1. First, install the following three packages first and the packages can be found under \\192.168.4.183\Platforms\ESX\ESX 2.5.0\32bit\Packages
    openssl-0.9.7l.tar.gz
    zlib-1.2.3.tar.gz
    openssh-3.9p1.tar.gz
pam-0.75-66.i386.rpm
pam-devel-0.75-66.i386.rpm

Details of the installation....
==========================
gunzip openssl-0.9.7l.tar.gz
tar xf openssl*
cd openssl*
./config
make
make install

gunzip zlib*
tar xf zlib*
cd zlib*
./configure
make
make install

gunzip openssh*
tar xf openssh*
cd openssh*
./configure --with-pam
make
make install

Q: The error message "configure: error: PAM headers not found" when running the command "./configure --with-pam"
A: You need to install the pam-devel packages [pam-0.75-66.i386.rpm and pam-devel-0.75-66.i386.rpm]
==========================

2. Create the sshd and ssh link for the scrīpts
# rm -rf /usr/sbin/sshd
# rm -rf /usr/bin/ssh
# ln -s /usr/local/sbin/sshd /usr/sbin/sshd
# ln -s /usr/local/bin/ssh /usr/bin/ssh

3. Create an sshd startup/shutdown scrīpt.

Run the following command and input the contents as below. [Please make sure that the location of the command "kill" is correct. In some platforms, the command "kill" is under "/usr/bin".]
# vi /etc/init.d/sshd

===================================
#!/bin/sh

case "$1" in
'start')
   /usr/local/sbin/sshd
   ;;
'stop')
   /bin/kill `/usr/bin/head -1 /var/run/sshd.pid`
   ;;
'restart')
   /bin/kill -HUP `/usr/bin/head -1 /var/run/sshd.pid`
   /usr/local/sbin/sshd
   ;;
*)
   echo "Usage: $0 { start | stop | restart }"
   exit 1
   ;;
esac
exit 0
========================================

# chown root:root /etc/init.d/sshd
# chmod 744 /etc/init.d/sshd
# ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd

4. Start sshd.
# /etc/init.d/sshd start

5. Restart sshd
# /etc/init.d/sshd restart

RPM package.
For RH Linux, FC Linux, SUSE Linux, CentOS, Scientific Linux, Oracle Linux
Command:
rpm -qpl rpm_package_name(centrifydc-3.0.7-733-rh9-i386.rpm)

FYI:
http://fanqiang.chinaunix.net/a1/b1/20020520/060201228.html

*************************************************************************************

DPKG package.
For Debian, Ubuntu
Command:
dpkg -L Installed_packgae_name(CentrifyDC)

*************************************************************************************

.tgz (Solaris)

1. 进入single user mode
 a. reboot machine
 b. type anykey to terminate the booting program
 c. main shown, and type 'Y'
 d. Type 'hpux -is'
 e. Type 'fsck' to fix filesystem
 f. Type 'mount /usr, /var, /tmp, /etc....', mount 到有需要的文件系统
 h. 修改一些已损坏的文件, 包括更新root的password(要在normal mode)

1. create root mapping ad user.
   a. stop adclient daemon --- adclient is not running.
       1) login as root user with root's local password --- succeed
       2) login as root user with root's ad password --- failed
   b. disconnected network of DC or shutdown DC
       1) login as root user with root's local password --- failed
       2) login as root user with root's ad password --- failed

1. 等价类
    a. 如果两个测试结果的预期结果相同, 它们就是等价的.
例如:
case1, user1 有两种登陆形式 (@, /), 并且两种登陆形式的username是相同的. 既:user1@domain.name, domain\user1.
case2, 两种登陆形式的username不同. 既,user1@domain.name, domain\user1sam.
按照这两个case, 我们需要建立两个user, 但实际上只用创建一个user, 使它的的两种登陆名字不同.这样我们既能测试user1@domain.name, 也能测试domain\user2.

How to change root's password on Ubuntu.

1. Login as the user created during the installation
2. Run the command "sudo passwd root" to change the password of "root"
3. Login as root with the changed password --- Work fine...:-)

Xwindow installtion
Ubuntu Desktop
X-Window is one of the component and we don't need to do any additional work.

Ubuntu Server
Ubuntu Server which does not have X Windows installed because it is the server version and not the desktop version. You may want to try installing XWindows (sudo apt-get install x-window-system gnome gdm ) or install the Ubuntu desktop version (sudo apt-get install ubuntu-desktop).

# apt-get install x-window-system gnome gdm

Reboot machine after finish the installation and X window will start successfully.

UI Login problem
A message box with the following message occurred when starting the UI.
Can't open file /usr/share/gdm/themes/Human/Human.xml

You can install the package of "ubuntu-artwork" to fix the problem.
apt-get install ubuntu-artwork

Configure machine to allow root to login
1. Open System --> Administration --> Login Window
2. Click "Security" tab in the dialog of "Login Window Preferences"
3. Make sure to check-on the two boxes in the tab.
- Allow local system administrator login
- Allow remote system administrator login


Installing VMware Tools

Go to the text mode by running the command "/etc/init.d/gdm stop"

# apt-get install build-essential linux-headers-`uname -r`            [run "uname -r" to get the kernel version first]
# mount /dev/cdrom /mnt
# cd /tmp
# tar xzf /mnt/VM*.tar.gz
# cd /tmp/vmware-distrib
# sudo ./vmware-install.pl

OpenSSH, Telnet, FTP, RSH, Rlogin Configuration

Ubuntu Desktop
Login as root and run the command below --- The desktop must be able to access internet.
apt-get install openssh-server
apt-get install telnetd
apt-get install ftpd
apt-get install rsh-server
reboot

Ubuntu Server
Put the installation cd to the cd-rom and run the following commands
apt-cdrom add
apt-get install openssh-server
apt-get install telnetd
apt-get install ftpd
apt-get install rsh-server
reboot

Configure IP Address
Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces  and adjust it to our needs (in this example setup I will use the IP address 192.168.5.213)

Run the command "vi /etc/network/interfaces" and modify the file to look like below
============================================================
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address        192.168.5.213
    netmask    255.255.252.0
    network        192.168.5.0
    broadcast    192.168.7.255
    gateway    192.168.4.1
==============================================================

Then restart network by running the command "/etc/init.d/networking restart"

Then edit the file of /etc/hosts. Make it look like this:
==============================================================
127.0.0.1    localhost.localdomain    localhost
192.168.5.213    hostname.example.com    hostname
==============================================================

Reboot the machine.

How to change root's password on Ubuntu.

1. Login as the user created during the installation
2. Run the command "sudo passwd root" to change the password of "root"
3. Login as root with the changed password --- Work fine...:-)

Xwindow installtion
Ubuntu Server 6.0.6
Ubuntu Server which does not have X Windows installed because it is the server version and not the desktop version. You may want to try installing XWindows.

Xfce UI

# sudo apt-get install xubuntu-desktop

GNOME

# sudo apt-get install ubuntu-desktop

Reboot machine after finish the installation and X window will start successfully.

Installing VMware Tools

Go to the text mode by running the command "/etc/init.d/gdm stop"

# apt-get install build-essential linux-headers-`uname -r`
# mount /dev/cdrom /mnt
# cd /tmp
# tar xzf /mnt/VM*.tar.gz
# cd /tmp/vmware-distrib
# ./vmware-install.pl

OpenSSH, Telnet, FTP, RSH, Rlogin Configuration

OpenSSH
Put the installation cd to the cd-rom and run the following commands
apt-cdrom add
apt-get install openssh-server

Telnet and FTP
# sudo apt-get install telnetd
# sudo apt-get install ftpd

If you failed to install Telnet and FTP using the way above.
Get the packages below \\192.168.4.183\Platforms\LINUX\Ubuntu\6.0.6
netkit-inetd_0.10-10.2ubuntu1_i386.deb
telnetd_0.17-32_i386.deb
ftpd_0.17-21_i386.deb

and then run the following commands
# sudo dpkg -i netkit-inetd_0.10-10.2ubuntu1_i386.deb
# sudo dpkg -i telnetd_0.17-32_i386.deb
# sudo dpkg -i ftpd_0.17-21_i386.deb
# sudo /etc/init.d/inetd restart

Capture 工具.
1. Setting
    a. open -> click 'Capture' -> select 'Optioin' -> select Interface (e.g interface = "VMware Accelerated AMD PCNet Adapter:\Device\NPF_{8C3FFC44-70AF-4DAF-93DC-5B9F1DE6454F}".
    b. In Option page, select all 'Display option" and 'Name resolution'
    c. In Option page, select 'Capture Filter' drop-down box, and input host information that you want to capture. (e.g. host 192.168.6.146 && host 192.168.4.134) --  this can capture all information which transfered between two hosts.

pam 的验证
1. pam的libary -- adclient
2. pamdoeslegacyconflictexist -- 检查login的user是否存在uid/username 冲突. 如果没有, 验证通过.
3. get password
4. Pamverifypassword -- verify password. 验证password是否正确.
5. pam success

pam account managment
1. pamIsUserAllowAccess -- 检查user是否被允许登陆.如果是zone account enabled, ad account enabled, license is ok, workstation is allowed, allow/deny users/groups lists permit access. Does not check password expire.
2. 检查uid/username 是否冲突.
3. 检查password是否过期.
4. pam_success

pam cred
1. krb5cred -- give username/password, and存储它们filesystem中. 只有这个user可以读这个cred, 并且这个user必须是zoneuser.

# Allow a specific user to be mapped to another user.  The variables $HOSTNAME
# and $ZONE contain the machine's current hostname and zone name, and are
# useful for mapping root and other system users to more restricted AD users.
# Note, the target user name must be a Windows (SAMAccount) name, not a zone
# name:
#
# This value is controlled by group policy under
#   CentrifyDC Settings->User Map
#
# pam.mapuser.unix_user: windows_target
# pam.mapuser.jdoe: Jane Doe
# pam.mapuser.juser: juser_$HOSTNAME
pam.mapuser.tom1: jerry1
#
# Zone root mapping may be configured by the Windows DirectControl
# Management Console install wizard. To disable, comment the the following line
#
pam.mapuser.root: root_$ZONE

(A) pam.mapuser.unix_user: windows_target
For example:
local user      ad user
tom             jerry
1. login as ad user (jerry), it can access to /home/tom, and modify all files/directory under this /home/tom folder. That is to say, they are same people.
2. Input ad user's password when login as unix local user (tom).

(B) pam.mapuser.juser: juser_$HOSTNAME
For example:
pam.mapuser.tom1: tom1_rh9
1. Create an ad user named 'tom1_rh9'
2. Hostname = rh9, join this machine to domain, then login as tom1 with ad password.

(C) pam.mapuser.root: root_$ZONE
For example:
pam.mapuser.root: root_$ZONE
1. create one ad user named "root_default"
2. Join machine to default zone, then login as root user with ad password.

adrmlocal
1. 命令的产生
客户安装了软件后, 创建他们自己的ad user,然后导入/etc/passwd file中. 因此, 他们的localuser其实就是zone user(机器加入的域中的域用户). 这时候是AD在管理这些users,所以这些users不需要在/etc/passwd file中. 但事实上, 这里会有安全风险. 当在disconnect mode时, user可能会用旧的local user的account去登陆系统. 因此管理员想去除不必要的风险.于是就有了adrmlocal.
{
A customer buys our product, installs it on a machine, then sets up their AD

accounts by importing the /etc/passwd file.  At this point, their local users
are now AD users in the zone they joined.  Now that the accounts are being
managed by AD, they don't need them in the local /etc/passwd file.  In fact,
it's a bit of a security risk having them there, since in disconnected mode a
user might get into the system with their "old" (local) password.  So, the
administrator wants to get rid of the unnecessary local accounts.  This is just
what adrmlocal is designed for.
}

2. 命令的使用
 a. '-i/--interactive' display a prompt before any removal of local users and
                       groups
                       The  --interactive  option  prompts you interactively
                       for confirmation that you want to remove the duplicated                             local user account before performing the delete operation.
NOTE: 显示提示信息提示你是否确认要删除重复的user account.
Qestion: what kinds of users are called conflicted. Here listed four kinds.
1) same uid with different user name
2) same username with different uid
3) same username and uid
4) one local user mapped to one ad user, but they have different uids

1)~3), these users, we called them 'not in conflict'. Because  这些user的unix info 存储在ad 上的 和本地unix系统的匹配.(也就是说, ad可以控制这些信息). 所以, 我们的办法就是安全的删除它们,无需提示.
4), this user, we called it 'in conflict'. Because 同一个user有不同的uid. 这种情况可能会导致在import的过程中,发生错误. 所以我们的做法是给出提示信息让管理员确认是否删除这个localuser.

 b. '-c/--commit'  remove duplicated local users and groups, prompt only
                       when there are uid or gid conflicts

		Our doc explains "-c" option like this:
		Remove duplicate local users if the UID and GID is
		the same in the local database and Active
		Directory. If the UID or GID for a local user conflicts
		with the information stored in Active directory, this
		option prompts you to determine whether a local
		user account should be deleted or not.

 c. '-f/--force'  remove duplicated local users and groups, never prompt
                       even if there are uid or gid conflicts

3. Test cases.
 1) "-i", should prompted message to delete these users
    a. only username conflict
    b. only uid conflict
    c. both username and uid conflict
    d. one unix local user mapped to one ad user, with different uid.[user map setting in /etc/centrifydc/centrifydc.conf]
 2) "-c", Remove duplicated user without prompting message, and prompted message for uid conflict.
 3) "-f", Remove all users who are duplicated and conflicted.

今天突发灵感, 想建立一个属于自己knowlegebase. 记录自己的经验, 吸收别人的精华. 祝福自己在每一天都有进步.