Wednesday, February 22, 2012

Samba as Primary Domain Controller in CentOS 6

Step 1: Installing Samba
All the necessary RPM should be present in the installation media (CD/DVD). If needed, the online repository of repoforge.org is very good too.



Step 2: Preparing the Configuration Files
Now that Samba is installed, it is time to prepare the configuration file. I've said it before and I'll say it again, it's always a good idea to back up the .conf file before modifying.


Here are the modifications




Step 3: Starting the Service




It can be seen from the netstat output that the domain controller is running and is listening to port 137 & 138.

Step 4: User Management
To add clients into the domain, both machine and human users must be created. There are a couple of steps, but it's not hard.




Now that the Unix users are created, time to create the samba users.




Step 5: Adding Windows Client Machine
I'd be demonstrating the procedure for WinXP only. The process is almost identical for all Windows versions. First, we need to login as administrator.


  1. Start > My Computer (Right Click) > Properties
  2. Computer Name > Change
  3. Set the computer name and domain
  4. Enter administrative samba username and password i.e. user: root and password set by smbpasswd -a root
  5. Reboot


After successfully adding the machine into the domain, the workstation needs to be restarted. After restarting, we simply login using the domain user.

Logging in

Work Complete.

Note:
This configuration will not work with netlogons. Personally, I don't like netlogons because it
  • creates additional traffic inside the network.
  • login processes are pretty slow, depends on the volume of user data and the network infrastructure.
  • server hard disk gets full quickly if user quota is not maintained strictly.

Hope it helps ^_^


Sunday, February 12, 2012

SARG on CentOS 6

Usually, it's pretty hard to analyze information from the squid log file. For example, I don't know how to analyze date or number of hits from /var/log/squid/access.log. If someone needs to analyze which websites are being accessed from the network, SARG may be a very good tool. SARG, or Squid Analysis Report Generator (http://sarg.sourceforge.net) analyzes the log, and generates a web based table where one can easily analyze proxy traffic.

Although SARG can be installed using YUM, I have faced problems with CentOS 6. So, I went for tarball installation instead. And believe, it's really easy unlike many tarball installtions.

So, let's start:
[root@busy-bee2 ~]# yum install gcc make wget httpd
[root@busy-bee2 ~]# wget http://sourceforge.net/projects/sarg/files/sarg/sarg-2.3.1/sarg-2.3.1.tar.gz/download

[root@busy-bee2 ~]# tar zxvf sarg-2.3.1.tar.gz
[root@busy-bee2 ~]# cd sarg-2.3.1
[root@busy-bee2 ~]# ./configure
[root@busy-bee2 ~]# make
[root@busy-bee2 ~]# make install



Time to modify the conf file 

[root@busy-bee2 ~]# vim /usr/local/etc/sarg.conf



There are a lot of options, and it is always recommended to go through them. However, we'll be editing only the ones that we need.
#### sarg.conf####
access_log /var/log/squid/access.log
date_format e     ## since here we use date format DD-MM-YYYY
overwrite_report yes     ## because I don't want multiple sarg reports for the same day
output_dir /var/www/html/squid-reports



Time for a test run

[root@busy-bee2 ~]# sarg -x

We have used to the "-x" parameter for to view detail information on the run (used for debugging). If all goes well, there should be a report generated at /var/www/html/squid-reports directory which can be accessed from the web browser using the address http://IP/squid-reports



Sarg in Browser


Now, we'd be adding a scheduled task to run SARG at 02:30 everyday. To find out the executable file for SARG, we could use the 'which' command-

[root@busy-bee2 ~]# which sarg
## OUTPUT ##
 /usr/local/bin/sarg

[root@busy-bee2 ~]# crontab -e

30 2 * * *  /usr/local/bin/sarg

[root@busy-bee2 ~]# service crond restart
[root@busy-bee2 ~]# chkconfig crond on




Troubleshooting
If there is problem viewing the SARG page, here are a few tips:
  1. Check whether the Firewall is blocking (iptables)
  2. Check if there is a file /etc/httpd/conf.d/sarg.conf. There is a line "allow from". Modify it to suit your needs.
  3. Verify  that there is directory "/var/www/html/squid-reports"

Monday, February 6, 2012

Cacti Troubleshooting

Timezone Problem

If no graph is being generated and the cacti log keeps telling about timezone problem then this can be done:

ERROR SAMPLE


My timezone is Asia/Dhaka, so I modifed php.ini accordingly.




Of course, PHP documentation should be consulted prior to editing php.ini. This may help:

http://bd.php.net/manual/en/timezones.php

Graphs Not Being Generated
The poller needs to run at least once for the RRD (typically stored in /var/www/cacti/rra/) files to be created. The graphs are created based on the RRD files. If the graphs are not created, the following can be done:


Manually running the Poller




Setting Up the Logger for Debugging

The logger can be set up for debugging mode from Console > Settings > General. Now, checking the system log may provide clues as to why the graphs are not being generated.

Setting Cacti Poller for Debuggin

Cacti Log can be accessed from Console > System Utilities > View Cacti Log File
Cacti Log

Hope this helps :)

Cacti on CentOS 6 (Adding Devices)

After a fresh installation, the default username is 'admin' & password is 'admin'. After the first successful login, the user is forced to change it.

Now, we will see how to add devices in Cacti for monitoring

Adding a device for traffic analysis


Console > Devices


Add


Filling up the device parameters




Associated Data Queries > SNMP - Interface Statistics


Create Graph


Select interfaces to monitor

Hope this helps.

Cacti on CentOS 6 (Setting up the System)


Step 1: Installing RPM

I would recommend using the repository of repoforge.org. It has a large collection and I can get all the necessary RPMs there.




Step 2: Preparing SNMP

It is always a best practice to backup any configuration file before editing. To get SNMP ready to roll, we need to edit the following configuration file:




My Server IP is 192.168.10.13, and I have configured SNMP to match my requirements. Needless to say, your configuration should match your requirements.

Step 3: Testing SNMP



This command should produce a LOOOOOT of output






Step 4: MYSQL Configuration
The mySQL administrative password will be NEWPASSWORD. We would be creating another user 'cacti' with password 'cactipw' to create a database for cacti. The name of the database will be 'cacti'.




Step 5: Cacti Configuration
First, we need to find a file called 'cacti.sql'. Because the location of the file may vary based on the Linux Distribution or Cacti installation method, we run the following command to locate 'cacti.sql'




Time to automatically generate the table for cacti.



PHP might create some problems if the time zone is incorrect. For example, my timezone is Asia/Dhaka, and I have manually set the time zone to match this.





Time for some final tweaking



Step 6: HTTPD Configuration
By default, Cacti httpd configuration only allows localhost to access the Cacti page. However, in this case, we will not allow any such restrictions i.e. everyone can access the page and the ones who know the password would be able to view information.




We would be creating a soft link because in by default, CentOS looks for websites in the /var/www/html directory.







And finally we are ready to run the poller. Cron should automatically do it, but 



Basic Cacti configuration complete. Now, we can access Cacti by typing the URL http://192.168.1.13/cacti (your own machine IP of course) or http://hostname/cacti.

During the first run, Cacti would provide options for a new installation. The default paths are usually correct, but may be checked if needed.

After successful installation, the default username is admin with password admin. However, it's forced changed after first login.


 Hope it helps. In the next post, we would be discussing about how to add devices in Cacti.