Search

Ads

Friday, November 20, 2009

How to improve a wireless network to be the Best

10 tips for improving your wireless network

Extend the range and the strength of your wireless network

* *
* *

If Windows ever notifies you about a weak signal, it probably means your connection isn't as fast or as reliable as it could be. Worse, you might lose your connection entirely in some parts of your home. If you're looking to improve the signal for your wireless network, try some of these tips for extending your wireless range and improving your wireless network performance.

1.

Position your wireless router (or wireless access point) in a central location.

When possible, place your wireless router in a central location in your home. If your wireless router is against an outside wall of your home, the signal will be weak on the other side of your home. Don't worry if you can't move your wireless router, because there are many other ways to improve your connection.

Bad router and good router comparison

2.

Move the router off the floor and away from walls and metal objects (such as metal file cabinets).

Metal, walls, and floors will interfere with your router's wireless signals. The closer your router is to these obstructions, the more severe the interference, and the weaker your connection will be.

3.

Replace your router's antenna.

The antennas supplied with your router are designed to be omni-directional, meaning they broadcast in all directions around the router. If your router is near an outside wall, half of the wireless signals will be sent outside your home, and much of your router's power will be wasted. Most routers don't allow you to increase the power output, but you can make better use of the power. Upgrade to a hi-gain antenna that focuses the wireless signals only one direction. You can aim the signal in the direction you need it most.

Standard antenna and hi-gain antenna examples

4.

Replace your computer's wireless network adapter.

Wireless network signals must be sent both to and from your computer. Sometimes, your router can broadcast strongly enough to reach your computer, but your computer can't send signals back to your router. To improve this, replace your laptop's PC card-based wireless network adapter with a USB network adapter that uses an external antenna. In particular, consider the Hawking Hi-Gain Wireless USB network adapter, which adds an external, hi-gain antenna to your computer and can significantly improve your range.

Laptops with built-in wireless typically have excellent antennas and don't need to have their network adapters upgraded.

5.

Add a wireless repeater.

Wireless router and wireless repeater

Wireless repeaters extend your wireless network range without requiring you to add any wiring. Just place the wireless repeater halfway between your wireless access point and your computer, and you'll get an instant boost to your wireless signal strength. Check out the wireless repeaters from ViewSonic, D-Link, Linksys, and Buffalo Technology.

6.

Change your wireless channel.

Wireless channels

Wireless routers can broadcast on several different channels, similar to the way radio stations use different channels. In the United States and Canada, these channels are 1, 6, and 11. Just like you'll sometimes hear interference on one radio station while another is perfectly clear, sometimes one wireless channel is clearer than others. Try changing your wireless router's channel through your router's configuration page to see if your signal strength improves. You don't need to change your computer's configuration, because it'll automatically detect the new channel.

7.

Reduce wireless interference.

If you have cordless phones or other wireless electronics in your home, your computer might not be able to "hear" your router over the noise from the other wireless devices. To quiet the noise, avoid wireless electronics that use the 2.4GHz frequency. Instead, look for cordless phones that use the 5.8GHz or 900MHz frequencies.

8.

Update your firmware or your network adapter driver.

Router manufacturers regularly make free improvements to their routers. Sometimes, these improvements increase performance. To get the latest firmware updates for your router, visit your router manufacturer's Web site.

Similarly, network adapter vendors occasionally update the software that Windows XP uses to communicate with your network adapter, known as the driver. These updates typically improve performance and reliability. To get the updates, visit Microsoft Update, and then under Select by Type click Hardware, Optional. Install any updates relating to your wireless network adapter. It wouldn't hurt to install any other updates while you're visiting Microsoft Update, too.

Note When you go to Microsoft Update, you have two options: the Express Install for critical and security updates and Custom Install for high priority and optional updates. You may find more driver updates when you use Custom Install.

9.

Pick equipment from a single vendor.

While a Linksys router will work with a D-Link network adapter, you often get better performance if you pick a router and network adapter from the same vendor. Some vendors offer a performance boost of up to twice the performance when you choose their hardware: Linksys has the SpeedBooster technology, and D-Link has the 108G enhancement.

10.

Upgrade 802.11b devices to 802.11g.

802.11b is the most common type of wireless network, but 802.11g is about five times faster. 802.11g is backward-compatible with 802.11b, so you can still use any 802.11b equipment that you have. If you're using 802.11b and you're unhappy with the performance, consider replacing your router and network adapters with 802.11g-compatible equipment. If you're buying new equipment, definitely choose 802.11g.

Wireless networks never reach the theoretical bandwidth limits. 802.11b networks typically get 2-5Mbps. 802.11g is usually in the 13-23Mbps range. Belkin's Pre-N equipment has been measured at 37-42Mbps.

Securing Exchange Server 2003 with ISA Server 2004

Securing Exchange With ISA Server 2004

You might be thinking that running Exchange Server 2003 on the Internet itself is tempting, however you should be concerned with the security issues in doing so -- there are many attacks and automated scripts in the hands of hackers that pound on Exchange machines and attempt to compromise them. Outlook Web Access can be a useful option, however there are security issues with deploying this as well. And the fact remains that sometimes you absolutely need to provide full access for Microsoft Outlook clients, and the Web Access front-end just won't cut it.

This article will highlight the security issues involved with providing Outlook Web Access or full Outlook client connections over the Internet, and then discuss how Microsoft's new ISA Server 2004 can be configured to mitigate these threats. We'll start with Outlook Web Access (OWA) as the simplest solution.

Before we begin, however, please note that this article does not focus on securing the Exchange message transfer agent (MTA) itself, instead we will only look at how to secure remote access to Exchange services from a user's perspective.

Securing Outlook Web Access with ISA 2004

Some of your users might be able to get away with just using Outlook Web Access, the great tool that mimics Outlook's interface in a web browser, in lieu of the traditional Outlook client. OWA is good for Exchange organizations because web browsers are prevalent, affording your users more opportunities to check e-mail while they're away from their desk. As well, the user interface is familiar to your users, so there is very little learning curve involved.

However, there are qualms about Outlook Web Access in regards to security. How might one go about securing it? OWA can use HTTPS -- the secure, tunneled version of the HTTP protocol -- but it lacks any intrusion detection features. More problematically, all versions of OWA but the most recent one do not include a session timeout feature, so clients will remain logged into their OWA session until they click the logout button. Picture an airport Internet kiosk, and your chief financial officer checking his e-mail through OWA. He simply closes the browser when he is finished, but the clever information spy will then re-open the browser after he has walked away, revisit the previous site, and gain access to a very sensitive and important e-mail account. That is certainly a very bad situation, and it's happened before.

The need for ISA 2004

To make OWA secure, there are four things that an administrator, must do:

  • Inspect all SSL traffic at the application layer to make sure the traffic is what it claims to be. This prevents a significant portion of today's attacks.
  • Maintain wire privacy, as sensitive information is very often transmitted through e-mail.
  • You need to enforce the HTTP and HTML standards to make sure that nefarious code doesn't sneak through via weaknesses in these protocols and standards.
  • You want to block URL-based attacks by enforcing only known URLs. This protects you against attacks that request unusual actions, have a large number of characters, or are encoded using an alternate character set.

All in all, when you have this quadruple-layered security scenario protecting OWA, you can feel reasonably confident that data trusted to OWA's mechanisms is secure.

Enter ISA Server 2004, which can help you enforce the above requirements. When you put ISA Server in front of your OWA front-end server or servers, there are numerous benefits. The ISA Server in effect becomes the bastion host, terminating all connections with its Web Proxy feature, decrypting HTTPS to inspect the content of the packets transmitted through the machine, enforcing known-URL access with URLScan, and ultimately re-encrypting everything for transmission to the OWA server, living safely behind the ISA frontline machine.

Pre-authentication of connections

ISA 2004 also provides another benefit: pre-authentication of connections. Here's how that works: the ISA Server actually hosts the forms that a user is used to seeing -- such as the login screen. This screen queries the user for her credentials, and once the user enters them into the form, ISA verifies them against Active Directory. Note that RADIUS is also supported, so even ISA machines that do not trust or are not members of a domain can do this pre-authentication. ISA then takes the result of that verification and embeds the credentials into the actual HTTP headers of the packets that it forwards to the front-end OWA server, so the user doesn't get a second prompt. In effect, the ISA server is vetting your users with an actual OWA form, ensuring they are who they say they are, and actually authenticating them at the perimeter of your network, before the packets ever hit the OWA server.

Figure 1, below, shows an overview of this process.

Figure 1.
Figure 1: Forms-based authentication with ISA Server 2004 and OWA

More information on how you would configure this environment is available as a step-by-step document from Microsoft. Tom Shinder also has a great reference for configuring firewall publishing rules to allow external access to OWA sites at ISAServer.org.

Issues with the Outlook Client and VPN

VPN clients, present in all versions of Windows, are the typical choice for anyone needing to provide full Outlook client functionality to users across the Internet. However, VPN security leaves a lot to be desired, at least out of the box: while PPTP can be made secure, doing so requires an extensive knowledge of both the machines running the VPN software (a feat not always possible when you're dealing with your users' home machines) and a deep familiarity with encryption techniques and settings. Of course, there are also logistical hurdles you'll jump through when using a VPN -- they simply won't work in some public locations because of firewalls blocking the needed ports, there are problems with using IPsec and L2TP across the Internet because of packet fragmentation issues, and other issues. And finally, while VPNs are useful tools to connect remote clients to corporate networks, they are less useful for connecting from a corporate network to an application service provider (ASP) that might be running your Exchange servers for you.

So therein lies the problem: how does one provide secure access to an Exchange server for remote users while not making those users jump through hoops to get access to their groupware application? The best answer to this may be to deploy a machine running Microsoft Internet Security and Acceleration Server 2004.

Securing the Outlook client with Exchange 2003 RPC and ISA 2004

The grim reality is that people have grown at best accustomed, and at worst absolutely dependent, on full Outlook client functionality. For example, suppose your corporation has standardized on LookOut, the popular Outlook search plug-in, or perhaps you have a third-party calendaring and agenda plug-in. You might also require the ability to synchronize your mailbox with a handheld PDA-like device, or your users might need Outlook 2003's ability to work seamlessly offline, with full Outlook functionality even when not connected to an Exchange server. Your front-line customer service users may depend heavily on custom functionality offered by client-side rules, or your organization may require its users to take advantage of a standard, business-wide address book.

Security features in Exchange 2003

Exchange 2003 itself has made great strides in this area, enabling new functionality called RPC-over-HTTP. RPC-over-HTTP is a beneficial addition to the product, because it allows RPC requests to be encapsulated in the HTTP protocol, for which most firewalls are already configured and allow access. RPC-over-HTTP depends on an element of Exchange 2003 called the RPC proxy, an ISAPI extension running in IIS (actually on a front-end Outlook Web Access server) that sets up an RPC session after authentication. Essentially, the Outlook client connects to this filter using RPC-over-HTTP, and the filter terminates the "over-HTTP" portion of the connection, takes out the RPC requests, and passes them back to the Exchange server.

However, RPC-over-HTTP isn't a panacea. It only supports basic HTTP authentication, so you need to make sure such the HTTP connection uses SSL. Also, there is no support for SecurID, and the limitation here is two-fold. For one, there is no dialog within Outlook 2003 to ask for the SecurID PIN from the user's device. And secondly, Exchange has no built-in, direct ability to proxy authentication requests to an RSA ACE server and not to Active Directory. RADIUS authentication is also not possible with RPC-over-HTTP, nor is the use of client certificates in most cases. So, while RPC-over-HTTP solves some configuration problems and some legitimate security problems, there remain other issues to address.

ISA 2004 and the Exchange RPC Filter

ISA 2004 comes bundled with the Exchange RPC Filter, which takes the good parts of the RPC Proxy element that is included with the raw Exchange 2003 product to allow RPC-over-HTTP connections, and then marries them with a certain intelligence about how Exchange does its business. The Exchange RPC filter is programmed to know how Exchange RPC connections are established and what the proper format for that protocol is. It also allows only Exchange RPC UUIDs to be transmitted, all the while enforcing client authentication and requiring encryption.

Here's how it works:

  • The client connects to the Exchange RPC filter's quasi-portmapper. This piece of the puzzle really isn't a portmapper -- it just acts like one, which reduces the attack surface by only responding to requests for Exchange-based RPC.
  • Once the connection is established, the ISA Server returns the filter's Exchange RPC port numbers. Remember, the client is connecting to the filter which then uses the RPC element proxy in Exchange 2003 itself, so the client never directly touches the Exchange server during this stage.
  • The client, filled with knowledge about the location of RPC ports, logs onto Exchange. During this process, Exchange refers the logon to Active Directory, which makes the final decision on whether the user is authenticated or not.
  • The RPC filter on the ISA Server is monitoring this process the whole time, waiting for the approval from AD that the user is valid. Once it sees that approval, the filter makes sure that the connection is using encryption (if you specify that you want to require it), and then the client sees his mailbox open.

It's also important to note that the entire process just outlined is transparent from the client's perspective. They will see a username and password prompt when they open Outlook and they are away from the corporate network, but once the user enters those credentials, he will see an approximately five second delay and then his mailbox will open. Thus, this solution passes the first litmus test of all security solutions -- make it easy for the user to do things securely.

This solution also protects you from various RPC-based attacks. For example, the ISA RPC filter is immune from reconnaissance attacks and denial of service attacks against the RPC portmapper. All known attacks fail, but even if an attack were successfully able to penetrate the RPC filter, recall that Exchange is still protected since ISA works at the perimeter to vet your connections before they ever touch your Exchange server. This solution is also impervious to service attacks, mainly because such attacks require reconnaissance information that is unavailable. Also, the back end of this RPC filter connection, the ISA to Exchange Server part of the transmission, simply dies if the first part of the connection (the client to the ISA server) isn't correctly positioned or formatted.

How would you go about deploying this solution? Figure 2 shows an example network diagram, with a standalone ISA 2004 machine in the de-militarized zone (DMZ) protecting the back-end Exchange servers and Active Directory. The ISA Server provides the forms-based authentication for OWA that I discussed in the previous section, and also provides secure RPC access for Outlook clients as well.

Figure 2.
Figure 2: An example deployment of ISA Server 2004 to protect public-facing Exchange services

Microsoft has a detailed reference to deploying ISA Server 2004 in front of Exchange front-end and back-end servers on their website.

Setting up Network Connections in Windows 7

The following are the steps to setup different types of connections in Windows 7.


To set up a connection

  • Click Start, and then click Control Panel.
  • Under Network and Internet, click View network status and tasks.
  • Windows 7 network and sharing center

  • From the Network and Sharing Center window, click the Set up a new connection or network link.
  • Windows 7 setup connection or network dialog box

  • From the Set Up a Connection or Network dialog box displayed, there are few options to choose from:
  • * Connect to the Internet - It opens the Connect to the Internet dialog box, where you select the type of connection (wireless, broadband [PPPoE] or dialup) to use. Then, you need to give the information required for you to log on to the Internet service provider (ISP) or wireless network for the type of connection you choose.

    * Set up a new network - This option leads to a wizard that walks you through the steps of configuring a new wireless router or access point.

    * Connect to a workplace - This option opens the Connect to a Workplace dialog box, where you choose between using a VPN or dialup connection for connecting. If you click the Use My Internet Connection (VPN) button, a Connect to a Workplace dialog box opens, where you enter the Internet address and destination name you use to log on to the network at your workplace as provided by the network's administrator. If you click the Dial Directly button, a Connect to Workplace dialog box opens, where you enter the dialup information.

    * Set up a dial-up connection - Using this option opens the Set Up a Dial-Up Connection dialog box, where you enter the dialup information for your ISP, including the phone number, username, and password.


    Note that if you're running Windows 7 on a laptop/computer with wireless capabilities, you can see the Set Up a Connection or Network dialog box contains additional two options:

    * Manually Connect to a Wireless Network - This option enables you to select a network that isn't automatically detected by the computer or create a new wireless connection by using a different wireless network adapter installed on your computer.

    * Set Up a Wireless Ad Hoc (Computer to Computer) Network - You can use this option to create a temporary network connection between two wireless laptop computers for sharing files, peripherals, and the Internet. (Note: The laptops must be within 30 feet of one another.)

  • Depending to the option that you choose, you need to follows the on-screen instructions to complete the setup process.

Step by Step Installation of Windows Server 2008 (Exclusive by Spediawol)

How to Install Windows Server 2008 Step by Step

Installing Windows Server 2008 is pretty straightforward and is very much like installing Windows Vista, but I thought I'd list the necessary steps here for additional information. For those of you who have never installed Vista before, the entire installation process is different than it used to be in previous Microsoft operating systems, and notably much easier to perform.

Using Vista's installation routine is a major benefit, especially for a server OS. Administrators can partition the system's hard drives during setup. More importantly, they can install the necessary AHCI or RAID storage drivers from a CD/DVD or even a USB thumb drive. Thus, error-prone floppies can finally be sent to the garbage bin.

Note: Windows Server 2008 can also be installed as a Server Core installation, which is a cut-down version of Windows without the Windows Explorer GUI. Because you don't have the Windows Explorer to provide the GUI interface that you are used to, you configure everything through the command line interface or remotely using a Microsoft Management Console (MMC). The Server Core can be used for dedicated machines with basic roles such as Domain controller/Active Directory Domain Services, DNS Server, DHCP Server, file server, print server, Windows Media Server, IIS 7 web server and Windows Server Virtualization virtual server.

To use Windows Server 2008 you need to meet the following hardware requirements:

Component

Requirement

Processor

• Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor) • Recommended: 2GHz or faster Note: An Intel Itanium 2 processor is required for Windows Server 2008 for Itanium-based Systems

Memory

• Minimum: 512MB RAM • Recommended: 2GB RAM or greater • Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and Datacenter) • Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and Itanium-based Systems)

Available Disk Space

• Minimum: 10GB • Recommended: 40GB or greater Note: Computers with more than 16GB of RAM will require more disk space for paging, hibernation, and dump files

Drive

DVD-ROM drive

Display and Peripherals

• Super VGA (800 x 600) or higher-resolution monitor • Keyboard • Microsoft Mouse or compatible pointing device

Upgrade notes:

I will not discuss the upgrade process in this article, but for your general knowledge, the upgrade paths available for Windows Server 2008 shown in the table below:

If you are currently running:

You can upgrade to:

Windows Server 2003 Standard Edition (R2, Service Pack 1 or Service Pack 2)

Full Installation of Windows Server 2008 Standard Edition

Full Installation of Windows Server 2008 Enterprise Edition

Windows Server 2003 Enterprise Edition (R2, Service Pack 1 or Service Pack 2)

Full Installation of Windows Server 2008 Enterprise Edition

Windows Server 2003 Datacenter Edition (R2, Service Pack 1 or Service Pack 2)

Full Installation of Windows Server 2008 Datacenter Edition

Follow this procedure to install Windows Server 2008:

1. Insert the appropriate Windows Server 2008 installation media into your DVD drive.

2. Reboot the computer.

3. When prompted for an installation language and other regional options, make your selection and press Next.

4. Next, press Install Now to begin the installation process.

5. Product activation is now also identical with that found in Windows Vista. Enter your Product ID in the next window, and if you want to automatically activate Windows the moment the installation finishes, click Next.

If you do not have the Product ID available right now, you can leave the box empty, and click Next. You will need to provide the Product ID later, after the server installation is over. Press No.

6. Because you did not provide the correct ID, the installation process cannot determine what kind of Windows Server 2008 license you own, and therefore you will be prompted to select your correct version in the next screen, assuming you are telling the truth and will provide the correct ID to prove your selection later on.

7. If you did provide the right Product ID, select the Full version of the right Windows version you're prompted, and click Next.

8. Read and accept the license terms by clicking to select the checkbox and pressing Next.

9. In the "Which type of installation do you want?" window, click the only available option – Custom (Advanced).

10. In the "Where do you want to install Windows?", if you're installing the server on a regular IDE hard disk, click to select the first disk, usually Disk 0, and click Next.

If you're installing on a hard disk that's connected to a SCSI controller, click Load Driver and insert the media provided by the controller's manufacturer.

If you must, you can also click Drive Options and manually create a partition on the destination hard disk.

11. The installation now begins, and you can go and have lunch. Copying the setup files from the DVD to the hard drive only takes about one minute. However, extracting and uncompressing the files takes a good deal longer. After 20 minutes, the operating system is installed. The exact time it takes to install server core depends upon your hardware specifications. Faster disks will perform much faster installs… Windows Server 2008 takes up approximately 10 GB of hard drive space.

The installation process will reboot your computer, so, if in step #10 you inserted a floppy disk (either real or virtual), make sure you remove it before going to lunch, as you'll find the server hanged without the ability to boot (you can bypass this by configuring the server to boot from a CD/DVD and then from the hard disk in the booting order on the server's BIOS)

12. Then the server reboots you'll be prompted with the new Windows Server 2008 type of login screen. Press CTRL+ALT+DEL to log in.

13. Click on Other User.

14. The default Administrator is blank, so just type Administrator and press Enter.

15. You will be prompted to change the user's password. You have no choice but to press Ok.

16. In the password changing dialog box, leave the default password blank (duh, read step #15…), and enter a new, complex, at-least-7-characte rs-long new password twice. A password like "topsecret" is not valid (it's not complex), but one like "T0pSecreT!" sure is. Make sure you remember it.

17. Someone thought it would be cool to nag you once more, so now you'll be prompted to accept the fact that the password had been changed. Press Ok.

18. Finally, the desktop appears and that's it, you're logged on and can begin working. You will be greeted by an assistant for the initial server configuration, and after performing some initial configuration tasks, you will be able to start working.

Next, for the initial configuration tasks please follow my other Windows Server 2008 articles found on the Related Windows Server 2008 Articles section below.

RHEL4 Servers Configuration Complete

RHEL4 Servers Configuration

"A Contribution by ALI"


Samba Server Configuration

For samba server we have Linux on one side and other side WINDOWS.

Server Side

Ø First of all we copy the “smb.conf” file as “smb.conf.org”.

cp /etc/samba/smb. conf /etc/samba/smb.conf.org

Ø Open file in vi editor and write some statements in it.

vi /etc/samba/smb. conf

[Global Section]

· workgroup = saints (Domain Name)

· netbios name = bscs5 ( File server name. it gives in client side in run command. e.g \\bscs5)

· server string = saints server (optional)

· hosts allow = 192.168.0. 127.0.0.1 or 127.

· hosts deny = 0.0.0.0 / 0

· log file = /var/log/samba/ %m.log (% m means it replace by pc name)

· encrypt passwords = yes

· smb passwd file = /etc/samba/smbpassw d (All samba users r in it)

· unix password sync = yes

· interfaces = eth * lo

· bind interfaces only = yes

· local master = yes

· os level = 64

· domain master = yes

· preferred master = yes

· domain logons = yes

· logon script = netlogon.bat

· add user script = /usr/sbin/useradd –d /dev/null –g machines –s /bin/false –M %U

· logon drive = Z:

· logon path =\\%L\profiles\ %U

· wins support = yes


[Shared Section]

[Homes]

· path = /home/samba/ profiles/ %U

· browsable = no

· writeable = yes

· create mode = 0750 (Files permissions)

· directory mode = 0775 (Directories permissions)

[netlogon]

· path = /home/netlogon

· browsable =no

· write list = @admins (it’s a group name)

[Profiles]

· path = /home/samba/ profiles

· browsable = no

· writeable = yes

· create mask =0600

· directory mask = 0700

· guest ok = yes

Now we make one folder that can access all users.

[Shared]

· path = /home/shared

· writeable = yes

· browsable = yes

· force create mode = 0775

· force directory mode = 3770

· guest ok = yes

· create mask = 0765

First press Esc button then write :wq.


Ø Now restart service

service smb restart

Ø Create groups and directories.

· groupadd –g 600 admins

· groupadd –g 601 machines

· mkdir /home/samba

· mkdir /home/netlogon

· mkdir /home/samba/ profiles

· chmod 1757 /home/samba/ profiles

· chmod 0775 /home/netlogon

· chown root.admins /home/netlogon

Ø Create user in linux.

· adduser muneeb

· passwd muneeb (press enter then its asked to enter passwd)

Ø Now add user in samba.

· smbpasswd –a muneeb (-a means if user not exist in samba then it add otherwise create and give password).

· smbpasswd muneeb (press enter then its asked to enter passwd).

Ø Now we create home directory for samba user in profiles.

· mkdir /home/samba/ profiles/ muneeb

· chown muneeb /home/samba/ profiles/ muneeb (Here 1st Muneeb is samba user and 2nd Muneeb is directory).

· chgrp muneeb /home/samba/ profiles/ muneeb (Here 1st muneeb is group name and 2nd Muneeb is directory).

Note:-

When we create user then its group with the same name is also created.

Ø Now we apply some commands on sheel.

· Useradd –d /dev/null –g machines –s /bin/false –M meebe (Here meebe is a client pc name).

· vi /etc/passwd (File open in vi editor and search meebe and write $ at the end of the meebe. Like this (meebe$)

· smbpasswd –am meebe (meebe is added into samba).

Ø Now check the samba configuration on server side.

· smbclient //bscs5/profiles –U muneeb (when we press enter then it will asked to enter password. We enter the Muneeb user’s password).

Ø Write this command to check the “etho” in the firewall settings.

· system-config- securitylevel

Client Side

My Computer èProperties è Computer NameèChange

Enter Domain name is “saints”.

Then a small window is open and its will required user name and password. We will enter the privileged user and its password. (user name = Root and its password).

“Welcome to the saints domain” message shown and restart pc and login with samba user. If some error comes then we also have some changes.

StartèrunèregeditèHKEY_LOCAL_MACHINEèSYSTEMèCurrentConsoleSet èServicesèNetlogonèParameters

Double click on “requiresignorseal” and write 0 at the place on 1. And restart pc and again loin with samba user.

NIS SERVER Configuration

NIS stands for “Network Information System”. NIS servers are typically used to synchronize account information. They can share the contents of /etc/passwd, /etc/shadow and /etc/group files. For NIS server both pc have Linux.

Server Side

Ø Start NIS services

· service ypserv restart

· service portmap restart

Ø Open file in vi editor and add one line.

· vi /etc/sysconfig/ network

· NISDOMAIN = saint

Ø Restart the service

· service ypserv restart

Ø Now create one file and write some lines.

· vi /var/yp/securenets

· 255.255.255. 255 127.0.0.1

· 255.255.255. 0 192.168.0.0

Ø Restart the services

· service portmap restart

· service ypserv restart

· service ypxfrd restart

Ø Simple open file search “all” word. For search first press Esc then write /all: and press enter.

· vi /var/yp/Makefile

Ø write command for master server. It generate NIS maps show output in shell then press ctrl+d to move next then press y.

· /usr/lib/yp/ ypinit –m

Ø Restart the services and also permanent on.

· service portmap restart

· service ypserv restart

· service yppasswdd restart

· service ypxfrd restart

· chkconfig portmap on

· chkconfig ypserv on

· chkconfig yppasswdd on

· chkconfig ypxfrd on

Ø Now we create an NIS user

· adduser –u 1000 nisuser

· passwd nisuser nisuser

Ø Now move into /var/yp directory and write “make”. After the creation of every user.

· cd /var/vp

· make (It generates token of nisuser).

Ø Test to check services. [Optional]

· ps –auxf | grep yp

Ø Start the sshd service and also permanent on.

· service sshd restart

· chkconfig sshd on

Ø Write this command to check the “etho” in the firewall settings.

· system-config- securitylevel

Client Side

Ø First of all we check some RPMS that should be available on client side.

· rpm –qa | grep portmap

· rpm –qa | grep ypbind

· rpm –qa | grep yp-tools

· rpm –qa | grep authconfig

Ø To give NIS domain name and IP write this line.

· system-config- authentication –gui (One window is open check the “enable NIS Support” and click on “Configure NIS” button).

· NIS domain name = saint

· IP Address = IP Address of Server

Ø Start the ypbind service.

· service ypbind start

if OK then successful if error then check the log file.

· tail f /var/log/messages

Ø Restart the services

· service sshd restart

· service portmap restart

· service ypxfrd restart

· service ypbind restart

Ø Write some commands on shell.

· ypwhich (Display the IP address of server)

· ypcat passwd (It should display the password file of server machine).

· getent passwd (Display local password file & maps should be displayed).

Ø Create home directory of nisuser and also change its permissions.

· mkdir /home/nisuser

· chmod 700 /home/nisuser/

Ø Copy files into nisuser directory and also change its owner.

· cp /etc/skel/.* /home/nisuser/

· chown –R nisuser:nisuser /home/nisuser/ (Here 1st nisuser is user name, 2nd nisuser is group name and 3rd nisuser is directory name).

Ø Restart the ypbind service and also write ypmatch statement.

· srvice ypbind restart

· ypmatch nisuser passwd

Ø Restart and permanent on all services.

· srvice ypbind restart

· service portmap restart

· service ypxfrd restart

· service sshd restart

· chkconfig ypbind on

· chkconfig portmap on

· chkconfig ypxfrd on

· chkconfig sshd on

Ø Write this command to check the “etho” in the firewall settings.

· system-config- securitylevel





NFS Server Configuration

NFS stands for “Network File System”. It is use for sharing of files on network. For sharing of files we have Linux on both sides.

Server Side

Ø First of all open the “exports” file and give shares line by line. One share in one line.

· vi /etc/exports

· /mnt/share *(ro or rw,async,no_ root_squash or root_squash)

· Press Esc then write :wq.

· exportfs -ra

Here * shows all IP Address

“ro” means read only and “rw” means read write.

Ø Make Directory and also change its permissions.

· mkdir /mnt/share

· cd /mnt/share

· mkdir a b c

· cd ..

· chmod –R 1777 share/

Ø Restart and permanent on the service.

· service nfs restart

· chkconfig nfs on

Client Side

Ø Restart and permanent on the service.

· service nfs restart

· chkconfig nfs on

Ø Make Directory

· mkdir /mnt/myshare

Ø Mount and Umount the share directory.

· mount 192.168.0.2: /mnt/share /mnt/myshare

· umount 192.168.0.2: /mnt/mysahre

Here 192.168.0.2 it’s a server ip address.

/mnt/share it’s a source.

/mnt/myshare it’s a destination.

Ø Restart and permanent on the service.

· service nfs restart

· chkconfig nfs on

SQUID Server Configuration

It’s a caching server that is use to provide the internet facility of clients.

Server Side

Ø For SQUID server SAMBA server should be configured. And check the SQUID package.

· rpm –qa |grep squid

Ø After install the SQUID package then apply this command for creating the subdirectories for the caching purpose.

· squid –Z

Ø Now open the squid config file in vi editor.

· vi /etc/squid/squid. conf

Ø Now changes in file.

· acl clients src=192.168.0.0/ 24 (Here we declare a variable with the name clients and we store IP range in it).

· http-access allow clients

· http-access deny all

Client Side

Click on Internet ExplorerèToolsèInternet OptionsèConnectionsèLAN Settings

In proxy server give IP Address of server in Address Field and in Port field give port number is “3128”. It’s a by default port number we can’t change it. And restart the computer.


Apache Server Configuration

It is a web server.

Web Hosting

The World Wide Web is a massive collection of web sites, all hosted on computers (called web servers) all over the world. The web server (computer) where your web site's html files, graphics, etc. reside is known as the web host. Web hosting clients simply upload their web sites to a shared (or dedicated) webserver, which the ISP maintains to ensure a constant, fast connection to the Internet.

Ø First of all open the configuration file of apache.

· vi /etc/httpd/conf/ httpd.conf

Ø Simply we make some changes in it

· Search the word “UserDir disable” and remark it by # sign. By default it is unmark.

· Search the word “UserDir public_html” and unmark it by removing the # sign. By default it is mark.

· We can write “MyWeb” at the place of “public_html” because it’s a optional.

· In a “directory” tag we write “/home/*/MyWeb “.

· Save the file.

Ø Now create a new user and change its permissions.

· useradd apache1.

· chmod 711 /home/apache1

Ø Make a Directory and also change its permissions.

· mkdir /home/apache1/ MyWeb

· chmod 755 /home/apache1/ MyWeb/

Ø Restart the service.

· service httpd restart

Ø Simply make a HTML or PHP file and save it into /home/apache1/ MyWeb path.

Ø To Access the file write on the browser.

· http://localhost/ ~apache1/ filename of html

Password Protected Folders

It means when we want to access the files through browser then is asked for user authentication.

Ø Make a Directory.

· mkdir /var/www/html/ web

Ø Open the configuration file of apache.

· vi /etc/httpd/conf/ httpd.conf

Ø Simply we add some lines in it

· Make a directory.

· (Here /var/www/html its document root we must write it)

· AuthType basic

· AuthName “Please Login to Access the Files”

· AuthUserFile /home/apache1/ .mypasswd

· Require valid-user

·

· Save the file

Ø Now we add user in “.mypasswd” file for this we write some commands on shell.

· htpasswd –c /home/apache1/ .mypasswd apacheuser1 (Only first time we write –c by adding user next time we don’t write –c. “apacheuaer1” it’s a user name that we want to add in a file.)

· give password of apacheuser

· htpasswd /home/apache1/ .mypasswd apacheuser2

Ø Now restart the service.

· service httpd restart

Ø For removing user we manually remove it from file.

Ø To view the .mypasswd file write “vi /home/apache1/ .mypasswd” .

Ø .mypasswd file users and their encrypted passwords are in it.

FTP SERVER Configuration

Server Side

Ø How To Get VSFTPD Started

You can start, stop, or restart VSFTPD after booting by using these commands:

[root@bigboy tmp]# service vsftpd start
[root@bigboy tmp]# service vsftpd stop
[root@bigboy tmp]# service vsftpd restart

To configure VSFTPD to start at boot you can use the chkconfig command.

[root@bigboy tmp]# chkconfig vsftpd on

Ø Testing the Status of VSFTPD
You can always test whether the VSFTPD process is running by using the netstat -a command which lists all the TCP and UDP ports on which the server is listening for traffic. This example shows the expected output.

[root@bigboy root]# netstat -a | grep ftp
tcp        0        0        *:ftp         *:*        LISTEN
[root@bigboy root]#
If VSFTPD wasn't running, there would be no output at all. 

Ø Now open the FTP configuration file. Simply read it.

· vi /etc/vsftpd/ vsftpd.conf

Ø The /etc/vsftpd. ftpusers File

For added security, you may restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd. ftpusers file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these entries remain and add new entries for additional security.

Ø Anonymous Upload

If you want remote users to write data to your FTP server, then you should create a write-only directory within /var/ftp/pub. This will allow your users to upload but not access other files uploaded by other users. The commands you need are:

[root@bigboy tmp]# mkdir /var/ftp/pub/ upload

[root@bigboy tmp]# chmod 722 /var/ftp/pub/ upload

Ø FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have. The directive in this file is.

ftpd_banner= Welcome to the Saints FTP Server

Ø FTP Users with Only Read Access to a Shared Directory

In this example, anonymous FTP is not desired, but a group of trusted users need to have read only access to a directory for downloading files. Here are the steps:

1) Disable anonymous FTP. Comment out the anonymous_enable line in the vsftpd.conf file like this:

# Allow anonymous FTP?
anonymous_enable= NO

2) Enable individual logins by making sure you have the local_enable line uncommented in the vsftpd.conf file like this:

# Uncomment this to allow local users to log in.
local_enable= YES

3) Start VSFTP.

[root@bigboy tmp]# service vsftpd start

4) Create a user group and shared directory. In this case, use /home/ftp-users and a user group name of ftp-users for the remote users

[root@bigboy tmp]# groupadd ftp-users
[root@bigboy tmp]# mkdir /home/ftp-docs

5) Make the directory accessible to the ftp-users group.

[root@bigboy tmp]# chmod 750 /home/ftp-docs
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs

6) Add users, and make their default directory /home/ftp-docs

[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs ftpuser1
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs ftpuser2
[root@bigboy tmp]# passwd ftpuser1
[root@bigboy tmp]# passwd ftpuser2

7) Copy files which u want to share b/w users into the /home/ftp-docs directory

8) Change the permissions of the files in the /home/ftp-docs directory for read only access by the group

[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs/ *
[root@bigboy tmp]# chmod 740 /home/ftp-docs/ *

Users should now be able to log in via FTP to the server using their new usernames and passwords. If you absolutely don't want any FTP users to be able to write to any directory, then you should set the write_enable line in your vsftpd.conf file to no:

write_enable = NO

Remember, you must restart VSFTPD for the configuration file changes to take effect.

Client Side

Ø Here is a simple test procedure you can use to make sure everything is working correctly:

1) Connect to ftpuser1 via FTP 
[root@smallfry tmp]# ftp 192.168.1.100 (Here 192.168.1.100 is a server IP address)
Connected to 192.168.1.100 (192.168.1.100)
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (192.168.1.100: root): user1
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

As expected, we can't do an upload transfer of testfile to ftpuser1

ftp> put testfile
local: testfile remote: testfile
227 Entering Passive Mode (192,168,1,100, 181,210)
553 Could not create file.
ftp>

But we can view and download a copy of the VSFTPD RPM located on the FTP server ftpuser1

ftp> ls
227 Entering Passive Mode (192,168,1,100, 35,173)
150 Here comes the directory listing.
-rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0- 1.i386.rpm
226 Directory send OK.
ftp> get file name file name (e.g. index.html index.html.tmp)
local: index.html.tmp remote: index.html
227 Entering Passive Mode (192,168,1,100, 44,156)
150 Opening BINARY mode data connection for index.html (76288 bytes).
226 File send OK.
76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec)
ftp> exit
221 Goodbye.
 
 
 
[root@smallfry tmp]#

As expected, anonymous FTP fails.

[root@smallfry tmp]# ftp 192.168.1.100
Connected to 192.168.1.100 (192.168.1.100)
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (192.168.1.100: root): anonymous
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> quit
 
Ø      File is save on root’s path.

Change Root’s Password without knowing the root password

Ø When grub boot select REDHAT LINUX and press ‘p’.

Ø Then enter the grub password.

Ø Now select require line and press ‘e’.

Ø At the end of the line press space and write ‘1’.

Ø Then press ‘b’.

Ø Now system boot and single mode display.

Ø Write passwd root

Ø Enter new password.

Ø Write Init 6. (It means restart computer).

Rebuild RPMS Database

Ø When our RPMS are damage then we rebuild these.

· rpm --rebuilddb -vvv

Check User Group

Ø When we want to know the user groups then write this command.

· groups username