Check for needed packages

rpm -q krb5-libs

rpm -q krb5-workstation

rpm -q krb5-server

Install needed packages if missing

yum install krb5-libs

yum install krb5-workstation

yum install krb5-server

Note: krb5-server is not installed by default on Centos.

/etc/hosts

192.168.1.250 pdc.domain.int pdc

192.168.1.246 bdc.domain.int bdc

192.168.1.250 domain.int domain

192.168.1.246 domain.int domain

/etc/nsswitch.conf

passwd: compat winbind

shadow: compat

group: compat winbind

/etc/krb5.conf

default_realm = DOMAIN.INT

clockskew = 300

# default_realm = EXAMPLE.COM

DOMAIN.INT = {

kdc = pdc.domain.int

default_domain = domain.int

admin_server = pdc.domain.int

}

# EXAMPLE.COM = {

# kdc = kerberos.example.com

# admin_server = kerberos.example.com

# }

kdc = FILE:/var/log/krb5/krb5kdc.log

admin_server = FILE:/var/log/krb5/kadmind.log

default = SYSLOG:NOTICE:DAEMON

.domain.int = DOMAIN.INT

pam = {

ticket_lifetime = 1d

renew_lifetime = 1d

forwardable = true

proxiable = false

minimum_uid = 1

clockskew = 300

external = sshd

use_shmem = sshd

}

Testing Kerbose

kinit administrator

If you see no errors you can now join server to domain. First make sure samba is turned off and winbind is turned off.

service winbind stop

service smb stop

Now Join domain using the following command.

net ads join –U administrator

Now continue to configure samba configuration.

/etc/samba.conf

Note: Change
netbios name = SAMBA01 to server name

workgroup = DOMAIN

passdb backend = tdbsam

printing = cups

printcap name = cups

printcap cache time = 750

password server = 192.168.1.250

cups options = raw

map to guest = Bad User

include = /etc/samba/dhcp.conf

logon path = \\%L\profiles\.msprofile

logon home = \\%L\%U\.9xprofile

logon drive = P:

log level = 3

max log size = 50

winbind enum users = yes

debug timestamp = yes

usershare allow guests = No

idmap gid = 10000-20000

idmap uid = 10000-20000

security = ADS

domain logons = No

domain master = No

netbios name = SAMBA01

wins support = No

realm = DOMAIN.INT

template homedir = /home/%D/%U

winbind refresh tickets = yes

template shell = /bin/bash

# winbind separator = +

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

dns proxy = no

comment = sites

inherit acls = Yes

inherit permissions = Yes

path = /var/www/html

browseable=yes

read only = No

create mask = 775

directory mask = 775

valid users = @”DOMAIN\Domain Admins”, @”DOMAIN\Developers”

Now Turn on winbind and make sure you can see users and groups

service winbind start

wbinfo –u

wbinfo –g

Samba Hints

winbind separator = + is used to change DOMAIN\user to DOMAIN+user

Trouble Shooting using Log files: /var/log/samba/smbd.conf

Creating an ext3 File System
 

If you are adding a new disk drive to a Linux system and want to utilize the
ext3 file system, you must first partition the hard disk with a program such
as fdisk and then format the file system.
Partitioning with fdisk

To use fdisk, open a shell prompt and log in as the root user. The fdisk command
requires you to specify the device you are partitioning as an argument to the
command. In the following examples, the device will be /dev/hdb, which corresponds
to the second device on the primary IDE channel. To begin, type:
 

/sbin/fdisk /dev/hdb

The following table provides the most common fdisk commands.
Table 5-1. fdisk commands

Command What it Does

m
displays help

p

displays the current partition table

d
deletes a partition

n

creates a new partition

w
writes the partition table to disk

t

sets the anticipated file system type for the partition

l
displays the list of file system types for partitions

q

quits fdisk without altering the disk

Tip: If you need to exit the program at any time without altering your disk,
type q.
Now that you are in the fdisk program, type n to create a new partition. The
program will ask you to choose a partition type, choose e for an extended and
p for a primary partition.

Before choosing the partition type, be aware Linux only allows up to four primary
partitions per disk. If you wish to create more than that, one (and only one)
of the four primary poartitions may be an extended partition, which acts as
a container for one or more logical partitions. Since it acts as a container,
the extended partition must be at least as large as the total size of all the
logical partitions it is to contain. For more information on disk partitions,
see the Appendix called An Introduction to Disk Partitions in the Official Linux
Installation Guide.
After choosing the partition type and the number for that partition, choose
which cylinder head you would like the partition to start on. You can type
to except the default value.
Next, specify the size. The easiest way to do this is to type +sizeM, where
size is the size of the partition in megabytes. If you press without
entering a value, fdisk will use the remainder of the disk.

Repeat this process until you have created your desired partitioning scheme.

Tip: It is a good idea to write down which partitions (for
example, /dev/hdb2) are meant for which file systems (for example, /home/username)
as you create each partition.
Next, you will need to specify what type of file system you intend to put on
the disk because fdisk creates partitions of type unknown by default.

To do this, type t followed by a partition number. Next enter the hex value
for the file system type you intend to install on the partition. For Linux swap
partitions. the hex value is 82. For Linux ext2 or ext3 partitions, the hex
value is 83. For other partition types, use the l command to see a list of file
system types and their hex values. Repeat this for each partition you created.
When you are finished making partitions, type w to save your changes and quit.
Warning: By typing w, you are permanently destroying any data that currently
exists on the device. If you need wish to preserve any data, type q to exit
the program without altering the disk and back up your data.
Formating ext3 File Systems with mkfs

Once you have created partitions on the disk drive using a partitioning program
such as fdisk, you should use mkfs to create an ext3 file system on each partition.
To do this, log in as root and type:
 

/sbin/mkfs -t ext3 /dev/hdbX

 
In the above command, replace hdb with the drive letter and X with the partition
number.

Warning

Using mkfs to format a disk partition will permanently destroy any data that
currently exists on the partition.
Assigning a Label with e2label

Once you have created and formated a partition, you should assign it a label
using the e2label command. This allows you to add the partition to /etc/fstab
using a label instead of using a device path, thereby making the system more
robust. To add a label to a partition, type the following command as root:
 

/sbin/e2label /dev/hdbX /mount/point

 
Where hdb is the drive letter, X is the partition number, and /mount/point
is the mount point you intend to use for the partition.
Once you have assigned each partition a label, add the partitions to /etc/fstab.
To do this, log in as root and type:

pico -w /etc/fstab

 
Then add a line to /etc/fstab for each labeled partition similar to this:

LABEL=/mount/point /mount/point ext3 defaults 1 2

 
In the above entry in /etc/fstab, replace each occurrence of /mount/point with
the mount point you intend to use for the partition.
If you need more information on the various options available to you in /etc/fstab,
type man fstab.

If there are partitions whose label you are unsure of, type the following command:

/sbin/tune2fs -l /dev/hdbX |grep volume

 
In the above command, replace hdb with the drive letter and X with the partition
number.
This will return something similar to the output below:
Filesystem volume name: /mount/point

In this output, /mount/point is the volume label.
After completing the above steps, you will have successfully added a new ext3
disk to the system. The next section demonstrates how to convert an ext2 disk
partition to an ext3 partition.

Reverse Proxy Server
 

Written by: Frank Mancuso

Website: http://frankmancuso

In this document, I will show you how to use Apache 2 to server as a front end to different internal web server. You will be able to serve over one internet IP address a bunch of back bone web servers.
Compiling Apache2
http://httpd.apache.org/ ( download the latest version of Apache 2 )

In this document, I will use version 2.0.59.

mkdir /usr/local/www
mkdir /usr/local/www/src
cd /usr/local/www/src
wget http://apache.oregonstate.edu/httpd/httpd-2.0.59.tar.gz

tar –xzvf httpd-2.0.59.tar.gz
cd httpd-2.0.59
./configure –prefix=/usr/local/www/proxy \
–with-mpm=worker –enable-suexec –with-suexec-caller=proxy \
–with-suexec-userdir=/usr/local/www/proxy/htdocs \
–enable-rewrite –enable-mime-magic –disable-charset-lite \

–disable-include –disable-status –disable-autoindex \
–disable-cgid –disable-cgi –disable-negotiation –disable-imap \
–disable-userdir –disable-asis –enable-alias –enable-so \
–enable-headers –enable-logio –enable-proxy –enable-proxy-http \
–enable-http
 

make
make install
groupadd proxy
useradd -g proxy -d /dev/null -s /bin/false proxy

Putting it into action
This is a sample of my httpd.conf file.

## Proxy Server Config
ServerRoot “/usr/local/www/proxy”
Timeout 300
KeepAlive On

MaxKeepAliveRequests 100
KeepAliveTimeout 15
Listen 80
User proxy
Group proxy
ServerAdmin root@localhost

UseCanonicalName Off
DocumentRoot “/usr/local/www/proxy/htdocs”
<Directory />
    Options FollowSymLinks
    AllowOverride None

</Directory>
<Directory “/usr/local/www/proxy/htdocs”>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

</Directory>
DirectoryIndex index.html
<FilesMatch “^\.ht”>
    Order allow,deny
    Deny from all

</FilesMatch>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>

HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”" combined
LogFormat “%h %l %u %t \”%r\” %>s %b” common

LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent
CustomLog logs/access_log common
ServerTokens Prod
ServerSignature Off

 
NameVirtualHost 10.0.0.1 # Note: replace 10.0.0.1 with your external ip address
 
# This first virtual host, I will forward http requests to a server running on the local class #A ip address.
<VirtualHost 10.0.0.1>
   ServerAdmin root@localhost

   ServerName example.local
   ServerAlias  www.example.local
ProxyPass               / http://10.0.0.3/example/
ProxyPassReverse        / http://10.0.0.3/example/

</VirtualHost>
 
# This example, I can use a sub directory on a different host Let says I just wanted to host # a directory on my main web site that was written in ASP or JSP, so I would forward it a # internet web server.
 
<VirtualHost 10.0.0.1>
   ServerAdmin root@localhost

   ServerName example.local
   ServerAlias  www.example.local
ProxyPass               /pdf http://10.0.0.4/pdf/
ProxyPassReverse        /pdf http://10.0.0.4/pdf/

</VirtualHost>
 
# Now when someone visited http://example.local/pdf/ it would be reversed to #10.0.0.4/pdf/

 
 
After playing around in your test lab, you should get an idea how easy Apache 2 can be used as a reverse proxy server.

Apache2, FastCGI, Mod_deflate, PHP5

Written By: Frank Mancuso

Updated: Jan 04 2006
I will show you how to build apache2 , PHP5 into /usr/local/www and I name
the directory by the build version, this way, I can upgrade easily, by rebuilding
when new updates come out.

For the document, I will use location /usr/local/www to reference to, you can replace the location to your own.

Building Apache2
 

groupadd www
useradd -g www -s /bin/false -d /dev/null www

Download lastest Source code from apache.org.

tar -xzvf httpd-2.0.55.tar.gz

cd httpd-2.0.55
./configure –prefix=/usr/local/www/apache2 –with-mpm=worker –enable-suexec
–with-suexec-caller=www \
–with-suexec-userdir=/usr/local/www/apache2/htdocs –enable-headers
–enable-logio –enable-deflate \
–enable-rewrite –enable-mime-magic –disable-charset-lite –disable-include
–disable-status –disable-autoindex \
–enable-cgi –disable-cgid –disable-negotiation –disable-imap –disable-userdir
–disable-asis –enable-alias –enable-so
make

make install

 
PHP5

Visited php.net and get the latest php5 build, for this document, I will be using the latest I got when I visited php.net

tar -xzvf php-5.1.1.tar.gz
cd php-5.1.1
./configure –prefix=/usr/local/www/php5 –enable-safe-mode –enable-sockets
–enable-force-cgi-redirect \
–with-zlib –with-gettext –with-gd –enable-gd-native-ttf –with-xml
–with-xmlrpc=shared \
–enable-fastcgi –disable-rpath –enable-magic-quotes –enable-memory-limit
–without-pgsql –with-mysql=/usr

make
make install

 
Now that install is complete you have to copy php4 configuration file.

cp php.ini-recommended /usr/local/www/php5/lib/php.ini

FastCGI
Visited http://fastcgi.com and download the latest version of fastCGI

tar -xzvf mod_fastcgi-2.4.2.tar.gz
cd mod_fastcgi-2.4.2
mv Makefile.AP2 Makefile
nano -w Makefile (edit the topdir)

 
Inside the Makefile, you would only change the line to point to where your apache directory is located.
top_dir = /usr/local/www/apache2

make
make install

 
Editing httpd.conf

mkdir /usr/local/www/apache2/run (This is for the apache2 pid file
will be located)

mkdir /usr/local/www/apache2/fcgi-bin (This is where the php cgi files
will be located and run from)
cd /usr/local/www/php5/bin
cp php /usr/local/www/apache2/fcgi-bin/php-cgi (copy the php binary)

 
Here is a cut down version of httpd.conf, I cut out a lot of junk you do not need to run a secure apache

# ========================
# httpd.conf
# ========================
# =================================================
# Basic settings
# =================================================
ServerRoot “/usr/local/www/apache2″
PidFile /usr/local/www/apache2/run/httpd.pid

Listen 80

# =================================================
# Performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 10

# worker MPM
<IfModule worker.c>
StartServers 2
MaxClients 250
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 5000
#AcceptMutex pthread
</IfModule>

# =================================================
# General settings
# =================================================
User www
Group www
ServerAdmin root@localhost
#ServerName www.example.com:80
UseCanonicalName Off
HostnameLookups Off
#EnableSendfile off
#EnableMMAP off
ServerTokens Full
ServerSignature On
DirectoryIndex index.php index.html index.html.var
DocumentRoot “/usr/local/www/apache2/htdocs”
AddDefaultCharset ISO-8859-1

# =================================================
# Access control
# =================================================
# First, we configure the “default” to be a very restrictive set of
<Directory>
Options FollowSymLinks
AllowOverride None
</Directory>

<Directory “/usr/local/www/apache2/htdocs”>

Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Alias /icons/ “/usr/local/www/apache2/icons/”
<Directory “/usr/local/www/apache2/icons”>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

AccessFileName .htaccess
<Files ~ “^\.ht”>
Order allow,deny
Deny from all
</Files>

# =================================================
# Redirects, Errors, etc
# =================================================
BrowserMatch “Mozilla/2″ nokeepalive
BrowserMatch “MSIE 4\.0b2;” nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch “RealPlayer 4\.0″ force-response-1.0
BrowserMatch “Java/1\.0″ force-response-1.0
BrowserMatch “JDK/1\.0″ force-response-1.0
BrowserMatch “Microsoft Data Access Internet Publishing Provider” redirect-carefully
BrowserMatch “^WebDrive” redirect-carefully
BrowserMatch “^WebDAVFS/1.” redirect-carefully
BrowserMatch “^gnome-vfs” redirect-carefully

# FastCGI
# =================================================
LoadModule fastcgi_module modules/mod_fastcgi.so
Alias /fcgi-bin/ “/usr/local/www/apache2/fcgi-bin/”
FastCgiServer /usr/local/www/apache2/fcgi-bin/php-cgi -processes 12
AddType application/x-httpd-fastphp .php
Action application/x-httpd-fastphp /fcgi-bin/php-cgi

# =================================================
# mod_deflate
# =================================================
<IfModule mod_deflate.c>
# place filter ‘DEFLATE’ on all outgoing content
SetOutputFilter DEFLATE
# exclude uncompressible content via file type
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|rar|zip)$ no-gzip
<IfModule mod_headers.c>
# properly handle requests coming from behind proxies
Header append Vary User-Agent
</IfModule>
</IfModule>
# deflate.log, log compression ratio on each request
<IfModule mod_deflate.c>
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat ‘”%r” %{outstream}n/%{instream}n (%{ratio}n%%)’ deflate
CustomLog logs/deflate.log deflate
</IfModule>
# Properly handle old browsers that do not support compression
<IfModule mod_deflate.c>
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0 no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>

# =================================================
# MIME encoding
# =================================================
TypesConfig conf/mime.types
DefaultType text/plain
MIMEMagicFile conf/magic
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler type-map var

# =================================================
# Logs
# =================================================
ErrorLog logs/error_log
LogLevel info
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”" combined
LogFormat “%h %l %u %t \”%r\” %>s %b” common
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent
CustomLog logs/access_log common

 
Testing Out PHP

cd /usr/local/www/apache2/htdocs

nano -w testphp.php

Inside the testphp.php file place this code

<?

echo PHPINFO();
?>

 
Now open up your Web Broswer and visit the web page and you should see a PHP information page showing
all the configuration the current PHP build supports

 
All this was tested out on Centos 4.1, Gentoo 64 bit
 

Which Linux filesystems to pick?

The Linux kernel supports various filesystems. We’ll explain ext2, ext3, ReiserFS, XFS and JFS as these are the most commonly used filesystems on Linux systems.

ext2 is the tried and true Linux filesystem but doesn’t have metadata journaling, which means that routine ext2 filesystem checks at startup time can be quite time-consuming. There is now quite a selection of newer-generation journaled filesystems that can be checked for consistency very quickly and are thus generally preferred over their non-journaled counterparts. Journaled filesystems prevent long delays when you boot your system and your filesystem happens to be in an inconsistent state.

ext3 is the journaled version of the ext2 filesystem, providing metadata journaling for fast recovery in addition to other enhanced journaling modes like full data and ordered data journaling. ext3 is a very good and reliable filesystem. It has an additional hashed b-tree indexing option that enables high performance in almost all situations. In short, ext3 is an excellent filesystem.

ReiserFS is a B*-tree based filesystem that has very good overall performance and greatly outperforms both ext2 and ext3 when dealing with small files (files less than 4k), often by a factor of 10x-15x. ReiserFS also scales extremely well and has metadata journaling. As of kernel 2.4.18+, ReiserFS is solid and usable as both general-purpose filesystem and for extreme cases such as the creation of large filesystems, the use of many small files, very large files and directories containing tens of thousands of files.

XFS is a filesystem with metadata journaling which comes with a robust feature-set and is optimized for scalability. We only recommend using this filesystem on Linux systems with high-end SCSI and/or fibre channel storage and an uninterruptible power supply. Because XFS aggressively caches in-transit data in RAM, improperly designed programs (those that don’t take proper precautions when writing files to disk and there are quite a few of them) can lose a good deal of data if the system goes down unexpectedly.

JFS is IBM’s high-performance journaling filesystem. It has recently become production-ready and there hasn’t been a sufficient track record to comment positively nor negatively on its general stability at this point.