Start, stop, status of the Zimbra servers.
zmcontrol
Performs mailbox management tasks
zmmailbox
Performs all provisioning tasks in Zimbra LDAP,
zmprov
example: zmprov sp adminname@domain.com password
zmprov ca namauser@domain.com password
zmprov sp namauser@domain.com New_Password
When you create an account, you may want to pre-create some tags and folders. You can invoke zmmailbox inside of zmprov by using “selectMailbox(sm)”
root@efrizal-laptop:/opt/zimbra# /opt/zimbra/bin/zmprov
prov> ca efri@mail.fery.ok password
953df672-097f-4b5c-b152-0d6e33232026
prov>
prov> sm efri@mail.fery.ok
mailbox: efri@mail.fery.ok, size: 0 B, messages: 0, unread: 0
mbox efri@mail.fery.ok>
To find the mailbox size for an account
zimbra@efrizal-laptop:~$ zmmailbox -z-m imi@mail.fery.ok gms
1.60 MB
Start, stop, or find the status of zimbra LDAP
ldap
Perform a search on an LDAP server
ldapsearch
Start, stop, or find the status of the MySql
logmysql
Start, stop the SQL instance for the logger
logmysql.server
Send myslqadmin commands to the logger mysql
logmysqladmin
Start, stop, find the status of the mailboxd server
mailboxd
Enters interactive command-line MySQL session
mysql
Start, stop the SQL instance for the mailbox
mysql.server
Send admin commands to MySQL
mysqladmin
Postfix command to view or modify the postfix
postconf
Start, stop, reload, flush, check, upgrade-
postfix
Lists the accounts and gives the status of
zmaccts
Start, stop, or find the status of the Amavis-D
zmamavisdctl
Sart, stop, reload, status for anti-spam service
zmantispamctl
Start, stop, reload, status for the anti-virus service
zmantivirusctl
Start, stop, status of Apache service (for spell
zmapachectl
Performs full backups and incremental backups
zmbackup
Stops a backup that is in process.
zmbackupabort
Find a specific full backup set
zmbackupquery
Start, stop, or find the status of Clam AV
zmclamdctl
Clean iPlanet ICS calendar files
zmcleaniplanetics
Start, stop, the conversion server or find the
zmconvertctl
manage self-signed and commercial certificates
zmcertmgr
General information about the server
zmdumpenv
Fixes calendar entries with incorrect TZ offset
zmfixtz
Find the hostname of the Zimbra server
zmhostname
Start, stop and status of a HSM session.
zmhsm
Execute Java with Zimbra-specific environment
zmjava
Changes the LDAP password
zmldappasswd
View and install your Zimbra license
zmlicense
testing tool
zmlmtpinject
Used to set or get the local configuration of a
zmlocalconfig
Zimbra server
Start, stop, reload, or find the status of the Zimbra
zmloggerctl
Start, stop, status of the swatch that is monitoring
zmlogswatchctl
logging
Start, stop, reload, or find the status of the
zmmailboxdctl
Used to move selected mailboxes from one
zmmailboxmove
zibra server to another.
Search across mailboxes to find messages and
zmmboxsearch
example: zmmboxsearch -m user1@yourdomain.com,user2@yourdomain.com -q “in:inbox” -d
/var/tmp
Trace messages
zmmsgtrace
Start, stop, or find the status of the MTA
zmmtaconfigctl
Start, stop, or find the status of the MTA
zmmtactl
Change logger MySQL password
zmmylogpasswd
Change MySQL passwords
zmmypasswd
Status of mailbox SQL instance
zmmysqlstatus
Start, stop, or find the status of the perdition IMAP
zmperditionctl
Start or stop IMAP proxy service
zmproxyctl
Performs full restores and incremental restores
zmrestore
Restore accounts from the LDAP backup
zmrestoreldap
Performs full restore when the Zimbra server
zmrestoreoffline
Start, stop, or find the status of saslauthd
zmsaslauthdctl
Schedule backups
zmschedulebackup
Used for other zm scripts, do not use
zmshutil
Retrieve spam and relocate it to a specified directory
zmspamextract
Start, stop, or find the status of the spell check
zmspellctl
server
Generate Zimbra’s SSH encryption keys
zmsshkeygen
Kamis, 04 Desember 2008
Senin, 24 November 2008
Instalation with Kickstart
kickstart installations can be performed using a local CD-ROM, a local hard drive, or via NFS, FTP, or HTTP.
To use kickstart, you must:
1. Create a kickstart file.
2. Create a boot diskette with the kickstart file or make the kickstart file available on the network.
3. Make the installation tree available.
4. Start the kickstart installation.
fallowing this step:
1. mkdir –p /config/kickstart
2.Configure you NFS
vi /etc/exports
/config/kickstart *(ro,no_squash_root)
3. Run NFS
/etc/init.d/portmap restart
/etc/init.d/nfs restart
if you have any change your configuration run this command
exportfs –ra
4.Run Kicstart configuration
system-config-kickstart
(basic instalation, bootloader, partition, networking, authentication, firewall,
Xwindow, packet, etc)
5.Save Configuration
Klik File | save as => ks.cfg
mcopy ks.cfg a:
6. Now try boot with usb.floppy or disk
linux ks=floppy
linux ks=hd:fd0:/ks.cfg
linux ks=cdrom:/ks.cfg
ks=nfs:
To use kickstart, you must:
1. Create a kickstart file.
2. Create a boot diskette with the kickstart file or make the kickstart file available on the network.
3. Make the installation tree available.
4. Start the kickstart installation.
fallowing this step:
1. mkdir –p /config/kickstart
2.Configure you NFS
vi /etc/exports
/config/kickstart *(ro,no_squash_root)
3. Run NFS
/etc/init.d/portmap restart
/etc/init.d/nfs restart
if you have any change your configuration run this command
exportfs –ra
4.Run Kicstart configuration
system-config-kickstart
(basic instalation, bootloader, partition, networking, authentication, firewall,
Xwindow, packet, etc)
5.Save Configuration
Klik File | save as => ks.cfg
mcopy ks.cfg a:
6. Now try boot with usb.floppy or disk
linux ks=floppy
linux ks=hd:fd0:/ks.cfg
linux ks=cdrom:/ks.cfg
ks=nfs:
Network printer with cups
Once you have set the IP address you can access the printer or print server using the ipp, lpd, or socket backends. The following is a list of common network interfaces and printer servers and the settings you should use with CUPS:
http://hostname:631/ipp/
http://hostname:631/ipp/port1
ipp://hostname/ipp/
ipp://hostname/ipp/port1
lpd://hostname/queue
socket://hostname
socket://hostname:9100
Let's we start to configure cups server :
1.open your browser and type url http://localhost:631 or http://ip-address:631
2.Klik Add Printer
3.Entry printer name(exp:pr) location and decription.
4.Choose your printer device
5.Choose Make/Manufakture your printer
6.Choose Model/Driver for printer
7.Enter username and Password for cups (exp: username:root password:1234)
8.Set printer option
9.Set as default for this printer
10.Print test page
Configuration for client cups:
1.open your browser and type url http://localhost:631 or http://ip-address:631/pr
2.Klik Add Printer
3.Entry printer name, location and decription.
4.Choose your printer device (you can use http exp: http://ip-adress-server/printers/pr
5.Choose Make/Manufakture your printer
6.Choose Model/Driver for printer
7.Enter username and Password for cups (exp: username:root password:password)
8.Set printer option
9.Set as default for this printer
10.Print test page
http://hostname:631/ipp/
http://hostname:631/ipp/port1
ipp://hostname/ipp/
ipp://hostname/ipp/port1
lpd://hostname/queue
socket://hostname
socket://hostname:9100
Let's we start to configure cups server :
1.open your browser and type url http://localhost:631 or http://ip-address:631
2.Klik Add Printer
3.Entry printer name(exp:pr) location and decription.
4.Choose your printer device
5.Choose Make/Manufakture your printer
6.Choose Model/Driver for printer
7.Enter username and Password for cups (exp: username:root password:1234)
8.Set printer option
9.Set as default for this printer
10.Print test page
Configuration for client cups:
1.open your browser and type url http://localhost:631 or http://ip-address:631/pr
2.Klik Add Printer
3.Entry printer name, location and decription.
4.Choose your printer device (you can use http exp: http://ip-adress-server/printers/pr
5.Choose Make/Manufakture your printer
6.Choose Model/Driver for printer
7.Enter username and Password for cups (exp: username:root password:password)
8.Set printer option
9.Set as default for this printer
10.Print test page
Minggu, 16 November 2008
Quota user in Linux
For the implementation of disk quotas follow these steps:
1.Check whether your hard drive / and /home one partition or no.
1.Edit file /etc/fstab
/dev/hda5 /home ext3 defaults,usrquota,grpquota 1 2
2. Make files db quota
touch /home/aquota.user
touch /home/aquota.group
3.Remount File System
mount -oremount /home
4.Make table current disk usage per file system
quotacheck -vug /home -m
5.quotaon
quotaon -vug /home
6.List quota
repquota -a
7. Make quota per user
setquota -u very 100000 110000 0 0 -a
have i nice try.
1.Check whether your hard drive / and /home one partition or no.
1.Edit file /etc/fstab
/dev/hda5 /home ext3 defaults,usrquota,grpquota 1 2
2. Make files db quota
touch /home/aquota.user
touch /home/aquota.group
3.Remount File System
mount -oremount /home
4.Make table current disk usage per file system
quotacheck -vug /home -m
5.quotaon
quotaon -vug /home
6.List quota
repquota -a
7. Make quota per user
setquota -u very 100000 110000 0 0 -a
have i nice try.
Senin, 10 November 2008
Instalation linux with NFS
NFS Configuration
Choose a directory in which to place the CD ISO images. For /media/cdrom, we'll call the directory /mnt/cdrom.
Export that directory via NFS
Do all this as user root. Once the install CD's are properly loaded in the directory, that directory must be made available on the local network. Add the following to /etc/exports:
vi /etc/exports
/mnt/cdrom 192.168.1.0/24 localhost(ro)
mkdir -p /mnt/cdrom
mount -t iso9660 -o ro /media/cdrom /mnt/cdrom
/etc/init.d/portmap restart
/etc/init.d/nfs start
test nfs for localhost
mkdir /mnt/nfs
mount -t nfs localhost:/mnt/cdrom /mnt/nfs
Now, you cek nfs for network
mount -t nfs 192.168.1.110:/mnt/cdrom /mnt/nfs
if mount success, then you make diskboot.
cd /mnt/cdrom/images
dd if=diskboot.img of=/dev/sda1
client
you must setting BIOS to firstboot to USB or Floppy, if its ok you type commnad :
boot: linux askmethod
If that command fails, or if you can't see the files and directories inside /mnt/cdrom, then something's wrong and you need to troubleshoot before moving on to the next step.
Check that you're not blocked by iptables
The iptables software relies on portmap to map some ports at high addresses. These high ports can change each time iptables is restarted. Therefore, these high ports can be blocked by the client machine's firewall, preventing NFS access. The solution is:
1. Force the high port to be known
2. Fix the firewall to pass these ports
Diagnosing the Problem
If you can't mount NFS shares and can't figure out why, try mounting them from localhost on the share host:
mount -t nfs -o ro localhost:/media/cdrom /mnt/cdrom
If the preceding works whereas mounts from other hosts do not, it's an excellent indication that you're firewall blocking your NFS. To really make sure, *very temporarily* create an overly permissive firewall. If the NFS mounting problem goes away, you have an iptables problem that can be fixed with iptables configuration.
Creation of an overly permissive firewall is described later in this article.
Finding or Creating Your iptables Configuration File
The usual config file for iptables is /etc/sysconfig/iptables., but it could be elsewhere. To find the location of the iptables configuration file, look in /etc/rc.d/init.d/iptables at the code in save(). This code contains an environment variable set to the intended location of the config file. On Mandy 9 boxes this is called $IPTABLES_CONFIG. Next look through /etc/rc.d/init.d/iptables to determine how that variable is set. In Mandy 9.0 it's set near the top of the file. Once you know the intended config file, you can look for it, and if it doesn't exist, you can create it.
Instead, the boot process builds up iptablescommand by command. In my opinion having the config file is much easier for troubleshooting. So if you don't have /etc/sysconfig/iptables, your first step is to create it.
WARNING
ALWAYS make absolutely sure there's no existing iptables config file before creating one, because overwriting your existing firewall is a terrible thing.
If you're sure you don't have a config file (look elsewhere besides /etc/sysconfig/iptables), use the following command to create one:
service iptables restart
service iptables save
The first command restarts iptables, putting it in a known state. The second writes the config file.
service iptables save
Don't create an overly permissive firewall if you're in an extremely hostile environment. Either disconnect the machine from the main network and test it with a small one not connected to the Internet (i.e. null modem cable or equivalent), or perform more troubleshooting steps to determine the nature of the problem without undue exposure to crackers.
Edit your firewall config file (probably /etc/sysconfig/iptables). Go to the filter chain, which starts with the string *filter. Right above the first -Aline in the filter chain, insert the following line:
[0:0] -A INPUT -j ACCEPT
The preceding line tells the filter chain to accept all packets from everywhere. Restart iptables and try your mount again. If it succeeds, you've toggled the symptom with the client firewall, so now you know where to troubleshoot.
To foil script kiddies, IMMEDIATELY remove the line you just inserted.
Allowing NFS Through Your Client Firewall
Your first step is to view the output of rpcinfo to see what ports you're using. The session might look something like this:
rpcinfo -p 192.168.100.2
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 32886 nlockmgr
100021 3 udp 32886 nlockmgr
100021 4 udp 32886 nlockmgr
100011 1 udp 808 rquotad
100011 2 udp 808 rquotad
100011 1 tcp 811 rquotad
100011 2 tcp 811 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100005 1 udp 32888 mountd
100005 1 tcp 33448 mountd
100005 2 udp 32888 mountd
100005 2 tcp 33448 mountd
100005 3 udp 32888 mountd
100005 3 tcp 33448 mountd
[root@mydesk root]#
In the preceding notice that the mountd daemon is assigned two different ports. Restart nfs, run rpcinfo again, and you'll likely see the ports change. The changes are due to the actions of the portmapper program. I think you'll agree that makes firewalling somewhat challenging.
The simplest solution is to hard code the mountd ports to a specific value. To do this, ON THE NFS SERVERedit the /etc/rc.d/init.d/nfsscript.
One solution is to create a script that grep's the output of the rpcinfo command, turns the mountd lines into iptables commands, and updates iptables. Workable, but a challenge, especially because each time you rerun the command you must remove the iptables lines from the previous run. An
Create one or more NFS aware boot floppies
WARNING
When using the dd command to write to device /dev/fd0, always wait until the command finishes AND the floppy light goes out before removing the floppy.
NOTE
If you have trouble finding reliable floppy media, you can Use the floppy image to create a bootable CD equivalent to the bootable floppy.
On most distros, the first CD contains a directory called images. This directory contains various images to make bootable floppies. Place a known good, write enabled floppy in the server's drive, and make your boot floppies:
umount /mnt/cdrom
mount -o loop,ro /media/cdrom/rh8iso /mnt/cdrom
dd if=/mnt/images/bootnet.img of=/dev/fd0
umount /mnt/cdrom
dd if=//images/network.img of=/dev/fd0
Choose a directory in which to place the CD ISO images. For /media/cdrom, we'll call the directory /mnt/cdrom.
Export that directory via NFS
Do all this as user root. Once the install CD's are properly loaded in the directory, that directory must be made available on the local network. Add the following to /etc/exports:
vi /etc/exports
/mnt/cdrom 192.168.1.0/24 localhost(ro)
mkdir -p /mnt/cdrom
mount -t iso9660 -o ro /media/cdrom /mnt/cdrom
/etc/init.d/portmap restart
/etc/init.d/nfs start
test nfs for localhost
mkdir /mnt/nfs
mount -t nfs localhost:/mnt/cdrom /mnt/nfs
Now, you cek nfs for network
mount -t nfs 192.168.1.110:/mnt/cdrom /mnt/nfs
if mount success, then you make diskboot.
cd /mnt/cdrom/images
dd if=diskboot.img of=/dev/sda1
client
you must setting BIOS to firstboot to USB or Floppy, if its ok you type commnad :
boot: linux askmethod
If that command fails, or if you can't see the files and directories inside /mnt/cdrom, then something's wrong and you need to troubleshoot before moving on to the next step.
Check that you're not blocked by iptables
The iptables software relies on portmap to map some ports at high addresses. These high ports can change each time iptables is restarted. Therefore, these high ports can be blocked by the client machine's firewall, preventing NFS access. The solution is:
1. Force the high port to be known
2. Fix the firewall to pass these ports
Diagnosing the Problem
If you can't mount NFS shares and can't figure out why, try mounting them from localhost on the share host:
mount -t nfs -o ro localhost:/media/cdrom /mnt/cdrom
If the preceding works whereas mounts from other hosts do not, it's an excellent indication that you're firewall blocking your NFS. To really make sure, *very temporarily* create an overly permissive firewall. If the NFS mounting problem goes away, you have an iptables problem that can be fixed with iptables configuration.
Creation of an overly permissive firewall is described later in this article.
Finding or Creating Your iptables Configuration File
The usual config file for iptables is /etc/sysconfig/iptables., but it could be elsewhere. To find the location of the iptables configuration file, look in /etc/rc.d/init.d/iptables at the code in save(). This code contains an environment variable set to the intended location of the config file. On Mandy 9 boxes this is called $IPTABLES_CONFIG. Next look through /etc/rc.d/init.d/iptables to determine how that variable is set. In Mandy 9.0 it's set near the top of the file. Once you know the intended config file, you can look for it, and if it doesn't exist, you can create it.
Instead, the boot process builds up iptablescommand by command. In my opinion having the config file is much easier for troubleshooting. So if you don't have /etc/sysconfig/iptables, your first step is to create it.
WARNING
ALWAYS make absolutely sure there's no existing iptables config file before creating one, because overwriting your existing firewall is a terrible thing.
If you're sure you don't have a config file (look elsewhere besides /etc/sysconfig/iptables), use the following command to create one:
service iptables restart
service iptables save
The first command restarts iptables, putting it in a known state. The second writes the config file.
service iptables save
Don't create an overly permissive firewall if you're in an extremely hostile environment. Either disconnect the machine from the main network and test it with a small one not connected to the Internet (i.e. null modem cable or equivalent), or perform more troubleshooting steps to determine the nature of the problem without undue exposure to crackers.
Edit your firewall config file (probably /etc/sysconfig/iptables). Go to the filter chain, which starts with the string *filter. Right above the first -Aline in the filter chain, insert the following line:
[0:0] -A INPUT -j ACCEPT
The preceding line tells the filter chain to accept all packets from everywhere. Restart iptables and try your mount again. If it succeeds, you've toggled the symptom with the client firewall, so now you know where to troubleshoot.
To foil script kiddies, IMMEDIATELY remove the line you just inserted.
Allowing NFS Through Your Client Firewall
Your first step is to view the output of rpcinfo to see what ports you're using. The session might look something like this:
rpcinfo -p 192.168.100.2
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 32886 nlockmgr
100021 3 udp 32886 nlockmgr
100021 4 udp 32886 nlockmgr
100011 1 udp 808 rquotad
100011 2 udp 808 rquotad
100011 1 tcp 811 rquotad
100011 2 tcp 811 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100005 1 udp 32888 mountd
100005 1 tcp 33448 mountd
100005 2 udp 32888 mountd
100005 2 tcp 33448 mountd
100005 3 udp 32888 mountd
100005 3 tcp 33448 mountd
[root@mydesk root]#
In the preceding notice that the mountd daemon is assigned two different ports. Restart nfs, run rpcinfo again, and you'll likely see the ports change. The changes are due to the actions of the portmapper program. I think you'll agree that makes firewalling somewhat challenging.
The simplest solution is to hard code the mountd ports to a specific value. To do this, ON THE NFS SERVERedit the /etc/rc.d/init.d/nfsscript.
One solution is to create a script that grep's the output of the rpcinfo command, turns the mountd lines into iptables commands, and updates iptables. Workable, but a challenge, especially because each time you rerun the command you must remove the iptables lines from the previous run. An
Create one or more NFS aware boot floppies
WARNING
When using the dd command to write to device /dev/fd0, always wait until the command finishes AND the floppy light goes out before removing the floppy.
NOTE
If you have trouble finding reliable floppy media, you can Use the floppy image to create a bootable CD equivalent to the bootable floppy.
On most distros, the first CD contains a directory called images. This directory contains various images to make bootable floppies. Place a known good, write enabled floppy in the server's drive, and make your boot floppies:
umount /mnt/cdrom
mount -o loop,ro /media/cdrom/rh8iso /mnt/cdrom
dd if=/mnt/images/bootnet.img of=/dev/fd0
umount /mnt/cdrom
dd if=//images/network.img of=/dev/fd0
Rabu, 22 Oktober 2008
Primary Domain Controller (PDC)
Primary Domain Controller (PDC) is a server computer in a pre-Windows 2000 NT server Domain. A domain is a concept used in NT server operating systems whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.
Such domains have at least a Primary Domain Controller, and will often have one or more Backup Domain Controllers (BDCs). The PDC has the master copy of the user accounts database which it can access and modify. The BDC computers have a copy of this database, but these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis. The BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on to the network. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will usually be the first domain controller that was created unless it was replaced by a promoted BDC.
In later releases of Windows, such as Windows 2000, NT 4 type domains have been superseded by Active Directory. In Active Directory domains, the concept of Primary and Backup Domain Controllers doesn't exist. Instead, the domain controllers in these domains are all considered to be equal in that all controllers have full access to the accounts databases stored on their machines.
However, in these later releases of Windows, an Active Directory FSMO role named PDC emulator master does exist in each domain. This PDC emulator master does not have the same special role in replication as the Primary Domain Controller in pre-Windows 2000 systems, but does have certain additional responsibilities:
* The PDC emulator master acts in place of the Primary Domain Controller if there are Windows NT 4.0 domain controllers (BDCs) remaining within the domain, acting as a source for them to replicate from.
* The PDC emulator master receives preferential replication of password changes within the domain. As password changes take time to replicate across all the domain controllers in an Active Directory domain, the PDC emulator master receives notification of password changes immediately, and if a logon attempt fails at another domain controller, that domain controller will forward the logon request to the PDC emulator master before rejecting it.
* The PDC emulator master also serves as the machine to which all domain controllers in the domain will synchronise their clocks. It, in turn, should be configured to synchronise to an external NTP time source.
PDC has been faithfully recreated on the Samba emulation of Microsoft's SMB client/server system.
this is configuration in file /etc/samba/smb.conf
[global]
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf if the
# samba-doc package is installed.
# Date: 2005-09-13
[global]
workgroup = NAUFAL-NT
netbios name = NAUFAL-PDC
map to guest
logon path = \\%L\profiles\%U
logon drive = P:
add machine script = /usr/sbin/useradd -c Machine -d /dev/null -s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
os level = 75
preferred master = Yes
security = user
encrypt password = Yes
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
inherit acls = Yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
[profiles]
comment = Network Profiles Service
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
Theb you make password for user root samba :
# smbpasswd -a root
Make directory for share profile anda netlogon
# mkdir -p /var/lib/samba/netlogon
# mkdir -p /var/lib/samba/profiles
# chmod 1777 /var/lib/samba/profiles
# /etc/init.d/smb restart
#testparam
This some picture if you have trouble connection from windows to pdc:
then you restart your computer, login with username and password samba.
now you must modifikasi your registry, type regedit in run program
then you choose HKEY LOCAL MACHINE |Current controlset | Service | Netlogon |Parameters
change 1 with 0
Such domains have at least a Primary Domain Controller, and will often have one or more Backup Domain Controllers (BDCs). The PDC has the master copy of the user accounts database which it can access and modify. The BDC computers have a copy of this database, but these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis. The BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on to the network. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will usually be the first domain controller that was created unless it was replaced by a promoted BDC.
In later releases of Windows, such as Windows 2000, NT 4 type domains have been superseded by Active Directory. In Active Directory domains, the concept of Primary and Backup Domain Controllers doesn't exist. Instead, the domain controllers in these domains are all considered to be equal in that all controllers have full access to the accounts databases stored on their machines.
However, in these later releases of Windows, an Active Directory FSMO role named PDC emulator master does exist in each domain. This PDC emulator master does not have the same special role in replication as the Primary Domain Controller in pre-Windows 2000 systems, but does have certain additional responsibilities:
* The PDC emulator master acts in place of the Primary Domain Controller if there are Windows NT 4.0 domain controllers (BDCs) remaining within the domain, acting as a source for them to replicate from.
* The PDC emulator master receives preferential replication of password changes within the domain. As password changes take time to replicate across all the domain controllers in an Active Directory domain, the PDC emulator master receives notification of password changes immediately, and if a logon attempt fails at another domain controller, that domain controller will forward the logon request to the PDC emulator master before rejecting it.
* The PDC emulator master also serves as the machine to which all domain controllers in the domain will synchronise their clocks. It, in turn, should be configured to synchronise to an external NTP time source.
PDC has been faithfully recreated on the Samba emulation of Microsoft's SMB client/server system.
this is configuration in file /etc/samba/smb.conf
[global]
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf if the
# samba-doc package is installed.
# Date: 2005-09-13
[global]
workgroup = NAUFAL-NT
netbios name = NAUFAL-PDC
map to guest
logon path = \\%L\profiles\%U
logon drive = P:
add machine script = /usr/sbin/useradd -c Machine -d /dev/null -s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
os level = 75
preferred master = Yes
security = user
encrypt password = Yes
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
inherit acls = Yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
[profiles]
comment = Network Profiles Service
path = /var/lib/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
Theb you make password for user root samba :
# smbpasswd -a root
Make directory for share profile anda netlogon
# mkdir -p /var/lib/samba/netlogon
# mkdir -p /var/lib/samba/profiles
# chmod 1777 /var/lib/samba/profiles
# /etc/init.d/smb restart
#testparam
This some picture if you have trouble connection from windows to pdc:
then you restart your computer, login with username and password samba.
now you must modifikasi your registry, type regedit in run program
then you choose HKEY LOCAL MACHINE |Current controlset | Service | Netlogon |Parameters
change 1 with 0
bootloader in linux
Boot loader in linux
The boot loader phase varies by platform. Since the earlier phases are not specific to the OS, the boot process is considered to start:
* For x86 or x86-64: when the partition boot sector code is executed in real mode and loads the first stage boot loader (typically a part of LILO or GRUB).
From that point, the boot process continues as follows:
The first stage boot loader loads the remainder of the boot loader, which typically gives a prompt asking which operating system (or type of session) the user wishes to initialize. Under LILO, this is done via the map installer which reads the configuration file /etc/lilo.conf to identify the available systems. It includes data such as boot partition and kernel location for each, as well as customized options if any. Upon selection, the appropriate kernel is loaded into RAM memory as an image file ("initrd"), and along with the appropriate parameters, control is passed to it.
LILO and GRUB differ in some ways:
* LILO does not understand file systems, so it uses raw disk offsets and the BIOS for data load. It loads the menu code, and then depending on the response loads either the 512 byte disk sectors for an MBR system such as Microsoft Windows, or the kernel image for Linux.
* GRUB by contrast does have understanding of the common ext2 and ext3 file systems. Because GRUB stores its data in a configuration file rather than the MBR and contains a command line interface, it is often easier to rectify or modify GRUB if misconfigured or corrupt.
GRUB
Source: Red Hat GRUB description.
1. The first stage loader is read by the BIOS from the MBR (master boot record).
2. The first stage loads the rest of the boot loader (second stage). If the second stage is on a large drive, sometimes an intermediate 1.5 stage is loaded, which contains extra code to allow cylinders above 1024, or LBA type drives, to be read. The 1.5 boot loader is stored (if needed) in the MBR or the boot partition.
3. The second stage boot loader executes, and displays the GRUB startup menu. It also allows choice of operating environment, and examination of system parameters.
4. When an operating system is chosen, it is loaded and control is passed.
GRUB supports both direct and chain-loading boot methods, LBA, ext2, and "a true command-based, pre-OS environment on x86 machines". It contains three interfaces: a selection menu, a configuration editor, and a command line console.
LILO
LILO, the older of the two boot loaders, is almost identical to GRUB in process, except that it does not contain a command line interface. Thus all changes must be made to its configuration and written to the MBR, and then the system restarted. An error in configuration can therefore leave a disk unable to be booted without use of a separate boot device (floppy disk etc) containing a program capable of fixing this. Additionally it does not understand file systems, instead locations of image files are stored within the MBR directly and the BIOS is used to access them directly.
Loadlin
Yet another way to boot Linux is from DOS or Windows 9x, where the Linux kernel completely replaces the running copy of this operating system. This can be useful in the case of hardware which needs to be switched on via software and for which such configuration programs are only available for DOS, whereas not for Linux, those being proprietary to the manufacturer and kept an industry secret. This tedious booting method is less necessary nowadays, as Linux has drivers for a multitude of hardware devices, but it used to be helpful in the past.
Another case is when the Linux is located on a storage device which is not available to the BIOS for booting: DOS or Windows can load the appropriate drivers to make up for the BIOS limitation, and boot Linux from there.
The boot loader phase varies by platform. Since the earlier phases are not specific to the OS, the boot process is considered to start:
* For x86 or x86-64: when the partition boot sector code is executed in real mode and loads the first stage boot loader (typically a part of LILO or GRUB).
From that point, the boot process continues as follows:
The first stage boot loader loads the remainder of the boot loader, which typically gives a prompt asking which operating system (or type of session) the user wishes to initialize. Under LILO, this is done via the map installer which reads the configuration file /etc/lilo.conf to identify the available systems. It includes data such as boot partition and kernel location for each, as well as customized options if any. Upon selection, the appropriate kernel is loaded into RAM memory as an image file ("initrd"), and along with the appropriate parameters, control is passed to it.
LILO and GRUB differ in some ways:
* LILO does not understand file systems, so it uses raw disk offsets and the BIOS for data load. It loads the menu code, and then depending on the response loads either the 512 byte disk sectors for an MBR system such as Microsoft Windows, or the kernel image for Linux.
* GRUB by contrast does have understanding of the common ext2 and ext3 file systems. Because GRUB stores its data in a configuration file rather than the MBR and contains a command line interface, it is often easier to rectify or modify GRUB if misconfigured or corrupt.
GRUB
Source: Red Hat GRUB description.
1. The first stage loader is read by the BIOS from the MBR (master boot record).
2. The first stage loads the rest of the boot loader (second stage). If the second stage is on a large drive, sometimes an intermediate 1.5 stage is loaded, which contains extra code to allow cylinders above 1024, or LBA type drives, to be read. The 1.5 boot loader is stored (if needed) in the MBR or the boot partition.
3. The second stage boot loader executes, and displays the GRUB startup menu. It also allows choice of operating environment, and examination of system parameters.
4. When an operating system is chosen, it is loaded and control is passed.
GRUB supports both direct and chain-loading boot methods, LBA, ext2, and "a true command-based, pre-OS environment on x86 machines". It contains three interfaces: a selection menu, a configuration editor, and a command line console.
LILO
LILO, the older of the two boot loaders, is almost identical to GRUB in process, except that it does not contain a command line interface. Thus all changes must be made to its configuration and written to the MBR, and then the system restarted. An error in configuration can therefore leave a disk unable to be booted without use of a separate boot device (floppy disk etc) containing a program capable of fixing this. Additionally it does not understand file systems, instead locations of image files are stored within the MBR directly and the BIOS is used to access them directly.
Loadlin
Yet another way to boot Linux is from DOS or Windows 9x, where the Linux kernel completely replaces the running copy of this operating system. This can be useful in the case of hardware which needs to be switched on via software and for which such configuration programs are only available for DOS, whereas not for Linux, those being proprietary to the manufacturer and kept an industry secret. This tedious booting method is less necessary nowadays, as Linux has drivers for a multitude of hardware devices, but it used to be helpful in the past.
Another case is when the Linux is located on a storage device which is not available to the BIOS for booting: DOS or Windows can load the appropriate drivers to make up for the BIOS limitation, and boot Linux from there.
Langganan:
Komentar (Atom)
