Linux Administration & Maintenance: Difference between revisions
Line 176: | Line 176: | ||
===LDAP Authentication, and Home-Directory AutoMounting=== | ===LDAP Authentication, and Home-Directory AutoMounting=== | ||
First of all, make sure you have all the required packages installed on your system: | |||
*libnss-ldap | |||
*libpam-ldap | |||
*ldap-utils | |||
*autofs | |||
*autofs-ldap | |||
The easiest way of installing them is using the Synaptic Package Manager, found under System > Administration > Synaptic Package Manager. | |||
*libnss-ldap.conf same as pam_ldap.conf | *libnss-ldap.conf same as pam_ldap.conf |
Revision as of 22:01, 30 May 2007
Gentoo
On-Campus, we can speed installation/updates by using a local source; in your /etc/make.conf:
GENTOO_MIRRORS="http://mirror.iat.sfu.ca/gentoo/"
An alternative is to use an NFS mount, but if NFS breaks or is unavailable... :-(
Robin: "For best performance, I recommend mounting
musashi.iat.sfu.ca:/export/gentoo/distfiles on /mnt/distfiles
and specifying that in your make.conf. The NFS route ensures that downloaded files go back into the mirror."
Gentoo Local-Mirror Operation
LDAP Authentication, and Home-Directory AutoMounting
First, make sure you have the necessary packages on your system:
hostname ~ # emerge -v pam_ldap nss_ldap autofs
There are five configuration files, and three directories which must be correct:
/etc/ldap.conf /etc/nsswitch.conf /etc/autofs/auto.master /etc/pam.d/system-auth /bin/localshell /home/users/ /home/projects/ /etc/localshell/
Create the necessary directories:
hostname ~ # mkdir /home/users hostname ~ # mkdir /home/projects hostname ~ # mkdir /etc/localshell
Copy over the /etc/localshell/* and /bin/localshell from a working machine.
Example /etc/ldap.conf, with commented-out portions omitted
# Your LDAP server. Must be resolvable without using LDAP. host 209.87.56.238 # The distinguished name of the search base. base dc=iat,dc=sfu,dc=ca # The distinguished name to bind to the server with. binddn cn=Reader,dc=iat,dc=sfu,dc=ca # The credentials to bind with. bindpw <supersecret!!> # RFC2307bis naming contexts nss_base_passwd ou=Users,dc=iat,dc=sfu,dc=ca nss_base_shadow ou=Users,dc=iat,dc=sfu,dc=ca nss_base_group ou=Group,dc=iat,dc=sfu,dc=ca nss_base_hosts ou=Hosts,dc=iat,dc=sfu,dc=ca nss_base_services ou=Services,dc=iat,dc=sfu,dc=ca nss_base_networks ou=Networks,dc=iat,dc=sfu,dc=ca nss_base_protocols ou=Protocols,dc=iat,dc=sfu,dc=ca nss_base_rpc ou=Rpc,dc=iat,dc=sfu,dc=ca nss_base_ethers ou=Ethers,dc=iat,dc=sfu,dc=ca nss_base_netmasks ou=Networks,dc=iat,dc=sfu,dc=ca nss_base_bootparams ou=Ethers,dc=iat,dc=sfu,dc=ca nss_base_aliases ou=Aliases,dc=iat,dc=sfu,dc=ca nss_base_netgroup ou=Netgroup,dc=iat,dc=sfu,dc=ca
Example nsswitch.conf:
passwd: compat ldap shadow: compat ldap group: compat ldap # passwd: db files nis # shadow: db files nis # group: db files nis hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files
Example /etc/autofs/auto.master
/home/users ldap:209.87.56.238:ou=home.users,ou=AutoFS,dc=iat,dc=sfu,dc=ca /home/projects ldap:209.87.56.238:ou=home.projects,ou=AutoFS,dc=iat,dc=sfu,dc=ca
Example /etc/pam.d/system-auth
auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session required /lib/security/pam_ldap.so
Rescuing a Gentoo System
boot from a CD, typically
boot: gentoo
enable swap
livecd root # swapon /dev/sda2
mount the main (root) partition, optionally the boot partition
livecd root # mount /dev/sda3 /mnt/gentoo livecd root # mount /dev/sda1 /mnt/gentoo/boot
get some networking going
livecd root # dhcpcd & livecd root # ifconfig eth0 up livecd root # ifconfig (verify we got an IP)
prepare for chrooting
livecd root # mount -o bind /proc /mnt/gentoo/proc livecd root # mount -o bind /dev /mnt/gentoo/dev livecd root # mount -o bind /sys /mnt/gentoo/sys
set up a new environment root
livecd root # cd /mnt/gentoo livecd gentoo # chroot /mnt/gentoo /bin/bash livecd / # env-update livecd / # source /etc/profile
Now, do your rescue work. Good luck!
To back out of the chroot, and check your fix(es)
livecd / # exit livecd root # cd / livecd root # umount /mnt/gentoo/boot /mnt/gentoo/proc /mnt/gentoo/dev /mnt/gentoo/sys /mnt/gentoo livecd root # reboot
SUSE
On-Campus, we can speed installation/updates by using a local source:
nfs://export/mirror/suse
- TODO: Instructions for install with LDAP working
- TODO: Instructions for auto-update configuration
RedHat/Fedora
- TODO: Instructions for install with LDAP working
Ubuntu
Below are instructions for setting up a Ubuntu Linux workstation. All instructions are for version 7.04.
To enable the use of dual-monitor display on an Nvidia video card, follow these instructions:
- First enable the Nvidia driver, by clicking on System > Administration > Restricted Drivers Manger, authenticating, and checking "Enabled". Close the manager.
- Next run the following command in a Terminal, and authenticate when prompted:
user@host:/~$ gksudo nvidia-settings
- On the left side of the GUI, go to 'X Server Display Configuration'. Enable both displays, and choose TwinView for Configuration type. Make sure the resolutions match your monitors. Hit 'Apply' to see if these setting work for you. Your monitors should now turn into one big screen. Accept the configuration if this is true, otherwise cancel and fix the settings.
- Now press 'Quit' in the bottom right, log out, then log back in. You should no longer see one large screen, but a main display on the left and a secondary on the right (if this is how you configured it), and you should be able to drag windows from a window back to the other.
- Run the 'gksudo nvidia-settings' command above one more time. If you are satisfied with your settings, click 'Save to X Configuration File' and quit.
To turn on the root account enter the following command in a Terminal, and enter/confirm a root password when prompted:
user@host:/~$ sudo passwd root
To enable ssh on the machine, enter the following command in a Terminal:
user@host:/~$ sudo apt-get install ssh openssh-server
LDAP Authentication, and Home-Directory AutoMounting
First of all, make sure you have all the required packages installed on your system:
- libnss-ldap
- libpam-ldap
- ldap-utils
- autofs
- autofs-ldap
The easiest way of installing them is using the Synaptic Package Manager, found under System > Administration > Synaptic Package Manager.
- libnss-ldap.conf same as pam_ldap.conf
- nsswitch.conf
- /etc/pam.d/commom files
- use_first_pass
- http://www.marzocca.net/linux/bum.html