Linux Administration & Maintenance: Difference between revisions

From Research
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:


==Gentoo==
==Gentoo==
Line 153: Line 152:
==RedHat/Fedora==
==RedHat/Fedora==
* TODO: Instructions for install with LDAP working
* TODO: Instructions for install with LDAP working
==FreeBSD==
* TODO: Instructions on configuring the firewall on [[Servers:Dreadnought|Dreadnought]]


==Linux Tips and Tools==
==Linux Tips and Tools==
[[Linux Tips and Tools]]
[[Linux Tips and Tools]]

Revision as of 04:55, 21 April 2007

Gentoo

On-Campus, we can speed installation/updates by using a local source; in your /etc/make.conf:

GENTOO_MIRRORS="http://mirror.iat.sfu.ca/gentoo/"

An alternative is to use an NFS mount, but if NFS breaks or is unavailable... :-(
Robin: "For best performance, I recommend mounting musashi.iat.sfu.ca:/export/gentoo/distfiles on /mnt/distfiles and specifying that in your make.conf. The NFS route ensures that downloaded files go back into the mirror."
Gentoo Local-Mirror Operation

LDAP Authentication, and Home-Directory AutoMounting

First, make sure you have the necessary packages on your system:

hostname ~ # emerge -v pam_ldap nss_ldap autofs

There are five configuration files, and three directories which must be correct:

/etc/ldap.conf
/etc/nsswitch.conf
/etc/autofs/auto.master
/etc/pam.d/system-auth
/bin/localshell
/home/users/
/home/projects/
/etc/localshell/

Create the necessary directories:

hostname ~ # mkdir /home/users
hostname ~ # mkdir /home/projects
hostname ~ # mkdir /etc/localshell

Copy over the /etc/localshell/* and /bin/localshell from a working machine.

Example /etc/ldap.conf, with commented-out portions omitted

# Your LDAP server. Must be resolvable without using LDAP.
host 209.87.56.238

# The distinguished name of the search base.
base dc=iat,dc=sfu,dc=ca

# The distinguished name to bind to the server with.
binddn cn=Reader,dc=iat,dc=sfu,dc=ca

# The credentials to bind with.
bindpw <supersecret!!>

# RFC2307bis naming contexts
nss_base_passwd         ou=Users,dc=iat,dc=sfu,dc=ca
nss_base_shadow         ou=Users,dc=iat,dc=sfu,dc=ca
nss_base_group          ou=Group,dc=iat,dc=sfu,dc=ca
nss_base_hosts          ou=Hosts,dc=iat,dc=sfu,dc=ca
nss_base_services       ou=Services,dc=iat,dc=sfu,dc=ca
nss_base_networks       ou=Networks,dc=iat,dc=sfu,dc=ca
nss_base_protocols      ou=Protocols,dc=iat,dc=sfu,dc=ca
nss_base_rpc            ou=Rpc,dc=iat,dc=sfu,dc=ca
nss_base_ethers         ou=Ethers,dc=iat,dc=sfu,dc=ca
nss_base_netmasks       ou=Networks,dc=iat,dc=sfu,dc=ca
nss_base_bootparams     ou=Ethers,dc=iat,dc=sfu,dc=ca
nss_base_aliases        ou=Aliases,dc=iat,dc=sfu,dc=ca
nss_base_netgroup       ou=Netgroup,dc=iat,dc=sfu,dc=ca


Example nsswitch.conf:

passwd:      compat ldap
shadow:      compat ldap
group:       compat ldap

# passwd:    db files nis
# shadow:    db files nis
# group:     db files nis

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files


Example /etc/autofs/auto.master

/home/users     ldap:209.87.56.238:ou=home.users,ou=AutoFS,dc=iat,dc=sfu,dc=ca
/home/projects  ldap:209.87.56.238:ou=home.projects,ou=AutoFS,dc=iat,dc=sfu,dc=ca


Example /etc/pam.d/system-auth

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so

account    required     /lib/security/pam_unix.so
account    sufficient   /lib/security/pam_ldap.so

password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow use_authtok
password   sufficient   /lib/security/pam_ldap.so use_authtok
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so
session    required     /lib/security/pam_ldap.so

Rescuing a Gentoo System

boot from a CD, typically

boot: gentoo

enable swap

livecd root # swapon /dev/sda2

mount the main (root) partition, optionally the boot partition

livecd root # mount /dev/sda3 /mnt/gentoo
livecd root # mount /dev/sda1 /mnt/gentoo/boot

get some networking going

livecd root # dhcpcd &
livecd root # ifconfig eth0 up
livecd root # ifconfig  (verify we got an IP)

prepare for chrooting

livecd root # mount -o bind /proc /mnt/gentoo/proc
livecd root # mount -o bind /dev /mnt/gentoo/dev
livecd root # mount -o bind /sys /mnt/gentoo/sys

set up a new environment root

livecd root # cd /mnt/gentoo
livecd gentoo # chroot /mnt/gentoo /bin/bash
livecd / # env-update
livecd / # source /etc/profile

Now, do your rescue work. Good luck!

To back out of the chroot, and check your fix(es)

livecd / # exit
livecd root # cd /
livecd root # umount /mnt/gentoo/boot /mnt/gentoo/proc /mnt/gentoo/dev /mnt/gentoo/sys /mnt/gentoo
livecd root # reboot

SUSE

On-Campus, we can speed installation/updates by using a local source:
nfs://export/mirror/suse


  • TODO: Instructions for install with LDAP working
  • TODO: Instructions for auto-update configuration

RedHat/Fedora

  • TODO: Instructions for install with LDAP working

Linux Tips and Tools

Linux Tips and Tools