Installation Workstation (Linux Ubuntu/Mint)

Following steps are an installation based on Linux Mint / Ubuntu… This can help you to make sure that you can login with LDAP authentication, that your internet connections are properly configured, that you use RSA keys…

  1. Add proxy servers
    Edit the enviroments for your proxy. Make sure that you put both (lower & uppercase) in it. Some programs loook for a difference.

vim /etc/environment
http_proxy=http://proxyurl:3128
https_proxy=https://proxyurl:3128
ftp_proxy=ftp://proxyurl:3128
socks_proxy=socks://proxyurl:3128
HTTP_PROXY=http://proxyurl:3128
HTTPS_PROXY=https://proxyurl:3128
FTP_PROXY=ftp://proxyurl:3128
SOCKS_PROXY=socks://proxyurl:3128

Update the settings for apt

vim /etc/apt/apt.conf.d/00aptitude
Aptitude::Get-Root-Command “sudo:/usr/bin/sudo”;
Acquire::http::proxy "http://proxyurl:3128
Acquire::https::proxy "https://proxyurl:3128
Acquire::ftp::proxy "ftp_proxy=ftp://proxyurl:3128

  1. Network DNS
    Update the DNS settings, and restart this.

vim /etc/resolvconf/resolv.conf.d/base
search mydom anotherdom somethingelse
nameserver IPOFSERVER1
nameserver IPOFSERVER2

3 LDAP
Install following packages:

apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils sssd

Change the ldap configuration

vim /etc/ldap.confTLS_CACERTDIR /etc/openldap/cacerts
URI ldap://LDAPSEVER
BASE dc=dom,dc=be
sudoers_base ou=SudoEntries,dc=dom,dc=be
timelimit 30
bind_timelimit 30
nss_reconnect_tries 2
nss_reconnect_sleeptime 1
nss_reconnect_maxsleeptime 1
nss_reconnect_maxconntries 1
bind_policy soft

  1. Edit the sssd configuration.

vim /etc/sssd/sssd.conf[domain/default]
autofs_provider = ldap
cache_credentials = True
krb5_realm = EXAMPLE.COM
ldap_search_base = dc=dom,dc=be
krb5_server = kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://LDAPSERVER
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/cacerts
[domain/LDAP]
debug_level = 4976
ldap_id_use_start_tls = True
cache_credentials = True
ldap_search_base = dc=dom,dc=be
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://LDAPSERVER
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_sudorule_runasuser = sudoRunAs
ldap_user_ssh_public_key = sshPublicKey
cache_credentials = True
enumerate = True
entry_cache_timeout = 5400
[sssd]
services = nss, sudo, pam, autofs, ssh
config_file_version = 2
domains = default, LDAP
[nss]
[pam]
[sudo]
[autofs]
[ssh]
debug_level = 0x1370

Change permissions of sssd.conf

chmod 700 /etc/sssd/sssd.conf
chown root. /etc/sssd/sssd.conf

Change authentication:

vim /etc/nsswitch.conf
passwd: ldap compat
group: ldap compat
shadow: ldap compat

Edit the common sessions

vim /etc/pam.d/common-sessionsession required pam_mkhomedir.so skel=/etc/skel umask=0022

Change te super users

vim /etc/sudoersDefaults requiretty
Defaults !visiblepw
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%sysadmin ALL=(ALL) NOPASSWD: ALL

Restart the services

service nscd restart
service sssd restart
nss_updatedb ldap

(will import all LDAP users !!!)

  1. Remote Access
    Client software for RDP/VNC

apt install Remmina

  1. Server software for VNC

sudo apt-get -y remove vino
sudo apt-get -y install x11vnc
sudo mkdir /etc/x11vnc
sudo x11vnc --storepasswd /etc/x11vnc/vncpwd
sudo vim /lib/systemd/system/x11vnc.service
[Unit]
Description=Start x11vnc at startup.
After=multi-user.target
[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -auth guess -forever -noxdamage -repeat -rfbauth /etc/x11vnc/vncpwd -rfbport 5900 -shared
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable x11vnc.service
sudo systemctl start x11vnc.service

  1. SSH-server

apt install openssh-server
/etc/init.d/ssh start

Use RSA keys to login to server

YOURNAME@WORKSTATION
ssh-keygen

Copy content from /home/YOURNAME/.ssh/id_rsa.pub towards ‘keyserver’

  1. Install GUI for KVM server

apt install virt-manager
Install improved vi-editor
apt install vim