August 20, 2019

How To Create a Sudo User on CentOS

Introduction

The sudo command provides a mechanism for granting administrator privileges, ordinarily only available to the root user, to normal users. This guide will show you the easiest way to create a new user with sudo access on CentOS, without having to modify your server's sudoers file. If you want to configure sudo for an existing user, simply skip to step 3.

Steps to Create a New Sudo User

  1. Log in to your server as the root user.
    • ssh root@server_ip_address
  2. Use the adduser command to add a new user to your system.
    Be sure to replace username with the user that you want to create.
    • adduser username
    • Use the passwd command to update the new user's password.
      • passwd username
    • Set and confirm the new user's password at the prompt. A strong password is highly recommended!
      Set password prompts:
      Changing password for user username. New password: Retype new password: passwd: all authentication tokens updated successfully.
  3. Use the usermod command to add the user to the wheel group.
    • usermod -aG wheel username
    By default, on CentOS, members of the wheel group have sudo privileges.
  4. Test sudo access on new user account
    • Use the su command to switch to the new user account.
      • su - username
    • As the new user, verify that you can use sudo by prepending "sudo" to the command that you want to run with superuser privileges.
      • sudo command_to_run
    • For example, you can list the contents of the /root directory, which is normally only accessible to the root user.
      • sudo ls -la /root
    • The first time you use sudo in a session, you will be prompted for the password of the user account. Enter the password to proceed.
      Output:
      [sudo] password for username:
      If your user is in the proper group and you entered the password correctly, the command that you issued with sudo should run with root privileges.

August 14, 2019

Tester les relations d’approbations Active Directory avec NLTEST

Dans un environnement Active Directory constitué de plusieurs domaines, les administrateurs doivent parfois mettre en place des relations d’approbations entre les domaines afin d’autoriser l’accès à des ressources communes. NLTEST, un outil en ligne de commande intégré à Windows Server permet de vérifier l’état des canaux de communications entre les domaines et donc des relations d’approbations.
S’applique à : Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
Documentation officielle : Technet Microsoft

Afficher les options de NLTEST

C:\>nltest /?
 Usage: nltest [/OPTIONS]

Tester une relation d’approbation entre deux domaines Active Directory

Dans cet exemple nous allons vérifier les domaines approuvés. Pour cela il suffit de lancer cette commande depuis une machine membre du domaine.
C:\nltest /trusted_domains

Lister tous les contrôleurs d’un domaine

Nous souhaitons lister tous les DC du domaine 
C:\nltest /dclist:nom_domain

Trouver à quel domaine un compte utilisateur appartient

Cet exemple permet de rechercher à quel domaine appartient un compte donné. Seul les domaines approuvés vont répondre bien évidement.
   C:\>nltest /finduser:Alex
   Domain Name: nom_domain
   Trusted DC Name \\SRV-D02
   The command completed successfully



Windows Server 2016 Active Directory Administrative Center

A lesser known feature in Windows Server beginning with Windows Server 2008 R2 is the Active Directory Administrative Center that allows administrators what basically looks like Server Manager to administer Active Directory environments. The Active Directory Administrative Center or ADAC is built on Windows PowerShell and provides an enhanced Active Directory data management experience. It is more task-oriented in the navigation scheme.  Windows Server 2016 Active Directory Administrative Center continues with the same features and functionality in managing AD including but not limited to the following.
  • Create new/manage user accounts
  • Create new/manage groups
  • Create new/manage computer accounts
  • Create new/manage OU’s
  • Configure and manage DAC
  • Configure manage Authentication Policies
Let’s take a look at a few screenshots of the ADAC in Windows Server 2016.

Windows Server 2016 Active Directory Administrative Center

To launch Active Directory Administrative Center, you can type the command dsac.exe.  The ADAC will launch.
After launching, as mentioned, it has the same look and feel of Server Manager.  Take a look on the left the menus that we have highlighted here.  Again, it is very task driven in the layout.  In the middle we have a welcome center type layout that have links to read more information about the various aspects of the ADAC.  Also, very common functions are already included in this dashboard – Reset Password, and Global Search.
dsac16_02 Windows Server 2016 Active Directory Administrative Center

How to Install Docker CE on CentOS 8 and RHEL 8

  Docker  is a daemon-based container engine which allows us to deploy applications inside containers.  Docker is available in two versions,...