Testinstall
Aus Vosp.info
(Weitergeleitet von OPSI-Testinstall)
Zurück zu LXC auf Ubuntu 14.04-2 LTS
Inhaltsverzeichnis
Was soll es werden
- DHCP-Server
- Nameserver
- Router mit Masquerading
- bedeutet: zwei Netzwerkkarten
- tftpd-Server
- Samba-Server
- Ct startet automatisch
Netzwerkschnittstellen
vim /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp # Ergänzung für eth1 (output interface) auto eth1 iface eth1 inet static address 10.78.20.10 netmask 255.255.255.0
systemctl restart networking.service
DHCP-Server
apt-get install isc-dhcp-server
vim /etc/default/isc-dhcp-server
Ersetze
INTERFACES=""
gegen
INTERFACES="eth1"
vim /etc/dhcp/dhcpd.conf
ddns-update-style none; option domain-name "test.local"; option domain-name-servers 10.78.20.10; default-lease-time 600; max-lease-time 7200; log-facility local7; subnet 10.78.20.0 netmask 255.255.255.0 { range 10.78.20.100 10.78.20.200; option routers 10.78.20.10; }
systemctl restart isc-dhcp-server.service
Nameserver
apt-get install bind9
Für Tests (z.B. dig)
apt-get install dnsutils
Masquerading per Firewall
apt-get install iptables
vim /etc/rc.local
Einfügen vor exit 0
iptables -t nat -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Forwarding
vim /etc/sysctl.conf
Ersetze
#net.ipv4.ip_forward=1
durch
net.ipv4.ip_forward=1
Aktivieren
sysctl -p
tftp für PXE-Boot
vim /etc/dhcp/dhcpd.conf next-server 10.78.20.10; filename "linux/pxelinux.0";
systemctl restart isc-dhcp-server.service
apt-get install tftpd-hpa
vim /etc/default/tftp-hpa
Ändern von
TFTP_ADDRESS="0.0.0.0:69"
in
TFTP_ADDRESS="10.78.20.10:69"
mkdir /srv/tftp/linux
Zum schnellen testen
wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz
mv netboot.tar.gz /srv/tftp/linux/
cd /srv/tftp/linux
tar xf netboot.tar.gz
chgrp -R nogroup *
Client mit PXE als Bootdevice starten
Autostart
vim /var/lib/lxc/<CT-Name>/config
lxc.start.auto = 1 => Autostart lxc.start.delay = 5 => Startverzögerung
Home nach /local verlegen
mkdir -p /local/home rm -r /home ln -s /local/home /home
Samba
Installiert wir Version 4
apt-get install samba cups
Wichtig:Für einen Stand alone PDC winbind abschalten, wird mit cifs-tools installiert.
systemctl disable winbind.service systemctl stop winbind.service
smb.conf
vim /etc/samba/smb.conf
[global] workgroup = jess4classic wins support = yes dns proxy = no interfaces = eth1 bind interfaces only = yes log file = /var/log/samba/log.all max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = classic primary domain controller passdb backend = tdbsam obey pam restrictions = yes unix password sync = no map to guest = bad user logon path = \\%N\profiles\%a\%U domain logons = yes domain master = yes local master = yes logon drive = H: logon home = \\%N\%U logon script = netlogon.cmd add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u [homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %S [netlogon] comment = Network Logon Service path = /local/samba/netlogon guest ok = yes read only = yes write list = @ntadmin [profiles] comment = Users profiles path = /local/samba/profiles guest ok = no browseable = yes create mask = 0600 directory mask = 0700 read only = no [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = root, @lpadmin [fuer_alle] comment = Netzlaufwerk fuer alle path = /local/samba/shares/fuer_alle browseable = no read only = no create mask = 0666 directory mask = 0777
Verzeichnisse gemäß der smb.conf anlegen
mkdir /local/samba cd /local/samb mkdir -p netlogon profiles shares/fuer_alle chmod 777 shares/fuer_alle/
Für Vista, Win7
mkdir /local/samba/profiles/Vista chmod 1777 /local/samba/profiles/Vista
User anlegen
Domain Admin
Kann Maschinen in die Domain holen und ist auf allem Maschinen root
groupadd ntadmin
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d
adduser domadmin smbpasswd -a domadmin addgroup domadmin ntadmin
Domain User
adduser domuser smbpasswd -a domuser