How to authenticate Linux box with windows NT/ 2000 server

Please follow the steps as I have mentioned step by step.

1. Using the appropriate Microsoft utilities, add the Desktop
workstation to the domain. For example, for a Windows 2000 domain, run
Active Directory Users and Computers and add the Desktop machine to the
"Computers" OU (or wherever is appropriate for your environment), making
sure to turn on "Allow pre-Windows 2000 computers to use this account".

NOTE : When adding the computer to the active directory please click on
"Allow pre-Windows 2000 computers to use this account".

2. Please copy nsswitch,conf to /etc . Please copy kde, login, samba and
xscreensaver to /etc/pam.d and set the permissions as of the original files.
Please take a backup of all these original files before you overwrite them.

3. Copy the smb.conf to /etc/samba

4. Edit smb.conf and make changes to the following line as suitable for
your environment.

workgroup = KHADER

Note: (Here, I assume the user is using Komba. Else the user can use windows network neighborhood) To check the domain name please start your My Network and then in
that you will see the domain name, please use that name as visible in
the My Network and when you click on that domain the domain controller's
netbios name will also appear, please use that name as the netbios name.
Here I will give my details on the server and how they were visible in
the My Network. I used the details of My Network and everything worked

ON WINDOWS 2000 SERVER(When logged in as Administrator)

Rightclick on My Computer
Click on Properties
Click on Network Identification
You will see the following:

Full Computer Name : win2000.khader.jit.com (This my configuration, you
might see something else)

Domain : khader.jit.com

But when I start My Network I see this domain as KHADER and PDC as
win2000

5. Start the winbind service.

To join the system to the domain, give the following command

smbpasswd -j khader -r win2000 -U Administrator

Here khader will be replaced by your domain name and win2000 will be
replaced by the netbios name of the pdc

Then give the following commands

wbinfo -u
wbinfo -g
wbinfo -t

The last command should give you he following message

Secret is Good

Then give this command

wbinfo -a KHADER+test%test

KHADER is replaced by your domain name and test by the domain user and
the test password accordingly. This should give you the following
message.

plaintext password authentication succeeded

6. Create directory /home/WINDOWSDOMAIN (where WINDOWSDOMAIN is the
NetBIOS name of your Windows domain. USE CAPITAL LETTERS.)

7. Then Create /usr/local/bin/phdfwda

#!/bin/sh
#phdfwda

if ! [ -f "$HOME/Desktop/Personal Files" ] ; then
cp -R -u -d /etc/skel/* "$HOME"
fi


Run chmod a+x /usr/local/bin/phdfwda


8. Create /opt/kde2/share/autostart/phdfwda.desktop

[Desktop Entry]
Name=Populate home directory for Windows domain accounts
Exec=phdfwda
Type=Application
X-KDE-StartupNotify=false


Now go to the login prompt (X or text based) and type like the
following.

Login: KHADER+test
Password:

Please use DOMAINNAME+DOAMIN_USER_NAME

It will log you on. That's it. From now on you will be authenticated
from windows server and not the linux box. It will authenticate you from local machine if the domain controller is not available.


Please find below the names and contents of the files to be changed.

nsswitch.conf
============

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: compat winbind
shadow: compat
group: compat winbind

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus


==================================================================

kde
====

#%PAM-1.0
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok
account required /lib/security/pam_winbind.so
password required /lib/security/pam_cracklib.so type=user retry=3
password required /lib/security/pam_pwdb.so use_authtok
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
session required /lib/security/pam_pwdb.so

=================================================================

login
====

#%PAM-1.0
auth required pam_securetty.so
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth required pam_pwdb.so use_first_pass shadow nullok
auth optional pam_mail.so
account required pam_winbind.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_pwdb.so
session optional pam_lastlog.so
password required pam_pwdb.so


=============================================================

samba
======

#%PAM-1.0
auth sufficient pam_winbind.so
auth required pam_pwdb.so use_first_pass nullok nodelay
account sufficient pam_winbind.so
account required pam_pwdb.so nodelay
session required pam_pwdb.so nodelay
password required pam_pwdb.so shadow md5


=================================================================

smb.conf
========

[global]

domain master = No
local master = No
password server = *
security = domain
template homedir = /home/%D/%U
template shell = /bin/bash
winbind enum groups = yes
winbind enum users = yes
winbind gid = 10000-20000
winbind separator = +
winbind uid = 10000-20000
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = KHADER
server string = Member of win2000
encrypt passwords = yes

====================================================================

xscreensaver
===========

#%PAM-1.0

# Red Hat says this is right for them, as of 7.3:
auth sufficient pam_winbind.so
auth required pam_pwdb.so use_first_pass shadow nullok
# This is what we were using before:
# auth required pam_pwdb.so shadow nullok

=================================================================

Installing fonts in Linux and Mozilla

Installing fonts in Linux and Mozilla
==========================

Mozilla fonts suck big time. Especially if you visit a page with Trebuchet MS font like I've recently started using on mahmood.tv. True to my promise of using Linux exclusively over the next couple of weeks, I thought I'd better do something about the font display on my linux laptop.

In order to do that, I needed to copy the fonts I use for Windows XP Pro to Linux, that started the journey, however I must say that there is a wealth of information in this regard on the net, all you have to do is search for it.

Here are the steps I did to get my fonts over to Linux and how I activated them:

1. if you don't have a /usr/share/fonts/TrueType directory, create one
2. make sure that all the font files you're copying have lower-case extensions, so if you have files like
font.TTF, rename that to font.ttf
3. copy the fonts to /usr/share/fonts/TrueType
4. change into that directory: cd /usr/share/fonts/TrueType
5. issue the following commands to build the necessary fonts.scale and fonts.dir:

ttmkfdir -o fonts.scale

mkfontdir

6. this should have now created the fonts.scale and fonts.dir files
7. now go to you /etc/X11 directory so that you can add the new font directory to the search path of your
X server by adding it to the fonts section of XF86Config
8. edit XF86Config
go to the �Files� section and add the FontPath there, mine looks like the following
after editing:

RgbPath "/usr/X11R6/lib/X11/rgb"

FontPath "unix/:7100"

FontPath "/usr/share/fonts/TrueType"


9. Now for the Mozilla part! Go to the directory you installed Mozilla in, mine is located
at /usr/local/mozilla. Change into /usr/local/mozilla/defaults/prefs
10. backup the �unix.js� preference file so that you can get back to it if anything screws
up:
11. cp unix.js unix.js.bak
12. edit the unix.js file and look for the �TrueType� section and change it to look like
the following snippet:


// TrueType

pref("font.FreeType2.enable", true);

pref("font.freetype2.shared-library", "libfreetype.so.6");

// if libfreetype was built without hinting compiled in

// it is best to leave hinting off

pref("font.FreeType2.autohinted", false);

pref("font.FreeType2.unhinted", false);

// below a certian pixel size anti-aliased fonts produce poor results

pref("font.antialias.min", ;

pref("font.embedded_bitmaps.max", 1000000);

pref("font.scale.tt_bitmap.dark_text.min", 0);

pref("font.scale.tt_bitmap.dark_text.gain", "0.7");

// sample prefs for TrueType font dirs

pref("font.directory.truetype.1", "/usr/share/fonts/TrueType");

pref("font.directory.truetype.2", "/usr/X11R6/lib/X11/fonts/TTF");

//pref("font.directory.truetype.3", "/u/sam/tt_font3");

pref("font.FreeType2.printing", true);



Now you'll enjoy a MUCH clearer veiw of websites you visit!


I'm still not very happy as the fonts are not kerned properly and look a bit spaced out on my laptop. I'll
have a look at that next and let you know if I get better display.


For OpenOffice.org, you can simply run the �spadmin� program and add your fonts by pointing to the TrueType directory and �add all�, close the panel and start up OpenOffice and you'll be happy to see that you now have all the fonts to play with in your documents

My Resume

Abdul Khader
Objective
To work as a System Administrator
Education
1999 [October]
* Completed Caldera Systems Authorized Course: Linux Administration for Networking Professionals from Swarnasoft Solutions Pvt. (Ltd.), [Hyderabad]
1999 [September]
* Microsoft Certified System Engineer
* Windows NT Server 4.0 in the Enterprise
* Windows NT Server 4.0
* Windows NT Workstation 4.0
* Networking Essentials
* TCP/IP
* Internet Information Server 4.0
1999 [August]
* Attended Workshop on Windows 2000 (NT 5.0) conducted by KAROX Technologies Ltd.
* Installation, Configuration, ADS, DCs, OUs, Trees, Forests, RAS, NTFS, TCP/IP, DNS, WINS, IIS5, IE5.
1993 - 1995
* Advance Diploma In Systems Management from NIIT, Hyderabad.
1992 - 1994
* M.A [Eng. Lit.] from Osmania University Hyderabad.
1989 - 1992
* B.A from Osmania University Hyderabad.
Awards received
Gold Medal in B.A
Languages
English and Hindi


Work experience

1998 [October] - 1999 [June]
Worked as an Administrator and taught Windows NT in Microtek Computer Education Center, [Hyderabad].
My responsibilities included planning of network, implementing the network, making system policies and user policies for different users and groups, securing the resources of the network planning the security and implementing the security, to monitor the network and trouble shoot any problems of the users, add users, assign their permissions and design their interfaces, add new clients to the network, planning for the installation and installing Windows NT Server and Workstation, install services like DHCP Server and configure it, Create the scope for DHCP according to the requirements, trouble shoot boot-up problems and printing problems, print job scheduling, replicating files and other administrative activities. I also have a sound knowledge of Windows 95 / 98 / windows Millennium including installation, Microsoft Excel and Microsoft Word 97.

1999 [October] - 2000 [July]
Worked as an Administrator in Swarnasoft solutions Pvt. (Ltd.).[Hyderabad]
My responsibilities included going to client sites, planning of network, implementing the network, making system policies and user policies for different users and groups, securing the resources of the network planning the security and implementing the security, to monitor the network and trouble shoot any problems of the users, add users, assign their permissions and design their interfaces, add new clients to the network (Linux and Windows95/98/NT), and
Sharing data across Linux and Windows clients, planning for the installation and installing Linux server and Workstation, install services like DHCP and DNS Server and configure it, Create the scope for DHCP according to the requirements, install and configure SAMBA, install and configure APACHE web server, install and configure SQUID (Linux native proxy server) trouble shoot boot-up problems and printing problems, print job scheduling and other administrative activities. I also present demonstrations of Linux and give presentations in seminars conducted by the company to promote Linux.

* Projects completed:
1) Project Location:
Advanced Radio Models (A.R.M)
Project Requirements:
Intranet with Proxy, NFS, NIS, Star Office, SAMBA

2) Project Location:
Andrapradesh Technology Services
Organization which is directly responsible for
Imparting IT education to all of the state govt.
Officials.
Project Requirements:
Give technical demonstration(all about Linux
including the internals) and install Linux, Apache,
Samba, Squid, NIS, DHCP, Star office etc.

3) Project Location:
Swarnasoft Solutions Pvt. Ltd.
Swarnasoft which is the only authorized teaching
center and authorized technical support organization
for Caldera Systems Inc. USA [One of the major
distributors of Linux in the World], in South Asia.
Project Requirements:
Make a purely functional Clustering system on Linux.
Clustering requires more than one system to process
a given job simultaneously, dividing the given job into
chunks and allotting each node a chunk of the job to
be processed. This is also better known as parallel
processing.
* This project was in its final phase.
4) Project Location:
Andhra Sugars Pvt. Ltd., Tanuku, East Godavari,
A.P, India.
Project Requirements:
Installing Linux (SuSe, Corel, Redhat, Mandrake and
Caldera),
Configuring Samba, Apache, sendmail, Squid Proxy
Server, Webmin, NFS, DNS, DHCP.
Taught all the above mentioned to the IT Staff of
Andhra Sugers Pvt. Ltd.

5) Project Location:
Zen Computers Pvt. Ltd., A.P, India.
Project Requirements:
Planning the network and implementing the network.
Installing Windows NT and Windows 98. Installing NT
server 4.0 on two PDC's (Multiple Domain Network)
and two BDC's and installing and configuring Microsoft
Proxy Server and Win Proxy, installing and configuring
DHCP, DNS, RAS, Multilinking, Securing the network
and setting up network monitoring tools. Installing
Windows 98 on 25 systems.

2000 [July] - 2000 [November]
Worked as an Administrator and teaching Windows NT, 95, 98 and Linux in Expert Software Services Pvt. (Ltd.).[India].
1) Project Location:
Expert Software Services Pvt. Ltd., A.P, India.
Project Requirements:
Planning the network and implementing the network.
Installing Windows NT and Windows 98 and Linux.
Installing Caldera Open Linux e-Server 2.3, Windows
NT 4.0 and Windows 95 and 98.
installing and configuring Samba, Webmin, Squid,
Quota Allocation, Apache Web Server, Sendmail,
NFS, DHCP, Installing and configuring WebRam,
Multilinking. Securing the network and setting up
network monitoring tools.

2) Project Location:
Deccan Computers Pvt. Ltd., A.P, India.
Project Requirements:
Planning the network and implementing the network.
Installing Windows NT and Windows 98 and Linux.
Installing NT Server 4.0 on one PDC and oneBDC and
installing and configuring Comsocks Proxy Server and
configuring DHCP, Multilinking, Securing the network
and setting up network monitoring tools.

3) Project Location:
Cyber-dyne Systems Pvt. Ltd., A.P, India.
Project Requirements:
To make a complete Linux based network.
Planning the network and implementing the network.
Installed Caldera Open Linux e-Server 2.3. on two
servers and 20 clients.
Installed and configured Samba server, Webmin,
Squid server, Quota Allocation, Apache Web Server
including virtual hosting,Sendmail server including
masquerading, NFS server,NFS clients,DHCP Server
and DNS server.
Installed JAVA, PHP3 and Star office.
Installed Oracle 8 on one server.
Secured the network with complete network security
planning and implemented the security plan. Setup the
cheops for network monitoring and availability of
clients.

2000 [November] - 2002 [May]
Worked as Systems Administrator/System Head in Sip Technologies and exports Ltd.
SIP Technologies is the business partner of Sun Microsystems, USA, KKL of Switzerland (KKL is the biggest nuclear plant in Switzerland), Zaplet Inc, USA.
I manage 253 systems, routers, point to point connectivity through International Private Leased Circuit, leased lines, dialup ISDN line, switches, Firewall, Mail server and proxy servers.
Responsibilities include installing Solaris O/S (2.6, 2.7 and 2.8) on Sun Sparc machines (Ultra Sparc 1, 2, 5, 10, 65, Netra and 450 Enterprise Server) and on Intel Machines, Installing Windows Powered, Windows 2000, Windows NT, Windows 95/98//Mellinium, Installing Linux (Caldera, Red Hat, SuSe, Manderake and Turbo), Installing Configuring proxy servers, web servers, oracle, NFS servers and clients, DHCP servers and clients, Mail servers and clients, application servers, backup, trouble-shooting the startup, network related problems, printing problems, maintaining AIX systems on IBM/RS6000 machines and regularly taking backup and other system administration related activities. Coordinating with the vendors, VSNL, Dishnet. Documentation.
* Sun Solaris and Related Activities
Installing different versions of Sun Solaris i.e. 2.6, 2.7 and 2.8 on Ultrasparc machines (Ultrasparc 1, 2, 5, 10, 65, Netra and 450 Enterprise Server). Installation and configuration of NFS server and clients, DNS server and clients, DHCP clients, Printing services through SAMBA and manually configuring the printing services, Trouble-shooting the startup problems and all the system related problems, installing and configuring mail servers (Sendmail and Lotus Dominos mail server), Application server (I-Planet), Web servers (Apache), Backup, Reprogramming the MAC address on the locked PROM's. Adding packages and patches and different software. Monitoring the critical systems for network intrusion, stability etc.
* Linux and Related Activities
Installing different versions of Linux (Caldera, Red Hat, SuSe, Mandrake, Turbo), Installation and configuration of NFS server and clients, DNS, DHCP server and clients, Printing services through SAMBA and manually configuring the printing services, Trouble-shooting the startup problems and all the system related problems, installing and configuring mail servers (Sendmail and Lotus Dominos mail server), implementing Mailman, Web servers (Apache), Backup, Monitoring the critical systems for network intrusion, stability etc. Compiling the kernel, updating the kernel with the latest patches. Installing new embedded Linux kernel on Zarus.
* Windows and Related Activity
Installing different versions of Windows (Powered, 2000, NT, Windows XP, Millennium, 98, 95). Installation of Oracle, DHCP servers, Proxy servers, Mail server (Lotus Dominos), Print server, Defining system policies for users, installing application server (I-Planet), implementing Trust Relationship between multiple domains, backup and other system administration related activities.
* Routers and Switches
Installed and configured Cisco routers 2500 and 1750. Configured 1750 for IPLC and VoIP, Configured 2500 for two leased lines. Implemented ACL on 2500.
Configured Cisco 3500 10/100 MBPS switch, Nortel networks 10/10 MBPS switches. Installed a Linux based router and a SMC Barricade NAT router as intranet routers for splitting the networks to improve the network performance.
* Firewall
Installation and configuration of Sunscreen firewall on Solaris 2.6 and Linux native firewall.
* Mail Server
Installed and configured Sendmail on SunSparc & Linux for the main mail servers and subsequent clients. Also installed and configured Lotus Dominos mail server on Linux, Windows NT, Sun Solaris as Intranet mail servers. Installed Mailman for mail filtering and complete control over inbound mails.
* Proxy Server
Installed and configured squid and wingate proxy servers. I.P and user name authentication implemented. Installed and configured Apache WEB server to act as a proxy.
* LDAP Implementation
Installed and configured LDAP for Centralized Authentication
And e-mail resolution. LDAP server is running on RedHat
Linux 7.0.
* Documentation
I prepare and compile the complete documentation for the system administration department. Further I update the documentation on a regular basis. I also make the security policy for our network.
* SSH
Installed SSH on Linux & Windows for CVS, Outlook Express, secure terminal access to remote client systems and secure file transfer.
* Eddie (Load Balancing)
Installed & configured Eddie on Linux 7.2 for WEB Server load balancing.
* Bug tracking
Installation of Bugzilla for bug tracking.
* Concurrent Versions System
Installation of CVS and creation of different CVS accounts for
Different projects. Installed WebCVS on Linux 7.2 for remote
clients to access the CVS.
* Apache
Installed Apache on Linux, Windows & Sun Solaris.
Implemented SSL for secure access by the remote clients.
* Remote Desktop Administration
Installing and configuring remote desktop tools like VNC,
NetOp, Hyena, Microsoft Client Services for performing remote
administration on remote systems located in Santa Calara,
USA.

2002 [June] - 2003 [August]
Worked as Systems Administrator/System Head in
Javaji System Solutions.
Javaji System Solutions is a Frankfurt based software development and service provider with branches in USA, UK, Bulgaria, India and UAE. Partnering with Real, it provides the state of the art streaming media solutions. We are into embedded system solutions and system security services.
My responsibilities include managing the intranet, mail server, web server, installation and troubleshooting of Linux (6.2, 7.0, 7.1, 7.3, Midori) Windows 2000 server and professional), compilation of kernel etc.
I have installed and configured Apache web server with SSL, mail man, mail server, Helix universal server, Linphone, Gnome meeting, Samba, NFS, router (Linux based), SSH, CVS, Bugzilla, Squid proxy server, PGP, Midori etc.
I was working on three major projects.
1) Midori Linux
2) Web casting
3) Intranet Development

1) Midori Linux: We are porting Midori Linux to a specific SBC factor system. Midori is essentially an embedded version of the popular Linux. We are in the testing stage of this product, which will do lots of things like web casting, home-alarming, VPN, Firewall, DHCP server and client. Email client, VCD Player, router, Mobile phone and lots of functions. I am working on the basic installation and porting of Midori to SBC system along with konqueror-embedded, Gnome meeting, Linphone, Apache, Web casting, VPN, Firewall, DHCP server and client and router.
2) Web casting: Using real's Helix Universal Server and other tools we are giving state of the art web casting solutions. Be it on demand or live. Till date I have installed and configured Helix Universal Server on Red hat 7.3 and given the solutions to one of the biggest government organizations. I have given the complete network layout and authentication mechanism along with the router level PPP authentication.
We also provide synchronization of audio, video and PPT clips either live or on demand.
3) Intranet Development: Installing, configuring and implementing mail server, DNS server, Intranet WEB site which includes mailing lists, web interface to the local e-mail accounts, bug tracking, web interface to the CVS server, web based e-learning.

SINCE 2003 [September]
Working as Tech. Support Manager /Systems Administrator in Elxlinux Pvt Ltd.
Elxlinux is a premier Indian Linux company which makes it's own Linux distro. It has branches in USA, UK, India and Malaysia.. We are also into embedded system solutions. My responsibilities include managing the Support Max system and also manage the power isp project. I also look at various system administrative activities which includes the typical system administrative activities like mail server, web server dns etc management.
Currently I am working on Power ISP.
This product is very unique in that it gives the administrator a complete flexibility in controlling the bandwidth and distributing it the way he likes. The system administrator can see complete reports like which user has gone to which sites and even when required he can see user's desktop remotely.
I am currently handling this project.