Hello friends!. It is about making a network with several desktops with Ubuntu 12.04 Precise Pangolin, and the versatile server clearOS. In other words, a network with exclusively Free Software.
It is essential to read before:
- Introduction to a Network with Free Software (I): Presentation of ClearOS
We will see:
Example network
- Domain Controller, DNS, DHCP: ClearOS Enterprise 5.2sp1.
- Controller Name: centos
- Domain Name: friends.cu
- Controller IP: 10.10.10.60
- ---------------
- Ubuntu version: Ubuntu Desktop 12.04.2 Precise.
- Name of the team: need
- IP adress: Using DHCP
We prepare our Ubuntu
We modify the file /etc/lightdm/lightdm.conf to accept manual login, and we leave you with the following content:
[SeatDefaults] greeter-session = unity-greeter user-session = ubuntu greeter-show-manual-login = true greeter-hide-users = true allow-guest = false
After saving the changes, we restart the lightdm in a console invoked by Ctrl+Alt+F1 and in it we execute, after logging in, sudo service lightdm restart.
We configure the LDAP client
We must have the OpenLDAP server data at hand, which we obtain from the administration web interface in «Directory »->« Domain and LDAP«:
LDAP Base DN: dc = friends, dc = cu LDAP Bind DN: cn = manager, cn = internal, dc = friends, dc = cu LDAP Bind Password: kLGD + Mj + ZTWzkD8W
We install necessary packages:
sudo apt-get install ldap-auth-client finger
During the installation process they will ask us several questions, which we must answer correctly. The answers would be in the case of this example:
LDAP server Uniform Resource Identifier: ldap: //10.10.10.60 Distinguished name of the search base: dc = friends, dc = cu LDAP version to use: 3 Make local root Database admin: Yes Does the LDAP database require login? No LDAP account for root: cn = manager, cn = internal, dc = friends, dc = cu LDAP root account password: kLGD + Mj + ZTWzkD8W
If we are wrong in the previous answers, we execute:
dpkg-reconfigure ldap-auth-config
## Replies LDAP server Uniform Resource Identifier: ldap: //10.10.10.60 Distinguished name of the search base: dc = friends, dc = cu LDAP version to use: 3 Make local root Database admin: Yes Does the LDAP database require login? No LDAP account for root: cn = manager, cn = internal, dc = friends, dc = cu LDAP root account password: kLGD + Mj + ZTWzkD8W Local crypt to use when changing passwords: md5
We modify the file /etc/nsswitch.conf, and we leave it with the following content:
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference 'and` info' packages installed, try: # `info libc" Name Service Switch "'for information about this file. passwd: compat ldap group: compat ldap shadow: compat hosts: files mdns4_minimal [NOTFOUND = return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
We modify the file /etc/pam.d/common-session so that it automatically creates the user folders when logging in, in case they don't exist:
[----] session required pam_mkhomedir.so skel = / etc / skel / umask = 0022 ### The above line must be included BEFORE # here are the per-package modules (the "Primary" block) [----]
We run on a console, Just to Check, pam-auth-update:
We do checks:
: ~ $ finger strides Login: strides Name: Strides El Rey Directory: / home / strides Shell: / bin / bash Never logged in. No mail. No Plan. : ~ $ sudo getent passwd strides Strides: x: 1006: 63000: Strides El Rey: / home / strides: / bin / bash: ~ $ sudo getent passwd legolas legolas: x: 1004: 63000: Legolas The Elf: / home / legolas: / bin / bash
We restart our Ubuntu because the changes made are essential:
sudo reboot
After rebooting, we can log in with any user registered in ClearOS OpenLDAP. It may take time to log out when we end it for the first time.
We recommend that then the following is done:
- Make external users a member of the same groups that the local user created during the installation of our Ubuntu belongs to.
- Using the command visudo, executed as root, give the necessary execution permissions to external users.
- Create a bookmark with the address https://centos.amigos.cu:81/?user in Firefox, to have access to the personal page in ClearOS, and to be able, in addition to changing our password, modify or add data to our user profile.
- Install the OpenSSH-Server to be able to access our Ubuntu from another computer.
A few final questions to Ubuntu users:
- Why is it installed by default with the root user without password?
- Why in your Server version, by default, I can use aptitude or apt-get, while by default in your Desktop version, I can only use apt-get, and if I want to use aptitude should I install it?
- Why is AppArmor installed on by default? Red Hat and derivatives allow you to select Selinux enabled or not.
- Why don't you use the / etc / inittab file that is widely accepted by other GNU / Linux distributions and very comfortable when we need to implement a Remote Access Server?
And the activity is over for today, Friends !!!
You have made me curious to try it, until now I have only tried Zentyal.
PS: The "we'll see:" links don't work or they don't work for me.
Apparently, this blog is not very visited by Ubuntu users. 🙂
Well, Ubuntu users are mostly Windows users. hence the tremendous absence.
And by the way, good article.
Thanks for the company, Elio !!!. The truth is that with this level of reading, I think I will not try to repeat the experience again. And note that I repeat that I consider Ubuntu valid. We will see.
I will respond as a debian and ubuntu user since they both share a certain similarity far below:
1. root is disabled (if you don't have a password), you can activate it with passwd, or write sudo bash, which is something similar. Perhaps it is disabled for convenience reasons. When root exists, security is improved, with the disadvantage (and pro at the same time) that its generated files belong to it. Go explain to a newbie chmod (and the numbers), chgrp and chown so that normal users can share files with root. That is why sudo is used to prevent user frustration and sysadmin stress.
Even so, in the netinstall installations of debian as ubuntu you can choose, do you want to create root user? with identical results (sudo is not activated, edit / etc / sudoers).
2. for the same reason that synaptic or traceroute is no longer included. Some say that due to lack of space (at the time it was distributed in 700mb cds), others that few people (desktop) use them. I always remember to install all three.
3. SElinux and Apparmor are enabled or installed by default on distros such as fedora, centos and ubuntu. Returning to point 1, activating them can be a headache for the user or the sysadmin, but it gains security. In Ubuntu Apparmor is quite permissive. But the time I tried SElinux on Centos, it became very difficult for other users to enter and manage files through samba.
4. Sysvinit is already being replaced in several distros, and for quite a few years. Debian and Gentoo keep them, but RHEL, Fedora (systemd) or ubuntu (upstart) do not. In http://0pointer.de/blog/projects/why.html You can see other alternatives and why the change. Precisely systemd together with udev are responsible for the fact that eth0 is now called something similar to enp2s1 (I don't like it), old concepts are being abandoned.
Mario: Comments like yours are what we hope and are what is needed to clarify many. You have personally clarified some details for me. When I have used Ubuntu -little, except 8.04- I always put the password to root; I install aptitude and so on, as well as Synaptic in the latest versions. And it is true that old concepts are abandoned. The modernity. Thank you very much for comment !!!
no problem, they are those intelligent questions that make you search a lot in memory for concepts that I had almost forgotten (gentoo), greetings!
Well, I love using both Debian and Slackware and Arch. Although I must admit that the SystemD is a marvel at startups.
Thank you very much for the articles, I do not usually comment although I read almost all the articles and this seems very interesting, if I start a configuration like that at home :)
Greetings and thanks again.
Thank you for comment !!!.
a doubt, the applications are running on the client or on the LDAP server. I suppose that on the client, if not, I would have to oversize the server ... It's a little doubt
Read the main features of ClearOS in the previous article. It is not intended to be a classic application server. Rather, Infrastructure and Basic Network Services. Of course you can develop a web application based on Apache that you can install. And I personally don't recommend that kind of solution. I prefer to have one or more separate application servers.
Typically, applications run on the client side.
I don't know if the latest versions of ClearOS have a Thin Client server. It seems to me that it is not his philosophy.
Ok, I tried it many years ago when it was Clarkconnect ... and I think that as you say it is more of a network and infrastructure server. I will continue for the moment with my Zentyal ... and I will continue looking for the application server.
Your article is very interesting, I am an Ubuntu user, but lately I am starting to see something more technical, right now I have a somewhat old machine and I was thinking of something like that to get real benefit from it. Thank you, you have helped me on what to look for.
Our main objective is to assist in the use of the SWL. Hopefully and find some utility for the old machine from this post.
A question, do you have any tutorial on how to use a purchased domain (in this case on bluehost) with a dynamic ip to make it mount something similar with your own server?
regards