Monday, 27 May 2013

How to Install And Deploy IMAP Server

Background

Dovecot is the an imap and pop mail server.

Prerequisite

Installed Postfix MTA/MDA

Objectives

  • Install and deploy Dovecot imap server on Centos 6.4.
  • Configure dovecot such that users will access their email using their system account username and password.
  • Configure an email account in Evolution MUA.

Environment

  • Centos 6.4
  • SELinux is turned on

Procedure

  1. Install dovecot

    #yum install dovecot
  2. Find and read the documentation

    #rpm -qd dovecot
  3. Configure dovecot to authenticate users against their system account username and password.

    #vi /etc/pam.d/dovecot

    Example

    #%PAM-1.0
    auth required pam_unix.so
    account required pam_unix.so
  4. Configure dovecot to accept request from MUA like Evolution and iPhone

    #vi /etc/dovecot/dovecot.conf

    protocols = imap pop3 lmtp
    listen = *, ::
    login_trusted_networks = 192.168.1.0/24,192.168.0.0/24
    mail_location = maildir:~/Maildir
  5. Start dovecot services

    #service dovecot restart
  6. Find the ports that Dovecot is listening on.

    #netstat -tulnp | grep dovecot && grep imap /etc/services
  7. Turn on dovecot automatically

    #chkconfig --level 3 dovecot on
  8. Let imap packets through the firewall

    #iptables -I INPUT 2 -p tcp --dport 143 -m state --state NEW -j ACCEPT
    #service iptables save
  9. Create and activate a user account

    #useradd jarvis
    #passwd jarvis
  10. Check that Maildir is created relative to user's home path

    #ls -ld /home/jarvis/Maildir
  11. Install Evolution MUA

    #yum install evolution
  12. Configure an email account in Evolution using the wizard.
Posted by at No comments:

How to Install and Deploy Home Email Server

Background

I have a headless PC running Centos 6.4. I want to copy the photos in my iPhone to the headless PC. iPhone allows the photos to be copied via email.

Objective

  • Install and deploy Postfix MTA/MDA
  • Add MX entry for private domain name

Prerequisite

Environment

  • Centos 6.4
  • SELinux is turned on

Procedure

  1. Install postfix

    #yum install postfix
  2. Configure postfix

    #vi /etc/postfix/main.cf:

    myhostname = mail.example.com
    mydomain = example.com
    myorigin = $mydomain
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    mynetworks = 192.168.0.0/24, 127.0.0.0/8
    relayhost =
    home_mailbox = Maildir/
  3. Start postfix service

    #service postfix start
  4. Let smtp packets through the firewall

    #iptables -I INPUT 2 -p tcp --dport 25 -m state --state NEW -j ACCEPT
  5. Add MX entry to zone file

    @ IN MX 10 mail.example.com.
  6. Add alias name mail.example.com for mail server

    mail            IN      CNAME   vaio

References:


Posted by at No comments:

Sunday, 26 May 2013

How to Install and Deploy Home DNS server

Deploy Home DNS server

Background

A home-based DNS server speeds up DNS resolution by utilizing its cache. In addtion, a DNS server is a requirement for internal email. An internal email is useful for sending files from mobile devices like iphone or android to a NAS, hence providing an alternative to ftp.

Objectives

  • Install Bind
  • Configure the home-based DNS server to be a recursive nameserver for web-based servers.
  • Extend the home-based DNS to be a authoritative nameserver for an internal domain name "example.lan"

Environment

  • Centos 6.4
  • SELinux is on

Concepts

  • Authoritative nameserver  stores actual data for a DNS domain.
  • Recursive nameserver server does NOT store ip data. It asks authoritative nameservers for the ip address. Response from authoritative nameservers are cached to improve performance. In other words, recursive name server depends on authoritative name servers.
  • BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.

    Procedure

    1. Install bind

      #yum install bind
    2. Find the configuration files for bind

      #rpm -qc bind

      /etc/logrotate.d/named
      /etc/named.conf
      /etc/named.iscdlv.key
      /etc/named.rfc1912.zones
      /etc/named.root.key
      /etc/rndc.conf
      /etc/rndc.key
      /etc/sysconfig/named
      /var/named/named.ca
      /var/named/named.empty
      /var/named/named.localhost
      /var/named/named.loopback

      The main configuration file is /etc/named.conf
    3. Modify /etc/named.conf to turn bind into an recursive nameserver

      An example:

      options {
                     listen-on port 53 { any; };
                     listen-on-v6 port 53 { ::1; };
                     directory "/var/named";
                     dump-file "/var/named/data/cache_dump.db";
                     statistics-file "/var/named/data/named_stats.txt";
                     memstatistics-file "/var/named/data/named_mem_stats.txt";
                     allow-query { 127.0.0.1; 192.168.0.0/24; 192.168.1.0/24; 192.168.2.0/24; };
                     recursion yes;
                     dnssec-enable yes;
                     dnssec-validation yes;
                      dnssec-lookaside auto;

                       /* Path to ISC DLV key */
                      bindkeys-file "/etc/named.iscdlv.key";
                      managed-keys-directory "/var/named/dynamic";
                   };

    4. Start the DNS

      #service named start
    5. Confirm that bind is listening to default port 53

      #netstat -tulnp | grep named
    6. Configure firewall to allow dns packets

      #iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
      #iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
    7. Configure stub resolver (/etc/resolv.conf) of the DNS machine and other computers to use the authoritative nameserver configured above.

      Example:

      nameserver 192.168.1.1 <enter the ip address>
    8. Test DNS lookups from a remote computer.

      #yum install bind-utils
      #dig google.com

      Extract of output:

      ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> google.com
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38733
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 4

      NOERROR means query was successful.
    9. In addition to having an recursive nameserver, configure the same nameserver to be a authoritivative nameserver for the home-based private domain called example.com
      Example of /var/named/example.com..zone

      zone "example.com" IN
      {
             type master;
             file "example.com.zone";
      };

      zone "0.168.192.in-addr.arpa" IN
      {
                type master;
                file "example.com.rr.zone";
                allow-update { none; };
      };
    10. Configure a forward zone file for example.com and saved in as /var/named/example.com.zone
    11. Configure a reverse zone file and saved it as /var/named/example.com.rr.zone
    12. Start the named service

      #service named restart
    13. Test the authoritative server

      #dig example.com
    References:


    Posted by at No comments:

    Friday, 24 May 2013

    How to deploy Wireless Lan in a Centos 6.4 based Headless Computer

    Deploy Wireless Lan in a  Centos 6.4 based Headless Computer

    Objectives:

    A. Deploy wireless LAN connectivity using WPA2 security on a system that does not run NetworkManager service.

    B.  Follow Red Hat's principle to configuring networking:

    "Do not use custom init scripts to configure network settings. When performing a post-boot network service restart, custom init scripts configuring network settings that are run outside of the network init script lead to unpredictable results."


    1. Install firmware for wireless lan(wlan) adaptor of your notebook.

    2. Check the wlan adaptor is working by using wireless tools

    #yum install wireless-tools


    #iwlist wlan0 scanning


    (Extract of output)


    wlan0     Scan completed :

             Cell 01 - Address: 00:1E:58:EA:71:93

                       Channel:1

                       Frequency:2.412 GHz (Channel 1)

                       Quality=59/70  Signal level=-51 dBm  

                       Encryption key:on
                       ESSID:"My Wireless Access Point"
                       Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s
                       Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
                                 36 Mb/s; 48 Mb/s; 54 Mb/s
                       Mode:Master

    If output such as above is display, it indicates that the wlan adaptor is able to discover wireless access points.

    3. Modify interface configuration scripts for wlan interface as root user

    # cd /etc/sysconfig/network-scripts/

    # ls -l ifcfg-wlan0
    -rw-r--r--. 1 root root 274 May 22 21:30 ifcfg-wlan0

    Add the following parameters to ifcfg-wlan0

    #grep  "Wireless" -A 20 /usr/share/doc/initscripts-9.03.38/sysconfig.txt 
      Wireless-specific items:
        See iwconfig(8) for additional information.
        MODE=[Ad-Hoc|Managed|Master|Repeater|Secondary|Monitor|Auto]
        ESSID=
          Defaults to "any".
        NWID=
        FREQ=
          Ignored if MODE=Managed.
        CHANNEL=
          Ignored if MODE=Managed.
        SENS=<sensitivity threshold>
        RATE=
        KEY{1,2,3,4}=<WEP key with the given index> (Not needed)
        DEFAULTKEY=<default key index> (Not needed)
        KEY=<default WEP key> (Not needed)
        SECURITYMODE=[on|off|open|restricted]
        RTS=[auto|fixed|off|<rts threshold>]
        FRAG=[off|<fragmentation threshold>]
        IWCONFIG=<other iwconfig(8) options> (Not needed)
        SPYIPS=<list of IP addresses to monitor for link quality> (Not needed)
        IWPRIV=<iwpriv(8) commands> (Not needed)

    An example of ifcfg-wlan0:

    DEVICE=wlan0
    HWADDR=00:1B:77:AC:DC:D2
    TYPE=Ethernet
    UUID=eef1e3e3-cc34-4651-8977-0810f12ef3a7
    ONBOOT=yes
    NM_CONTROLLED=no
    BOOTPROTO=none
    IPADDR=192.168.0.7
    PREFIX=24
    GATEWAY=192.168.0.1
    MODE=Managed
    ESSID="Majapahit Wayarles II"
    RATE=auto
    SECURITYMODE=on
    RTS=auto
    FRAG=auto


    4. Install wpa_supplicant package

    #yum install wpa-supplicant

    5. Install dbus package

    #yum install dbus

    6. Modify wpa_supplicant.conf

    #vi /etc/wpa_supplicant/wpa_supplicant.conf

    Examples of a modified wpa_supplicant.conf:

    network={
                        ssid="MYNETWORKSSID"
                        scan_ssid=1
                        key_mgmt=WPA-PSK
                        psk="MYNETWORKPSK"
    }

    7. Modify /etc/sysconfig/wpa_supplicant

    Add wireless interface

    Example:

    INTERFACES="-iwlan0"

    8. Start the following services

    #service messagebus start

    #service start wpa_supplicant

    #service network restart

    9. Check that wlan interface link status is up

    #ip link show wlan0

    Example Output:


    2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1b:77:ac:dc:d2 brd ff:ff:ff:ff:ff:ff

    10. Check ip address of wlan0 interface

    #ip addr show wlan0

    Example output
    2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        link/ether 00:1b:77:ac:dc:d2 brd ff:ff:ff:ff:ff:ff
        inet 192.168.0.7/24 brd 192.168.0.255 scope global wlan0
        inet6 fe80::21b:77ff:feac:dcd2/64 scope link 
           valid_lft forever preferred_lft foreve



    11. Configure the following services to run automatically  upon system starting up

    #chkconfig --level 3 messagebus on

    #chkconfig --level 3 wpa_supplicant on

    12. Ensure the messagebus service starts first before wpa_supplicant service
    # ls -l /etc/rc.d/rc3.d/ | grep messagebus && ls -l /etc/rc.d/rc3.d/ | grep wpa_supplicant
    lrwxrwxrwx. 1 root root 20 May 22 11:46 S22messagebus -> ../init.d/messagebus
    lrwxrwxrwx. 1 root root 24 May 22 12:19 S23wpa_supplicant -> ../init.d/wpa_supplicant

    The XX number in SXXmessagebus of messagebus service must be less than YY number in SYYwpa_supplicant of wpa_supplicant service

     ------------------------------------THE END------------------------------------------------

     Other sources that I referred to:

     http://wiki.centos.org/HowTos/Laptops/WpaSupplicant

    http://minimallinux.blogspot.sg/2012/06/centos-6-wireless.html



    Posted by at No comments:

    Monday, 20 May 2013

    How to install Centos 6.4 on a Headless Computer

    Install Centos 6.4 on a Headless Computer

    My laptop's graphics card suffered a massive heart attack and died. But its processor, ram, hard disk. ethernet, etc are in working condition. So the laptop could still function as some sort of a server: Print server, Bittorrent downloader, NAS, etc.

    I choose Centos as the new server OS because I am familiar with it. But the problem is: I couldn't install Centos using the generic installer because it requires a monitor. I know how to install using a serial cable but the laptop does not have serial port. So I googled for a solution and I found this helpful wiki courtesy of Centos Wiki

    However, the author mentioned that the solution was not working for Centos 6.3:

    " *CentOS 6.3 minimal install CD (in process as we speak). Currently not working 100%. Does not skip disk verification. "

    I verified and it is true. The problem is that the Media Check prompt was NOT bypassed and that means the user had to use the laptop's keyboard and display to bypass the media check. However, I experimented and made some modification to bypass the Media Check Prompt.

    How to install Centos 6.4 on a Headless (And Keyboardless or Mouseless) Laptop

    1. Follow the general and specific steps for Centos 6.3 outlined in VNC Headless Install.

    2. To bypass the media check prompt:

    a. Add "ks=cdrom:/ks.cfg" boot parameter in isolinux.cfg

    b. #pwd
         /tmp/installDisk

    c. echo > ks.cfg

    3.  To point to repository in the DVD:

     1. Add repo=cdrom://sr0:/mnt/stage2 boot parameter in isolinux.cfg


    Example

     The following is an example of an isolinux.cfg incorporating the above modification:

    label vnc-linux
      menu label ^Install or upgrade an existing system over VNC
      menu default
      kernel vmlinuz
      append initrd=initrd.img vnc vncconnect=192.168.2.1 headless ip=192.168.2.4 netmask=255.255.255.0 dns=192.168.0.1 gateway=192.168.2.1 ksdevice=eth0 ks=cdrom:/ks.cfg repo=cdrom://sr0:/mnt/stage2 lang=en_US keymap=us syslog=192.168.2.1:514

    ________________________________End______________________________________________



    Posted by at 1 comment:
    Subscribe to: Comments (Atom)