ldapsearch using shell script

Shell script to serach data in LDAP

Below shell script can be used to search data in ldap. Modify the script accordingly for your needs.
 Have fun !

#!/bin/bash

case "$1" in
# Searching LDAP name from full name 
ln)
LN=
# Group search
gs)
GID=`ldapsearch -x -b "dc=test,dc=com" "(cn=$2)" | sed -n -e '/^gid/p' | cut -d: -f2`;
if [  "$GID" = "" ]; then
echo " The "$2" LDAP group does not  exist"
else
echo "GID OF the $2 group is $GID"
MEM=`ldapsearch -x -b "dc=test,dc=com" "(cn=$2)" | sed -n -e '/^member/p' | cut -d: -f2`;
if [ "$MEM"  = "" ]; then
echo " No users belong to this group "
else
echo "Following are the members of the $2 LDAP GROUP"
echo "$MEM"
fi
fi
;;
# User Search
us)
USER1=`ldapsearch -x -b "dc=test,dc=com" "(uid=$2)" | sed -n -e '/^dn/p' | cut -d: -f2`;
if [ "$USER1" = "" ]; then
echo "User does not exist"
else
echo $USER1
MEM1=`ldapsearch -x -b "dc=test,dc=com" "(memberUid=$2)" | sed -n -e '/^dn/p' | cut -d: -f2`;
echo "$MEM1"
fi
;;
*)
echo "lquery.sh  "
echo "lquery.sh  "
;;
esac

SED- Stream Editor

1. How to Print all the lines in a file using sed

# sed 'p' test.txt

To print the Second line in a file

# sed -n '2 p' test.txt

To print from line 1 to line 4

# sed -n '2 p' test.txt

To Print from line 2 through the last line

# sed -n '2,$ p' test.txt

To Print lines matching the pattern “vasanth”

# sed -n '/vasanth/ p' test.txt

To Print lines starting from the 1st match of "Vasanth" until the 4th

# sed -n '/vasanth/,4 p' test.txt

To Print lines starting from the 1st match of "vasanth" until the last line

# sed -n '/vasanth/,$ p' test.txt

To Print lines starting from the line matching "Vasanth" until the line matching "Hemanth":

# sed -n '/Vasanth/,/Hemanth/ p' test.txt

To Print the line matching "Jason" and 2 lines immediately after that

# sed -n '/Vasanth/,+2 p' test.txt

DELETE LINES
To delete all the lines in a file

# sed 'd' test.txt

To delete only the two lines

# sed '2 d' test.txt

To Delete from line 1 through 4

# sed '1,4 d' test.txt

To Delete from line 2 through the last line

# sed '2,$ d' employee.txt

To delete only odd number of lines

# sed '1~2 d' test.txt

To delete lines matching the pattern "Sysadmin"

# sed '/Sysadmin/ d' test.txt

To delete lines starting from the 1st match of "Vasanth" until the 4th line

# sed '/Vasanth/,4 d' test.txt

To delete lines starting from the 1st match of "Vasanth" until the 4th line

# sed '/Vasanth/,4 d' test.txt

To delete lines starting from the 1st match of "Vasanth" until the last line

# sed '/Vasanth/,$ d' test.txt

To delete lines starting from the line matching "Vasanth" until the line matching "Hemanth":

# sed '/Vasanth/,/Hemanth/ d' test.txt

To delete lines starting from the line matching "Vasanth" and 2 lines immediately after that:

# sed '/Vasanth/,+2 d' test.txt

Useful Delete Examples
To delete all the empty lines from a file:

# sed '/^$/ d' test.txt

To delete all comment lines (assuming the comment starts with

1. ):

# sed '/^#/ d' test.txt

To write the content of text.txt file to file test.txt (and display on screen):

# sed 'w test.txt' text.txt

To write the content of employee.txt file to output.txt file but not to screen:

# sed -n 'w output.txt' /etc/passwd

To write only the 2nd line:

# sed -n '2 w output.txt' /etc/passwd

Write lines 1 through 4:

# sed -n '1,4 w output.txt' /etc/passwd

To write from line 2 through the last line:

# sed -n '2,$ w output.txt' /etc/passwd

To write only odd numbered lines:

# sed -n '1~2 w output.txt' /etc/passwd

To Write lines matching the pattern "Vasanth":

# sed -n '/Vasanth/ w output.txt' /etc/passwd

To write lines starting from the 1st match of "root" until the 4th line:

# sed -n '/root/,4 w output.txt' /etc/passwd

To write lines starting from the 1st match of "Raj" until the last line:

# sed -n '/vasanth/,$ w output.txt' /etc/passwd 

To write lines starting from the line matching "vasanth" until the line matching "hemanth":

# sed -n '/vasanth/,/hemanth/ w output.txt' /etc/passwd

To write the line matching "vasanth" and the next 2 lines immediately after that:

# sed -n '/vasanth/,+2 w output.txt' /etc/passwd

Creating network bond in linux

ETHERNET CHANNEL BONDING CONFIGURATION IN LINUX ?

How to create Ethernet channel bonding in Linux ?

1. vi /etc/modprobe.conf

 alias bond0 bonding 
 options bond0 mode=1 miimon=100 use_carrier=0

Save the file

mode=0|balanced_rr provides load balancing and fault tolerance
mode=1|active-ackup provides fault tolerance
primary= Specify which NIC is primary (eg:eth0)
use_carrier= How to dittermine link status 
miimon - Link monitoring frquency in milliseconds

BONDING INTERFACE CONFIGURATIONS FILE ( /etc/sysconfig/network-scripts )

# cd /etc/sysconfig/network-scripts

# vi ifcfg-bond0
DEVICE=bond0
IPADDR=192.168.56.3
BOOTPROTO=none
NETMASK=255.255.255.0
GATEWAY=192.168.56.1
ONBOOT=yes
TYPE=Ethernet 

# cat /etc/sysconfig/network-scripts/ifcg-eth0

 
DEVICE=eth0
MASTER=bond0
SLAVE=yes
BOOTPRO=static
ONBOOT=yes 

 # cat /etc/sysconfig/network-scripts/ifcg-eth1  
DEVICE=eth1
MASTER=bond0
SLAVE=yes
BOOTPRO=static
ONBOOT=yes    

AD-Linux authentication

This article explains the steps to needed to add a Linux server or work stations as a domain member in Windows Active directory (2008) server.


I am using centos5x as linux client.


SYNC THE DATE AND TIME WITH THE PDC

# /ect/init.d/ntpd stop

# ntpdate ip.address.of.yourPDC

# /etc/init.d/ntpd start

# chkconfig ntpd on 

Install kerberos in the local server/machine

CONFIGURE THE KERBEROS

NOTE: Please follow the exact syntax of the krb5.conf file given here.

# vi /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = 
dns_lookup_realm = yes
dns_lookup_kdc = yes

[realms]
EXAMPLE = {
kdc = server.example.com
default_domain = example.com
}

[domain_realm]
.example.com = EXAMPLE.COM
mydomain.com = EXAMPLE.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]

pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
} 

Install SAMABA and wind bind

# yum install samba-*

# yum install winbind

# service smb start
#chkconfig smb on 

# service winbind start 
# chkconfig winbind on

Enter the following entries in /etc/samba/smb.conf

# /etc/smmba/smb.conf

[global]
# NT Workgroup Settings
netbios name = CENTOS1
workgroup = EXAMPLE.COM
server string = Centos Server

# Samba Performance Settings
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
client schannel = no

# Network Browsing Settings
local master = no
domain master = no
preferred master = no
wins support = no
dns proxy = no
wins proxy = no

# Active Directory Member
realm = EXAMPLE.COM
security = ads
ads server = X.X.X.X (Ip address of your seerver)
password server = server.example.com

# Winbind Settings
winbind separator = +
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10

#winbind gid = 10000-20000
#winbind trusted domains only = no

# Defaults for local accounts created by winbind
#template shell = /bin/bash
template shell = /usr/local/bin/bash-wrapper
template homedir = /home/%U

# Logging Settings
max log size = 50
log file = /var/log/samba/%m.log

Save and exit the smb.conf file

Edit /etc/nsswitch.conf and add the following lines
passwd: compat winbind files shadow: compat winbind files group: compat winbind files hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc: files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases: files nisplus


INITIALIZE KERBEROS

# kinit administrator@EXAMPLE.COM 

The exist status of the above command should be 0

NOW RUN THE FOLLOWING COMMAND IN SHELL

# system-config-authentication 

Please follow the screen shots given below
After these steps your machine will be added in to the DOMIAN and you ca ping the system using the machine name

To list all the users

# wbinfo -u

To list all the groups

# wbinfo -g

Check RPC communication

# # wbinfo -t

Change the PAM settings for login and ssh

1. cat /etc/pam.d/sshd

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
auth       sufficient   pam_winbind.so
account    required     pam_stack.so service=system-auth
account    sufficient   pam_winbind.so
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

1. cat /etc/pam.d/login

#%PAM-1.0
auth       required     pam_securetty.so
auth       sufficient   pam_winbind.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    sufficient   pam_winbind.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so multiple open

LDAP server with Kerberos

OpenLDAP server: krbserver1.fireblade.com
Kerberos Server: krbserver1.fireblade.com
DNS Server: krbserver1.fireblade.com
Client machine: station13.fireblade.com

INITIAL SETUP

Setup DNS using bind in krbserver1.fireblade.com. Both forward and reverse record should be set up properly. Kerberos need both forward and reverse dns record to work properly.

LDAP SERVER SETUP
Setup a LDAP server with the domain fireblade.com in krbserver1.fireblade.com.

# yum install openldap-*

Setup LDAP directory manager password

# slapasswd

Open the configuration file and make the following changes.

# vim /etc/openldap/slapd.conf

database        bdb
suffix          "dc=fireblade,dc=com"
rootdn          "cn=Manager,dc=fireblade,dc=com"
rootpw          {SSHA}1j20X9NC+axyGp2IzcS086C7MZ6dyCQj

Save the configuration file and restart start the service.

# service ldap start

# chkconfig ldap on

Create LDAP entries by using the following ldif file.

# cat initial.ldif

dn: dc=fireblade,dc=com
objectclass: dcObject
objectclass: organization
o: fireblade.com
dc: fireblade

dn: ou=People,dc=fireblade,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People

dn: ou=Groups,dc=fireblade,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups

Add the intial OU with People and Groups

# ldapadd -x -W -D "cn=Manager,dc=fireblade,dc=com" -f initial.ldif

Create some test users using the following ldif file

# cat firstuser.ldif

dn: uid=vasanth,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: Tammy Something
uid: tammysomething
uidNumber: 3000
gidNumber: 3000
homeDirectory: /home/vasanth
loginShell: /bin/bash
gecos: Tammy Something,Karate Instructor,Room 37A,435-555-555,801-555-555
userPassword: {crypt}x
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0

Add the test user to ldap

 # ldapadd -x -D "cn=manager,dc=fireblade,dc=com" -w redhat -f firestuser.ldif

Configuring KDC

# yum install -y krb5-server krb5-workstation

# vi /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]

default_realm = FIREBLADE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
FIREBLADE.COM = {
 kdc = server1.fireblade.com:88
 admin_server = server1.fireblade.com:749
 default_domain = fireblade.com
}

EXAMPLE.COM = {
 kdc = server.example.com
}

[domain_realm]

.fireblade.com = FIREBLADE.COM
 fireblade.com = FIREBLADE.COM
 station13.fireblade.com = FIREBLADE.COM

[appdefaults]

pam = {
  validate = true
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
}

Save the save file.
Edit /var/kerberos/krb5kdc/kdc.conf

# vi  /var/kerberos/krb5kdc/kdc.conf

[kdcdefaults]
v4_mode = nopreauth
kdc_tcp_ports = 88

[realms]
FIREBLADE.COM = {
#  master_key_type = des3-hmac-sha1
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
  default_principal_flags = +preauth
}

# vi /var/kerberos/krb5kdc/kadm5.acl

*/admin@FIREBLADE.COM   *

Making the KDC to hold the kerberos data

# kdb5_util create -r FIREBLADE.COM -s

Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'FIREBLADE.COM',
master key name 'K/M@FIREBLADE.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: 
Re-enter KDC database master key to verify: 
[root@krb-kdc1 ~]# ls /var/kerberos/krb5kdc/*
/var/kerberos/krb5kdc/kadm5.acl  /var/kerberos/krb5kdc/principal        /var/kerberos/krb5kdc/principal.kadm5.lock
/var/kerberos/krb5kdc/kdc.conf   /var/kerberos/krb5kdc/principal.kadm5  /var/kerberos/krb5kdc/principal.ok

Create a principal for the admin user as well as vasanth. Export the admin details to the kadmind key tab

Authenticating as principal root/admin@FIREBLADE.COM with password.
kadmin.local:  addprinc root/admin
WARNING: no policy specified for root/admin@FIREBLADE.COM; defaulting to no policy
Enter password for principal "root/admin@FIREBLADE.COM": 
Re-enter password for principal "root/admin@FIREBLADE.COM": 
Principal "root/admin@FIREBLADE.COM" created.
kadmin.local:  addprinc vasanth
WARNING: no policy specified for vasanth@FIREBLADE.COM; defaulting to no policy
Enter password for principal "vasanth@FIREBLADE.COM": 
Re-enter password for principal "vasanth@FIREBLADE.COM": 
Principal "vasanth@FIREBLADE.COM" created.
kadmin.local:  ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
Entry for principal kadmin/admin with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/admin with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/admin with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/admin with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/admin with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/admin with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
kadmin.local:  ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw
Entry for principal kadmin/changepw with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
kadmin.local:  exit

# /etc/init.d/krb5kdc start; /etc/init.d/kadmin start ; chkconfig krb5kdc on; chkconfig kadmin on

Copy krb5.conf file to the client machine station13.fireblade.com

# scp -r /etc/krb5.conf root@station13.fireblade.com:/etc

Add host pricipals on KDC and on the client.

Go to krbserver1.fireblade.com and kadmin.local

on krbserver1

  # kadmin.local
  Authenticating as principal root/admin@FIREBLADE.COM with password.
  kadmin.local:  addprinc -randkey host/krbserver1.fireblade.com
  WARNING: no policy specified for host/krbserver1.fireblade.com@FIREBLADE.COM; defaulting to no policy
  Principal "host/krbserver1.fireblade.com@FIREBLADE.COM" created.
  kadmin.local:  ktadd host/krbserver1.fireblade.com

  kadmin.local:  exit

on station13

   # kadmin

NAMP

To list all open ports in our local machine

# nmap -v localhost

Namp database of ports to the service

# /usr/share/namp/nmap-service

To save nmap scan to a file

# nmap -V -oN namp.scan.1 localhost

Nmap usually scans TCP ports to scan UDP based ports

# namp -v -sU localhost

To check a purticular port is listening or not

# namp -v -p 631 localhost

To get OS finger print of a remote system

# nmap -v -o remoteserver

To scan an ip range in a file

# namp iL filename 

To list all the machine that are up and running in the current networl

# namp -iL uu

SYSLOG(Print system messages to console and /var/logmessages)

To print system messages to both /var/log/messgaes and to console do the following

# vi /etc/syslog.conf

Add the following lines

kern.*                                                  /dev/console 

*.info;mail,authpriv,cron,kern.none                     /dev/console

save the file and restart the service

# /etc/init.d/syslogd restart

Configuring VNC Server

Install the vnc server package in the server (192.168.56.2)

# yum install vnc-server

Open the configuration file and enter the following

# vi /etc/sysconfig/vncservers
  VNCSERVERS="1:root"
  
 :wq

The Xdisplay session will run as root.
For security just put a password.

# vncpasswd 

From the client machine test the connection using the following

# vncviewer 192.168.56.2:1