Linux Administration & Maintenance: Difference between revisions

From Research
Jump to navigation Jump to search
Hha13 (talk | contribs)
No edit summary
Hha13 (talk | contribs)
Line 291: Line 291:
  /home/users    ldap:209.87.56.238:ou=home.users,ou=AutoFS,dc=iat,dc=sfu,dc=ca
  /home/users    ldap:209.87.56.238:ou=home.users,ou=AutoFS,dc=iat,dc=sfu,dc=ca
  /home/projects  ldap:209.87.56.238:ou=home.projects,ou=AutoFS,dc=iat,dc=sfu,dc=ca
  /home/projects  ldap:209.87.56.238:ou=home.projects,ou=AutoFS,dc=iat,dc=sfu,dc=ca
*http://www.marzocca.net/linux/bum.html


==Linux Tips and Tools==
==Linux Tips and Tools==
[[Linux Tips and Tools]]
[[Linux Tips and Tools]]

Revision as of 22:34, 30 May 2007

Gentoo

On-Campus, we can speed installation/updates by using a local source; in your /etc/make.conf:

GENTOO_MIRRORS="http://mirror.iat.sfu.ca/gentoo/"

An alternative is to use an NFS mount, but if NFS breaks or is unavailable... :-(
Robin: "For best performance, I recommend mounting musashi.iat.sfu.ca:/export/gentoo/distfiles on /mnt/distfiles and specifying that in your make.conf. The NFS route ensures that downloaded files go back into the mirror."
Gentoo Local-Mirror Operation

LDAP Authentication, and Home-Directory AutoMounting

First, make sure you have the necessary packages on your system:

hostname ~ # emerge -v pam_ldap nss_ldap autofs

There are five configuration files, and three directories which must be correct:

/etc/ldap.conf
/etc/nsswitch.conf
/etc/autofs/auto.master
/etc/pam.d/system-auth
/bin/localshell
/home/users/
/home/projects/
/etc/localshell/

Create the necessary directories:

hostname ~ # mkdir /home/users
hostname ~ # mkdir /home/projects
hostname ~ # mkdir /etc/localshell

Copy over the /etc/localshell/* and /bin/localshell from a working machine.

Example /etc/ldap.conf, with commented-out portions omitted

# Your LDAP server. Must be resolvable without using LDAP.
host 209.87.56.238

# The distinguished name of the search base.
base dc=iat,dc=sfu,dc=ca

# The distinguished name to bind to the server with.
binddn cn=Reader,dc=iat,dc=sfu,dc=ca

# The credentials to bind with.
bindpw <supersecret!!>

# RFC2307bis naming contexts
nss_base_passwd         ou=Users,dc=iat,dc=sfu,dc=ca
nss_base_shadow         ou=Users,dc=iat,dc=sfu,dc=ca
nss_base_group          ou=Group,dc=iat,dc=sfu,dc=ca
nss_base_hosts          ou=Hosts,dc=iat,dc=sfu,dc=ca
nss_base_services       ou=Services,dc=iat,dc=sfu,dc=ca
nss_base_networks       ou=Networks,dc=iat,dc=sfu,dc=ca
nss_base_protocols      ou=Protocols,dc=iat,dc=sfu,dc=ca
nss_base_rpc            ou=Rpc,dc=iat,dc=sfu,dc=ca
nss_base_ethers         ou=Ethers,dc=iat,dc=sfu,dc=ca
nss_base_netmasks       ou=Networks,dc=iat,dc=sfu,dc=ca
nss_base_bootparams     ou=Ethers,dc=iat,dc=sfu,dc=ca
nss_base_aliases        ou=Aliases,dc=iat,dc=sfu,dc=ca
nss_base_netgroup       ou=Netgroup,dc=iat,dc=sfu,dc=ca


Example nsswitch.conf:

passwd:      compat ldap
shadow:      compat ldap
group:       compat ldap

# passwd:    db files nis
# shadow:    db files nis
# group:     db files nis

hosts:       files dns
networks:    files dns

services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files

automount:   files
aliases:     files


Example /etc/autofs/auto.master

/home/users     ldap:209.87.56.238:ou=home.users,ou=AutoFS,dc=iat,dc=sfu,dc=ca
/home/projects  ldap:209.87.56.238:ou=home.projects,ou=AutoFS,dc=iat,dc=sfu,dc=ca


Example /etc/pam.d/system-auth

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so

account    required     /lib/security/pam_unix.so
account    sufficient   /lib/security/pam_ldap.so

password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow use_authtok
password   sufficient   /lib/security/pam_ldap.so use_authtok
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so
session    required     /lib/security/pam_ldap.so

Rescuing a Gentoo System

boot from a CD, typically

boot: gentoo

enable swap

livecd root # swapon /dev/sda2

mount the main (root) partition, optionally the boot partition

livecd root # mount /dev/sda3 /mnt/gentoo
livecd root # mount /dev/sda1 /mnt/gentoo/boot

get some networking going

livecd root # dhcpcd &
livecd root # ifconfig eth0 up
livecd root # ifconfig  (verify we got an IP)

prepare for chrooting

livecd root # mount -o bind /proc /mnt/gentoo/proc
livecd root # mount -o bind /dev /mnt/gentoo/dev
livecd root # mount -o bind /sys /mnt/gentoo/sys

set up a new environment root

livecd root # cd /mnt/gentoo
livecd gentoo # chroot /mnt/gentoo /bin/bash
livecd / # env-update
livecd / # source /etc/profile

Now, do your rescue work. Good luck!

To back out of the chroot, and check your fix(es)

livecd / # exit
livecd root # cd /
livecd root # umount /mnt/gentoo/boot /mnt/gentoo/proc /mnt/gentoo/dev /mnt/gentoo/sys /mnt/gentoo
livecd root # reboot

SUSE

On-Campus, we can speed installation/updates by using a local source:
nfs://export/mirror/suse


  • TODO: Instructions for install with LDAP working
  • TODO: Instructions for auto-update configuration

RedHat/Fedora

  • TODO: Instructions for install with LDAP working

Ubuntu

Below are instructions for setting up a Ubuntu Linux workstation. All instructions are for version 7.04.

To enable the use of dual-monitor display on an Nvidia video card, follow these instructions:

  • First enable the Nvidia driver, by clicking on System > Administration > Restricted Drivers Manger, authenticating, and checking "Enabled". Close the manager.
  • Next run the following command in a Terminal, and authenticate when prompted:
user@host:/~$ gksudo nvidia-settings
  • On the left side of the GUI, go to 'X Server Display Configuration'. Enable both displays, and choose TwinView for Configuration type. Make sure the resolutions match your monitors. Hit 'Apply' to see if these setting work for you. Your monitors should now turn into one big screen. Accept the configuration if this is true, otherwise cancel and fix the settings.
  • Now press 'Quit' in the bottom right, log out, then log back in. You should no longer see one large screen, but a main display on the left and a secondary on the right (if this is how you configured it), and you should be able to drag windows from a window back to the other.
  • Run the 'gksudo nvidia-settings' command above one more time. If you are satisfied with your settings, click 'Save to X Configuration File' and quit.

To turn on the root account enter the following command in a Terminal, and enter/confirm a root password when prompted:

user@host:/~$ sudo passwd root

To enable ssh on the machine, enter the following command in a Terminal:

user@host:/~$ sudo apt-get install ssh openssh-server

LDAP Authentication, and Home-Directory AutoMounting

First of all, make sure you have all the required packages installed on your system:

  • libnss-ldap
  • libpam-ldap
  • ldap-utils
  • autofs
  • autofs-ldap

The easiest way of installing them is using the Synaptic Package Manager, found under System > Administration > Synaptic Package Manager. Note that when you install the libnss-ldap package, you will have to enter information regarding the LDAP setup. You can leave all these as default and change them later, or use the info below to guide you. You will need to edit the config files manually later anyway.

There are several configuration files you will need, as well as several directories that must be correct:

/etc/libnss-ldap.conf
/etc/pam_ldap.conf
/etc/nsswitch.conf
/etc/auto.master
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-password
/etc/pam.d/common-session
/etc/localshell/
/bin/locashell
/home/users/
/home/projects/

Create the following directories:

hostname ~ # mkdir /home/users
hostname ~ # mkdir /home/projects
hostname ~ # mkdir /etc/localshell

Copy over the /etc/localshell/* and /bin/localshell from a working machine.

Examples of the required files are given below, note that libnss-ldap.conf and pam_ldap.conf are identical except for one line. (See below).

Example libnss-ldap.conf and pam_ldap.conf file, with commented out lines ommitted:

NOTE - the first line is commented out in the pam_ldap.conf file.

@(#)$Id: ldap.conf,v 2.47 2006/05/15 08:13:44 lukeh Exp $

# Your LDAP server. Must be resolvable without using LDAP.
host 209.87.56.238

# The distinguished name of the search base.
base dc=iat,dc=sfu,dc=ca

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 2

# The distinguished name to bind to the server with.
binddn cn=Reader,dc=iat,dc=sfu,dc=ca

# The credentials to bind with. 
bindpw <secret!!!>

# Reconnect policy:
bind_policy hard 

nss_base_passwd         ou=Users,dc=iat,dc=sfu,dc=ca
nss_base_shadow         ou=Users,dc=iat,dc=sfu,dc=ca
nss_base_group          ou=Group,dc=iat,dc=sfu,dc=ca
nss_base_hosts          ou=Hosts,dc=iat,dc=sfu,dc=ca
nss_base_services       ou=Services,dc=iat,dc=sfu,dc=ca
nss_base_networks       ou=Networks,dc=iat,dc=sfu,dc=ca
nss_base_protocols      ou=Protocols,dc=iat,dc=sfu,dc=ca
nss_base_rpc            ou=Rpc,dc=iat,dc=sfu,dc=ca
nss_base_ethers         ou=Ethers,dc=iat,dc=sfu,dc=ca
nss_base_netmasks       ou=Networks,dc=iat,dc=sfu,dc=ca
nss_base_bootparams     ou=Ethers,dc=iat,dc=sfu,dc=ca
nss_base_aliases        ou=Aliases,dc=iat,dc=sfu,dc=ca
nss_base_netgroup       ou=Netgroup,dc=iat,dc=sfu,dc=ca

Example nsswitch.conf file:

passwd:         files ldap
group:          files ldap
shadow:         files

hosts:          files dns
networks:       files 

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Example common-account file:

account sufficient	pam_ldap.so
account required	pam_unix.so

Example common-auth file:

auth	sufficient	pam_ldap.so
auth	required	pam_unix.so nullok_secure use_first_pass

Example common-password file:

password   sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5

Example common-session file:

session sufficient	pam_ldap.so
session required	pam_unix.so
session optional	pam_foreground.so

Example auto.master file:

/home/users     ldap:209.87.56.238:ou=home.users,ou=AutoFS,dc=iat,dc=sfu,dc=ca
/home/projects  ldap:209.87.56.238:ou=home.projects,ou=AutoFS,dc=iat,dc=sfu,dc=ca

Linux Tips and Tools

Linux Tips and Tools