Create Keytab File for Kerberos Authentication in Active Directory
This article covers how to create keytab files for Kerberos. Active Directory uses Kerberos version 5 as authentication protocol in order to provide authentication between server and client. Kerberos protocol is built to protect authentication between server and client in an open network where other systems also connected.
The Kerberos Keytab file contains mappings between Kerberos Principal names and DES-encrypted keys that are derived from the password used to log into the Kerberos Key Distribution Center (KDC).
The Kerberos Keytab file contains mappings between Kerberos Principal names and DES-encrypted keys that are derived from the password used to log into the Kerberos Key Distribution Center (KDC).
The keytab is generated by running kadmin and issuing the ktadd command. If you generate the keytab file on another host, you need to get a copy of the keytab file onto the destination host ( trillium , in the above example) without sending it unencrypted over the network.
To Create a Kerberos principal and keytab files for each encryption type you use:
1. Log on as theKerberos administrator (Admin) and create a principal in the KDC.
You can use cluster-wide or host-based credentials.
The following is an example when cluster-wide credentials are used. It shows MIT Kerberos with admin/cluster1@EXAMPLE.COM as the Kerberos administrator principal:
bash-3.00$ kadmin -p admin@EXAMPLE.COM
kadmin: add_principal vemkd/cluster1@EXAMPLE.COM
Enter password for principal "vemkd/cluster1@EXAMPLE.COM": password
Re-enter password for principal "vemkd/cluster1@EXAMPLE.COM": passwordCopy code
If you do not create a VEMKD principal, the default value of vemkd/clustername@Kerberos_realm is used.
2. Obtain the key of the principal by running the subcommand getprinc principal_name.
3. Create the keytab files, using the ktutil command:
Create a keytab file for each encryption type you use by using the add_entry command.
For example, run ktutil: add_entry -password -p principal_name -k number -e encryption_type for each encryption type.
Add MySQL Service on WebsitePanel - Do it now
This article covers how to add MySQL service in websitepanel.
WebsitePanel began as DotNetPanel, which its creators made only for the Windows web technology platform as a Windows hosting panel.
To add MySQL Service on WebsitePanel, follow the steps provided below:
1. Download the installation file from here. Choose to skip registration and start the download.
2. Run the .msi file to start the installation. Click “Next” when prompted.
3. Select the product to upgrade, then click “Next“.
4. Click “Execute” to apply the update.
5. Click “Next” to configure the product.
6. If you already have a database within your server, the installer will check and update your database. Type in the correct password and then press “Check“, then press “Next” when the connection is successful.
7. Click “Execute” to apply the configuration, then “Next” to finish this part of the installation.
8. Click “Next” to proceed.
9. The installation is completed, click “Finish” to continue.
10. This shows the product you have installed, you can close the installer here or click “Add…” to install additional products such as MySQL Server ver 5.7
11. Select the “CONFIGURATION” tab and click “Servers” from the drop-down list.
12. Next, click on “My Server“, scroll down and search for “MySQL 5” tab (since we have installed MySQL 5.5 by default).
13. Click on the small “Add” besides the “MySQL 5” tab to add MySQL service to WebsitePanel.
14. From the drop-down list, choose the version of MySQL that had been installed (MySQL Server 5.5 in our case), then click "Add Service".
15. You will see a message saying that installation of MySQL Connector/Net is required, follow the instructions and download the installer.
16. Run the downloaded installer but DO NOT choose “Typical Installation“, choose “Custom Installation” instead and remove the entire “Web Providers” section from your installation as it will give a nasty error after installation. Proceed with the installation by clicking “Next” and then “Install“.
17. Return to the MySQL Service Properties page, fill in the password with the password used to login to MySQL root account and then click “Update” at the bottom of the page. If the password entered is correct, the MySQL service will be successfully added to the list of server services.
Virtuozzo VS Hyper-V - Which is better
This article covers some comparison between Virtuozzo VS Hyper-V.
Hyper-V and Virtuozzo are both popular VPS platforms used by a large number of web hosting providers for the provisioning of Windows VPS hosting services, with Virtuozzo being favoured for Windows Server 2003 VPS hosting and Hyper-V being the most reliable solution for Windows Server 2008 VPS hosting services.
Advantages of using Virtuozzo over Hyper-V include:
1. Direct Linux support – Virtuozzo can be installed on their Windows or Linux VPS hosting nodes, and although Hyper-V can be used for the hosting of virtual machines running Linux it is only available for use on Windows Server 2008.
2. Web based control panel (Parallels Power Panel) – the Parallels Power Panel will allow users to manage their Linux or Windows VPS hosting server from a web based interface meaning that if they aren't in a situation where they can access their VPS server via Remote Desktop then they can use the Power Panel to restart their VPS server if necessary or to kill any services or processes which may be overloading their VPS server’s resources.
3. Separate application – the fact that Virtuozzo is a separate application which can be installed on top of the operating system can have its advantages in some cases, for example if a web hosting providers wishes to discontinue using a server for VPS server hosting then all they have to do is uninstall the application from their server, although in most cases it is advised to do an OS reload anyway to ensure that you have a blank canvas to start with.
Advantages of using Hyper-V over Virtuozzo:
1. Cost – with Virtuozzo VPS hosting web hosting providers have to pay for the cost of the Virtuozzo application and the cost of the operating system license, but because Hyper-V is part of the Windows Server 2008 operating system they will only need to pay for the operating system license – this can help to reduce the costs of Hyper-V VPS hosting services and as the cost of the operating system falls, prices will fall further and will eventually meet Virtuozzo Windows Server 2003 hosting services when it comes to price which will mean that people will gradually move over to using Windows Server 2008 VPS hosting.
2. Reliability – as Hyper-V is part of the Window Server 2008 operating system, web hosting providers are able to guarantee reliable Windows Server 2008 VPS server hosting services.
3. Native support for Windows Server 2008 – although Virtuozzo may have support for Windows Server 2008, it hasn’t been able to offer the most reliable of Windows Server 2008 VPS hosting services.
Unable to add bridge port vnet0 No such device - Fix it now ?
This article covers how to resolve the error, Unable to add bridge port vnet0: No such device which happens when the bridge device specified in the guest's (or domain’s) <interface> definition does not exist.
Theerror messages reveal that the bridge device specified in the guest's (or domain's) <interface> definition does not exist.
To verify the bridge device listed in the error message does not exist, use the shell command ifconfig br0.
A message similar to this confirms the host has no bridge by that name:
br0: error fetching interface information: Device not found
If this is the case, continue to the solution.
To fix the error, Unable to add bridge port vnet0: No such device :
1. Edit the existing bridge or create a new bridge with virsh
Use virsh to either edit the settings of an existing bridge or network, or to add the bridge device to the host system configuration.
2. Edit the existing bridge settings using virsh
Use virsh edit name_of_guest to change the <interface> definition to use a bridge or network that already exists.
For example, change type='bridge' to type='network', and <source bridge='br0'/> to <source network='default'/>.
Install PowerDNS and PowerAdmin on CentOS 7 - How to do it
This article covers the step by step procedure to install PowerDNS on CentOS 7. PowerDNS (pdns) is an open source DNS server written in C++ and released under GPL License. It has become a good alternative for the traditional DNS server Bind, designed with better performance and low memory requirements.
PowerDNS provides two products, the Authoritative server, and the Recursor.
The PowerDNS Authoritative server can be configured through the different backend, including the plain Bind zone files, RDBMS such as MySQL, PostgreSQL, SQLite3 or LDAP.
To Install PowerDNS on CentOS 7:
1. First let's start by ensuring your system is up-to-date:
$ yum clean all
$ yum -y update
2. Install PowerDNS and backend.
First, you need to enable EPEL repository and all required packages on your system:
$ yum install epel-release
$ yum install bind-utils pdns pdns-recursor pdns-backend-mysql mariadb mariadb-server
Enable PowerDNS on boot and start PowerDNS server:
$ systemctl enable mariadb
$ systemctl enable pdns
$ systemctl enable pdns-recursor
3. Configure MariaDB.
By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. you should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:
mysql_secure_installation
4. Create PowerDNS Database and User in MariaDB.
Login as a MariaDB root and create a new database and tables:
### mysql -uroot -p
5. Configure PowerDNS.
Open the /etc/pdns/pdns.conf file.
Finally, restart the Power DNS service:
$ systemctl restart pdns.service
$systemctl enable pdns.service
6. Configure Recursor.
Open the /etc/pdns-recursor/recursor.conf file.
Add Remote Linux Host to Cacti for Monitoring - Do it now
This article covers how to add a #Linux host to #Cacti.
Basically, Cacti is a network #monitoring device that creates personalized graphs of server efficiency.
SNMP, short for Simple Network Management Protocol is a protocol used for gathering information about devices in a network. Using SNMP, you can poll metrics such as CPU utilization, memory usage, disk utilization, network bandwidth, and so on.
To install snmp agent on Ubuntu, run the command:
$ sudo apt install snmp snmpd -y
To install #snmp agent On CentOS 8, run the command:
$ sudo dnf install net-snmp net-snmp-utils -y
SNMP starts automatically upon installation.
To confirm this, confirm the status by running:
$ sudo systemctl status snmpd
If the service is not running yet, start and enable it on boot as shown:
$ sudo systemctl start snmpd
To Add Remote Linux Host to Cacti for Monitoring:
1. Install SNMP service on Linux hosts. SNMP, short for Simple Network Management Protocol is a protocol used for gathering information about devices in a network.
2. Configuring SNMP service.
3. Configure the firewall rules for snmp.
4. Adding remote Linux host to Cacti.
To Install and Configure Cacti:
1. Cacti require few more dependencies, run the following command to install them:
yum -y install net-snmp rrdtool net-snmp-utils
2. As we have all the dependencies ready, we can now download the install package from Cacti website.
cd /var/www/html
wget http://www.cacti.net/downloads/cacti-1.1.10.tar.gz
3. You can always find the link to the latest version of the application on Cacti download page. Extract the archive using the following command.
tar xzvf cacti*.tar.gz
4. Rename your Cacti folder using:
mv cacti-1*/ cacti/
5. Now import the Cacti database by running the following command.
cd /var/www/html/cacti
mysql cacti_data < cacti.sql -u root -p
6. The above command will import the cacti.sql database into cacti_data using the user root.
It will also ask you the password of root user before importing the database.
7. Now edit Cacti configuration by running the following command.
nano /var/www/html/cacti/include/config.php
8. Now find the following lines and edit them according to your MySQL database credentials.
/* make sure these values reflect your actual database/host/user/password */
$database_type = 'mysql';
$database_default = 'cacti_data';
$database_hostname = 'localhost';
$database_username = 'cacti_user';
$database_password = 'StrongPassword';
$database_port = '3306';
$database_ssl = false;
