RHEL6 as LDAP client with ldap authentication

Edit the file /etc/openldap/ldap.conf URI ldap://$FQDN_OF_SERVER/ (has to be the same fqdn as in the certificate) BASE dc=mydomain,dc=com TLS_CACERTDIR /etc/openldap/cacerts now edit the /etc/nsswitch.conf file to tell linux where to get the login information from: passwd:     files sss ldap shadow:     files sss ldap group:      files sss ldap After that run the command authconfig-gtk Select: User…

Read More

RHEL6 Caching Name Server

The package caching-nameserver is integrated in the bind package! So these two packages have to be installed: # yum install bind bind-chroot Than set named_write_master_zones 1 # setsebool -P named_write_master_zones 1 Allow queries on port 53 for DNS requests # iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT…

Read More

Expand luks encrypted filesystems

umount /crypto fsck.ext4 -C 0 -f /dev/mapper/crypto cryptsetup luksClose crypto lvextend -L +100M /dev/cryptovg/crypto cryptsetup luksOpen /dev/cryptovg/crypto crypto cryptsetup -v resize crypto fsck.ext4 -f /dev/mapper/crypto resize4fs /dev/mapper/crypto (you’ll need to install e4fsprogs to use resize4fs) fsck.ext4 -f /dev/mapper/crypto mount /dev/mapper/crypto /crypto

Read More

create luks lvm partition

lvcreate -L 500M -n crypto cryptovg Fill your partition with random data: dd if=/dev/urandom of=/dev/ cryptovg /crypto initialize your partition: cryptsetup –verbose –verify-passphrase luksFormat /dev/ cryptovg / crypto open the newly encrypted device: cryptsetup luksOpen /dev/ cryptovg / crypto cryptosec check it’s there: ls -l /dev/mapper | grep cryptosec create a filesystem: mkfs.ext4 /dev/mapper/cryptosec mount…

Read More