Ubuntu 16.04 Winbind and Active Directory

Official SSSD and Active Directory guide doesn’t work. It is hard to find what’s wrong. Using Winbind works well.

Installation:

sudo apt install winbind samba
sudo apt install cups-common python-crypto-dbg python-crypto-doc bind9 bind9utils ctdb ldb-tools ntp smbldap-tools heimdal-clients libnss-winbind libpam-winbind

Configuration:

sudo vi /etc/samba/smb.conf
[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
#   workgroup = GROUP

# server string is the equivalent of the NT Description field
  server string = %h server (Samba, Ubuntu)

        security = ads
        realm = MYDOMAIN.COM
# If the system doesn't find the domain controller automatically, you may need the following line
#        password server = 10.0.0.1
# note that workgroup is the 'short' domain name
        workgroup = MYDOMAIN
#       winbind separator = +
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        winbind use default domain = yes
        restrict anonymous = 2

Restart services:

sudo service winbind stop
sudo service samba-ad-dc restart
sudo service winbind start

Join the AD (see “net ads help”):

sudo kinit Admin@MYDOMAIN.COM
# check klist
sudo klist
# join (ignore the dns error messages)
sudo net ads join -k

OR
sudo net ads join -U Admin@MYDOMAIN.COM

Setup Authentication

sudo vi /etc/nsswitch.conf

 

passwd:         compat winbind
group:          compat winbind
shadow:         compat

Restart Winbind

sudo service winbind restart

PAM Configuration

sudo pam-auth-update

Create Home directory

sudo mkdir /home/MYDOMAIN

Add sudo users

sudo vi /etc/sudoers.d/MYDOMAIN

 

# replace adgroup as real domain group name
%adgroup        ALL=(ALL) NOPASSWD: ALL

Test

wbinfo -u
wbinfo -g

Login as a domain user and enjoy…

Ubuntu keeps running when laptop lid is closed

Keep running after closed lid

$ sudo vi /etc/systemd/logind.conf
...
HandleLidSwitch=ignore
...

$ sudo service systemd-logind restart

The values of HandleLidSwitch are ignore, suspend, hibernate, and poweroff.

Keep console screen always on:

$ sudo vi /etc/default/grub
...
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash consoleblank=0"
...

$ sudo update-grub
$ sudo shutdown -r now

Turn off console screen after 1 minute:

$ sudo vi /etc/default/grub
...
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash consoleblank=60"
...

$ sudo update-grub
$ sudo shutdown -r now

LXD images and multiple hosts

Remote operations require the following two commands having been run on the remote server:

lxc config set core.https_address "[::]:8443"
lxc config set core.trust_password some-password

Add a remote server:

lxc remote add <server alias> <ip address or DNS>

And after that, use all the same command as above but prefixing the container and images name with the remote host like:

lxc exec host-a:first -- apt-get update

Manually import images example:

lxc image copy images:gentoo/current/amd64 local: --alias gentoo --auto-update
lxc image import <tarball> --alias random-image
lxc image import https://dl.stgraber.org/lxd --alias busybox-amd64

List images:

lxc image list
lxc image list <remote server alias>:

Editing image:

lxc image edit <alias or fingerprint>

Deleting image:

lxc image delete <alias or fingerprint>

Create you own image from a container:

lxc publish my-container/some-snapshot --alias some-image

 

 

Reference:
Installing LXD and the command line tool
LXD 2.0: Image management [5/12]

Clear local DNS cache

On Mac OSX

sudo killall -HUP mDNSResponder

On Mac OSX 10.10.0 – 10.10.3

sudo discoveryutil mdnsflushcache

On Mac OSX 10.5 – 10.6

sudo dscacheutil -flushcache

On Windows

ipconfig /flushdns

On Linux

/etc/init.d/named restart
/etc/init.d/nscd restart

Reference: https://coolestguidesontheplanet.com/clear-the-local-dns-cache-in-osx/

Create service script on Ubuntu

Creating service script

$ vi myservice.sh
#!/bin/bash
...
case "$1" in
  (start)
    # start app command here
    ;;

  (stop)
    # stop app command here
    ;;

  (restart)
    # restart app command here
    ;;

  (*)
    echo "Unknown action!"
    exit 1
    ;;
esac
exit 0

Creating server configuration file

$ sudo vi /etc/systemd/myservice.service
[Unit]
Description=Job that runs the my application

[Service]
User=testuser
Group=testgroup
Type=forking
ExecStart=<path>/myservice.sh start
ExecStop=<path>myservice.sh stop
ExecReload=<path>myservice.sh restart

[Install]
WantedBy=multi-user.target

Testing your service

$ sudo systemctl start myservice
$ sudo systemctl status myservice

Enable your service

$ sudo systemctl enable myservice

Reference:
https://wiki.ubuntu.com/SystemdForUpstartUsers
http://stackoverflow.com/questions/33955604/start-a-python-script-at-boot-on-ubuntu

Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

Website: https://certbot.eff.org/

For Apache on Ubuntu 16.04

$ sudo apt-get install python-letsencrypt-apache 
$ sudo letsencrypt --apache

Add cornjob

$ sudo vi /etc/crontab
# renew domain certificate
00 7   * * * root letsencrypt renew
00 19  * * * root letsencrypt renew

Using pyenv on Ubuntu

Installing pyenv

$ sudo apt-get install -y --fix-missing make build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils
$ git clone https://github.com/yyuu/pyenv.git ~/.pyenv
$ git clone https://github.com/yyuu/pyenv-virtualenv.git ~/.pyenv/plugins/pyenv-virtualenv
$ echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bash_profile
$ echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bash_profile
$ echo 'eval "$(pyenv init -)"' >> ~/.bash_profile
$ . ~/.bash_profile

Installing python

$ pyenv install 3.5.2

Setting python version

$ pyenv versions
$ pyenv global system
$ pyenv global 3.5.2
$ pyenv global
$ pyenv local
$ pyenv local 3.5.2

Using virtualenv

$ pyenv virtualenv 3.5.2 venv
$ pyenv activate venv
$ pyenv deactivate venv

Checking python version

$ python -V

Install nodejs on ubuntu

Installing nodejs

sudo apt install nodejs
sudo apt-get install npm

Installing pm2

sudo npm install pm2@latest -g
cd /usr/bin
sudo ln -s nodejs node

Create user to run nodejs

sudo useradd nodeuser
sudo passwd nodeuser
sudo addgroup nodejs
sudo adduser nodeuser nodejs

Using pm2 to start nodejs app

pm2 start hello.js

Using pm2 to autostart nodejs apps

sudo env PATH=$PATH:/usr/local/bin pm2 startup -u nodeuser
sudo su -c "chmod +x /etc/init.d/pm2-init.sh && update-rc.d pm2-init.sh defaults"
pm2 save

Install java on ubuntu

Installing default jre/jdk

sudo apt update
sudo apt install default-jre
sudo apt install default-jdk

Installing openjre/jdk 7

sudo apt-get install openjdk-7-jre 
sudo apt-get install openjdk-7-jdk

Installing Oracle java

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update

sudo apt-get install oracle-java6-installer

sudo apt-get install oracle-java7-installer

sudo apt-get install oracle-java8-installer

Managing java

sudo update-alternatives --config java
sudo update-alternatives --config javac

Setting JAVA_HOME

sudo vi /etc/environment
JAVA_HOME="YOUR_PATH"