Featured

Linux Cloud Technologies 2013

  Build the cloud on Linux!  This year looks very promising for Linux when it comes to building your private cloud using open source technologies.  Finally, Linux-based software and application

Read More
Linux Cloud Technologies 2013

Ubuntu 14.04 Web Server Tutorial

13
by on April 29, 2014 at 4:38 pm

In this article, I’m going to be outlining the steps to install and configure a complete web server on a base install of Ubuntu 14.04 LTS server edition.  Not only will you learn how to install a complete web server or “LAMP stack” from the command line, you’ll also understand a little bit more about how each service works.  Ubuntu LTS releases are proven server platforms, and 14.04 brings many needed updates to the LAMP stack, most notably Apache Server 2.4

I personally don’t prefer to install “Web server” package groups during server install time.  I like to install each necessary package one by one to ensure I only have the software that I require for my operation.  This tutorial is also useful if you’re running Ubuntu 14.04 desktop version and want to install a LAMP stack for testing or development purposes.

(more…)

in How-To, Ubuntu

, , , , ,

Join Ubuntu 12.04LTS to Active Directory Domain

0
by on January 17, 2014 at 6:07 pm

Preliminary Steps

DNS must be configured properly.  You should be able to ping “mydomain.xx” from the CLI and the host name must resolve.  Generally speaking, entries in /etc/hosts are not sufficient.  You should be able to use whatever DNS server the Windows computers on the network use.

While entries in /etc/resolv.conf will allow you to temporarily adjust DNS settings, these setting will typically be overwritten if you’re using DHCP to obtain an IP.  You must make an entry for the interface in the /etc/network/interfaces file.  It is also helpful to add the dns-search parameter as well.  E.G.:

auto eth0
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.2
dns-search mydomain.xx

The above example will set a static IP of 192.168.1.3 for the Linux host, and assumes that our Active Directory DNS server is 192.168.1.2.  Obviously, you must edit these settings to fit your environment.  The DNS server does not have to be an Active Directory DNS server, but it must be able to resolve the domain names and host names.  For instance, if your Linux host is on a private subnet, you might put in the gateway’s IP address, as the gateway will forward the packets upstream to an actual DNS server.

A reboot after adjusting network settings on Ubuntu is recommended.

Additionally, you will need either a Domain Admin or other Active Directory user that has access to add machines to an OU.

Install Required Packages

First, run apt-get update

This will ensure that you have the current package listings from the repository.

Next, install the following packages using apt-get install <package>samba, winbind, krb5-user, libpam-winbind

You may receive an error while attempting to install one or more of these packages and the installation will refuse to proceed.  I have only observed on existing servers, not on a clean install of 12.04LTS.  If this is the case, you may install the packages using aptitude install <package> .  At first the install will fail and it will prompt you to leave the packages uninstalled.  Type “N”.  The next message will ask you to downgrade a handful of packages to allow install.  Type “Y”.  This downgrade does not appear to affect the operation of your software and allows the necessary packages to be installed.

Editing Config Files

Add the following changes to /etc/samba/smb.conf in the [global] section.

workgroup = MYDOMAIN

password server = dc1.mydomian.xx dc2.mydomain.xx

realm = MYDOMAIN.XX

security = ads

idmap uid = 16777216-33554431

idmap gid = 16777216-33554431

template shell = /sbin/nologin

winbind use default domain = true

winbind offline logon = false

winbind enum users = yes

winbind enum groups = yes

client ntlmv2 auth = yes

client use spnego principal = no

Let’s talk about some of the important settings.

workgroup is the name of the domain without the top level domain.  If the domain is a tertiary domain, such as MY.DOMAIN.XX, then the workgroup would be MY

realm is the name of the Kerberos Realm for the domain.  This should be in all CAPS and contain the entire domain name.  Example:  MY.DOMAIN.XX or MYDOMAIN.XX

security is the setting that tells Samba to use Winbind.

Idmap uid/gid  can be any valid range of numbers.  Generally speaking, these number should be above 100k.

template shell is the setting which controls what shells active directory users will have when they try to log in via console of ssh.  /sbin/nologin will allow the users to access Samba shares, but otherwise not have permissions on the Linux system.

winbind use default domain is the setting which tells Samba to use only usernames for lookups.  If this is set to false, you would have to address AD accounts as myuser@mydomain.xx or mydomain\myuser.

client ntlmv2 auth enables Winbind and Samba to communicate using ntlmv2.  If you do not set this to yes, you won’t be able to join the domain.

Join the Active Directory Domain

Now that winbind is installed and Samba’s config file has been update, we should restart the smbd and winbind services.  service smbd restart && service winbind restart

Next, let’s generate a Kerberos ticket for our AD user.  kinit myadmin

You will be prompted for a password as follows:  Password for myadmin@MYDOMAIN.XX:

After entering the password, the command should complete with no output or errors.

Now that we have verified Kerberos is working by requesting a ticket, we can join the server to the domain using the net command as follows:  net ads join –U myadmin

At the prompt, enter your password.  You should see “Joined <Server Name> to realm ‘MYDOMAIN.XX’.  You will likely also see “No DNS domain configured for <servername>.  Unable to perform DNS Update.  DNS update failed!”  This is normal, and it just means that the DNS server was not updated with your ubuntu’s server A record.  That will have to be created manually by the DNS administrator, if desired (but not required for AD integration).

If our join was successful, we need to update a couple more things:  nss and pam.  Edit /etc/nsswitch.conf to enable winbind for passwd, group, and shadow services:

passwd: compat winbind

group: compat winbind

shadow: compat winbind

 

Now, we should be able to update our PAM configs automatically by running pam-auth-update This will open up a TUI screen (text user interface) and you can select Winbind NT/AD if not already selected and press OK.  This should update the requisite PAM files to enable winbind integration with PAM.

To check to make sure that everything is running as expected, run the command getent passwd myadmin and you should see an entry similar to one in /etc/passwd

in How-To, Ubuntu

, , ,

Ad goes here

CentOS 6 Google App Engine Python Development with Eclipse

0
by on November 26, 2013 at 5:34 pm

With more and more companies moving applications to the cloud, Google App Engine makes a lot of sense.  GAE is a Platform as a Service (PaaS) product offered which runs on Google’s infrastructure.  Some of the touted capabilities are seamless, limitless, and completely automated application scaling.  In this article, you’ll learn how to setup a basic development environment for Google App Engine’s Python SDK on CentOS 6 using PyDev and Eclipse.

(more…)

, , , ,

Join CentOS 6 to Active Directory Domain

9
by on October 1, 2013 at 4:03 pm

Joining CentOS 6 or Red Hat Enterprise Linux 6 to an Active Directory Domain is relatively simple.  While Active Directory is proprietary software developed by Microsoft, it’s fairly ubiquitous in medium and large environments, thus integrating Linux and Windows services is very common in this day and age.  DNS has to be working properly.  You should be able to resolve mydomain.com using DNS.

First, we need to install winbind.  This is the Samba service that integrates users, passwords, and other important functions with Active Directory.

yum install samba-winbind

That command should install any and all dependencies necessary.  Another step is to install software necessary for initializing Kerberos tickets.  While not strictly necessary to join the Domain initially (I believe), it makes troubleshooting a little easier.

yum install krb5-workstation

After those two packages are installed, you can run authconfig-tui to automatically setup pam and other important config files.  See the screen shots below for example settings.

authconfig-tui

The above selections are appropriate.  Use fingerprint reader is not needed unless your workstation has a fingerprint reader.

authconfig-tui

This stage is very important.  Security model should be set to ADS.  Domain should be the name of the domain without the top level domain.  If your domain looks like my.domain.com, then you should put “MY” in this field.  Domain controllers are the FQDN for each domain controller you wish your system to use.  Unlike Windows, these are not automatically discovered by CentOS or RHEL 6.  Separate each domain controller by a space.  ADS REALM should be the full name of your Domain in ALL CAPS.  Template shell can be whichever you choose.  If you want to enable domain users the ability to log in by default, select one of the shells.  If you want to disable ssh/local login by default, select /sbin/nologin.

Next, select Join Domain and enter your Domain Admin username and password in the boxes provided.  You should enter just the username, do not enter any domain information here.

, , , , ,

How to RDP from CentOS 6 using Network Level Auth

0
by on October 1, 2013 at 3:22 pm

Connecting from CentOS 6 to Windows Server 2008 R2 used to be impossible if you had Network Level Authentication required on your Windows Servers. However, the latest version of rdesktop (1.8 as of this writing) finally integrates NLA. Unfortunately, if you’re using CentOS 6 or Red Hat Enterprise Linux 6, the newest version is not currently available from the EPEL or base repos.   In this article I’m going to show you how to build and install the software so it works correctly.

(more…)

in CentOS, How-To, Red Hat

, , , , , ,

Join Fedora 19 to Active Directory Domain using realmd

18
by on September 23, 2013 at 4:24 pm

For years, Linux administrators have been successfully using Samba winbind to integrate Linux with Active directory.  While configuring a Linux host to join an Active Directory Domain is pretty simple, it still involves editing a few configuration files manually in most cases.  The new software, realmd, changes all of that, and makes joining a Linux host to an Active Directory Domain easier than ever before!

(more…)

, ,

Install OpenStack Grizzly on Fedora 19 with Quantum Networking

0
by on August 14, 2013 at 7:35 pm

I recently registered for an watched a Red Hat online seminar, Taste of Training for the upcoming Red Hat Open Stack course.  Up until very recently, Red Hat OpenStack was only a technology preview, but now Red Hat is offering full support for OpenStack as part of it’s Red Hat Cloud Infrastructure product suite.

If you’re already familiar with OpenStack and/or Fedora, you can refer to this ’3 step’ guide from Red Hat:  http://openstack.redhat.com/Quickstart  Since you’re using Fedora 19, you’re not likely going to actually be able to complete the install in 3 steps as the guide suggests.  I have found there are numerous steps that must/should be modified for a smooth installation, and I have compiled those steps here for my readers.

What I’m going to outline here are some of the necessary tips and methods I gleaned from hours of frustration.  I also hope to include pretty screen shots for your convenience :).

I also intend to use Quantum networking, and (coming soon) GlusterFS as cinder storage.

(more…)

, , , , , , ,

Connect to SQL Server with Python

0
by on July 5, 2013 at 2:23 pm

Recently I was tasked to rewrite some Perl cgi scripts.  My time is valuable to me, so I rewrote them in Python!  One of the functions of the cgi scripts was to connect to a Microsoft SQL Server 2008 r2 instance.  A quick glance at the perl scripts showed me we were using ODBC to connect to SQL Server.  After a few hours of reading online, I settled upon what I believe is the best method, using pyodbc.

pyodbc is an open source library for python, available at https://code.google.com/p/pyodbc/  Installation is pretty straight forward, but I will outline the steps here and help you connect to SQL Server as well.

(more…)

in How-To, Red Hat

, , , ,

Ajax script with python backend

0
by on June 10, 2013 at 3:07 pm

At my day job, I’m a Linux System Administrator.  This roughly translates to “Everything System Administrator” as I work in a lot of other capacities as well.  One of my duties is maintaining an internal web portal that runs on a RHEL 6 system.  A good portion of our portal runs on Python and Perl CGI scripts.  I wanted to dynamically update part of a page and I needed to make an Ajax call to a Python script instead of a normal PHP or ASP (etc).  I ran into a problem with a not so obvious solution compared to how people make calls to PHP backends.

(more…)

in How-To

, , , , ,

Centos 6 Apache Kerberos AD SSO

14
by on May 21, 2013 at 7:22 pm

I recently setup a RHEL / Centos 6 Apache websever at work that integrates with Active Directory (AD) and Kerberos for a single sign on (SSO) web resource.  This took me a lot more time than I thought it would, but that’s because the tutorials I was reading were either wrong, or didn’t apply to my situation.  I am outlining the steps I took below to help others who may wish to have a similar setup.

(more…)

in CentOS, How-To, Red Hat

, , , , , , ,