GOLETA9 Build Notes

Ubuntu 9.04, May 2009
These notes are only items different from those in GOLETA5 for which this server is intended to replace. These are also to serve as reminders for Ubuntu commands that are different from RedHat. Jump ahead to [Samba] [DNS], [Veritas], [Nagios], [vsFTPd], [OCS] and [Notes].

Samba setup

Use Likewise Open to simplify joining an AD domain
https://help.ubuntu.com/9.04/serverguide/C/likewise-open.html

sudo apt-get install likewise-open5

Join the domain:

sudo domainjoin-cli join mydomain.com Administrator

Where "mydomain.com" is your domain and "Administrator" is an appropiate username.
Now, all domain users should be able to logon to the box like so:

ssh 'mydomain.com\username'@hostname

Note: leave domain by running "sudo domainjoin-cli leave".

Now install Samba:

https://help.ubuntu.com/9.04/serverguide/C/samba-ad-integration.html

sudo apt-get install samba smbfs smbclient

Likewise and Samba use different "secrets.tdb" files so, link 'em.

sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig sudo ln -s /etc/samba/secrets.tdb /var/lib/samba

Then edit /etc/samba/smb.conf" as normal except add these lines:

workgroup = EXAMPLE security = ads realm = EXAMPLE.COM

although, I was struggling with authenticating until I ran this:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/

sudo net rpc join -U administrator%password

Note: You can mount shares to your ubuntu server using, "mount.cifs //fs01.example.com/share mount_point" or have them mount at boot by adding a line similar to, "//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0" to /etc/fstab. You may also find some use for the "smbclient" utility.

Samba Links:

• Samba and CUPS-PDF notes
• wiki.samba.org - Samba & Active Directory

Secondary DNS setup

Setup Ubuntu to be a seconday for a windows DNS server
http://ubuntuforums.org/showthread.php?t=558960

sudo apt-get install bind9 sudo vi /etc/bind/named.conf.local

And edit the file with this:

zone "mydomain.com" { type slave; file "/var/cache/bind/db.mydomain.com"; masters { 192.168.168.8; }; }; zone "168.168.192.in-addr.arpa" { type slave; file "/var/cache/bind/db.192"; masters { 192.168.168.8; }; };

Then reload bind:

sudo /etc/init.d/bind9 reload

From the Windows DNS server click Start > Control Panel > Administrative Tools > DNS > Forward Lookup Zones > mydomain.com > Properties > Name Servers > Add new DNS server. Then from the "Zone Trasfer" tab allow zone transfers to servers listed in Name Servers Tab and restart your bind9 service on your ubuntu server again.

syslog showed "gc_.msdcs.mydomain.com bad owner name (check-names)" errors when Microsoft Active Directory records with underscores ("_") have been added to a master forward zone file. Add "check-names ignore;" to the mydomain.com zone entry in /etc/bind/named.conf.local to prevent these messages (not ideal).

Other Ubuntu DNS links:

• http://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.html
  
• http://blog.mansonthomas.com/2008/01/set-up-secondary-domain-name-server.html
• https://help.ubuntu.com/9.04/serverguide/C/dns-configuration.html

Hostname Change

Rename the host and reset the IP address using the commands below:
http://www.debianadmin.com/change-hostname-or-server-name-of-a-linux-machine.html

sudo hostname goleta9 sudo vi /etc/hostname sudo vi /etc/hosts sudo vi /etc/network/interfaces sudo /etc/init.d/networking restart

You can test for success by running these commands:

uname -n hostname -a hostname -s hostname -d hostname -f hostname

Veritas Remote Agent

The Veritas Remote Agent for Linux and Unix Servers (RALUS) comes with the Backup Exec 10 installation CD. It is intended for Redhat Linux but, with some tweaking will run on Ubuntu.

The instructions for RedHat are in C:\Program Files\VERITAS\Backup Exec\NT\BeAdmin_en.pdf on my backup server but, here's a summary for a manual install using their tar file (RPM's are included with the CD and alien can covert them to Ubuntu/Debain packages):

1. Insert and mount the Backup Exec CD in the CD-ROM drive.
2. Copy the <CD_MOUNT_POINT>/RALUS/linux/pkgs/linux/ralus.tar file into a temp directory.
3. Extract the contents of the tar file: "tar xf ralus.tar"
4. Change the owner of all the ralus files: "chown -R 0 etc opt var"
5. Change the owner of all the ralus files: "chgrp -R 0 etc opt var"
6. Change the permission for of all the ralus binaries: "chmod -R 0500 opt"
7. Change the permission for of all other ralus files: "chmod -R 0600 etc var"
8. Copy the RALUS files to their target setinations: "cp -r etc opt var /"
9. Change to the /opt/VRTSralus/bin/ directory
10. Execute the VRTSralus.service-install script
11. Start up the RALUS daemon: "/etc/rc.d/init.d/VRTSralus.init start"

Unforunately, the VRTSralus.service-install script won't run correctly on Ubuntu because the paths are different. Open it up and change "/etc/rc.d/init.d" to "/etc/init.d" and the "/etc/rc.d/rc#.d" lines to "/etc/rc#.d". This script will then execute smoothly.

However, the VRTSralus init script failed to start the daemon: "libbedssmsp.so" and "libsmstools.so were missing from /opt/VRTSralus/bin/ accordint to /var/VRTSralus/beremote.service.log. I downloaded a new version of the files from here (115 MB) and extracted the files from the rpm with "rpm2cpio package.rpm | cpio -dimv" and copied them over.

At this point the daemon is up and reporting to the backup server but, I can't select files from BackUp Exec.

Veritas Links:

• Buckpexec Remote Agent problem on Ubuntu.
• Backup Exec 10.0 revision 5520 - Remote Agent for Linux and UNIX Servers (RALUS)
• Installation of the RALUS on the Red Hat Linux platform
• Installing Backup Exec agent on Debian

Nagios

Installation and basic configuration instructions are available on the build notes for GOLETA5. This section is to address relaying notifications through a Microsoft Exchange Server.

Install mailx and postfix as a satellite mail system, the installer will ask during postfix installation, and point it at your Exchange server (see also /etc/postfix/main.cf). The Exchange server may need to be configured to accept the relay.

Exchange Relay Setup

From the Exchage server click Start > Control Panel > Administrative Tools > Exchange System Manager > Servers > myserver > Protocols > SMTP > Default SMTP Virtual Server Properties > Access Tab > Relay Button > Grant permission to your Nagios/Postfix server

I also added the Postfix server in the Perimeter IP list via Exchange System Manager > Global Settings > Messsage Delivery Properties > General Tab > Add Button and recieved my first Nagios alert shortly thereafter.

Nagios Links:

• Setting up Nagios with Notification w/ Exchange/Postfix
• How to troubleshoot mail relay issues in Exchange Server 2003/2000 Server
• Monitoring a APC Smart UPC

Nagios Alternatives: OpenNMS and Open-AudIT

vsFTPd

vsFTPd is a secure, simple ftp server that supports virtual root for "jailing" FTP logon's to their home directory.

sudo apt-get install vsftpd

Edit /etc/vsftpd.conf to disable anonymous logon, enable virtual rooting and to supress the 220 server and version message by defining a ftpd_banner. Note: The dirmessage_enable=YES displays the contents of the .message file in the users home directory.

anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES ftpd_banner=<insert_greeting_here> chroot_local_user=YES

Create your local user and home directory

useradd -d /var/ftp/ftpuserhome -g ftp -m -s /usr/sbin/nologin ftpuser passwd ftpuser

Restart vsftpd to have the changes take effect.

sudo /etc/init.d/vsftpd restart vsFTPd Links:

• Howto: Easy FTP with vsftpd
• Ubuntu vsftpd server installation
• FTP server security (vsftpd & Wu-Ftpd)
• How-To: FTP Virtual Host with ProFTPD and MySQL

Ubuntu Notes

Root Password
The root password set during installation didn't take again. Running, "sudo passwd root" or "sudo -s" and then "passwd" will care of that.

Ubuntu Package Management Notes: [MORE]

Listing installed packages: dpkg -l | less dpkg -l | grep packagename aptitude search \packagename Show files associated with a package:dpkg -L packagename Removing packages: sudo apt-get remove mplayer sudo apt-get --purge remove lighttpd dpkg -r realplayer Ubuntu software repositories are stored in /etc/apt/sources.list. Also see Ubuntu Repositories CommandLine or the InstallingSoftware tutorials. See Aptitude Survival Guide, Automatic updates and and Automatic Security Updates for details on keeping your system up to date.