20871
Comment: init
|
10076
CipUX is generic, not something specific to DebianEdu.
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= CipUX 3.2.x Installation Guide for Debian-Edu/Skolelinux = {{{ CipUX 3.2.x installation guide for Debian-Edu/Skolelinux Original by Christian Kuelker 2005-08-01 License GFDL (No invariant sections.) Revision 0.1 2005-08-01 by Christian Kuelker (init) Revision 0.2 2005-08-11 by Christian Kuelker (add chapter 2) Revision 0.3 2005-08-12 by Christian Kuelker (add Chapter 3) Revision 0.4 2005-08-12 by Patrick Willam (several checks, "wording") Revision 0.5 2005-08-12 by Holger Sicking (typo) Revision 0.6 2005-08-12 by Christian Kuelker (/etc/hosts correction) Revision 0.7 2005-08-12 by Patrick Willam (aptitude, backup) Revision 0.8 2005-08-12 by Christian Kuelker (First steps) Revision 0.9 2005-08-12 by Radi Wieloch (errors, numbers, orthography, grammar) Revision 1.0 2005-08-12 by Christian Kuelker (repository changed) Revision 1.1 2005-08-17 by Ralf Gesellensetter (warning) Revision 1.2 2005-08-19 by Christian Kuelker (correct Revison, warning) Revision 1.3 2005-08-19 by Christian Kuelker (change first steps) Revision 1.4 2005-08-23 by Christian Kuelker (add cipux_maint_diagnostic pre) Revision 1.5 2005-09-03 by Christian Kuelker (add CAT setup) Revision 1.6 2005-09-07 by Christian Kuelker (add Samba configuration) Revision 1.7 2005-09-07 by Christian Kuelker (add Samba in cipux.conf) Revision 1.8 2005-09-15 by Michael Stamm (LDAP schema include place) Revision 1.9 2005-09-21 by Georg Damm (correct backup-path) Revision 2.0 2005-10-06 by Christian Kuelker (correct Samba install, add script) Revision 2.1 2005-10-06 by Christian Kuelker (samba access rights for LDAP) Revision 2.2 2005-10-25 by Christian Kuelker (samba default groups) Revision 2.3 2005-11-01 by Juergen Leibner (correct /etc/pam_ldap.conf) Revision 2.4 2005-11-05 by Christian Kuelker (application form installation) Revision 2.5 2005-11-24 by Patrick Willam (minor enhancements, clearifications) Revision 2.6 2005-11-25 by Georg Damm (hints to change WLUS-users to CipUX-users) Revision 2.7 2005-11-26 by Christian Kuelker (clearifications) Revision 2.8 2005-12-31 by Christian Gatzemeier (div. corrections and alternatives) Revision 2.9 2006-01-27 by Martin Herweg (install on pr06,image-deploy for fat clients) Revision 3.0 2006-04-08 by Christian Kuelker (ftp_proxy) Revision 3.1 2006-04-14 by Christian Kuelker (move to debian-wiki, some simplifications) Contents: 1 Preparing the Debian-Edu/Skolelinux system 1.1 Upgrading the LDAP server with CipUX schema 1.2 Prepare the CipUX package install process 2 Installing the CipUX framework packages 3 System configuration 3.1 Configuring the LDAP 3.2 Configure the CipUX framework 3.3 The webmin setup 3.4 Enter CAT 3.5 First steps 4 Additional system configuration 4.1 Samba configuration 4.2 CipUX-deploy 1 Preparing the Debian-Edu/Skolelinux system ---------------------------------------------- This manual is for the installation of CipUX 3.2.8 on a freshly installed Debian-edu/Skolelinux 2.0 with main server profile. *============================[ WARNING ]============================* || || || WARNING: Do not use CipUX on a productive Debian-edu/Skolelinux || || system, if you already have added users by means of WLUS || || (webmin-ldap-user-simple)! || || The installation will not delete your users, but this is not a || || migration manual and therefore the resulting LDAP datababase is || || going to be unuseable for a productive environment. || || || *===================================================================* To install CipUX you will also need a working internet connection! Almost all(!) steps in this installation manual have to be done on the machine which has been installed with the main server profile! This maschine identifies itself by the name "tjener". The only(!) steps that may also be done by using another machine are the few ones that are done by using a web-browser. Conventions in this manual: CTRL = press the control key CTRL-c press the control key, hold it, and press the c key $ = you may execute this command as any user # = you have to execute this command as root user (1)...(x) are command and output numbers and are used for references, they are not intended to be written. <OK> means pressing the button "OK". vim (you may use you favorite editor here) User-hint: (Some not tested advice from users) 1.1 Upgrading the LDAP server with CipUX schema ----------------------------------------------- Valid DNS names "ldap" and "cipux" are necessary. You need a valid name resolution for the ldap server and the host name cipux. Insert the name cipux into the /etc/hosts file by changing the line: (1) 127.0.0.1 localhost to 127.0.0.1 localhost cipux Userhint: Better and easy to do: Define a new cname (cannonical name). Webmin ->Servers ->Bind DNS ->intern. Zone ->Name Alias (Name: cipux Real Name: tjener) An ldap cname already exists in skolelinux. You also need the resolution of the name ldap. Usually it should be resolved by the local DNS server. It can be tested with the command: (2) $ ping ldap This should produce output like this: (3) PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from tjener.intern (10.0.2.2): icmp_seq=1 ttl=64 time=0.069 ms 64 bytes from tjener.intern (10.0.2.2): icmp_seq=2 ttl=64 time=0.070 ms 64 bytes from tjener.intern (10.0.2.2): icmp_seq=3 ttl=64 time=0.068 ms (4) Cancel with CTRL-c If there is output like (5) ping: unknown host ldap this means, that the computer can't know his own name as ldap, which should be the case for the server. A quick workaround for ipv4 networks is to edit the file /etc/hosts and change the line: (6)/etc/hosts 127.0.0.1 localhost cipux to 127.0.0.1 localhost ldap cipux Repeat the commands (2) and (6) until you receive the output of (3). 1.2 Prepare the CipUX package install process --------------------------------------------- Edit the file /etc/apt/sources.list and add the following lines: (7)/etc/apt/sources.list deb http://debian.cipworx.org/ sid main contrib non-free deb http://ftp.debian.org/debian/ sarge main contrib non-free Then switch off the proxy by typing (8) export http_proxy="" export ftp_proxy="" 2 Installing the CipUX framework packages ------------------------------------------- Execute these commands as root: (9) # ping debian.cipworx.org (10) # CTRL-c (11) # aptitude update (12) On some systems it must be done twice. (Ask a Debian guru why!) # aptitude update (13) # aptitude install cipux-common cipux-cibot cipux-cat-webmin 3 System configuration ------------------------- 3.1 Configuring the LDAP -------------------------- First of all we need a well configured LDAP server and just to be save a backup. We look if the ldap server is started: (14) # ps ax | grep slapd | grep -v grep This should produce output like: (15) 2890 ? Ss 0:00 /usr/sbin/slapd -h ldap:/// ldaps:/// This means the ldap server is running. So we stop it with: (16) # /etc/init.d/slapd stop We have to be sure that the ldap server is stopped. So if we execute (14) again it should not generate any output. Then we make a temporary backup, which may only be used for this ldap version. We execute the archive program: (17) # tar cvjf /skole/backup/tmp_backup_ldap.tar.bz2 /var/lib/ldap Backup Restore (Only if you need it!) +------------------------------------------------------------------+ | If you want to restore your ldap data later, you may write the | | backup back (when the ldap server is NOT running!) with: | | | | (18) | | # /etc/init.d/slapd stop | | # rm -r /var/lib/ldap | | # cd / | | # tar xvjf /skole/backup/tmp_backup_ldap.tar.bz2 | | # /etc/init.d/slapd start | +------------------------------------------------------------------+ Now we edit /etc/ldap/slapd.conf and add a new include line (at the END of the other includelines): (19) # vim /etc/ldap/slapd.conf include /etc/ldap/schema/cipux.schema *============================[ WARNING ]============================* || || || WARNING: You might like CipUX so much that you probably put the || || include in front of the other includes. But: don't do that! || || You will get errors about the not known attribute uid. || || || *===================================================================* We start the ldap server again with: (20) # /etc/init.d/slapd start And check if its started with (14). It should produce output like (15). 3.2 Configure the CipUX framework ----------------------------------- First of all we are on a Debian-edu/Skolelinux system, therefore we have to tell this to the CipUX framework by editing /etc/cipux/system.conf and change (21) # vim /etc/cipux/system.conf Customer = default to Customer = skolelinux Then you have to grant CipUX the access to the ldap server. On Debian-edu the already set root password is also the LDAP password. (It's NOT a new password!) We have to edit /etc/cipux/cipux.conf and change one line. If your LDAP pasword is "himitsu" you will have to change (22) # vim /etc/cipux/cipux.conf Ldap_Password=secret to Ldap_Password=himitsu (Use _your_ actual LDAP password instead of "himitsu"!) And only IF you also want to use Samba change Cipux_Use_Samba=no to Cipux_Use_Samba=yes After this we have to test the access to the ldap server: (paste this into one command line with propper spaceing) (23) # /usr/bin/ldapsearch -x -p 389 -h localhost -ZZ -w 'himitsu' -D 'cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no' -b 'uid=root,ou=People,dc=skole,dc=skolelinux,dc=no' -LLL (Again: use _your_ LDAP password instead of "himitsu"!) If we get: (24) ldap_bind: Invalid credentials (49) The LDAP password was wrong. (Check for the command line syntax, the LDAP password and if the LDAP password is shell save) If we get: (25) dn: uid=root,ou=People,dc=skole,dc=skolelinux,dc=no objectClass: sambaSamAccount objectClass: account uid: root sambaSID: S-1-5-21-2697446647-283449030-1896125139-1000 everything is ok. (The sambaSID may be different.) HINT [1]: If you plan to migrate from WLUS, use this link: http://skolelinux.de/wiki/CipUX/Skripte/Migration Then we check some settings by (26) # cipux_maint_diagnostic pre Now we have to change the ldap database by setting up the according CipUX structures. This is the most challenging task in the process and may not easily be reversible! Therefore the backup. What will the script do? - move ou=Machines,ou=People,dc=skole,dc=skoelinux,dc=no to ou=Machines,dc=skole,dc=skoelinux,dc=no - add ou=CipUX,ou=People,dc=skole,dc=skoelinux,dc=no - add some default objects: admin, and roles - DELETE some other objects!!! *============================[ WARNING ]============================* || || || WARNING: This script is intended to run on a 'freshly' || || installed Debian-edu/Skolelinux release/ system || || || *===================================================================* Execute the following command: (27) # cipux_setup_ldap and hopefully it will perform the work to change the ldap database. To test the installation run the diagnostic script. (28) # cipux_maint_diagnostic It should only generate tests with answers "ok". HINT [2]: If you plan to migrate from WLUS, use this link: http://skolelinux.de/wiki/CipUX/Skripte/Migration 3.3 The webmin setup -------------------- The final thing to do is to make the webmin module CAT accessible for the webmin user root. Start a browser (konqueror won't work!) User-hint: Konqueror works using https://localhost:10000 or https://10.0.2.2:10000, other local addresses are currently not in the proxy exception list (should be changed to contain .intern.) and not allowed in the proxy. (29) $ mozilla-firefox and switch off the proxy in the browser. (30) Edit -> Preferences -> General -> Connection Settings ... -> "Dircect connection to the Internet"-> <OK> Enter the following URL (location, address) into the browser's location bar: (31) https://cipux:10000 A certification dialog will pop up ... (32) select "Accept this certificate permanently" (33) <OK> Another dialog appears: "You have requested an encrypted page. The website has identified itself correctly, and information you see or enter on this page can easily be read by a third party." [...] (34) <OK> (35) Username: root Password: himitsu <Login> (use _your_ root password instead of "himitsu"!) (36) <never for this site> (37) go to Webmin -> Webmin Users -> root (38) select System -> CipUX Administration Tool (39) press "save" button New in 3.2.9: If you want your users to be able to change there password with userdata.cgi you have to do the following: * As the user root before, give the webmin user "pam" the Webmin CAT module. New in 3.2.9: If you want to use the application form module (new in 3.2.9) inside your institution without password (it doesnt mak sense with a password) you have to do the following: * create a webmin user 'applicationform' * add in webmin configuration: anonymous user access the to URLs to the user applicationform for: /cat/applicationform.cgi /cat/images 3.4. Enter CAT -------------- In webmin you have to go to (40) Webmin Index -> System -> CipUX Administration Tool 3.5 First steps --------------- If you plan to use Samba, please read 4.1 first. When you log in to CAT for the first time only the setup module (setup.cgi) is availible. You may use this as root or cipadmin. Follow the setup questions. After finishing the setup other modules will become availible depending on the setup. If you now want to create an user, you will fail because some objects do not exist yet. So please create the following objects first: (A) create a new group/course (example: class84 ) with the CAT module "groups" (German: "Gruppen") (B) create a private skel with "skeladmin" (German: "Vorlage Verzeichnis (skel)") After these object creations are done you now may add a new user with "User Support Sevice" (German: "Benutzerbetreuung") 4 Additional system configuration ----------------------------------- The additional system configuration is optional and doesn't have do be done on every system. 4.1 Samba configuration ----------------------- CipUX may be used in conjunction with samba. These steps should be processed to get CipUX respect the additional features for Samba. Note that this section does not cover specific Samba problems. This section should be applied before the creation of users or groups or workstations. * Enable Samba in CipUX (1) # vim /etc/cipux/cipux.conf Change Cipux_Use_Samba=no to Cipux_Use_Samba=yes * Edit the Samba configuration and check or change smb.conf. (2) # vim /etc/samba/smb.conf Change ldap machine suffix = ou=Machines,ou=People to ldap machine suffix = ou=Machines On Sarge this should work: passdb backend = ldapsam:ldaps://ldap On Woody this may work (if you disabled crypted connections): passdb backend = ldapsam:ldap://ldap ldap ssl = start_tls Change the machine creation add machine script = /etc/samba/smbaddclient.pl %u to add machine script = /usr/bin/cipux_add -m --attribute uid='%u' * check if the group "machine" exists: (3) # id machines should give (4) uid=900(machines) gid=900(machines) groups=900(machines),10000(none) If (3) failed you should add a group called "machines": (5) # groupadd -g 900 machines Note: this group might go into LDAP in the future. |
## page was renamed from DebianEdu/CipUX/Installation ##cipuxfirstlevelpage ||||<: tablewidth="100%" tablestyle=""rowbgcolor="#dddddd"rowstyle=""style="text-align: left;">'''CipUX'''|| ||||<:rowbgcolor="#dddddd"rowstyle=""> Installtion of CipUX || ||<(rowbgcolor="#dddddd"rowstyle=""> [[TableOfContents]] || [[Navigation(children,5)]] || = CipUX Installation 3.4.x for DebiaEdu = {{{ This is under development for now. Do not install on productive systems, as long this remark is here. }}} Choose a fresh installed DebianEdu (Etch/Lenny) (1) edit /etc/apt/sources.list add: {{{ deb http://debiantest.cipux.org/ sid main }}} Type this commands: * aptitude install cipux-common * aptitude install cipux-ldap * aptitude install cipux-object * aptitude install cipux-task * /usr/sbin/cipux_setup -svnD 129 * vim /etc/pam_ldap.conf change {{{ base ou=People,dc=skole,dc=skolelinux,dc=no }}} to {{{ base dc=skole,dc=skolelinux,dc=no }}} * vim /etc/libnss-ldap.conf change {{{ nss_base_passwd ou=People, }}} to {{{ nss_base_passwd ou=People, nss_base_passwd ou=CipUX, }}} * aptitude install cipux-rpc Use login cipadmin and known password to test the RPC server: * cipux_rpc_test_client * aptitude install cipux-cat-web * browse to http://localhost/cipux-cat-web/ * login as "cipadmin" (password was given during installation) = CipUX Installation 3.4.x for plain Debian = {{{ This is under development for now. Do not install on productive systems, as long this remark is here. }}} Choose a fresh installed Debian (Etch) with hostname cipux340 and domain name example.net (!!!). (1) edit /etc/apt/sources.list comment out something like this: {{{ # deb cdrom:[Debian GNU/Linux 4.0 r2 _Etch_ - Offical i386 NETINST Binary-1 20080103-00:44]/ etch contrib main }}} add: {{{ deb http://debiantest.cipux.org/ sid main }}} (2) |
Line 595: | Line 95: |
* (This is not tested, remarks welcome) Change pam_ldap.conf This may only be important under the following condition: User-hint: With the current configuration tools you will lose your changes on the next upgrade if you change the ldap settings by hand as described here. Use dpkg-reconfigure. Example: You create a new windows machine: ws24$ If the command id 'ws24$' does not result in a line like uid=10936(ws24$) gid=900(machines) groups=900(machines) you should solve the problem by editing pam_ldap.conf (The numbers may be different) A typo has been fixed here: (6) # vim /etc/pam_ldap.conf Change # The distinguished name of the search base. # base dc=example,dc=net base ou=People,dc=skole,dc=skolelinux,dc=no to # The distinguished name of the search base. # base dc=example,dc=net base dc=skole,dc=skolelinux,dc=no (7) Enable samba PDC with LDAP In /etc/ldap/slapd.conf change all ou=Machines,ou=People, to ou=Machines (8) Create some default groups if you want to use some logon.bat Features: Add the groups 'cipan' and 'sources' with CAT. cipan: Samba share to store application. Every user will get this share as drive I sources: Samba share where cipadmin may store CDs. cipadmin will get this share as drive J 4.2 Cipux-Deploy (after 3.2.9) The CipUX deploy module is not part of 3.2.8. 4.2.1 install tftpd-hpa apt-get install tftpd-hpa Ignore the error messsage during install, because we run tftpd standalone , not with inetd. edit the file # vim /etc/default/tftpd-hpa #Defaults for tftpd-hpa RUN_DAEMON="yes" #OPTIONS="-l -s /var/lib/tftpboot" OPTIONS=" -l -v -v -v -c -p -U 007 -u cipux -a 192.168.0.254 -s /var/lib/tftpboot " # id cipux If the user user does not exist, then create it now: # groupadd -g 200 cipux # useradd -u 200 -g 200 -d /var/lib/tftpboot -s /bin/false cipux # chown cipux /var/lib/tftpboot/cipux # chown cipux /var/lib/tftpboot/cipux/conf # chown cipux /var/lib/tftpboot/cipux/script # /etc/init.d/inetd stop # /etc/init.d/tftpd-hpa start * remove inetd from the default runlevel * add tftpd-hpa to default runlevel }}} ----- * If an error occurs: [:CipUX/Bugs:CipUX bugs and status] * How you can update to a new version: [:CipUX/Update:CipUX update] |
Type this commands: * unset http_proxy (or set it correctly) * aptitude update * aptitude install cipux-common {{{ Question 1 (Configuring slapd) Please enter the password for the admin entry in your LDAP directory. Admin password: By default: empty Correct answer: (choose one and remember it!) }}} * aptitude install cipux-ldap {{{ Question 2 (libnss-ldap) Please enter the URI of the LDAP server used. This is a string in the form ldap://<hostname or IP>:<port>/ . ldaps:// or ldapi:// can also be used. The port number is optional. Note: It is usually a good idea to use an IP address; this reduces risks of failure in the event name service is unavailable. LDAP server Uniform Resource Identifier By default: ldapi:/// Correct answer: ldap://127.0.0.1 }}} {{{ Question 3 (libnss-ldap) Please enter the distinguished name of the LDAP search base. Many sites use the components of their domain names for this purpose. For example, the domain "example.net" would use "dc=example,dc=net" as the distinguished name of the search base. distinguished name of the search base By default: dc=example.net,dc=net Correct answer: dc=example.net,dc=net }}} {{{ Question 4 (libnss-ldap) Please enter which version of the LDAP protocol ldapns is to use. It is usually a good idea to set this to highest available version number. LDAP version to use By default: 2 or 3 Correct answer: 3 }}} {{{ Question 5 (libnss-ldap) This account will be used for nss requests with root privileges. Note: For this to work the account needs permission to access the attributes in the LDAP directory that are related to the users shadow entries as well as users' and groups' passwords. LDAP account for root By default: cn=manager,dc=example,dc=net Correct answer: cn=admin,dc=example,dc=net }}} {{{ Question 6 (libnss-ldap) Bitte geben sie das Passwort ein, das verwendet wird, wenn libnss-ldap sich mit dem LDAP-Zugang fuer root am LDAP-Verzeichnis anmeldet. Das Passwort wird in einer eigenene Datei /etc/libnss-ldap.secret gespeichert, die nur fuer root lesbar ist. Beleibt das Passwort leer, wird das alte Passwort wieder benutzt. Passwort des LDAP-Zugangs fuer Root: by default: empty correct answer: (use password from above) }}} {{{ Question 7 (libpam-ldap) This option will allow you to make password utilities that use pam, to behave like you would be changing local passwords. The password will be stored in a sepereate file which will be made readable to root only. If you are using NFS mounted /etc or any other custom setup, you should disable this. Make local root Datatbase admin. By default: YES (YES or NO) Correct answer: YES }}} {{{ Question 8 (libpam-ldap) Choose this option if you can't retrieve entries from the datatbase without logging in. Note: Under normal setup, this not needed. Does the LDAP database require login? By default: NO (YES or NO) Correct answer: NO }}} {{{ Questin 9 (libpam-ldap) This account will be used when root changes a password. Note: This account has to be a privileged account. LDAP account for root: By default: cn=manager,dc=example,dc=net Correct answer: cn=admin,dc=example,dc=net }}} {{{ Question 10 (libpam-ldap) Please enter the password for the admin entry in your LDAP directory. Admin password: By default: empty Correct answer: (choose one and remember it!) }}} * aptitude install cipux-object * aptitude install cipux-task Add "ldap" and "files" to the following services in /etc/nsswitch.conf and comment out "compat" {{{ passwd: files ldap group: files ldap shadow: files ldap netgroup: files ldap automount: files ldap # passwd: compat # group: compat # shadow: compat }}} * /etc/init.d/nscd restart * /usr/sbin/cipux_setup -svnD 129 * aptitude install cipux-rpc * cipux_rpc_test_client (give cipadmin and password) * aptitude install cipux-cat-web * browse to http://localhost/cipux-cat-web/ * login as "cipadmin" (password was given during installation) Remarks: * aptitude install ... leads to a warning message as the buildserver does not sign its packages with a gpg key = CipUX Automatic Setup 3.4.x (TODO) = This chapter is intended for integrators or developers who would like to deploy CipUX on their distribution or LiveCD. So this page contains several methods to install CipUX. == apt-getting debs == You can fetch the debian packages of cipux from last svn-revision with the following entry in your sources list. Every half hour, the packages are build if there was any commit to svn-repository, so here you will get the very latest ones. This location is also available by browser via http://debiantest.cipux.org {{{ deb http://debiantest.cipux.org/ sid main }}} Get the package list * aptitude update == Setup process description == * The first setup is done via the package cipux-cibot Within the package cipux-cibot a script can be found to add * administrator * schema * ACL * PAM * add default CipUX objects * add default CipUX values * move some object if necessary * delete some objects if necessary (it is a good idea to install also cipux-common and cipux-profile for that) == Attended installation procedure == * see CipUX installation above == Unattended installation procedure == * (1) add the following files * mkdir -p /etc/cipux; chmod 700 /etc/cipux; chown root:root /etc/cipux; * echo -n "secret" > /etc/cipux/ldappassword.conf (cipuxadm password) * chmod 400 /etc/cipux/ldappassword.conf * chown root:root /etc/cipux/ldappassword.conf * echo -n "DISTRIBUTION" > /etc/cipux/system.conf (distribution: debian, debian-edu, ...) * chmod 400 /etc/cipux/system.conf * chown root:root /etc/cipux/system.conf * (2) aptitude install cipux-common cipux-cibot cipux-profile * (3) /usr/share/cipux/sbin/cipux_setup -sn * (4) aptitude install cipux-rpc cipux-cat-webim Remarks: Profile: * install cipux-profile BEFORE running cipux_setup * run: /usr/share/cipux/sbin/cipux_setup -sn -p PROFILE * list of supported profiles can be get with: ls /usr/share/cipux/sbin/cipux_profile_* * if there is no profile suitable for you, create one. * if you have created one, please share that with the community. System: * supported distributions for now are: * debian-edu * debian * ubuntu (in the future, please ask: christian@skolelinux.de) * edubuntu (in the future, please ask: christian@skolelinux.de) * example: echo -n "debian" > /etc/cipux/system.conf == Customization for (jet) unsupported Distributions == * get in contact with one of: * christian@skolelinux.de * x.oswald@free.fr * join #cipux * add a customer in /etc/cipux/customer.conf * add a customer to cipux.conf * probably change LDAP values in cipux.conf * check all pathes for executables * check LPREF variable in top level Makefile * do test it on fresh installed systems = Other CipUX Installation Guides = Installation guides for different Debian and Debian-Edu/Skolelinux releases. For Updates please read the [:DebianEdu/CipUX/Update:update page]. == On Debian (Etch) , Debian-Edu/ Skolelinux 3.0 == * This, page: see above == Older installation guides == * [:DebianEdu/CipUX/Installation/3.2.10:Installation guide for 3.2.10] * older installation guides can be found here: http://wiki.cipux.org/Archive == Debian-Edu/ Skolelinux 1.0 (Venus) == * [:DebianEdu/CipUX/Installation/3.2.0:Installation guide for 3.2.0] * older installation guides can be found here: http://wiki.cipux.org/Archive ||<tablestyle=""tablewidth="99%"rowbgcolor="#7fa0cf"> [[Navigation(siblings,1)]] || |
CipUX Installation 3.4.x for DebiaEdu
This is under development for now. Do not install on productive systems, as long this remark is here.
Choose a fresh installed DebianEdu (Etch/Lenny)
(1)
edit /etc/apt/sources.list
add:
deb http://debiantest.cipux.org/ sid main
Type this commands:
- aptitude install cipux-common
- aptitude install cipux-ldap
- aptitude install cipux-object
- aptitude install cipux-task
- /usr/sbin/cipux_setup -svnD 129
- vim /etc/pam_ldap.conf
change
base ou=People,dc=skole,dc=skolelinux,dc=no
to
base dc=skole,dc=skolelinux,dc=no
- vim /etc/libnss-ldap.conf
change
nss_base_passwd ou=People,
to
nss_base_passwd ou=People, nss_base_passwd ou=CipUX,
- aptitude install cipux-rpc
Use login cipadmin and known password to test the RPC server:
- cipux_rpc_test_client
- aptitude install cipux-cat-web
browse to http://localhost/cipux-cat-web/
- login as "cipadmin" (password was given during installation)
CipUX Installation 3.4.x for plain Debian
This is under development for now. Do not install on productive systems, as long this remark is here.
Choose a fresh installed Debian (Etch) with hostname cipux340 and domain name example.net (!!!).
(1)
edit /etc/apt/sources.list
comment out something like this:
# deb cdrom:[Debian GNU/Linux 4.0 r2 _Etch_ - Offical i386 NETINST Binary-1 20080103-00:44]/ etch contrib main
add:
deb http://debiantest.cipux.org/ sid main
(2)
Type this commands:
- unset http_proxy (or set it correctly)
- aptitude update
- aptitude install cipux-common
{{{ Question 1 (Configuring slapd) Please enter the password for the admin entry in your LDAP directory.
Admin password:
By default: empty
Correct answer: (choose one and remember it!) }}}
- aptitude install cipux-ldap
Question 2 (libnss-ldap) Please enter the URI of the LDAP server used. This is a string in the form ldap://<hostname or IP>:<port>/ . ldaps:// or ldapi:// can also be used. The port number is optional. Note: It is usually a good idea to use an IP address; this reduces risks of failure in the event name service is unavailable. LDAP server Uniform Resource Identifier By default: ldapi:/// Correct answer: ldap://127.0.0.1
Question 3 (libnss-ldap) Please enter the distinguished name of the LDAP search base. Many sites use the components of their domain names for this purpose. For example, the domain "example.net" would use "dc=example,dc=net" as the distinguished name of the search base. distinguished name of the search base By default: dc=example.net,dc=net Correct answer: dc=example.net,dc=net
Question 4 (libnss-ldap) Please enter which version of the LDAP protocol ldapns is to use. It is usually a good idea to set this to highest available version number. LDAP version to use By default: 2 or 3 Correct answer: 3
Question 5 (libnss-ldap) This account will be used for nss requests with root privileges. Note: For this to work the account needs permission to access the attributes in the LDAP directory that are related to the users shadow entries as well as users' and groups' passwords. LDAP account for root By default: cn=manager,dc=example,dc=net Correct answer: cn=admin,dc=example,dc=net
Question 6 (libnss-ldap) Bitte geben sie das Passwort ein, das verwendet wird, wenn libnss-ldap sich mit dem LDAP-Zugang fuer root am LDAP-Verzeichnis anmeldet. Das Passwort wird in einer eigenene Datei /etc/libnss-ldap.secret gespeichert, die nur fuer root lesbar ist. Beleibt das Passwort leer, wird das alte Passwort wieder benutzt. Passwort des LDAP-Zugangs fuer Root: by default: empty correct answer: (use password from above)
Question 7 (libpam-ldap) This option will allow you to make password utilities that use pam, to behave like you would be changing local passwords. The password will be stored in a sepereate file which will be made readable to root only. If you are using NFS mounted /etc or any other custom setup, you should disable this. Make local root Datatbase admin. By default: YES (YES or NO) Correct answer: YES
Question 8 (libpam-ldap) Choose this option if you can't retrieve entries from the datatbase without logging in. Note: Under normal setup, this not needed. Does the LDAP database require login? By default: NO (YES or NO) Correct answer: NO
Questin 9 (libpam-ldap) This account will be used when root changes a password. Note: This account has to be a privileged account. LDAP account for root: By default: cn=manager,dc=example,dc=net Correct answer: cn=admin,dc=example,dc=net
Question 10 (libpam-ldap) Please enter the password for the admin entry in your LDAP directory. Admin password: By default: empty Correct answer: (choose one and remember it!)
- aptitude install cipux-object
- aptitude install cipux-task
Add "ldap" and "files" to the following services in /etc/nsswitch.conf and comment out "compat"
passwd: files ldap group: files ldap shadow: files ldap netgroup: files ldap automount: files ldap # passwd: compat # group: compat # shadow: compat
- /etc/init.d/nscd restart
- /usr/sbin/cipux_setup -svnD 129
- aptitude install cipux-rpc
- cipux_rpc_test_client (give cipadmin and password)
- aptitude install cipux-cat-web
browse to http://localhost/cipux-cat-web/
- login as "cipadmin" (password was given during installation)
Remarks:
- aptitude install ... leads to a warning message as the buildserver does not sign its packages with a gpg key
CipUX Automatic Setup 3.4.x (TODO)
This chapter is intended for integrators or developers who would like to deploy CipUX on their distribution or LiveCD. So this page contains several methods to install CipUX.
apt-getting debs
You can fetch the debian packages of cipux from last svn-revision with the following entry in your sources list. Every half hour, the packages are build if there was any commit to svn-repository, so here you will get the very latest ones. This location is also available by browser via http://debiantest.cipux.org
deb http://debiantest.cipux.org/ sid main
Get the package list
- aptitude update
Setup process description
- The first setup is done via the package cipux-cibot Within the package cipux-cibot a script can be found to add
- administrator
- schema
- ACL
- PAM
- add default CipUX objects
- add default CipUX values
- move some object if necessary
- delete some objects if necessary (it is a good idea to install also cipux-common and cipux-profile for that)
Attended installation procedure
- see CipUX installation above
Unattended installation procedure
- (1) add the following files
- mkdir -p /etc/cipux; chmod 700 /etc/cipux; chown root:root /etc/cipux;
echo -n "secret" > /etc/cipux/ldappassword.conf (cipuxadm password)
- chmod 400 /etc/cipux/ldappassword.conf
- chown root:root /etc/cipux/ldappassword.conf
echo -n "DISTRIBUTION" > /etc/cipux/system.conf (distribution: debian, debian-edu, ...)
- chmod 400 /etc/cipux/system.conf
- chown root:root /etc/cipux/system.conf
- (2) aptitude install cipux-common cipux-cibot cipux-profile
- (3) /usr/share/cipux/sbin/cipux_setup -sn
- (4) aptitude install cipux-rpc cipux-cat-webim
Remarks:
- Profile:
- install cipux-profile BEFORE running cipux_setup
- run: /usr/share/cipux/sbin/cipux_setup -sn -p PROFILE
- list of supported profiles can be get with:
- ls /usr/share/cipux/sbin/cipux_profile_*
- if there is no profile suitable for you, create one.
- if you have created one, please share that with the community. System:
- supported distributions for now are:
- debian-edu
- debian
ubuntu (in the future, please ask: christian@skolelinux.de)
edubuntu (in the future, please ask: christian@skolelinux.de)
example: echo -n "debian" > /etc/cipux/system.conf
Customization for (jet) unsupported Distributions
- get in contact with one of:
- join #cipux
- add a customer in /etc/cipux/customer.conf
- add a customer to cipux.conf
- probably change LDAP values in cipux.conf
- check all pathes for executables
- check LPREF variable in top level Makefile
- do test it on fresh installed systems
Other CipUX Installation Guides
Installation guides for different Debian and Debian-Edu/Skolelinux releases. For Updates please read the [:DebianEdu/CipUX/Update:update page].
On Debian (Etch) , Debian-Edu/ Skolelinux 3.0
- This, page: see above
Older installation guides
- [:DebianEdu/CipUX/Installation/3.2.10:Installation guide for 3.2.10]
older installation guides can be found here: http://wiki.cipux.org/Archive
Debian-Edu/ Skolelinux 1.0 (Venus)
- [:DebianEdu/CipUX/Installation/3.2.0:Installation guide for 3.2.0]
older installation guides can be found here: http://wiki.cipux.org/Archive
?Navigation(siblings,1) |