headerimage
david-halliday.co.uk

Distribute settings etc

This is useful if you have client computers (mine are all Debian) as you can get clients to pull down updates to configuration on boot. The network protocol I have chosen to use is nfs.

apt-get install nfs-common nfs-kernel-server

edit the /etc/exports file adding the below line: 

/home/netetc 192.168.10.*(ro,insecure

This line is split into 3 parts

  • the directory to be shared (for ease I have used /home/netetc)
  • The IP range that can access the directory (in this case 192.168.10.1 - 192.168.10.254) - Due to some workstations (within the IP range) being told access denied (I don't know why) I changed this to * (anyone and everyone) and now it accepts everyone for read only which is fine.
  • The securety settings.
    [ro = ReadOnly (changes can't be made by clients)]
    [insecure = no authentication is required anyone from one of the allowed IP addresses can see this, normaly this is a securety issue but since there are no files being stored that are sensative and users can't change anything (due to the ro setting) this isn't an issue]

make the directorie to be shared: 

mkdir /home/netet

restart the server deamon: 

/etc/init.d/nfs-kernel-server sto
/etc/init.d/nfs-kernel-server start

This refreshes the list of shared directories

Clients

You have to install the client part of the application and a script to check for updates. To install the client part: 

apt-get install nfs-clien

make a directory where the network location will be mounted: 

mkdir /mnt/netet

Now you are ready to copy down config files to clients. It is important not to have superfluous files being copied down as this can compliacte things. Remember to keep a good directory structure in your /home/netetc.
my script for copying down files on boot (called MYetcupd.sh) is: 

#!/bin/sh
#add some outoput
echo "Updating /etc over network"
#set a suffex for backups.
#This adds the date then unix time in seconds.
#Gives you backups which you can tell appart.
SUFF=.$(date +%F-%s)
#set the variable for where the network drive will be mounted.
LOCALDIR=/mnt/netetc/
#mount the network etc drive
mount -t nfs rockhopper:/home/netetc $LOCALDIR
#copy updated files over
cp -Ru --backup --suffix=$SUFF $LOCALDIR* /etc/
#Unmoubnt the network etc drive
umount $LOCALDIR
exit 0

This script is a little bit of a chicken & egg situation as it wants to be on the server to update and also you need it on the client to do the first copy down of settings. My reccommendation is to store it under a scripts section on the server as detaild below but work through it once by hand to copy the settings down over the network.

You are now ready to copy settings down. Lastly (if you want to) you need to make the clients update themselves at boot. This is an edit to the inittab file. Depending on how you work it may be better to do this on individual machines. For my work I have been able to get away with making the change on rockhopper and then using my script to update the clients. Here is the addition on the bottom of the inittab file: 

#Added by David Haliday to add an update for the /etc directory
dh:2345:wait:/etc/MYscripts/MYetcupd.sh

It's always nice to put a comment on that line

Config files to copy

First set of files I setup to copy are scripts so that they will be updated on boot if needed. I store all my scripts for this in (I know its not the best place but it works for me): 

/etc/MYscript

So to make this we just: 

mkdir /home/netetc/MYscript

You can replace "MY" with anything you like, I use the initials of where I work so that it is imediatly obvious whatis my addition to the system.

Client AD authentication

To do this with the Linux server you have to already be familier with my AD authentication section. You can perform just the AD autrhentication on the clients but I'm working here on the assumption that it has been done on the server already.

Dont forget to install the correct appliaxctions on your client first or the new config files will be overwritten when you do install them.

apt-get install samba winbin

Annother change to not forget is to make the desired subdirectorie for your /home/ such as /home/NETWORK/ (makeing sure it matches the name in your custom smb.conf that will be pulled down) This is important for your users to have home directories.

To authenticate a client, If the server is already setup to do the AD authentication You can add files into the network update by: 

mkdir /home/netetc/pam.d
cp /etc/pam.d/common-* /home/netetc/pam.d
mkdir /home/netetc/samba
cp /etc/samba/smb.conf
cp /etc/nsswitch.conf /home/netetc

You also need to join your clienst to the AD domain 

net ads join -U domainadminuser@DOMAIN.INTERNA

Pull the settings down before the reboot manualy or the winbind and samba will start off with their default settings and the AD authentication won't work. If you forget to do this then just reboot the machine again (or manualy restart the services) and all will be well.