Featured

Linux Cloud Technologies 2013

  Build the cloud on Linux!  This year looks very promising for Linux when it comes to building your private cloud using open source technologies.  Finally, Linux-based software and application

Read More
Linux Cloud Technologies 2013

Join Ubuntu 12.04LTS to Active Directory Domain

0
by on January 17, 2014 at 6:07 pm

Preliminary Steps

DNS must be configured properly.  You should be able to ping “mydomain.xx” from the CLI and the host name must resolve.  Generally speaking, entries in /etc/hosts are not sufficient.  You should be able to use whatever DNS server the Windows computers on the network use.

While entries in /etc/resolv.conf will allow you to temporarily adjust DNS settings, these setting will typically be overwritten if you’re using DHCP to obtain an IP.  You must make an entry for the interface in the /etc/network/interfaces file.  It is also helpful to add the dns-search parameter as well.  E.G.:

auto eth0
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.2
dns-search mydomain.xx

The above example will set a static IP of 192.168.1.3 for the Linux host, and assumes that our Active Directory DNS server is 192.168.1.2.  Obviously, you must edit these settings to fit your environment.  The DNS server does not have to be an Active Directory DNS server, but it must be able to resolve the domain names and host names.  For instance, if your Linux host is on a private subnet, you might put in the gateway’s IP address, as the gateway will forward the packets upstream to an actual DNS server.

A reboot after adjusting network settings on Ubuntu is recommended.

Additionally, you will need either a Domain Admin or other Active Directory user that has access to add machines to an OU.

Install Required Packages

First, run apt-get update

This will ensure that you have the current package listings from the repository.

Next, install the following packages using apt-get install <package>samba, winbind, krb5-user, libpam-winbind

You may receive an error while attempting to install one or more of these packages and the installation will refuse to proceed.  I have only observed on existing servers, not on a clean install of 12.04LTS.  If this is the case, you may install the packages using aptitude install <package> .  At first the install will fail and it will prompt you to leave the packages uninstalled.  Type “N”.  The next message will ask you to downgrade a handful of packages to allow install.  Type “Y”.  This downgrade does not appear to affect the operation of your software and allows the necessary packages to be installed.

Editing Config Files

Add the following changes to /etc/samba/smb.conf in the [global] section.

workgroup = MYDOMAIN

password server = dc1.mydomian.xx dc2.mydomain.xx

realm = MYDOMAIN.XX

security = ads

idmap uid = 16777216-33554431

idmap gid = 16777216-33554431

template shell = /sbin/nologin

winbind use default domain = true

winbind offline logon = false

winbind enum users = yes

winbind enum groups = yes

client ntlmv2 auth = yes

client use spnego principal = no

Let’s talk about some of the important settings.

workgroup is the name of the domain without the top level domain.  If the domain is a tertiary domain, such as MY.DOMAIN.XX, then the workgroup would be MY

realm is the name of the Kerberos Realm for the domain.  This should be in all CAPS and contain the entire domain name.  Example:  MY.DOMAIN.XX or MYDOMAIN.XX

security is the setting that tells Samba to use Winbind.

Idmap uid/gid  can be any valid range of numbers.  Generally speaking, these number should be above 100k.

template shell is the setting which controls what shells active directory users will have when they try to log in via console of ssh.  /sbin/nologin will allow the users to access Samba shares, but otherwise not have permissions on the Linux system.

winbind use default domain is the setting which tells Samba to use only usernames for lookups.  If this is set to false, you would have to address AD accounts as myuser@mydomain.xx or mydomain\myuser.

client ntlmv2 auth enables Winbind and Samba to communicate using ntlmv2.  If you do not set this to yes, you won’t be able to join the domain.

Join the Active Directory Domain

Now that winbind is installed and Samba’s config file has been update, we should restart the smbd and winbind services.  service smbd restart && service winbind restart

Next, let’s generate a Kerberos ticket for our AD user.  kinit myadmin

You will be prompted for a password as follows:  Password for myadmin@MYDOMAIN.XX:

After entering the password, the command should complete with no output or errors.

Now that we have verified Kerberos is working by requesting a ticket, we can join the server to the domain using the net command as follows:  net ads join –U myadmin

At the prompt, enter your password.  You should see “Joined <Server Name> to realm ‘MYDOMAIN.XX’.  You will likely also see “No DNS domain configured for <servername>.  Unable to perform DNS Update.  DNS update failed!”  This is normal, and it just means that the DNS server was not updated with your ubuntu’s server A record.  That will have to be created manually by the DNS administrator, if desired (but not required for AD integration).

If our join was successful, we need to update a couple more things:  nss and pam.  Edit /etc/nsswitch.conf to enable winbind for passwd, group, and shadow services:

passwd: compat winbind

group: compat winbind

shadow: compat winbind

 

Now, we should be able to update our PAM configs automatically by running pam-auth-update This will open up a TUI screen (text user interface) and you can select Winbind NT/AD if not already selected and press OK.  This should update the requisite PAM files to enable winbind integration with PAM.

To check to make sure that everything is running as expected, run the command getent passwd myadmin and you should see an entry similar to one in /etc/passwd

in How-To, Ubuntu

, , ,

Connect to SQL Server with Python

0
by on July 5, 2013 at 2:23 pm

Recently I was tasked to rewrite some Perl cgi scripts.  My time is valuable to me, so I rewrote them in Python!  One of the functions of the cgi scripts was to connect to a Microsoft SQL Server 2008 r2 instance.  A quick glance at the perl scripts showed me we were using ODBC to connect to SQL Server.  After a few hours of reading online, I settled upon what I believe is the best method, using pyodbc.

pyodbc is an open source library for python, available at https://code.google.com/p/pyodbc/  Installation is pretty straight forward, but I will outline the steps here and help you connect to SQL Server as well.

(more…)

in How-To, Red Hat

, , , ,

Ad goes here

Centos 6 Apache Kerberos AD SSO

10
by on May 21, 2013 at 7:22 pm

I recently setup a RHEL / Centos 6 Apache websever at work that integrates with Active Directory (AD) and Kerberos for a single sign on (SSO) web resource.  This took me a lot more time than I thought it would, but that’s because the tutorials I was reading were either wrong, or didn’t apply to my situation.  I am outlining the steps I took below to help others who may wish to have a similar setup.

(more…)

in CentOS, How-To, Red Hat

, , , , , , ,

Start iptables in Debian Automatically

3
by on February 21, 2013 at 9:47 pm

If you are trying to make iptables survive a reboot in Debian Squeeze or Wheezy, you may find the following of use.  After you get your iptables all squared away, save them to a text file with the incredibly handy /sbin/iptables-save command:

/sbin/iptables-save > /root/iptables.saved

This will create a text file in the /root directory containing lines that will be parsed by iptables when used with the  iptables-restore command.

Next, add the following script to your system:

(more…)

in Debian, How-To

, , , ,

Ubuntu 10.04 rescue information

0
by on January 12, 2013 at 9:35 pm

I recently encountered a problematic server running Ubuntu 10.04 server.  The problem was simple, and so was the solution, but there were many hurdles in the way that, if you’re not familiar with them, will prevent you from accomplishing the task.  This should apply to later Ubuntu distros as well.

Scenario:  The server is a Dell, on the other side of the country.  You have only DRAC access, no ability to manipulate anything physically.  Somehow, the root password was changed, and now no one can log into the server remotely. (more…)

in Distros, How-To, Ubuntu

, , , ,

Debian Wheezy PXE server

2
by on January 1, 2013 at 4:47 pm

Creating a PXE boot server is both easy and useful.  PXE boot services allow an administrator to install or boot an operating system dynamically every time a machine is booted.  This method is especially useful for imaging multiple servers in an automated fashion.

I’m writing this entry to outline the steps necessary to create a Debian server that provides DHCP and PXE boot services of multiple to specific hosts on the same network.

Requirements:  Debian Wheezy or other compatible server with plenty of free space, and an additional server/computer on the same network (or virtual network) as the Debian server.  If you’re using something other than Debian Wheezy, I can’t assure you the packages will be the same and configured the same way.  This is Linux, after all.

(more…)

in Debian, How-To

, , , , , ,

Configuring CentOS 6 Web Server

29
by on May 9, 2012 at 7:07 pm

Centos 6 in 3DIn this article, I’m going to be outlining the steps to install and configure a complete web server on a base install of CentOS 6.  (Which should be compatible with Scientific Linux 6 as well as Red Hat Enterprise Linux 6)

I personally don’t prefer to install package groups relating to “LAMP” or similar during initial installation because I’m simply too lazy to review each and every package that is included in those groups, and what the dependencies are. By installing the required packages using yum, this allows you to install just the software you’re looking for, without worrying about dependencies. This software stack is time tested; we’ll install on CentOS’s latest release, and test a few popular applications while we’re at it!
(more…)

, , , , , , , , , , , , , , , ,

Ubuntu 12.04 Web Server

33
by on May 8, 2012 at 11:28 pm
Ubuntu MySQL php Apache

The Ubuntu Web Stack

In this article, I’m going to be outlining the steps to install and configure a complete web server on a base install of Ubuntu 12.04 LTS server edition.

I personally don’t prefer to install package groups relating to “LAMP” or similar during initial installation because I’m simply too lazy to review each and every package that is included in those groups, and what the dependencies are.  By installing the required packages using apt-get, this allows you to install just the software you’re looking for, without worrying about dependencies.  This software stack is time tested; we’ll install on Ubuntu’s latest release, and test a few popular applications while we’re at it!

(more…)

in Distros, How-To, Ubuntu

, , , , , , , ,

Categories