Search This Blog

Wednesday, December 7, 2011

Invitation to Join Techgig.com

Dec 07, 2011Techgig
Invitation to join Techgig.com

Dear rarunraj040488.snub,
I would like to invite you to be a part of my exclusive professional network on Techgig.com


Alternatively, you can paste the below address in your browser:
http://www.techgig.com/register.php?InvID=cb2dfd22ca3948f1acf158f3d9663b84

Warm Regards,

Arun
Arun Raj
System Administrator at Ahana Systems and Solutions

Why you should join Techgig.com
We believe that you are a sum of the projects you have been involved in. Big or small, successful or not, it tells the world a lot about you. They are your real work. We envision TechGig to become a leading platform for you to showcase your true work with projects, interact with your peers in technology industry, get latest news and updates and access new opportunities. We want to see you as part of the most exciting Technology community platform.
If you do not want to receive these kind of email notifications, adjust your email settings on Techgig.com to unsubscribe.To make sure this email is not sent to your "junk/bulk" folder, select "Add/save to Address Book" in your email browser and follow the appropriate instructions.
Techgig
2011 TechGig | Terms of Use | Contact Us
TechGig.com (Times Center), FC - 6, Sector 16 A, Film City, Noida - 201301 Uttar Pradesh, India
Posted by at No comments:

Tuesday, December 6, 2011

Using The SWAT Wizard (SAMBA) - PART6


The SWAT utility has a Wizard button that can be used to configure your server as a PDC quickly. However the defaults may not be to your liking, for example, the default domain is MYGROUP and some of the [global] parameters mentioned previously will be set to auto.

The [homes] Section

Part of the process of adding a user to a Samba domain requires you to create a Linux user on the Samba PDC itself. When you log into the Samba PDC, you'll see a new drive, usually named Z:, added to your PC. This is actually a virtual drive that maps to the corresponding Linux users' login directories on the Linux PDC.
Samba considers all directories to be shares that can be configured with varying degrees of security. The [homes] section governs how Samba handles default login directories.
Table 10-3 explains the minimum settings you need to create a functional [Homes] section.

Table 10-3 : smb.conf Minimum Settings, "Home" Section

ParameterValueDescription
browseableNoDoesn't allow others to browse the contents of the directory
read onlyNoAllows the samba user to also write to their Samba Linux directory
create mask0664Makes new files created by the user to have "644" permissions. You want to change this to "0600" so that only the login user has access to files.
directory mask0775Makes new sub-directories created by the user to have "775" permissions. You want to change this to "0700" so that only the login user has access to directories.
Here's how to set the values using SWAT:
  1. Click on the SWAT shares button to proceed to where shared directories are configured.
  2. Click the Advanced button to see all the options.
  3. Choose the Homes share.
  4. Make your changes and click on the Commit Changes button when finished.
  5. Your smb.conf file should resemble this when finished. You can view the contents of the configuration file by logging in to the samba server via a command prompt and using the cat /etc/samba/smb.conf to verify your changes as you do them.
[homes]
  read only = No
  browseable = No
  create mask = 0644
  directory mask = 0755
Posted by at No comments:
Labels: , , , , , , ,

Monday, December 5, 2011

How To Make SWAT Changes Immediate (SAMBA) - PART5


SWAT immediately changes the functioning of Samba whenever you commit your changes through the web GUI.

Creating A Starter Configuration

I'll now illustrate how to configure a Samba server to be the PDC for a small network is by using SWAT. You'll need to edit the various sections of the smb.conf file, so I'll walk you through what you'll find in each.

The [Global] Section

The [global] section governs the general Samba settings. Table 10-2 explains the parameters you need to set in order to create a PDC.

Table 10-2 : smb.conf Minimum Settings, "Global" Section

ParametervalueDescription
domain logonsYesTells Samba to become the PDC
preferred masterYesMakes the PDC act as the central store for the names of all windows clients, servers and printers on the network. Very helpful when you need to "browse" your local network for resources. Also known as a local master browser.
domain masterYesTells Samba to become the master browser across multiple networks all over the domain. The local master browsers register themselves with the domain master to learn about resources on other networks.
os level65Sets the priority the Samba server should use when negotiating to become the PDC with other Windows servers. A value of 65 will usually make the Samba server win.
wins supportYesAllows the Samba server to provide name services for the network. In other words keeps track of the IP addresses of all the domain's servers and clients.
time serverYesLets the samba server provide time updates for the domain's clients.
workgroup"homenet"The name of the Windows domain we'll create. The name you select is your choice. I've decided to use "homenet".
securityuserMake domain logins query the Samba password database located on the samba server itself.
smb passwd file/etc/samba/smbpasswdIt is useful to specify the name and location of the Samba password file. This helps to make Samba version upgrades where the default locations may change.
private dir/etc/sambaSpecifies default directory for some supporting temporary files. As with the password file, it is a good practice to specify this value.
Here's how to set the values using SWAT.
  1. Log into SWAT and click on the [global] section.
  2. Click the Advanced button to see all the options.
  3. Make your changes and click on the Commit Changes button when finished.
  4. Your smb.conf file should resemble the example below when you're finished. You can view the contents of the configuration file by logging in to the samba server via a command prompt and using the cat /etc/samba/smb.conf to verify your changes as you do them.
[global]

       workgroup = HOMENET
       time server = Yes
       domain logons = Yes
       os level = 65
       preferred master = Yes
       domain master = Yes
       smb passwd file = /etc/samba/smbpasswd
       private dir = /etc/samba
Note: security = user and WINS support = yes are default settings for Samba and they may not show up in your smb.conf file, even though you may see them in SWAT.
Posted by at No comments:
Labels: , , , , , , ,

20 of the Best Tips and Tricks for Getting the Most out of the Windows Command Line

00_command_line

Do you use the command line in Windows to get things done? If you are more comfortable typing commands to accomplish tasks than using the mouse, we have compiled 20 of the best Windows command line tips and tricks to help you become a command line guru.

Copy to the Clipboard from the Windows Command Prompt

There may be times you need to copy text from the Windows command prompt and email it to someone for help with a problem or save it to a file for later reference. The following article shows you two methods of copying text from the command prompt to the clipboard for pasting into other programs.

Copy To the Clipboard From the Windows Command Prompt

Copy Output Text from the Command Line to the Windows Clipboard the Easy Way

The previous tip showed you two methods for copying text from the command line to the clipboard. The following article shows you an easier method using the clip.exe utility which is built into Windows 7 and Vista. If you are using Windows XP, the article provides a link so you can download the utility and tells you where to put it.

How to Copy Output Text from the Command Line to the Windows Clipboard

How to Enable Ctrl+V for Pasting in the Windows Command Prompt

If you copy a command from another program in Windows and want to paste it in the command prompt window, it generally requires using the mouse. If you prefer using Ctrl + V to paste text into the command prompt window, the following article shows you how to set up an AutoHotkey script to enable using the Ctrl + V keyboard combination on the command line.

How to Enable Ctrl+V for Pasting in the Windows Command Prompt

How to Print or Save a Directory Listing to a File

If you need to print a listing of a directory containing a lot of files, such as music or video files, it is very easy to do using the command line. The following article shows you how use the command line to save time when printing a directory listing.

How to Print or Save a Directory Listing to a File

Hide Flashing Command Line and Batch File Windows on Startup

If you run a lot of batch files or scripts that use the command line, you have probably encountered the flashing command prompt window. The following article shows you how to use a utility, called Hidden Start, or hstart, that hides the command line window when you run a batch file or script outside of the command prompt window.

Hide Flashing Command Line and Batch File Windows On Startup

Open a Command Prompt From the Desktop Right-Click Menu

Instead of manually opening the command prompt and typing a path to open a directory at the command prompt, there is an easier and quicker way to do this. The following article shows you how to open a command prompt window to a specific directory from within Windows Explorer.

Stupid Geek Tricks: Open a Command Prompt From the Desktop Right-Click Menu

Open a File Browser From Your Current Command Prompt/Terminal Directory

The previous tip showed you how to easily open a command prompt window to a specific directory. However, you may discover that you are doing something that would be easier to do using the mouse. Well, there’s an easy way to go the other way. The following article shows you how to open a Windows Explorer window to a specific directory from within a command prompt window.

Open a File Browser From Your Current Command Prompt/Terminal Directory

How to Personalize the Windows Command Prompt

The Command Prompt window is boring white text on a black background, by default, unlike the rest of Windows which is splashed with color and a variety of wallpaper options. The following article shows you how to customize the command prompt window with your choice of color.

How To Personalize the Windows Command Prompt

Enable More Fonts for the Windows Command Prompt

While we’re on the topic of customizing the command prompt window, there is an easy way to enable more fonts for use in the window. The following article shows you how to enable alternative fonts you can use to customize the command prompt window, such as some fonts used in Office 2007 and some fixed width fonts.

Stupid Geek Tricks: Enable More Fonts for the Windows Command Prompt

How to Make the Windows Command Prompt Wider

There are some commands used at the command prompt that produce very wide results. It’s frustrating when you have to scroll to the right to see the rest of the text in the window. You may think you can’t make the window wider to view all the text at once, but there is a way to do it, that’s the same in Windows 7, Vista, and even XP. The following article shows you how.

How to Make the Windows Command Prompt Wider

How to Create, Modify and Delete Scheduled Tasks from the Command Line

Do you use the Scheduled Tasks tool in Windows? There’s a SchTasks command you can use on the command line that allows you to control all aspects of your scheduled tasks. You can use this command to automatically manipulate tasks in batch scripts and in custom programs to communicate with the Task Scheduler. The following article shows you some example of using the SchTasks command.

How to Create, Modify and Delete Scheduled Tasks from the Command Line

Kill Processes from the Windows Command Line

Generally, in Windows, you use the Task Manager to kill tasks. However, if you’ve used Linux before, you are probably familiar with the ability to kill and start tasks from the command line. Wish you could do the same thing in Windows? The following article shows you how to use the Command line Process Viewer/Killer/Suspender utility to view a list of processes, kill processes, and even to change the priority of a process.

Kill Processes from the Windows Command Line

How Do I Kill All the iexplore.exe Processes at Once?

While we’re on the topic of killing tasks, how do you quickly kill the dozen or so iexplore.exe tasks running? Selecting each one in Task Manager and clicking End Process for each can be time consuming. The following article shows you how to use a command, called taskkill, to kill all the iexplore.exe processes by name. We even show you how to create a shortcut that will kill all the processes just by clicking on it. This utility will also work for other programs that open many processes.

How Do I Kill All the iexplore.exe Processes at Once?

How to Automate FTP Uploads from the Windows Command Line

If you create and maintain websites locally on your computer and then upload the files to the remote FTP server, wouldn’t it be handy to be able to automate the task? The following article shows you how to create a batch file to automate the task of uploading files to a remote FTP server.

How to automate FTP uploads from the Windows Command Line

Access Google Services from the Command Line

This tip may not be that useful, but it’s fun if you’re a geek. If you use Google Docs or create posts for Blogger, there’s a Python command line application, called GoogleCL, that allows you to access various Google services from the command line in Windows, Linux, or Mac OS X. The following article shows you how to use the command in Windows 7, and you can use it the same way on Linux and Mac OS X systems.

Access Google Services From the Command Line

Replace Text in Plain Text Files from the Command Line

There are a variety of practical uses for a command line utility that allows you to easily and quickly replace text in plain text files. However, this utility is not available on the Windows command line. The following article shows you a VBScript that uses the Visual Basic Replace function and lists some practical uses for the script. You can also download the script.

Replace Text in Plain Text Files from the Command Line

How to Figure Out Your PC’s Host Name From the Command Prompt

If you’re setting up a home network or you if you manage or maintain a work network, there will be times when you need to find out the name of a computer. The following article shows you an easier way to find this out using the command line, rather than the Control Panel.

How To Figure Out Your PC’s Host Name From the Command Prompt

Generate a List of Installed Drivers from the Command Line

There’s a variety of third-party tools available for generating a list of installed drivers on your computer. However, what do you do if you need to generate a list of drivers on a computer without any of these tools and on which you cannot install software? The following article shows you how to use a command line utility that comes with Windows 7, Vista, and XP to view a list of installed drivers and how to save that list to a text file.

Generate a List of Installed Drivers from the Command Line

Display a list of Started Services from the Windows Command Line

Generally, to view a list of services running on your computer, you must access the Services tool through the Administrative Tools in the Control Panel. However, Windows also contains the Net utility that allows you to view the Services panel from the command line. The following article shows you how to use this utility to display a list of services started on your computer from the command line.

Display a list of Started Services from the Command Line (Windows)

How to Delete a System File in Windows 7 or Vista

This last tip is something we strongly suggest you DO NOT do. Deleting system files is dangerous and can severely mess up your system. Windows does not allow you to delete system files, even as administrator. However, if you absolutely have to delete a system file, there is a way around this limitation. The following article shows you how to take ownership of the file to be deleted and assign rights to delete or modify the file.

How to Delete a System File in Windows 7 or Vista

The command line is a very useful tool for quickly performing many tasks or even automating tasks using batch scripts. We hope these tips help you become more a more savvy Windows command line user.

Link from:

http://www.howtogeek.com

Posted by at No comments:
Labels: , , , , ,

Sunday, December 4, 2011

Encrypting SWAT (SAMBA Configuration) - PART4


By default SWAT is configured via an unencrypted web link using the Linux root account. When running SWAT in the unsecured mode above you should take the added precaution of using it from the Linux console whenever possible.
You can configure SWAT to work only with securely encrypted HTTP (HTTPS) versus the regular HTTP method shown above. Here is how it's done. (Please refer to the VPN section of Appendix I, "Miscellaneous Linux Topics," for more details on encryption methods.)

Create An stunnel User

You can create a stunnel user via the useradd command:
[root@bigboy tmp]# useradd stunnel

Create The Certificates

From the /etc/stunnel directory and create the encryption key certificate using the make command. Use all the defaults when prompted, but make sure you use the server's IP address when prompted for your server's Common Name or hostname.
[root@bigboy tmp]# cd /etc/stunnel
[root@bigboy stunnel]# make stunnel.pem
...
Common Name (eg, your name or your server's hostname) []:  172.16.1.200
...
[root@bigboy stunnel]#
Note: The resulting certificate has only a 365 day lifetime. Remember to repeat this process next year.

Modify Certificate File Permissions

The certificate needs to only be read by root and the stunnel user. Use the chmod and chgrp commands to do this.
[root@bigboy stunnel]# chmod 640 stunnel.pem
[root@bigboy stunnel]# chgrp stunnel stunnel.pem

[root@bigboy stunnel]# ll
-rw-r-----  1 root stunnel   1991 Jul 31 21:50 stunnel.pem
[root@bigboy stunnel]#

Create An /etc/stunnel/stunnel.conf Configuration File

You can configure the stunnel application to:
  • Intercept encrypted SSL traffic received on any TCP port
  • Decrypt this traffic
  • Funnel the unencrypted data to any application listening on another port.
For example, you can configure the /etc/stunnel/stunnel.conf file to intercept SSL traffic on the SWAT port 901 and funnel it decrypted to a SWAT daemon running on port 902. Here's how:
# Configure stunnel to run as user "stunnel" placing temporary 
# files in the /home/stunnel/ directory
chroot  = /home/stunnel/
pid     = /stunnel.pid
setuid  = stunnel
setgid  = stunnel
 
# Log all stunnel messages to /var/log/messages 
debug   = 7
output  = /var/log/messages
 
# Define where the SSL certificates can be found.
client  = no
cert    = /etc/stunnel/stunnel.pem
key     = /etc/stunnel/stunnel.pem

# Accept SSL connections on port 901 and funnel it to
# port 902 for swat. 
[swat]
accept   = 901
connect  = 902

Create A New /etc/xinetd.d File For Secure SWAT

To start, copy the swat file and name it swat-stunnel. We then configure the new file to be enabled, listening on port 902 and accepting connections only from localhost. We also make sure that the service is set to swat-stunnel.
[root@bigboy certs]# cd /etc/xinetd.d
[root@bigboy xinetd.d]# cp swat swat-stunnel
Your new swat-stunnel file should look like this:
service swat-stunnel
{
       port            = 902
       socket_type     = stream
       wait            = no
       only_from       = 127.0.0.1
       user            = root
       server          = /usr/sbin/swat
       log_on_failure  += USERID
       disable         = no
       bind            = 127.0.0.1
}

Disable SWAT in the /etc/xinetd.d/swat File

The stunnel daemon actually intercepts port 901 traffic on behalf of swat-stunnel. You'll need to disable SWAT to prevent a conflict.

Edit The /etc/services file To create a Secure SWAT entry

The xinetd daemon searches /etc/services file for ports and services that match those listed in each configuration file in the /etc/xinetd.d directory. If the daemon doesn't find a match it ignores the configuration file.
We now have to edit /etc/services to include our new swat-stunnel file like this.
swat-stunnel    902/tcp     # Samba Web Administration Tool (Stunnel)

Activate swat-stunnel

You can then start the new swat-stunnel application with the chkconfig command. You'll also need to shutdown regular swat beforehand.
[root@bigboy xinetd.d]# chkconfig swat off
[root@bigboy xinetd.d]# chkconfig swat-stunnel on

Start stunnel

Now start stunnel for the encryption to take place.
[root@bigboy xinetd.d]# stunnel
Note: In Fedora Core 2 you may get a cryptonet error when starting stunnel as in:
Unable to open "/dev/cryptonet"
This is caused by an incompatibility with the hwcrypto RPM used for hardware-, not software-based encryption. You need to uninstall hwcrypto to get stunnel to work correctly.
[root@bigboy xinetd.d]# rpm -e hwcrypto
You will then have to stop stunnel, restart xinetd and start stunnel again. After this, stunnel should begin to function correctly. Unfortunately stunnel doesn't have a startup script in the /etc/init.d directory and needs to be terminated manually using the pkill command.
[root@bigboy xinetd.d]# pkill stunnel
[root@bigboy xinetd.d]# stunnel

Making stunnel Start at Boot Time

As stunnel doesn't have a startup script, you'll need to add a reference to the stunnel program in your /etc/rc.local file for encrypted SWAT to work on your system. The easiest way to do this is using the which command and appending its output to the /etc/rc.local file.
[root@bigboy tmp]# which stunnel >> /etc/rc.local
Verify the contents of the /etc/rc.local file by using the cat command. The entry for stunnel should be at the very bottom.
[root@bigboy tmp]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

/usr/sbin/stunnel
[root@bigboy tmp]#

Test Secure SWAT

Your Samba server should now be listening on both port 901 and 902 as shown by the netstat -an command that follows. The server will accept remote connections on port 901 only.
[root@bigboy xinetd.d]# netstat -an
...
...
tcp        0      0 0.0.0.0:901      0.0.0.0:*        LISTEN
tcp        0      0 127.0.0.:902     0.0.0.0:*        LISTEN
...
...
[root@bigboy xinetd.d]#

Test The Secure SWAT Login

Point your browser to the Samba server to make an HTTPS connection on port 901.
https://server-ip-address:901/
You will be prompted for the Linux root user username and password. There will be a delay of about 60 to 75 seconds with each login.

Troubleshooting Secure SWAT

Sometimes you'll make mistakes in the stunnel.conf file but changes to this file take effect only after stunnel has been restarted. Unfortunately, there is no stunnel script in the /etc/init.d directory to easily stop and restart it. You have to use the pkill command to stop it and the stunnel command to start it again:
[root@bigboy tmp]# pkill stunnel ; stunnel
Make sure the file permissions and ownership on the stunnel.pem file are correct and that SWAT is always permanently off, but swat-stunnel is permanently on.
You can also refer to, "Simple Network Troubleshooting", to isolate connectivity issues between the SWAT client and Samba server on TCP port 901 amongst other things.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)