Ubuntu 14 Instructions: Difference between revisions

Installation

WARNING: The pre-packaged installer does not handle RAID well. GParted does. If partitioning is necessary, try it on live and use GParted to partition prior to installing using the below steps.

1. Select "English"

2. Select "Install Ubuntu"

3. Select "Install this Third Party Software" and "Download Updates while Installing"

4. Wait

5. IF NO OTHER OPERATING SYSTEMS: Erase Disk and Install Ubuntu.

5b. IF OTHER OSes: Something else - Select a drive; set to ext3, mountpoint: /, install.

6. Where are you? New York. 7. English, English (US)

8. Your name: Lab - Pick a username: lab - Password: qazzaq - Do not encrypt home folder.

Restart now.

Configuration

- SSH does not come preinstalled in Ubuntu 14! You *must* go to the machine and physically log in as lab to do:

- apt-get install ssh

- Reboot

- You still can't ssh in as root.

Setting up root SSH

- sudo vi /etc/ssh/sshd_config

- PermitRootLogin no -> PermitRootLogin yes

- sudo service ssh restart

Removing the 'lab' generic account and changing root password

- ssh root@ipaddress

- sudo su -

- passwd root (set the current root password)

- exit

- exit

- ssh root@ipaddress

- userdel lab

- rm -rf /home/lab

Update / Upgrade

• apt-get update
• apt-get upgrade
• apt-get dist-upgrade

LDAP / GDM

• apt-get install gdm

• DO NOT switch to gdm. STAY ON LIGHTDM

• apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config
  • LDAP server Uniform Resource Identifier: ldap://10.20.3.8
  • Distinguished name of the search base: dc=cs,dc=transy,dc=edu
  • LDAP version to use: 3
  • Make local root Database admin: NO
  • Does the LDAP database require login?: NO

• Edit /etc/ldap.conf and change / check the following values:
  • host 10.20.3.8
  • base dc=cs,dc=transy,dc=edu (should be set already)
  • uri ldap://10.20.3.8 (should be set already)
  • bind_policy soft

• Edit /etc/ldap/ldap.conf
  • BASE dc=cs,dc=transy,dc=edu
  • URI ldap://10.20.3.8

• Edit /etc/auth-client-config/profile.d/transy

[transy]
nss_passwd=passwd: ldap files
nss_group=group: ldap files
nss_shadow=shadow: ldap files
nss_netgroup=netgroup: ldap files
pam_auth=auth       required     pam_env.so
        auth       sufficient   pam_unix.so likeauth nullok
        auth       sufficient   pam_ldap.so use_first_pass
        auth       required     pam_deny.so
pam_account=account    sufficient   pam_unix.so
        account    sufficient   pam_ldap.so
        account    required     pam_deny.so
pam_password=password   sufficient   pam_unix.so nullok md5 shadow use_authtok
        password   sufficient   pam_ldap.so use_first_pass
        password   required     pam_deny.so
pam_session=session    required     pam_limits.so
        session    required     pam_unix.so
        session    optional     pam_ldap.so

• auth-client-config -a -p transy
• Add the following line near the very top of /etc/pam.d/gdm AND /etc/pam.d/login

auth    optional        pam_group.so

• Add the following to the BOTTOM of /etc/security/group.conf:

# This will force all users that logon into these groups
login;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip
kdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video
gdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video

• Test LDAP authentication - if "id USERNAME" returns with info about the user... all is good.

root@clarke:~# id kmoorman
uid=1129(kmoorman) gid=110(faculty) groups=110(faculty),800(camp),2100(linux)

Filesystems

• apt-get install nfs-common
• mkdir /classes
• mkdir /labdata
• Edit /etc/fstab

Add:

# NFS Filesystems
10.20.3.8:/data/exportfs/home           /home           nfs     defaults,rw
10.20.3.8:/data/exportfs/classes        /classes        nfs     defaults,rw
10.20.3.8:/data/exportfs/labdata        /labdata        nfs     defaults,rw

• Log-in to Babbage
• edit /etc/exports
• exportfs -a
• exit
• ssh root@IP
• mount -a
• Ensure the NFS filesystems loaded with "ls /home" "ls /classes" "ls /labdata"