Configure SSSD & PAM for Client Authentication

Configure SSSD & PAM for Client Authentication.

Note:- The configuration of file is configured according to my network. You have to configure according to you.

1. install the sssd
    apt-get install sssd*

2. go to /etc/sssd
  create here file named sssd.conf
  edit the file

3. change the permission of sssd.conf file to 0600



4. After that make  mkhomedir to create the user home directory when login into the system.
    path is /usr/share/pam-config/mkhomedir

5. After configuration done restart the service of sssd and update the pam.

systemctl restart sssd
And update the PAM
pam-auth-update

    systemctl status sssd

Read More

Configure a Secure FTP Server Open Source

Very Secure FTP Server (VSFTPD)

FTP is a file transfer protocol  which is use to:-

                                           Upload the file & Folder

                      Download the file & Folder

 vsftp  Service Deamon is vsftpd

3 A’s Base Security

Authenction

Ip based Authentication using TCP wrapper or IPtables

Autherization

Upload Anonymous

Access FTP by local user

Local user uploading & Downloading

Auditing

Log Message  xfer_log message and all other logs

/var/log/xfer_log

Configuration file is  /etc/vsftpd/vsftpd.conf

To check the port number of services /etc/services

Mode of FTP

 Command Mode <Control Mode>

 Data transfer mode

Port 21 and 20

21 is use for connection establishment <Client Request on this port>

20 is use for uploading & downloading

Find the command location of vsftpd

/use/sbin/vsftpd

Note:- Anonymous  Bydefault can download file but not upload

#ldd vsftpd     ------ to check the library of service

vim /etc/hosts.allow --- allow host list
Syntax of content inside the file

Vsftpd: ALL         (if allow all the user)

VSFTPD: 172.16.0.1   (To allow a particular userIP )

Vim /etc/hosts.deny

To  deny the user or network create entry here.

Security Mechanism:-

 PAM

 IPtables

 Cryptography

 Selinux

 TCP Wraper

TCP Wraper:-

Its apply on libwrap.so library file only.

Its work on application layer

Supporting file is /etc/hosts.allow

/etc/hosts.deny

Installation of VSFTPD:-

Yum install vsftpd

Service vsftpd start

#getsebool –a | grep ftp

To check the selinux boolan to on the home directory of user and uploading enable for anonymous user.

If you want to enable home directory for user:-

Setsebool –P (p is here to permanent on) ftp_home_dir on

# vim /etc/vsftpd/vsftpd.conf

configure here server

On Clients

# ftp ip of ftp ser

To connect the server after enter here user and its password.

ftp> get <file name>   Download the file

ftp> put <file name>   Uploading the file.

ftp> mget file1 file2  Download multiple file.

ftp> bye Exit from ftp.

Check the port service of vsftpd running or not.

Netstat –tulpn

Tcp udp list port number

# vim /etc/vsftpd/chroot_list

Create here entry of those user who have restricting for change the directory in FTP mode.

# vim /etc/vsftpd/ftpusers

Create here entry of those users who have deny to login in the FTP

# vim /etc/vsftpd/user_list

If in /etc/vsftpd/vsftpd.conf

Userlist_deny = no

Userlist_enable = yes

Create here entry of those user you have to login access in FTP.

# vim /etc/initd/vsftpd

Execute the scripts of vsftpd.

Read More

Join Member Debian Client In Samba Domain Controller

How to join a member of Debian clients into Samba Domain Controller.

Pre-Requirement
1. First of All check the date of client machine. Or install NTP client to match the correct date & time     between server & client.

2. Give a host name to client machine. Path is /etc/hostname

3. Check your resolv.conf file for  DNS entry. Path is /etc/resolv.conf egg:-

4. Check the connectivity between server and client machine.

5. You must have a account with admin access to join the client into domain.

6. Your Kerberos configuration must be configured according to your DC.
    To configure the Kerberos:-
    create a file in vim /etc/krb5.conf

edit file change realm name and kdc  server name according to your domain.
save the file and exit


7. Install samba (client) package

     apt-get install samba

       Defaults configuration file is under /etc/samba/
8. Rename your /etc/samba/smb.conf file to smb.conf.org

9. now create a new file smb.conf
    edit the file

      save the file and exit

10. Now we are ready to join the system into domain

    net ads join -U username
    provide the password for user.

System is join as a client of samba domain controller.
To check is system into domain or not. just see the krb5.keytab file in /etc/ or check the ID of any of domain user.

Samba service status

systemctl status smbd

Read More

Ldap Authentication for Owncloud

Configure own cloud to access with centralized  ldap authentication. You can say it accessing own cloud with domain authentication. Or how to access ldap with Single sign on.

First of all login into your own cloud console with admin privileges account:-

After logged in expend near your name. and click on admin.

this is the admin panel for own cloud here you can setup security for your server and file sharing document path  cron setting and email server configuration etc.. click on LDAP

Click  on server tab. Provide here ldap url and ldapuser details with password. Port Number 389.

below is users details. user must be a  posixAccount.

Here is the user attributes you can manage it according to you. how you want to find user by own cloud.

Here is group management setting.

In advance setting Here is the replica for your own cloud. how you want to backup your own cloud server.

Thanks.

Read More

OpenVPN Client Configuration in Linux

OpenVPN installation and configuration on Ubuntu

1.     sudo apt-get update

2.     sudo apt-get install network-manager-openvpn

3.     Click on network manager -> vpn connections-->configure vpn

4.     Click on the Add button

5.     Choose openvpn and click on create.

6.     Follow the steps given in figure below:'

1          7.   Put Domain name in IPv4 settings> additional search domains.

1              8. Click on vpn name you just created and you will connect to vpn.

                9.  Check by ifconfig command you will get a more entry with tun0.

Read More

How to Extend & Reduce the LVM

The need of LVM extend is when we require extra disk space to store the raw data.
First we have to provide the storage or extra hardware to volume group.


Extend the Volume Group :-

# vgextend <vg name> <new pv>

# vgdisplay

Extend the LV size:-

# lvextend –size +1G /dev/vgname/lvname

extend the label size

# lvextend -l +<Label Amount> /dev/vgname/lvname

# resize2fs –f /dev/vgname/lvname

# lvdisplay

#df -h

Reduce the size of LVM
If you have extra space in LV and you don't want to pay extra money for your extra storage you can remove or reduce the extra space.

Follow the bellow mention steep:-

#umount /directoryname

# e2cfsck –f /dev/vgname/lvname

# resize2fs –f /dev/vgname/lvname  1G <Size you want to reduce>

# lvreduce –size 1G /dev/vgname/lvname    or

# lvreduce -l <label amount> /dev/vgname/lvname

# mount  /dev/vgname/lvname /mountDIR

Removing the LV, VG, PV

First umount the mounting directory

#umount <lv path> <mountDIR>

# lvremove <lv name>

# vgremove <vg name>

# pvremove <pv name>

Read More

Installation & Configuration LVM in Centos 7

LVM (Logical Volume Manager)

It is a software which install by default when you install Linux.  LVM use to allocate disks, mirroring striping and resizing the logical volumes. LVM physical volume placed on block device which have two or more hard disk.

It’s a storage management system that manage the disk space for file system and data. Most important feature is that you can easily create resize and delete LVM partition without reboot the system.

We have three main thing to implement the LVM as shown in below diagram:-

Physical Volume (PV)

Adding new Hardware is called physical volume.  Mean you adding a new disk storage.

Volume Group (VG)

Collection of Physical volume is called volume group.

Logical Volume (LV)

The space of volume group which is used to store the data called logical volume.

Implement the Logical Volume

Fisrt of all you have to create a partition with 8e type which define the LVM.

# fdisk /dev/sda

Press n for new partition now give here size according to your requirement.

Partition type 8e. press w for save.

# partproble /dev/sda

# pvcreate  /dev/sda1 /dev/sda2

# pvdisplay

#vgcreate vgname /dev/sda1

# vgdisplay

# lvcreate –size +10G –n <lv name>  < vg name>

You can use here another command also which define the label size

# lvcreate -l +<Lavel Value> -n <lv name> <vg name>

# lvdisplay

#df -h

to check the size of new logical volume

After that create format the LV to use.

# mkfs.ext4 /dev/vgname/lvname 

After that mount LV with a existing directory

# mount /dev/vgname/lvname /mountDIR

# mount 

to check the mount 

For More about LVM please see on next post.

For Video of LVM please see on https://www.youtube.com/channel/UCdgKsGClT_D4A7he99JbfZg

Read More