Thursday, July 26, 2018

Resetting the vCenter SSO administrator@vsphere.local Password

For vCenter Server Appliance

1.) Log in to vCenter Server with root account.

Note : If the Platform Services Controller is installed separate from vCenter Server, log in to the Platform Services Controller server


2.) Enable BASH shell access and launch BASH


3.) In case if we need to find the SSO domain name (Default is vSphere.local). Run the vmafd-cli command to get the configured SSO domain



3.) Now run the vdcadmintool to generate the SSO account new password


4.) Now with the newly generated password you can login to vCenter

5.) In vSphere Web Client, navigate to Adminstration -> Single Sign-On -> Users and Groups - Users

6.) Select the Administrator User and Right Click and select edit option



7.) Reset the Password


The SSO admin password has now been changed.
Posted by at No comments:

Sunday, June 16, 2013

LUN Scaning Script for RHEL 5.X

Step 1 : Run the below script to scan the LUN,

#!/bin/bash
#
# Lun Scanning script
# Works on RHEL 5.X
#
for i in `ls /sys/class/fc_host`
do
echo "1" > /sys/class/fc_host/$i/issue_lip
echo "- - -" > /sys/class/scsi_host/$i/scan
done


Step 2 : Check Lun Visibility in Server

# fdisk -l
Posted by at No comments:
Labels: ,

Tuesday, June 4, 2013

INODE Explained


INODE – Index Node (Also called as Index Number) is the basic and fundamental concept in Linux filesystem.

Each file in Linux has following attributes,
  • File type (executable, block special or character special etc)
  • Permissions (read, write, execute)
  • Owner
  • Group
  • File Size
  • File access, change and modification time
  • File deletion time
  • Number of links (soft/hard)
  • Extended attribute (Like no one can delete/append only..)
  • Access Control List (ACLs)

All the above information is stored in inode & every file has unique inode value in filesystem which identifies the file attributes.

We can get the inode value by ls & stat command


Note :
Remember that Linux never stores the file creation time.


Posted by at No comments:
Labels: ,

Monday, June 3, 2013

How to Create and Install an Apache Self Signed Certificate


Below steps is for creating and installing apache self signed certificate in RHEL 6.2

 Step 1 : Generate Key

[root@mail ]# cd /etc/ssl/certs/
[root@mail certs]# openssl genrsa -des3 -out new.key 2048
Generating RSA private key, 2048 bit long modulus
.........................................................................................................+++
...............................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for new.key:
Verifying - Enter pass phrase for new.key:
[root@mail certs]#


Step 2 : Removing passphrase from key (This step is optional, by this step we can avoid giving password every time we start apache service - httpd)

[root@mail certs]# cp new.key new.key_org
[root@mail certs]#
[root@mail certs]# openssl rsa -in new.key -out new.key
Enter pass phrase for new.key:
writing RSA key
[root@mail certs]# ll new.key
-rw-r--r-- 1 root root 1679 May 22 12:13 new.key
[root@mail certs]#

Step 3 : Generate a Certificate Signing Request (CSR)

[root@mail certs]# openssl req -new -key new.key -out webmail.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Tamil Nadu
Locality Name (eg, city) [Default City]:Madurai
Organization Name (eg, company) [Default Company Ltd]:Lynx Corp
Organizational Unit Name (eg, section) []:Leo
Common Name (eg, your name or your server's hostname) []:mail.isvivek.com
Email Address []:isvivek@isvivek.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@mail certs]#


Step 4 :  Generate a self signed ssl certificate

[root@mail certs]# openssl x509 -req -days 365 -in webmail.csr -signkey new.key -out webmail.cert
Signature ok
subject=/C=IN/ST=Tamil Nadu/L=Madurai/O=Lynx Corp/OU=Leo/CN=mail.isvivek.com/emailAddress=isvivek@isvivek.com
Getting Private key
[root@mail certs]#


Step 5 : Installing generated ceritificate

[root@mail certs]# vim /etc/httpd/conf.d/ssl.conf

--->>Update it as follows

SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

--->> Update VirtualHost as follows:


    SSLEngine On
    SSLCertificateFile /etc/ssl/certs/webmail/webmail.cert
    SSLCertificateKeyFile /etc/ssl/certs/webmail/new.key
    SSLProtocol All -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5
    DocumentRoot "/var/www/html/ssl"
    ServerName mail.isvivek.com:443


[root@mail certs]#  mkdir -p /var/www/html/ssl
[root@mail certs]#  chown apache /var/www/html/ssl

[root@mail certs]# vim /etc/httpd/conf/httpd.conf

--->>Update it as follows


         SSLRequireSSL
         SSLOptions +StrictRequire
         SSLRequire %{HTTP_HOST} eq "mail.isvivek.com"
         ErrorDocument 403 https://mail.isvivek.com/sslerror.html



[root@mail certs]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                             [  OK  ]
[root@mail certs]#

Step 6 :  Verify the details from by browsing the URL,




Posted by at No comments:
Labels: , , ,

Pseudo Terminals Limits

"/proc/sys/kernel/pty/max" file defines the maximum number of pseudoterminals,

[root@mail ~]# cat /proc/sys/kernel/pty/max
4096
[root@mail ~]#


"/proc/sys/kernel/pty/nr" is read-only file indicates how many pseudoterminals are currently in use

[root@mail ~]# cat /proc/sys/kernel/pty/nr
4
[root@mail ~]#

To limit or increase the Pseudo Terminals Permanently, 

# vim /etc/sysctl.conf

kernel.pty.max = 1024

#  sysctl -p

After the pty limits you will get below error if you try to open new session,



Posted by at No comments:
Labels: ,

Friday, May 31, 2013

Postfix, Dovecot and Active directory Integration


For Linux AD integration pls refer my earlier post (http://isvivek.blogspot.com/2013/05/redhat-linux-active-directory.html) & after AD integration proceed with this post for postfix mail server with AD authentication.

 Postfix configuration

 Change the below mentioned parameters, these are just basic parameters to run a postfix mail server, we can customize or enable more options as per the requirements

 Step 1 :

 [root@mail ~]# vim /etc/postfix/main.cf

myhostname = mail.isvivek.com  ## Enter your hostname here

mydomain = isvivek.com ## Enter your domain name here

myorigin = $mydomain ## Just uncomment this line

inet_interfaces = all  ## Uncomment and change it to all

mydestination = $myhostname, localhost.$mydomain, $mydomain  ##  Just uncomment this line

mynetworks = 192.168.248.0/24, 127.0.0.0/8 ## Uncomment and add the network which you want to allow

home_mailbox = Maildir/ ## Just uncomment this line

Save the /etc/postfix/main.cf after making the config changes.

Step 2 : Start the postfix service

Start postfix service

[root@mail ~]# /etc/init.d/postfix start
Starting postfix:                                          [  OK  ]
[root@mail ~]#

Step 3 : Test mail flow 

[root@mail ~]# telnet mail 25
Trying 192.168.248.128...
Connected to mail.
Escape character is '^]'.
220 mail.isvivek.com ESMTP Postfix
ehlo mail
250-mail.isvivek.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:isvivek@isvivek.com
250 2.1.0 Ok
rcpt to:user1@isvivek.com
250 2.1.5 Ok
data
354 End data with .
Hi

this is test mail
.
250 2.0.0 Ok: queued as CDDA142EDE
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail ~]#



[root@mail ~]# cd /home/ISVIVEK/user1/Maildir/new
[root@mail new]# ll
total 4
-rw------- 1 user1 domain users 456 May 31 14:25 1369990556.Vfd00I2558cM259259.mail.isvivek.com
[root@mail new]# cat 1369990556.Vfd00I2558cM259259.mail.isvivek.com
Return-Path:
X-Original-To: user1@isvivek.com
Delivered-To: user1@isvivek.com
Received: from mail (mail.isvivek.com [192.168.248.128])
        by mail.isvivek.com (Postfix) with ESMTP id CDDA142EDE
        for ; Fri, 31 May 2013 14:25:15 +0530 (IST)
Message-Id: <20130531085539 .cdda142ede="" mail.isvivek.com="">
Date: Fri, 31 May 2013 14:25:15 +0530 (IST)
From: isvivek@isvivek.com
To: undisclosed-recipients:;

Hi

this is test mail
[root@mail new]#



Dovecot configuration

Step 1: Conofigure Dovecot

[root@mail ~]# vim /etc/dovecot/dovecot.conf

protocols = imap pop3 lmtp  ## Uncomment this line
mail_location = maildir:~/Maildir  ## Add this line


Step 2 :  Start dovecot service

[root@mail ~]# /etc/init.d/dovecot start
Starting Dovecot Imap:                                     [  OK  ]
[root@mail ~]#

Step 3 : Check mail through imap/pop3

[root@mail ~]# telnet mail pop3
Trying 192.168.248.128...
Connected to mail.
Escape character is '^]'.
+OK Dovecot ready.
user user1
+OK
pass Welcome@123
+OK Logged in.
list
+OK 1 messages:
1 470
.
retr 1
+OK 470 octets
Return-Path:
X-Original-To: user1@isvivek.com
Delivered-To: user1@isvivek.com
Received: from mail (mail.isvivek.com [192.168.248.128])
        by mail.isvivek.com (Postfix) with ESMTP id CDDA142EDE
        for ; Fri, 31 May 2013 14:25:15 +0530 (IST)
Message-Id: <20130531085539 .cdda142ede="" mail.isvivek.com="">
Date: Fri, 31 May 2013 14:25:15 +0530 (IST)
From: isvivek@isvivek.com
To: undisclosed-recipients:;

Hi

this is test mail
.
quit
+OK Logging out.
Connection closed by foreign host.
[root@mail ~]#

Squirrelmail installation and configuration 

Download latest version of Squirrelmail from http://squirrelmail.org/download.php and copy the source file to linux box

Squirrelmail Configuration

Extract it to /usr/share

[root@mail share]# pwd
/usr/share
[root@mail share]# tar -xzvf /tmp/squirrelmail-webmail-1.4.22.tar.gz
[root@mail share]# mv  squirrelmail-webmail-1.4.22/  squirrelmail/
[root@mail share]# cd squirrelmail/
[root@mail squirrelmail]# ./configure

Select 1 & edit Organization Preferences
After entering all the details, enter R to return to main menu
Now select 2 & edit Server settings
After entering all the details, enter R to return to main menu

Rest of the options are optional & you can customize the look by editing Themes options in this menu. 

Save & quit from squirrelmail config menu

Apache Configuration

Step 1:  Add the below lines in /etc/httpd/conf/httpd.conf file

[root@mail ~]# vim /etc/httpd/conf/httpd.conf

Alias /webmail /usr/share/squirrelmail
    Options Indexes FollowSymLinks
    RewriteEngine On
    AllowOverride All
    DirectoryIndex index.php
    Order allow,deny
    Allow from all

Step 2 : Apache service restart

[root@mail ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[root@mail ~]#


Mail ID creation

As we are using AD for authentication, users are created in AD & we just need login atleast once in Linux box with AD ID so that their profile gets created in Linux box and their mailbox will get created during mail login from webmail automatically.

We are using a simple shell scripts for single user ID & for multiple users,



Once user access user profile is created in Linux box, try to login through browser from client.



Now we have configured postfix, dovecot & squirrelmail with AD authentication. All the best... 

Posted by at 3 comments:
Labels: , , , ,

Thursday, May 30, 2013

Auto creation of user home directory in Linux Server

Issue : User Home directory not getting created automatically, during LDAP & AD authentication of users

Cause : pam_mkhomedir.so shared object is missing

Solution :

Step 1 :

[root@mail ~]# yum install -y pam_mkhomedir.so

[root@mail ~]# yum install -y oddjob-mkhomedir

[root@mail ~]# chkconfig oddjobd on
[root@mail ~]# service oddjobd start
Starting oddjobd:                                          [  OK  ]
[root@mail ~]# authconfig --enablemkhomedir --update
Starting Winbind services:                                 [  OK  ]
Starting oddjobd:                                          [  OK  ]
[root@mail ~]#


Step 2 :

Verify the home directory creation

login as: isvivek
isvivek@192.168.248.128's password:
Creating home directory for isvivek.
Last login: Thu May 30 12:59:17 2013 from 192.168.248.1
[isvivek@mail ~]$ pwd
/home/ISVIVEK/isvivek
[isvivek@mail ~]$


If still it doesn't work after above changes...

check and add the below entry in "/etc/pam.d/system-auth" & "/etc/pam.d/sshd" files,

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

This will fix the issue... All the best !!



Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)