Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I'm trying to deploy an easier way to configure my computers.
I'm using an Ubuntu Server as DHCP and tftp server to manage PXE installations.
I find help with ubuntu netboot and with ubuntu PXE install server
Everything is fine until my menu on my futur well installed computer.
It tries to connect to ubuntu mirrors.. It's a huge problem because it doesn't have internet connection !
I've mount an image of Ubuntu Trusty on my Ubuntu Server (thank to Apache) and my link is available.
Here is my code
DEFAULT vesamenu.c32
timeout 100
display boot.msg
menu background splash.png
menu title Welcome to my awesome installer
label Install new computer
kernel ubuntu-installer/amd64/linux
append ks=http://ip.local.server/ks.cfg vga=normal initird=ubuntu-installer/amd64/initrd.gz
When I make my decision to select "Install new computer" it seems working but finally the installer installs network tools (configure ip v4, searched dhcp, configured ip v6) and fail when try to connect to Ubuntu mirror. But I don't want it to connect to mirrors because files are already downloaded on my Ubuntu Server (http://ip.local.server/ubuntu-trusty).
It didn't seems to understand that my ks.cfg is here (http://ip.local.server/ks.cfg).
ks.cfg:
#Generated by Kickstart Configurator
#platform=x86
#Install OS instead of upgrade
install
#Use Web installation
url --url http://192.168.3.1/ubuntu-trusty
#### Mirror settings ###
d-i mirror/country string fr
d-i mirror/http/hostname string http://192.168.3.1
d-i mirror/http/directory string /ubuntu-trusty
d-i mirror/suite string trusty
#d-i mirror/country string fr
#System language
lang fr_FR
#Language modules to install
langsupport fr_FR
#System keyboard
keyboard fr
#System mouse
mouse
#System timezone
timezone Europe/Paris
#Root password
rootpw --disabled
#Initial user
user myuser --fullname "MyUser" --iscrypted --password $1$tDwZTgoh$a25ayXUItWDWxdQlUg0Tk1
#Reboot after installation
reboot
#Use text mode install
text
#Use interactive kickstart installation method
interactive
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part swap --size 4000
part / --fstype ext4 --size 1 --grow
#System authorization infomation
auth --useshadow --enablemd5
#Network information
network --bootproto=static --ip=192.168.3.222 --netmask=255.255.255.0 --nameserver=192.168.3.1 --gateway=192.168.3.1
#Firewall configuration
firewall --disabled
#X Window System configuration information
#xconfig --depth=32 --resolution=2048x1536 --defaultdesktop=GNOME --startxonboot
This ks.cfg file was generated directly from system-config-kickstart.
Edit:
I've set a static ip on my ks.cfg and with a tcpdump on my server I can see requests with this ip. This means my ks.cfg file is read but I still don't know why it's searching to access mirrors on the web instead of searching on my server.
Does anyone have an idea of this mirror researches that fail my PXE installation?
Thank you in advance.
First let me ask if you have turned your HTTP server on? in your case the ks.cfg file is going to be retrieved by an http transfer from
http://ip.local.server/ks.cfg
Next for the mirror parameters in your ks file you have to add something like
(Ubuntu)
#### Mirror settings.
preseed mirror/country string manual
preseed mirror/http/hostname string thinkmate5.ma.utexas.edu
preseed mirror/http/directory string /mirror/precise/ubuntu
preseed apt-setup/security_host string thinkmate5.ma.utexas.edu
preseed apt-setup/security_path string /mirror/precise/ubuntu
(Debian)
#### Mirror settings.
d-i mirror/country string fr
d-i mirror/http/hostname string http://ip.local.server
d-i mirror/http/directory string /ubuntu
d-i mirror/suite string trusty
#d-i mirror/http/proxy string
you could also add mirror settings at the "append" line like
mirror/country=manual mirror/http/hostname=aaa.bbb.ccc.ddd mirror/http/directory=/directoryXX mirror/http/proxy=""
Booting with kickstart have multiple layers and not all information is send from one layer to the next.
Even though your DHCP server have send an ip and information about bootfiles to the loader program ( often that is syslinux or pxelinux ) this information is not send to the OS when it boots. The kickstart file is only read after the system boots and the install program have started ( often that is anaconda ).
I think you need to pass ip=dhcp somewhere on the append line. In my setup I also have keymap=dk lang=en_US on this line to setup language and keyboard settings.
Related
Let's start with "WHY?":#nerdsLoveToStartWithWhy
I'm developing a customized software to manage a crypto-mining farm where we need to communicate with miners (BITMAIN Antminer) by their hostname instead of IP (just for ease of use).
I know! But I don't want to scan IP ranges, then either SSH to them or use API to pull out the information such as the hostname
My Solution:(please share if you have a better solution)
I've configured a Microsoft Windows Server 2008 Active Directory & DNS with a domain name as ts.facility.com and I'm trying to join my Antminers to this domain.
Scenario:
The SRV1 is my AC DC and visible to the miners. The miner with a hostname as antMinerThree which is running a linux Angstrom V2013.12 are getting reply from the ACDC with its FQDN. the ntpdate package is installed as perquisite:
command: #opkg install ntpdate
Problem:
The problem for now is that when to install required packages:
samba
krb5-config
krb5-user
winbind
libpam-winbind
libnss-winbind
I got the following error: bmminer.list
Failed to open //var/lib/opkg/info/bmminer.list: No such file or directory.
and when I created manually an empty file bmminer.list in the path /var/lib/opkg/info/ I still get this error message, unless it no longer complains about missing bmminer.list:
Question
Does any body know, how to install required packages to joint this miner running Linux Angstrom V2013.12 to a Microsoft Windows Active Directory 2008 in order that I could ping my miners by hostname instead of by their IP addresses?
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 months ago.
The community reviewed whether to reopen this question 6 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
Working with Ubuntu 18.04 Server LTS. I am trying to find a way to check the DNS IP(s) that is actually being used when set via DHCP. The resolv.conf only will point to 127.0.0.53 now. /etc/systemd/network folder is empty. The NSLOOKUP output also always references the internal 127.0.0.53 IP. Seems all the old tricks aren't working.
The Ubuntu documentation is not updated yet as it still looks like the help for 16.04 referencing eth0, ifup and ifdown which are all deprecated on 18: https://help.ubuntu.com/lts/serverguide/network-configuration.html
I've tried setting a static adapter setup with Netplan via a custom .yaml. The settings work fine but I can't seem to find the DNS IP that I set anywhere. I expect it will be consistent between DHCP and static settings but I'm not sure where to look now.
I would settle for either a C library call or a bash CLI method at this point. Does anyone have a way to check this on 18.04 Server?
I found the following showed my the DNS servers by adapter towards the end of the output:
systemd-resolve --status
It contains a list under 'DNS Servers' organized by Link. I think this has changed from previous versions with Ubuntu. It will take a little text parsing work but this gives me what I'm after.
Another way is:
cat /run/systemd/resolve/resolv.conf
That file is dynamically generated by systemd-resolved, but contains the actual DNS servers instead of 127.0.0.53.
In fact, if you want make that the default for /etc/resolv.conf, you simply create symlink for it. (/etc/resolv.conf is a symlink that points to /run/systemd/resolve/stub-resolv.conf by default):
sudo mv /etc/resolv.conf /etc/resolv.conf.orig
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Sample /run/systemd/resolve/resolv.conf :
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 10.1.2.3
search host.domain.com
For more info:
http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html
You can also use:
nmcli dev show eth0
Replace eth0 with your network interface to see how it was configured. If you got the DNS address over DHCP, you should see it here.
I'm running ubuntu 22.04.
sudo nmcli dev show <interface> didn't have any dns listings, but sudo resolvectl status <interface> showed me the current dns server.
I am suprised at this too. I am running Ubuntu 16.04 LTS and see something similar.
If you issue a
dig www.google.ca +trace | grep 'Received'
The first host in the response is the one doing the lookups for your server.
$ dig www.google.ca +trace | grep 'Received'
;; Received 525 bytes from 127.0.1.1#53(127.0.1.1) in 19 ms
;; Received 42 bytes from 199.7.91.13#53(d.root-servers.net) in 32 ms
This means that this box is doing it's own dns lookups directly to the root servers and following the path recursively to get my dns lookups.
Found the issue is that dnsmasq is enabled. To disable it do as follows.
edit the NetworkManager.conf file
sudo gedit /etc/NetworkManager/NetworkManager.conf
comment out the dnsmasq line
#dns=dnsmasq
restart the network-manager service
sudo /etc/init.d/network-manager restart
then verify that it is using the dns-server assigned via dhcp
$ dig www.google.ca +trace | grep 'Received'
;; Received 525 bytes from 192.168.30.1#53(192.168.30.1) in 18 ms
;; Received 42 bytes from 198.41.0.4#53(a.root-servers.net) in 32 ms
I am trying to open Matlab software installed in remote Linux server from my Windows 7 PC. I am using SSH secure shell to connect with the Linux server. After successful connection, I am able to see and access the folders under my user account. I am able to start Matlab software using the following command in the SSH secure shell window:
[sushma#scorpio home]$ matlab
On doing so the following message gets displayed on the SSH secure shell window:
MATLAB is selecting SOFTWARE OPENGL rendering.
No protocol specified
< M A T L A B (R) >
Copyright 1984-2015 The MathWorks, Inc.
R2015b (8.6.0.267246) 64-bit (glnxa64)
August 20, 2015
From the above message it seems that the software is running. I want to access the GUI of the software.
Give a try to ssh -X
From ssh manual:
-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for
the user's X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default. Please refer to the ssh
-Y option and the ForwardX11Trusted directive in ssh_config(5) for more
information.
-Y Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
steps that worked for me:
connect to the server by using the ssh -X flag
execute Matlab with matlab & (you should see Matlab opening on your local machine)
check within Matlab with the command opengl info if either software or hardware opengl is being used (if you're having trouble loading opengl go to step 2 and execute matlab -softwareopengl &)
run your gui script with run <script>
If the script is supposed to run independent of your ssh connection, I suggest to use the program tmux and repeat step 2-4 inside a tmux session
Issue
I have been tasked with creating a Debian imaging server for our company. Unfortunately my knowledge with, both Linux and servers is very limited, (this is part of an up-skilling program).
Steps
Currently I have tried to follow the below tutorials on creating a PXEBoot server and a ProxyDHCP:
ProxyDHCP:help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP
PXE Boot : https://help.ubuntu.com/community/PXEInstallMultiDistro
PXE Boot : https://wiki.debian.org/PXEBootInstall#Installing_Debian_using_network_booting
Originally I had tried to used a configured DHCP server on the Linux server which I had gotten working, however my manager advised that they would prefer the DHCP to come from the router instead.
So I have used apt-get to install below applications and followed sources to get the configs correctly. However it still doesn't seem 100% correct (see latest)
Task
So currently the task I have been set is per below:
Has to be in Debian
Has to be console based server only (no gui interface)
DHCP has to come from router
Server should deploy windows images
Images taken need to bee compacted (all blank space removed)
I can only find Ubuntu guides for these PXEBoot and ProxyDHCP creations, and the problem with this is that the locations they refer to do not always exist in Debian.
So I am stuck with half the options available to me, and because I have a limited knowledge here, I cannot identify where I am going wrong, or if these locations are elsewhere.
Can anyone provide me with a tutorial, or a set of command lines to help?
I would really appreciate this.
Using
I am currently using (on Debian console):
TFTPD-HPA
DNSMASQ
iPXE
SysLinux
Latest
I have been able to get the dnsmaq and tftp-hpa service "working". This is to say when I run them they start. However I still don't seem to be able to boot into an installation with this up and running.
I have another thread on forums.debian.net/viewtopic.php?f=5&t=118315
I have been able to fix my issue using 3 applications and a lot of research.
The applications I have used are; DNSMASQ, TFTPD-HPA and SAMBA
These applications have been configured as per below:
TFTPD-HPA
`apt-get install tftpd-hpa
nano /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot/"
TFTP_ADDRESS="<server address>:69"
TFTP_OPTIONS="-4 –secure --create"
RUN_DAEMON=”yes”
OPTIONS="-l -s /tftpboot"
mk dir /tftpboot
mk dir /tftpboot/pxelinux.cfg`
DNSMASQ
apt-get install dnsmasq
nano /etc/dnsmasq.conf
Interface=eth0
port=0
log-dhcp
log-queries
log-facility=/var/log/dnsmasq.log
tftp-root=/tftpboot
dhcp-boot=pxelinux.0,<server name>,<server address>
dhcp-range=192.168.1.10,proxy,255.255.255.0
dhcp-no-override
pxe-prompt="Press F8 for boot menu", 2
pxe-service=X86PC, "comment", pxelinux
SAMBA
apt-get install samba
nano /etc/samba/smb.conf
[global]
Workgroup = workgroup
Server role = standalone server
Dns proxy = no
Wins support = yes
Passwd program = /usr/bin/passwd %u
Passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *Password\supdated\ssuccessfully*
Syslog = 0
Log file = /var/log/smb.log.%m
Max log size = 1000
Map to guest = bad user
Usershare allow guests = yes
Security = user
[images]
Comment = Network SAMBA share
Path = tftpboot
Create mask = 0775
Guest ok = yes
Browseable = yes
Read only = no
Writeable = yes
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
Please if you could give me some advice of what I'm doing wrong you would make me very happy. I've been struggling with this with no luck and I'm kinda desperate.
I've got a virtual machine with an LDAP Server installed on Windows Xp. It's Apache Directory Studio.
Then I've got another virtual machine with Xubuntu on it. I want it to authenticate to Apache Directory Studio.
The two machines can see each other and do ping correctly.
Server part (Windows XP with Apache Directory Studio LDAP Server):
The server is working great, I did a domain on it dc=mydomain,dc=com with two ou's on it, ou=People and ou=Groups.
Did some posixAccounts and some posixGroup. Chose high uid numbers (2000 onwards) to avoid conflict.
All ok on server side.
Client part (Xubuntu):
Entered as root.
Did:
apt-get install libnss-ldap
Configured ip of my LDAP server (checked it, it's "pingable").
Then entered my domain, for example: dc=mydomain,dc=com.
Then chose the LDAP version my server is running:
Then chose "yes" to "make local root database admin".
Chose "no" to "does the LDAP database require login?".
Then chose the login of the admin of the LDAP Server and it's password. This is 100% confirmed to be true and the actual login, checked it in Apache Directory Studio and verified it many times.
Set the password encryption system to "clear".
Ok, I know that Apache Directory Studio is listening 10389 instead of 389, so I go to /etc/ldap.conf and change manually the port from 389 to 10389 (389 is the default and the GUI doesn't let change you).
Then IT WORKS, but only via terminal, if I do
su testuser
It works, because I got that user ONLY in LDAP server, when I test with other users it doesn't work. The same goes for getent passwd testuser.
Then I want to do graphical login, I close the session, enter credentials and it doesn't work. It works in the terminal, but with GUI don't, oh God, WHY?
PS: Did apt-get install nscd (as worked for someone) but didn't work out for me.
PS2: Thanks in advance for your time and patience, and for considering this question (it is not strict programming question).
PS3: I created the /home/testuser directory, it's not failing because of this, because it still fails to login to LDAP via GUI (but works via terminal).
Your problem is GDM Try following
Automatically create home folders
Just edit /etc/pam.d/common-session by hand and adding the following line before any pam_ldap and pam_krb5 settings:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
make sure you have gdm entry in /etc/security/group.conf
and following line in /etc/pam.d/gdm
auth optional pam_group.so
For users who login using X /etc/pam.d/gdm has to be modified so GDM will use LDAP.
Something like:
auth sufficient pam_ldap.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_unix_auth.so
account sufficient pam_ldap.so
account required pam_unix_acct.so
password required pam_ldap.so
session sufficient pam_ldap.so
session required pam_unix_session.so
You should be able to perform a
getent passwd
Form the command line and display if the users are being returned from the LDAP server.
All the users from the /etc/passwd and the users from LDAP should be displayed.
Too late answer but might help others as i got through this.
In the terminal use
sudo nano /etc/pam.d/common-auth
add these lines at the bottom auth required pam_access.so
and in this file sudo nano /etc/security/access.conf
add this line -:ALL EXCEPT root (admin):ALL EXCEPT LOCAL at the bottom
For more info: Authenticate Client Computers Using LDAP
Thanks.
I had a same issue and none of above answers solved it .This are config done by me on Ubuntu 18.04 and on kali as well
Steps we need to follow are as follows
Install libpam-ldap / libnss-ldap
Ubuntu:
apt-get install libpam-ldap
kali Linux:
apt-get install libpam-ldap libnss-ldapd
Configure ldap settings
dpkg-reconfigure libpam-ldap
do all setting as yes and local database creation : yes
base : ou-People,dc=sqtk,dc=team
root dn : dc=admin,dc=sqtk,dc=team
every option asked should be yes (store database on local yes and specify ldap admin username and password )
for database stuff use admin user only
Change /etc/nsswitch.conf to let passwd , group , shadow to use ldap and netgroup to nis
/etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
NOTE : Change netgroup to nis(network information system) this signifies that the groups are also
fetched from netgroup from nis so in below step we do group mapping (My assumption , dont question it, it worked)
Now we can verify whether we can connect to ldap server by using below command
ldapsearch -x -W -D 'cn=ldaptest,ou=People,dc=sqtk,dc=team' -b "" -s base
3.We need to set to create a home dir as soon as users logs in this is achieved by using pam_mkhomedir.so (verify if it is present by doing a find find / -name pam_mkhomedir.so if not present then install it should be present by default)
3.1 Currently when we run command
pam-auth-config
we dont see a option for mkhomedir (make home directory which is neccessary as user logs in)
3.2 to get this option we need to create a file /usr/share/pam-configs/mkhomedir if not present with following content
content :
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
3.3 Now if we run command
pam-auth-config
we see option for mkhomedir so we need to select it as well (we select option by using a space on keyboard )
3.4 To verify whether mkhomedir is set we can cat /etc/pam.d/common-session file and see a entry as below (dont edit the file manually try and use pam-auth-update only ) It will have a entry as below
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
ldap domain to group mapping
4.1 we need to do a domain mapping with the ldap group tehnical this mapping is nothing but we mapping ldap group name to group id of ldap in local .
I faced a issue where in i used to get the group id i.e > 500 of ldap group on local system but somehow system was not able to fetch the group name for the given id so i did below config
4.2 To assign local groups to a domain (ldap) user do the following edit /etc/security/group.conf and add something like the following to it
*;*;*;Al0000-2400;audio,cdrom,dialout,floppy
4.3 In order to get the pam_group module working you could create a file like /usr/share/pam-configs/my_groups:
Name: activate /etc/security/group.conf
Default: yes
Priority: 900
Auth-Type: Primary
Auth:
required pam_group.so use_first_pass
Now we activate it by running
pam-auth-update
This roughly equals editing /etc/pam.d/common-auth by hand and adding the following line before any pam_ldap and pam_krb5 settings:
auth required pam_group.so use_first_pass
IMPORTANT # You should now have local groups showing up for users logging in via gdm and ssh and can
# verify this by # executing id or groups.
4.4 Now we need to verify whether we get just the group name and id use below command
getent group
If command doent work or display verify whether you can connect to ldap server
you can also verify whether we can fetch user from ldap by firing below command
getent passwd
id <username in ldap>
Again if anyone of the above commands doesnt perform as accepted then verify whether we can connect to ldap successfully use below command
ldapsearch -x -W -D 'cn=bumbum,ou=People,dc=sqtk,dc=team' -b "" -s base
-W == prompt for password
-D == User to validate
Ldap Group to be given sudo access
Give sudo access to the group that are present on ldap and are make sure user are part of the same group with whom you are login
visudo
% ALL=(ALL) ALL
if group name is ldaptest then below line needs to be added
%ldaptest ALL=(ALL) ALL
You should be able to login from desktop as well as terminal
(Note : for above things to works install libnss-ldapd package for kali Linux only then it works )