Citrix Xenserver 6.1 License Expired

Today (Dec 30, 2013), I realized that one of my Citrix Xenserver 6.1 license got expired because i have not checked this expired Server/Hypervisor since so long. Citrix XenCenter interface was not allowing me to apply new license via XenCenter interface due to expiry of existing license.

I tried looking for the solution on the internet for how to apply license again on expired Xenserver however did not find very help full blog or article by anyone.

I tried many solutions provided via community members and found one use full comment which actually solved my issue.

Here is the same for other in need.

1. Login to the xenserver via ssh.
2. Upload the new license to your xenserver which you have download from citrix web site.
3. Get the host uuid number.
xe host-list
Example output: uuid ( RO)                : 11e379b0-4d49-474c-8355-5d8cf25048e5
4. Apply new license via command line.
xe host-license-add license-file=license-03-09-2013.xslic host-uuid=11e379b0-4d49-474c-8355-5d8cf25048e5

Let me know if this helps anyone else.

Thanks & Regards
Tapan Thapa

ConfigServer Security & Firewall

Recently i have been provided an opportunity to configure an application which will help someone to secure their application server. So i thought i should share my experience with all. By the way i have implemented this on Centos (Red Hat derivative) 64 Bit 6.3 final version.

ConfigServer Security & Firewall is an application which consists two daemons (csf and lfd).

1. CSF - Manages the firewall rules via iptables and also track many other things like connections per source ip address wise, port flooding etc via iptables modules.

2. LFD (Login Failure Daemon) - It checks failed login attempt for may services like SSH,POP3,IMAP etc and block source ip address based on our configured values.

Below are the steps which are required to install ConfigServer Security & Firewall.

1. Make a directory anywhere in your operating system.
mkdir /usr/local/csf
cd /usr/local/csf

2. Download csf (ConfigServer Security & Firewall) from http://www.configserver.com

wget http://www.configserver.com/free/csf.tgz

3. Untar downloaded csf.tgz

tar -xzf csf.tgz
cd csf
sh install.sh 

4. Install.sh script will copy many configuration files under /etc/csf directory which you can change as per your requirement.

Main configuration file which you should touch is csf.conf.

cd /etc/csf 

vim csf.conf

5. You should check TCP_IN and TCP_OUT variables to enable and disable incoming and outgoing ports to and from your server.

6. Make sure you swtich on start up script of csf at run level 3 and 5 for automatic start up of your operating system.

chkconfig csf on

chkconfig lfd on

NIS (Network Information Service) To Redhat Directory Server 8.0 User & Group Migration

Make your server as NIS client. (Info: authconfig-tui and put nisdomainname and server name/ip)

1. ypcat passwd > /tmp/passwd.nis (Extracting username/password information from NIS server to our text file.)

2. ypcat group > /tmp/group.nis (Extracting group information from NIS server to our text file.)

3. service ypbind stop (Unbinding our server from NIS)

4. for i in $( cut –f1-2 –d: /tmp/passwd.nis ); do

echo “$i:$[$(date +%s)/86400]:0:99999:7:::”

done > /tmp/shadow.nis (Extracting password into separate shadow file.)

5. sed –r ‘s/\$1\$.{8}\$.{22}/x/g’ /tmp/passwd.nis > /tmp/passwd-new.nis (Removing password entry from original file {/tmp/passwd.nis} which we exported from NIS server.)

6. mv /tmp/passwd-new.nis /tmp/passwd.nis (Moving new passwd file with password value x to original file.)

7. cd /usr/share/openldap/migration

8. Vi migration_common.ph

$DEFAULT_MAIL_DOMAIN = “server101.example.com” (Server Name)

$DEFAULT_BASE= “dc=example,dc=com” (Directory Server Suffix.)

$EXTENDED_SCHEMA =1 (Extended Schema = 1 so that extra attribute could be saved along with user, password and group like email address.)

9. ./migrate_base.pl > /tmp/base.lidf (Base ldif file for creation of extra ou like hosts.)

10. vi migrate_passwd.pl

Search for shadow

And replace this line from

Open(SHADOW, “/etc/shadow”)

To

Open(SHADOW, “/tmp/shadow.nis”)

11. ./migrate_passwd.pl /tmp/passwd.nis /tmp/passwd.ldif (Preparing password ldif file for importing into Directory Server.)

12. ./migrate_group.pl /tmp/group.nis /tmp/group.ldif (Preparing group ldif file for importing into Directory Server.)

13. vim /etc/openldap/ldap.conf

Add these values :

HOST server101.example.com

BASE dc=example,dc=com

14. vim /root/.ldaprc

Add these values :

BINDDN cn=Directory Manager

15. ldapadd –x –c –W –f /tmp/base.ldif (Base ldif upload into Directory Server. When asked put password of Directory Manager. That is password.)

16. ldapadd –x –c –W –f /tmp/group.ldif (Group upload into Directory Server. When asked put password of Directory Manager. That is password.)

17. ldapadd –x –c –W –f /tmp/passwd.ldif (Password ldif upload into Directory Server. When asked put password of Directory Manager. That is password.)

18. authconfig-tui (Make your server client of your Directory server.)

Regards

Tapan Kumar Thapa

Jetking Diploma Holder, MCSE, CCNA, RHCE, RHCSS (EX333,EX423 Certified)

How To install Red hat Directory Server 8.0 on RHEL 5.

1. These are the packages which are required to install Directory Server 8.0. Upload below mentioned rpms in separate folder and make repo of it.

· adminutil-1.1.5-1.el5dsrv.i386.rpm

· adminutil-devel-1.1.5-1.el5dsrv.i386.rpm

· idm-console-framework-1.1.0-7.el5idm.noarch.rpm

· java-ibm.rpm

· jss-4.2.4-41.el5idm.i386.rpm

· redhat-admin-console-8.0.0-11.el5dsrv.noarch.rpm

· redhat-ds-8.0.0-1.4.el5dsrv.i386.rpm

· redhat-ds-admin-8.0.0-4.el5dsrv.i386.rpm

· redhat-ds-base-8.0.0-12.el5dsrv.i386.rpm

· redhat-ds-base-devel-8.0.0-12.el5dsrv.i386.rpm

· redhat-ds-console-8.0.0-11.el5dsrv.noarch.rpm

· redhat-idm-console-1.0.0-16.el5idm.i386.rpm

2. yum install redhat-ds* java* openldap* -y

3. setup-ds-admin.pl –k

a. Would you like to continue with set up? [yes]: ENTER

b. Do you agree to the license terms? [no]: yes

c. Would you like to continue? [no]: yes

d. Choose a setup type [2]: ENTER

e. Computer name [server101.example.com]: ENTER

f. System User [nobody]: ldap

g. System Group [nobody]: ldap

Do you want to register this software with an existing

h. configuration directory server? [no]:Enter

i. administrator ID [admin]: ENTER

j. Password: redhat

k. Password (confirm): redhat

l. Administration Domain [example.com]: ENTER

m. Directory server network port [389]: ENTER

n. Directory server identifier [station1]: ENTER

o. Suffix [dc=example, dc=com]: ENTER

p. Directory Manager DN [cn=Directory Manager]: ENTER

q. Password: password

r. Password (confirm): password

s. Administration port [9830]: 8080 ENTER

t. Are you ready to set up your servers? [yes]: ENTER

4. chkconfig dirsrv-admin on

5. chkcofig dirsrv on

6. redhat-idm-console –a http://station1.example.com:8080

7. User ID: cn=Directory Manager

Password: password

Regards

Tapan Kumar Thapa

Jetking Diploma Holder, MCSE, CCNA, RHCE, RHCSS (EX333,EX423 Certified)