Testinstall: Unterschied zwischen den Versionen
Aus Vosp.info
HK (Diskussion | Beiträge) (→tftp) |
HK (Diskussion | Beiträge) (→smb.conf) |
||
(18 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
Zurück zu [[LXC auf Ubuntu 14.04-2 LTS]] | Zurück zu [[LXC auf Ubuntu 14.04-2 LTS]] | ||
+ | == Was soll es werden == | ||
+ | * DHCP-Server | ||
+ | * Nameserver | ||
+ | * Router mit Masquerading | ||
+ | ** bedeutet: zwei Netzwerkkarten | ||
+ | * tftpd-Server | ||
+ | * Samba-Server | ||
+ | * Ct startet automatisch | ||
+ | |||
== Netzwerkschnittstellen == | == Netzwerkschnittstellen == | ||
vim /etc/network/interfaces | vim /etc/network/interfaces | ||
Zeile 63: | Zeile 72: | ||
sysctl -p | sysctl -p | ||
== tftp für PXE-Boot == | == tftp für PXE-Boot == | ||
+ | vim /etc/dhcp/dhcpd.conf | ||
+ | |||
+ | next-server 10.78.20.10; | ||
+ | filename "linux/pxelinux.0"; | ||
+ | |||
+ | systemctl restart isc-dhcp-server.service | ||
+ | |||
apt-get install tftpd-hpa | apt-get install tftpd-hpa | ||
Zeile 72: | Zeile 88: | ||
TFTP_ADDRESS="10.78.20.10:69" | TFTP_ADDRESS="10.78.20.10:69" | ||
− | apt-get install | + | mkdir /srv/tftp/linux |
+ | |||
+ | Zum schnellen testen | ||
+ | wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz | ||
+ | |||
+ | mv netboot.tar.gz /srv/tftp/linux/ | ||
+ | |||
+ | cd /srv/tftp/linux | ||
+ | |||
+ | tar xf netboot.tar.gz | ||
+ | |||
+ | chgrp -R nogroup * | ||
+ | |||
+ | Client mit PXE als Bootdevice starten | ||
+ | == Autostart == | ||
+ | vim /var/lib/lxc/<CT-Name>/config | ||
+ | |||
+ | lxc.start.auto = 1 => Autostart | ||
+ | lxc.start.delay = 5 => Startverzögerung | ||
+ | |||
+ | == Home nach /local verlegen == | ||
+ | mkdir -p /local/home | ||
+ | rm -r /home | ||
+ | ln -s /local/home /home | ||
+ | |||
+ | == Samba == | ||
+ | Installiert wir Version 4 | ||
+ | apt-get install samba cups | ||
+ | |||
+ | <span style="color:#FF0000">Wichtig:</span>Für einen Stand alone PDC '''winbind''' abschalten, wird mit cifs-tools installiert. | ||
+ | systemctl disable winbind.service | ||
+ | systemctl stop winbind.service | ||
+ | === smb.conf === | ||
+ | vim /etc/samba/smb.conf | ||
+ | |||
+ | [global] | ||
+ | workgroup = jess4classic | ||
+ | wins support = yes | ||
+ | dns proxy = no | ||
+ | interfaces = eth1 | ||
+ | bind interfaces only = yes | ||
+ | log file = /var/log/samba/log.all | ||
+ | max log size = 1000 | ||
+ | syslog = 0 | ||
+ | panic action = /usr/share/samba/panic-action %d | ||
+ | server role = classic primary domain controller | ||
+ | passdb backend = tdbsam | ||
+ | obey pam restrictions = yes | ||
+ | unix password sync = no | ||
+ | map to guest = bad user | ||
+ | logon path = \\%N\profiles\%a\%U | ||
+ | domain logons = yes | ||
+ | domain master = yes | ||
+ | local master = yes | ||
+ | logon drive = H: | ||
+ | logon home = \\%N\%U | ||
+ | logon script = netlogon.cmd | ||
+ | add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u | ||
+ | [homes] | ||
+ | comment = Home Directories | ||
+ | browseable = no | ||
+ | read only = no | ||
+ | create mask = 0700 | ||
+ | directory mask = 0700 | ||
+ | valid users = %S | ||
+ | [netlogon] | ||
+ | comment = Network Logon Service | ||
+ | path = /local/samba/netlogon | ||
+ | guest ok = yes | ||
+ | read only = yes | ||
+ | write list = @ntadmin | ||
+ | [profiles] | ||
+ | comment = Users profiles | ||
+ | path = /local/samba/profiles | ||
+ | guest ok = no | ||
+ | browseable = yes | ||
+ | create mask = 0600 | ||
+ | directory mask = 0700 | ||
+ | read only = no | ||
+ | [printers] | ||
+ | comment = All Printers | ||
+ | browseable = no | ||
+ | path = /var/spool/samba | ||
+ | printable = yes | ||
+ | guest ok = no | ||
+ | read only = yes | ||
+ | create mask = 0700 | ||
+ | [print$] | ||
+ | comment = Printer Drivers | ||
+ | path = /var/lib/samba/printers | ||
+ | browseable = yes | ||
+ | read only = yes | ||
+ | guest ok = no | ||
+ | write list = root, @lpadmin | ||
+ | [fuer_alle] | ||
+ | comment = Netzlaufwerk fuer alle | ||
+ | path = /local/samba/shares/fuer_alle | ||
+ | browseable = no | ||
+ | read only = no | ||
+ | create mask = 0666 | ||
+ | directory mask = 0777 | ||
+ | === Verzeichnisse gemäß der smb.conf anlegen === | ||
+ | mkdir /local/samba | ||
+ | cd /local/samb | ||
+ | mkdir -p netlogon profiles shares/fuer_alle | ||
+ | chmod 777 shares/fuer_alle/ | ||
+ | Für Vista, Win7 | ||
+ | mkdir /local/samba/profiles/Vista | ||
+ | chmod 1777 /local/samba/profiles/Vista | ||
+ | |||
+ | === User anlegen === | ||
+ | ==== Domain Admin ==== | ||
+ | Kann Maschinen in die Domain holen und ist auf allem Maschinen '''root''' | ||
+ | groupadd ntadmin | ||
+ | |||
+ | net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d | ||
+ | |||
+ | adduser domadmin | ||
+ | smbpasswd -a domadmin | ||
+ | addgroup domadmin ntadmin | ||
+ | ==== Domain User ==== | ||
+ | |||
+ | adduser domuser | ||
+ | smbpasswd -a domuser |
Aktuelle Version vom 15. März 2015, 13:34 Uhr
Zurück zu LXC auf Ubuntu 14.04-2 LTS
Inhaltsverzeichnis
Was soll es werden
- DHCP-Server
- Nameserver
- Router mit Masquerading
- bedeutet: zwei Netzwerkkarten
- tftpd-Server
- Samba-Server
- Ct startet automatisch
Netzwerkschnittstellen
vim /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp # Ergänzung für eth1 (output interface) auto eth1 iface eth1 inet static address 10.78.20.10 netmask 255.255.255.0
systemctl restart networking.service
DHCP-Server
apt-get install isc-dhcp-server
vim /etc/default/isc-dhcp-server
Ersetze
INTERFACES=""
gegen
INTERFACES="eth1"
vim /etc/dhcp/dhcpd.conf
ddns-update-style none; option domain-name "test.local"; option domain-name-servers 10.78.20.10; default-lease-time 600; max-lease-time 7200; log-facility local7; subnet 10.78.20.0 netmask 255.255.255.0 { range 10.78.20.100 10.78.20.200; option routers 10.78.20.10; }
systemctl restart isc-dhcp-server.service
Nameserver
apt-get install bind9
Für Tests (z.B. dig)
apt-get install dnsutils
Masquerading per Firewall
apt-get install iptables
vim /etc/rc.local
Einfügen vor exit 0
iptables -t nat -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Forwarding
vim /etc/sysctl.conf
Ersetze
#net.ipv4.ip_forward=1
durch
net.ipv4.ip_forward=1
Aktivieren
sysctl -p
tftp für PXE-Boot
vim /etc/dhcp/dhcpd.conf next-server 10.78.20.10; filename "linux/pxelinux.0";
systemctl restart isc-dhcp-server.service
apt-get install tftpd-hpa
vim /etc/default/tftp-hpa
Ändern von
TFTP_ADDRESS="0.0.0.0:69"
in
TFTP_ADDRESS="10.78.20.10:69"
mkdir /srv/tftp/linux
Zum schnellen testen
wget http://ftp.nl.debian.org/debian/dists/jessie/main/installer-i386/current/images/netboot/netboot.tar.gz
mv netboot.tar.gz /srv/tftp/linux/
cd /srv/tftp/linux
tar xf netboot.tar.gz
chgrp -R nogroup *
Client mit PXE als Bootdevice starten
Autostart
vim /var/lib/lxc/<CT-Name>/config
lxc.start.auto = 1 => Autostart lxc.start.delay = 5 => Startverzögerung
Home nach /local verlegen
mkdir -p /local/home rm -r /home ln -s /local/home /home
Samba
Installiert wir Version 4
apt-get install samba cups
Wichtig:Für einen Stand alone PDC winbind abschalten, wird mit cifs-tools installiert.
systemctl disable winbind.service systemctl stop winbind.service
smb.conf
vim /etc/samba/smb.conf
[global] workgroup = jess4classic wins support = yes dns proxy = no interfaces = eth1 bind interfaces only = yes log file = /var/log/samba/log.all max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = classic primary domain controller passdb backend = tdbsam obey pam restrictions = yes unix password sync = no map to guest = bad user logon path = \\%N\profiles\%a\%U domain logons = yes domain master = yes local master = yes logon drive = H: logon home = \\%N\%U logon script = netlogon.cmd add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u [homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %S [netlogon] comment = Network Logon Service path = /local/samba/netlogon guest ok = yes read only = yes write list = @ntadmin [profiles] comment = Users profiles path = /local/samba/profiles guest ok = no browseable = yes create mask = 0600 directory mask = 0700 read only = no [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no write list = root, @lpadmin [fuer_alle] comment = Netzlaufwerk fuer alle path = /local/samba/shares/fuer_alle browseable = no read only = no create mask = 0666 directory mask = 0777
Verzeichnisse gemäß der smb.conf anlegen
mkdir /local/samba cd /local/samb mkdir -p netlogon profiles shares/fuer_alle chmod 777 shares/fuer_alle/
Für Vista, Win7
mkdir /local/samba/profiles/Vista chmod 1777 /local/samba/profiles/Vista
User anlegen
Domain Admin
Kann Maschinen in die Domain holen und ist auf allem Maschinen root
groupadd ntadmin
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d
adduser domadmin smbpasswd -a domadmin addgroup domadmin ntadmin
Domain User
adduser domuser smbpasswd -a domuser