Tuesday 23 June 2015


Enrolling an Active Directory CentOS-7 client machine using adcli



In this example, my AD server domain is 'ejyothi.net' and the server that runs the domain is 'Pamba.ejyothi.net'.

Start the setup by enabling the EPEL repository and installing the 'adcli' package:

# yum install adcli

We can type just 'adcli' to get an overview of what commands adcli supports.

We're interested in joining the client to the AD domain in order to be able to log in as users from Active Directory.

Now you should be able to find your domain already:

# adcli info ejyothi.net
[domain]
domain-name = ejyothi.net
domain-short = EJYOTHI
domain-forest = ejyothi.net
domain-controller = Pamba.ejyothi.net
domain-controller-site = Default-First-Site-Name
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret ads-web
domain-controller-usable = yes
domain-controllers = Pamba.ejyothi.net mamba.ejyothi.net krait.ejyothi.net
[computer]
computer-site = Default-First-Site-Name

As we can see, adcli was able to discover quite a few details about our domain, so it's time to join the client:
# adcli join ejyothi.net
Password for Administrator@EJYOTHI.NET:

You'll be prompted for the Administrator password by default, but it's possible to specify another user with the -U option. See the adcli man page for full list of details.

The join operation creates a keytab the machine will authenticate with.

It's recommended to also configure /etc/krb5.conf to use the AD domain:
#vim /etc/krb5.conf

[libdefaults]
dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_realm = ejyothi.net
dns_lookup_kdc = true

[realms]
EJYOTHI.NET = {
kdc = Pamba.ejyothi.net
admin_server = Pamba.ejyothi.net
}

[domain_realm]
.ejyothi.net = EJYOTHI.NET
ejyothi.net = EJYOTHI.NET

Next step is setting up the SSSD (or Winbind if you like) to actually make use of the keytab to resolve users.
#yum install authconfig sssd

And create /etc/sssd/sssd.conf with your favorite editor (Read, vim).

#vim /etc/sssd/sssd.conf

[sssd]
services = nss, pam, ssh, autofs
config_file_version = 2
domains = EJYOTHI.NET

[domain/EJYOTHI.NET]
id_provider = ad
ad_server = Pamba.ejyothi.net

default_shell = /bin/bash
fallback_homedir = /home/%d/%u

Due to a stupid bug in sssd, you should echo an empty line to the end of the file and set the permission right. You also need to enable it with authconfig.

#chown root:root /etc/sssd/sssd.conf
#echo >> /etc/sssd/sssd.conf 
#chmod 0600 /etc/sssd/sssd.conf
#authconfig --enablesssd --enablesssdauth --enablemkhomedir –update


And finaly start sssd:
#service sssd start

You should now be able to test it with:
Syntax:
getent passwd username@your.ad.domain
id username

Example:
# getent passwd tonym@ejyothi.net
tonym:*:1631204706:1631200513:Tony Mathew:/home/EJYOTHI.NET/tonym:/bin/bash

If it works, you should be able to login with your adusername, with the right uid/gid and shell all set from AD.
if not, you have tons of logs in /var/log/sssd/*

Posted by at No comments:

Friday 19 June 2015

Subversion (svn)

  • Subversion is a popular open-source version control tool. 

Version Control System (VCS) 

  •  VCS is a software that helps software developers to work together and maintain a complete history of their work.
  • Goals of version control system 
    • Allow developers to work simultaneously
    • Do not overwrite each other's changes.
    • Maintain history of every version of everything.
  • A VCS is divided into two categories
    • Centralized Version Control System (CVCS)
    • Distributed Version Control System (DVCS)
  • Subversion falls under CVCS, meaning that it uses central server to store all files and enables team collaboration.

SVN Installation on CentOS 6/ RHEL 6/ Fedora

    Run the following commands as 'root' or,

#sudo yum install subversion mod_dav_svn

                    OR

#sudo wget http://apache.cs.utah.edu/subversion/subversion-1.6.11.tar.gz  % downloading subversion from source

#sudo yum install mod_dav_svn                      %installing                   

#cd /var/www/                                                   %changing directory

#sudo tar -xvzf subversion-1.6.11.tar.gz        %extracting

#sudo mv subversion-1.6.11 subversion        %renaming

#sudo vim /etc/httpd/conf.d/subversion.conf   %opening configuration file for editing

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
<Location /svn>
   DAV svn
   SVNParentPath /var/www/svn
   # Limit write permission to list of valid users.
   <LimitExcept GET PROPFIND OPTIONS REPORT>
      # Require SSL connection for password protection.
      # SSLRequireSSL
      AuthType Basic
      AuthName "Subversion repositories"
      AuthUserFile /etc/svn-auth-users
      Require valid-user
   </LimitExcept>
</Location>

User Setup

%Creating user tonym
#htpasswd -cm /etc/svn-auth-users tonym
New password:
Re-type new password:
Adding password for user tonym
Note: Use exactly same file and path name as used on subversion.conf file. This example use /etc/svn-auth-users file.
  

Create and configure svn repository 


#mkdir /var/www/svn
#cd /var/www/svn
#svnadmin create testrepo
#chown -R apache.apache testrepo
%% If you have SELinux enabled (you can check it with "sestatus" command)
 %% 
then change SELinux security context with chcon command %%
#chcon -R -t httpd_sys_content_t /var/www/svn/testrepo
%%Following enables commits over http%%
#chcon -R -t httpd_sys_rw_content_t /var/www/svn/testrepo

Restart Apache

#sudo service httpd restart

Configure Repository

To disable anonymous access and enable access control add following rows to /var/www/svn/testrepo/conf/svnserve.conf file:

%% Disable anonymous access %%
anon-access = none
%% Enable access control %%
authz-db = authz

Create trunk,tags & branches directory structure under the testrepo repository

#mkdir -p /tmp/svn-structure-template/ {trunk,branches,tags}

Then import template to project repository using “svn import” command:


#svn import -m 'Initial import' /tmp/svn-structure-template/ http://localhost/svn/testrepo/
Adding         /tmp/svn-structure-template/trunk
Adding         /tmp/svn-structure-template/branches
Adding         /tmp/svn-structure-template/tags
Committed revision 1.
Check results on browser and see testrepo revision 1:

http://myserverip/svn/testrepo/ 

Posted by at No comments:
Subscribe to: Posts (Atom)