Difference between revisions of "Base Linux"

• Install the latest LTS from Ubuntu
• During Software Selection Make sure to select the OpenSSH server
• After the install is done update the repos and make sure all the apps are up to date.

sudo apt-get update && sudo apt-get upgrade

• Make sure you have a static IP set.

  cat /etc/network/interfaces

• Below is what the end of the file should look similar too. Please any Xs with correct information for this server. You may have to change DHCP to static
  • That includes the information to get DNS information from PSC DNSes servers.

iface ensXX inet static
        address 192.168.2.XXX
        netmask 255.255.255.0
        gateway 192.168.2.244
        dns-search psc.horizon.com pscnaturalfoods.com
        dns-nameservers 192.168.2.225 192.168.2.226 8.8.8.8

• If its not a VM its more likely using ethX You shouldn't need to change that part just the DHCP to static.

iface ethX inet static

Joining Domain

So the idea here, is to add the server to the domain. The point being you will be able to login using AD credentials.

• Its not really needed but its make it nice and unified. This would also give Horizon access. I used the instructions from http://www.kiloroot.com/add-ubuntu-14-04-server-or-desktop-to-microsoft-active-directory-domain-login-to-unity-with-domain-credentials/
  
• Now we need to install the software to link up to AD.

sudo apt-get install realmd sssd samba-common samba-common-bin samba-libs sssd-tools krb5-user adcli packagekit vim -y

• If you are prompted for the domain enter in all caps PSC.HORIZON.COM
• Next run sudo kinit -V USERNAME Replacing USERNAME with a domain admin account.
  • This should prompt for a password, enter the password. Which should return Authenticated to Kerberos v5
• From here we will now actually join the domain. sudo realm --verbose join -U USERNAME psc.horizon.com Replace USERNAME with the same domain admin account.
  • If this hangs on Resolving required packages then your packagekit is out of date and you need the one from proposed sub repo.
• You should have seen something like Joined 'HOSTNAME' to dns domain 'psc.horizon.com' following that run realm list and you should see psc.horizon.com in the output a few times
• Now we will want to id USERNAME@psc.horizon.com replace USERNAME with a user name to check that its working right.
• Assuming we don't every job blow user logging in run sudo realm deny -R psc.horizon.com -a
• And now we need to allow groups to log in. sudo realm permit -R psc.horizon.com -g Domain\ Admins LinuxAdmins
• We need to give sudo power to these groups. sudo nano /etc/sudoers
• Add the code section below to the end of the file **IMPORTANT** There must be a tab between the .com and ALL=

%domain\ admins@psc.horizon.com ALL=(ALL:ALL) ALL
%linuxadmins@psc.horizon.com ALL=(ALL:ALL) ALL

• We need new users to get Home directories so run sudo nano /etc/pam.d/common-session and add to the bottom session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

Proposed Repo for Joining Domain

• Run sudo nano /etc/apt/souces.listAdd to the bottom deb http://archive.ubuntu.com/ubuntu/ xenial-proposed restricted main multiverse universe
• Now run sudo nano /etc/apt/preferences.d/proposed-updates and add

Package: *
Pin: release a=xenial-proposed
Pin-Priority: 400

• And lastly run sudo apt-get install packagekit/xenial-proposed libpackagekit-glib2-16/xenial-proposed packagekit-backend-aptcc/xenial-proposed