An Open Source Enthusiasts.

Tux Amit 's Blog List

Friday, 29 June 2012

Tux Amit {Project Fedena}

Regret for not being regular on blog.. Hectic schedule is the real culprit not me -:)

Anyway.. Just completed a little but interesting  freelance project for a South indian University.. They had given me a task to implement rich web based student information system  to manage student data having atlest below features.

  • Student Information System (SIS)
  • School Management software
  • School ERP
  • Campus Management software
  • Student records system
  • Student management system
  • School software
  • E-learning system
  • Support to South languages and few European languages 

Hv tested few of the application and demonstrated to the university but any how they rejected  until i showed up with another open source SIS named FADENA, Developed by Bangalore based company  Foradian Technologies. It has all above features which was demanded by the University and above all some major benefits like mentioned below..

  • Available in chosen language.[Ex: Kannada, Tamil, Spanish]
  • Easy tracking of students and Employees
  • Easy way for TC generation and Transfer of Batch
  • Time table generation and Examination creation
  • Analyzing student’s performance and attendance
  • Various student and staff reports [based on different category, religion, blood group, caste, DOB and many other filters]
  • Easy Attendance Marking and Attendance reports
  • All the historical records of a student available easily
  • Helps in sending data to UID project
  • As the entire data is online and secure, any analysis can be done at any desired point of time.
  • Rich Classy  GUI

So i have implemented the same and system is live today .. :-)

So here i m sharing installation and configuration steps of the same on RHEL 6 as well as on Ubuntu after the beief overview of it ..


What Fedena is all about ??


Fedena is the open source school management system based on Ruby on Rails.

The project was made open source by Foradian, and is now maintained by the open source community. Fedena is the ideal solution for schools and campuses that want an easy means to manage all campus records.


Application info
Fedena [ http://fedena.com/ ]
opensource version [ http://www.projectfedena.org/ ]
Licence : Apache licence



Installation Steps on Redhat Based system here i m using RHEL 6.1



Step-1

First install ruby, Mysql , ruby-mysql using yum.


[tuxamit@tux-amit ~]$ sudo yum install  ruby

Install MySQL

1) yum install mysql*


2) [tuxamit@tux-amit ~]$ sudo service mysqld restart

3) [tuxamit@tux-amit ~]$ sudo chkconfig mysqld on

Download and install epel rpm for ruby-mysql

4) [tuxamit@tux-amit ~]$ sudo rpm -ivh http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm

5) [tuxamit@tux-amit ~]$ sudo yum install ruby-mysql




Step-2


Download rubygems- 1.3.6 from below link:-

[tuxamit@tux-amit ~]$ sudo wget -c http://rubyforge.org/frs/download.php/69365/rubygems-1.3.6.tgz

Do enter the tar file after download and follow the below steps:

[tuxamit@tux-amit ~]$ sudo tar xvf rubygems-1.3.6.tgz

[tuxamit@tux-amit ~]$ cd rubygem- 1.3.6

Run this command to install Rubygems.

[tuxamit@tux-amit ~]$ sudo ruby setup.rb

Once done, we can check the gem version with a Command

[tuxamit@tux-amit ~]$ sudo gem -v

We can check the installed gem with below command

[tuxamit@tux-amit ~]$ sudo gem list

Step 3: Setup Fedena

Download Fedena from projectfedena.org Extract the ZIP/TAR archive and save to a folder

(/opt/fadena). Run below command

[tuxamit@tux-amit ~]$ sudo wget -c http://projectfedena.org/download/fedena-bundle-linux

Step 4: Install Rails

Go to fedena directory and run below command:-

[tuxamit@tux-amit fedena]$ sudo  gem install rails -v=2.3.5

Install Rake

So we tried following command. You need to be in fedena installation home directory.

[tuxamit@tux-amit fedena]$ sudo gem install rake

Then run above commend


[tuxamit@tux-amit fedena]$ sudo rake gems:install


(RubyGems will also install all of the other libraries that Rails depends on. For each of these dependencies, RubyGems will ask you if you want to install it. Answer "y" (yes) to each one.)


Steps 5.

1. Update the MySQL login details in config/database.yml2. Run the command

[tuxamit@tux-amit fedena]$ sudo  rake db:create

This will create the required databases.

Then Run Below the command

[tuxamit@tux-amit fedena]$ sudo rake db:migrate

This will populate the database with required tables.


Then Run

[tuxamit@tux-amit fedena]$ sudo chmod +x script/server

Finally, run the command

[tuxamit@tux-amit fedena]$ sudo ruby script/server

This would start the server and it will be accessible at

firefox http://localhost:3000

username : admin
password : admin123



         Installing Fedena on Ubuntu

Setting up the Rails development environment

Step -1 Install rails

tuxamit@tux-amit:~$ sudo apt-get install rails

Rake is a build tool, written in Ruby, using Ruby as a build language. Rake is similar to make in scope and purpose.

Step -2 Install and Setup Mysql

tuxamit@tux-amit:~$ sudo adp-get install mysql -server mysql-client libmysql-ruby

Note -: Remember the mysql password you set during this step,


Step -3 Download Fedena

Download Fedena source code from GitHub(www.github.com/project/fedena). Extract the downloaded .tar archive to a convenient location where you would be running fedena in my case as above same as redhat I
have used /opt


Step-4 Install Rails 2.3.5

cd to fedena extracted directory 

[tuxamit@tux-amit fedena]$ sudo gem install rails -v=2.3.5
 
Step-5 Setting up with Fedena


[tuxamit@tux-amit fedena]$ sudo vim config/database.yml

Open the file database.yml in the config folder of the fedena source. Change the following details:
database: fedena – The name of the database you want to use for fedena  username password.

Step-6 Install the prawn gem
 

[tuxamit@tux-amit fedena]$ sudo gem install prawn -v=0.6.3

Install the rest of the gems

Install the rest of the gems by runnin

[tuxamit@tux-amit fedena]$ sudo rake gems:install

Set up Fedena databases

From the Fedena source directory in terminal run,

[tuxamit@tux-amit fedena]$ sudo rake db:create

[tuxamit@tux-amit fedena]$ sudo rake db:migrate

[tuxamit@tux-amit fedena]$ sudo chmod +x script/*

[tuxamit@tux-amit fedena]$ sudo ./script/server



All Done !! 


This will start the server and it will be accessible at http://localhost:3000


Login to Fedena using same credential which i have mentioned above mentioning again ..

username : admin
password : admin123



Have Fun :-) 

Do let me know if you face any issue in the same. 

Warm Regards
Tux Amit

Monday, 23 April 2012

AIDE (Advanced Intrusion Detection Environment)

Sharing installation and configuration step of one the security tool which i have used 2 years back .. and now due to the need of one of my client again just done its configuration and sharing you all its step  .. !!



 AIDE (Advanced Intrusion Detection Environment) 

Is basically an opensource tool  to check the file integrity. It is an substitute for TRIPWIRE. It allows to take snapshots of all the major configuration files, binaries as well as libraries . And helps us to find which file,binaries have been changed in case of compromisation of the system.
 
In brief defination a file integrity scanner is something we need to have in production environment . Just try to Imagine a hacker placing a backdoor on your web site, or changing your order form to email him a copy of everyone's credit card while leaving it appear to be functionally normally.
By setting up daily reporting, this notifies you within, at most, 24 hours or less of when any file was modified, added, or removed.  It also help us in establishing  an audit trail in the event your site is compromised.
These instructions are designed for an end user, where you don't need to have root access, to implement and assumes your server has the aide binary installed.  Most hosts will have this installed already, or will install it for you upon request.


Installation Steps are mentioned below.. i m installing it on RHEL 5.5 system . No need to go on epel or rpmforge you will get the AIDE package in default dvd repo of RHEL 5.5
 [root@tux-amit ~]#  yum install aide* -y

## configuration files of aide is /etc/aide.conf

open it and specified which directory should aide check for change  or which directory should not

##Log file of aide /var/log/aide/aide.log

## Databases Directory /var/lib/aide

##After installation run below command to build current system database

[root@tux-amit ~]# aide -i   it will make a database file named  /var/lib/aide/aide.db.new.gz

rename it to aide.db.gz

[root@tux-amit ~]# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Then to test is aide is working or not touch a  file in /home/tuxamit

[root@tux-amit ~]# touch /home/tuxamit/tuxamit.txt

And then check aide works or not using command aide -C

[root@tux-amit ~]# aide -C {it will give the output }

to paste relevant output in file use this command

[root@tux-amit ~]# aide -C | grep -v "lgetfilecon_raw"  >/tmp/report.txt

Use a Bash script of this and schedule  cron for it for daily reporting

Done :-)

Let me know if you face any issue in the same.

Regards

Tux Amit



Friday, 10 February 2012

Tux Amit {Get Started with Vyatta "Firewall,Load Balance,Fail-over"}

 Got a Requirement and Requirement Fulfilled ..


Current Scenario -> One of my client is having N number of Server in there set up like smtp,dns,squid etc, and they are connected to 1 dsl modem and from this single Dsl there  server were on internet .


Issues ->  Single point of Failure .. if that modem goes down whole set up get effected , user's internet stops , outgoing and incoming email and dns query get refused. :-( and if modem is working fine even then there is another issue and that is, huge load on one Dsl .. all the user's internet,email traffic were hooked only on 1 dsl. And that makes internet connection pretty slow.


Client Requirement-: Dependency on one modem should be removed, there should be a mechanism by which internet speed can be increased and last but not the lease for securing internal network.



Solution -> Configuration of Gateway Router which will provide 3 things
Load Balance, Fail-Over and Firewall (DMZ) , all the server will be connected to this router though switch and than the router will be connected to two DSL modem which will provide internet .. first job of router will be to secure internal network from the traffic coming from 2 modems, second one will be providing load balance of traffic coming from server between to dsls and last one which is most important and that is failover which means if any of the modem device goes down than all the traffic should shift to working modem.


Requirement for this Solution-> 1 extra dsl modem having direct internet connection , 1 physical machine having 3 lan card in which two lan card will be connected to both dsl's for internet access and one lan card will be connected to local switch in which all the server are connected.

Tools Used :- initially my client wanted to use a mid layer router for all this stuff but at the end we used an opensource  Debian based operating system Named Vyatta which is free of use and that cut my client cost, Vyatta fullfiled all the requirement which was mentioned by client ..


Natting -: For incoming traffic of services like smtp(port 25) named(53) i have done Nat on Firewall directory pointing to service holding server.

For more info about vyatta do check vyatta main site http://vyatta.org/

So here i m sharing the doc which i have made after configuring the vyatta router .



Installation Of Vyatta.


Try it Get ready

• Create the LiveCD.
• Make sure your BIOS is configured to boot from the CD-ROM.
• To install the operating system and Vyatta system software, you need a minimum of 450
MB of free space on your hard drive for a root partition.
NOTE A minimum of 2 GB of free space is recommended for a production installation.
• You will need to know the device name (for example, /dev/sda) onto which the software is
to be installed.
NOTE The installation process will reformat the specified partition so it is critical to specify the
Correct partition. For systems dedicated to Vyatta, the system selected defaults can be used.

Install onto hard disk

Begin with your system powered down.
1 With the system still powered down, connect a VGA monitor and keyboard to the host.
2 Insert the Vyatta LiveCD into the CD drive and close the drive.
3 Power up the system.
NOTE Systems with a Flash device may boot slowly from LiveCD, as the system looks for DMA that does not exist on the IDE device. This is expected behavior.
After the startup messages complete, the login prompt appears:
vyatta login:
4 Log on to the system as root with the password vyatta.
5 At the system command prompt enter the following:
install-system
The installer launches. The installer is an interactive install script that prompts you for some basic information and confirmation during the install.

The following example shows a sample install session.
Last login: Mon Oct 29 15:37:50 2007
Linux vyatta 2.6.20 #1 SMP Fri Sep 21 02:22:08 PDT 2007 i686
Welcome to Vyatta.
This system is open-source software. The exact distribution terms
for
each module comprising the full system are described in the
individual
files in /usr/share/doc/*/copyright.
vyatta:~# install-system
Welcome to the Vyatta install program. This script
will walk you through the process of installing the
Vyatta image to a local hard drive.
Would you like to continue? (Yes/No) [Yes]: <Enter>
Probing drives: OK
The Vyatta image will require a minimum 450MB root.
Would you like me to try to partition a drive automatically
or would you rather partition it manually with parted? If
you have already setup your partitions, you may skip this step.
Partition (Auto/Parted/Skip) [Auto]: <Enter>
I found the following drives on your system:
sda 1074MB
Install the image on? [sda] <Enter>
This will destroy all data on /dev/sda.
Continue? (Yes/No) [No]: Yes
How big of a root partition should I create? (450MB - 1074MB)
[1074]MB: 512
Creating filesystem on /dev/sda1: OK
Mounting /dev/sda1
Copying system image files to /dev/sda1:OK
I found the following configuration files
/opt/vyatta/etc/config/config.boot
Which one should I copy to sda?
[/opt/vyatta/etc/config/config.boot]: <Enter>
Would you like to set passwords for system users (Yes/No) [Yes]: No
I need to install the GRUB boot loader.
I found the following drives on your system:
sda 1074MB
Which drive should GRUB modify the boot partition on? [sda]: <Enter>
Setting up grub: OK
Done!

Installation Done !!

Let start with the configuration .


Remove the CD from the drive and reboot. When the system starts, it will be running from the local install and you will see the following:
Welcome to Vyatta - vyatta on tty1
vyatta login: vyatta
password: vyatta




Setting Up firewall first :-

vyatta@tux-amit# configure
vyatta@tux-amit# set interfaces ethernet eth0 address 192.168.101.2/24

vyatta@tux-amit# commit
vyatta@tux-amit# set interfaces ethernet eth1 address 192.168.201.2/24
   
vyatta@tux-amit# commit
vyatta@tux-amit# set interfaces ethernet eth2 address 192.168.3.1/24

vyatta@tux-amit# commit
vyatta@tux-amit# show interfaces ethernet
vyatta@tux-amit# set system name-server 4.2.2.2

vyatta@tux-amit# commit
vyatta@tux-amit# set system gateway-address 192.168.101.1            (eth0)

vyatta@tux-amit# set system gateway-address 192.168.201.1            (eth1)


vyatta@tux-amit# commit
vyatta@tux-amit# set service ssh

vyatta@tux-amit# commit

If you want a web based Configuration start you https service and you access Configure all the stuff using you browser

vyatta@tux-amit# set service https

vyatta@tux-amit# commit

https://192.168.3.1

####Rules Started

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 1 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 1 description "Allow smtp from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 1 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 1 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 1 destination address 192.168.101.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 1 destination port 25

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 1 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 2 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 2 description "Allow http from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 2 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 2 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 2 destination address 192.168.101.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 2 destination port 80

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 2 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 3 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 3 description "Allow https from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 3 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 3 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 3 destination address 192.168.101.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 3 destination port 443

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 3 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 4 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 4 description "Allow pop3 from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 4 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 4 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 4 destination address 192.168.101.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 4 destination port 110

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 4 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 5 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 5 description "Allow imap from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 5 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules rule 5 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 5 destination address 192.168.101.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules rule 5 destination port 143

vyatta@tux-amit# set firewall name TuxAmit-Rules rule 5 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 1 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 1 description "Allow smtp from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 1 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 1 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 1 destination address 192.168.201.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 1 destination port 25

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 1 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 2 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 2 description "Allow http from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 2 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 2 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 2 destination address 192.168.201.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 2 destination port 80

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 2 state new

vyatta@tux-amit# commit
---------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 3 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 3 description "Allow https from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 3 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 3 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 3 destination address 192.168.201.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 3 destination port 443

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 3 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 4 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 4 description "Allow pop3 from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 4 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 4 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 4 destination address 192.168.201.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 4 destination port 110

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 4 state new

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 5 action accept

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 5 description "Allow imap from outside”


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 5 log state


vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 5 protocol tcp

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 5 destination address 192.168.201.2
   
vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 5 destination port 143

vyatta@tux-amit# set firewall name TuxAmit-Rules1 rule 5 state new

vyatta@tux-amit# commit


I created NAT rules:-
##################################################################################
vyatta@tux-amit# set service nat rule 1 description “take http redirect to mail server”

vyatta@tux-amit# set service nat rule 1 inbound-interface eth0

vyatta@tux-amit# set service nat rule 1 protocols tcp


vyatta@tux-amit# set service nat rule 1 type destination
   
vyatta@tux-amit# set service nat rule 1 destination address 192.168.101.2


vyatta@tux-amit# set service nat rule 1 destination port 80

vyatta@tux-amit# set service nat rule 1 inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 1 inside-address port 80


vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set service nat rule 2 description “take http redirect to mail server”

vyatta@tux-amit# set service nat rule 2 inbound-interface eth1

vyatta@tux-amit# set service nat rule 2 protocols tcp


vyatta@tux-amit# set service nat rule 2 type destination
   
vyatta@tux-amit# set service nat rule 2 destination address 192.168.201.2


vyatta@tux-amit# set service nat rule 2 destination port 80

vyatta@tux-amit# set service nat rule 2 inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 2 inside-address port 80


##################################################################################


vyatta@tux-amit# set service nat rule 3 description “take smtp to mail server”

vyatta@tux-amit# set service nat rule 3 inbound-interface eth0
   
vyatta@tux-amit# set service nat rule 3 protocols tcp


vyatta@tux-amit# set service nat rule 3 type destination
   
vyatta@tux-amit# set service nat rule 3  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 3 inside-address  port 25

vyatta@tux-amit# set service nat rule 3 outside-address address 192.168.101.2


vyatta@tux-amit# set service nat rule 3 outside-address port 25

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set service nat rule 4 description “take http  to mail server”

vyatta@tux-amit# set service nat rule 4 inbound-interface eth0
   
vyatta@tux-amit# set service nat rule 4 protocols tcp


vyatta@tux-amit# set service nat rule 4 type destination
   
vyatta@tux-amit# set service nat rule 4  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 4 inside-address  port 80

vyatta@tux-amit# set service nat rule 4 outside-address address 192.168.101.2


vyatta@tux-amit# set service nat rule 4 outside-address port 80

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set service nat rule 5 description “take pop3 to mail server”

vyatta@tux-amit# set service nat rule 5 inbound-interface eth0
   
vyatta@tux-amit# set service nat rule 5 protocols tcp


vyatta@tux-amit# set service nat rule 5 type destination
   
vyatta@tux-amit# set service nat rule 5  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 5 inside-address  port 110

vyatta@tux-amit# set service nat rule 5 outside-address address 192.168.101.2


vyatta@tux-amit# set service nat rule 5 outside-address port 110

vyatta@tux-amit# commit

vyatta@tux-amit# set service nat rule 6 description “take imap to mail server”

vyatta@tux-amit# set service nat rule 6 inbound-interface eth0
   
vyatta@tux-amit# set service nat rule 6 protocols tcp


vyatta@tux-amit# set service nat rule 6 type destination
   
vyatta@tux-amit# set service nat rule 6  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 6 inside-address  port 143

vyatta@tux-amit# set service nat rule 6 outside-address address 192.168.101.2


vyatta@tux-amit# set service nat rule 6 outside-address port 143

vyatta@tux-amit# commit

   
vyatta@tux-amit# set service nat rule 7 description “take smtp to mail server”

vyatta@tux-amit# set service nat rule 7 inbound-interface eth1
   
vyatta@tux-amit# set service nat rule 7 protocols tcp


vyatta@tux-amit# set service nat rule 7 type destination
   
vyatta@tux-amit# set service nat rule 7  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 7 inside-address  port 25

vyatta@tux-amit# set service nat rule 7 outside-address address 192.168.201.2


vyatta@tux-amit# set service nat rule 7 outside-address port 25

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set service nat rule 8 description “take http  to mail server”

vyatta@tux-amit# set service nat rule 8 inbound-interface eth1
   
vyatta@tux-amit# set service nat rule 8 protocols tcp


vyatta@tux-amit# set service nat rule 8 type destination
   
vyatta@tux-amit# set service nat rule 8  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 8 inside-address  port 80

vyatta@tux-amit# set service nat rule 8 outside-address address 192.168.201.2


vyatta@tux-amit# set service nat rule 8 outside-address port 80

vyatta@tux-amit# commit
----------------------------------------------------------------------------------
vyatta@tux-amit# set service nat rule 9 description “take pop3 to mail server”

vyatta@tux-amit# set service nat rule 9 inbound-interface eth1
   
vyatta@tux-amit# set service nat rule 9 protocols tcp


vyatta@tux-amit# set service nat rule 9 type destination
   
vyatta@tux-amit# set service nat rule 9  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 9 inside-address  port 110

vyatta@tux-amit# set service nat rule 9 outside-address address 192.168.201.2


vyatta@tux-amit# set service nat rule 9 outside-address port 110

vyatta@tux-amit# commit

vyatta@tux-amit# set service nat rule 10 description “take imap to mail server”

vyatta@tux-amit# set service nat rule 10 inbound-interface eth1
   
vyatta@tux-amit# set service nat rule 10 protocols tcp


vyatta@tux-amit# set service nat rule 10 type destination
   
vyatta@tux-amit# set service nat rule 10  inside-address address 192.168.3.4


vyatta@tux-amit# set service nat rule 10 inside-address  port 143

vyatta@tux-amit# set service nat rule 10 outside-address address 192.168.201.2


vyatta@tux-amit# set service nat rule 10 outside-address port 143

vyatta@tux-amit# commit


vyatta@tux-amit# set service nat rule 11 description “local IP allow”

vyatta@tux-amit# set service nat rule 11 outbound-interface eth0
   
vyatta@tux-amit# set service nat rule 11 type source
   
vyatta@tux-amit# set service nat rule 11  outside-address address 192.168.101.2


vyatta@tux-amit# set service nat rule 11 source 192.168.3.0/24 

vyatta@tux-amit# commit

vyatta@tux-amit# set service nat rule 12 description “local IP allow”

vyatta@tux-amit# set service nat rule 12 outbound-interface eth1
   
vyatta@tux-amit# set service nat rule 12 type source
   
vyatta@tux-amit# set service nat rule 12  outside-address address 192.168.201.2


vyatta@tux-amit# set service nat rule 12 source 192.168.3.0/24 

vyatta@tux-amit# commit

Steps for Configuring WAN Load Balancing

vyatta@tux-amit# set protocols static route 0.0.0.0/0 next-hop 192.168.101.1

vyatta@tux-amit# set protocols static route 0.0.0.0/0 next-hop 192.168.201.1

vyatta@tux-amit# commit

vyatta@tux-amit# set load-balancing wan interface-health eth0 failure-count 5

vyatta@tux-amit# set load-balancing wan interface-health eth0 nexthop 192.168.101.1

vyatta@tux-amit# set load-balancing wan interface-health eth0 ping 182.168.194.1

vyatta@tux-amit# set load-balancing wan interface-health eth1 failure-count 4

vyatta@tux-amit# set load-balancing wan interface-health eth1 nexthop 192.168.201.1

vyatta@tux-amit# set load-balancing wan interface-health eth1 ping 182.168.194.1

vyatta@tux-amit# set load-balancing wan rule 10 inbound-interface eth2

vyatta@tux-amit# set load-balancing wan rule 10 interface eth0

vyatta@tux-amit# set load-balancing wan rule 10 interface eth1

vyatta@tux-amit# commit


All Done !! Do test and Let me know if any of you face any issue in the same. :-)

Regards
Tux Amit


Tuesday, 7 February 2012

Tux Amit {Purging Mysql Binary Logs}


Updating you one of my client issue which i have just resolved .. 

Scenario -> My client is having a very critical mysql server .. i m calling it critical because there two mission critical application which were using mysql  as a database backend and for data protection they have set up mysql slave and one of application is using slave as a database backend. 

Issue -> Master server Got Down :(  Due to disk space issue and Mysql Replication Logs were taking two much of space. i knew these logs are important "because whole replication depends on these logs".

so i have to remove them carefully and i did that using purge statement in mysql and every thing is fine. without taking any mysql down, the issue got resolved :-) 

Note :- we can use rm command on OS shell for deleting the logs but that never advisable and recommended. logs should be deleted from mysql shell.

So here we are ... Steps are mentioned below.

First check the binary logs at Master server which are getting created for Slave to read for data replication.

#### At Master Server


mysql> show binary logs  ;
+------------+------------+
| Log_name   | File_size  |
+------------+------------+
| bin.000001 |        12910934117 | 
| bin.000002 |        98918737117 | 
| bin.000003 |    12115103888 | 
| bin.000004 |    9384215309046 | 
| bin.000005 | 17377701989 | 
| bin.000006 | 10740781111 | 
| bin.000007 |  9350727118 | 
+------------+------------+
7 rows in set (0.00 sec)

You can see 7 bin Log files, which have been created. (they are made in numeric order you can easily find bin.000007 is the updated one )

Than after do check slave for the  current log file which are in use (if your mysql replication is working fine then it should be  bin.000007)

###### At slave Server.

mysql> show slave status \G;
*************************** 1. row ***************************
             Slave_IO_State: Waiting for master to send event
                Master_Host: 172.0.0.1
                Master_User: root
                Master_Port: 3306
              Connect_Retry: 60
            Master_Log_File: bin.000007
        Read_Master_Log_Pos: 895052540
             Relay_Log_File: relay.003100
              Relay_Log_Pos: 343942008
      Relay_Master_Log_File: bin.000007
           Slave_IO_Running: Yes
          Slave_SQL_Running: Yes
            Replicate_Do_DB: 
        Replicate_Ignore_DB: 
         Replicate_Do_Table: 
     Replicate_Ignore_Table: 
    Replicate_Wild_Do_Table: 
Replicate_Wild_Ignore_Table: 
                 Last_Errno: 0
                 Last_Error: 
               Skip_Counter: 0
        Exec_Master_Log_Pos: 895052540
            Relay_Log_Space: 343942008
            Until_Condition: None
             Until_Log_File: 
              Until_Log_Pos: 0
         Master_SSL_Allowed: No
         Master_SSL_CA_File: 
         Master_SSL_CA_Path: 
            Master_SSL_Cert: 
          Master_SSL_Cipher: 
             Master_SSL_Key: 
   Seconds_Behind_Master: 0
1 row in set (0.00 sec)

######

Hence we can see that bin.000007 log file is in used for slave to read the changes (update,Insert,Delete) and our Replication is also working fine Slave is 0 second behind from the server .  so we can delete or purge the other old files to resolve disk space issues.

Be Careful while running below command.

####
mysql> PURGE BINARY LOGS TO 'bin.000001' ;
Query OK, 0 rows affected (0.01 sec)
mysql> PURGE BINARY LOGS TO 'bin.000002' ;
Query OK, 0 rows affected (0.02 sec)

mysql> PURGE BINARY LOGS TO 'bin.000003' ;
Query OK, 0 rows affected (0.03 sec)

mysql> PURGE BINARY LOGS TO 'bin.000004' ;
Query OK, 0 rows affected (0.03 sec)

mysql> PURGE BINARY LOGS TO 'bin.000005' ;
Query OK, 0 rows affected (0.03 sec)

mysql> PURGE BINARY LOGS TO 'bin.000006' ;
Query OK, 0 rows affected (0.15 sec)

All done your old Logs are deleted :-) 



Regards 
Tux Amit


Friday, 27 January 2012

Tux Amit {HA Proxy's Configuration For Mysql Load Balancing and Fail Over}


Today Due to one of my Client Requirement i supposed to install and configure a High Availability, Proxying, Application Load Balancer for Mysql ,in the current scenario we are having two Mysql server(Both were running As Multi-Master Replication nodes) and we needed all the traffic coming from Applications should be load balance to both the Mysql server and there should be Fail-over Facility too. To achieve the goal i used an Opensource tool named HA proxy and after using it all goals seems to be achived now .

So i m sharing the steps pls go though below .

What basically HA Proxy is ??

HAProxy is an opensource free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites,databases and Application crawling under very high loads.

Steps of Installation And configuration :-

root@tux-amit:~# wget -c http://haproxy.1wt.eu/download/1.2/src/haproxy-1.2.17.tar.gz

root@tux-amit:~# tar -zxf haproxy-1.2.17.tar.gz

root@tux-amit:~# cd haproxy-1.2.17

root@tux-amit:~# make

root@tux-amit:~# cp haproxy /usr/sbin/haproxy

root@tux-amit:~# wget -c http://layer1.rack911.com/haproxy/haproxy.init -O /etc/init.d/haproxy ## Download its script file

Create a HA Proxy config file using vim  /etc/haproxy.cfg and add below setting .

root@tux-amit:~# vim /etc/haproxy.cfg

###

Changes Done by tuxamit

global

maxconn     4096 # Total Max Connections. This is dependent on ulimit

daemon

nbproc      4 # Number of processing cores.

defaults

mode     http

clitimeout  60000

srvtimeout  30000

contimeout  4000

option      httpclose # Disable Keepalive

##Ip and port in which HA proxy will bind, All the Mysql traffic will be hooked to below ip and port and then HA proxy will share the traffic in round robin algo to given Mysql Servers ####

listen Mysql_proxy 10.x.x.74:3306 ##

mode tcp

balance roundrobin

###### Add you Mysql Server below ##

 server Mysql_db1 10.x.x.72:3306 check

 server Mysql_db2 10.x.x.73:3306 check

######Config Completed

root@tux-amit:~# service haproxy start ; chkconfig --add haproxy ; chkconfig haproxy on

All Done! Load Balancing and fail-over though HA Proxy on host 10.x.x.74 is now working fine for Mysql service listening on 3306 port at hosts 10.x.x.72 and 10.x.x.73.

Tux Amit {Documentation on Opesview Monitoring Tool}

Few days back one of my friend named Linuz Ashu who is himself an opensource Geek suggested me to use a rich web based monitoring tool named Opsview, i always been a big fan of Nagios and still i m but the way Ashu describe Opesview and its features and its GUI which he told me much batter than my favorite Nagios , made me to go for it and after installing and working with it i found Ashu correct.
so here i m sharing the steps of opesview installation and Configuration to all.


What is Opesview ??
As describe above Opesview is an open source network, server and application monitoring tool. It is released under the  GNU General Public License (GPL) version 2. Opsview uses Nagios Core as its monitoring 'engine' and incorporates Nagvis, NagiosGraph, MRTG, NMIS into a single tool. Opsview provides a web user interface that allows system administrators to access monitoring views and configure monitoring settings.

Operating System => RHEL 5.5

Opsview Installation Steps

Pls make sure below packages must be installed on the system

  1. libmcrypt
  2. mrtg
  3. rrdtool-perl
  4. rrdtool
  5. Mysql*
  6. Apache


Epel repositories

Set up EPEL repository  to install any necessary dependancies by downloading and installing the EPEL release package

root@tux-amit:~# rpm -ivh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

We can also use rpmforge for this !!

Opsview repositories

Then, create a repo file /etc/yum.repos.d/opsview.repo containing the following lines:
[opsview]
name = Opsview
baseurl = http://downloads.opsera.com/opsview-community/latest/yum/<OS>/$releasever/$basearch
enabled = 1
protect = 0
gpgcheck = 0
Once the repositories have been updated to include the Opsview yum repository, the latest release of Opsview can be installed by running the following command as root

root@tux-amit:~# yum install opsview

Post-installation steps

After the Opsview packages have been installed, it is necessary to configure Opsview and its databases.  

1. The rest of the steps should be performed as the nagios user
root@tux-amit:~#su - nagios
2. Edit the opsview configuration file and amend the password as you see fit to secure the system (those passwords that should be changed as set to changeme by default)
nagios@tux-amit:~$ vim /usr/local/nagios/etc/opsview.conf   # change passwords in this file
3. Set up the Opsview mysql database users with the necessary permissions
nagios@tux-amit:~$ /usr/local/nagios/bin/db_mysql -u root -p{password}
4. Install the required databases
nagios@tux-amit:~$ /usr/local/nagios/bin/db_opsview db_install
nagios@tux-amit:~$ /usr/local/nagios/bin/db_runtime db_install
nagios@tux-amit:~$ /usr/local/nagios/bin/db_odw db_install
nagios@tux-amit:~$ /usr/local/nagios/bin/db_reports db_install
5. Generate all the necessary configuration files for Opsview and Nagios Core to run
nagios@tux-amit:~$ /usr/local/nagios/bin/rc.opsview gen_config
6. Switch to Root then You can now startup the web application server:
 
tuxamit@tux-amit:~$ su - root
root@tux-amit:~# /etc/init.d/opsview-web start
The Opsview serviceis now listening on port 3000, i.e. http://serverip:3000/

Optional Further Configuration

Using Apache as a proxy server

The performance of Opsview will be significantly improved by using Apache at the front end.
1. As root, edit the apache configuration files and enable proxy_html
root@tux-amit:~# cd /etc/httpd/conf
root@tux-amit:~# vim httpd.conf
   # Ensure the line "LoadModule proxy_http_module modules/mod_proxy_http.so" is   uncommented
2. As root, copy in the example Apache configuration file and edit to suite your needs
root@tux-amit:~# cd /etc/httpd/conf.d
root@tux-amit:~# cp /usr/local/nagios/installer/apache_proxy.conf .
root@tux-amit:~# vim apache_proxy.conf
3. Amend the apache web server user group membership to include nagcmd group
root@tux-amit:~# usermod -G nagcmd apache
4. As root, restart Apache
root@tux-amit:~# /etc/init.d/httpd restart
You can now access Opsview at http://serverip/
Login as Admin user using below credentials.
username: admin
password: initial
All Done Have Fun :-)
 
Regards
Tux Amit

Tux Amit {Step by Step Documention on Installation And Configuration of Samba domain Controller, Samba PDC with openldap as backend}


Step by Step Documention on Installation And Configuration of Samba domain Controller, Samba PDC with openldap as backend
Installation of Packeges :-

yum install openldap* samba*

Openldap Configuration

cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

service ldap restart <= check service is running properly if its runnig properly that go ahead

Changes in slapd.conf

#########

##Changes done by tuxamit for adding two schema file for samba misc.schema and samab.schema
you can find these two scema file in /usr/share/doc/samba-3.0.33/LDAP

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/dnszone.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/misc.schema


allow bind_v2


pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

loglevel 2176
loglevel sync



database bdb
suffix "dc=tuxamit,dc=com"
rootdn "cn=admin,dc=tuxamit,dc=com"
rootpw redhat

directory /var/lib/ldap

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

Changes in smb.conf

workgroup = TUXAMIT.COM
server string = Samba Server Version %v

netbios name = TUXAMIT.COM

interfaces = lo eth0 127. 172.
hosts allow = 127. 172.

log level = 2
# logs split per machine
log file = /var/log/samba/smbd.log


security = user
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no

###Added by tuxamit Begin: Custom LDAP Entries
ldap admin dn = cn=admin,dc=tuxamit,dc=com
ldap suffix = dc=tuxamit, dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
; Do ldap passwd sync
ldap passwd sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
##Changes over

domain master = yes
domain logons = yes
preferred master = yes



wins support = yes
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

##Changes over for smb.conf


Download And Configure smbldap-tools-0.9.6.tar.gz (Smbldap-tools is a set of scripts designed to help integrate Samba and an LDAP directory)

mkdir modules ; cd modules


tar -zxvf smbldap-tools-0.9.6.tar.gz ; cd smbldap-tools-0.9.6

First we need to install its perl dependencies :-

yum install perl-Digest-SHA1 perl-LDAP perl-IO-Socket-SSL

Add Dag Wieers repository
cat > /etc/yum.repos.d/DAG.repo << EOF
[dag]
name=DAG Repository
baseurl = http://apt.sw.be/redhat/el\$releasever/en/\$basearch/dag
gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
gpgcheck=1
enabled=0
EOF

yum --enablerepo=dag install perl-Crypt-SmbHash perl-Unicode-MapUTF8

Now copy all the scripts in /usr/local/sbin/

Configuration of smbldap-tools

mkdir /etc/smbldap-tools/

Modify smbldap.conf and smbldap_bind.conf as given below and and copy them in /etc/smbldap-tools/

Changes in smbldap.conf and smbldap_bind.conf

smbldap.conf

#############
SID="S-1-5-21-4152842643-1346776356-3218413948"

sambaDomain="tuxamit.com"


masterLDAP="127.0.0.1"

masterPort="389"

ldapTLS="0"

ldapSSL="0"

verify="require"

cafile="/etc/smbldap-tools/ca.pem"

clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"

clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"

suffix="dc=tuxamit,dc=com"

usersdn="ou=Users,${suffix}"

computersdn="ou=Computers,${suffix}"

groupsdn="ou=Groups,${suffix}"

idmapdn="ou=Idmap,${suffix}"

sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"

scope="sub"

hash_encrypt="SSHA"

crypt_salt_format="%s"


userLoginShell="/bin/bash"

userHome="/home/%U"

userHomeDirectoryMode="700"

userGecos="System User"
defaultUserGid="513"

defaultComputerGid="515"

skeletonDir="/etc/skel"

defaultMaxPasswordAge="45"


userSmbHome="\\PDC-SRV\%U"

userProfile="\\PDC-SRV\profiles\%U"

userHomeDrive="H:"

userScript="logon.bat"

mailDomain="tuxamit.com"


with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"

with_slappasswd="0"
slappasswd="/usr/sbin/slappasswd"

##########

Changes in smbldap_bind.conf

#############
masterDN="cn=admin,dc=tuxamit,dc=com"
masterPw="redhat"

#############

set proper permissions on those files:
$ chmod 644 /etc/smbldap-tools/smbldap.conf
$ chmod 600 /etc/smbldap-tools/smbldap_bind.conf

Set samba sid -:

net setlocalsid S-1-5-21-4152842643-1346776356-3218413948

initialize the ldap directory
$ smbldap-populate -u 30000 -g 30000 (it will ask root password fo database give it to redhat or which you have mentioned in slapd.conf)

$ smbpasswd -w redhat ( to set up the ldap admin password in secrets.tdb)


Configure Authentication
$ authconfig-tui


                                                                                                     
                                     ┌────────────────┤ Authentication Configuration  |                                
                                     │                                                                                                |    
                                     │  User Information        Authentication                                   │                                  
                                     │  [ ] Cache Information   [*] Use MD5 Passwords                 │                                  
                                     │  [ ] Use Hesiod              [*] Use Shadow Passwords              |                                    
                                     │  [*] Use LDAP              [*] Use LDAP Authentication         │                                  
                                     │  [ ] Use NIS                   [ ] Use Kerberos                               |                                
                                     │  [ ] Use Winbind            [ ] Use SMB Authentication             |                                  
                                     │                                        [ ] Use Winbind Authentication       |                                    
                                     │                                        [ ] Local authorization is sufficient   |                                  
                                     │                                                                                              │                                  
                                     │            ┌────────┐                      ┌──────┐           │                                  
                                     │            │ Cancel          │                      │ Next        │           │                                  
                                     │            └────────┘                      └──────┘           │                                  
                                     │                                                                                                                                  
                                     │                                                                                               │                                  
                                       ───────────────────────────────────



                                                             [ ] Use TLS                                                                      
                                            │  Server: ldap://127.0.0.1/   __________ │                                          
                                            │ Base DN: dc=tuxamit,dc=com________ │                                          
                                            │                                                                                        
                                            │         ┌──────┐                  ┌────┐                                          
                                            │         │ Back                     │ Ok     │                                            
                                            │         └──────┘                  └────┘










All Done !!

Do Restart both the services .

service ldap restart ; service smb restart

Try to Login from Admin user

[root@dc smbldap-tools-0.9.6]# smbclient -L localhost -U root
Password:
Domain=[TUXAMIT.COM] OS=[Unix] Server=[Samba 3.0.33-3.28.el5]

Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 3.0.33-3.28.el5)
root Disk Home Directories
Domain=[TUXAMIT.COM] OS=[Unix] Server=[Samba 3.0.33-3.28.el5]

Server Comment
--------- -------
TUXAMIT.COM Samba Server Version 3.0.33-3.28.el5

Workgroup Master
--------- -------
TUXAMIT.COM TUXAMIT.COM



######Adding New user in samba ldap using smbtools

$ smbldap-useradd -a -m tuxamit

##Setting Password for the user

$ smbldap-passwd tuxamit
Changing UNIX and samba passwords for tuxamit
New password:
Retype new password:

[root@dc smbldap-tools-0.9.6]# smbclient -L localhost -U tuxamit
Password:
Domain=[TUXAMIT.COM] OS=[Unix] Server=[Samba 3.0.33-3.28.el5]

Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 3.0.33-3.28.el5)
tuxamit Disk Home Directories
Domain=[TUXAMIT.COM] OS=[Unix] Server=[Samba 3.0.33-3.28.el5]

Server Comment
--------- -------
TUXAMIT.COM Samba Server Version 3.0.33-3.28.el5

Workgroup Master
--------- -------
TUXAMIT.COM TUXAMIT.COM


######Samba With Ldap auth is working fine Go and Join Window Machine To you samba Domain

[Note] while Joining Domain if you gets an error like failed to find domain and in details tab you will find such error can't find _ldap._tcp.dc._msdcs.<DOMAIN NAME>: Non-existent Domain error when joining

then Configure your dns and add below entrys to you forward jone file and set wins server in you windows machine to your dns .

_ldap._tcp.tuxamit.com SRV 0 0 389 server hostname
_ldap._tcp.dc._msdcs.tuxamit.com SRV 0 0 389 server hostname

All Done !! You will able to add windows and linux machine to this domain :):)

Documented By -: Tux Amit