Category Archives: Poslužitelji

Dodavanje novog diska bez restarta server-a

Ukoliko imate računalo u virtualnoj okolini i dodate novi disk na server, nije potrebno restartati server kako bi vaš operativni sustav vidio disk. Dovoljno je napraviti svega par koraka:

echo "- - -" > /sys/class/scsi_host/host#/scan
fdisk -l
tail -f /var/log/message

Zamjenite host# sa pravom vrijednosti , popis hostova možete vidjeti sa:

ls /sys/class/scsi_host

Zadnji korak je napraviti particiju i formatirati je.

Instalacija Subversion 1.7 na Debian Squeeze sa Apt-Get

Ukoliko želite koristiti zadnju službenu inčicu Subversion, preporuka je svakako koristiti pakete sa WanDisco web stranice.

1. Dodati liniju  u datoteku /etc/apt/sources.list

deb http://opensource.wandisco.com/debian squeeze svn17

2. Preuzeti GPG ključ i dodati u apt:

cd ~
wget http://opensource.wandisco.com/wandisco-debian.gpg
apt-key add wandisco-debian.gpg

3. Ažuritati repositorij i instalacija:

apt-get update
apt-get install subversion

 

 

Dodavanje novog diska bez restarta virtualke (vmware)

1. Prvo ponovo skenirajte SCSI Bus:

echo “- – -” > /sys/class/scsi_host/host#/scan
fdisk -l
tail -f /var/log/message

host# – zamjenite sa diskom kojeg želite skenirati, pregled svih dostupnih diskova možete pogledati sa:

ls /sys/class/scsi_host

2. Dodavanje diska:

echo “scsi add-single-device <H> <B> <T> <L>” > /proc/scsi/scsi

Primjer(dodati /dev/sdc , host # 0, bus # 0, target # 2, and LUN # 0):

 echo “scsi add-single-device 0 0 2 0″>/proc/scsi/scsi
fdisk -l
cat /proc/scsi/scsi

3. Potrebno formatirati dodjeljen disk, u našem primjeru  formatirat ćemo swap fs (sa fdiskom napravi se particija tipa swap).

fdisk /dev/sdc
mkswap -f /dev/sdc1

4. Deaktiviranje aktivnog swap-a:

swapoff -a

5. Urediti /etc/fstab :

/dev/sdc1        swap    swap    defaults    0    0

6. Aktivirati swap:

swapon -a

 

Prijava domenskih korisnika (Active Directory) na Debian-a

1. Uvod

U ovom kratkom primjeru demonstrirat ćemo kako pridružiti Debian na Windows Active Directory domain.

Koje pakete koristim:
Debian squeeze
samba 3.5.6
winbind 3.5.6
krb5-config 2.2
krb5-user 1.8.3

192.168.0.100 – Windows AD Server
192.168.0.200 – Debian server
MOJA.DOMENA – moja domena

2. Instalacija upravljačkih programa:

1
 aptitude install libkrb53 krb5-config krb5-user samba winbind ntpdate ntp

3. Poslje instalacije zaustavite servise:

1
2
3
/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/ntp stop

4. Podešavanje Kerberos-a:

Active Directory koristi Kerberos protokol za svoje upite. Potreno je ažurirati datoteku /etc/krb5.conf.

Prva stvar koju trebate podesiti je  Kerberos realm od vaše domene.

Primjer postavki:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
[libdefaults]
    default_realm = MOJA.DOMENA

# The following krb5.conf variables are only for MIT Kerberos.
    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

#   default_tgs_enctypes = des3-hmac-sha1
#   default_tkt_enctypes = des3-hmac-sha1
#   permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
    v4_instance_resolve = false
    v4_name_convert = {
        host = {
            rcmd = host
            ftp = ftp
        }
        plain = {
            something = something-else
        }
    }
    fcc-mit-ticketflags = true
    dns_lookup_realm = false
    dns_lookup_kdc = false

[realms]
    MOJA.DOMENA = {
        kdc = 192.168.0.100
        admin_server = 192.168.0.100
    }

[domain_realm]
    .moja.domena = MOJA.DOMENA
    moja.domena  = MOJA.DOMENA

[login]
    krb4_convert = true
    krb4_get_tickets = false

5. Podesiti NTP

Kerberos protokol ovisi o protokolu NTP. Ako vrijeme na Debian serveru nije sinhronizirano sa “primary domain controller”, prijava neće biti dostupna. Vrijeme možete ručno sinhronizirati primjerom:

1
ntpdate 192.168.11.100

Dodajte u /etc/ntp.conf vaš NTP server:

1
2
# Moja domena
server 192.168.0.100

Zatim pokrenite NTP sa:

1
/etc/init.d/ntp start

6. Podesite vaš DNS

Dodajte ActiveDirectory IP adresu u /etc/resolv.conf

1
nameserver 192.168.0.100

7. Podesite Winbind

Uredite postavke pod grupom [global] u datoteci /etc/samba/smb.conf.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Global parameters
[global]
workgroup = MOJA
realm = MOJA.DOMENA
load printers = no
preferred master = no
local master = no
server string = debian server
password server = 192.168.0.100
encrypt passwords = true
security = domain
netbios name = debian
client signing = Yes
dns proxy = No
wins server = 192.168.0.100
wins proxy = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/%D/%U
template shell = /bin/bash
invalid users = root
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

8. Podesi Nsswitch:

Postavke se nalaze u datoteci /etc/nsswitch.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files dns wins
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Promjene možete aktivirati sa:

1
ldconfig

9. Dodjelite računalo domeni:

1
net ads join -U Administrator

10. Uredite PAM postavke:

1
2
3
4
nano /etc/pam.d/common-account
# treba imati sljedeće linije:
account sufficient pam_winbind.so
account required pam_unix.so
1
2
3
4
nano /etc/pam.d/common-auth
# treba imati sljedeće linije:
auth    sufficient      pam_unix.so
auth    required        pam_winbind.so  use_first_pass
1
2
3
nano /etc/pam.d/common-password
# treba imati sličnu liniju - parametri
password   required   pam_unix.so nullok obscure min=4 max=50 md5
1
2
3
nano /etc/pam.d/common-session
# treba imati sljedeću liniju:
session     required    pam_mkhomedir.so umask=0022 skel=/etc/skel

11. Restartajte servise sljedećim redosljedom;

1
2
3
4
5
/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start
/etc/init.d/ssh restart

12. Provjera
Provjerite dali imate pristup korisnicima wbinfo -u i grupama wbinfo -g sa vašeg AD-a

Korisne informacije o vašem statusu:

1
net ads status

Sad se možete probati prijaviti na AD sa ssh korisnik@192.168.0.200

Ako želite napustit domenu, koristite:

1
net ads leave -U Administrator

Podjelite disk javno unutar vaše mrežne okoline (samba)

Uredite datoteku /etc/samba/smb.conf (zamjenite korisnicko_ime sa nekim stvarnim korisnikom):

[global]
netbios name = debian
workgroup = WORKGROUP
server string = Public File Server
security = share
guest account = korisnicko_ime

[public]
comment = Public Folder
path = /home/korisnicko_ime/Public
public = yes
create mask = 0777
directory mask = 0777
force user = korisnicko_ime
force group = korisnicko_ime
writable = yes
guest ok = yes
guest only = yes
guest account = korisnicko_ime
browsable = yes

 

Restartajte sambu /etc/init.d/samba restart i možete pristupiti svome poslužitelju  bez ograničenja

Samba + active directory

Ako se želite spojiti na računalo koje se nalazi u domeni (active directory) potrebno je napraviti pripremu :

1. Instalirati pakete:

apt-get install krb5-config samba winbind ntpdate

2. Zaustaviti procese:

/etc/init.d/samba stop
/etc/init.d/winbind stop

3. Dodati svoju domenu u datoteku /etc/krb5.conf

Pronađite [realms] i dodajte ispod (REALMNAME – puno ime vaše domene – pisati sa velikim slovima):

REALMNAME {
kdc = pdc_ip_address
}

Pronađite [libdefaults] i postavite vašu domenu:

default_realm = REALMNAME

4. Podesite winbind , dodajte u datoteku /etc/samba/smb.conf

realm = REALMNAME
workgroup = DOMAINNAME

[global]
realm = REALMNAME
workgroup = DOMAINNAME
load printers = no
preferred master = no
local master = no
server string = fileserver
password server = DOMAINNAME
encrypt passwords = yes
security = ADS
netbios name = nameofserver
client signing = Yes
dns proxy = No
wins server = DOMAINNAME
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes

[public]
comment = Public Folder
path = /home/username/public
public = yes
create mask = 0777
directory mask = 0777
force user = username
force group = username
writable = yes
guest ok = yes
guest only = yes
guest account = username
browsable = yes

5. Podesite Nsswitch /etc/nsswitch.conf :

Pronađite i zamjenite postavke sa:

passwd:         files winbind
group:          files winbind

6. Pristupite domeni:

net ads join -U “DOMAINADMIN”

7. Pokrenite servise:

/etc/init.d/samba start
/etc/init.d/winbind start

Instalacija apache2 sa SSL podrškom

1. prvo instalirajte pakete:

apt-get install apache2 openssl ssl-cert

2. generirajte certfikat:

cd ~
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

cp server.key /etc/apache2
cp server.crt /etc/apache2

Napomena: Prilikom svakog startanja servera morate upisati tajni ključ a ako želite zaobići upisivanje ključa napravite sljedeće:

openssl rsa -in server.key -out server.key

3. aktivirajte ssl modul

a2enmod ssl

4. uključite web site za ssl

a2ensite default-ssl

5. podesite side – ssl

zakomentirajte postojeće linije koda (/etc/apache2/sites-enabled/default-ssl) i dodajte:

#       SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
#       SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

 SSLCertificateFile /etc/apache2/server.crt
 SSLCertificateKeyFile /etc/apache2/server.k