Ubuntu 14 Instructions: Difference between revisions
Line 74: | Line 74: | ||
* apt-get install gdm | * apt-get install gdm | ||
* | * DO NOT switch to gdm. STAY ON LIGHTDM | ||
* apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config | * apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config |
Revision as of 16:29, 17 September 2014
Installation
WARNING: The pre-packaged installer does not handle RAID well. GParted does. If partitioning is necessary, try it on live and use GParted to partition prior to installing using the below steps.
1. Select "English"
2. Select "Install Ubuntu"
3. Select "Install this Third Party Software" and "Download Updates while Installing"
4. Wait
5. IF NO OTHER OPERATING SYSTEMS: Erase Disk and Install Ubuntu.
5b. IF OTHER OSes: Something else - Select a drive; set to ext3, mountpoint: /, install.
6. Where are you? New York. 7. English, English (US)
8. Your name: Lab - Pick a username: lab - Password: qazzaq - Do not encrypt home folder.
Restart now.
Configuration
- SSH does not come preinstalled in Ubuntu 14! You *must* go to the machine and physically log in as lab to do:
- apt-get install ssh
- Reboot
- You still can't ssh in as root.
Setting up root SSH
- sudo vi /etc/ssh/sshd_config
- PermitRootLogin no -> PermitRootLogin yes
- sudo service ssh restart
Removing the 'lab' generic account and changing root password
- ssh root@ipaddress
- sudo su -
- passwd root (set the current root password)
- exit
- exit
- ssh root@ipaddress
- userdel lab
- rm -rf /home/lab
Update / Upgrade
- apt-get update
- apt-get upgrade
- apt-get dist-upgrade
LDAP / GDM
- apt-get install gdm
- DO NOT switch to gdm. STAY ON LIGHTDM
- apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config
- LDAP server Uniform Resource Identifier: ldap://10.20.3.8
- Distinguished name of the search base: dc=cs,dc=transy,dc=edu
- LDAP version to use: 3
- Make local root Database admin: NO
- Does the LDAP database require login?: NO
- Edit /etc/ldap.conf and change / check the following values:
- host 10.20.3.8
- base dc=cs,dc=transy,dc=edu (should be set already)
- uri ldap://10.20.3.8 (should be set already)
- bind_policy soft
- Edit /etc/ldap/ldap.conf
- BASE dc=cs,dc=transy,dc=edu
- URI ldap://10.20.3.8
- Edit /etc/auth-client-config/profile.d/transy
[transy]
nss_passwd=passwd: ldap files
nss_group=group: ldap files
nss_shadow=shadow: ldap files
nss_netgroup=netgroup: ldap files
pam_auth=auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
pam_account=account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
pam_password=password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
pam_session=session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
- auth-client-config -a -p transy
- Add the following line near the very top of /etc/pam.d/gdm AND /etc/pam.d/login
auth optional pam_group.so
- Add the following to the BOTTOM of /etc/security/group.conf:
# This will force all users that logon into these groups
login;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip
kdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video
gdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video
- Test LDAP authentication - if "id USERNAME" returns with info about the user... all is good.
root@clarke:~# id kmoorman
uid=1129(kmoorman) gid=110(faculty) groups=110(faculty),800(camp),2100(linux)