Installing a room machine from scratch

From ProgSoc Wiki

Jump to: navigation, search

This document is currently a work in progress: Based upon installs of Ubuntu 10.04 in August 2010

1. Install OSX, leaving room enough for Ubuntu (currently 60/20GB)

Note: Rani appears to have boot camp provisioned as well as OSX. Leaving as is and just installing ubuntu.

2. Setup OS X /home and LDAP (More information / link needed)

3. Follow instructions on Ubuntu wiki to prepare the boot environment - (install rEFIt) https://help.ubuntu.com/community/MactelSupportTeam/AppleIntelInstallation#Dual-Boot:%20Mac%20OSX%20and%20Ubuntu

Note: Rani doesn't have this setup yet. Will try to rectify after ubuntu install.

Ubuntu Setup

4. Install Ubuntu from CD, with a 1000MB swap partition and the remainder a root partition.

5. Set network settings in /etc/network/interfaces as below. IP addresses are located in The Fleet of Machines

auto eth0
iface eth0 inet static
        address 138.25.6.XX
        netmask 255.255.255.0
        gateway 138.25.6.254

6. Set DNS in /etc/resolv.conf as below:

search progsoc.uts.edu.au nameserver 138.25.6.2

7. Restart networking. sudo /etc/init.d/networking restart

8. Update all packages & set updating to automatic.

8. https://help.ubuntu.com/community/LDAPClientAuthentication

Install the following packages: libpam-ldap libnss-ldap nss-updatedb libnss-db

server name (ip address of crypt) ldap://138.25.6.103

Make root database admin: no

Distinguished name dc=progsoc,dc=org


Version 3

Make local root admin: NO

No ldap login


Using your favorite text editor, edit the following config:  /etc/auth-client-config/profile.d/open_ldap 

and paste the following into it:


[open_ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: files ldap pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok #the following line (containing pam_group.so) must be placed before pam_ldap.so #for ldap users to be placed in local groups such as fuse, plugdev, scanner, etc ... auth required pam_group.so use_first_pass auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password sufficient pam_unix.so nullok md5 shadow password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_mkhomedir.so skel=/etc/skel/ session required pam_unix.so session optional pam_ldap.so


sudo auth-client-config -a -p open_ldap

nano /etc/security/group.conf


add this to the end of file

  • *; *; Al0000-2400;audio,cdrom,floppy,plugdev,video,fuse,scanner,dip


NFS

sudo apt-get install nfs-common


mkdir /phatdisk


nano /etc/fstab

138.25.6.103:/phatdisk /phatdisk nfs rw 0 0 /phatdisk/home /home none bind

sudo visudo

Add %progsoc-admin ALL=(ALL) ALL

Change Host name

TODO: fail2ban on rani, kali SSH fail2ban niflheim

Personal tools