Ubuntu 14 Instructions

From CSLLabWiki
Revision as of 16:18, 17 September 2014 by Admin (talk | contribs) (→‎LDAP / GDM)
Jump to navigation Jump to search

Installation

WARNING: The pre-packaged installer does not handle RAID well. GParted does. If partitioning is necessary, try it on live and use GParted to partition prior to installing using the below steps.

1. Select "English"

2. Select "Install Ubuntu"

3. Select "Install this Third Party Software" and "Download Updates while Installing"

4. Wait

5. IF NO OTHER OPERATING SYSTEMS: Erase Disk and Install Ubuntu.

5b. IF OTHER OSes: Something else - Select a drive; set to ext3, mountpoint: /, install.

6. Where are you? New York. 7. English, English (US)

8. Your name: Lab - Pick a username: lab - Password: qazzaq - Do not encrypt home folder.

Restart now.

Configuration

- SSH does not come preinstalled in Ubuntu 14! You *must* go to the machine and physically log in as lab to do:

- apt-get install ssh

- Reboot

- You still can't ssh in as root.


Setting up root SSH

- sudo vi /etc/ssh/sshd_config

- PermitRootLogin no -> PermitRootLogin yes

- sudo service ssh restart


Removing the 'lab' generic account and changing root password

- ssh root@ipaddress

- sudo su -

- passwd root (set the current root password)

- exit

- exit

- ssh root@ipaddress

- userdel lab

- rm -rf /home/lab

Update / Upgrade

  • apt-get update
  • apt-get upgrade
  • apt-get dist-upgrade

LDAP / GDM

  • apt-get install gdm
  • Switch to GDM
  • apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config
    • LDAP server Uniform Resource Identifier: ldap://10.20.3.8
    • Distinguished name of the search base: dc=cs,dc=transy,dc=edu
    • LDAP version to use: 3
    • Make local root Database admin: NO
    • Does the LDAP database require login?: NO
  • Edit /etc/ldap.conf and change / check the following values:
    • host 10.20.3.8
    • base dc=cs,dc=transy,dc=edu (should be set already)
    • uri ldap://10.20.3.8 (should be set already)
    • bind_policy soft
  • Edit /etc/ldap/ldap.conf
    • BASE dc=cs,dc=transy,dc=edu
    • URI ldap://10.20.3.8


  • Edit /etc/auth-client-config/profile.d/transy
[transy]
nss_passwd=passwd: ldap files
nss_group=group: ldap files
nss_shadow=shadow: ldap files
nss_netgroup=netgroup: ldap files
pam_auth=auth       required     pam_env.so
        auth       sufficient   pam_unix.so likeauth nullok
        auth       sufficient   pam_ldap.so use_first_pass
        auth       required     pam_deny.so
pam_account=account    sufficient   pam_unix.so
        account    sufficient   pam_ldap.so
        account    required     pam_deny.so
pam_password=password   sufficient   pam_unix.so nullok md5 shadow use_authtok
        password   sufficient   pam_ldap.so use_first_pass
        password   required     pam_deny.so
pam_session=session    required     pam_limits.so
        session    required     pam_unix.so
        session    optional     pam_ldap.so
  • auth-client-config -a -p transy
  • Add the following line near the very top of /etc/pam.d/gdm AND /etc/pam.d/login
auth    optional        pam_group.so
  • Add the following to the BOTTOM of /etc/security/group.conf:
# This will force all users that logon into these groups
login;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip
kdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video
gdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video
  • Test LDAP authentication - if "id USERNAME" returns with info about the user... all is good.
root@clarke:~# id kmoorman
uid=1129(kmoorman) gid=110(faculty) groups=110(faculty),800(camp),2100(linux)
Retrieved from "http://www.cs.transy.edu/wiki/index.php?title=Ubuntu_14_Instructions&oldid=581"