Centos7 Archives - Linux Windows and android Tutorials https://www.osradar.com tutorials and news and Seurity Mon, 11 Feb 2019 09:55:56 +0000 en-US hourly 1 https://wordpress.org/?v=5.8.12 Join CentOS7 system into Windows Domain https://www.osradar.com/join-centos7-system-into-windows-domain/ https://www.osradar.com/join-centos7-system-into-windows-domain/#respond Mon, 11 Feb 2019 09:54:42 +0000 https://www.osradar.com/?p=10675 Why? That’s a good question. Why? That’s because then it allows us to authenticate users centrally whom already has Windows Active Directory user accounts. This really comes handy as we then don’t need to provision CentOS local user account as new users are in demand for server access. Think about a scenario, for example, a […]

The post Join CentOS7 system into Windows Domain appeared first on Linux Windows and android Tutorials.

]]> Why?
That’s a good question. Why? That’s because then it allows us to authenticate users centrally whom already has Windows Active Directory user accounts. This really comes handy as we then don’t need to provision CentOS local user account as new users are in demand for server access. Think about a scenario, for example, a company whose having thousands of users who wish to have server access for  system administration. That would be a pain in the neck if our plan to setup each individual accounts locally. Problem even get started to worse if the server count increase over the time. Thus, having your LInux systems’s authentication over Windows Active Directory should be one of the obvious solutions.

Getting Started

This tutorial is based on the following configuration:

  • domain name : osradar.com
  • workgroup : OSRADAR
  • kerberos realm : OSRADAR.COM
  • Winsdows AD IP address: 172.17.0.51
  • Windows AS DNS name: windows-ad.osradar.com
  • a valid user called “winaduser01” already existed at Windows AD.

01. Install packages

# yum install krb5-workstation pam_krb5 samba samba-client samba-winbind authconfig

 

02. Ensure that the clocks on both systems are in sync. Time synchronization is essential for Kerberos to work.

03. To have working DNS resolution, point all Linux client systems to Windows AD – Essential for Kerberos to work. Optionally, you can also work with /etc/hosts if required.

# vim /etc/hosts

172.17.0.51 windows-ad.osradar.com

04. Configure Kerberos to use AD Kerberos realm.

# vi /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true

ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = OSRADAR.COM
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
OSRADAR.COM = {
kdc = 172.17.0.51
admin_server = 172.17.0.51
}

 

05. Verify Kerberos operation – (Assume following winaduser01 exist on the Windows AD)

# kinit winaduser01
Password for winaduser01@OSRADAR.COM:

(This of course is to get a Kerberos Ticket for our Linux client system)

# klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: winaduser01@OSRADAR.COM
Valid starting Expires Service principal
04/27/2019 00:42:19 04/27/2019 10:42:19 krbtgt/OSRADAR.COM@OSRADAR.COM
renew until 05/04/2019 00:42:10

(To list whether do we have valid Kerberos Tickets now..)

# kdestroy

(Optionally, if you want to remove the existing Kerberos Ticket)

 

06. Configure Samba to connect to AD server.

# vi /etc/samba/smb.conf

[global]
workgroup = OSRADAR
realm = OSRADAR.COM
security = ads
idmap config * : range = 16777216-33554431
winbind separator = +
template homedir = /home/%U
template shell = /bin/bash
kerberos method = secrets only
winbind use default domain = true
winbind offline logon = true

server string = Samba Server Version %v
netbios name = MYLINUXPC1
interfaces = lo ens9 172.17.0.0/24
hosts allow = 127. 172.17.0.
passdb backend = tdbsam
winbind enum users = yes
winbind enum groups = yes
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
idmap config MYCOMPANY:backend = rid
idmap config MYCOMPANY:range = 10000000-1999999

 

07. Check for configuration errors if present.

# testparm

 

08. Configure NSS and PAM to use winbind for system authentication

# authconfig --enablewinbind --enablewins --enablewinbindauth --update

 

09. Service Restarts

# systemctl restart smb
# systemctl restart winbind

 

10. Lets add our linux client machine to the Winsows AD Domain

# kinit winaduser01
# net ads join -U winaduser01
Enter winaduser's password:
Joined 'MYLINUXPC1' to dns domain 'OSRADAR.COM'

 

Congratulations. If you see the above message, it confirms that your Linux system is correctly joined with WIndows. Now, you can perform any user authentication against any user who has a valid account on windows Active Directory.

Optionally, if you want to leave the joined domains

# net ads leave -U winaduser01

 

“I hope this has been informative for you..”

The post Join CentOS7 system into Windows Domain appeared first on Linux Windows and android Tutorials.

]]> https://www.osradar.com/join-centos7-system-into-windows-domain/feed/ 0 How to configure HAProxy Load Balancing on Centos 7 https://www.osradar.com/how-to-configure-haproxy-load-balancing-on-centos-7/ https://www.osradar.com/how-to-configure-haproxy-load-balancing-on-centos-7/#respond Tue, 05 Jun 2018 11:31:43 +0000 https://www.osradar.com/?p=3474 Load balancing refers to efficiently distributing incoming network traffic across a group of backend servers, also known as a server farm or server pool. A load balancer acts as the “traffic cop” sitting in front of your servers and routing client requests across all servers capable of fulfilling those requests in a manner that maximizes […]

The post How to configure HAProxy Load Balancing on Centos 7 appeared first on Linux Windows and android Tutorials.

]]> Load balancing refers to efficiently distributing incoming network traffic across a group of backend servers, also known as a server farm or server pool.
A load balancer acts as the “traffic cop” sitting in front of your servers and routing client requests across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity utilization and ensures that no one server is overworked, which could degrade performance. If any server goes down, the load balancer redirects traffic to the remaining online servers. When a new server is added to the server group, the load balancer automatically starts to send requests to it.
In this manner, a load balancer performs the following functions:
• Distributes client requests or network load efficiently across multiple servers
• Ensures high availability and reliability by sending requests only to servers that are online
• Provides the flexibility to add or subtract servers as demand dictates

To install and configure HAProxy loadbalancer we will consider below senario

  1. One is web server1>IP Address: 192.168.248.132>Hostname:system1.osradar.com
  2. Two is web server2>IP Address: 192.168.248.133>Hostname:system2.osradar.com
  3. HAproxyloadbalancer>IPAddress:192.168.248.134>Hostname:loadbalancer.osradar.com

First make sure that you systems has above host name and IP Address.

Step 01: To check hostname (for three systems)
#hostnamectl status
Static hostname: system1.osradar.com
Static hostname: system2.osradar.com
Static hostname: loadbalancer.osradar.com

Step 02: To Check IP Address (for three system)
#ip addr
or
#ifconfig
inet 192.168.248.132 netmask 255.255.255.0 broadcast 192.168.248.255
inet 192.168.248.133 netmask 255.255.255.0 broadcast 192.168.248.255
inet 192.168.248.134 netmask 255.255.255.0 broadcast 192.168.248.255

Step 03: Insert below information to all systems(system1, system2 and loadbalancer) /etc/hosts file
#vim /ete/hosts
192.168.248.132 system1.osradar.com system1
192.168.248.133 system2.osradar.com system2
192.168.248.134 loadbalancer.osradar.com loadbalancer

Step 04: To check that you can reach each system
#ping system1
#ping system2
#Pint loadbalancer

Step 05: Now install httpd to systems (system1, system2)
#yum install httpd -y
#systemctl start httpd
#systemctl enable httpd
#firewall-cmd –permanent –zone=public –add-service=http
#firewall-cmd –permanent –zone=public –add-service=https
#firewall-cmd –reload
#firewall-cmd –list-all (to ckeck status)

Step 06: To check your web service is ok visit 192.168.248.132 and 192.168.248.133 from your systems browser. You will find that Apahe test page appears.

You can make different index.html files for system1 and system2. So that you can get the difference. Here, we create index.html for system1 and system2 under /var/www/html

#vim /var/www/html/index.html (for system1)
This is <h1>system1</h1>.osradar.com
Website
<h3>IP: 192.168.248.132</h3>
#vim /var/www/html/index.html (for system2)
This is <h1>system2</h1>.osradar.com
Website
<h3>IP: 192.168.248.133</h3>

Step 07: Install HAProxy on loadbalancer system and configure
#yum install haproxy.x86_64 -y
#vim /etc/haproxy/haproxy.cfg
at the end of this file paste following information, save and exit.

##############Frontend Server Configuration##########
frontend webapp
bind *:80
default_backend webserver

#####################Backend Server Configuration##########

backend webserver
balance roundrobin
server system1 192.168.248.132:80 check
server system2 192.168.248.133:80 check

Step 08: Now we will check firewall status
#firewall-cmd –list-all
If we found that port 80 and 8080 is not added in firewall then we have to add

#firewall-cmd –permanent –zone=public –add-port=80/tcp
#firewall-cmd –permanent –zone=public –add-port=8080/tcp
#firewall-cmd –reload

Step 09: We will change SeLinux status from enforcing to permissive
#setenforce 0

Step 10:
#systemctl start haproxy.service
#systemctl enable haproxy.service

From loadbalancer system web browser visit 192.168.248.134. Hit(refresh) this IP two/three times and you will see web page from system1 and system2 are visible.

That’s how loadbalancer works.

The post How to configure HAProxy Load Balancing on Centos 7 appeared first on Linux Windows and android Tutorials.

]]> https://www.osradar.com/how-to-configure-haproxy-load-balancing-on-centos-7/feed/ 0