Tuesday, February 9, 2010

Apache:How to install ANT tool under Linux

In this tutorial I will show you how you can install ant tool on your linux box. This installing ant in linux is based on the practical work.
Step 1:
Download ant from http://ant.apache.org/bindownload.cgi. I have downloaded apache-ant-1.7.1-bin.zip for this tutorial.

Step 2:

Login to your Linux box and create a directory "ant" under /usr/local.

[root@RoseIndiaLinux local]# mkdir ant
[root@RoseIndiaLinux local]# cd ant
[root@RoseIndiaLinux ant]# pwd
[root@RoseIndiaLinux ant]#

Step 3:

Copy apache-ant-1.7.1-bin.zip onto your Linux box in /usr/local/ant directory.

Step 4:

Extract the zip file apache-ant-1.7.1-bin.zip) using unzip command.

[root@RoseIndiaLinux ant]# unzip apache-ant-1.7.1-bin.zip

above command will extract the content of the zip file and will create a new directory apache-ant-1.7.1

Step 5:

Set path in the .bash_profile

Open the file /root/.bash_profile and add the following codes:

export ANT_HOME=/usr/local/ant/apache-ant-1.7.1
export JAVA_HOME=/opt/java/jdk1.6.0_06
export PATH=${PATH}:${ANT_HOME}/bin

Step 6:

Logout and login again to your Linux box. Now ant available on your box.

Port Redirection: Howto?

You can easily redirect incoming traffic by inserting rules into PREROUTING chain of the nat table. You can set destination port using the REDIRECT target.

The syntax is as follows to redirect tcp $srcPortNumber port to $dstPortNumber:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumbe

The syntax is as follows to redirect udp $srcPortNumber port to $dstPortNumber:

iptables -t nat -A PREROUTING -i eth0 -p udp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumbe

Replace eth0 with your actual interface name. The following syntax match for source and destination ips:

iptables -t nat -I PREROUTING --src $SRC_IP_MASK --dst $DST_IP -p tcp --dport $portNumber -j REDIRECT --to-ports $rediectPort


The following example redirects TCP port 25 to port 2525:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 2525

In this example all incoming traffic on port 80 redirect to port 8123

iptables -t nat -I PREROUTING --src 0/0 --dst -p tcp --dport 80 -j REDIRECT --to-ports 8123

Quoting from the iptables man page:

This target is only valid in the nat table, in the PREROUTING and OUTPUT
chains, and user-defined chains which are only called from those
chains. It redirects the packet to the machine itself by changing the
destination IP to the primary address of the incoming interface
(locally-generated packets are mapped to the address). It
takes one option:

--to-ports port[-port]
This specifies a destination port or range of ports to use:
without this, the destination port is never altered. This is
only valid if the rule also specifies -p tcp or -p udp.

The OUTPUT chain example:

iptables -t nat -I OUTPUT --src 0/0 --dst -p tcp --dport 80 -j REDIRECT --to-ports 8123

How Do I View NAT Rules?

Type the following command:

iptables -t nat -L -n -v

How Do I Save NAT Redirect Rules?

Type the following command:


Connecting RHEL to Active Directory Server through Winbind

You have a RHEL system and you want to authenticate it against your active directory. The good news is that Red Hat has made it easy for you to do this. The bad news is that they only get the most basic structure working for you.

Here I will show you how to get WinBind authentication working using Authconfig, and how make it a little more seamless than this utility leaves it off.

It should be noted that while this works perfectly well, it is really not the best way to authenticate users against a UNIX host. Given the option, having your users in OpenLDAP and PAM authenticating them against that would be a much better option. However, we don’t live in a perfect world, and sometimes we just have to make things work.

Let’s start by using authconfig to join your machine to the domain. This should all be done as the root user.

# authconfig

* Select “Use Winbind” and Use “Winbind Authentication”. Remember to leave “Cache Information”, “Use MD5 Passwords” and “Use Shadow Passwords” selected.
* Select “Next”
* Under “Security Model” select “ads”
* “Domains:” examplead (substatute with the name of your Active Directory)
* “Domain Controllers:” adserver.domain.com (Again, substitute with the name of your Active Directory server)
* “Template Shell:” /bin/bash
* Select “Join Domain”
* Select “OK”

Now your machine should be be on the domain. Test it to make sure you can see your AD users:

# wbinfo -u

You should see your users in the list.

The only problem is that to do anything with them, you have to express their user name in that annoying way Windows likes you to. Something like this:


Not very usefull. To get around this, simply edit “/etc/samba/smb.conf” and change this line:

winbind use default domain = no

to this:

winbind use default domain = yes

You should now be able to express AD usernames without the domain nonsense before it. Try it:

# finger username
Login: username Name: Username
Directory: /home/EXAMPLEAD/username Shell: /bin/bash
Never logged in.
No mail.
No Plan.

Finally check your “/etc/nsswhich.conf” file to make sure RHEL knows to use WinBind. Authconfig should have set this up for you, and it should have lines that look like this:

passwd: files winbind
shadow: files winbind
group: files winbind

Note:Follow these instructions to have your users directories automatically created….