Testinstall: Unterschied zwischen den Versionen

Aus Vosp.info
Wechseln zu:Navigation, Suche
(tftp für PXE-Boot)
(smb.conf)
 
(16 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
Zurück zu [[LXC auf Ubuntu 14.04-2 LTS]]
 
Zurück zu [[LXC auf Ubuntu 14.04-2 LTS]]
 +
== Was soll es werden ==
 +
* DHCP-Server
 +
* Nameserver
 +
* Router mit Masquerading
 +
** bedeutet: zwei Netzwerkkarten
 +
* tftpd-Server
 +
* Samba-Server
 +
* Ct startet automatisch
 +
 
== Netzwerkschnittstellen ==
 
== Netzwerkschnittstellen ==
 
  vim /etc/network/interfaces
 
  vim /etc/network/interfaces
Zeile 63: Zeile 72:
 
  sysctl -p
 
  sysctl -p
 
== tftp für PXE-Boot ==
 
== tftp für PXE-Boot ==
 +
vim /etc/dhcp/dhcpd.conf
 +
 +
next-server 10.78.20.10;
 +
filename "linux/pxelinux.0";
 +
 +
systemctl restart isc-dhcp-server.service
 +
 
  apt-get install tftpd-hpa
 
  apt-get install tftpd-hpa
  
Zeile 72: Zeile 88:
 
  TFTP_ADDRESS="10.78.20.10:69"
 
  TFTP_ADDRESS="10.78.20.10:69"
  
 +
mkdir /srv/tftp/linux
 +
 +
Zum schnellen testen
 
  wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz
 
  wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz
  
Zeile 82: Zeile 101:
 
  chgrp -R nogroup *
 
  chgrp -R nogroup *
  
== Erstmal weglassen ==
+
Client mit PXE als Bootdevice starten
  apt-get install syslinux
+
== Autostart ==
 +
vim /var/lib/lxc/<CT-Name>/config
 +
 
 +
lxc.start.auto = 1 => Autostart
 +
lxc.start.delay = 5 => Startverzögerung
 +
 
 +
== Home nach /local verlegen ==
 +
mkdir -p /local/home
 +
rm -r /home
 +
ln -s /local/home /home
 +
 
 +
== Samba ==
 +
Installiert wir Version 4
 +
  apt-get install samba cups
 +
 
 +
<span style="color:#FF0000">Wichtig:</span>Für einen Stand alone PDC '''winbind''' abschalten, wird mit cifs-tools installiert.
 +
systemctl disable winbind.service
 +
systemctl stop winbind.service
 +
=== smb.conf ===
 +
vim /etc/samba/smb.conf
 +
 
 +
[global]
 +
    workgroup = jess4classic
 +
    wins support = yes
 +
    dns proxy = no
 +
    interfaces =  eth1
 +
    bind interfaces only = yes
 +
    log file = /var/log/samba/log.all
 +
    max log size = 1000
 +
    syslog = 0
 +
    panic action = /usr/share/samba/panic-action %d
 +
    server role = classic primary domain controller
 +
    passdb backend = tdbsam
 +
    obey pam restrictions = yes
 +
    unix password sync = no
 +
    map to guest = bad user
 +
    logon path = \\%N\profiles\%a\%U
 +
    domain logons = yes
 +
    domain master = yes
 +
    local master = yes
 +
    logon drive = H:
 +
    logon home = \\%N\%U
 +
    logon script = netlogon.cmd
 +
    add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
 +
[homes]
 +
    comment = Home Directories
 +
    browseable = no
 +
    read only = no
 +
    create mask = 0700
 +
    directory mask = 0700
 +
    valid users = %S
 +
[netlogon]
 +
  comment = Network Logon Service
 +
    path = /local/samba/netlogon
 +
    guest ok = yes
 +
    read only = yes
 +
    write list = @ntadmin
 +
[profiles]
 +
    comment = Users profiles
 +
    path = /local/samba/profiles
 +
    guest ok = no
 +
    browseable = yes
 +
    create mask = 0600
 +
    directory mask = 0700
 +
    read only = no
 +
[printers]
 +
    comment = All Printers
 +
    browseable = no
 +
    path = /var/spool/samba
 +
    printable = yes
 +
    guest ok = no
 +
    read only = yes
 +
    create mask = 0700
 +
[print$]
 +
    comment = Printer Drivers
 +
    path = /var/lib/samba/printers
 +
    browseable = yes
 +
    read only = yes
 +
    guest ok = no
 +
    write list = root, @lpadmin
 +
[fuer_alle]
 +
    comment = Netzlaufwerk fuer alle
 +
    path = /local/samba/shares/fuer_alle
 +
    browseable = no
 +
    read only = no
 +
    create mask = 0666
 +
    directory mask = 0777
 +
=== Verzeichnisse gemäß der smb.conf anlegen ===
 +
mkdir /local/samba
 +
cd /local/samb
 +
mkdir -p netlogon profiles shares/fuer_alle
 +
chmod 777 shares/fuer_alle/
 +
Für Vista, Win7
 +
mkdir /local/samba/profiles/Vista
 +
chmod 1777 /local/samba/profiles/Vista
 +
 
 +
=== User anlegen ===
 +
==== Domain Admin ====
 +
Kann Maschinen in die Domain holen und ist auf allem Maschinen '''root'''
 +
groupadd ntadmin
 +
 
 +
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d
 +
 
 +
adduser domadmin
 +
smbpasswd -a domadmin
 +
addgroup domadmin ntadmin
 +
==== Domain User ====
 +
 
 +
adduser domuser
 +
smbpasswd -a domuser

Aktuelle Version vom 15. März 2015, 13:34 Uhr

Zurück zu LXC auf Ubuntu 14.04-2 LTS

Was soll es werden

  • DHCP-Server
  • Nameserver
  • Router mit Masquerading
    • bedeutet: zwei Netzwerkkarten
  • tftpd-Server
  • Samba-Server
  • Ct startet automatisch

Netzwerkschnittstellen

vim /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

# Ergänzung für eth1 (output interface)
auto eth1
iface eth1 inet static
        address 10.78.20.10
        netmask 255.255.255.0
systemctl restart networking.service

DHCP-Server

apt-get install isc-dhcp-server
vim /etc/default/isc-dhcp-server

Ersetze

INTERFACES=""

gegen

INTERFACES="eth1"
vim /etc/dhcp/dhcpd.conf


ddns-update-style none;
option domain-name "test.local";
option domain-name-servers 10.78.20.10;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;


subnet 10.78.20.0 netmask 255.255.255.0 {
  range 10.78.20.100 10.78.20.200;
  option routers 10.78.20.10;
}
systemctl restart isc-dhcp-server.service

Nameserver

apt-get install bind9

Für Tests (z.B. dig)

apt-get install dnsutils

Masquerading per Firewall

apt-get install iptables
vim /etc/rc.local

Einfügen vor exit 0

iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Forwarding

vim /etc/sysctl.conf

Ersetze

#net.ipv4.ip_forward=1

durch

net.ipv4.ip_forward=1

Aktivieren

sysctl -p

tftp für PXE-Boot

vim /etc/dhcp/dhcpd.conf

next-server 10.78.20.10;
filename "linux/pxelinux.0";
systemctl restart isc-dhcp-server.service
apt-get install tftpd-hpa
vim /etc/default/tftp-hpa

Ändern von

TFTP_ADDRESS="0.0.0.0:69"

in

TFTP_ADDRESS="10.78.20.10:69"
mkdir /srv/tftp/linux

Zum schnellen testen

wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz
mv netboot.tar.gz /srv/tftp/linux/
cd /srv/tftp/linux
tar xf netboot.tar.gz
chgrp -R nogroup *

Client mit PXE als Bootdevice starten

Autostart

vim /var/lib/lxc/<CT-Name>/config
lxc.start.auto = 1 => Autostart
lxc.start.delay = 5 => Startverzögerung

Home nach /local verlegen

mkdir -p /local/home
rm -r /home
ln -s /local/home /home

Samba

Installiert wir Version 4

apt-get install samba cups

Wichtig:Für einen Stand alone PDC winbind abschalten, wird mit cifs-tools installiert.

systemctl disable winbind.service
systemctl stop winbind.service

smb.conf

vim /etc/samba/smb.conf
[global]
   workgroup = jess4classic 
   wins support = yes 
   dns proxy = no
   interfaces =  eth1
   bind interfaces only = yes
   log file = /var/log/samba/log.all
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = classic primary domain controller 
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = no
   map to guest = bad user
   logon path = \\%N\profiles\%a\%U
   domain logons = yes
   domain master = yes
   local master = yes
   logon drive = H:
   logon home = \\%N\%U
   logon script = netlogon.cmd
   add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
[homes]
   comment = Home Directories
   browseable = no
   read only = no 
   create mask = 0700
   directory mask = 0700
   valid users = %S
[netlogon]
  comment = Network Logon Service
   path = /local/samba/netlogon
   guest ok = yes
   read only = yes
   write list = @ntadmin
[profiles]
   comment = Users profiles
   path = /local/samba/profiles
   guest ok = no
   browseable = yes
   create mask = 0600
   directory mask = 0700
   read only = no
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
   write list = root, @lpadmin
[fuer_alle]
   comment = Netzlaufwerk fuer alle
   path = /local/samba/shares/fuer_alle
   browseable = no
   read only = no
   create mask = 0666
   directory mask = 0777

Verzeichnisse gemäß der smb.conf anlegen

mkdir /local/samba
cd /local/samb
mkdir -p netlogon profiles shares/fuer_alle
chmod 777 shares/fuer_alle/

Für Vista, Win7

mkdir /local/samba/profiles/Vista
chmod 1777 /local/samba/profiles/Vista

User anlegen

Domain Admin

Kann Maschinen in die Domain holen und ist auf allem Maschinen root

groupadd ntadmin
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d
adduser domadmin
smbpasswd -a domadmin
addgroup domadmin ntadmin

Domain User

adduser domuser
smbpasswd -a domuser