Issue
I have been tasked with creating a Debian imaging server for our company. Unfortunately my knowledge with, both Linux and servers is very limited, (this is part of an up-skilling program).
Steps
Currently I have tried to follow the below tutorials on creating a PXEBoot server and a ProxyDHCP:
ProxyDHCP:help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP
PXE Boot : https://help.ubuntu.com/community/PXEInstallMultiDistro
PXE Boot : https://wiki.debian.org/PXEBootInstall#Installing_Debian_using_network_booting
Originally I had tried to used a configured DHCP server on the Linux server which I had gotten working, however my manager advised that they would prefer the DHCP to come from the router instead.
So I have used apt-get to install below applications and followed sources to get the configs correctly. However it still doesn't seem 100% correct (see latest)
Task
So currently the task I have been set is per below:
Has to be in Debian
Has to be console based server only (no gui interface)
DHCP has to come from router
Server should deploy windows images
Images taken need to bee compacted (all blank space removed)
I can only find Ubuntu guides for these PXEBoot and ProxyDHCP creations, and the problem with this is that the locations they refer to do not always exist in Debian.
So I am stuck with half the options available to me, and because I have a limited knowledge here, I cannot identify where I am going wrong, or if these locations are elsewhere.
Can anyone provide me with a tutorial, or a set of command lines to help?
I would really appreciate this.
Using
I am currently using (on Debian console):
TFTPD-HPA
DNSMASQ
iPXE
SysLinux
Latest
I have been able to get the dnsmaq and tftp-hpa service "working". This is to say when I run them they start. However I still don't seem to be able to boot into an installation with this up and running.
I have another thread on forums.debian.net/viewtopic.php?f=5&t=118315
I have been able to fix my issue using 3 applications and a lot of research.
The applications I have used are; DNSMASQ, TFTPD-HPA and SAMBA
These applications have been configured as per below:
TFTPD-HPA
`apt-get install tftpd-hpa
nano /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot/"
TFTP_ADDRESS="<server address>:69"
TFTP_OPTIONS="-4 –secure --create"
RUN_DAEMON=”yes”
OPTIONS="-l -s /tftpboot"
mk dir /tftpboot
mk dir /tftpboot/pxelinux.cfg`
DNSMASQ
apt-get install dnsmasq
nano /etc/dnsmasq.conf
Interface=eth0
port=0
log-dhcp
log-queries
log-facility=/var/log/dnsmasq.log
tftp-root=/tftpboot
dhcp-boot=pxelinux.0,<server name>,<server address>
dhcp-range=192.168.1.10,proxy,255.255.255.0
dhcp-no-override
pxe-prompt="Press F8 for boot menu", 2
pxe-service=X86PC, "comment", pxelinux
SAMBA
apt-get install samba
nano /etc/samba/smb.conf
[global]
Workgroup = workgroup
Server role = standalone server
Dns proxy = no
Wins support = yes
Passwd program = /usr/bin/passwd %u
Passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *Password\supdated\ssuccessfully*
Syslog = 0
Log file = /var/log/smb.log.%m
Max log size = 1000
Map to guest = bad user
Usershare allow guests = yes
Security = user
[images]
Comment = Network SAMBA share
Path = tftpboot
Create mask = 0775
Guest ok = yes
Browseable = yes
Read only = no
Writeable = yes
Related
I am trying to configure the headless VPN only FortiClient on an AWS ubuntu 20.04 ec2 instance, and though I am able to connect to the target, I am then disconnected from the instance and cannot progress.
Setup:
wget http://cdn.software-mirrors.com/forticlientsslvpn_linux_4.4.2328.tar.gz
tar -xzvf forticlientsslvpn_linux_4.4.2328.tar.gz
cd ./forticlientsslvpn/64bit/helper
sudo ./setup.linux.sh
# Accept license
cd ..
./forticlientsslvpn_cli --server serveraddress:port --vpnuser username
# Enter password
##Connected!
At this stage, I am booted out of the instance and cannot reconnect (requiring a soft restart of the instance to gain access again)
I can see that there is a configuration file at forticlientsslvpn/64bit/helper/config but I cannot find any documentation describing what can be configured there or whether it is something I should be concerned with.
The CLI itself doesn't take any other options other than:
forticlientsslvpn_cli [--proxy proxyaddress:proxyport] --server vpnserveraddress:vpnport [--proxyuser proxyuser] [--vpnuser vpnuser] [--pkcs12 pkcs12path] [--keepalive]
I would like to either:
Preserve my original SSH connection (and any future connections) so I can develop within the VPN or;
Limit the VPN to only package traffic that is going to a specific IP range (CIDR block)
I have found three different methods for installing the client (sudo apt install forticlient, sudo apt install -y openfortivpn, see above) and cannot navigate through them. I have looked into FortiClientLinuxGuide and installed that tool but couldn't find out how to configure it as a VPN instead (or where to add the configuration). Similar experience with the second one.
This seems to be the only documentation about how to configure the CLI and its just the bear minimum How to setup and install SSLVPN.
This post seems to be having the same problem ssh-telnet-disconnects and the solution looks like it would work if only I knew how to set that configuration.
alternatively, I have looked up split tunnel configuration which looks like it would be ideal but cannot work out how I would set that up. The documentation is only via the GUI Enable-split-tunnel-feature
Let's start with "WHY?":#nerdsLoveToStartWithWhy
I'm developing a customized software to manage a crypto-mining farm where we need to communicate with miners (BITMAIN Antminer) by their hostname instead of IP (just for ease of use).
I know! But I don't want to scan IP ranges, then either SSH to them or use API to pull out the information such as the hostname
My Solution:(please share if you have a better solution)
I've configured a Microsoft Windows Server 2008 Active Directory & DNS with a domain name as ts.facility.com and I'm trying to join my Antminers to this domain.
Scenario:
The SRV1 is my AC DC and visible to the miners. The miner with a hostname as antMinerThree which is running a linux Angstrom V2013.12 are getting reply from the ACDC with its FQDN. the ntpdate package is installed as perquisite:
command: #opkg install ntpdate
Problem:
The problem for now is that when to install required packages:
samba
krb5-config
krb5-user
winbind
libpam-winbind
libnss-winbind
I got the following error: bmminer.list
Failed to open //var/lib/opkg/info/bmminer.list: No such file or directory.
and when I created manually an empty file bmminer.list in the path /var/lib/opkg/info/ I still get this error message, unless it no longer complains about missing bmminer.list:
Question
Does any body know, how to install required packages to joint this miner running Linux Angstrom V2013.12 to a Microsoft Windows Active Directory 2008 in order that I could ping my miners by hostname instead of by their IP addresses?
I need to refresh the database with new dump files. But, unfortunately, that server machine doesn't have enough space. So, now trying to import same dump files, which is already present in the other machine (same network). Both machine has same OS running (Linux) with same version.
Now, I'm planning to share the source dump folder and create new directory in destination database, which will point network folder. But, I'm not sure how to share folder in Linux.
Any suggestion will be appreciated.
You probably want to share the directory with NFS. Here is a basic outline of the process.
On the server (where the files are):
yum -y install nfs-utils nfs-utils-lib // your pkg manager may vary
vi /etc/exports
// add a line like below
/directory/I/am/sharing *(ro,sync) // can replace * with an IP addr
service rpcbind start
service nfs start
chkconfig --levels 235 rpcbind on // so they auto-start at boot
chkconfig --levels 235 nfs on
(open your firewall, if needed!)
On the client (who wants to see the files):
yum -y install nfs-utils nfs-utils-lib
mkdir -p /the/mount/point // you choose the name
mount name.of.your.server:/directory/I/am/sharing /the/mount/point
(to make the mount happen at boot, add this info in /etc/fstab):
name.of.your.server /directory/I/am/sharing /the/mount/point nfs ro
Notes:
* You may need portmap in place of rpcbind
* ro means read-only, I assumed you wanted 1-way sharing. You may want rw
* There are more detailed instructions all over the 'net -- google them
This is an interesting problem I've been thinking about recently and have not come up with or found a solution that I find acceptable.
I'm playing with Raspberry Pi's and have 6 currently that I want to use throughout a few of my personal properties for surveillance purposes.
Making them work and sending video streams to my server is all easy, well and good - but how in the world do I deploy code updates to these "nodes" that are not on the same network, some are behind wi-fi networks that I don't have port forwarding access to also, so it's not like I can just post forward and SSH into them and run some .sh magic to update things.
The best I've come up with is using autossh to keep a constant, connection open to one of my servers through reverse ssh, and then ssh in to them through my parent server in parallel and running a .sh script on them when I want to update.. But this seems overly excessive and I'm sure there's some solution or platform out there that exists to solve this - how else do companies like Redbox or Nest for example update firmware on their systems remotely?
I'm actually doing something similar. I have Pi's deployed around the city that I live in. In order to not have to worry about port-forwarding and people changing their router configurations, I started using a service called Pagekite http://pagekite.net/
I'm not affiliated with them, but I can't say enough good things about the service and price. My Pi's are hooked up to screens that need to display certain things at certain times, and I'm able to VNC in very easily no matter where the Pi is to see what's currently playing. I can obviously just ssh in as well.
The following steps from my pi setup guide deal with installing pagekite and getting it to start on boot:
echo deb http://pagekite.net/pk/deb/ pagekite main | sudo tee -a /etc/apt/sources.list
sudo apt-key adv --recv-keys --keyserver keys.gnupg.net AED248B1C7B2CAC3
sudo apt-get update
sudo apt-get install pagekite
sudo leafpad /etc/pagekite.d/10_account.rc
Replace NAME.pagekite.me with the name of the kite
Replace YOURSECRET with whatever the secret is from the pagekite admin console
Remove the line “abort_not_configured” and the comment above it
sudo cp /etc/pagekite.d/80_sshd.rc.sample /etc/pagekite.d/80_sshd.rc
sudo invoke-rc.d pagekite restart
sudo reboot
This assumes you've made an account and setup a "kite"
I think you basically need a reliable reverse tunnel such as Pagekite, especially if you plan on expanding your network, as it will turn into a nightmare at a certain size. I believe I'm just going to keep a list of ssh usernames, ssh passwords, and pagekite addresses, then write a script that loops through them and rsync's my local directory with the new code to the remote directory on the pi.
So I have a Raspberry PI set up as an access point and I can connect to it as if it was a router to share an internet connection.
just like explained here: http://www.instructables.com/id/How-to-make-a-WiFi-Access-Point-out-of-a-Raspberry/
Now all I want this for is just so I can access files from the RPi and transfer them to other devices.
The question is how can I (after a device connected the RPi via WiFi) access files from the RPi?
You can install any number of server applications to share files, like FTP or HTTP. If you want to share files with computers running Microsoft Windows® the best bet would probably be SAMBA. To do this from the command line, try the following steps:
sudo apt-get install samba samba-common-bin
and then after it's installed you need to edit the configuration:
sudo nano /etc/samba/smb.conf
Uncomment the line that says # security = user by removing the # from the beginning of the line. You also need to find where it says read only = yes in the [homes] section and change it to read only = no. Press [CTRL]+X to exit nano and press y to save.
Then restart the SAMBA service with the new configuration:
sudo service samba restart
Finally, you have to add a password for each user. for the default user pi just enter:
sudo smbpasswd -a pi
Repeat the above command for each user you wish to add.
You should now be able to access your Pi's files from your Windows computer by navigating to it just like any other shared folder: \\raspberrypi\pi or in my case I have to use the IP address because of my network setup \\192.168.0.209\pi