error: PAM: authentication error for root

“error: PAM: authentication error for root” when trying to SSH to FreeBSD server as “root”

On a new installed FreeBSD server, when you try to SSH to the server as root, you will end up in the below error.

error: PAM: authentication error for root from 10.1.XXX.XXX

This is because by default “root” logins are disabled in SSH. You will have to enable this in the “/etc/ssh/sshd_config”. In many forums, you will notice that people ask you not to enable this. What they argue is true, but when I in closed network, I want to be able to login as root for many reasons which is why I’m writing this up.

In the “/etc/ssh/sshd_config” file, make sure you have below lines for you to be able to use “root” login using SSH. If any of the line doesn’t exist, you can add it to the file or if it is commented out, uncomment it.

PermitRootLogin yes
PasswordAuthentication yes
AllowUsers root

master dns configuration step by step guide RHEL7 / Centos 7

Domain name system. DNS major role is to convert human readable domain names to machine known numbers (IP Address). World resource connected to the internet or a private network by decentralized naming system.

The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. This mechanism provides distributed and fault tolerant service and was designed to avoid a single large central database.

Based on working method types of DNS are there, few are mentioned below

  1. Primary / Master DNS
  2. Slave DNS
  3. Forwarding DNS
  4. Caching DNS
  5. Authoritative-Only DNS

Primary / master DNS and Slave DNS Servers

Given the importance of DNS in making services and entire networks accessible, most DNS servers that are authoritative for a zone will have built-in redundancy. There are various terms for the relationships between these servers, but generally, a server can either be a master or a slave in its configuration.

Both master and slave servers are authoritative for the zones they handle. The master does not have any more power over the zones than the slave. The only differentiating factor between a master and a slave server is where they read their zone files from.

A master server reads its zone files from files on the system’s disk. These are usually where the zone administrator adds, edits, or transfers the original zone files.

The slave server receives the zones that it is authoritative for through a zone transfer from one of the master servers for the zone. Once it has these zones, it places them in a cache. If it has to restart, it first checks its cache to see if the zones inside are up-to-date. If not, it requests the updated information from the master server.

Forwarding DNS Server

This approach adds an additional link in the chain of DNS resolution by implementing a forwarding server that simply passes all requests to another DNS server with recursive capabilities (such as a caching DNS server).

The advantage of this system is that it can give you the advantage of a locally accessible cache while not having to do the recursive work (which can result in additional network traffic and can take up substantial resources on high traffic servers). This can also lead to some interesting flexibility in splitting your private and public traffic by forwarding to different servers.

Caching DNS Server

A caching DNS server is a server that handles recursive requests from clients. Almost every DNS server that the operating system’s stub resolver will contact will be a caching DNS server.

Caching servers have the advantage of answering recursive requests from clients. While authoritative-only servers may be ideal for serving specific zone information, caching DNS servers are more broadly useful from a client’s perspective. They make the DNS system of the world accessible to rather dumb client interfaces.

Authoritative-Only DNS Server

An authoritative-only DNS server is a server that only concerns itself with answering the queries for the zones that it is responsible for. Since it does not help resolve queries for outside zones, it is generally very fast and can handle many requests efficiently.

Few DNS Records

A = Address record
PTR  = Pointer record
NS = Name service / server
MX = Mail Exchanger
SOA = State of Authority
CNAME =    Canonical name / Alias Name

master DNS Server Profile

Packages Required   :  bind*

Version    :  9

Daemon  : named

Config File  : /var/named/chroot/etc/named.conf

/var/named/chroot/etc/named.rfc1912.zone

Default zone files location :         /var/named/chroot/var/named/

Port Number  : 53

[root@Techtutorial ~]# yum install bind*

First start named-chroot before named.service because it will generate config files

[root@Techtutorial ~]# systemctl enable named-chroot.service
[root@Techtutorial ~]# systemctl start named-chroot.service
[root@Techtutorial ~]# systemctl enable named.service
[root@Techtutorial ~]# systemctl start named.service
[root@Techtutorial ~]# vim /var/named/chroot/etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; 192.168.4.128; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.4.0/24; };

(Default line number is 10-17) As shown above enter your DNS server IP address (which is your server address) and network address which network you want to provide DNS service.

Now edit zones configuration file

[root@Techtutorial ~]# vim /var/named/chroot/etc/named.rfc1912.zones
### Zones Start Here  ####
zone "arkit.com" IN {
        type master;
        file "arkit.for.zone";
        allow-update { none; };
};
zone "4.168.192.in-addr.arpa" IN {
        type master;
        file "arkit.rev.zone";
        allow-update { none; };
};
#### Zoned Ended Here ####

as shown above copy the zone configuration lines (Default line numbers from 19 to 23) and paste there itself. copy the Reverse zone configuration line  (Default line number 31 to 35) and paste there itself. Now modify the copied lines as per your requirement ( which are in pink color).

zone “arkit.com” IN {  in this line whatever the domain name you would like to configure mention that

file “arkit.for.zone”;  file name whatever the file name you want you can give

zone “4.168.192.in-addr.arpa” IN { in this line write your IP address in reverse way

file “arkit.rev.zone”; file name whatever the file name you would like.

Save configuration file and Exit

Creating Zone files

Forward lookup zone – forward lookup zone will convert host name name to IP address

Reverse lookup zone – reverse lookup zone will convert IP address to  host name

change directory path to /var/named/chroot/var/named/

copy the files as per the file names which we have mentioned in above zones configuration file

in this example

named.local –> arkit.for.zone

named.loopback –> arkit.rev.zone

[root@Techtutorial named]# cd /var/named/chroot/var/named
[root@Techtutorial named]# cp named.localhost arkit.for.zone
[root@Techtutorial named]# cp named.loopback arkit.rev.zone
[root@Techtutorial named]# vim arkit.for.zone 
$TTL 1D
@    IN SOA    TechTutorial.arkit.com. root.TechTutorial.arkit.com. (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
                NS    TechTutorial.arkit.com.
arkit.com.             A    192.168.4.128
TechTutorial           A    192.168.4.128

As shown in above configuration TechTutorial.arkit.com. – DNS Server Name and domain name

add NS record as DNS Server name and domain name (do not forgot to add (dot) yet end)

First A record will be your domain name and DNS server IP address

[root@Techtutorial named]# vim arkit.rev.zone 
$TTL 1D
@    IN SOA    TechTutorial.arkit.com. root.TechTutorial.arkit.com. (
                    0    ; serial
                    1D    ; refresh
                    1H    ; retry
                    1W    ; expire
                    3H )    ; minimum
    NS    TechTutorial.arkit.com.
128    PTR    TechTutorial.arkit.com.

Note: Even do not miss single (dot) which will not start your named service

i have shown single host record as a example if you want to add more records add them

Now change the ownership of created files to named group

[root@Techtutorial named]# chown root:named arkit.for.zone 
[root@Techtutorial named]# chown root:named arkit.rev.zone 

Add firewall rule to communicate DNS port out

[root@Techtutorial ~]# firewall-cmd --permanent --add-service=dns
success
[root@Techtutorial ~]# firewall-cmd --reload
success

Now restart your named service.

[root@Techtutorial named]# systemctl restart named.service 
[root@Techtutorial named]# systemctl status named.service 

Now go to client side and add DNS server IP to /etc/resolve.conf

[root@Techtutorial named]# vim /etc/resolve.conf
search arkit.com
domain arkit.com
nameserver 192.168.4.128

verify master dns server

# nslookup arkit.com
#dig arkit.com
#host 192.168.4.128
#dig -x 192.168.4.128

That’s about installing and configuring the master DNS server.

 

*http://arkit.co.in/linux/master-dns-configuration/

Zimbra mail server installation and configuration RHEL7 / Centos 7

Zimbra mail server is an free email server for open source users, which will provide calender and collaboration solution. Zimbra mail server has GUI interface to manage administrator console.

The Zimbra Collaboration includes the Zimbra MTA, the Zimbra LDAP server, and the Zimbra mailbox server. In a single-server installation, all components are installed on one server and require no additional manual configuration. This installation guide is a quick start guide that describes the basic steps needed to install and configure Zimbra Collaboration in a direct network connect environment. In this environment, the Zimbra server is assigned a domain for which it receives mail, and a direct network connection to the Internet. When Zimbra Collaboration is installed, you will be able to log on to the Zimbra administration console to manage the domain and provision accounts.

In this tutorial / article we will explain how to install and configure zimbra mail server in RHEL 7.x / Centos 7.x. Before going to install we have to complete prerequisites as mentioned below.

  1. Stop sendmail and postfix
  2. Add MX record in DNS
  3. Add A (Authoritative Record) in Forward and reverse lookup zones
  4. Add entry in /etc/hosts
  5. Enable ports in zimbra mail server

Stop sendmail and postfix services to stop port conflict with zimbra

Stop postfix and sendmail services to avoid port conflicts. Mask the service so that if anybody unfortunately  try to start also service will not start.

[root@mail ~]# systemctl stop postfix.service
[root@mail ~]# systemctl stop sendmail
[root@mail ~]# systemctl mask postfix.service
[root@mail ~]# systemctl mask sendmail

Adding MX Record in IPA Server DNS

[root@ipaserver ~]# kinit admin
[root@ipaserver ~]# ipa dnsrecord-add arkit.co.in @ --mx-rec="9 mail.arkit.co.in."
[root@ipaserver ~]# dig mail.arkit.co.in MX

Adding A and PTR records in DNS

Edit your DNS zone configuration files and add entry like mentioned below

1w MX 9 mail.arkit.co.in.

Adding /etc/hosts entry

[root@mail ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.4.29 mail.arkit.co.in mail
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

Enabling Firewall ports for zimbra mail server communication

Zimbra Port Mapping    Port
Remote Queue Manager 22
Postfix     25
HTTP     80
POP3     110
IMAP     143
LDAP     389
HTTPS     443
Mailboxd IMAP SSL    993
Mailboxd POP SSL     995
Mailboxd LMTP    7025

[root@mail ~]# firewall-cmd --permanent --add-service=https
success
[root@mail ~]# firewall-cmd --permanent --add-service=http
success
[root@mail ~]# firewall-cmd --permanent --add-service=ldap
success
[root@mail ~]# firewall-cmd --permanent --add-port=22/tcp
success
[root@mail ~]# firewall-cmd --permanent --add-port=25/tcp
success
[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp
success
[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp
success
[root@mail ~]# firewall-cmd --permanent --add-port=993/tcp
success
[root@mail ~]# firewall-cmd --permanent --add-port=995/tcp
success
[root@mail ~]# firewall-cmd --permanent --add-port=7025/tcp
success
[root@mail ~]# firewall-cmd --reload
success

Now let’s install required packages by zimbra mail server

[root@mail ~]# yum install nc*
[root@mail ~]# yum install wget* -y
[root@mail ~]# yum install nano* -y
[root@mail ~]# yum install make* -y
[root@mail ~]# yum install sudo* -y
[root@mail ~]# yum install sysstat* -y
[root@mail ~]# yum install libtool* -y
[root@mail ~]# yum install glibc* -y
[root@mail ~]# yum install perl* -y
[root@mail ~]# yum install ntp* -y

Download zimbra mail server package

Installation process….

[root@mail ~]# tar -xvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz 
[root@mail ~]# cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110/
[root@mail zcs-8.6.0_GA_1153.RHEL7_64.20141215151110]# ./install.sh 
Operations logged to /tmp/install.log.44195
Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-dnscache...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-memcached...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-core...NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra-public-eula-2-5.html
Do you agree with the terms of the software license agreement? [N] y
Checking for prerequisites...
FOUND: NPTL
FOUND: nmap-ncat-6.40-4
FOUND: sudo-1.8.6p7-13
FOUND: libidn-1.28-3
FOUND: gmp-6.0.0-11
FOUND: libaio-0.3.109-12
FOUND: libstdc++-4.8.3-9
FOUND: unzip-6.0-13
FOUND: perl-core-5.16.3-285
Checking for suggested prerequisites...
FOUND: perl-5.16.3
FOUND: sysstat
FOUND: sqlite
Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
Select the packages to install
Install zimbra-ldap [Y] Hit return
Install zimbra-logger [Y] Hit Return
Install zimbra-mta [Y] Hit Return
Install zimbra-dnscache [Y] Hit Return
Install zimbra-snmp [Y] Hit Return
Install zimbra-store [Y] Hit Return
Install zimbra-apache [Y] Hit Return
Install zimbra-spell [Y] Hit Return
Install zimbra-memcached [Y]  Hit Return
Install zimbra-proxy [Y] Hit Return 
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-dnscache
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
The system will be modified. Continue? [N] y
Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/security/limits.conf...done.
Finished removing Zimbra Collaboration Server.
Installing packages
zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-dnscache......zimbra-dnscache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
 zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
Attempting to create directory /opt/zimbra/perl5
mkdir /opt/zimbra/perl5: Permission denied at /usr/share/perl5/vendor_perl/local/lib.pm line 269.
BEGIN failed--compilation aborted.
Attempting to create directory /opt/zimbra/perl5
mkdir /opt/zimbra/perl5: Permission denied at /usr/share/perl5/vendor_perl/local/lib.pm line 269.
BEGIN failed--compilation aborted.
Operations logged to /tmp/zmsetup03262016-181743.log
Installing LDAP configuration database...done.
Setting defaults...Attempting to create directory /opt/zimbra/perl5
mkdir /opt/zimbra/perl5: Permission denied at /usr/share/perl5/vendor_perl/local/lib.pm line 269.
BEGIN failed--compilation aborted.
DNS ERROR resolving MX for mail.arkit.co.in
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] 
Create domain: [mail.arkit.co.in] arkit.co.in
MX: mail.arkit.co.in (192.168.4.29)
Interface: 127.0.0.1
Interface: ::1
Interface: 192.168.4.29
done.
Checking for port conflicts
Main menu
1) Common Configuration: 
2) zimbra-ldap: Enabled 
3) zimbra-logger: Enabled 
4) zimbra-mta: Enabled 
5) zimbra-dnscache: Enabled 
6) zimbra-snmp: Enabled 
7) zimbra-store: Enabled 
+Create Admin User: yes 
+Admin user to create: admin@arkit.co.in 
******* +Admin Password UNSET 
+Anti-virus quarantine user: virus-quarantine.xkteesr1z@arkit.co.in
+Enable automated spam training: yes 
+Spam training user: spam.abtuvxsc@arkit.co.in 
+Non-spam(Ham) training user: ham.asemkheuax@arkit.co.in 
+SMTP host: mail.arkit.co.in 
+Web server HTTP port: 8080 
+Web server HTTPS port: 8443 
+Web server mode: https 
+IMAP server port: 7143 
+IMAP server SSL port: 7993 
+POP server port: 7110 
+POP server SSL port: 7995 
+Use spell check server: yes 
+Spell server URL: http://mail.arkit.co.in:7780/aspell.php
+Enable version update checks: TRUE 
+Enable version update notifications: TRUE 
+Version update notification email: admin@arkit.co.in 
+Version update source email: admin@arkit.co.in 
+Install mailstore (service webapp): yes 
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled 
9) zimbra-proxy: Enabled 
10) Default Class of Service Configuration: 
s) Save config to file 
x) Expand menu 
q) Quit
Address unconfigured (**) items (? - help) r
Invalid selection! - press any key to continue
Main menu
1) Common Configuration: 
2) zimbra-ldap: Enabled 
3) zimbra-logger: Enabled 
4) zimbra-mta: Enabled 
5) zimbra-dnscache: Enabled 
6) zimbra-snmp: Enabled 
7) zimbra-store: Enabled 
+Create Admin User: yes 
+Admin user to create: admin@arkit.co.in 
******* +Admin Password UNSET 
+Anti-virus quarantine user: virus-quarantine.xkteesr1z@arkit.co.in
+Enable automated spam training: yes 
+Spam training user: spam.abtuvxsc@arkit.co.in 
+Non-spam(Ham) training user: ham.asemkheuax@arkit.co.in 
+SMTP host: mail.arkit.co.in 
+Web server HTTP port: 8080 
+Web server HTTPS port: 8443 
+Web server mode: https 
+IMAP server port: 7143 
+IMAP server SSL port: 7993 
+POP server port: 7110 
+POP server SSL port: 7995 
+Use spell check server: yes 
+Spell server URL: http://mail.arkit.co.in:7780/aspell.php
+Enable version update checks: TRUE 
+Enable version update notifications: TRUE 
+Version update notification email: admin@arkit.co.in 
+Version update source email: admin@arkit.co.in 
+Install mailstore (service webapp): yes 
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled 
9) zimbra-proxy: Enabled 
10) Default Class of Service Configuration: 
s) Save config to file 
x) Expand menu 
q) Quit
Address unconfigured (**) items (? - help) s
Save config in file: [/opt/zimbra/config.38019] 
Saving config in /opt/zimbra/config.38019...done.
Main menu
1) Common Configuration: 
2) zimbra-ldap: Enabled 
3) zimbra-logger: Enabled 
4) zimbra-mta: Enabled 
5) zimbra-dnscache: Enabled 
6) zimbra-snmp: Enabled 
7) zimbra-store: Enabled 
+Create Admin User: yes 
+Admin user to create: admin@arkit.co.in 
******* +Admin Password UNSET 
+Anti-virus quarantine user: virus-quarantine.xkteesr1z@arkit.co.in
+Enable automated spam training: yes 
+Spam training user: spam.abtuvxsc@arkit.co.in 
+Non-spam(Ham) training user: ham.asemkheuax@arkit.co.in 
+SMTP host: mail.arkit.co.in 
+Web server HTTP port: 8080 
+Web server HTTPS port: 8443 
+Web server mode: https 
+IMAP server port: 7143 
+IMAP server SSL port: 7993 
+POP server port: 7110 
+POP server SSL port: 7995 
+Use spell check server: yes 
+Spell server URL: http://mail.arkit.co.in:7780/aspell.php
+Enable version update checks: TRUE 
+Enable version update notifications: TRUE 
+Version update notification email: admin@arkit.co.in 
+Version update source email: admin@arkit.co.in 
+Install mailstore (service webapp): yes 
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled 
9) zimbra-proxy: Enabled 
10) Default Class of Service Configuration: 
s) Save config to file 
x) Expand menu 
q) Quit
Address unconfigured (**) items (? - help) 7
Store configuration
1) Status: Enabled 
2) Create Admin User: yes 
3) Admin user to create: admin@arkit.co.in 
** 4) Admin Password UNSET 
5) Anti-virus quarantine user: virus-quarantine.xkteesr1z@arkit.co.in
6) Enable automated spam training: yes 
7) Spam training user: spam.abtuvxsc@arkit.co.in 
8) Non-spam(Ham) training user: ham.asemkheuax@arkit.co.in 
9) SMTP host: mail.arkit.co.in 
10) Web server HTTP port: 8080 
11) Web server HTTPS port: 8443 
12) Web server mode: https 
13) IMAP server port: 7143 
14) IMAP server SSL port: 7993 
15) POP server port: 7110 
16) POP server SSL port: 7995 
17) Use spell check server: yes 
18) Spell server URL: http://mail.arkit.co.in:7780/aspell.php
19) Enable version update checks: TRUE 
20) Enable version update notifications: TRUE 
21) Version update notification email: admin@arkit.co.in 
22) Version update source email: admin@arkit.co.in 
23) Install mailstore (service webapp): yes 
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] 4
Password for admin@arkit.co.in (min 6 characters): [bPfLiyMX] Admin@1234
Store configuration
1) Status: Enabled 
2) Create Admin User: yes 
3) Admin user to create: admin@arkit.co.in 
4) Admin Password set 
5) Anti-virus quarantine user: virus-quarantine.xkteesr1z@arkit.co.in
6) Enable automated spam training: yes 
7) Spam training user: spam.abtuvxsc@arkit.co.in 
8) Non-spam(Ham) training user: ham.asemkheuax@arkit.co.in 
9) SMTP host: mail.arkit.co.in 
10) Web server HTTP port: 8080 
11) Web server HTTPS port: 8443 
12) Web server mode: https 
13) IMAP server port: 7143 
14) IMAP server SSL port: 7993 
15) POP server port: 7110 
16) POP server SSL port: 7995 
17) Use spell check server: yes 
18) Spell server URL: http://mail.arkit.co.in:7780/aspell.php
19) Enable version update checks: TRUE 
20) Enable version update notifications: TRUE 
21) Version update notification email: admin@arkit.co.in 
22) Version update source email: admin@arkit.co.in 
23) Install mailstore (service webapp): yes 
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] Hit Return
Main menu
1) Common Configuration: 
+Hostname: mail.arkit.co.in 
+Ldap master host: mail.arkit.co.in 
+Ldap port: 389 
+Ldap Admin password: set 
+Secure interprocess communications: yes 
+TimeZone: Asia/Colombo 
+IP Mode: ipv4 
+Default SSL digest: sha256
2) zimbra-ldap: Enabled 
+Create Domain: yes 
+Domain to create: arkit.co.in 
+Ldap root password: set 
+Ldap replication password: set 
+Ldap postfix password: set 
+Ldap amavis password: set 
+Ldap nginx password: set 
+Ldap Bes Searcher password: set
3) zimbra-logger: Enabled 
4) zimbra-mta: Enabled 
+Enable Spamassassin: yes 
+Enable Clam AV: yes 
+Enable OpenDKIM: yes 
+Notification address for AV alerts: admin@arkit.co.in 
+Bind password for postfix ldap user: set 
+Bind password for amavis ldap user: set
5) zimbra-dnscache: Enabled 
+Master DNS IP address(es): 192.168.4.12 
+Enable DNS lookups over TCP: yes 
+Enable DNS lookups over UDP: yes 
+Only allow TCP to communicate with Master DNS: no
6) zimbra-snmp: Enabled 
+Enable SNMP notifications: yes 
+SNMP Trap hostname: mail.arkit.co.in 
+Enable SMTP notifications: yes 
+SMTP Source email address: admin@arkit.co.in 
+SMTP Destination email address: admin@arkit.co.in
7) zimbra-store: Enabled 
+Create Admin User: yes 
+Admin user to create: admin@arkit.co.in 
+Admin Password set 
+Anti-virus quarantine user: virus-quarantine.xkteesr1z@arkit.co.in
+Enable automated spam training: yes 
+Spam training user: spam.abtuvxsc@arkit.co.in 
+Non-spam(Ham) training user: ham.asemkheuax@arkit.co.in 
+SMTP host: mail.arkit.co.in 
+Web server HTTP port: 8080 
+Web server HTTPS port: 8443 
+Web server mode: https 
+IMAP server port: 7143 
+IMAP server SSL port: 7993 
+POP server port: 7110 
+POP server SSL port: 7995 
+Use spell check server: yes 
+Spell server URL: http://mail.arkit.co.in:7780/aspell.php
+Enable version update checks: TRUE 
+Enable version update notifications: TRUE 
+Version update notification email: admin@arkit.co.in 
+Version update source email: admin@arkit.co.in 
+Install mailstore (service webapp): yes 
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled 
9) zimbra-proxy: Enabled 
+Enable POP/IMAP Proxy: TRUE 
+IMAP proxy port: 143 
+IMAP SSL proxy port: 993 
+POP proxy port: 110 
+POP SSL proxy port: 995 
+Bind password for nginx ldap user: set 
+Enable HTTP[S] Proxy: TRUE 
+HTTP proxy port: 80 
+HTTPS proxy port: 443 
+Proxy server mode: https
10) Default Class of Service Configuration: 
+Enable Tasks Feature: Enabled
c) Collapse menu 
s) Save config to file 
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] 
Save config in file: [/opt/zimbra/config.38019] 
Saving config in /opt/zimbra/config.38019...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup03262016-192032.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for mail.arkit.co.in...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on mail.arkit.co.in...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting Master DNS IP address(es)...done.
Setting DNS cache tcp lookup preference...done.
Setting DNS cache udp lookup preference...done.
Setting DNS tcp upstream preference...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on mail.arkit.co.in...done.
Adding mail.arkit.co.in to zimbraMailHostPool in default COS...done.
Creating domain arkit.co.in...done.
Setting default domain name...done.
Creating domain arkit.co.in...already exists.
Creating admin account admin@arkit.co.in...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user spam.abtuvxsc@arkit.co.in...done.
Creating user ham.asemkheuax@arkit.co.in...done.
Creating user virus-quarantine.xkteesr1z@arkit.co.in...done.
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.arkit.co.in...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...Attempting to create directory /opt/zimbra/perl5
mkdir /opt/zimbra/perl5: Permission denied at /usr/share/perl5/vendor_perl/local/lib.pm line 269.
BEGIN failed--compilation aborted.
done.
Installing common zimlets...
com_zimbra_adminversioncheck...done.
com_zimbra_attachcontacts...done.
com_zimbra_attachmail...done.
com_zimbra_bulkprovision...done.
com_zimbra_cert_manager...done.
com_zimbra_clientuploader...done.
com_zimbra_date...done.
com_zimbra_email...done.
com_zimbra_mailarchive...done.
com_zimbra_phone...done.
com_zimbra_proxy_config...done.
com_zimbra_srchhighlighter...done.
com_zimbra_tooltip...done.
com_zimbra_url...done.
com_zimbra_viewmail...done.
com_zimbra_webex...done.
com_zimbra_ymemoticons...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.6.0_GA_1153_RHEL7_64)
The ADMIN EMAIL ADDRESS created (admin@arkit.co.in)
Notify Zimbra of your installation? [Yes] no
Notification skipped
Setting up zimbra crontab...done.
Moving /tmp/zmsetup03262016-192032.log to /opt/zimbra/log
Configuration complete - press return to exit Hit Return

Starting and restarting zimbra mail service

[root@mail ~]# systemctl status zimbra.service
[root@mail ~]# systemctl restart zimbra.service
[root@mail ~]# systemctl stop zimbra.service
[root@mail ~]# systemctl start zimbra.service

zimbra server installation completed successfully.

Now open the zimbra mail server administrator console

https://mail.arkit.co.in:7071

Administrator console screenshot below

zimbra mail server

Zimbra services status

zimbra mail server

Mail box console

zimbra mail box

That’s about zimbra mail server

 

*http://arkit.co.in/linux/zimbra-mail-server-installation/

squid proxy server installation and configuration RHEL7 / Centos7

squid proxy server is used to filter web traffic and reducing and fine tuning internet bandwidth.

Squid was originally developed as the Harvest object cache, part of the Harvest project at the University of Colorado Boulder. Further work on the program was completed at the University of California, San Diego and funded via two grants from the National Science Foundation. Duane Wessels forked the “last pre-commercial version of Harvest” and renamed it to Squid to avoid confusion with the commercial fork called Cached 2.0, which became NetCache. Squid version 1.0.0 was released in July 1996.

Squid is now developed almost exclusively through volunteer efforts.

Squid Proxy Server Profile

Packages : squid*

Service Name: squid

Default port : 3128

Config File : /etc/squid/squid.conf

Log file Path: /var/log/squid

Environment : RHEL 7, Centos 7 and RHEL 6

Installation process

[root@server ~]# yum install squid*
Installed:
squid.x86_64 7:3.3.8-12.el7_0
Dependency Installed:
libecap.x86_64 0:0.2.0-8.el7 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7
perl-Digest.noarch 0:1.17-245.el7 perl-Digest-MD5.x86_64 0:2.52-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7
Complete!

Enable and start the Service

[root@server ~]# systemctl enable squid
ln -s '/usr/lib/systemd/system/squid.service' '/etc/systemd/system/multi-user.target.wants/squid.service'
[root@server ~]# systemctl start squid
[root@server ~]# systemctl status squid
squid.service - Squid caching proxy
Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled)
Active: active (running) since Sun 2016-04-17 13:47:33 IST; 34s ago
Process: 7989 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
Process: 7983 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
Main PID: 7999 (squid)
CGroup: /system.slice/squid.service
├─7999 /usr/sbin/squid -f /etc/squid/squid.conf
└─8001 (squid-1) -f /etc/squid/squid.conf
Apr 17 13:46:53 server.arkit.co.in squid[7989]: 2016/04/17 13:46:53| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
Apr 17 13:47:13 server.arkit.co.in squid[7989]: 2016/04/17 13:47:13| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
Apr 17 13:47:33 server.arkit.co.in squid[7989]: 2016/04/17 13:47:33| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
Apr 17 13:47:33 server.arkit.co.in squid[7999]: Squid Parent: will start 1 kids
Apr 17 13:47:33 server.arkit.co.in squid[7999]: Squid Parent: (squid-1) process 8001 started
Apr 17 13:47:33 server.arkit.co.in systemd[1]: Started Squid caching proxy.

Allow firewall port for squid

[root@server ~]# firewall-cmd --permanent --add-port=3128/tcp
success
[root@server ~]# firewall-cmd --reload
success

Default port of squid proxy is 3128 that’s why we have to allow port 3128.

Access Control List

Open the configuration file and write the ACL as per requirement in ACL we can do so many things

  1. Restricting un-wanted (BAD) URL’s
  2. Restrict access to internet based on time period
  3. Restrict Downloads
  4. Restrict file type downloads
  5. Allow Networks to enable Internet access
  6. Download speed control
[root@server ~]# vim /etc/squid/squid.conf

To allow Network we have to write below ACL lines

acl localnet src 192.168.4.0/24 
http_access allow localnet

To allow ports using ACL

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access deny !Safe_ports

Block bad sites

acl badsites url_regix "/etc/squid/badsites"
http_access deny badsites

write the bad sites in the file

[root@server ~]# cat /etc/squid/badsites
.facebook.com
.twitter.com
.youtube.com
.linkedin
.msn.com
.myspace.com
.flickr.com
.google

Block File downloads

acl blockfiles urlpath_regix "/etc/squid/blockfiles.acl"
http_access deny blockfiles

Block file type downloads, below is the example file to deny mp3, mp4, flv avi, 3gp, mpg and mpeg.

[root@server ~]# cat /etc/squid/blockfiles.acl
\.torrent$
\.mp3.*$
\.mp4.*$
\.3gp.*$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
\.[Ff][Ll][Vv].*$

Time based access, which deny internet access from morning 10 Hours to 19 Hours

acl work_hours time 10:00-19:00 
http_access deny work_hours

restricting download speed ACL

acl speedcontrol src 192.168.4.0/24
delay_pools 1
delay_class 1 2
delay_parameters 1 524288/524288 52428/52428
delay_access 1 allow speedcontrol

Go to Client Side

then change the proxy address in your browser then try to access the website
IE Settings > Internet options > Connections > Lan Settings >

download

provide IP address and port number

Now see the logs watch the squid logs
/var/log/squid/ log file directory

The logs are a valuable source of information about Squid workloads and performance. The logs record not only access information, but also system configuration errors and resource consumption (eg, memory, disk space). There are several log file maintained by Squid. Some have to be explicitly activated during compile time, others can safely be deactivated during.

  • /var/log/squid/access.log : Most log file analysis program are based on the entries in access.log. You can use this file to find out who is using squid server and what they are doing etc
  • /var/log/squid/cache.log : The cache.log file contains the debug and error messages that Squid generates. If you start your Squid using the default RunCache script, or start it with the -s command line option, a copy of certain messages will go into your syslog facilities. It is a matter of personal preferences to use a separate file for the squid log data.
  • /var/log/squid/store.log : The store.log file covers the objects currently kept on disk or removed ones. As a kind of transaction log it is ususally used for debugging purposes. A definitive statement, whether an object resides on your disks is only possible after analysing the complete log file. The release (deletion) of an object may be logged at a later time than the swap out (save to disk).

HOW DO I VIEW SQUID LOG FILES / LOGS?

You can use standard UNIX / Linux command such as grep / tail to view log files. You must login as root or sudo command to view log files.

Display log files in real time

Use tail command as follows:

~]# tail -f /var/log/squid/access.log

OR

~]$ sudo tail -f /var/log/squid/access.log

Search log files
Use grep command as follows: ~]#grep ‘string-to-search’ /var/log/squid/access.log

That’s about squid proxy server installation and configuration

 

 

*http://arkit.co.in/linux/squid-proxy-server/

 

 

Setting Up Prerequisites to ‘Install Windows 7’ over ‘PXE Network Boot Server’ on RHEL/CentOS 7 – Part 1

Continuing the series of tutorials regarding RHEL/CentOS 7 PXE Network Boot Server Environment, where so far I have only discussed integrating and installing Linux distributions over PXE Server.

Configure PXE Server to Install Windows

Configure PXE Server to Install Windows

This tutorial will be concentrate around Windows based systems and will show you how to add and manually install Windows 7, both 32-bit and 64-bit architectures, over a PXE Server and Samba shares.

Requirements

  1. Install PXE Network Boot Server for Multiple OS Installations in RHEL/CentOS 7
  2. A Samba fully accessed directory share setup on PXE Server machine.
  3. A computer with Windows 7 operating system installed.
  4. Windows Automated Installation Kit (AIK) installed on Windows 7 computer.
  5. Both Windows 7 32-bit/64-bit DVD ISO Images.

Before proceeding with the installation process, I will explain how this guide is structured.

The first part will cover the configurations needed to setup the environment on RHEL/CentOS 7 PXE Server premises, by installing and configuring a Samba fully accessed shared directory with no authentication needed, where both Windows 7 system architecture images will be deployed, and, also, editing PXE Server default configuration file with the options needed to boot WinPE ISO Image in order to manually proceed with Windows installation process.

The second part will be focused on building WinPE ISO image (Windows Preinstallation Enironment) with the help of Windows Automated Installation Kit (AIK) installed on a Windows 7 computer premises. This image will be then transferred to PXE Server machine via Samba shared directory and moved to TFTP server default location.

The next steps that should be made on the client-side in order to boot, access and install Windows 7 over network.

Step 1: Install and Setup Samba Share on PXE Server

1. On the first step, login to PXE Server with root account and setup a fully accessed Samba share, where Windows 7 DVD installation sources will be deployed. Install Samba daemon by issuing the following command.

# yum install samba samba-common samba-winbind 
Install Samba on CentOS 7

Install Samba on PXE

2. Next, backup samba main configuration file and create a new configuration file with your favourite text editor by running the following commands.

# mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
# nano /etc/samba/smb.conf
Backup Samba Configuration

Backup Samba Configuration

3. Now add the following configurations to samba main file as presented in the below file excerpt.

[global]
        workgroup = PXESERVER
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        idmap config * : backend = tdb
        cups options = raw
        netbios name = pxe
        map to guest = bad user
        dns proxy = no
        public = yes
        ## For multiple installations the same time - not lock kernel
        kernel oplocks = no
        nt acl support = no
        security = user
        guest account = nobody

[install]
        comment = Windows 7 Image
        path = /windows
        read only = no
        browseable = yes
        public = yes
        printable = no
        guest ok = yes
        oplocks = no
        level2 oplocks = no
        locking = no
Configure Samba in CentOS 7

Configure Samba for PXE

As you can see from this configuration file, I have created a shared folder named install which is located under /windows system path (on this path will copy Windows 7 DVD installation sources).

4. After finishing editing main samba configuration file run testparm command in order to check and validate the file for eventual errors or misconfigurations.

# testparm
Check Samba Configuration

Check Samba Configuration

5. On the next step create the /windows directory under root path (the directory defined in samba conf file) and add SELinux contextual rules in
order to be fully accessed in case your system has enforced SELinux security.

# mkdir /windows
# semanage fcontext -a -t samba_share_t ‘/windows(/.*)?’
# restorecon -R -v /windows
Add Samba Selinux Rules

Add Samba Selinux Rules

Step 2: Deploy Windows 7 Installation Sources on PXE Server

6. For this step both Windows 7 ISO DVD Images are needed. But before mounting and copy DVD content create two directories under /windows path
to separate Windows installation sources architectures.

# mkdir /windows/x32
# mkdir /windows/x64
Create Windows Install Sources on PXE

Create Windows Install Sources on PXE

7. Now it’s time to copy Windows Installation Sources to the paths created above. First put Windows 7 32-bit DVD Image ISO on your machine DVD drive, mount the image to /mnt path and copy all DVD mounted content to samba shared directory /windows/x32/. The transfer process can take a while depending on your system resources, and, after it finishes, unmount Windows 7 32-bit DVD Image.

# mount -o loop /dev/cdrom /mnt
# cp -rf  /mnt/*  /windows/x32/
# umount  /mnt
Mount Windows Install DVD on PXE

Mount Windows Install DVD on PXE

8. Repeat the above process with Windows 7 64-bit DVD Image, but this time copy DVD mounted content to /windows/x64/ shared path.

# mount -o loop /dev/cdrom /mnt
# cp -rf  /mnt/*  /windows/x64/
# umount  /mnt
Mount Windows 7 64 bit on PXE

Mount Windows 7 64 bit on PXE

Note: If your PXE server machine doesn’t have a DVD drive you can copy both Windows DVDs contents after you start samba server and access the “install” shared folder from a Windows computer.

9. After both DVD’s images are copied, issue the following commands to setup the right owner and permissions in order to make the share readable and fully accessible without authentication.

# chmod -R 0755 /windows
# chown -R nobody:nobody /windows
Grant Permission Windows Install Sources

Grant Permission Windows Install Sources

Step 3: Add Firewall Rules, Start and Enable Samba System-Wide

10. If you are using a Firewall on your PXE Server premises, add the following rule to Firewalld service to open Samba to outside connections.

# firewall-cmd --add-service=samba --permanent
# firewall-cmd --reload
Open Samba in Centos 7 Firewall

Open Samba on Firewall

11. Now, start Samba daemons and enable it system wide, to automatically start after every reboot, by issuing the following commands.

# systemctl restart smb
# systemctl enable smb
# systemctl restart winbind
# systemctl enable winbind
# systemctl restart nmb
# systemctl enable nmb
# systemctl status smb
Enable Samba Systemwide in CentOS 7

Enable Samba Systemwide

12. To test Samba configuration move to a Windows computer and add the IP Address of your Samba server followed by the shared path name in Windows Explorer address bar and the shared folders should appear.

\\192.168.1.20\install
Check Samba Shares in CentOS 7

Check Samba Shares

At this point you can now use the alternate method explained in the above note, and put Windows 7 ISO Images in your DVD drive and copy their content, depending on the system architecture, to x32 and x64 folders.

Step 4: Configure PXE Server

13. Before editing PXE Menu configuration file, create a new directory named windows on TFTP server default system path. Under this directory you will later copy WinPE ISO image, created on the Windows 7 computer using Windows Automated Installation Kit program.

# mkdir /var/lib/tftpboot/windows

14. Now, open PXE Server default configuration file and add Windows Installation label to PXE menu, as described in the below menu excerpt.

# nano /var/lib/tftpboot/pxelinux.cfg/default

Windows 7 menu label configuration.

label 9
menu label ^9) Install Windows 7 x32/x64
                KERNEL memdisk
                INITRD windows/winpe_x86.iso
                APPEND iso raw
Add Windows 7 to PXE Menu

Add Windows 7 to PXE Menu

That’s all you need to setup on RHEL/CentOS 7 PXE Server side. Still, don’t close the console yet, because you will need it later to copy WinPE ISO image to /var/lib/tftpboot/windows/ directory.

 

Installing Windows 7 over PXE Network Boot Server on RHEL/CentOS 7 using WinPE ISO Image – Part 2

Continuing the series regarding installing Windows 7 over RHEL/CentOS 7 PXE Network Boot, where in the first part I have only covered setting up prerequisites on PXE Server, now in this article will be going to discuss how to build WinPE ISO image with the help of Windows Automated Installation Kit on Windows and then move the build image to PXE Server TFTP default location to access and install Windows 7 over PXE network.

Install Windows 7 over PXE Boot in Linux

Install Windows 7 over PXE Boot in CentOS

Requirements

  1. Configure PXE Server to Install Windows 7 over PXE Network Boot – Part 1

Step 1: Download and Install Windows Automated Installation Kit

1. On this second part, logon to a Windows 7 Operating System computer, go to Microsoft Download Center and download Windows Automated Installation Kit ISO image file by using the following link.

  1. http://www.microsoft.com/en-us/download/details.aspx?id=5753
Download Windows Automated Installation Kit

Download Windows Automated Installation Kit

2. After AIK ISO image finishes downloading, mount the image using a Windows mount software (Daemon Tools Lite Free Edition will do the job) and install Windows Automated Installation Kit software.

Mount Windows Automated Installation Kit

Mount Windows Automated Installation Kit

Welcome to Windows AIK

Welcome to Windows AIK

Step 2: Create WinPE ISO Image on Windows 7

3. After Windows AIK software is installed on your system go to Windows Start -> All Programs -> Microsoft Windows AIK -> right click on Deployment Tools Command Prompt and select Run as Administrator and a new Windows Shell console should open on your screen.

Create WinPE ISO Image

Create WinPE ISO Image

4. Now it’s time to build the Windows 7 Preinstallation Environment (WinPE) x86 boot image by issuing the following commands on Deployment Tools Command Prompt.

copype x86 C:\winPE_x86
copy "C:\Program Files\Windows AIK\Tools\PETools\x86\winpe.wim" C:\winpe_x86\ISO\Sources\Boot.wim
copy "C:\Program Files\Windows AIK\Tools\x86\Imagex.exe" C:\winpe_x86\ISO\
oscdimg -n -bC:\winpe_x86\etfsboot.com C:\winpe_x86\ISO C:\winpe_x86\winpe_x86.iso
Build WinPE Image

Build WinPE Image

Copy WinPE ISO Image

Copy WinPE ISO Image

5. Although for this tutorial just the WinPE x86 Boot ISO Image is required, below you can find the commands to build PE Images for Windows 7 64-bit and Windows 8 architectures also.

To build WinPE Boot images for Windows 7 64-bit use the following commands:
copype amd64 C:\winPE_amd64
copy "C:\Program Files\Windows AIK\Tools\PETools\amd64\winpe.wim" C:\winpe_amd64\ISO\Sources\Boot.wim
copy "C:\Program Files\Windows AIK\Tools\amd64\Imagex.exe" C:\winpe_amd64\ISO\
oscdimg -n -bC:\winpe_amd64\etfsboot.com C:\winpe_amd64\ISO C:\winpe_amd64\winpe_amd64.iso
To build Windows 8 32-bit WinPE bootable images run the following commands:
copype x86 C:\Win8PE_x86
MakeWinPEMedia /ISO C:\Win8PE_x86 C:\Win8PE_x86\WinPE_x86.iso
To build Windows 8 64-bit WinPE bootable images run the following commands:
copype amd64 C:\Win8PE_amd64
MakeWinPEMedia /ISO C:\Win8PE_amd64 C:\Win8PE_amd64\Win8PE_amd64.iso

Step 3: Copy WinPE ISO Image to CentOS PXE Server

6. After Windows 7 Preinstallation Environment (WinPE) x86 boot image has been created, use Windows Explorer to copy winpe_x86.iso image located in C:\winpe_x86\ windows path to PXE Samba shared directory at \\192.168.1.20\install network location.

Copy WinPE ISO Image PXE Server

Copy WinPE ISO Image PXE Server

7. After WinPE x86 ISO file is completely transferred to Samba “install” shared directory go back to PXE Server console and move this image from root’s /windows directory to TFTP windows directory path to complete the entire installation process.

# mv /windows/winpe_x86.iso  /var/lib/tftpboot/windows/

Step 4: Boot and Install Windows 7 over PXE Network on Client Side

8. In order to boot and install Windows 7 via network and PXE server, first instruct the clients machines to boot over network by modifying BIOS device boot order or hit a custom key during BIOS post to select a network boot device.

After the first PXE prompt appears press F8 and Enter keys to continue and then select Install Windows 7 from PXE menu.

Select Windows 7 from PXE Menu

Select Windows 7 from PXE Menu

9. After WinPE image finishes loading, a customized minimal image of windows starts and a Command Prompt window will be displayed on screen.

Loading Windows 7 over PXE Boot

Loading Windows 7 over PXE Boot

Starting Windows 7 over PXE Boot

Starting Windows 7 over PXE Boot

Windows 7 Command Prompt

Windows 7 Command Prompt

10. In order to install Windows 7 over a Network Share, in the Command Prompt window, map the Windows installation sources (use the architecture
path you want to install), configured on PXE Samba share directory, as a Network drive.

Then enter network drive share, by specifying the drive letter, and run setup.exe utility. Use the following commands to start the installation process (replace the samba network address location and network drive letter accordingly) and continue with the installation process as you normally do it from a local DVD media.

net use z: \\192.168.1.20\install\x32
Z:
setup.exe
Enter Windows 7 Installation Source

Enter Windows 7 Installation Source

Choose Windows 7 Language

Choose Windows 7 Language

Select Drive to Install Windows 7

Select Drive to Install Windows 7

11. If you want to install the 64-bit architecture, map the specific 64-bit network path using a different letter and continue the installation procedure by following the same steps explained above.

net use y : \\192.168.1.20\install\x64
Y:
setup.exe
Choose Windows 7 Install Source

Choose Windows 7 Install Source

Select Windows 7 Home Basic

Select Windows 7 Home Basic

12. In case the installation sources are configured with authentication use the following command switch to specify the username.

net use y : \\192.168.1.20\install\x64  /user:samba_username

13. After both architectures installation sources had been mapped you can change between them by switching to the designated network drive letter as presented in the screenshot below.

Change Network Installation Source

Change Network Installation Source

Thats all! Performing Windows installations over PXE and network has a lot of advantages, such as cutting down the installation time drastically, allowing the installation process to take place the same time on multiple machines without the need to use a physical installation media.

You can also setup multiple Windows Installation Sources (using Windows or Samba shares) on different machines over your network to avoid a bottleneck on RHEL/CentOS PXE Server, in case you install Windows on multiple machines the same time, and direct the network drive maps to use those specific network sources on installation process.

 

*http://www.tecmint.com/configure-pxe-server-to-install-windows-on-centos/

Automated Installations of Multiple RHEL/CentOS 7 Distributions using PXE Server and Kickstart Files

This article is an extension of my previous PXE Boot Environment Setup on RHEL/CentOS 7 and it’s focused on how you can perform Automatic Installations of RHEL/CentOS 7, without the need for user intervention, on headless machines using a Kickstart file read from a local FTP server.

The environment preparation for this kind of installation has already been processed on the previous tutorial regarding PXE Server setup, the only key missing, a Kickstart file, will be discussed further on this tutorial.

Multiple Linux OS Installation using Kickstart

Multiple RHEL/CemtOS 7 Installation using Kickstart

The simplest way to create a customize Kickstart file that you can use it further for multiple installations is to manually perform an installation of RHEL/CentOS 7 and copy, after installation process finishes, the file named anaconda-ks.cfg, that resides in /root path, to an accessible network location, and specify the initrd boot parameter inst.ks=protocol://path/to/kickstart.fileto PXE Menu Configuration File.

Requirements

  1. Setup a PXE Network Boot Server on RHEL/CentOS 7

This tutorial, and the Kickstart file configuration, only covers the Minimal Installation of RHEL/CentOS 7 without a Graphical Installation, basically the Kikstart file resulted from the previous Minimal Installation procedure of RHEL/CentOS 7.

  1. CentOS 7 Minimal Installation Procedure
  2. RHEL 7 Minimal Installation Procedure

If you need a Kickstart file that covers GUI Installation and a specific partition table, I suggest that you first perform a customizable
Graphical Installation of RHEL/CentOS 7 in a virtualized environment and use that resulted Kickstart file for future GUI installations.

Step 1: Create and Copy Kiskstart File to FTP Server Path

1. On the first step go to your PXE machine /root directory and copy the file named anaconda-ks.cfg to Vsftpd default server path (/var/ftp/pub) – also the path for RHEL/CentOS 7 Local Mirror Installation Source configured on PXE network Boot Server – Step 6 (refer PXE Server setup article above).

# cp anaconda-ks.cfg  /var/ftp/pub/
# chmod 755 /var/ftp/pub/anaconda-ks.cfg

2. After the file has been copied, open it with your favorite text editor and make the following minimal changes.

# nano /var/ftp/pub/anaconda-ks.cfg
  1. Replace –url filed with your network installation source location: Ex: –url=ftp://192.168.1.25/pub/
  2. Replace network –bootproto with dhcp in case you have manually configured network interfaces on installation process.

An excerpt on how a Kickstart file might look like is presented below.

#version=RHEL7
# System authorization information
auth --enableshadow --passalgo=sha512

# Use network installation
url --url="ftp://192.168.1.25/pub/"
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=dhcp --device=eno16777736 --ipv6=auto --activate
network  --hostname=localhost.localdomain
# Root password
rootpw --iscrypted $6$RMPTNRo5P7zulbAR$ueRnuz70DX2Z8Pb2oCgfXv4qXOjkdZlaMnC.CoLheFrUF4BEjRIX8rF.2QpPmj2F0a7iOBM3tUL3tyZNKsDp50
# System services
services --enabled="chronyd"
# System timezone
timezone Europe/Bucharest --isUtc
# System bootloader configuration
bootloader --location=mbr --boot-drive=sda
# Partition clearing information
clearpart --none --initlabel
# Disk partitioning information
part pv.20 --fstype="lvmpv" --ondisk=sda --size=19979
part /boot --fstype="xfs" --ondisk=sda --size=500
volgroup centos --pesize=4096 pv.20
logvol /  --fstype="xfs" --grow --maxsize=51200 --size=1024 --name=root --vgname=centos
logvol swap  --fstype="swap" --size=2048 --name=swap01 --vgname=centos

%packages
@compat-libraries
@core
wget
net-tools
chrony

%end
CentOS Kickstart Configuration

Kickstart Configuration

For more advanced Kickstart file options and syntax feel free to read RHEL 7 Kickstart Documentation.

3. Before attempting to use this file for installations procedures, it is important that you verify the file using ksvalidator command included on Pykickstart package, especially if manual customizations had been performed. Install Pykickstart package and verify your Kickstart file by issuing the following commands.

# yum install pykickstart
# ksvalidator /var/ftp/pub/anaconda-ks.cfg
Install Pykickstart in CentOS

Install Pykickstart Package

Verify Kickstart Configuration

Verify Kickstart Files

4. The last verification is to assure that Kickstart file is accessible from your specified network location – in this case FTP Local Mirror Installation Source defined by following URL Address.

ftp://192.168.1.25/pub/
Verify FTP Mirror

Verify FTP Mirror

Step 2: Add Kikstart Installation Label to PXE Server Configuration

5. In order to access Automatic Installation of RHEL/CentOS 7 option from PXE Menu add the following label to PXE default file configuration.

# nano /var/lib/tftpboot/pxelinux.cfg/default

PXE Menu Label excerpt.

For RHEL 7
label 5
menu label ^5) Install RHEL 7 x64 with Local Repo using Kickstart
kernel vmlinuz
append initrd=initrd.img inst.ks=ftp://192.168.1.25/pub/anaconda-ks.cfg inst.vnc inst.vncpassword=password
For CentOS 7
label 5
menu label ^5) Install CentOS 7 x64 with Local Repo using Kickstart
kernel vmlinuz
append initrd=initrd.img inst.ks=ftp://192.168.1.25/pub/anaconda-ks.cfg inst.vnc inst.vncpassword=password
Add Kickstart to PXE Menu

Add Kickstart to PXE Menu

As you can see from this example the automatically installation can be supervised via VNC with password (replace VNC password accordingly) and the Kickstart file is located locally on PXE server and is specified by the initrd boot parameter inst.ks= FTP network location (replace protocol and network location accordingly if you are using other installation methods such as HTTP, HTTPS, NFS or remote Installation Sources and Kickstart files).

Step 3: Configure Clients to Automatically Install RHEL/CentOS 7 using Kickstart

6. To automatically install RHEL/CentOS 7 and supervise the entire installation process, especially on headless servers, instruct your client machine from BIOS
to boot from network, wait a few seconds then press F8 and Enter keys, then select Kickstart option from PXE menu.

PXE Boot Menu

PXE Boot Menu

7. After the kernel and ramdisk loads and detects the Kickstart file, the installation process automatically starts without any intervention from user side needed. If you want to watch the installation process connect with a VNC client from a different computer using the address that the installer provides you and enjoy the view.

Automatic CentOS 7 Installation

Automatic OS Installation

VNC Remote CentOs Installation

Connect to VNC

Kickstart Automatic CentOS Installation

Kickstart Automatic OS Installation

8. After the installation process finishes login to the newly installed system with root account and the password used on previous installation (the
one that you copied the Kickstart file) and change your client root password by running passwd command.

Connect to New Installed Server

Connect to New Installed Server

That’s all! Automatic Kickstart installations offer a great deal of benefits for system administrators in environments that they have to perform system installations on multiple machines the same time, in a short period of time, without the need to manually interfere with the installation process.

 

*http://www.tecmint.com/multiple-centos-installations-using-kickstart/

Network Installation of “Debian 7 (Wheezy) on Client Machines using DNSMASQ Network Boot Server

This tutorial will guide you on how you can install Debian 7 (Wheezy) directly from a network location using DNSMASQ as a PXE Server (Preboot eXecution Environment), in case your server doesn’t provide any method to boot from a CD/DVD/USB media drive or it just can operate with an attached monitor, keyboard and mouse.

Network Installation of Debian 7

Debian 7 Network Installation on Client Machines

DNSMASQ is a lightweight network infrastructure server which can provide crucial network services such as DNS, DHCP and Network Boot, using a build-in DNS, DHCP and TFTP server.

Once the PXE server is up and running you can instruct all your clients machines to directly boot from network, with the specifications that your clients must own a network card that supports network booting, which can be enabled from BIOS under Network Boot or Boot Services option.

Requirements

  1. Debian 7 (Wheezy) Installation Guide

Step 1: Install and Configure DNSMASQ Server

1. On first hand, after you install Debian Server assure that your system uses a Static IP Address, because, besides network booting, will also provide DHCP service for your entire network segment. Once the Static IP Address has been configured run the following command from root account or using a user with root powers to install DNSMASQ server.

# apt-get install dnsmasq
Install Dnsmasq in Debian

Install Dnsmasq Package

2. Once DNSMASQ package installed, you can start editing its configuration file. First create a backup of the main configuration and then start editing dnsmasq.conf file by issuing the following commands.

# mv /etc/dnsmasq.conf  /etc/dnsmasq.conf.backup
# nano /etc/dnsmasq.conf
Backup Dnsmasq Configuration

Backup Dnsmasq Configuration

3. The above backup process consisted on renaming the main configuration file, so the new file should be an empty one. Use the following excerpt for DNSMASQ configuration file as described below.

interface=eth0
domain=debian.lan
dhcp-range=192.168.1.3,192.168.1.253,255.255.255.0,1h
dhcp-boot=pxelinux.0,pxeserver,192.168.1.100
pxe-prompt="Press F8 for menu.", 60
#pxe-service types: x86PC, PC98, IA64_EFI, Alpha, Arc_x86, Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
pxe-service=x86PC, "Install Debian 7 Linux from network server 192.168.1.100", pxelinux
enable-tftp
tftp-root=/srv/tftp
Configuration of Dnsmasq

Configuration of Dnsmasq

  1. interface – The network interface that the server should listen.
  2. domain – Replace it with your domain name.
  3. dhcp-range – Replace it with your network IP range defined by your network mask.
  4. dhcp-boot – Leave it as default but replace the IP statement with your server IP Address.
  5. pxe-prompt – Leave it as default – requires F8 key strike to enter menu 60 with seconds wait time.
  6. pxe=service – Use x86PC for 32-bit/64-bit architectures and enter a menu description prompt under string quotes. Other values types can be: PC98, IA64_EFI, Alpha, Arc_x86, Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI.
  7. enable-tftp – Enables the build-in TFTP server.
  8. tftp-root – Use /srv/tftp is the location for Debian netboot files.

Step 2: Download Debian Netboot Files and Open Firewall Connection

4. Now it’s time to download Debian Network Boot files. First, change your current working directory path to TFTP Root location defined by the last configuration statement (/srv/tftp system path ).

Go to a offical page mirror of Debian NetinstallNetwork boot section and grab the following files depending on your system architecture that you want to install it on your clients.

Once, you download netboot.tar.gz file, extract archive at the same time (this procedure describes only for 64-bit but the same procedure applies for other system architectures).

# cd /srv/tftp/
# wget http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/netboot.tar.gz
# tar xfz netboot.tar.gz
# wget http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/SHA256SUMS
# wget http://ftp.nl.debian.org/debian/dists/wheezy/Release
# wget http://ftp.nl.debian.org/debian/dists/wheezy/Release.gpg

Also it may be necessary to make all files in TFTP directory readable for TFTP server.

# chmod -R 755 /srv/tftp/
Download Debian NetBoot Files

Download Debian NetBoot Files

Use the following variables for Debian Netinstall mirrors and architectures.

# wget http://"$YOURMIRROR"/debian/dists/wheezy/main/installer-"$ARCH"/current/images/netboot/netboot.tar.gz
# wget http://"$YOURMIRROR"/debian/dists/wheezy/main/installer-"$ARCH"/current/images/SHA256SUMS
# wget http://"$YOURMIRROR"/debian/dists/wheezy/Release
# wget http://"$YOURMIRROR"/debian/dists/wheezy/Release.gpg

5. On the next step start or restart DNSMASQ daemon and run netstat command to get a list of ports that the server is listening.

# service dnsmasq restart
# netstat -tulpn | grep dnsmasq
Start Dnsmasq Service

Start Dnsmasq Service

6. Debian based distribution usually ships with UFW Firewall package. Use the following commands to open the required DNSMASQ port numbers: 67 (Bootps), 69 (TFTP) 53 (DNS), 4011 (proxyDHCP) udp and 53 tcp (DNS).

# ufw allow 69/udp
# ufw allow 4011/udp   ## Only if you have a ProxyDHCP on the network
# ufw allow 67/udp
# ufw allow 53/tcp
# ufw allow 53/udp
Open Dnsmasq Ports

Open Dnsmasq Ports

Now, the PXE loader located on your client network interface will load pxelinux configuration files from /srv/tftp/pxelinux.cfg directory using this order.

  1. GUID files
  2. MAC files
  3. Default file

Step 3: Configure Clients to Boot from Network

7. To enable network boot for a client computer enter your system BIOS configuration (please consult the hardware motherboard vendor documentation for entering BIOS settings).

Go to Boot menu and select Network boot as the primary boot device (on some systems you can select the boot device without entering BIOS configuration just by pressing a key during BIOS POST).

Select BIOS Settings

Select BIOS Settings

8. After editing the boot order sequence, usually, press F10 to save BIOS settings. After reboot, your client computer should boot directly from network and the first PXE prompt should appear demanding you to press F8 key to enter menu.

Next, hit F8 key to move forward and a new prompt should appear. Hit Enter key again and the main Debian Installer prompt should appear on your screen as in the screenshots below.

Boot Menu Selection

Boot Menu Selection

Select Debian Installer Boot

Select Debian Installer Boot

Select Debian Install

Select Debian Install

From here on you can start install Debian on your machine using the Debian 7 Wheezy procedure (installation link given above), but you can also need to make sure that your machine has an active Internet connection in order to be able to finish installation process.

Step 4: Debug DNSMASQ Server and Enable it System-Wide

9. To diagnosticate the server for eventual occurred problems or other information offered to clients run the following command to open log file.

# tailf /var/log/daemon.log
Debug DNSMASQ Server

Debug DNSMASQ Server

10. If everything is in place during server tests you can now enable DNSMASQ daemon to automatically start after system reboot with the help of sysv-rc-conf package.

# apt-get install sysv-rc-conf
# sysv-rc-conf dnsmaq on
Enable DNSMASQ Daemon

Enable DNSMASQ Daemon

That’s all! Now your PXE server is ready to allocate IP addresses (DHCP) and to offer the required boot information for all your network segment clients which will be configured to boot and install Debian Wheezy from network.

Using PXE network boot installation has some advantages on networks with an increased number of server hosts because you can set up the entire network infrastructure in a short period of time or the same time, facilitates the distribution upgrading process, and, can also automate the entire installation process using kickstart files.

 

*http://www.tecmint.com/network-installation-of-debian-7-on-client-machines/

Adding Ubuntu 14.10, Ubuntu 14.04 and Debian 7 to PXE Network Boot Environment Setup on RHEL/CentOS 7

This tutorial will guide you on how to add Ubuntu 14.10 Server, Ubuntu 14.04 Server and Debian 7 Wheezy distributions to PXE Network Boot Environment Setup on RHEL/CentOS 7.

 

Although for the purposes of this tutorial, I will only demonstrate how you can add 64-bit Network Installation Images, the same procedure can also be applied for Ubuntu or Debian 32-bit or other architectures images. Also, the process of adding Ubuntu 32-bit sources will be explained but not configured on my premises.

Installing Ubuntu or Debian from a PXE Server requires that your client machines must have an active Internet connection, preferably configured through NAT with DHCP dynamic addresses allocation, in order for the installer to pull the required packages and finish the installation process.

Requirements

  1. Install PXE Network Boot Server for Multiple Linux Distribution Installations in RHEL/CentOS 7

Step 1: Add Ubuntu 14.10 and Ubuntu 14.04 Server to PXE Menu

1. Adding Network Installation Sources for Ubuntu 14.10 and Ubuntu 14.04 to PXE Menu can be achieved in two ways: One is by downloading the Ubuntu CD ISO Image and mount it on PXE Server machine in order to access Ubuntu Netboot files and the other is by directly downloading Ubuntu Netboot archive and extract it onto the system. Further I will discuss both methods:

Using Ubuntu 14.10 and Ubuntu 14.04 CD ISO Image

In order to use this method your PXE server needs a functional CD/DVD drive. On an arbitrary computer go to Ubuntu 14.10 Download and Ubuntu 14.04 Download page, grab the 64-bit Server Install Image, burn it to a CD, place the CD image to PXE Server DVD/CD drive and mount it on your system using the following command.

# mount /dev/cdrom  /mnt

In case your PXE server machine has no CD/DVD drive you can download Ubuntu 14.10 and Ubuntu 14.04 ISO Image locally using wget command line and mount it on your server on the same above path by issuing the following commands (download and mount the CD).

On Ubuntu 14.10
------------------ On 32-Bit ------------------

# wget http://releases.ubuntu.com/14.10/ubuntu-14.10-server-i386.iso
# mount -o loop /path/to/ubuntu-14.10-server-i386.iso /mnt
------------------ On 64-Bit ------------------

# wget http://releases.ubuntu.com/14.10/ubuntu-14.10-server-amd64.iso
# mount -o loop /path/to/ubuntu-14.10-server-amd64.iso /mnt
On Ubuntu 14.04
------------------ On 32-Bit ------------------

# wget http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-i386.iso
# mount -o loop /path/to/ubuntu-14.04.1-server-i386.iso /mnt
------------------ On 64-Bit ------------------

# wget http://releases.ubuntu.com/14.04/ubuntu-14.04.1-server-amd64.iso
# mount -o loop /path/to/ubuntu-14.04.1-server-amd64.iso /mnt

Using Ubuntu 14.10 and Ubuntu 14.04 Netboot Image

For this approach download Ubuntu Netboot Images onto PXE Server using the following commands.

On Ubuntu 14.04
------------------ On 32-Bit ------------------

# cd
# wget http://archive.ubuntu.com/ubuntu/dists/utopic/main/installer-i386/current/images/netboot/netboot.tar.gz
------------------ On 64-Bit ------------------

# cd
# http://archive.ubuntu.com/ubuntu/dists/utopic/main/installer-amd64/current/images/netboot/netboot.tar.gz
On Ubuntu 14.04
------------------ On 32-Bit ------------------

# cd
# wget http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/installer-i386/current/images/netboot/netboot.tar.gz
------------------ On 64-Bit ------------------

# cd
# wget http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/installer-amd64/current/images/netboot/netboot.tar.gz 

For other processor architectures visit Ubuntu 14.10 and Ubuntu 14.04 Netboot Official pages at following locations and select your architecture type and download the required files.

  1. http://cdimage.ubuntu.com/netboot/14.10/
  2. http://cdimage.ubuntu.com/netboot/14.04/

2. After you have downloaded the ISO Images or Netboot Installer archives copy the entire ubuntu-installer folder to PXE tftp server location by issuing the following commands depending on the method you have chosen.

A). For both CD ISO Images (32-bit or 64-bit) use the following command after you mounted the specific architecture CD onto PXE Server /mnt system path.

# cp -fr /mnt/install/netboot/ubuntu-installer/ /var/lib/tftpboot/

B). For Netboot archives run the following commands depending on the specific Ubuntu architecture.

# cd
# tar xfz netboot.tar.gz
# cp -rf ubuntu-installer/ /var/lib/tftpboot/

If you want to use both Ubuntu Server architectures on PXE Server, first download, mount or extract, depending on the case, the 32-bit architecture and copy ubuntu-installer directory to /var/lib/tftpboot, then unmount the CD or delete the Netboot archive and the extracted files and folders, and, repeat the same steps with 64-bit architecture, so that the final tftp path should have the following structure.

/var/lib/tftpboot/ubuntu-installer/amd64
/var/lib/tftpboot/ubuntu-installer/i386

3. On the next step add the Ubuntu 14.10 and Ubuntu 14.04 Menu labels to PXE Server default configuration file by issuing the following command.

Important: It’s not possible for me to show the instructions for both Ubuntu versions, that’s the reason for demonstration purpose, I’m adding Ubuntu 14.04 Menu lable to PXE Server, but the same following instructions also applied to Ubuntu 14.10, only with minor changes to version numbers, just change the version numbers and path to OS architecture according to your Ubuntu distributions.

Open PXE default configuration file with the help of your favourite text editor, in my case it’s nano editor.

# nano /var/lib/tftpboot/pxelinux.cfg/default

Next, add the following configurations to PXE Menu.

For Ubuntu 14.04 32-bit
label 1
menu label ^1) Install Ubuntu 14.04 x32
        kernel ubuntu-installer/i386/linux
        append vga=788 initrd=ubuntu-installer/i386/initrd.gz -- quiet

label 2
menu label ^2) Ubuntu 14.04 Rescue Mode x32
        kernel ubuntu-installer/i386/linux
        append vga=788 initrd=ubuntu-installer/i386/initrd.gz rescue/enable=true -- quiet
For Ubuntu 14.04 64-bit
label 5
menu label ^5) Install Ubuntu 14.04 x64
        kernel ubuntu-installer/amd64/linux
        append vga=788 initrd=ubuntu-installer/amd64/initrd.gz -- quiet

label 5
menu label ^6) Ubuntu 14.04 Rescue Mode
        kernel ubuntu-installer/amd64/linux
        append vga=788 initrd=ubuntu-installer/amd64/initrd.gz rescue/enable=true -- quiet
Add Ubuntu 14.04 to PXE Boot

Add Ubuntu to PXE Boot

Note: If you want to include other Ubuntu architectures, follow the same above instructions and replace label numbers and ubuntu-installer/$architecture_name/ directory accordingly on PXE default menu configuration file.

4. After you have configured PXE menu configuration file, clean up the sources depending on the employed method and proceed with client PXE installations to test your configuration.

---------------------- For CD/DVD Method ----------------------

# umount /mnt 
---------------------- For Netboot Method ----------------------

# cd && rm -rf ubuntu-installer/netboot.tar.gz pxelinux.* version.info  

Below are some screenshots for Ubuntu 14.04 PXE Clients installations testing.

Select Ubuntu from PXE Menu

Select Ubuntu from PXE Menu

Select Ubuntu Installation Language

Choose Ubuntu Installation Language

Select Ubuntu Rescue Mode

Choose Ubuntu Rescue Mode

Ubuntu Rescue Mode Shell

Ubuntu Rescue Mode Shell

Step 2: Add Debian 7 Wheezy to PXE Menu

5. Adding Debian 7 to a PXE Server, requires the same steps as for Ubuntu Server Edition as explained above, the only differences being the Netboot archive images download links and the name for the sources directory, which is now debian-installer.

To download Debian Wheezy Netboot archives, go to official Debian Netinstall Download page, choose your desired system architecture from Network Boot menu, then hit the netboot link from Directory list and download the netboot.tar.gz archive from Filename list.

While Debian offers Netboot Installation Sources for a multitude of system architectures, such as Armel, ia64, Mips, PowerPC, Sparc etc, in this guide I will only discuss 64-bit architecture because the process of adding other architectures sources is almost the same as the current one, the only difference being the debian-installer/$directory_architecture name.

So, to proceed further, login to your PXE Server with root account and grab Debian 7 64-bit Netboot archive by issuing the below command.

# wget  http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/netboot.tar.gz
Download Debain 7 Netboot

Download Debain 7 Netboot

6. After wget finishes downloading the netboot.tar.gz file, extract it and copy debian-installer directory to tftp server default path by
running the following commands.

# tar xfz netboot.tar.gz
# cp -rf debian-installer/ /var/lib/tftpboot/
Extract Debain 7 Netboot

Extract Debain 7 Netboot

Copy Debain 7 Netboot to FTP

Copy Debain 7 Netboot to FTP

7. To add Debian Wheezy labels to PXE Menu, open PXE Server default configuration file with your favorite text editor and add the below labels.

# nano /var/lib/tftpboot/pxelinux.cfg/default

PXE Label Menu for Debian Wheezy 64-bit.

label 7
menu label ^7) Install Debian 7 x64
        kernel debian-installer/amd64/linux
        append vga=788 initrd=debian-installer/amd64/initrd.gz -- quiet

label 8
menu label ^8) Install Debian 7 x64 Automated
       kernel debian-installer/amd64/linux
       append auto=true priority=critical vga=788 initrd=debian-installer/amd64/initrd.gz -- quiet
Add Debian to PXE Boot

Add Debian to PXE Boot

Note: If you want to add other Debian architectures repeat the above steps and replace label numbers and debian-installer/$architecture_name/ directory accordingly on PXE default menu configuration file.

8. Before testing the configuration on clients side, clean up Debian sources by issuing the following command.

# cd && rm -rf debian-installer/  netboot.tar.gz  pxelinux.*  version.info 

9. Then network boot a client machine, choose Install Debian from PXE menu and proceed further with the installation as normally.

Select Install Debian from PXE

Select Install Debian from PXE

Select Debian Install Language

Select Debian Install Language

That’s all the steps required to add and install Ubuntu or Debian from a RHEL/CentOS 7 PXE Server onto your network client machines.

 

*http://www.tecmint.com/add-ubuntu-to-pxe-network-boot/

Reset Your Forgotten Root Password On RHEL 7

Sometimes you forget stuff like meetings, seminars,passwords etc. I do. But forgetting a password to a Servers with no easy way to reset it while locked outRedhat servers is one of such systems. If you forget the root password to your RHEL 7 SERVERS, it’s almost virtually impossible to reset it while you’re locked out.

Here i Discuss an easy way to reset password in RHEL 7 servers or  Centos 7

Interrupt the boot process in order to gain access to a system.for this press the arrow keys in keyboard

At the boot menu, press e to edit the existing kernel . Then, go to the kernel line (the line starting with linux16) .

Then add the statement rd.break at the end as shown below:

Then press Ctrl-x to start the boot process

Then mount the /sysroot/ in read/write mode. By default it mount as a read only mode.

Then execute the chroot command on the /sysroot partition

Now Change the root password by using the passwd command

Then execte the command as like below

Enjoy with new password.

http://www.unixmen.com/reset-your-forgotten-root-password-on-rhel-7/

Password Management in Linux by using passwd command

A password(commonly knows as passwd in linux) is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Typically, users of a multiuser or securely protected single-user system claim a unique name (called a user ID) that can be generally known. In order to verify that someone entering that user ID really is that person, a second identification, the password, known only to that person and to the system itself, is entered by the user. Most networks require that end users change their passwords on a periodic basis.

passwd command

The passwd command is used to create and change the password of a user account. A normal user can run passwd to change their own password, and a system administrator (the superuser ROOT) can use passwd to change another user’s password, or define how that account’s password can be used or changed.

PASSWD SYNTAX

passwd [OPTION] [USER]
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the named account (root only)
-u, --unlock unlock the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration
(root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes 
disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)

Change the password for Normal user

When you logged in as non-root user like user1 in my case and run passwd command then it will reset password of logged in user.

[user1@localhost ~]$ passwd
Changing password for user user1.
Changing password for user1.
(current) UNIX password:
New password:
Retype new password:
passwd: 
all authentication tokens updated successfully.

When you logged in as root user and run passwd command then it will reset the root password by default and if you specify the user-name after passwd command then it will change the password of that particular user.

Display Password Status Information

To display password status information of a user , use -S option in passwd command.

[root@localhost ~]# passwd -S user1
user1 PS 2016-04-21 0 99999 7 -1 (Password set, SHA512 crypt.)

In the above output first field shows the user name and second field shows Password status ( PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was changed and last & fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.

we can display password status information for all users at a time by using the option –Sa

root@localhost:~# passwd -Sa

Removing Password of a User

we can remove the password for particular user by using option -d

[root@localhost ~]# passwd -d user1
Removing password for user user1.
passwd: Success
[root@localhost ~]#

Lock the password of System User

Use ‘-l‘ option in passwd command to lock a user’s password, it will add “!” at starting of user’s password. A User can’t Change it’s password when his/her password is locked.

[root@localhost ~]# passwd -l user1
Locking password for user user1.
passwd: Success

Unlock User’s Password using -u option

use -u option to unlock the user accounts locked by passwd -l option

[root@localhost ~]# passwd -u user1
Unlocking password for user user1.
passwd: Success

Setting inactive days using -i option

use -i option along with  passwd command to set inactive days for a system user. This will come into the picture when password of user  expired and user didn’t change its password in ‘n‘ number of days ( i.e 7 days in my case)  then after that user will not able to login.

[root@localhost ~]# passwd -i 7 user1
Adjusting aging data for user user1.
passwd: Success
[root@localhost ~]# passwd -S user1
user1 PS 2016-04-21 0 99999 7 7 (Password set, SHA512 crypt.)
[root@localhost ~]#

Setting Minimum No.of Days to Change Password using passwd -n option

Using the option -n along with passwd command we can set the minimum number of days to change the password. A value of zero shows that user can change it’s password in any time.

[root@localhost ~]# passwd -n 90 user1
Adjusting aging data for user user1.
passwd: Success
[root@localhost ~]# passwd -S user1
user1 PS 2016-04-21 90 99999 7 7 (Password set, SHA512 crypt.)
[root@localhost ~]#

Setting the  Warning days before password expire using passwd -w option

Using the option -w along with passwd can be used to set the warning days before the password expires.

[root@localhost ~]# passwd -w 30 user1
Adjusting aging data for user user1.
passwd: Success
[root@localhost ~]# chage -l user1
Last password change                                    : Apr 21, 2016
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 90
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 30
[root@localhost ~]#



http://www.unixmen.com/password-management-linux-using-passwd-command/