290
edits
Changes
Jump to navigation
Jump to search
Line 7:
Line 7: + + Line 40:
Line 42: − + − This needs to be more formally documented, but first, follow:+ − + − + − Then also edit /etc/pam.d/system to have+ + + + + − sudoers should use "%domain\x20admins ALL=(ALL) ALL"+ − + − If ZFS, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/ − − <note warning>This information is semi-deprecated. Lloyd is currently working on our Subnet project.</note> − − − − ==== Proxy ==== − − Note: This is no longer necessary. We previously did not have port 80 open externally but do now. − − **/etc/profile** and **/etc/bash.bashrc** − export http_proxy=http://wwwcache.york.ac.uk:8080 − export ftp_proxy=http://wwwcache.york.ac.uk:8080 − − you can run the command below to append to both files − − echo -e "\n#proxy settings\nexport http_proxy=http://wwwcache.york.ac.uk:8080\nexport ftp_proxy=http://wwwcache.york.ac.uk:8080" | sudo tee -a /etc/profile | sudo tee -a /etc/bash.bashrc − − ==== DNS ==== − **/etc/hostname** − <non-FQDN-name-just-the-machine-local-name> − − **/etc/resolv.conf** − nameserver 10.0.0.4 − domain ury.york.ac.uk − search ury.york.ac.uk − − Add the machine to **uryfs1:/etc/bind/db.10-0-0**, **uryfs1:/etc/bind/db.ury** − − ==== DHCP ==== − − Add the mac address and IP to **uryfs1:/etc/dhcp/dhcpd.conf** − − ===== External access ===== − For a server to provide web services externally, we usually reverse proxy them through URY. If the server will be hosting other services, do the following: − - Get an IP assigned from the Vanbrugh subnet from IT Services. They need to know the following: − -- The server's hostname+ − + − -- The server's MAC address − − -- The server's operating system and version (e.g. Debian Squeeze) − − -- The server's location - This is V/URY <3840> − − - Once IT Services has done this (i.e. closed the request and provided you the IP), configure the server to connect out on VLAN 108 with the provided details. A sample /etc/network/interfaces file is below. − # The loopback network interface − auto lo − iface lo inet loopback − − # The primary network interface, URY Internal − auto eth0 − allow-hotplug eth0 − address 10.0.0.--+ − netmask 255.255.255.0+ − network 10.0.0.0+ − broadcast 10.0.0.255+ − dns-nameservers 10.0.0.4+ − dns-search ury.york.ac.uk+ − + − #External 108 Vanbrugh Subnet+ − iface vlan108 inet static+ − address 144.32.---.---+ − netmask 255.255.254.0+ − network 144.32.---.---+ − broadcast 144.32.---.---+ − gateway 144.32.108.76+ − dns-nameservers 144.32.128.243 − dns-search york.ac.uk − mtu 1500 − vlan_raw_device eth0 − Note: Ports 1-3 on the netgear switch (urysw1) are inverted - internal traffic is on vlan1 and external on untagged. You can either change the above sample file, or reconfigure the switch port. − − ===== Links ===== − − [[computing:mainpage|Back to Computing Home]]
Adding a New Machine to the Network (view source)
Revision as of 06:17, 10 December 2013
, 06:17, 10 December 2013no edit summary
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
* Has the device been allocated an IP address in one of the subnets allocated to us by IT Services? Have you updated the Google Doc (at https://docs.google.com/spreadsheet/ccc?key=0AtlIZR-runbWdEphYXdNQkcxU25BeFJfUGtQeFRRWnc&usp=drive_web)?
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
* Have you informed IT Services that the new device exists? See [[#Registering with LAN DB]]
* Have you configured the IP Address for the device *statically*, with DNS Servers 144.32.64.164, 144.32.128.242, 144.32.128.243? A sample /etc/network/interfaces file is below in [[#Static IP Configuration]]
* If Windows, has it been Domain Joined? If Linux/FreeBSD, have you set up Samba as per [[#Single Sign On with Samba]]?
=== Registering with LAN DB ===
=== Registering with LAN DB ===
(Your Signoff Here)
(Your Signoff Here)
==== SAMBA NOTES ====
=== Single Sign On with Samba ===
==== FreeBSD ====
http://www.whitneytechnologies.com/?p=119
* Follow the following guide: http://www.whitneytechnologies.com/?p=119
* Change the home directory path configuration from above to just be /home/%U (no domain in the path)
* Edit /etc/pam.d/system to have
<code>
auth sufficient /usr/local/lib/pam_winbind.so
auth sufficient /usr/local/lib/pam_winbind.so
</code>
* Edit sudoers to use <code>%domain\x20admins ALL=(ALL) ALL</code>
* If you are using ZFS data anywhere and plan to share over NFS or SMB, also look at https://mywushublog.com/2012/05/zfs-and-acls-with-samba/
==== Debian ====
We haven't tried this with Debian yet. We should try this with Debian.
===== Internal access =====
=== Static IP Configuration ===
/etc/network/interfaces:
<code>
<code>
iface eth0 inet static
iface eth0 inet static
address 144.32.64.xxx
netmask 255.255.255.224
network 144.32.64.160
broadcast 144.32.64.191
gateway 144.32.64.161
dns-search york.ac.uk
mtu 1500
</code>
<code>
/etc/resolv.conf:
domain ury.york.ac.uk york.ac.uk
nameserver 144.32.64.164
nameserver 144.32.128.242
nameserver 144.32.128.243
</code>
</code>