CorporateUbuntu

Revision 13 as of 2005-11-21 22:07:04

Clear message

A suggested guide to setting up Ubuntu for use in a corporate environment by Naaman Campbell.

INCOMPLETE DOCUMENT - TESTING IN PROGRESS

TableOfContents

Foreward

Ubuntu has the potential to be a forerunner in the business Linux desktop market and potentially, the general desktop market. Combining Ubuntu with a low-cost thin-client architecture such as SunRay (see UbuntuOnSunRay) could be the answer to numerous biased lower TCO reports being advertised by Microsoft.

The basis of this document will cover migration from a Sun Solaris 8 CDE user environment to Ubuntu and a number of best practices for a multi-user environment. Although there will be some SUN environment specific sections, the aim of the document is to provide and facilitate collaboration on a generic guide for setting up Ubuntu in the corporate environment.

Introduction

The setup of the CorporateUbuntu environment is broken up into the following:

  • Authentication
  • Home Directories
  • Remote Mounts
  • Printing
  • Locale
  • Keyboard
  • Locking Down GNOME
  • GNOME Menu
  • Email
  • Word Processing Suite
  • Terminals
  • Multimedia

Authentication

Prior to the migration to Ubuntu, NIS was used for authentication. Authentication was migrated over to an LDAP-based system using a Sun Java Enterprise System Directory Server. As the configuration of Ubuntu LDAP clients is the main concern of this section, the configuration of LDAP on a Sun Directory Server is outside the scope of this document. Secure LDAP will be considered at a later date.

A suggested precautionary measure is to log in as root on a separate console because if the LDAP setup is broken at any stage, the sudo command may not work. To establish a password for root to enable logging in, perform the following command:

ncampbell@naaman:~$ sudo passwd root

The first step is to setup nss-ldap, the LDAP-specific name switch server package. During installation, accept all the defaults:

ncampbell@naaman:~$ sudo apt-get install libnss-ldap

In order to authenticate using LDAP, /etc/nsswitch.conf will need to be edited:

ncampbell@naaman:~$ sudo vi /etc/nsswitch.conf

# perform the following vi commands
:1,$s/compat/files ldap/g
:x!

The /etc/libnss-ldap.conf file is where all the settings are configured. For brevity, the example libnss-ldap.conf is attached and not listed in this document. The configuration may be suited only for use with a Sun Directory Server. attachment:libnss-ldap.conf

To test the setup of nss-ldap, perform the following command to see a listing of LDAP shadow entries:

ncampbell@naaman:~$ getent shadow

The next step requires pam-ldap, the LDAP-specific PAM package. Answer <No> to the 2 questions asked during installation:

ncampbell@naaman:~$ sudo apt-get install libpam-ldap

The configuration file provided with the libpam-ldap package is unneccesary and can be replaced by libnss-ldap.conf:

ncampbell@naaman:~$ sudo rm /etc/pam_ldap.conf
ncampbell@naaman:~$ sudo ln -s /etc/libnss-ldap.conf /etc/pam_ldap.conf

To complete the configuration of the pam-ldap package, the following files in the /etc/pam.d directory need to be changed:

ncampbell@naaman:~$ cd /etc/pam.d
ncampbell@naaman:/etc/pam.d$ sudo vi common-account

  account sufficient    pam_ldap.so
  account required      pam_unix.so

ncampbell@naaman:/etc/pam.d$ sudo vi common-auth

  auth  sufficient      pam_ldap.so
  auth  required        pam_unix.so nullok_secure use_first_pass

ncampbell@naaman:/etc/pam.d$ sudo vi common-password

  password  sufficient pam_ldap.so nullok
  password  required   pam_unix.so nullok obscure min=4 max=8 md5

ncampbell@naaman:/etc/pam.d$ sudo vi common-session

  session sufficient    pam_ldap.so
  session required      pam_unix.so

ncampbell@naaman:/etc/pam.d$ cd ~

To test the setup of the pam-ldap package, attempt to logon as an LDAP user.

The final step in the LDAP client setup is to install nscd, the name service caching daemon, to prevent excess LDAP traffic:

ncampbell@naaman:~$ sudo apt-get install nscd
ncampbell@naaman:~$ sudo mkdir -p /var/db/nscd /var/run/nscd
ncampbell@naaman:~$ sudo /etc/init.d/nscd start

References

Home Directories

The users home directories reside on a Solaris server and are shared out via NFS. The home directories, are therefore, automounted upon logging into the Ubuntu machine.

To setup automounted home directories, the autofs package is required:

ncampbell@naaman:~$ sudo apt-get install autofs nfs-common

The remaining step is to setup the configuration files and start the service:

ncampbell@naaman:~$ sudo vi /etc/auto.master

  /home         /etc/auto.home

ncampbell@naaman:~$ sudo vi /etc/auto.home::

  *             solarisbox.naaman.com.au:/export/home/&

ncampbell@naaman:~$ sudo /etc/init.d/autofs start

Remote Mounts

Similar to the home directories, the Solaris server contains multiple shares available over NFS. To mount the directories upon booting, /etc/fstab needs to be edited:

ncampbell@naaman:~$ sudo vi /etc/fstab

  solarisbox1:/export/common     /mount/solarisbox1_common      nfs     rw    0  0
  solarisbox2:/export/common     /mount/solarisbox2_common      nfs     rw    0  0

Printing

Locale

Keyboard

Locking Down GNOME

GNOME Menu

Email

Word Processing Suite

Terminals

Multimedia

Additional Notes