Home

Linux Workstation Setup Procedure

Mon, 01/17/2011 - 16:38 — Luke Scharf

Steps to build an Ubuntu Linux client:

  1. Install Ubuntu 10.4 (or later).
    1. The default account should be called "Chef".  See Luke in person for the password.
  2. Trivia
    1. Configure display drivers and monitors.  Use restricted drivers, if necessary.  (Log in, go to the "System" menu, "Preferences", "Monitors".)
    2. Move the Chef account's home directory
      1. Make sure that chef is logged completely out of the machine.
      2. Log in on one of the text consoles (ctrl+alt+F1) as chef.
      3. sudu su -
      4. mv /home/chef /
      5. vi /etc/passwd and change /home/chef to /chef
      6. Test chef's ability to login on another text console (ctrl+alt+F2)
      7. Log out all of the way on both text consoles
    3. Disable the login userlist, since it doesn't show the ldap users:
      sudo -u gdm gconftool-2 --set --type boolean /apps/gdm/simple-greeter/disable_user_list true
    4. Set ~root/.forward and ~chef/.forward to lscharf@illinois.edu (potentially fablab-it@listserv.illinois.edu in the future).
  3. Configure Authentication
    1. sudo apt-get install ldap-utils ldap-auth-client libpam-krb5 krb5-user libsasl2-2 libsasl2-modules libsasl2-modules-gssapi-mit
    2. In the "ldap-auth-config" dialogs, set the following values:
      LDAP Server URI: ldaps://papadell.cucfablab.org
      Distinguished name of the search base: dc=cucfablab,dc=org
      LDAP vresion to use: 3
      Make local root Database admin: No
      Does the LDAP database require login? Yes
      Unpriveleged database user: cn=proxyuser,ou=Users,dc=cucfablab,dc=org
      Password for database login account: Get from Luke
      Note: Dialog can be accessed later via "dpkg-reconfigure ldap-auth-config"
    3. In the "Configuring Kerberos Authentication" dialogs, set the following values:
      Default Kerberos version 5 realm: CUCFABLAB.ORG
      Kerberos servers for your realm: papadell.cucfablab.org
      Administrative server for your Kerberos realm: papadell.cucfablab.org
    4. Edit /etc/ldap.conf and make it look like this: 
      base dc=cucfablab,dc=org
      uri ldaps://papadell.cucfablab.org
      ldap_version 3
      binddn cn=proxyuser,ou=Users,dc=cucfablab,dc=org
      bindpw XXXXXXXX
      bind_policy soft
      pam_password clear
      nss_base_passwd	ou=Users,dc=cucfablab,dc=org?one
      nss_base_group	ou=Groups,dc=cucfablab,dc=org?one
      nss_initgroups_ignoreusers avahi,backup,bin,daemon,games,gnats,irc,libuuid,list,lp,mail,man,messagebus,news,ntp,proxy,root,sshd,statd,sync,sys,syslog,uucp,www-data
    5. Edit /etc/ldap/ldap.conf and make it look like this: 
      BASE	dc=cucfablab,dc=org
      URI	ldaps://papadell.cucfablab.org
      TLS_REQCERT never
    6. Edit /etc/nsswitch.conf and make it look like this: 
      passwd: files ldap
      group: files ldap
      shadow: files ldap
      hosts:          files dns
      networks:       files
      protocols:      db files
      services:       db files
      ethers:         db files
      rpc:            db files
      netgroup: files ldap
  4. Configure Storage
    1. Reference: https://help.ubuntu.com/community/NFSv4Howto
    2. apt-get install nfs-common nfs-client
    3. Edit /etc/default/nfs-common and set the following lines:
      NEED_IDMAPD=yes
      NEED_GSSD=yes
    4. Add the following line to fstab: 
      papadell.cucfablab.org:/fablab /fablab nfs4 proto=tcp,port=2049 0 0
      papadell.cucfablab.org:/home /home nfs4 proto=tcp,port=2049 0 0
    5. mount -av
  5. Update & Install apps
up