Ubuntu

This section contains useful information related to ubuntu Linux distribution.

Setup email server on UBUNTU
http://flurdy.com/docs/postfix/

Setting up Wireless:
ndiswrapper-utils
ndiswrapper-common
for grapical screen, install the follwoign package
ndisgtk

upstart

Upstart is a replacement for the traditional sysvinit package, and runs as process #1. Through upstart, we are able to have an event-driven process, whilst at the same time retaining compatibility for the original sysvinit behaviour.

All the configuration files for upstart are in /etc/init directory.

To list the known jobs and instances, its status

 initctl list

 initctl status <Job>

To start a new instance of a named Job

 initctl start <JOB>

To show the config of upstart job mysql

 initctl show-config mysql
 mysql
   start on runlevel [2345]
   stop on starting rc RUNLEVEL=[016]

Where are initscripts installed?
This has not changed; they are installed in /etc/init.d. See /etc/init.d/README.
However, most important system jobs are no longer shipped as initscripts, but as upstart jobs. These are installed in /etc/init.

How are initscripts started and stopped?
This has not changed; symlinks are made from the initscript in the /etc/init.d directory to the /etc/rc?.d directories. See /etc/init.d/README and /etc/rc?.d/README.

What order are initscripts started and stopped in?
If a service has not been converted to upstart, this has not changed; the symlinks are named SNNname or KNNname, where NN is a number from 00 to 99. The K scripts are run first in numerical order, followed by the S scripts in numerical order.
However, services which have been converted to upstart will define their start criteria in the file, like this:

 start on runlevel [2345] stop on runlevel [!2345]

This means the service will be started when the system reaches runlevel 2, 3, 4, or 5. It should be noted that it will be started in parallel with every other service that starts on those runlevels, and anything else still starting. The [!2345] in the stop on means it will be stopped whenever a runlevel that is *not* 2, 3, 4, or 5 is reached.

MANUAL SERVICE / (PERMANENT ENABLE/DISABLE)

Since Upstart 1.3 we can tell a service to only start when we want to:

 sudo sh -c "echo 'manual' > /etc/init/SERVICE.override"

where the stanza manual will stop Upstart from automatically loading the service on next boot. Any service with the .override ending will take precedence over the original service file. You will only be able to start the service manually afterwards. If you do not want this then simply delete the .override. For example:

 sudo sh -c "echo 'manual' > /etc/init/mysql.override"

Will put the MySQL service into "manual" mode. If you do not want this, afterwards you can simply do

 sudo rm /etc/init/mysql.override

and Reboot for the service to start automatically again.

NOTE - Even though the Upstart cookbook mentions the manual approach like this:

 echo "manual" >> /etc/init/SERVICE.override

If this does not work and throws you a Permission Denied error, you can use it like the one I previously mentioned, with only one ">" (Greater than sign).

How do I find the current/previous runlevel?
This has not changed; use the "runlevel" command. See runlevel(8).

How do I change the runlevel?
This has not changed, use the "telinit" command or just invoke "init" directly. See telinit(8).

How do I change the default runlevel?
You should edit /etc/init/rc-sysinit.conf instead and change the following line:

    env DEFAULT_RUNLEVEL=2

How do I change the behaviour of Control-Alt-Delete?
Edit the /etc/init/control-alt-delete.conf file. The line beginning "exec" is what upstart will run when this key combination is pressed.
To not do anything when Control-Alt-Delete is pressed, you can simply delete this file.
Note that this only affects the behaviour of Control-Alt-Delete when at a text console. In a desktop environment, this key combination is handled by the desktop itself and must be reconfigured there.

How do I enter single-user mode?
This hasn't changed. Choose the "(recovery mode)" option from GRUB; add "-s", "S" or "single" to the kernel command-line; or from a running machine, run "telinit 1" or "shutdown now".

How do I reduce the number of gettys?
In /etc/init there is a file named ttyN.conf for each getty that will be started, where N is numbered 1 to 6. Remove any that you do not want.
This will not take immediate effect, however you can run "stop ttyN" to stop one that is running.

If your system has Upstart 0.6.7 or later, (first included in Ubuntu 11.04). you will be able to disable the automatic start of these without removing them by running

 echo manual >> /etc/init/ttyN.conf 

Boot

https://help.ubuntu.com/community/UbuntuBootupHowto

Restore grub:
01. Boot the system using live cd
02. Mount the /boot partion of the hard drive as /mnt

sudo mount /dev/sda1 /mnt 03. Install grub on the system
sudo grub-install --root-directory=/mnt/ /dev/sdX 04. Reboot the system

grub2

Common options can be modified in /etc/default/grub file
most of the configuration files are there in /etc/grub.d directory
If any of the files are modified, update-grub command should be run to make the changes take effect.

Controlling Services
All the startup scripts are in /etc/init.d/ directory

To add a service (services must be in /etc/init.d folder

update-rc.d <nameoftheservice> defaults To remove it
update-rc.d <nameoftheservice> remove

File Sharing

01. NFS
02. Automount
03. Samba

NFS

01. Install the following packages using apt-get

 # apt-get -y install nfs-kernel-server nfs-common portmap

02. Modify the /etc/exports - The configuration file

• Exported directories are defined in /etc/exports
• Each entry specifies the hosts to which the file system is exported plus associated permissions and options

An entry in /etc/exports will typically look like this:

 directory machine1(option11,option12) machine2(option21,option22)

The following options can be used:

• ro: The directory is shared read only; the client machine will not be able to write to it. This is the default
• rw: The client machine will have read and write access to the directory
• no_root_squash: By default, any file request made by user root on the client machine is treated as if it is made by user nobody on the server. If no_root_squash is selected, then root on the client machine will have the same level of access to the files on the system as root on the server. This can have serious security implications, although it may be necessary if you want to perform any administrative work on the client machine that involves the exported directories.
• no_subtree_check: If only part of a volume is exported, a routine called subtree checking verifies that a file that is requested from the client is in the appropriate part of the volume. If the entire volume is exported, disabling this check will speed up transfers.
• sync: By default, all but the most recent version (version 1.11) of the exportfs command will use async behavior, telling a client machine that a file write is complete - that is, has been written to stable storage - when NFS has finished handing the write over to the filesysytem. This behavior may cause data corruption if the server reboots, and the sync option prevents this.

Examples:

 /home  192.168.0.1(rw) 192.168.0.2(ro)  # Gives rw or ro permissions to systems
 /home  192.168.0.0/255.255.255.0(rw)    # Gives read/write to all systems in 192.168.0 network
 /home  *.test.com(rw)                   # Gives read/write permission to all systems in test.com
 /home  *(rw)                            # To export to all the systems
 /home  *(sync,insecure)                 # To avoid the mounting problems in some clients
 /export 192.168.123.0/255.255.255.0(rw,sync,insecure,no_root_squash,no_subtree_check)

03. Make sure portmap deamon is running. If not, start it

 ps -ef | grep portmap
 rpc       3508     1  0 16:09 ?        00:00:00 portmap

04. Export the filesystem using exportfs command

 # exportfs -a

05. Veryfy the filesystems are exported using exportfs command

 #  exportfs
 /home           <world>

06. In the NFS client system, install the nfs client packages if not already installed

 # apt-get -y install portmap nfs-common

07. Mount the filesystem in the client systems

 # mount nfs_server_name:/home /mnt

The latest nfs-utils introduced /etc/exports.d; the files under the directory are loaded as if they are part of /etc/exports. Added/removing a new export point to the system becomes easier; just put or remove a file under the directory.

Autofs

Automount is the modern way to mount directories over a network. It is far much easier to manage and are more economic in bandwith.

The advantage of using automount are:

• Reduces the administration tasks of /etc/fstab
• Not necessary to have empty mount point directories
• No pre-mounting of directories not currently needed thus reducing the possibility of client hung

There are two types of automount maps

Direct map:

• It is used for high level directories such as /usr, that can not be used as automounter indirect mount point
• Used for unique mount point
• Full path name is required

Indirect map

• Indirect map file will have only the relative paths

01. Install the autofs package

 apt-get install autofs

02. Edit the master map file /etc/auto.master

 cat /etc/auto.master
 /home /etc/auto.home    # indirect map 
 /-    /etc/auto.direct  # direct map

03. Create the mapfile auto.home

This file will have two fields. The key field and the location filed. A * in the key field of indirect maps matches all keys. Key Substitution. An & character in the location is expanded to the value of the key field that matched the line

 test1   server1:/home/test1
 test2   server1:/home/test2
 test3   server1:/home/test3

We can replace the all the three lines with the single line like

 *       server1:/home/&

04. Start the automount daemon

 # /etc/init.d/autofs start 
            (or)
 # /etc/iinit.d/autofs reload

Samba

01. Install the samba packages on Ubuntu server

 # apt-get install samba samba-doc

02. Install the inetd and SWAT packages if you want to administer the samba using SWAT. Swat services run as part of inetd deamon

 # apt-get install inetd swat

03. Make sure swat service is enabled in /etc/inetd.conf and start the inetd daemon if not already started.

 # /etc/init.d/inetutils-inetd start

04. To configure and administer samba, in any web browser, type the IPaddress_of_the_Samba_server:901 

Filesystem

To enable quota for a file system

1. Modify the filesystem enntry in /etc/fstab with userquota and groupquota option

 /dev/mapper/vg00-rootlv /               ext3    defaults,errors=remount-ro,usrquota,grpquota 0       1

2. Run the following commands to enable the quota

 touch /quota.user /quota.group
 chmod 600 /quota.*
 mount -o remount /
 quotacheck -avugm
 quotaon -avug

ISCSI

Setting up the Target (iSCSI Server)

Install the iSCSI Target server

  apt-get install iscsitarget

Open /etc/default/iscsitarget and set ISCSITARGET_ENABLE to true

  vi /etc/default/iscsitarget
  ISCSITARGET_ENABLE=true

We can use unused logical volumes, image files, hard drives (e.g. /dev/sdb), hard drive partitions (e.g. /dev/sdb1) or RAID devices (e.g. /dev/md0) for the storage. In this example we will create a logical volume of 20GB named storage_lun1 in the volume group vg0:

  # lvcreate -L20G -n storage_lun1 vg0  

If you want to use an image file, you can create it as follows. The following command creates a image file /storage/lun1.img with a size of 20GB.

  mkdir /storage
  dd if=/dev/zero of=/storage/lun1.img bs=1024k count=20000

Now, edit the ietd.conf file. This is the place, where you configure your iSCSI targets and daemon defaults. Comment out everything in that file. At the end we add the following stanza:

  # vi /etc/iet/ietd.conf
  [...]
  Target iqn.2001-04.com.example:storage.lun1
        IncomingUser someuser secret
        OutgoingUser
        Lun 0 Path=/dev/vg0/storage_lun1,Type=fileio
        Alias LUN1
        #MaxConnections  6

The target name must be a globally unique name, the iSCSI standard defines the "iSCSI Qualified Name" as follows: iqn.yyyy-mm.<reversed domain name>[:identifier] where yyyy-mm is the date at which the domain is valid; the identifier is freely selectable. The IncomingUser line contains a username and a password so that only the initiators (clients) that provide this username and password can log in and use the storage device; if you don't need authentication, don't specify a username and password in the IncomingUser line. In the Lun line, we must specify the full path to the storage device (e.g. /dev/vg0/storage_lun1, /storage/lun1.img, /dev/sdb, etc.).

Now we tell the target that we want to allow connections to the device iqn.2001-04.com.example:storage.lun1 from the IP address 192.168.0.100 (server1.example.com) (comment out the ALL ALL line because that would allow all initiators to connect to all targets)...

  # vi /etc/iet/initiators.allow
  [...]
  iqn.2001-04.com.example:storage.lun1 192.168.0.100
  #ALL ALL

Note: In the older ubuntu systems, the ietd.conf and initiators.allow files are in /etc directory instead of /etc/iet directory.

Now, start the target daemon

  /etc/init.d/iscsitarget start

Setting up the Initiator (iSCSI Storage client)

Install the client fileset

  # apt-get install open-iscsi

Edit the /etc/iscsi/iscsid.conf and set node.startup to automatic

  # vi /etc/iscsi/iscsid.conf
  [...]
   node.startup = automatic
  [...]

Restart the Initiator

   # /etc/init.d/open-iscsi restart

Now, check what storage devices (LUNS) are available in the target

  # iscsiadm -m discovery -t st -p 192.168.123.10
  192.168.123.10:3260,1 iqn.2010-04.net.sys-admin:storage.lun0

  # iscsiadm -m node
  192.168.123.10:3260,1 iqn.2010-04.net.sys-admin:storage.lun0

The settings for the storage device iqn.2010-04.net.sys-admin:storage.lun0 on 192.168.123.10:3260,1 are stored in the file /etc/iscsi/nodes/iqn.2010-04.net.sys-admin:storage.lun0/192.168.123.10,3260,1/default. We need to set the username and password for the target in that file; instead of editing that file manually, we can use the iscsiadm command to do this for us:

  # iscsiadm -m node --targetname "iqn.2010-04.net.sys-admin:storage.lun0" --portal  "192.168.123.10:3260"  --op=update --name node.session.auth.authmethod --value=CHAP
  # iscsiadm -m node --targetname "iqn.2010-04.net.sys-admin:storage.lun0" --portal  "192.168.123.10:3260" --op=update --name node.session.auth.username --value=someuser
  # iscsiadm -m node --targetname "iqn.2010-04.net.sys-admin:storage.lun0" --portal "192.168.123.10:3260" --op=update --name node.session.auth.password --value=secret

Now, we can login, either by running

  # iscsiadm -m node --targetname "iqn.2010-04.net.sys-admin:storage.lun0" --portal "192.168.123.10:3260" --login
  Logging in to [iface: default, target: iqn.2010-04.net.sys-admin:storage.lun0, portal:
  192.168.123.10,3260]
  Login to [iface: default, target: iqn.2010-04.net.sys-admin:storage.lun0, portal:
  192.168.123.10,3260]: successful

... or by restarting the initiator:

  # /etc/init.d/open-iscsi restart

Now, the fdisk -l output will show the new LUN
If you want to log out (disconnect), you can run

   # iscsiadm -m node --targetname "iqn.2001-04.com.example:storage.lun1" --portal 
  "192.168.0.101:3260" --logout

http://ubuntuforums.org/showthread.php?t=1877348

Kernel

Dieser Artikel wurde für die folgenden Ubuntu-Versionen getestet:

• Ubuntu 12.04 Precise Pangolin
• Ubuntu 10.04 Lucid Lynx

Zum Verständnis dieses Artikels sind folgende Seiten hilfreich:

1. Installation von Programmen
2. Ein Terminal öffnen

Inhaltsverzeichnis [-]

1. Kernel installieren [-]
   1. Backport-Kernel [+]
   2. Mainline-Kernel
   3. Kernel neu installieren
2. Kernel deinstallieren [-]
   1. Weitere Möglichkeiten
3. Echtzeitkernel [-]
   1. Ubuntu 14.04
   2. Ubuntu 12.04
   3. Ubuntu 10.04
4. Hyper-Threading aktivieren
5. Problembehebung [-]
   1. Kein Speicherplatz mehr frei
6. Links [-]
   1. Intern
   2. Extern

Aus der Wikipedia: Ein Betriebssystemkern oder Systemkern (englisch kernel [ˈkɝːnəl]) ist der zentrale Bestandteil eines Betriebssystems. In ihm ist die Prozess- und Datenorganisation festgelegt, auf der alle weiteren Softwarebestandteile des Betriebssystems aufbauen. Er bildet die unterste Softwareschicht des Systems und hat direkten Zugriff auf die Hardware. Die Konstruktion eines Betriebssystemkerns gehört zum Themenbereich der Informatik und des Softwareengineerings. Gängige Anforderungen an einen Systemkern sind Parallelverarbeitung verschiedener Aufgaben (Multitasking), Einhaltung zeitkritischer Grenzen, Offenheit für unterschiedlichste Anwendungen und Erweiterungen.
Den Linux-Kernel gibt es in verschiedenen Varianten. Hauptsächlich sind dies:

• Desktopkernel oder Generischer Kernel
• Serverkernel (ab Ubuntu 12.04 wird der generische Kernel verwendet)
• Kernel für virtuelle Maschinen
• Echtzeitkernel

Kernel installieren

Bei der Installation von Ubuntu wird automatisch ein Kernel installiert, denn ohne diesen wäre das ganze System nicht lauffähig. Unter Ubuntu werden Kernel wie normale Software über die Paketverwaltung installiert ^[1]. Die entsprechenden Paketnamen heißen immer

• linux-image-VERSION-ABINUMMER-VARIANTE

bzw. als konkretes Beispiel

• linux-image-3.2.0-23-generic

Aber Achtung: Einen Kernel sollte man besser über ein Metapaket wie

• linux-generic

installieren, denn nur so wird gewährleistet, dass bei einer Systemaktualisierung ("Kernelupdate") immer automatisch die passenden Module und Kernel-Header-Dateien installiert werden. Bei der Installation eines Kernels wird dieser ebenfalls automatisch in den Bootmanager GRUB 2 bzw. GRUB eingetragen, so dass beim nächsten Rechnerstart die neuste Kernel-Version gebootet wird. Weitere Informationen zu Metapaketen und Informationen zu den unterschiedlichen Architekturen findet man im Artikel Metapakete.

Backport-Kernel

Ubuntu 10.04

Für die LTS-Version Ubuntu 10.04 gibt es einen aus Ubuntu 11.10 zurückportierten neueren Kernel 3.0. Dieser Kernel ist dann empfehlenswert, wenn man sehr neue Hardware oder Funktionen nutzen möchte, die vom Standardkernel 2.6.32 noch nicht unterstützt wurde. Installiert wird der neue Kernel über die folgenden Metapakete:

• linux-headers-generic-lts-backport-oneiric
• linux-image-generic-lts-backport-oneiric

Die Installation der jeweiligen Header empfiehlt sich unbedingt, falls von DKMS verwaltete Kernelmodule verwendet werden, was zum Beispiel beim proprietären Treiber für NVIDIA-Grafikkarten und bei Virtualbox der Fall ist.

Ubuntu 12.04

Bei Ubuntu 12.04 LTS hat man sich für einen anderen Weg entscheiden, neuere Kernel als 3.2 zur Verfügung zu stellen: LTS Enablement Stacks. Daher lauten die Paketnamen hier:

• Kernel 3.13 (unterstützt bis April 2019):
  
  • linux-headers-generic-lts-trusty
  • linux-image-generic-lts-trusty
• Kernel 3.11 (unterstützt bis August 2014):
  
  • linux-headers-generic-lts-saucy
  • linux-image-generic-lts-saucy
• Kernel 3.8 (unterstützt bis August 2014):
  
  • linux-headers-generic-lts-raring
  • linux-image-generic-lts-raring
• Kernel 3.5 (unterstützt bis August 2014):
  
  • linux-headers-generic-lts-quantal
  • linux-image-generic-lts-quantal

Ubuntu 14.04

Analog zu Ubuntu 12.04 liegen bisher folgende Kernel vor (Stand: 12/2014):

• Kernel 3.16 (unterstützt bis August 2016):
  
  • linux-headers-generic-lts-utopic
  • linux-image-generic-lts-utopic

Mainline-Kernel

Seit März 2009 gibt es weiterhin die Möglichkeit, einen "Mainline-Kernel" zu installieren. Damit wird man unabhängig von der über die offiziellen Paketquellen vorgegebenen Kernel-Version. Mehr Informationen finden sich im eigenen Artikel Mainline-Kernel.

Kernel neu installieren

Unter Umständen kann zur Reparatur des aktuell laufenden Kernels eine Neuinstallation nötig sein. Dies erfolgt einfach über den Befehl:

sudo apt-get install --reinstall linux-image-$(uname -r) 

Kernel deinstallieren

Hinweis:

Bei einer Aktualisierung des Kernels wird der alte Kernel niemals automatisch entfernt. Dadurch ist es möglich – falls es zu Problemen mit dem neueren Kernel kommen sollte – noch den Vorgänger-Kernel zu booten.

Betreibt man ein Ubuntu-System über einen längeren Zeitraum, so häufen sich die verschiedenen Kernel-Versionen an. Da ein Kernel zusammen mit Header-Dateien und Kernel-Modulen einiges an Platz auf der Festplatte belegen kann (ca. 200 MiB), sollte man im Rahmen der Systempflege bei Gelegenheit ältere Kernelversionen, die man nicht mehr nutzt, von Hand deinstallieren. Besonders wichtig ist das bei verschlüsselten Systemen, die für /boot eine eigene Partition nutzen: ist diese voll belegt, können Kernel-Aktualisierungen nicht mehr automatisch installiert werden.
Durch automatische Systemaktualisierungen (Updates) werden fehlerbereinigte Versionen des Kernels auf dem System installiert. Dies erkennt man, wenn man beim Booten des System in GRUB 2 mehrere Einträge zum Booten des Systems sieht. Bis Ubuntu 10.04 werden alle Kernel im Hauptmenü angezeigt, ab Ubuntu 11.04 muss man das Untermenü "Previous Linux versions" auswählen, um die älteren Kernel zu sehen. Das sieht dann beispielsweise so aus:

GRUB 2 Hauptmenü

Untermenü für ältere Kernel

Beim Vergleich der linken und der rechten Abbildung erkennt man, dass neben dem neuesten Kernel 3.2.0-23-generic noch zwei ältere Kernel im System vorhanden sind: die Versionen 3.2.0-22-generic und 3.0.0-16-generic. Will man also im obigen Beispiel den älteren Kernel 3.0.0-16-generic und die Header-Dateien deinstallieren, so sucht man in der Paketverwaltung ^[1] nach den Paketen

• linux-image-3.0.0-16
• linux-headers-3.0.0-16

und deinstalliert sie. Dabei werden auch automatisch alle dazugehörigen Kernel-Module entfernt, ebenso wie der Eintrag in den Bootmanagern GRUB 2 und GRUB, um diesen Kernel zu booten. Da das bei Ubuntu und Xubuntu übliche Software-Center alte, nicht mehr benötigte Kernel nicht anzeigt, installiert man für diese Aufgabe entweder die grafische Paketverwaltung Synaptic oder verwendet apt-get in einem Terminalfenster:

sudo apt-get remove --purge linux-image-3.0.0-16-generic linux-headers-3.0.0-16 

Weitere Möglichkeiten

Wenn sehr viele alte Kernel vorhanden sind, dann ist es relativ mühsam, alle mit dem obigen Befehl über die Kommandozeile zu entfernen. Mit dem folgenden Befehl werden alle alten Kernel einschließlich der Header-Dateien bis auf den aktuellen aufgelistet:

dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' 

Hat man die Ausgabe kontrolliert, kann man nun mit dem gleichen Befehl, aber um den Zusatz " | xargs sudo apt-get -y purge" ergänzt, die jeweiligen Pakete entfernen:

dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge 

Ab Ubuntu 13.04 kann alternativ der folgende Befehl verwendet werden. Mit:

sudo apt-get -s autoremove --purge 

testet man vorher (-s = simulieren), was das Paketsystem als unnötige Pakete definiert und deinstallieren würde. Enthält die Ausgabe nichts erhaltenswertes, schreitet man zur Tat:

sudo apt-get autoremove --purge 

Dadurch werden alle alten Kernel bis auf die beiden aktuellsten Kernel entfernt (situationsabhängig ist es auch möglich, dass manchmal drei Kernel verbleiben). Ab Ubuntu 13.10 reicht ein:

sudo apt-get autoremove 

Da die Option autoremove nicht nur Kernel-Pakete löscht, sei noch auf das Skript purge-old-kernels verwiesen.

Echtzeitkernel

Für manche Spezialanwendungen wird eine zuverlässig niedrige Reaktionszeit des Systems benötigt. Unter Umständen konnte der normale Kernel eines Ubuntu-Systems diese Anforderung nicht hinreichend erfüllen. Für solche Fälle gibt es von die früher von Ubuntu Studio bereitgestellten, auf Echtzeitverhalten optimierten Kernel, die das gesamte "Realtime-Patchset" von Ingo Molnár enthalten. Ab Ubuntu 12.04 wurde diese speziellen Funktionen teilweise in den Standard-Kernel integriert, wodurch man nun von einem "Low Latency"-Kernel spricht.
Eine mögliche Anwendung sind Audio-Workstations mit extrem niedrigen Latenzen. Weitere Informationen zur Konfiguration eines Tonstudio-PCs findet man im Artikel Tonstudio/Konfiguration. Für reine Desktop-Systeme bringt ein Echtzeit- oder "Low Latency"-Kernel keinen Vorteil! Im Gegenteil: Unter Umständen kann der Durchsatz sinken und der Stromverbrauch steigen.

Ubuntu 14.04

Die benötigten Pakete sind über die Ubuntu-Paketquellen verfügbar. Im Gegensatz zu Ubuntu 12.04 (siehe unten) existiert nur noch ein Paket, da PAE-Unterstützung durch den Prozessor nun eine zwingende Voraussetzung ist.

• linux-lowlatency (universe)

mit apturl

Paketliste zum Kopieren: apt-get aptitude

sudo apt-get install linux-lowlatency 

Ubuntu 12.04

Zu Installieren ^[1] sind folgende Pakete:

• linux-lowlatency (universe)

mit apturl

Paketliste zum Kopieren: apt-get aptitude

sudo apt-get install linux-lowlatency 

oder

• linux-lowlatency-pae (universe)

mit apturl

Paketliste zum Kopieren: apt-get aptitude

sudo apt-get install linux-lowlatency-pae 

Welche Variante man benötigt, hängt vom Prozessor ab. Faustregel: man orientiert sich an der Ausgabe des Befehls

uname -r 

Taucht in der Ausgabe "pae" auf, nimmt man das dazugehörige Paket.

Ubuntu 10.04

Der Hauptunterschied zum Low-Latency-Kernel, der mit bereits im Vanilla-Kernel integrierten Teilen des Molnár-Patchsets auskommt, besteht in der Möglichkeit, Interrupts unterbrechbar(!) zu machen: sie werden von eigenen, mittels chrt priorisierbaren Threads behandelt. Siehe auch RealTimeKernel .

• linux-rt (multiverse)

mit apturl

Paketliste zum Kopieren: apt-get aptitude

sudo apt-get install linux-rt 

Hyper-Threading aktivieren

Hyper-Threading (HTT) wird bei der Installation von Ubuntu Linux manchmal nicht automatisch aktiviert. Dies kann man jedoch mit ein paar Handgriffen schnell ändern. Zuerst muss sichergestellt sein, dass ein passender Kernel mit SMP-Unterstützung installiert ist. Unter Ubuntu ist dies der generic-Kernel.
Um zu prüfen, ob die Installation den Prozessor erkannt hat, gibt man im Terminal ^[2] folgenden Befehl ein:

lscpu 

Wird hier unter "Thread(s) per core:" mehr als "1" angezeigt, ist der nächste Schritt nicht nötig.
Um die Funktion manuell zu aktivieren, muss man ht=on oder acpi=ht als Boot-Parameter für den Kernel hinzufügen. Wie das geht, ist im Artikel Bootoptionen beschrieben. Nachdem man die Änderungen gespeichert hat, ist Hyper-Threading nach einem Neustart des Rechners aktiv.

Hinweis:

Nicht jeder Prozessor, bei dem mittels des Befehls

grep ht /proc/cpuinfo 

das Flag ht angezeigt wird, ist auch tatsächlich HTT-fähig.

Problembehebung

Kein Speicherplatz mehr frei

Es sollen Aktualisierungen installiert werden, aber auf der separaten /boot-Partition ist kein Speicherplatz mehr frei. Die Paketverwaltung meldet beim Versuch, einen älteren Kernel zu deinstallieren einen Fehler:

gzip: stdout: No space left on device

Die Paketverwaltung muss wieder in einen arbeitsfähigen Zustand gebracht werden. Dazu werden nicht mehr benötigte ältere Kernel manuell mit rm und Root-Rechten entfernt.

Links

Intern

• Was ist Linux?
• Kernel/Linux-Versionsnummern
• Kernelmodule
• Mainline-Kernel
• Kernel/Kompilierung
• Bootoptionen

Extern

• Kernel im Ubuntu-Wiki
  
  • Kernel FAQ
  • Kernel Basis der Ubuntu Versionen
  • Kernel Rolling Release Kernel-Rückportierung auf LTS Versionen
  • LTS Enablement Stacks und unterstützte Kernelversionen
• Wikipedia: Linux Kernel
• Wikipedia: Linux Kernel
  
  
  

  Kickstart

  Cobbler for Ubuntu:
  

  # sudo apt-get install cobbler cobbler-web
  
   # cobbler check
   The following are potential configuration items that you may want to fix:
   1 : debmirror package is not installed, it will be required to manage debian deployments and repositories
   Restart cobblerd and then run 'cobbler sync' to apply changes.
  
   # apt-get install debmirror
  
   # cobbler check
   No configuration problems found.  All systems go.
  
  # cobbler sync
  task started: 2013-08-06_141138_sync
  task started (id=Sync, time=Tue Aug  6 14:11:38 2013)
  running pre-sync triggers
  cleaning trees
  mkdir: /var/lib/tftpboot/pxelinux.cfg
  mkdir: /var/lib/tftpboot/grub
  mkdir: /var/lib/tftpboot/images
  mkdir: /var/lib/tftpboot/s390x
  mkdir: /var/www/cobbler/rendered
  mkdir: /var/lib/tftpboot/ppc
  mkdir: /var/lib/tftpboot/etc
  removing: /var/lib/tftpboot/grub/images
  copying bootloaders
  trying hardlink /usr/lib/syslinux/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
  trying hardlink /usr/lib/syslinux/menu.c32 -> /var/lib/tftpboot/menu.c32
  trying hardlink /usr/lib/syslinux/chain.c32 -> /var/lib/tftpboot/chain.c32
  copying: /boot/memtest86+_multiboot.bin -> /var/lib/tftpboot/images/memtest86+_multiboot.bin
  copying: /boot/memtest86+.bin -> /var/lib/tftpboot/images/memtest86+.bin
  trying hardlink /usr/lib/syslinux/memdisk -> /var/lib/tftpboot/memdisk
  copying distros to tftpboot
  copying images
  generating GPXE/PXE configuration files
  generating PXE menu structure
  rendering TFTPD files
  generating /etc/xinetd.d/tftp
  cleaning link caches
  running post-sync triggers
  running python triggers from /var/lib/cobbler/triggers/sync/post/*
  running python trigger cobbler.modules.sync_post_restart_services
  running shell triggers from /var/lib/cobbler/triggers/sync/post/*
  running python triggers from /var/lib/cobbler/triggers/change/*
  running python trigger cobbler.modules.scm_track
  running shell triggers from /var/lib/cobbler/triggers/change/*
  *** TASK COMPLETE *** 

  If cobbler-web is installed, there should be a /etc/apache2/conf.d/cobbler_web.conf file that configures Apache to run the Cobbler web interface.
  The cobbler web interface is served by apache at http://<hostname>/cobbler_web
  If cobbler does not prompt you for a password, it should set the default username and password to cobbler / cobbler, however, if the default does not work, you may set the password by running:

   htdigest /etc/cobbler/users.digest "Cobbler" cobbler 
  

  Which will prompt you for a new password.
  Once you have updated the password remember to run
  

   cobbler sync
  
  
   mount /dev/cdrom /mnt 
   mount: block device /dev/sr0 is write-protected, mounting read-only
  

  cobbler import --name ubuntu-server --path /mnt --breed=ubuntu --os-version=precise --arch=x86_64
  task started: 2013-08-06_163656_import
  task started (id=Media import, time=Tue Aug  6 16:36:56 2013)
  Found a debian/ubuntu compatible signature: pool
  adding distros
  avoiding symlink loop
  avoiding symlink loop
  avoiding symlink loop
  avoiding symlink loop
  creating new distro: ubuntu-server-x86_64
  creating new profile: ubuntu-server-x86_64
  associating repos
  traversing distro ubuntu-server-x86_64
  descent into /var/www/cobbler/ks_mirror/ubuntu-server-x86_64
  associating kickstarts
  Found ubuntu release file: /var/www/cobbler/ks_mirror/ubuntu-server-x86_64/dists/precise/Release
  skipping /var/www/cobbler/ks_mirror/ubuntu-server-x86_64/dists/stable
  skipping /var/www/cobbler/ks_mirror/ubuntu-server-x86_64/dists/unstable
  *** TASK COMPLETE ***

  After importing an Ubuntu Server/Alternate ISO, a default/sample preseed is used. This preseed is found at:

   /var/lib/cobbler/kickstarts/sample.seed
  

  When using this preseed file to deploy Ubuntu, questions will be asked and the administrator will have to interact with the installation and respond accordingly. However, it is possible to use an alternative preseed file so to install Ubuntu automatically, no questions asked.

  No Questions Asked preseed

  Creating the preseed:
  The No Questions Asked preseed, will install Ubuntu without having to ask questions to the administrator. The first thing we need to do is to create a new file on which to copy the preseed:
  

   sudo vim /var/lib/cobbler/kickstarts/ubuntu-nqa.seed 
   And we copy the following:
  

  # Ubuntu Server Quick Install
  # by Dustin Kirkland <kirkland@ubuntu.com>
  #  * Documentation: http://bit.ly/uquick-doc
  
  d-i     debian-installer/locale string en_US.UTF-8
  d-i     debian-installer/splash boolean false
  d-i     console-setup/ask_detect        boolean false
  d-i     console-setup/layoutcode        string us
  d-i     console-setup/variantcode       string
  d-i     netcfg/get_nameservers  string
  d-i     netcfg/get_ipaddress    string
  d-i     netcfg/get_netmask      string 255.255.255.0
  d-i     netcfg/get_gateway      string
  d-i     netcfg/confirm_static   boolean true
  d-i     clock-setup/utc boolean true
  d-i     partman-auto/method string regular
  d-i     partman-lvm/device_remove_lvm boolean true
  d-i     partman-lvm/confirm boolean true
  d-i     partman/confirm_write_new_label boolean true
  d-i     partman/choose_partition        select Finish partitioning and write changes to disk
  d-i     partman/confirm boolean true
  d-i     partman/confirm_nooverwrite boolean true
  d-i     partman/default_filesystem string ext3
  d-i     clock-setup/utc boolean true
  d-i     clock-setup/ntp boolean true
  d-i     clock-setup/ntp-server  string ntp.ubuntu.com
  d-i     base-installer/kernel/image     string linux-server
  d-i     passwd/root-login       boolean false
  d-i     passwd/make-user        boolean true
  d-i     passwd/user-fullname    string ubuntu
  d-i     passwd/username string ubuntu
  d-i     passwd/user-password-crypted    password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4.
  d-i     passwd/user-uid string
  d-i     user-setup/allow-password-weak  boolean false
  d-i     user-setup/encrypt-home boolean false
  d-i     passwd/user-default-groups      string adm cdrom dialout lpadmin plugdev sambashare
  d-i     apt-setup/services-select       multiselect security
  d-i     apt-setup/security_host string security.ubuntu.com
  d-i     apt-setup/security_path string /ubuntu
  d-i     debian-installer/allow_unauthenticated  string false
  d-i     pkgsel/upgrade  select safe-upgrade
  d-i     pkgsel/language-packs   multiselect
  d-i     pkgsel/update-policy    select none
  d-i     pkgsel/updatedb boolean true
  d-i     grub-installer/skip     boolean false
  d-i     lilo-installer/skip     boolean false
  d-i     grub-installer/only_debian      boolean true
  d-i     grub-installer/with_other_os    boolean true
  d-i     finish-install/keep-consoles    boolean false
  d-i     finish-install/reboot_in_progress       note
  d-i     cdrom-detect/eject      boolean true
  d-i     debian-installer/exit/halt      boolean false
  d-i     debian-installer/exit/poweroff  boolean false
  d-i     pkgsel/include string byobu vim openssh-server
  byobu   byobu/launch-by-default boolean true

  The above example sets the password to be ubuntu, in the following line:
  
  d-i passwd/user-password-crypted password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4.
  We can generate a different password hash using the mkpasswd program, which is found in the whois package. Here is an example of how to generate a password hash:

   printf "password-goes-here" | mkpasswd -s -m sha-512
  

  Changing a Profile's preseed

  Now, after importing an ISO, we can easily change the preseed to be used by a profile, or in the case of a Mini ISO, we need to set it. To do this, we make use of the following command:
  

   sudo cobbler profile edit
  

  However, we need to consider the following parameters:
  

   --name: Name of the profile for which to change the preseed.
   --kickstart: Location of the new preseed to use.
   --kopts: Additional kernel options
  

  To change the preseed of a profile, we do as follows:
  

   sudo cobbler profile edit --name=natty-i386 --kickstart=/var/lib/cobbler/kickstarts/ubuntu-nqa.seed --kopts="priority=critical locale=en_US" 

  LDAP

  Configuring LDAP Server in Ubuntu
  Setting up LDAP clients for UNIX authentication
  Implementing Autofs using LDAP maps
  Configuring LDAP to authenticate Samba users
  

  LDAP on Ubuntu/Debian

  Setting up the LDAP server
  
  01. Install the slapd, ldap-utils and migrationtools packages
  # apt-get install slapd ldap-utils migrationtools phpldapadmin
  02. Create a link for ldapadmin for Web access
  # ln -s /usr/share/phpldapadmin /var/www/phpldapadmin
  03. Modify the dc values in /usr/share/phpldapadmin/config/config.php file as follows:
  $ldapservers->SetValue($i,'server','base',array('dc=sys-admin,dc=net'));
  04. Re-configure the slapd package. Answer the questions as bellow
  # dpkg-reconfigure slapd OpenLDAP server configuration?: no DNS domain name: sys-admin.net Name of your organization: Organization Name Admin passwd: secret Confirm admin password: secret Database backend: BDB Database to be removed when slapd is purged: no Allow LDAPv2 protocol: no Omit openLDAP server configuration: no
  05. Start the LDAP server if not started already
  # /etc/init.d/slapd start
  06. Test the ldap server
  # ldapsearch -x -b dc=sys-admin,dc=net # ldapsearch -x -b 'dc=sys-admin,dc=net' '(objectclass=*)'
  07. Add initial entries to ldap database. Use the migrationtools to convert the /etc files to LDAP files
  7a. Modify the $DEFAULT_MAIL_DOMAIN and $DEFAULT_BASE in /usr/share/migrationtools/migrate_common.ph file from padl to your domain name.
  $DEFAULT_MAIL_DOMAIN = "sys-admin.net"; $$DEFAULT_BASE = "dc=sys-admin,dc=net"; $IGNORE_UID_BELOW = 1000; $IGNORE_GID_BELOW = 1000; $IGNORE_UID_ABOVE = 9999; $IGNORE_GID_ABOVE = 9999;
  7b. Convert the /etc/hosts, /etc/passwd, /etc/group, etc.. to ldif format using migrationtools
  /migrate_base.pl > /tmp/base.ldif /migrate_group.pl /etc/group /tmp/group.ldif /migrate_hosts.pl /etc/hosts /tmp/hosts.ldif /migrate_passwd.pl /etc/passwd /tmp/passwd.ldif /migrate_automount.pl /etc/auto.master /tmp/automount.ldif /migrate_automount.pl /etc/auto.home >> /tmp/automount.ldif
  7c. Add the ldiff files to LDAP database
  ldapadd -x -D "cn=admin,dc=sys-admin,dc=net" -W -f /tmp/base.ldif ldapadd -x -D "cn=admin,dc=sys-admin,dc=net" -W -f /tmp/passwd.ldif ldapadd -x -D "cn=admin,dc=sys-admin,dc=net" -W -f /tmp/group.ldif ldapadd -x -D "cn=admin,dc=sys-admin,dc=net" -W -f /tmp/hosts.ldif ldapadd -x -D "cn=admin,dc=sys-admin,dc=net" -W -f /tmp/automount.ldif
  LDAP server is ready now

  LDAP Authentication in ubuntu

  01. On the client system, install the following packages
  # apt-get install ldap-utils libpam-ldap libnss-ldap nscd
  The libnss-ldap and libpam-ldap packages ask few questions. Answer them
  LDAP Server host: <IP address of Server> The distinguished name of the search base: dc=sys-admin,dc=net LDAP version to use: 3 LDAP account for root: cn=admin,dc=sys-admin,dc=net Root account passwd: <your password Here> Make local root Database admin: Yes Database requires logging in: No Root login account: cn=admin,dc=gene,dc=com
  02. Edit the /etc/nsswitch.conf file
  cat /etc/nsswitch.conf passwd: compat ldap group: compat ldap shadow: compat ldap
  03. Add / Edit /etc/ldap/ldap.conf file
  cat /etc/ldap/ldap.conf BASE dc=sys-admin, dc=net URI ldap://IP-address_of_your_ldap_server
  04. Modify the common-account, common-auth, common-password, common-session, su and ssh pam modules as follows
  # cat /etc/pam.d/common-account account sufficient pam_ldap.so account required pam_unix.so use_first_pass # cat /etc/pam.d/common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass # cat /etc/pam.d/common-password password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass # cat /etc/pam.d/common-session session sufficient pam_ldap.so session required pam_unix.so session optional pam_foreground.so # cat /etc/pam.d/ssh auth required pam_env.so # [1] auth required pam_env.so envfile=/etc/default/locale @include common-auth account required pam_nologin.so @include common-account @include common-session session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so @include common-password # cat /etc/pam.d/su auth sufficient pam_rootok.so session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale session optional pam_mail.so nopen @include common-auth @include common-account @include common-session # cat /etc/pam.d/passwd @include common-password
  05. Modify /etc/libnss-ldap.conf and /etc/pam_ldap.conf as follows
  # cat /etc/libnss-ldap.conf host <IP-Address_of_LDAP_server> base ou=People,dc=sys-admin,dc=net uri ldap://IPaddress_of_Ldap_server/ ldap_version 3 nss_base_passwd ou=People,dc=sys-admin,dc=net nss_base_group ou=Group,dc=sys-admin,dc=net
  06. Verify the system can get the user information from LDAP server using getent command
  # getent passwd
  07. Try logging in to the system using LDAP user
  Problem:
  01. While the LDAP server comes up, it gives the following error message repeated several times and takes very long time to boot
  udevd[374]: nss_ldap: could not connect to any LDAP server as (null) -
  Can't contact LDAP server
  Sol: This is the problem with libnss-ldap package and a known problem. The booting time can be considerably reduced by adding the following lines to /etc/ldap/ldap.conf or /etc/libnss-ldap.conf
  bind_policy hard nss_reconnect_tries 2 nss_reconnect_sleeptime 1 nss_reconnect_maxconntries 2
  Also, change nsswitch.conf as follows
  passwd files ldap group files ldap shadow files ldap
  Alternatively, download and install the following package
  http://www.porcheron.info/libnss-ldap_251-7_i386.deb
  02. Could not change the password of Ldap users. Gives "User not known to the underlying authentication module"
  Sol: Make sure /etc/pam.d/passwd files has entries in the following order
  password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5

  Autofs using LDAP on ubuntu

  For installing nfs-server, client packages and configuring automount, refer File Sharing section here
  
  On the LDAP server:
  01. Install autofs-ldap in server. This package contains /etc/ldap/schema/autofs.schema file. Without this autofs.schma, it is not possible to add automountMap object class in LDAP.
  # apt-get install autofs autofs-ldap
  2a. Add the following line in /etc/ldap/slapd.conf in the ldap server
  include /etc/ldap/schema/autofs.schema 2b. Restart the ldap daemon
  # /etc/init.d/slapd restart
  03. Create the auto.master map entry for LDAP
  3a. If you want to keep auto.master map file also in the LDAP server, add the following ldif to ldap server. Else, skip this step and continue to step 04
  # cat /root/auto.master.ldif dn: ou=auto.master, dc=sys-admin,dc=net ou: auto.master objectClass: top objectClass: automountMap dn: cn=/home,ou=auto.master, dc=sys-admin,dc=net objectClass: automount automountInformation: ldap:192.168.123.51:ou=auto.home,dc=sys-admin,dc=net --timeout 30 cn: /home
  3b. Add the contents of /root/auto.master to ldap server
  # ldapadd -x -D "cn=admin,dc=sys-admin,dc=net" -W -f /root/auto.master.ldif
  04. Create the auto.home map entries for LDAP
  4a. If /etc/auto.home already exits, convert it to ldif format using migration tools. If not, create a file called autofs.ldif shown bellow.
  # /usr/share/migrationtools/migrate_automount.pl /etc/auto.home /root/autofs.ldif # cat autofs.ldif dn: ou=auto.home,dc=sys-admin,dc=net objectClass: top objectClass: automountMap ou: auto.home dn: cn=test1,ou=auto.home,dc=sys-admin,dc=net objectClass: automount cn: test1 automountInformation: 192.168.123.51:/home/test1 dn: cn=test2,ou=auto.home,dc=sys-admin,dc=net objectClass: automount cn: test2 automountInformation: 192.168.123.51:/home/test2
  4b. Add the contents of /root/autofs.ldif to the LDAP database
  # ldapadd -x -D "cn=admin,dc=sys-admin,dc=net" -W -f autofs.ldif
  On all the client systems where you want the directories automount, do the following
  01. Install autofs and autofs-ldap packages. Without autofs-ldap package, client may not pick up the master map file auto.master from the LDAP server
  # apt-get install autofs autofs-ldap
  02. If you have already added auto.master map entries to LDAP server and want to serve /etc/auto.master file also by ldap server, add the following line to /etc/nsswitch.conf. If you want to keep local auto.master file in each server, skip to step 04.
  automount: ldap files
  03. Add the following lines to /etc/nsswitch.conf file
  automount files ldap
  04. If you want to keep the local /etc/auto.master file in each server, modify it as shown bellow to refer LDAP server for map files. Otherwise, skip to next step
  # cat /etc/auto.master /home ldap:LDAP_server_name:ou=auto.home,dc=sys-admin,dc=net
  05. Restart the autofs daemon
  # /etc/init.d/autofs restart
  06. Test whether automount is working fine

  SAMBA and LDAP in ubuntu

  01. Install samba and samba-doc packages. samba.schema is included in samba-doc package
  # apt-get install samba samba-doc
  02. Copy /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz to /etc/ldap/schema/ directory and unzip it
  # cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/ # cd /etc/ldap/schema/ # gunzip samba.schema.gz
  03. Add the following line in /etc/ldap/slapd.conf
  include /etc/ldap/schema/samba.schema
  04. Setup the samba server. Edit the /etc/samba/smb.conf file as follows and restart the samba server
  # cat smb.conf [global] workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) obey pam restrictions = Yes #--- Logging options log level = 2 debug pid = yes debug timestamp = yes debug uid = yes #---LDAP authentication settings passdb backend = ldapsam guest passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=sys-admin,dc=net ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn = cn=admin,dc=sys-admin,dc=net [secretdata] comment = Samba home from LDAPSVR directory = /smbhome valid users = jeeva, kpalanis read only = No browseable = no [homes] comment = User Home directories browseable = no writable = yes [sharedata] comment = Sharred data for all users directory = /home/shared readonly = no hide unreadable = yes #--- settings for the recycle bin vfs objects = recycle recycle:repository = /home/shared-recycle recycle:noversions = 2
  05. Let the Samba server know the password for the LDAP admin account listed in smb.conf file using smbpasswd command. This password is stored in the secret.tdb file. Please note that, If the the value of ldap admin dn changes, the password will need to be manually updated as well. If the password is not stored using smbpasswd -w option, samba server may fail to startup.
  smbpasswd -w <passwd_of_ldapadmin>
  06.Restart the samba server
  # /etc/init.d/samba restart
  07. To allow each users to change their samba password, add the following lines to /etc/ldap/slapd.conf
  access to attr=sambaLMPassword,sambaNTPassword by dn="cn=admin,dc=sys-admin,dc=net" write by self write by anonymous auth by * none access to * by dn="cn=admin,dc=sys-admin,dc=net" write by * read
  06. Add the LDAP authentication information for samba server in in /etc/samba/smb.conf
  security = user ldap server = yourldapserver ldap suffix = "dc=sys-admin,dc=net" ldap admin dn = "cn=admin,dc=sys-admin,dc=net" encrypt passwords = true passdb backend = ldapsam guest
  To add a samba user to LDAP:
  01. Get the local SID of Samba server
  net getlocalsid
  02. Create a ldif file for samba user
  http://aput.net/~jheiss/samba/ldap.shtml
  http://www.wlug.org.nz/Samba3LDAP

  ---

  "/usr/sbin/slappasswd -h {CRYPT}"-command to create password-hashes for the users
  http://wiki.debian.org/OpenLDAPSetup
  http://people.debian.org/~torsten/ldapnss.html
  http://docs.solstice.nl/index.php/Directory-server
  http://www.howtoforge.com/linux_ldap_authentication
  http://moduli.net//pages/sarge-ldap-auth-howto
  
  
   

Network

Most ethernet configuration is centralized in a single file, /etc/network/interfaces

A sample /etc/network/interfaces file

 auto lo
 iface lo inet loopback

 # The primary network interface
 auto eth0
 iface eth0 inet static
         address 192.168.0.100
         netmask 255.255.255.0
         network 192.168.0.0
         broadcast 192.168.0.255
         gateway 192.168.0.1

 auto eth1
 iface eth1 inet dhcp

/etc/hostname file has the host name of the system

To restart the network

 /sbin/init.d/networking restart

To list all the listioning ports

 # netstat -tap

To bring up or down a inter face using the configuration on /etc/network/interaces file

 ifup <interface name>  /  ipdown <if name>

Change the hostname manually

01. Edit /etc/hostname file
02. Edit /etc/hosts file
03. Edit /etc/motd and /etc/printcap if required
04. Run hostname -F /etc/hostname

sftp in chroot jail

 # apt-get update
 # apt-get install openssh-server
 # groupadd sftponly
 # useradd user1 -d /home/user1 -G sftponly -s /bin/false
 # chown root:sftponly /home/user1
 # mkdir /home/user1/upload /home/user1/download
 # chown user1:sftponly /home/user1/*

Note: Change the /home/user1 owner to root. Otherwise, ssh may not allow the user to login.

Modify the /etc/sshd_config file

The line

 Subsystem sftp /usr/lib/openssh/sftp-server

Needs to be replaced with

 Subsystem sftp internal-sftp

Now go to the end of the file. After UsePAM Yes add the following lines to configure our sftponly group permissions and settings

 Match group sftponly
 ChrootDirectory %h
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp

Restart the sshd daemon

 # service ssh restart

Configuring OPENVPN on Ubuntu

There are two type of of Open VPN implementation.

  1. routed
  2. Bridged

The bellow example is for routed VPN implementation.

01. Install Open VPN software

    apt-get install openvpn

02. Copy all the sample config files and keygen commands to /etc/openvpn directory

    cp -R /usr/share/doc/openvpn/examples/easy-rsa/* /etc/openvpn/easy-rsa/

03. Modify the /etc/openvpn/easy-rsa/vars file and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. Don't leave any of these parameters blank.

    export KEY_COUNTRY="US"
    export KEY_PROVINCE="CA"
    export KEY_CITY="Santa Clara"
    export KEY_ORG="SYSADMIN"
    export KEY_EMAIL="admin@sys-admin.net"

04. Create the CA (Certificate Authority) certificate

    cd /etc/openvpn/easy-rsa
    . ./vars
    ./clean-all
    ./build-ca

05. Create the server certificates

     ./build-key-server server

06. Create certificate and keys for clients (for 2 clients)

    ./build-key client1
    ./build-key client2

07. Generate Diffie Hellman parameters

    ./build-dh

08. For extra security, create an "HMAC firewall"

    # openvpn --genkey --secret ta.key

09. Sample server.conf file

  local 192.168.123.51
  port 1194
  proto udp
  dev tun0
  ca easy-rsa/keys/ca.crt
  cert easy-rsa/keys/server.crt
  key easy-rsa/keys/server.key  
  dh easy-rsa/keys/dh1024.pem
  server 192.168.200.0 255.255.255.0
  ifconfig-pool-persist ipp.txt
  push "route 192.168.123.0 255.255.255.0"
  push "dhcp-option DNS 192.168.123.1"
  client-to-client
  keepalive 10 120
  cipher AES-128-CBC   # AES
  comp-lzo
  user nobody
  group nobody
  persist-key
  persist-tun
  status openvpn-status.log
  log         openvpn.log
  verb 3
  tun-mtu 1500
  tun-mtu-extra 32
  mssfix 1450

Add a static route in the router for 192.168.200.0 network with default gateway to point to IP_address of the VPN server. In the above example, it would be 192.168.123.51

Client

1. Create client certificates

   cd /etc/openvpn/easy-rsa
   ./build-key client_name

2. copy ca.crt, ta.key, client_name.crt and client.key files from the server

3. create a config file client_name.ovpn with the following lines on it.

 client 
dev tun
proto udp 

# change this to your server's address 
remote 64.244.77.35
resolv-retry infinite 
nobind
persist-key 
persist-tun 

# Point the key and crt files to  
# the ones for this user 
tls-client
ca ca.crt 
cert jeeva.crt 
key jeeva.key 

#ensure that we are talking to a server 
ns-cert-type server

#confirm we are talking to the correct server 
tls-auth ta.key 1

# Select a cryptographic cipher. 
# If the cipher option is used on the server 
# then you must also specify it here. 
cipher AES-128-CBC 

# Enable compression on the VPN link. 
comp-lzo 

#fragment large packets 
# I found I needed this for some games but it is 
# not required
#fragment 1400 
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

route-method exe
route-delay 2 

Install openvpn gui and copy all the above files to config directory
http://openvpn.se/download.html

To revoke a openvpn certificate called client1

 cd /etc/openvpn/easyrsa
 ./revoke-full client1
 Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
 Revoking Certificate 04.
 Data Base Updated
 Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
 client1.crt: /C=US/ST=CA/L=Santa Clara/O=SYS-ADMIN.NET/CN=client1/emailAddress=admin@sys-admin.net
 error 23 at 0 depth lookup:certificate revoked

The revoke-full script will generate a CRL (certificate revocation list) file called crl.pem in the keys subdirectory. The file should be copied to a directory where the OpenVPN server can access it, then CRL verification should be enabled in the server configuration:

    crl-verify easy-rsa/keys/crl.pem 

• When the crl-verify option is used in OpenVPN, the CRL file will be re-read any time a new client connects or an existing client renegotiates the SSL/TLS connection (by default once per hour). This means that you can update the CRL file while the OpenVPN server daemon is running, and have the new CRL take effect immediately for newly connecting clients. If the client whose certificate you are revoking is already connected, you can restart the server via a signal (SIGUSR1 or SIGHUP) and flush all clients, or you can telnet to the management interface and explicitly kill the specific client instance object on the server without disturbing other clients.
• While the crl-verify directive can be used on both the OpenVPN server and clients, it is generally unnecessary to distribute a CRL file to clients unless a server certificate has been revoked. Clients don't need to know about other client certificates which have been revoked because clients shouldn't be accepting direct connections from other clients in the first place.
• The CRL file is not secret, and should be made world-readable so that the OpenVPN daemon can read it after root privileges have been dropped.
• If you are using the chroot directive, make sure to put a copy of the CRL file in the chroot directory, since unlike most other files which OpenVPN reads, the CRL file will be read after the chroot call is executed, not before.
• A common reason why certificates need to be revoked is that the user encrypts their private key with a password, then forgets the password. By revoking the original certificate, it is possible to generate a new certificate/key pair with the user's original common name.

Note: I got "undefined variable on line 282 MODULE_PATH = $ENV::PKCS11_MODULE_PATH" error and the certification revokatoin failed. I commented out the following two lines in /etc/openvpn/easy-rsa/openssl.cnf file to get make it work.

 #MODULE_PATH = $ENV::PKCS11_MODULE_PATH
 #PIN = $ENV::PKCS11_PIN

Setting up bind9 in chroot environment

 

RecoveryMode

Contents Booting into recovery mode See also

If your system fails to boot for whatever reason, it may be useful to boot it into recovery mode. This mode just loads some basic services and drops you into command line mode. You are then logged in as root (the superuser) and can repair your system using command line tools. If booting into recovery mode does not work you can still use your installation CD (if it is a live cd) as described in LivecdRecovery.

Booting into recovery mode

1. Switch on your computer.
2. Wait until the BIOS has finished loading, or has almost finished. (During this time you will probably see a logo of your computer manufacturer.)
3. Quickly press and hold the Shift key, which will bring up the GNU GRUB menu. (If you see the Ubuntu logo, you've missed the point where you can enter the GRUB menu.)
4. Select the line which starts with "Advanced options".
5. Select the line ending with "(recovery mode)", probably the second line, something like:

   Ubuntu GNU/Linux, with Linux 3.8.0-26-generic (recovery mode)

6. Press Return and your machine will begin the boot process.
7. After a few moments, your workstation should display a menu with a number of options. One of the options (you may need to scroll down to the bottom of the list) will be "Drop to root shell prompt". Press Return with this option highlighted.
8. The root partition is mounted read-only. To mount it read/write, enter the command

   mount -o remount,rw /

9. If you have /home, /boot, /tmp, or any other mount point on a separate partition, you can mount them with the command

   mount --all

   (This must be done following step 8 so that /etc/mtab is writable.) Alternatively, you could try selecting "Enable networking" in step 7, though this has been found to cause the system to hang (see https://bugs.launchpad.net/ubuntu/+source/friendly-recovery/+bug/981792).

NOTE 1: If you have Ubuntu Quantal (12.10) or earlier, omit step 4 (the recovery mode menu items are displayed on the top-level menu).

NOTE 2: If you reboot, there is no need to hold the Shift key in step 3. The GNU GRUB menu will continue to be displayed automatically on each boot until a normal startup of Ubuntu completes. To configure GRUB so the menu is always displayed, even after a normal startup, see https://help.ubuntu.com/community/Grub2/Setup.

Boot-Repair

---

Contents Getting Boot-Repair 1st option : get a disk including Boot-Repair 2nd option : install Boot-Repair in Ubuntu Using Boot-Repair Recommended repair Advanced options External Links

Boot-Repair is a simple tool to repair frequent boot issues you may encounter in Ubuntu like when you can't boot Ubuntu after installing Windows or another Linux distribution, or when you can't boot Windows after installing Ubuntu, or when GRUB is not displayed anymore, some upgrade breaks GRUB, etc.

Boot-Repair lets you fix these issues with a simple click, which (generally reinstalls GRUB and) restores access to the operating systems you had installed before the issue.

Boot-Repair also has advanced options to back up table partitions, back up bootsectors, create a Boot-Info (to get help by email or forum), or change the default repair parameters: configure GRUB, add kernel options (acpi=off ...), purge GRUB, change the default OS, restore a Windows-compatible MBR, repair a broken filesystem, specify the disk where GRUB should be installed, etc.

Boot-Repair is a free software, licensed under GNU-GPL.

Getting Boot-Repair

1st option : get a disk including Boot-Repair

The easiest way to use Boot-Repair is to create a disk containing the tool (eg Boot-Repair-Disk, a disk starting Boot-Repair automatically), and boot on it.

Remark : it is recommended to install the ISO on a live-USB (eg via UnetBootin or LiliUSB or Universal USB Installer). Do not burn it on a DVD if your computer has Windows8 pre-installed, or if your boot is in EFI mode.

2nd option : install Boot-Repair in Ubuntu

- either from an Ubuntu live-session (boot your computer on a Ubuntu live-CD or live-USB then choose "Try Ubuntu") or from your installed Ubuntu session (if you can access it)

- connect to the Internet

- open a new Terminal, then type the following commands (press Enter after each line):

sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repair

Using Boot-Repair

Recommended repair

• launch Boot-Repair from either :
  • the Dash (the Ubuntu logo at the top-left of the screen)
  • or by typing 'boot-repair' in a terminal
• Then click the "Recommended repair" button. When repair is finished, note the URL (paste.ubuntu.com/XXXXX) that appeared on a paper, then reboot and check if you recovered access to your OSs.
• If the repair did not succeed, indicate the URL to people who help you by email or forum.

Advanced options

Warning: the default settings are the ones used by the "Recommended Repair". Changing them may worsen your problem. Don't modify them before creating a BootInfo URL, and asking for advice on Ubuntu Forums Absolute Beginners Section or in Installation and Upgrades.

External Links

• Official website of Boot-Repair
• Topic "Boot-repair: Graphical tool to repair the PC boot in 1 click !" - on Ubuntu forum, for any questions/comments.
• HOWTO : easily create a Boot-Info summary
  
  

  Software

  http://packages.ubuntu.com/
  

  aptitude is a high-level interface to the package manager

  apt-get

  Configuration of the Advanced Packaging Tool (APT) system repositories is stored in the /etc/apt/sources.list configuration file.
  

  To enable the universe repository, remove the # in /etc/apt/sources.list for universe repositories.

  After editing the /etc/apt/sources.list file, run the following command to take the changes to take effect

   # apt-get update
  

  To update all software to latest level
  

   # apt-get upgrade
  

  To disable apt-get asking for the installaion CD each time, comment out the CD entry in /etc/apt/sources.list file
  

  To Remove automatically all unused packages which are installed with packageX

   # apt-get autoremove packageX
  

  To update the whole distribution of Ubuntu

   # apt-get dist-upgrade
  

  To find out which package a file belongs to

    apt-get install apt-file
    apt-file update
    apt-file search /path/to/file
  

  To disable the interactive portion while installing packages

   export DEBIAN_FRONTEND=noninteractive
  

  Then run your apt-get:
  

   apt-get -q -y install libnss-ldapd
  

  dpkg

  To list installed packages
  

   # dpkg -l
  

  To remove a package

   # dpkg -r package_name
  

  Some packages, such as lynx, will install configuration files. If you wish these to be removed along with the package you can use the more brutal '--purge' flag:

   # dpkg --purge package_name
  

  To list the files installed by a package, in this case the ufw package, enter:

   # dpkg -L ufw
  

  If you are not sure which package installed a file, dpkg -S may be able to tell you. For example:

   # dpkg -S /etc/host.conf 
   base-files: /etc/host.conf
  

  To re-configure a package.

   # dpkg-reconfigure slapd
  

  To upgrade one version of ubuntu to newver version
  

   # do-release-upgrade
  

  To see the locations of all the files installed as part of the package,

   # dpkg -L <packagename>
  

  http://www.debian-administration.org/articles/19
  
  
  
  

 

Systeminfo

To list find out the Ubuntu version, Code name

 cat /etc/lsb-release

To find out the code name

 # lsb_release -cs   # -c code name, -s short -r release 
 12.04
 precise

To list the wileless devices

 iwlist

To configure the wireless devices

 iwconfig

Network Monitoring

Installing Zabbix in Ubuntu

 zabbix-server-mysql
 zabbix-frontend-php
 zabbix-agent

Virtualization

KVM

 # sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils

• libvirt-bin provides libvirtd which you need to administer qemu and kvm instances using libvirt
• qemu-kvm (kvm in Karmic and earlier) is the backend
• ubuntu-vm-builder powerful command line tool for building virtual machines
• bridge-utils provides a bridge from your network to the virtual machines
• You might also want to install virt-viewer, for viewing instances.

You need to ensure that your username is added to the group libvirtd:

 $ sudo adduser `id -un` libvirtd
 Adding user '<username>' to group 'libvirtd' ...

Note: After this, you need to relogin so that your user becomes an effective member of the libvirtd group. The members of this group can run virtual machines. (You can also 'newgrp kvm' in a terminal, but this will affect only that terminal.

New

New build : perfect setup

RAID Configuration in Ubuntu

 http://users.piuha.net/martti/comp/ubuntu/raid.html

openvpn configuration

 http://www.debian-administration.org/articles/35

OpenVPN HOWTO
http://openvpn.net/howto.html

http://www.howtoforge.com/mydns_name_server_p2

 

Tips

To add Terminal for right click button, install nautilus-open-terminal package, log out and login back

 # apt-get install nautilus-open-terminal

Ubuntu fonts help
http://www.debianadmin.com/install-microsoft-corewindows-truetypeubuntu-titlemacintosh-fonts-in-ubuntu.html

To Add more programs to right click button, under scripts

  a. create a directory ~home/.gnome2/nautilus-scripts if not already present
  b. Create a file with the command to be executed in it and make it executable using chmod 755
  c. Log out and login back
  c. To add program groups, create sub-directories under ~home/.gnome2/nautilus-scripts directory

http://ubuntuforums.org/showthread.php?t=228371

To play DVD commercial DVDs on ubuntu, install libdvdcss2 package. To install, run /usr/share/doc/libdvdread3/install-css.sh script

To play dvd, install VLC Media player. We can also use ogle or gxine

To backup DVD, use dvd95 or k9copy

To convert to other format, use dvd::rip

To burn CD or DVDs, Gnomebaker, k3b or x-cd-roast

How to install ubuntu using LVM
http://www.debuntu.org/how-to-install-ubuntu-over-lvm-filesystem

To install OSx like Dock to ubuntu, install avant windows navigator

 apt-get install avant-window-navigator

To install desktop gadgets

 gdesklets

After installing ubuntu, consider installing the follwoing

 http://theindexer.wordpress.com/2009/04/24/to-do-list-after-installing-ubuntu-904-aka-jaunty-jackalope/