...
if not done before configure the sources.list file to use the cache of the server:
Code Block |
---|
sudo sed -i 's#http://#http://192.168.10.1:3142/#g' /etc/apt/sources.list sudo sed -i 's#http:/#http://192.168.10.1:3142/#g' /etc/apt/sources.list.d/medibuntu.list sudo apt-get update |
Install ltsp-server-standalone:
...
Build the client (even if using the cache of the server some of the files will be downloaded on the internet, if a solution is found please update )
Code Block |
---|
sudo ltsp-build-client --mirror http://192.168.10.1:3142/archive.ubuntu.com/ubuntu --security-mirror http://192.168.10.1:3142/security.ubuntu.com/ubuntu --updates-mirror http://192.168.10.1:3142/archive.ubuntu.com/ubuntu |
...
apt-get install dhcp3-server (is supposed to be already installed)
cp /etc/ltsp/dhcpd.conf /etc/ltsp/dhcpd-backup.conf
sudo emacs /etc/ltsp/dhcpd.conf
sudo emacs /etc/network/interfaces
sudo /etc/init.d/networking start
install and configure LDAP
apt-get install slapd ldap-utils ldapscripts
emacs frontend.bluelight.av.ldif
Code Block |
---|
dn: ou=Users,dc=bluelight,dc=av
objectClass: organizationalUnit
ou: Users
dn: ou=Groups,dc=bluelight,dc=av
objectClass: organizationalUnit
ou: Groups
|
ldapadd -x -D cn=admin,dc=bluelight,dc=av -W -f frontend.bluelight.av.ldif
emacs slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif
Code Block |
---|
Code Block |
#
# Default LTSP dhcpd.conf config file.
#
#authoritative;
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.2 192.168.2.250;
option domain-name "LSTPtest.av";
option domain-name-servers 192.168.2.1;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
# next-server 192.168.2.1;
# get-lease-hostnames true;
option subnet-mask 255.255.255.0;
option root-path "/opt/ltsp/i386";
if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
filename "/ltsp/i386/pxelinux.0";
} else {
filename "/ltsp/i386/nbi.img";
}
}
|
sudo service networking start
Install and configure LDAP
apt-get install slapd ldap-utils ldapscripts
emacs /etc/ldap/frontend.bluelight.av.ldif
Code Block |
---|
dn: ou=Users,dc=bluelight,dc=av" write by * read olcLastMod: TRUE olcRootDN: cn=admin objectClass: organizationalUnit ou: Users dn: ou=Groups,dc=bluelight,dc=av olcRootPWobjectClass:: e1NTSEF9ZHVjOVVVLytLcnpqMEtaRDhtWHkwMWxMcmFrUVkrN2I=organizationalUnit olcDbCheckpointou: 512 30Groups olcDbConfig: {0}set_cachesize 0 2097152 0 olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq structuralObjectClass: olcHdbConfig entryUUID: 8cf0846c-d6d0-1030-8040-b16ccc9dfedc creatorsName: cn=config createTimestamp: 20120119100316Z entryCSN: 20120119100316.322583Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20120119100316Z |
emacs slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif
Code Block |
---|
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 8ce93b12-d6d0-1030-8038-b16ccc9dfedc
creatorsName: cn=config
createTimestamp: 20120119100316Z
entryCSN: 20120119100316.274833Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120119100316Z
|
apt-get install ldap-auth-client auth-client-config
emacs /etc/ldapscripts/ldapscripts.conf
Code Block | ||
---|---|---|
| ||
SERVER="ldap://localhost" BINDDN="cn=admin,dc=bluelight,dc=av" BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" SUFFIX="dc=bluelight,dc=av" # Global suffix GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) USUFFIX="ou=Users" # Users ou (just under $SUFFIX) GIDSTART="2000" # Group ID UIDSTART="2000" # User ID HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. HOMEPERMS="700" # Default permissions for home directories GETENTPWCMD="" GETENTGRCMD=" |
ldapadd -x -D cn=admin,dc=bluelight,dc=av -W -f frontend.bluelight.av.ldif
emacs slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif
Code Block |
---|
File Edit Options Buffers Tools Help
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=bluelight,dc=av
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=bluelight,dc=av" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=bluelight,dc=av" write by
* read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=bluelight,dc=av
olcRootPW:: e1NTSEF9ZHVjOVVVLytLcnpqMEtaRDhtWHkwMWxMcmFrUVkrN2I=
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
structuralObjectClass: olcHdbConfig
entryUUID: 8cf0846c-d6d0-1030-8040-b16ccc9dfedc
creatorsName: cn=config
createTimestamp: 20120119100316Z
entryCSN: 20120119100316.322583Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120119100316Z
|
emacs slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif
Code Block |
---|
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: 8ce93b12-d6d0-1030-8038-b16ccc9dfedc
creatorsName: cn=config
createTimestamp: 20120119100316Z
entryCSN: 20120119100316.274833Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20120119100316Z
|
apt-get install ldap-auth-client auth-client-config
emacs /etc/ldapscripts/ldapscripts.conf
Code Block | ||
---|---|---|
| ||
SERVER="ldap://localhost"
BINDDN="cn=admin,dc=bluelight,dc=av"
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX="dc=bluelight,dc=av" # Global suffix
GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX)
USUFFIX="ou=Users" # Users ou (just under $SUFFIX)
GIDSTART="2000" # Group ID
UIDSTART="2000" # User ID
HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant.
HOMEPERMS="700" # Default permissions for home directories
GETENTPWCMD=""
GETENTGRCMD=""
GTEMPLATE=""
UTEMPLATE=""
MTEMPLATE=""
|
Code Block |
---|
# Copyright (C) 2005 Gana�l LAPLANCHE - Linagora # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # Note for Debian users: # On Debian system ldapscripts will try to parse and use some system config. # Look on commented variables and description lines started with DEBIAN. # But you could override it's values here. # LDAP Configuration # DEBIAN: values from /etc/pam_ldap.conf are used. SERVER="ldap://localhost" BINDDN="cn=admin,dc=bluelight,dc=av" # The following file contains the raw password of the binddn # Create it with something like : echo -n 'secret' > $BINDPWDFILE # WARNING !!!! Be careful not to make this file world-readable # DEBIAN: /etc/pam_ldap.secret or /etc/ldap.secret are used. BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" # For older versions of OpenLDAP, it is still possible to use # unsecure command-line passwords by defining the following option # AND commenting the previous one (BINDPWDFILE takes precedence) #BINDPWD="secret" # DEBIAN: values from /etc/pam_ldap.conf are used. SUFFIX="dc=bluelight,dc=av" # Global suffix GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) USUFFIX="ou=Users" # Users ou (just under $SUFFIX) MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) # Start with these IDs *if no entry found in LDAP* GIDSTART="10000" # Group ID UIDSTART="10000" # User ID #MIDSTART="20000" # Machine ID # User properties # DEBIAN: values from /etc/adduser.conf are used. #USHELL="/bin/sh" #UHOMES="/home/%u" # You may use %u for username here #CREATEHOMES="no" # Create home directories and set rights ? HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. HOMEPERMS="700" # Default permissions for home directories # User passwords generation # Command-line used to generate a password for added users (you may use %u for username here) # WARNING !!!! This is evaluated, everything specified here will be run ! # Special value "<ask>" will ask for a password interactively #PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" #PASSWORDGEN="head -c8 /dev/random | uuencode -m - | sed -n '2s|=*$||;2p' | sed -e 's|+||g' -e 's|/||g'" #PASSWORDGEN="pwgen" #PASSWORDGEN="echo changeme" #PASSWORDGEN="echo %u" #PASSWORDGEN="<ask>" #PASSWORDGEN="pwgen" # User passwords recording # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS # (useful when performing a massive creation / net rpc vampire) # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! #RECORDPASSWORDS="no" #PASSWORDFILE="/var/log/ldapscripts_passwd.log" # Where to log #LOGFILE="/var/log/ldapscripts.log" # Temporary folder #TMPDIR="/tmp" # Various binaries used within the scripts # Warning : they also use uuencode, date, grep, sed, cut, expr, which... # Please check they are installed before using these scripts # Note that many of them should come with your OS # OpenLDAP client commands #LDAPSEARCHBIN="/usr/bin/ldapsearch" #LDAPADDBIN="/usr/bin/ldapadd" #LDAPDELETEBIN="/usr/bin/ldapdelete" #LDAPMODIFYBIN="/usr/bin/ldapmodify" #LDAPMODRDNBIN="/usr/bin/ldapmodrdn" #LDAPPASSWDBIN="/usr/bin/ldappasswd" # Character set conversion : $ICONVCHAR <-> UTF-8 # Comment ICONVBIN to disable UTF-8 conversion #ICONVBIN="/usr/bin/iconv" #ICONVCHAR="ISO-8859-15" # Base64 decoding # Comment UUDECODEBIN to disable Base64 decoding #UUDECODEBIN="/usr/bin/uudecode" # Getent command to use - choose the ones used # on your system. Leave blank or comment for auto-guess. # GNU/Linux #GETENTPWCMD="getent passwd" #GETENTGRCMD="getent group" # FreeBSD #GETENTPWCMD="pw usershow" #GETENTGRCMD="pw groupshow" # Auto GETENTPWCMD="" GETENTGRCMD="" # You can specify custom LDIF templates here # Leave empty to use default templates # See *.template.sample for default templates #GTEMPLATE="/path/to/ldapaddgroup.template" #UTEMPLATE="/path/to/ldapadduser.template" #MTEMPLATE="/path/to/ldapaddmachine.template" GTEMPLATE="" UTEMPLATE="" MTEMPLATE="" |
...
if problem check /etc/ldapscripts/ldapscripts.passwd
...
Chroot in the client's system
Install and configure LDAP
following is working for clients using 8.04 and 8.10
install some software
...