Tuesday, January 31, 2012

Debian Package Cache on Ubuntu 10.04

Package Caching

If you run multiple machines on a network, it makes sense to cache your package downloads. The bbacngclient package and apt-cacher-ng are used to facilitate this.

Choose a machine on your network to be your server. We prefer to use a CNAME to identify this machine e.g. debcache so we can move this service among machines without affecting clients.

$ sudo apt-get install apt-cacher-ng

You don't need to change anything but if you're interested, the manual for the configuration is available here.

That's it! Your server is ready.

To take advantage of your cache, you'll need to configure your client. You can install the bbacngclient with package source available here.

$ sudo apt-get install bbacngclient

You'll be asked for the name of your package cache server and the port (default 3142). It simply adds a proxy to /etc/apt/apt.conf.d/ in the form of 02proxy. If you run into any trouble with your cache server, you can simply remove this file.

NOTE: I haven't been able to find a way to support repositories that are on ports other than 80.

Wednesday, January 11, 2012

Bonding Network Interfaces on Ubuntu 10.04 LTS

From Ubuntu documentation.

Bonding is also called port trunking or link aggregation and it will let you combine several network ports to make a single group. This combines the bandwidth from several interfaces as a single connection.

Set up

$ sudo apt-get install ifenslave

This example bridges eth0 and eth1 together.

Modify /etc/network/interfaces as follows:
Then create /etc/modprobe.d/bonding.conf

You must now reboot the machine for the changes to take effect.

Tuesday, January 10, 2012

CUPS Printer Server on Ubuntu 10.04 LTS

Adding a Printer

Point your browser to your CUPS server on port 631 e.g. http://cups:631

This is an example for a Canon printer. Please consult documentation for your printer.

Click on Administration

Click on Add Printer

Select Other Network Printers - AppSocket/HP JetDirect

Choose type: socket://your-printer-ip:9100

Give your new printer a name. Note that to integrate with Samba, you'll have to use the same Samba Printer Share name as defined here:

for example from smb.conf

    comment = cups printer
    printer = CANON_C2030
    path = /var/spool/samba
    printable = yes
    guest ok = yes

Select the manufacturer of your printer.

Select the printer driver to use.

Click on Query Printer for Default Options.

You should see the following:

Samba with LDAP on Ubuntu 10.04 LTS

Windows Integration

The bbsamba package enables Windows clients to authenticate against the LDAP server we set up earlier.

The source code for the package is available here.

$ sudo apt-get install bbsamba

You'll be asked a series of questions about the layout of the samba files and shares:

path to netlogon scripts { /var/lib/samba/netlogon }: 
samba administrator email { sysadmin@lab.lan }: 
samba domain { LAB }: 
path to common samba shares { /opt/smb }: 
base distinguished name (dn) { dc=lab,dc=lan }: 
ldap uri for authentication { ldap:// }: 
netbios name { stemsrv01 }: 
machine relative distinguished name (rdn) { ou=Machines }: 
user relative distinguished name (rdn) { ou=Users }: 
ldap admin distinguished name (dn) { cn=djadmin,dc=lab,dc=lan }: 
parent folder for home folders { /home }: 
group relative distinguished name (rdn) { ou=Groups }: 
Please enter ldap root password:

The script will then attempt to create an administrator account for your Windows domain:

Creating the 'administrator' account for Samba. Please enter a password.
New SMB password:
Retype new SMB password:

You can verify that everything as worked by checking the administrator account:

$ groups administrator
administrator : domainusers domainadmins domainguests domainmachines

Creating New Users

At this point, you should create your new users with

$ smbpasswd -a {newuser}

LDAP Client on Ubuntu 10.04 LTS

LDAP Client

The bbldapclient package allows an Ubuntu 10.04 LTS machine to authenticate against an LDAP service.

Note that there is some repetition of parameters. This will be fixed in a future release.

The source code for this package is available here. This package also depends on bbldapscripts that is available here.

Be sure you have the ip address of the LDAP server your configured earlier.

You'll first be presented with an interactive session:

Enter your LDAP server ip address.
Next enter your basedn.
Choose LDAP version 3.
Make the local root a Database admin.
Don't require login.
Enter the LDAP root user.
Enter the password for the LDAP root user.

bbldapscripts Interactive Session

Unfortunately, you will now be prompted for overlapping details for bbldapscripts (this will be changed soon.) Portion will try to guess reasonable defaults for all of the questions.

ldap root distinguished name { cn=djadmin,dc=lab,dc=lan }: 
machines relative distinguished name { ou=Machines }: 
ldap server ip address { }: 
ldap base distinguished name { dc=lab,dc=lan }: 
groups relative distinguished name { ou=Groups }: 
ldap server port { 389 }: 
users relative distinguished name { ou=Users }: 
Please enter your ldap admin password:

PAM Configuration

You will then start another interactive session:

Do NOT override local changes.

bbldapclient Interactive Session

Finally, you'll be asked for the bbldapclient parameters. Again, Portion will attempt to guess reasonable defaults.

ldap server ip address { }: 
ldap root distinguished name { cn=djadmin,dc=lab,dc=lan }: 
ldap base distinguished name { dc=lab,dc=lan }: 
ldap server port { 389 }:

Test Installation

You're done. Let's create a sample user to ensure everything is working:

ubuntu@stemsrv01:~$ sudo ldapadduser esark employees
Successfully added user esark to LDAP
Successfully set password for user esark
Successfully created home directory for user esark
 * Restarting Name Service Cache Daemon nscd ... [ OK ] 

Now you should be able to query your new user:

ubuntu@stemsrv01:~$ groups esark
esark : employees


We need to eliminate the interactive sessions:

sudo DEBIAN_FRONTEND=noninteractive apt-get install bbldapclient -f -y --force-yes --quiet --yes

Monday, January 9, 2012

LDAP Services with OpenDJ on Ubuntu 10.04 LTS

OpenDJ Directory Server

We use the excellent OpenDJ directory server for LDAP services.

The Blackbox OpenDJ package configures an LDAP server for Ubuntu 10.04 LTS. Combined with an ldap client package, you'll be able to authenticate all of your services (Linux, Windows, Macintosh and web applications) against a central LDAP directory.

The source for this package is available here.

Begin with

$ sudo apt-get install bbopendj

You'll be asked a series of questions about your configuration:

ldap server port { 389 }: 
ldap admin port { 4444 }: 
ldap machine ip address { }: 
ldap secure port { 636 }: 
base distinguised name { dc=lab,dc=lan }: 
ldap server uri { ldap:// }: 
admin password { XXXXXX }: 
admin user name (RDN--do not include basedn) { cn=djadmin }: 
fully qualified domain { lab.lan }: 

You can stick with the defaults. After a brief pause (ca. 45 sec) your OpenDJ instances will be ready. To confirm, run the following:

$ ldapsearch -x

You should get a multipage dump of the contents of your directory:

# search result
search: 2
result: 0 Success

# numResponses: 16
# numEntries: 15

You now have a working LDAP server. You can restart the service with

$ sudo /etc/init.d/bbopendj restart