URY Wiki

Adding a New Machine to the Network: Difference between revisions

← Older editNewer edit →
No edit summary
No edit summary
Line 7: Line 7:
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
* Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in [[#Static IP Configuration]]
* If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per [[#Single Sign On with Samba]]?


=== Registering with LAN DB ===
=== Registering with LAN DB ===
Line 40: Line 42:
(Your Signoff Here)
(Your Signoff Here)


==== SAMBA NOTES ====
=== Single Sign On with Samba ===
This needs to be more formally documented, but first, follow:
==== FreeBSD ====
http://www.whitneytechnologies.com/?p=119
* Follow the following guide: http://www.whitneytechnologies.com/?p=119
 
* Change the home directory path configuration from above to just be /home/%U (no domain in the path)
Then also edit /etc/pam.d/system to have
* Edit /etc/pam.d/system to have
<code>
auth            sufficient      /usr/local/lib/pam_winbind.so
auth            sufficient      /usr/local/lib/pam_winbind.so
</code>
* Edit sudoers to use <code>%domain\x20admins ALL=(ALL) ALL</code>
* If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/


sudoers should use "%domain\x20admins ALL=(ALL) ALL"
==== Debian ====
 
We haven't tried this with Debian yet. We should try this with Debian.
If ZFS, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
 
<note warning>This information is semi-deprecated. Lloyd is currently working on our Subnet project.</note>
 
===== Internal access =====
 
==== Proxy ====
 
Note: This is no longer necessary. We previously did not have port 80 open externally but do now.
 
**/etc/profile** and **/etc/bash.bashrc**
  export http_proxy=http://wwwcache.york.ac.uk:8080
  export ftp_proxy=http://wwwcache.york.ac.uk:8080
 
you can run the command below to append to both files
 
  echo -e "\n#proxy settings\nexport http_proxy=http://wwwcache.york.ac.uk:8080\nexport ftp_proxy=http://wwwcache.york.ac.uk:8080" | sudo tee -a /etc/profile | sudo tee -a /etc/bash.bashrc
 
==== DNS ====
**/etc/hostname**
  <non-FQDN-name-just-the-machine-local-name>
 
**/etc/resolv.conf**
  nameserver 10.0.0.4
  domain ury.york.ac.uk
  search ury.york.ac.uk
 
Add the machine to **uryfs1:/etc/bind/db.10-0-0**, **uryfs1:/etc/bind/db.ury**
 
==== DHCP ====
 
Add the mac address and IP to **uryfs1:/etc/dhcp/dhcpd.conf**
 
===== External access =====
For a server to provide web services externally, we usually reverse proxy them through URY. If the server will be hosting other services, do the following:


- Get an IP assigned from the Vanbrugh subnet from IT Services. They need to know the following:


-- The server's hostname
=== Static IP Configuration ===
 
/etc/network/interfaces:
-- The server's MAC address
 
-- The server's operating system and version (e.g. Debian Squeeze)
 
-- The server's location - This is V/URY <3840>
 
- Once IT Services has done this (i.e. closed the request and provided you the IP), configure the server to connect out on VLAN 108 with the provided details. A sample /etc/network/interfaces file is below.
<code>
<code>
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface, URY Internal
auto eth0
allow-hotplug eth0
iface eth0 inet static
iface eth0 inet static
    address 10.0.0.--
        address 144.32.64.xxx
    netmask 255.255.255.0
        netmask 255.255.255.224
    network 10.0.0.0
        network 144.32.64.160
    broadcast 10.0.0.255
        broadcast 144.32.64.191
    dns-nameservers 10.0.0.4
        gateway 144.32.64.161
    dns-search ury.york.ac.uk
        dns-search york.ac.uk
 
        mtu 1500
#External 108 Vanbrugh Subnet
</code>
iface vlan108 inet static
<code>
    address 144.32.---.---
/etc/resolv.conf:
    netmask 255.255.254.0
domain ury.york.ac.uk york.ac.uk
    network 144.32.---.---
nameserver 144.32.64.164
    broadcast 144.32.---.---
nameserver 144.32.128.242
    gateway 144.32.108.76
nameserver 144.32.128.243
    dns-nameservers 144.32.128.243
    dns-search york.ac.uk
    mtu 1500
    vlan_raw_device eth0
</code>
</code>
Note: Ports 1-3 on the netgear switch (urysw1) are inverted - internal traffic is on vlan1 and external on untagged. You can either change the above sample file, or reconfigure the switch port.
===== Links =====
[[computing:mainpage|Back to Computing Home]]
Retrieved from "https://ury.org.uk/wiki/wiki/Adding_a_New_Machine_to_the_Network"