Add user as sudoer

1. Open Unix Server

2. Login as root (sudo su)
Type command:

# setenv EDITOR ee
# visudo

3. Add within this line to add new sudoer:
## User privilege specification
root ALL=(ALL) ALL
hassan ALL=(ALL) ALL

Press ESC to save & exit.
Done.

==========================================

OR

=============================

Set sudoer permission in admin group:

# nano /etc/group

Change/Add admin
*admin: name1, name2, name3

Ctrl X > Y > Enter

Done.. :) 

AD MASTER CORRUPTED

We can use this command to list the FSMO roles holder:
C:\Netdom Query

FSMO The 5 roles:

1. Schema Master: Used to introduce manual and programmatic schema updates, and this includes those updates that are added by Windows ADPREP /FORESTPREP, by Microsoft Exchange, and by other applications that use Active Directory Domain Services (AD DS). - Must be online when schema updates are performed. (which in my case when I wanted to promote the new DC in to the existing domain it was unable because the DC was holding the Schema master was offline). 
2. Domain Naming Master: Used to add and to remove domains and application partitions to and from the forest. -Must be online when domains and application partitions in a forest are added or removed. 
3. Primary Domain Controller: Receives password updates when passwords are changed for the computer and for user accounts that are on replica domain controllers. -Consulted by replica domain controllers that service authentication requests that have mismatched passwords. -Default target domain controller for Group Policy updates. -Target domain controller for legacy applications that perform writable operations and for some admin tools. -Must be online and accessible 24 hours a day, seven days a week. 
4. RID: Allocates active and standby RID pools to replica domain controllers in the same domain. -Must be online for newly promoted domain controllers to obtain a local -RID pool that is required to advertise or when existing domain controllers have to update their current or standby RID pool allocation. 
5. Infrastructure Master: Updates cross-domain references and phantoms from the global catalog.

You can see that all masters are binding to the corrupted server and you cannot change the operation master since it could not be contacted. 

What you can do is using ntdsutil command. (use this ref : http://www.vishalvasu.com/finding-fsmo-roles-using-ntdsutil/) 

Step #1: On any Domain Controller, click Start. In the Run command type CMD and hit Enter. You will be taken to the good old command prompt window (DOS were the days). Type ntdsutil and hit Enter. 

Step #2: You shall see the screen with ntdsutil: prompt. Since we want to find out the roles, type roles and hit Enter. Notice that the prompt now changes to show fsmo maintenance:. Now is a good time to get more HELP on the list of available commands. 

Step #3: On the fsmo maintenance: prompt, type ? and hit Enter. Right-click in the Window, mark and copy them. Paste the clipboard in to Notepad for easy reference. 

Step #4: Type connection and press Enter. This will show a prompt with server connections:. Type connect to server (replace and press Enter. 

Step #5: Once we are connected to the Domain Controller, type q to return back to the fsmo maintenance prompt. Now type, select operation target and then press Enter. Notice that the prompt changes to select operation target:. 

Step #6: At the select operation target prompt, type list roles for connected server and press Enter. This would list all the FSMO roles for that Domain Controller. To get out of the ntdsutil, type q until you are back to the good old DOS prompt. Then, if the master server are permenantly offline use seize command (ref: http://www.petri.co.il/seizing_fsmo_roles.htm) . If the master server still online ; you can user transfer command to moving the 5 FSMO roles while both the original FSMO role holder and the future FSMO role holder are online and operational. 

This table has the info:

FSMO Role	Loss implications
Schema	The schema cannot be extended. However, in the short term no one will notice a missing Schema Master unless you plan a schema upgrade during that time.
Domain Naming	Unless you are going to run DCPROMO, then you will not miss this FSMO role.
RID	Chances are good that the existing DCs will have enough unused RIDs to last some time, unless you're building hundreds of users or computer object per week.
PDC Emulator	Will be missed soon. NT 4.0 BDCs will not be able to replicate, there will be no time synchronization in the domain, you will probably not be able to change or troubleshoot group policies and password changes will become a problem.
Infrastructure	Group memberships may be incomplete. If you only have one domain, then there will be no impact.

The following table summarizes the FSMO seizing restrictions:

FSMO Role	Restrictions
Schema	Original must be reinstalled
Domain Naming
RID
PDC Emulator	Can transfer back to original
Infrastructure

Another consideration before performing the seize operation is the administrator's group membership, as this table lists:

FSMO Role	Administrator must be a member of
Schema	Schema Admins
Domain Naming	Enterprise Admins
RID	Domain Admins
PDC Emulator
Infrastructure

To seize the FSMO roles by using Ntdsutil, follow these steps:

After done it.. you can check again the Netdom Query FSMO already go to the connected server (Slave AD).

After that you have to delete/clear all the info for offline/corrupted server (eg: probOldAD.contoso.com)

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Remove AD

Then you can start installing AD for new server as below step:

If you facing below warning... what you can check is if the is other network is enabled . 

Solved: disable other network

howto install FreeBSD9 CAS Server

The steps was given by sifu zaman..


1. Download latest diablo-jdk-freebsd and cp to /usr/ports/distfiles
2. Download latest tzupdater and cp to /usr/ports/distfiles
3. cd /usr/ports/java/diablo-jdk16/ && make install clean
4. cd /usr/ports/www/tomcat6/ && make install clean
5 install apache2
6 install mod_jk (connector used by appche to connect to servlet container)
7 install and configure Apache SSL (HTTPS) - refer to apache documentation

edit /usr/local/etc/apache/httpd.conf

change this parameter -> Listen 80 to Listen 443

make sure this module load at apache start

add this in httpd.conf -> LoadModule jk_module          libexec/apache22/mod_jk.so

add this in httpd.conf ->  Include etc/apache22/mod_jk.conf

create new file

ee /usr/local/etc/apache22/mod_jk.conf

and add this



        JkWorkersFile /usr/local/etc/apache22/workers.properties
        JkLogFile  /var/log/jk.log
        JkShmFile  /var/log/jk-runtime-status
        JkLogLevel error



save mod_jk.conf

create new file

ee /usr/local/etc/apache22/workers.properties

and add this

worker.list=co-t-newsso01

worker.co-t-newsso01.port=8009
worker.co-t-newsso01.host=colo-vst-newsso01
worker.co-t-newsso01.type=ajp13
worker.co-t-newsso01.lbfactor=1

save workers.properties

note :  please change all "colo-vst-newsso01" with your own server name


edit /usr/local/etc/apache22/extra/httpd-ssl.conf


disable Listen 443

add this (bottom of file before )

JkMount /* co-t-newsso01
JkMount /*.jsp co-t-newsso01


note :  please change all "co-t-newsso01" with your own server name

cd /usr/local/apache-tomcat-6.0/conf

ee server.xml

make sure you add or enable this



               connectionTimeout="20000"
               redirectPort="8443" />



               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

save server.xml

8. Edit /etc/rc.conf and add this line

apache22_enable="YES"
tomcat60_enable="YES"

save rc.conf

start apache and tomcat

test access tomcat (non secure using http://servername:8080)
then try access secure connection https using https://servername:8080


9. Install apache MAVEN - cd /usr/ports/devel/maven && make install clean ; rehash
10. Download latest JASIG CAS Server from http://downloads.jasig.org/cas/ and save in your home directory
11. Extract downloaded CAS Server


for example if latest version is cas-server-3.4.11-release.tar.gz

tar -xzf cas-server-3.4.11-release.tar.gz

cd cas-server-3.4.11/cas-server-webapp

ee pom.xml  and add this line

       
             ${project.groupId}
             cas-server-support-ldap
             ${project.version}
       

save file

run this command in cas-server-3.4.11/cas-server-webapp directory

mvn clean package

12. Replace all content in /usr/local/apache-tomcat-6.0/webapps/ROOT/ with content from cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/

Run this command in cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/

stop apache tomcat

cp -Rp * /usr/local/apache-tomcat-6.0/webapps/ROOT/


ee /usr/local/apache-tomcat-6.0/webapps/ROOT/WEB-INF/deployerConfigContext.xml

make sure you configure this parameter same like this






and put this in ldap server parameter

ldap://XXX.XX.XXX.XX/

Start apache tomcat

Now you should able to access you CAS server

https://servername/login

Done.

Simple problem.. but should remember

After I install new package in new server (freebsd 9.0 ver). I still cannot find the package work properly...Last time I do have the same problem, so I believed this is my bad... I forgot to rehash the application.. hahaha.. It is so simple maa... Sometimes we always looking for hard solutions to solve simple problem :P my bad again...

Virtual hosting with IIS

NOTE: Only IIS versions for Windows Server and Windows Vista support multiple web-sites as described below.

If you are using Windows 98, Me, NT4 Workstation, Windows 2000 Professional, or Windows XP please see reference article below instead.

"Virtual hosting" means hosting multiple web-sites with different domain names on the same IP address.

This procedure is also described in Microsoft KB article Q190008

From the "Internet Information Services (IIS) Manager" window, right click on a web-site, and select "Properties":



In the web-site Properties dialog, click the "Advanced..." button:



In the "Advanced Web Site Identification" dialog, select the first "identity", and click the "Edit" button:



Enter the web-site domain name in the "Host Header Name" field:



Click the OK button in all the dialogs to save your changes.

Create additional web sites the same way.

Thanks to http://www.simpledns.com/kb.aspx?kbid=1149

Basic freeBSD to copy, move files

Copy to same server

cp -rp {path file} {path }

Cannot SCP your file to another server

Usually.. I have no problem to scp my file to another server.. But today it giving me below error :

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:11
RSA host key for 1XX.1X.XX0.xX0 (ip) has changed and you have requested strict checking.
Host key verification failed.

-----
So, here is the step to resolved this problem
#cd /root/
#ee .ssh/known_hosts
pastu ctrl-k semua line dalam tuh..
save..

Actually this .ssh/known_hosts file keep cache of previous access ssh command.

Then ok.. :) paham2..