How to disable telnet in AIX

By default the  telnet service is enable in AIX and SSH is not installed, if you installed the SSH, so can you disable telnet service follow below steps:

Open the file /etc/inetd.conf:

# vi /etc/inetd.conf

Comment out the line below to disable to telnet service:

#telnet  stream  tcp6    nowait  root    /usr/sbin/telnetd      telnetd -a

Save it and reload inetd:

# refresh -s inetd

LVM – How to migrate data between disks?

Environment:

Red Hat Enterprise Linux Server 6.0

Case:

You have a server connected in storage A and need migrate the data to new storage B.

How to migrate data between disks with the server online?

In this article I will explain how migration of data between the disks, without unavailability, remember that in our example we’re using LVM.

This article assumes that the new disk has been installed on the system and is visible to the operating system as /dev/sdb.

Create a new partition of type LVM in new disk:

Create a new PV:

# pvcreate /dev/sdb1

Add the new PV to VG:

# vgextend VG_NAME /dev/sdb1

Move data between disks with command:

# pvmove -v /dev/sda1

The command pvmove will move data from disk sda1 to sdb1:

Check if the PV was released with command:

# pvs

Now remove the old disk from the VG with command:

# vgreduce -a

The option -a remove from VG all the PV free. In our exemple the disk sda1.

Now the disk can be removed from the server.

AIX – How to install ProFTP in AIX

This article I explain how to install ProFTP in AIX 6.1, limiting the access only to user home directory.

Environment

AIX 6.1
ProFTP 1.2.8
FileUtils 4.1.4

Download

The package needed can be downloaded in link below:

ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/proftpd/proftpd-1.2.8-1.aix5.1.ppc.rpm

The package File Utils is required to install ProFTP, below the link to downloaded if not installed:

ftp://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/fileutils/fileutils-4.1-4.aix4.3.ppc.rpm

Install

Install FileUtils if required:

# rpm -ivh fileutils-4.1-4.aix4.3.ppc.rpm fileutils ##################################################

Install ProFTP:

# rpm -ivh proftpd-1.2.8-1.aix5.1.ppc.rpm proftpd ##################################################

Configure

Now, let’s configure proftp.

To create jail for users uncomment the line “#DefaultRoot ~” in the file /etc/proftpd.conf to:

DefaultRoot ~

To start ProFTP by inetd, change the line “ServerType standalone” in the file /etc/proftpd.conf to:

ServerType inetd

Then, in file /etc/inetd.conf change the line below:

From:

ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd

To:

ftp stream tcp nowait root /usr/sbin/proftpd proftpd -p enable

Make sure that the User “nobody” and the group “nogroup” exist on your system. In my case I changed  the group to “staff”.

In the file /etc/proftpd.conf change the group to:

Group staff

Now, let’s start the ProFTPD with command:

#startsrc -t ‘ftp’

Linux – How to find duplicate IP address?

This is a quick tip to find duplicate IP address in your local LAN network.

To find duplicate IP address, you can use arping command under linux.

Example:

#arping -D 192.168.0.10

Output:

# arping -D 192.168.0.10 132

ARPING 192.168.0.10 from 192.168.0.2 eth0

Unicast reply from 192.168.0.10 [00:0C:29:2A:3C:C7]  0.896ms

Unicast reply from 192.168.0.10 [00:0C:29:55:B7:DB]  0.923ms

Where the option -D mean: duplicate address detection mode.

In our example there is duplicate IP address in local LAN network.

How to find WWN(World Wide Name) of a fibre-channel in IBM AIX

To find the WWN (world wide name) of a fibre-channel in IBM AIX use the command below:

# lscfg -vp -l fcs0 | grep “Network Address”

Output:

Network Address…………. 10000000C980DBE8

Where 10000000C980DBE8 is world wide name.

Another way to find WWN is using the command:

# fcstat fcs0 | grep “World Wide Port Name”

Output:

World Wide Port Name: 0x10000000C980DBE8

Where 0x10000000C980DBE8 is world wide name.

How to install SSH in AIX

Goal:

Install OpenSSH in AIX 7.1.

Download

First, you will need to download the OpenSSL and OpenSSH packages from this location:

https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Installation

Create a directory called install into the directory /tmp:

# mkdir /tmp/install

Copy the files to directory /tmp/install.

Uncompress the files OpenSSH_6.0.0.6200.tar.Z and openssl-1.0.1.512.tar.Z.

# uncompress OpenSSH_6.0.0.6200.tar.Z

# tar -xvf OpenSSH_6.0.0.6200.tar

# uncompress openssl-1.0.1.512.tar.Z

# tar -xvf openssl-1.0.1.512.tar

First, install the openssl package:

# installp -ac -Y -d /tmp/install/openssl-1.0.1.512/ openssl.base openssl.man.en_US

Then install the openssh package:

# installp -ac -Y -d /tmp/install/OpenSSH_6.0.0.6200/ openssh.base openssh.man.en_US

You can check the started daemon with the lssrc command:

# lssrc -s sshd

Subsystem         Group            PID          Status

sshd             ssh              3277032      active

If the daemon is not started, you can start with the startsrc command:

# startsrc -s sshd

Enjoy!!!

How to authenticate against the Active Directory by using Winbind

This article describes how to join an Red Hat in an Active Directory domain and to authenticate the user with AD.

Environment

Red Hat Enterprise Linux Server release 6.3
Windows Server 2008 R2

Install

You need to install the following packages:

# yum install samba-client  samba-winbind samba-winbind-clients

Configure

Open the /etc/samba/smb.conf file and modify as below:

Now, join to domain:

# net ads join -U Administrator

Start winbind and enable it on boot.

# service winbind start
# chkconfig winbind on

Verify the system can talk to AD with the commands:

Checks whether the trust secret via RPC calls succeeded.

# wbinfo -t

Lists all domain users.

# wbinfo -u

Lists all domain groups.

# wbinfo -g

Now let’s go configure the NSS and PAM.

# authconfig –enablewinbind –enablewinbindauth –smbsecurity=ads –smbrealm=<realm> –smbworkgroup=<workgroup> –smbidmaprange=1000000-2000000 –winbindtemplateshell=/bin/bash –enablewinbindusedefaultdomain –winbindseparator=+ –enablemkhomedir –updateall

Where:

enablewinbind: enable winbind for user information by default.
enablewinbindauth: enable winbind for authentication by default.
smbsecurity: security mode to use for samba and winbind.
smbrealm: default realm for samba and winbind when security=ads.
smbworkgroup: Classic (pre Windows 2003 Server) name of domain.
smbidmaprange: configures winbind to assume that users with no domain in their user names are domain users.
winbindtemplateshell: the shell which winbind-created users will have as their login shell.
enablewinbindusedefaultdomain: configures winbind to assume that users with no domain in their user names are domain users.
winbindseparator: the character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enabled.
enablemkhomedir: create home directories for users on their first login.
updateall: update all configuration files.

Follow some commands to test the configuration:

# getent passwd <user>
# id <user>
# getent group <domain group>

Done! Your linux system is authenticating against on Active Directory.