we have had a second catastrophic outage of our storage array which, once again, has taken Studentnet with it. However, going from my previous blog post has allowed me to get this up and running fairly quickly. In the process, I found some addendums that I would make to the original – but rather than edit it in, I thought it would be better to make a new post to explain the differences. Plus, I found a much quicker way to get it up and running..
Change 1: Install Linux as a LAMP server
This is really simple. Lots of things will get installed by default here; the pear, php and mysql modules all get installed with this. Selecting this and OpenSSH is all I did this time around. Straight afterward this, all that needs to be done is the original step of altering /etc/apache2/mods-enabled/dir.conf to push index.php to the start as well as an apt-get update and upgrade
Change 2: Powerbroker/Likewise installation
This time around, I used pbis 8.2, rather than 7.5. apt-get install pbis-open doesn’t work – so we need to get it from Beyondtrust’s download site manually. Over at http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True can be found the latest version for a given distribution; for Ubuntu, currently, this is currently located at http://download.beyondtrust.com/PBISO/8.2.1/linux.deb.x64/pbis-open-8.2.1.2979.linux.x86_64.deb.sh which uses the Debian release.
The following commands are how I got this working:
cd /tmp //Make a temporary directory wget http://download.beyondtrust.com/PBISO/8.2.1/linux.deb.x64/pbis-open-8.2.1.2979.linux.x86_64.deb.sh //Download to this directory sudo chmod +x pbis-open-8.2.1.2979.linux.x86_64.deb.sh //Give execution permission for this file sudo ./pbis-open-8.2.1.2979.linux.x86_64.deb.sh //Run the installer. Dont select legacy links, dont need it, and select yes to install now sudo domainjoin-cli join --ou "OU=ComputerFolder,DC=company,DC=co,DC=uk" company.co.uk myaccount //The account "myaccount" has to be able to join the domain. You'll be prompted to enter a password.
After this, the server can now accept domain logins. The only other thing to do now is to add in some AD configuration, for things like the prefix for the domain (so users don’t have to type their username@domain.. they only need to type username) as well as where their home directory is located. The following lines add entries to the PBIS configuration:
sudo /opt/pbis/bin/config UserDomainPrefix MYDOMAIN sudo /opt/pbis/bin/config AssumeDefaultDomain true sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U sudo /opt/pbis/bin/config RequireMembershipOf "MYDOMAIN\\students" "MYDOMAIN\\staff" "UOB\\TechStaff" sudo /opt/pbis/bin/config HomeDirUmask 072
Change 3: Quick permissions changes
The only next thing to do now is to ensure that “TechStaff” are able to act as admins. We can do this by adding the following, somewhere in the sudoers file (nano /etc/sudoers):
%TechStaff ALL=(ALL:ALL) ALL
TechStaff users can now do everything. Now, for the web server part, we set home directories to be only changed by their owners (and read by anyone in the group and executed by anyone else) already, but we need to change one small thing in the apache2 user directory config after making sure we have run a2enmod userdir – Inside /etc/apache2/mods-enabled/userdir.conf , the line /home/*/public_html needs to be changed to /home/domain/*/public_html – which is specified in the HomeDirTemplate above (home/domain/user – %H/%D/%D). The next line, AllowOverride, should just say All after it, too.
After restarting apache2, everything should work alright, as before. PBIS was a lot easier to install and join the domain with this time around and with the LAMP installation automated, everything was just a lot quicker to get running.
No comments:
Post a Comment