How to Build LDAP SAMBA to Primary Domain Controller (PDC)

Step 1: DNS Service

A. Install

#cat /etc/hosts

    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    192.168.44.150             server.hbn.local              server
    127.0.0.1           localhost.localdomain                localhost
    ::1                     localhost6.localdomain6             localhost6

#yum install -y bind-chroot
#chmod 755 -R /var/named/
#cp /usr/share/doc/bind-*/sample/var/named/named.local /var/named/chroot/var/named/
#cp /usr/share/doc/bind-*/sample/var/named/named.root /var/named/chroot/var/named/
#cp /usr/share/doc/bind-*/sample/var/named/localhost.zone /var/named/chroot/var/named/
#touch /var/named/chroot/etc/named.conf
#chkconfig --level 35 named on
#service named start

B. Configuration

#vim /var/named/chroot/etc/named.conf

options {
        directory "/var/named";

        forwarders {203.162.0.181; 203.162.0.11; 210.245.0.11; 210.245.0.58; 208.67.222.222; 208.67.220.220; 8.8.8.8; 8.8.4.4;};
};

zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
};

zone "44.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.44.0.db";
};

zone "hbn.local" {
        type master;
        file "hbn.local";
};

 » save and quit

# cd /var/named/chroot/var/named/
#vim 192.168.44.0.db

$TTL    86400
@       IN      SOA     hbn.local. root.hbn.local.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
        IN      NS      ns1.hbn.local.
100           IN      PTR     dns.hbn.local.
250            IN        PTR        winxp.hbn.local.

#vim hbn.local
$TTL 14400
@       IN      SOA     root.hbn.local.      hostmaster.hbn.local. (
                                                2009102800
                                                14400
                                                3600
                                                1209600
                                                86400 )

       IN      NS      hbn.local.
       IN      NS      hbn.local.

ftp             IN      A       192.168.44.150
hbn.local.      IN      A       192.168.44.150
localhost       IN      A       127.0.0.1
mail            IN      A       192.168.44.150
pop             IN      A       192.168.44.150
smtp            IN      A       192.168.44.150
www             IN      A       192.168.44.150
dns             IN      A       192.168.44.150
ldap            IN      A       192.168.44.150
winxp           IN      A       192.168.44.250
hbn.local.      IN      MX      10 mail

hbn.local.    14400   IN      TXT     "v=spf1 a mx ip4:192.168.44.150 ~all"

# vim /etc/resolv.conf

search hbn.local
nameserver 192.168.44.150
nameserver 192.168.44.2

C. Test

# nslookup

> hbn.local 
Server:         192.168.44.150
Address:        192.168.44.150#53
Name:   hbn.local
Address: 192.168.44.150

> dns.hbn.local
Server:         192.168.44.150
Address:        192.168.44.150#53
Name:   dns.hbn.local
Address: 192.168.44.150

> winxp.hbn.local
Server:         192.168.44.150
Address:        192.168.44.150#53
Name:   winxp.hbn.local
Address: 192.168.44.250

> ldap.hbn.local
Server:         192.168.44.150
Address:        192.168.44.150#53
Name:   ldap.hbn.local
Address: 192.168.44.150

> exit

Step 2: PDC with LDAP - Samba

A. Install

Add Dag repository

#wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
#rpm --import RPM-GPG-KEY.dag.txt
#rm -f RPM-GPG-KEY.dag.txt
#vim /etc/yum.repos.d/dag.repo

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el5/en/$basearch/dag/
gpgcheck=1
enabled=0

#yum --enablerepo=dag install -y openldap openldap-clients openldap-devel openldap-servers openldap-clients compat-openldap python-ldap ldapjdk php-ldap nss_ldap samba samba-common samba-client perl-Crypt-SmbHash perl-Digest-SHA1 perl-Jcode perl-Unicode-Map perl-Unicode-Map8 perl-Unicode-MapUTF8 perl-Unicode-String smbldap-tools


#cp /usr/share/doc/samba-3.0.33/LDAP/samba.schema /etc/openldap/schema/
# cd /etc/openldap/
# vim slapd.conf

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema

» Allow LDAPv2 client connections.  This is NOT the default.

allow bind_v2

loglevel -1

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

#######################################################################
#                                 ldbm and/or bdb database definitions                             #
#######################################################################

» Indices to maintain for this database

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName     eq

database        bdb
suffix          "dc=hbn,dc=local"
rootdn          "cn=Manager,dc=hbn,dc=local"

rootpw          123456

# rootpw  {crypt}ijFYNcSNctBYg

directory       /var/lib/ldap

» Access control List information

access to attrs="userPassword,sambaLMPassword,sambaNTPassword"
        by selfwrite
        by anonymous auth
» users can authenticate and change their password

access to attrs="userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,
sambaPwdMustChange"
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=nssldap,ou=DSA,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by anonymous auth
        by self write
        by * none

» some attributes need to be readable anonymously so that 'id user' can answer correctly

access to attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by * read

» somme attributes can be writable by users themselves

access to attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by self write
        by * read

» some attributes need to be writable for samba

access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,
sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,
sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,
sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,
sambaMungedDial,sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,
sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,sambaGroupType,sambaNextRid,
sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,
sambaOptionName,sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,ou=DSA,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by self read
        by * none

» samba need to be able to create the samba domain account

access to dn.base="dc=hbn,dc=local"
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,ou=DSA,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by * none

» samba need to be able to create new users account

access to dn="ou=Users,dc=hbn,dc=local"
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,ou=DSA,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by * none

» samba need to be able to create new groups account

access to dn="ou=Groups,dc=hbn,dc=local"
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,ou=DSA,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by * none

» samba need to be able to create new computers account

access to dn="ou=Computers,dc=hbn,dc=local"
        by dn="cn=samba,ou=DSA,dc=hbn,dc=local" write
        by dn="cn=smbldap-tools,ou=DSA,dc=hbn,dc=local" write
        by dn="uid=root,ou=People,dc=hbn,dc=local" write
        by * none

access to *
        by self read
        by * none

» save and quit

#chmod 640 slapd.conf
# vim ldap.conf

BASE    dc=hbn, dc=local
URI ldap://127.0.0.1/
TLS_CACERTDIR /etc/openldap/cacerts

#cp DB_CONFIG.example /var/lib/ldap/
#cd /var/lib/ldap/
#mv DB_CONFIG.example DB_CONFIG

# /etc/init.d/ldap start
Checking configuration files for slapd:  config file testing succeeded
[  OK  ]
Starting slapd: [  OK  ]
# /etc/init.d/nscd start
Starting nscd: [  OK  ]
# chkconfig --level 35 nscd on

# setup

» run Authentication Configuration
» select Cache Information

Use LDAP
Use MD5 Passwords
Use Shadow Passwords
Use LDAP Authentication

» Press the Next button

don't select Use TLS option
Server: ldap://127.0.0.1/
Base DN: dc=hbn,dc=local

» Press OK and exit

# vim /etc/ldap.conf

host 127.0.0.1

base dc=hbn,dc=local

rootbinddn cn=manager,dc=hbn,dc=local

timelimit 120

bind_timelimit 120

idle_timelimit 3600

nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm

ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

#net getlocalsid
SID for domain SERVER is: S-1-5-21-3926925045-1584093657-3115473201

# vim /etc/ldap.secret
123456

# chmod 600 /etc/ldap.secret

smbldap-tools configuration

# cd /etc/smbldap-tools/

# vim smbldap_bind.conf

slaveDN="cn=Manager,dc=hbn,dc=local"
slavePw="123456"
masterDN="cn=Manager,dc=hbn,dc=local"
masterPw="123456"

# vim smbldap.conf

######################

# General Configuration   #

######################

SID="S-1-5-21-3926925045-1584093657-3115473201"
sambaDomain="hbn.local"

####################
# LDAP Configuration #
####################

slaveLDAP="127.0.0.1"

# Slave LDAP port
slavePort="389"

# Master LDAP server: needed for write operations
masterLDAP="127.0.0.1"

# Master LDAP port

masterPort="389"
suffix="dc=hbn,dc=local"
usersdn="ou=Users,${suffix}"
computersdn="ou=Computers,${suffix}"
groupsdn="ou=Groups,${suffix}"
idmapdn="ou=Idmap,${suffix}"
sambaUnixIdPooldn="sambaDomainName=hbn.local,${suffix}"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
ldapTLS="0"
and
userSmbHome="\\PDC-SRV\%U"
userProfile="\\PDC-SRV\profiles\%U"

                                                       ####################
                                                       #      Samba config      #
                                                       ####################
#vim /etc/samba/smb.conf

[global]
workgroup = hbn.local
netbios name = HBN
enable privileges = yes
#interfaces = 192.168.1.131
username map = /etc/samba/smbusers

server string = samba-ldap-pdc
security = user
encrypt passwords = Yes
admin users = root
#min passwd length = 3
obey pam restrictions = No

ldap passwd sync = Yes

log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000

#time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1

#guest account = root

logon script = logon.bat
logon drive =
logon home =
logon path =

domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes

passdb backend = ldapsam:ldap://127.0.0.1

ldap admin dn = cn=Manager,dc=hbn,dc=local

ldap suffix = dc=hbn,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
idmap backend = ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
#ldap ssl = start_tls
add user script = /usr/sbin/smbldap-useradd -a '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u''%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'

#logon script = STARTUP.BAT

[homes]

comment = Home Directories
valid users = %U
read only = No
create mask = 0664
directory mask = 0775
browseable = No

[profiles]

path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
valid users = %U @"Domain Admins"

[netlogon]
path = /home/samba/netlogon/
browseable = No
read only = yes

» save and quit
# mkdir /home/samba
# mkdir /home/samba/netlogon
# mkdir /home/samba/profiles
# chmod 1777 /home/samba/profiles 
#smbpasswd -w 123456

» Setting stored password for "cn=Manager,dc=hbn,dc=local" in secrets.tdb

# smbldap-populate

Populating LDAP directory for domain hbn.local (S-1-5-21-3926925045-1584093657-3115473201)
(using builtin directory structure)

adding new entry: dc=hbn,dc=local
adding new entry: ou=Users,dc=hbn,dc=local
adding new entry: ou=Groups,dc=hbn,dc=local
adding new entry: ou=Computers,dc=hbn,dc=local
adding new entry: ou=Idmap,dc=hbn,dc=local
adding new entry: uid=root,ou=Users,dc=hbn,dc=local
adding new entry: uid=nobody,ou=Users,dc=hbn,dc=local
adding new entry: cn=Domain Admins,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Domain Users,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Domain Guests,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Domain Computers,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Administrators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Account Operators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Print Operators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Backup Operators,ou=Groups,dc=hbn,dc=local
adding new entry: cn=Replicators,ou=Groups,dc=hbn,dc=local
adding new entry: sambaDomainName=hbn.local,dc=hbn,dc=local

Please provide a password for the domain root:
Changing UNIX and samba passwords for root
New password:
Retype new password:

# vim dsa.ldif

dn: ou=DSA,dc=hbn,dc=local
objectClass: top
objectClass: organizationalUnit
ou: DSA
description: security accounts for LDAP clients


dn: cn=samba,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: sambasecretpwd
cn: samba


dn: cn=nssldap,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: nssldapsecretpwd
cn: nssldap


dn: cn=smbtools,ou=DSA,dc=hbn,dc=local
objectclass: organizationalRole
objectClass: top
objectClass: simpleSecurityObject
userPassword: smbtoolssecretpwd
cn: smbtools

# ldapadd -x -h localhost -D "cn=Manager,dc=hbn,dc=local" -f dsa.ldif -W

Enter LDAP Password: 

adding new entry "ou=DSA,dc=hbn,dc=local"

adding new entry "cn=samba,ou=DSA,dc=hbn,dc=local"

adding new entry "cn=nssldap,ou=DSA,dc=hbn,dc=local"

adding new entry "cn=smbtools,ou=DSA,dc=hbn,dc=local"

#ldappasswd -x -h localhost -D "cn=Manager,dc=hbn,dc=local" -s password -W
cn=samba,ou=DSA,dc=hbn,dc=local

# /etc/init.d/smb start
Starting SMB services: [  OK  ]
Starting NMB services: [  OK  ]

Now create a samba user account for UNIX and SAMBA

# smbldap-useradd -a -m namhb
# smbldap-passwd namhb
Changing UNIX and samba passwords for namhb
New password:
Retype new password:

Now create a machine trust account
# smbldap-useradd -w winxp

How to create backup with Tar command

1. How to create tar backup

A simple shell script daily backup for /var :

 [linuxnews@localhost ~]# vim back

 

 #!/bin/bash

 #

 # Remember :

 # - create directory /backup : mkdir /backup

 # - to make the script executable : chmod +x back or chmod 700

 #

 # Test the script manually once : ./back

 #

 # Add it in the crontab

 DATEJOUR=$(date +"%Y-%m-%d-%H-%M-%S")

 REPABACKUPER="/var"

 REPBACKUP="/backup"

 NOMFIC=$REPBACKUP/_backup-$DATEJOUR.tgz

 tar czvf $NOMFIC $REPABACKUPER

 exit $?

 

[linuxnews@localhost ~]# mkdir /backup

[linuxnews@localhost ~]# cp back /bin  " i copied the script file to /bin"

[linuxnews@localhost ~]# crontab -e

15  18  *  *  *  /bin/back

daily backup for /var at 18:15 min

Note

“c”: stands for create.
“z”: make tar archive in a GZIP compressed file.
“v”: verbose option.
“f“: filename

• Create a tar in zip format with the file named as todays date/time, as root (or use sudo before the command for ubuntu and debian):

Example:

Now we create backup for the folder sqldb type :

[linuxnews@localhost ~]# ./back sqldb

» Check if the backup has been created successefely.

[linuxnews@localhost ~]# ll /backup

total 215

drwxr-xr-x. 2  linuxnews linuxnews 3020 2013-12-10 08:53 Public

drwxr-xr-x. 2  linuxnews linuxnews 1520 2013-12-10 10:27 html

drwxr-xr-x. 23 linuxnews linuxnews 5200 2013-12-25 08:57 sqldb_backup-2013-12-25-08-57-03

The find command allows you to find files matching specified criteria.For example we can know the list of changed

files from one day :

[linuxnews@localhost ~] # find / -mtime -1 -type f


2. How To Restore A Backup TAR file

To restore your backup, use the command :

 [linuxnews@localhost ~] # tar -zxvf sqldb_backup-2013-12-25-08-57-03.tgz

“x”:  option means stands for extract.

Back To  Linux AB News

RHCT / RHCSA Exam Notes

Installation and Configuration

■ Perform network OS installation
■ Implement a custom partitioning scheme
■ configure printing
■ configure the scheduling of tasks using cron and at
■ attach system to a network directory service LDAP
■ configure autofs
■ add and manage users, groups, and quotas
■ configure filesystem permissions for collaboration
■ install and update RPMs
■ properly update the kernel RPM
■ modify the system bootloader
■ implement software LVM at install-time and run-time
■ use /proc/sys and sysctl to modify and set kernel run-time parameters

Lab Setup on  Exam

Remember the Key points of Lab Configuration:

1. Lab Configuration is on 192.168.0.0/24 for example.com domain and 192.168.1.0/24
forcracker.org domain.
2. DHCP Server is configured.
3. DNS Server is 192.168.0.254
4. One NIS Server is configured rhce.com and server is 192.168.0.254
Before starting debug Exam Think!
In Debug Section All Questions a compulsory! You should finish these all questions
within a hour.


QUESTION NO : 1

Make Successfully Resolve to server1.example.com where DNS Server is
192.168.0.254.

Answer: 1

vi /etc/resolv.conf
Write : nameserver 192.168.0.254

Explanation : If you have multiple name server (DNS), you can append another line.
First Request goes to the First name server if not found then goes to second name server.
Then try to resolve the Server1.example.com by using host or dig command.
Eg: host server1.example.com
When we use the DNS client tool first it sends the request to the DNS
server specified in /etc/resolv.conf as a name server. If that DNS is not found then it
sends the request to the Root name Server. I will explain about the root Name server.

QUESTION NO : 2

You are new System Administrator and from now you are going to handle the
system and your main task is Network monitoring, Backup and Restore. But you
don’t know the root password. Change the root password to redhat and login in
default Runlevel.

Answer and Explanation:

When you Boot the System, it starts on default Runlevel specified in /etc/inittab:

Id:?:initdefault:

When System Successfully boot, it will ask for username and password. But you
don’t know the root’s password.

1. Restart the System.
2. You will get the boot loader GRUB screen.
3. Press a and type 1 or s for single mode
ro root=LABEL=/ rhgb queit 1
4. System will boot on Single User mode.
5. Use passwd command to change.
6. Set redhat password.
7. Press ctrl+d


QUESTION NO : 3

One Logical Volume named lv1 is created under vg0. The Initial Size of that Logical
Volume is 100MB. Now you required the size 500MB. Make successfully the size of
that Logical Volume 500M without losing any data. As well as size should be
increased online.

Answer : 2

1. Verify the size of Logical Volume:
  # lvdisplay /dev/vg0/lv1

2. Verify the Size on mounted directory:
 # df –h
or
# df –h mounted directory name

3. Use :
# lvextend –L+400M /dev/vg0/lv1

4. to bring extended
# resize2fs /dev/vg0/lv1

 LVM Concepts

Multiple Physical Disks belongs to physical group. Using multiple disks belongs to
physical group we can create on Volume group. Under that Volume Group we can
create multiple Logical Volume and only these Logical Volume we can use. As well
as we can increase and decrease the size of Logical Volume by using lvextend,
lvresize etc.

QUESTION NO : 4

Create one partitions having size 100MB and mount it on /data.

Answer and Explanation:

1. To create new partition.
# fdisk /dev/hda

2. Type "n" For New partitions

3. It will ask for Logical or Primary Partitions. Press "l" for logical.

4. It will ask for the Starting Cylinder: Use the Default by pressing Enter Key.

5. Type the Size: +100M  You can Specify either Last cylinder of Size here.

6. Press "P" to verify the partitions lists and remember the partitions name.

7. Press "w" to write on partitions table.

8. Either Reboot the System.

9. # mkdir /data

10. # vi /etc/fstab
Write:

/dev/hda? /data ext4 defaults 0 0

11. Verify by mounting on current Sessions also:

# mount /dev/hda? /data 

QUESTION NO : 5

 There are more then 400 Computers in your Office. You are appointed as a System
Administrator. But you don’t have Router. So, you are going to use your One Linux
Server as a Router. How will you enable IP packets forward?

Answer and Explanation:

1. /proc is the virtual filesystem, we use /proc to modify the kernel value at running
time. So For Current Session:

# echo “1” >/proc/sys/net/ipv4/ip_forward

2. /etc/sysctl.conf  when System Reboot on next time, /etc/rc.d/rc.sysinit scripts
reads the file /etc/sysctl.conf. So if you want to permanently set the IP forwarding
enable, You should set:
net.ipv4.ip_forward=1
Here 0 means disable, 1 means enable.

QUESTION NO : 6

There are two different networks, 192.168.0.0/24 and 192.168.1.0/24. Your System is
in 192.168.0.0/24 Network. One RHEL 4 Installed System is going to use as a
Router. All required configuration is already done on Linux Server. Where
192.168.0.254 and 192.168.1.254 IP Address are assigned on that Server. How will
make successfully ping to 192.168.1.0/24 Network’s Host?

Answer : 6

1. # vi /etc/sysconfig/network
GATEWAY=192.168.0.254

OR

# vi /etc/sysconf/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.0.?
NETMASK=255.255.255.0
GATEWAY=192.168.0.254

2. # service network restart

Explanation: Always packets go to default gateway if specified. First it search the
gateway assigned on interface name, then network global configuration file. The
System having IP Address 192.168.0.254, 192.168.1.254 is being used as Router so
we should set the gateway to that system .

QUESTION NO : 7

Make a swap partition having 100MB. Make Automatically Usable at System Boot
Time.

Answer and Explanation:

1. To create new partition use :
# fdisk /dev/hda
2. Type "n"  For New partition
3. It will ask for Logical or Primary Partitions. Press l for logical.
4. It will ask for the Starting Cylinder: Use the Default by pressing Enter Key.
5. Type the Size: +100M , you can Specify either Last cylinder of Size here.
6. Press "p" to verify the partitions lists and remember the partitions name.
Default System ID is 83 that means Linux Native.
7. Type "t" to change the System ID of partition.
8. Type Partition Number
9. Type 82 that means Linux Swap.
10. Press "w" to write on partitions table.
11. Either Reboot the System.
12. To create Swap File system on partition.
# mkswap /dev/hda?
13. To enable the Swap space from partition.
# swapon /dev/hda?
14. Verify Either Swap is enabled or not.
# free -m 
15. # vi /etc/fstab
/dev/hda? swap swap defaults 0 0
16. Reboot the System and verify that swap is automatically enabled or not.

QUESTION NO : 8

There is one partition named /dev/hda14 mounted on /data. The owner of /data is
root user and root group. And Permission is full to owner user, read and execute to
group member and no permission to others. Now you should give the full permission
to user user1 without changing pervious permission.

Answer and Explanation:

We know that every files /directories are owned by certain user and certain
group, And Permissions are defines to owner user, owner group and other.
-rwxr-x--- : Full permission to owner user, read and write to owner group and
no permission to others.

 According to question : We should give the full permission to user user1 without
changing the previous permission. With ACL (Access Control List) we can give certain permission to certain user and certain group
without changing previous permission. But that partition should mount using acl
option. Follow the steps
1. vi /etc/fstab
/dev/hda14 /data ext3 defaults,acl 0 0
2. # mount –o remount /data
3. # setfacl -m u:user1:rwx /data
4. Verify using: # getfacl /data

QUESTION NO : 9

One Logical Volume is created named as myvol under vo volume group and is
mounted. The Initial Size of that Logical Volume is 124MB. Make successfully that
the size of Logical Volume 245MB without losing any data. The size of logical
volume 240MB to 255MB will be acceptable.

Answer and Explanation:

1. First check the size of Logical Volume: # lvdisplay /dev/vo/myvol2. Increase the Size of Logical Volume: # lvextend -L+121M /dev/vo/myvol3. Make Available the size on online: # resize2fs /dev/vo/myvol4. Verify the Size of Logical Volume: # lvdisplay /dev/vo/myvol5. Verify that the size comes in online or not: # df -h

QUESTION NO : 10

Create the user named user1, user2, user3 and make them  to 'training' secondary group.

Answer and Explanation:

1. # groupadd training
2. # useradd -G training -u user1
3. # useradd -G training -u user2
4. # useradd -G training -u user3

QUESTION NO : 11

Change the Group Owner of /data to 'training' group and whenever user creates the file on /data make automatically owner group is training.

Answer and Explanation

There is one Special Permission SGID bit on Directory. Whenever you set the SGID
bit on directory,When users creates the file/directory automatically owner group
will be same as a parent.

1. # chgrp training /data
2. # chmod g+s /data

QUESTION NO : 12

Make sure on /data that only the owner user can removes files/directories.

Answer and Explanation:

By default user1 can remove user2’s files due to directory permission to group
member. We can prevent of deleting files from others users using Sticky Bits.

1. # chmod o+t /data
2. Verify /data: # ls -ld /data
You will get: drwxrwx-T

QUESTION NO : 13

One New Kernel is released named kernel-hugemem. Kernel is available on
ftp://server1.example.com under pub directory for anonymous. Install the Kernel
and make previous new kernel is default to boot System.

Answer and Explanation
1. # rpm -ivh ftp://server1.example.com/pub/kernel-hugemem-*
2. # vim /etc/grub.conf
Set the default to new kernel
default=0
Example of /etc/grub.conf

default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux ES (3.12.ELhugemem)
    root (hd0,0)
    kernel /vmlinuz-3.12.ELhugemem ro root=LABEL=/1 rhgb quiet
    initrd /initrd-3.12.ELhugemem.img
title Red Hat Enterprise Linux ES (2.6.9-5.EL)
    root (hd0,0)
    kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/1 rhgb quiet
    initrd /initrd-2.6.9-5.EL.img

rpm command is used to install, update and remove the rpm package. -ivh option is
install, verbose, and display the hash mark.

QUESTION NO : 14

Add a job on Cron for 'natasha' user  to display Hello World on every two Seconds.

Answer and Explanation

 # crontab -u natasha -e

*/2 * * * * /bin/echo “Hello World”

Note * means every. To execute the command on every two minutes */2.
To List the Cron Shedule: crontab –l
To Edit the Schedule: crontab –e
To Remove the Schedule: crontab –r

 QUESTION NO : 15

By Default Scheduling on Cron allowed to all users. Deny to all users except root to
run cron schedule.

Answer : 15

# vi /etc/cron.allow
root

QUESTION NO : 16 

Find the files owned by 'fabrice', and copy it to catalog: /opt/dir

Answer : 16

# mkdir -p /opt/dir

# find / -user harry ­exec cp ­rfp {} /opt/dir/ \;

QUESTION NO : 17

Find the rows that contain abcde from file /etc/testfile, and write it to the file/tmp/datatfile, and the sequenceis requested as the same as /etc/testfile.

Answer : 17

# grep "abcde" /etc/testfile > /tmp/datafile

QUESTION NO : 18

Configure the verification mode of your host account and the password as LDAP. And it can ldapuser40. the password is set as "password". And the certificate login successfully through

can be downloaded from http://ip/dir/ldap.crt. After the user logs on , the user has no host directory unless you configure the autofs in the following questions.

Answer : 18
 

# system-config-authentication

1. User Account Database: LDAP

2. LDAP Search Base DN: dc=example,dc=com

3. LDAP Server: ldap://instructor.example.com (In domain form, not write IP)

4. Download CA Certificate

5. Authentication Method: LDAP password

6. Apply

# getent passwd ldapuser40

QUESTION NO : 19

Configure autofs to make sure after login successfully, it has the home directory autofs, which is shared as /rhome/ldapuser40 at the ip: 172.24.40.10. and it also requires that, other ldap users can use the home directory normally.

Answer : 19

# chkconfig autofs on

# cd /etc/

# vim /etc/auto.master

/rhome /etc/auto.ldap

# cp auto.misc auto.ldap

# vim auto.ladp

ldapuser40 -rw 172.24.40.10:/rhome/ldapuser40

* -rw 172.16.40.10:/rhome/&

# service autofs stop

# server autofs start

# showmount ­e 172.24.40.10

# su - ladpuser40

QUESTION NO : 20

Configure the system synchronous as www.redhat.com.

Answer : 20

Graphical Interfaces:

System-->Administration-->Date & Time

OR

# system-config-date

+LinuxBBQ +Linux Mint +The Linux Foundation +Linux Journal +Linux