterprise Linux 7 delivers a single platform for enterprises to realize the convergence of computing across the open hybrid cloud, from bare metal and virtual machines to the cloud
Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced the general availability of Red Hat Enterprise Linux 7, the latest major release of the company’s flagship platform. Red Hat Enterprise Linux 7 not only lays the foundation for the open hybrid cloud and serves enterprise workloads across converged infrastructures, but it also pushes the operating system beyond today’s position as a commodity platform. Built to meet modern datacenter demands along with next-generation IT requirements, Red Hat Enterprise Linux 7 powers the spectrum of enterprise IT, from application containers to cloud services.
Since its introduction more than a decade ago, Red Hat Enterprise Linux has become the world’s leading enterprise Linux platform, and it has set industry standards for performance, capacity, and security. Today, Red Hat Enterprise Linux is a leading force in the enterprise datacenter and in the cloud. More than 90 percent of 2013 Fortune 500 companies, along with organizations in nearly every industry and around the globe, rely on Red Hat Enterprise Linux.
Bare metal servers, virtual machines, Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) are converging to form a robust, powerful datacenter environment to meet constantly changing business needs. Answering the heterogeneous realities of modern enterprise IT, Red Hat Enterprise Linux 7 offers a cohesive, unified foundation that enables customers to balance modern demands while reaping the benefits of computing innovation, like Linux Containers and big data, across physical systems, virtual machines and the cloud – the open hybrid cloud.
Addressing Next-Generation IT Requirements
Enterprise IT does not exist in a static vacuum; technology is dynamic, with new innovations emerging almost daily, promising improved operational efficiencies as well as providing the ability to respond to radically-evolving business requirements. Red Hat Enterprise Linux 7 offers customers the agility and the flexibility to meet these new needs head-on without increasing complexity, from rapidly delivering new applications via secure, lightweight containers to scaling infrastructure to meet big data requirements with new and enhanced file systems. Key Red Hat Enterprise Linux 7 features to address next-generation IT needs include:
  • Enhanced application development, delivery, portability and isolation through Linux Containers, including Docker, across physical, virtual, and cloud deployments as well as development, test and production environments.
  • Significant file system improvements, including XFS as the default file system, scaling to 500 TB.
  • Cross-realm trust to easily enable secure access for Microsoft Active Directory users across Microsoft Windows and Red Hat Enterprise Linux domains, providing the flexibility for Red Hat Enterprise Linux to co-exist within heterogeneous datacenters.
  • Powerful and secure application runtimes and development, delivery and troubleshooting tools, integrated into the platform and container-ready.
Managing the Modern Datacenter
Beyond providing the capabilities to meet emerging IT innovation, Red Hat Enterprise Linux 7 also addresses today’s technology needs. With growing requests for complex systems, on-demand services and robust security, IT teams need more control, more clarity and more scalability without having to deploy dozens of specialized tools. Independent of deployment scale, scope or complexity, Red Hat Enterprise Linux 7 serves as not only a catalyst for enterprise innovation, but also delivers the military-grade security and the mission-critical reliability, as well as the performance, the features and the ease-of-use to efficiently “keep the lights on,” including:
  • Innovative infrastructure components like systemd, a leading standard for modernizing the management of processes, services, security and other resources.
  • Built-in performance profiles, tuning and instrumentation for optimized performance and easy scalability.
  • Unified management tooling and an industry-standard management framework with OpenLMI for streamlined administration and system configuration.
  • Enhanced application isolation and security applied via containerization to protect against both unintentional interference and malicious attacks.
Red Hat Enterprise Linux 7 Ecosystem
As with all of Red Hat’s enterprise open source solutions, Red Hat Enterprise Linux 7 is backed by Red Hat’s extensive global ecosystem of services and support. Read more about the global technology leaders that are rallying behind Red Hat Enterprise Linux 7.
Additionally, Red Hat Enterprise Linux 7 will be supported by Red Hat’s robust hands-on training and certification program, featuring classroom, virtual and on-site team courses. More details about the Red Hat Enterprise Linux 7 training and certification portfolio will be available soon.
Virtual Event and Press Webcast
Red Hat will host a virtual event - Redefining the Enterprise OS - to share more about Red Hat Enterprise Linux 7 today, beginning at 11 a.m. EDT. Following keynote remarks from Red Hat’s Paul Cormier, president, Products and Technologies; Tim Yeaton, senior vice president, Infrastructure Group; and Jim Totton, vice president and general manager, Platform Business Unit, press and analysts are invited to participate in a question and answer session.
To join the virtual event or view the replay after the event, visithttp://bit.ly/RHELpress.
Supporting Quotes
Paul Cormier, president, Products and Technologies, Red Hat
“Over the course of the last 12 years, Red Hat Enterprise Linux has helped disrupt and define modern enterprise computing. From the Fortune 500 and global stock exchanges to government agencies, web start-ups, and many of the world’s biggest clouds, Red Hat Enterprise Linux has set the standard for the enterprise operating system. With Red Hat Enterprise Linux 7, we’re raising the bar again and bringing the next-generation of IT to customers. As the worlds of physical, virtual and cloud systems converge, Red Hat is delivering a true open hybrid cloud platform that gives both ISVs and applications a consistent runtime platform across bare metal systems, virtual machines, and public and private clouds. This will be essential as applications move from on-premises to the cloud.”
Jay Lyman, senior analyst, 451 Research
"Red Hat Enterprise Linux 7 helps to introduce newer technology, such as Linux Containers and related Docker software, to large enterprise environments along with the stability and certifications that enterprises demand. This is critical given the growing number of organizations mixing new technology and methodology – such as cloud, agile and DevOps approaches – with their existing infrastructure, processes and governance."
Richard Fichera blog post,Red Hat Releases Red Hat Enterprise Linux 7 - Linux Continues its March to the Top
Forrester Research, Inc., June 2014

"Linux has continued to mature nicely as both a foundation for large scale-out clouds as well as a strong contender for the kind of enterprise workloads that previously were only comfortable on either RISC/UNIX systems or large Microsoft Server systems."
Mark Driver, vice president and research director, Gartner1
"By 2015, Gartner believes that at least 95% of all mainstream IT organizations will leverage some element of OSS --- directly or indirectly --- within their mission-critical IT solutions."
Al Gillen, program vice president, Servers and System Software, IDC
“Red Hat has systematically grown the capabilities and value proposition of Red Hat Enterprise Linux with each new release. Red Hat Enterprise Linux 7 is no exception, and layers features and support for Linux Containers on top of an operating system that has seen major virtualization and cloud enhancements in the past two years. The addition of cross-realm trust with Active Directory is a pragmatic move, especially given the widespread use of Active Directory as a primary identity store."
Laurent Lachal, senior analyst, Ovum
"Owing to its position as the largest and most important open source technology provider and promoter, Red Hat punches above its weight against much larger incumbents. Enterprises have now accepted Red Hat Enterprise Linux as a mainstream enterprise OS. They want to understand how it will evolve not just on its own but also in a broader virtualized and cloudified data center context as well as in a public cloud context."
Munjeet Singh, principal, Digital Platform Infrastructure, Booz Allen Hamilton
“At Booz Allen Hamilton, we view Red Hat Enterprise Linux 7 as a foundational component for modern cloud infrastructure. We are pleased to see Red Hat positioning Red Hat Enterprise Linux 7 for the future of cloud consumption such as DevOps and PaaS, particularly with the integration of Docker and Linux container elements in Red Hat Enterprise Linux 7. Like Red Hat, we look to containerized applications as the evolution of application delivery.”
Vinod Kutty, senior director, Enterprise Server Platforms, CME Group
"We want to get into a faster pace of adopting upstream features, and Red Hat Enterprise Linux 7 brings us capabilities that we are very interested in, like containers and Docker. Additionally, we support both Linux and Windows, so we are interested in cross-platform support and interoperability within Red Hat Enterprise Linux 7. We've been with Red Hat for the last 10 years because they have provided value, and we expect that relationship to continue with Red Hat Enterprise Linux 7.”
Masahiko Iwata, general manager, NTT Open Source Software Center, Nippon Telegraph and Telephone Corp.
“Red Hat Enterprise Linux provides the robust platform upon which a substantial number of NTT Group's services, ranging from our core communication business to the cloud, and supporting IT infrastructure have been built. We believe that open source is an engine of innovation that brings the best minds and companies together to create exciting new software and services. Red Hat Enterprise Linux 7 is the crystallization of four years' worth of such collaborative efforts across all the stack into an enterprise-class distribution, which we view as a rock-solid foundation for new services in the cloud era.”
Chris Wojdak, senior architect, Symcor
"Because of our position with the financial processing industry, user and identity control across a wide range of systems is very important to us and our customers. Red Hat Enterprise Linux 7 will provide us with a cost effective and easy to use Corporate Wide Identity management solution, substantially reducing the time it takes to secure and administer our Hadoop cluster, SSO platforms, databases and Red Hat Enterprise Linux logins, among other systems."

Wednesday, June 4, 2014

Installing Samba4 As An Active Directory Domain Controller On CentOS 6



With the last version of samba 4 comes with Active directory logon and administration protocols, including typical active directory support and full interoperability with Microsoft Active Directory servers. This is possible with the combination of a LDAP directory, kerberos authentication, BIND DNS server and the remote procedure calls RPC.

When running as an Active Directory DC, you only need to run 'samba' (not smbd/nmbd/winbindd), as the required services are co-coordinated by this master binary. The tool to administer the Active Directory services is called 'samba-tool'.

I have a CentOS 6 x86_64 Minimal install. This post covers the initial installation and configuration of samba 4 as Active Directory domain controller on Centos 6 using BIND 9 as DNS backend and NTP server used by the clients.

1) Disable SELinux
[root@ad ~]# vi /etc/sysconfig/selinux
             selinux=disabled

 2) Install the pre-requisites (or dependencies) for Samba 4 installation
[root@ad ~]# yum -y install wget gcc make wget python-devel gnutls-devel openssl-devel libacl-devel krb5-server krb5-libs krb5-workstation bind bind-libs bind-utils ntp

3) Configure NTP to use the local time server
[root@ad ~]# vi /etc/ntp.conf
Comment line numbers 22,23,24 and uncomment the below lines in the configuration file
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10


4) Download and compile Samba 4 from the following link
[root@ad ~]# wget ftp://ftp.samba.org/pub/samba/samba-4.1.0.tar.gz
[root@ad ~]# tar -xvzf samba-4.1.0.tar.gz
[root@ad ~]# cd samba-4.1.0
[root@ad samba-4.1.0]# ./configure --enable-selftest --enable-debug
[root@ad samba-4.1.0]# make
[root@ad samba-4.1.0]# make install

5) Configuring Samba 4 to be a domain controller using samba-tool command
[root@ad ~]# /usr/local/samba/bin/samba-tool domain provision
Realm [ITGURUINDIA.COM]: ITGURUINDIA.COM       (All Caps) 
Domain [ITGURUINDIA]:
Server Role (dc, member, standalone) [dc]:
DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: BIND9_DLZ
DNS forwarder IP address (write 'none' to disable forwarding) [192.168.124.252]: none
Administrator password: secret!1234
Retype password: secret!1234
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=itguruindia,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=itguruindia,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              ad
NetBIOS Domain:        ITGURUINDIA
DNS Domain:            itguruindia.com
DOMAIN SID:            S-1-5-21-3335388306-1463729434-941727365


6) Configuring BIND as Samba Active Directory backend
Note: Bind must be installed on the same machine as Samba 4 is installed.
The dns backend BIND9_DLZ uses Samba 4 AD to store zone information
[root@ad ~]# rndc-confgen -a -r /dev/urandom
wrote key file "/etc/rndc.key"


A DNS keytab file was automatically created during provisioning/updating. Add the following' tkey-gssapi-keytab' option to the 'options' section of named.conf file. 
[root@ad ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.1.100; };
allow-query { any; };
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
include "/usr/local/samba/private/named.conf";
include "/etc/rndc.key";


6) Change the resolv.conf file to the IP address of Samba server
[root@ad ~]# vim /etc/resolv.conf
domain Iitguruindia.com
nameserver 192.168.1.100

7) Configure the kerberos configuration file as below
[root@ad ~]# cp /usr/local/samba/share/setup/krb5.conf /etc/krb5.conf
[root@ad ~]# vim /etc/krb5.conf
[libdefaults]
        default_realm = ITGURUINDIA.COM    (All Caps)
        dns_lookup_realm = false
        dns_lookup_kdc = true


8) Set the permissions for named on the below files
[root@ad ~]# chgrp named /etc/krb5.conf
[root@ad ~]# chown named:named /usr/local/samba/private/dns 
[root@ad ~]# chown named:named /usr/local/samba/private/dns.keytab
[root@ad ~]# chmod 775 /usr/local/samba/private/dns

9) Configuring the Samba 4 init.d script and set permissions to it.
[root@ad ~]# vim /etc/init.d/samba4
#! /bin/bash
#
# samba4 Bring up/down samba4 service
#
# chkconfig: - 90 10
# description: Activates/Deactivates all samba4 interfaces configured to
# start at boot time.
#
### BEGIN INIT INFO
# Provides:
# Should-Start:
# Short-Description: Bring up/down samba4
# Description: Bring up/down samba4
### END INIT INFO
# Source function library.
. /etc/init.d/functions

if [ -f /etc/sysconfig/samba4 ]; then
. /etc/sysconfig/samba4
fi

CWD=$(pwd)
prog="samba4"

start() {
# Attach irda device
echo -n $"Starting $prog: "
/usr/local/samba/sbin/samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then success $"samba4 startup"; else failure $"samba4 startup"; fi
echo
}
stop() {
# Stop service.
echo -n $"Shutting down $prog: "
killall samba
sleep 2
if ps ax | grep -v "grep" | grep -q /samba/sbin/samba ; then failure $"samba4 shutdown"; else success $"samba4 shutdown"; fi
echo
}
status() {
/usr/local/samba/sbin/samba --show-build
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status irattach
;;
restart|reload)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac

exit 0


[root@ad ~]# chmod 755 /etc/init.d/samba4

10) Configure  the services to start at boot and start the below services.
[root@ad ~]# chkconfig ntpd on
[root@ad ~]# chkconfig named on
[root@ad ~]# chkconfig samba4 on
[root@ad ~]# service ntpd start
[root@ad ~]# service named on
[root@ad ~]# service samba4 on

11) If iptables is enabled then the below ports need to allowed through firewall.
[root@ad ~]# iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 53 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 123 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 135 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 138 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 389 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 88 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 139 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 389 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 445 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 464 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 636 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 1024:1032 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 3268 -j ACCEPT
[root@ad ~]# iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 3269 -j ACCEPT

[root@ad ~]# service iptables save

12) Reboot the system to check services are working after reboot are not.
[root@ad ~]# reboot

13) Join a Windows PC to this domain controller 

14) Troubleshooting incase debugging dynamic DNS updates are not working
[root@ad ~]# /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names

15) Port numbers used in iptables and their use.
53 - UDP - DNS (Domain Naming System)
123 - UDP - NTP (Network Time Protocol)
135 - UDP - RPC (Remote Procedure Calls)
138 - UDP - NetBIOS Logon
389 - UDP - LDAP UDP (LightWeight Directory Access Protocol)
88 - TCP - Kerberos 
139 - TCP - NetBIOS Session
389 - TCP - LDAP TCP (LightWeight Directory Access Protocol)
445 - TCP - SMB CIFS (Server Message Block / Common Internet File System)
464 - TCP - Kerberos Password Management 
636 - TCP - LDAP SSL (LightWeight Directory Access Protocol)
3268 - TCP - LDAP Global Catalog 
3269 - TCP - LDAP Global Catalog SSL

Saturday, May 31, 2014

create repo-metadata.sh



 

 create-repo-metadata.sh

 
#!/bin/sh

# This is for Redhat 64 bit versions of Linux with `createrepo` installed. If you
# do not have createrepo, you can install it with:
# yum install -y createrepo

# Change DESTDIR path to RPMS directory of your repo
DESTDIR="/var/www/repo/rhel/6"

for ARCH in x86_64
do
    pushd ${DESTDIR}/${ARCH} >/dev/null 2>&1
        createrepo .
    popd >/dev/null 2>&1
done

how to create an rpm-repository.sh

how-to-create-an-rpm-repository.s 

 
# How to create an RPM repository

# This is for Redhat 64 bit versions of Linux. You can create your own RPM repository # to host your custom RPM packages.
#
# See "How to create an RPM from source with spec file" for more information.
# https://gist.github.com/1376973

# Step: 1
# Install createrepo

yum install -y createrepo

# Step: 2
# Create repo directories for hosting your rpms.
#
# Create your repository inside your base directory. You will also need some rpms for
# your repo. For this example, I am using RHEL6 and /var/www/repo as base directory.

mkdir -p /var/www/repo/rhel/6/{SRPMS,x86_64}

# Step: 3
# Create `create-repo-metadata` executable file
# 
# Use the `create-repo-metadata` command, which can create by downloading a shell
# script and making it an executable file. Make sure this file is in a directory in
# your $PATH. Run the command `echo $PATH` to list them. Install in /usr/local/bin
#
# IMPORTANT: In the script above, replace the path in 'DESTDIR' with:
# /var/www/repo/rhel/6

curl http://bit.ly/sZpx8f > /usr/local/bin/create-repo-metadata
chmod +x /usr/local/bin/create-repo-metadata

# Step: 4
# Create the repository metadata
#
# After creating the metadata, your repository will be ready for use

create-repo-metadata

# Tip!
#
# If you have made this repo publicly available, others can use this yum repo config
# file to update their own systems.
#
# Run `vi /etc/yum.repos.d/my.repo` to create the file

[myrepo]
name=My Repository
baseurl=http://mywebsite.com/rhel/6/$basesearch
enabled=1

# Then simply run `yum update` to install the rpms.

yum update

How To Configure Static IP On CentOS 6

  Linux Static IP

## Configure eth0
#
# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT=yes
HWADDR=A4:BA:DB:37:F1:04
TYPE=Ethernet
BOOTPROTO=static
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
IPADDR=192.168.1.44
NETMASK=255.255.255.0


## Configure Default Gateway
#
# vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=centos6
GATEWAY=192.168.1.1


## Restart Network Interface
#

/etc/init.d/network restart

## Configure DNS Server
#
# vi /etc/resolv.conf

nameserver 8.8.8.8      # Replace with your nameserver ip
nameserver 192.168.1.1  # Replace with your nameserver ip