Category: Linux

All things *nix.

How to Join a Debian Linux Server to a Windows Domain

I’ve added a few servers to a test Windows domain and some of those servers include Debian Linux operating systems. Here are the basic steps on joining a Debian server to Windows Active Directory Domain and setting up domain user login on the Linux server.
I assume you have an installation of Debian up and running.  I used Debian 8 Jessie in my post.
Install Necessary Packages

$ apt-get install realmd ntp adcli sssd

Post Installation Tasks

$ mkdir -p /var/lib/samba/private
$ systemctl enable sssd

Join Domain
Make sure we can get information about the domain we want to join.

$ realm discover techish.local
techish.local
  type: kerberos
  realm-name: TECHISH.LOCAL
  domain-name: techish.local
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin

All looks good, now join.

$ realm join --user=administrator techish.local
Password for administrator:
 * Installing necessary packages: samba-common-bin, sssd-tools

Start SSSD

$ systemctl start sssd

At this point, should be joined and we can now test authentication for users…

$ getent passwd rkreider@techish.local
rkreider@techish.local:*:485401343:485400513:Richard J. Kreider:/home/techish.local/rkreider:/bin/bash

Home Directory Setup

$ echo session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 | tee -a /etc/pam.d/common-session

Local Admin Privileges
Think Domain Admin on a Windows PC, but for Linux – sudo.
On Debian 8.6, this was installed when sssd was installed – but, just to make sure:

$ apt-get install libsss-sudo
$ echo %domain admins@techish.local ALL= ALL | tee -a /etc/sudoers.d/domain_admins

Logging in as Domain User

login as: techish
kreider
techish
kreider@debian's password:
rkreider@techish.local@debian:~$

Mixing Stable, Unstable, Testing and Experimental Packages in Debian

This is a very useful article from ServerFault on installing mixed packages in Debian.
Many people seem to be afraid of mixing stable with testing, but frankly, testing is fairly stable in its own right, and with proper preferences and solution checking, you can avoid the stability drift that puts your core packages on the unstable path.
Testing is fairly stable??, you ask. Yes. In order for a package to migrate from unstable to testing, it has to have zero open bugs for 10 consecutive days. Chances are that, especially for the more popular packages, somebody is going to submit a bug report for an unstable version if something is wrong.
Even if you don’t want to mix the environments, it’s still nice to have the option there in case you run into some thing that requires a newer version than what is in stable.
Here’s what I recommend for setting this up:
First, create the following files in /etc/apt/preferences.d:
security.pref:

Package: *
Pin: release l=Debian-Security
Pin-Priority: 1000

stable.pref:

Package: *
Pin: release a=stable
Pin-Priority: 900

testing.pref:

Package: *
Pin: release a=testing
Pin-Priority: 750

unstable.pref:

Package: *
Pin: release a=unstable
Pin-Priority: 50

experimental.pref:

Package: *
Pin: release a=experimental
Pin-Priority: 1

(Don’t be afraid of the unstable/experimental stuff here. The priorities are low enough that it’s never going to automatically install any of that stuff. Even the testing branch will behave, as it’s only going to install the packages you want to be in testing.)
Now, creating a matching set for /etc/apt/sources.list.d:
security.list:

deb     http://security.debian.org/         stable/updates  main contrib non-free
deb     http://security.debian.org/         testing/updates main contrib non-free

stable.list:

deb     http://mirror.steadfast.net/debian/ stable main contrib non-free
deb-src http://mirror.steadfast.net/debian/ stable main contrib non-free
deb     http://ftp.us.debian.org/debian/    stable main contrib non-free
deb-src http://ftp.us.debian.org/debian/    stable main contrib non-free

testing.list: Same as stable.list, except with testing.
unstable.list: Same as stable.list, except with unstable.
experimental.list: Same as stable.list, except with experimental.
You can replace the steadfast.net mirror with whatever you want. I’d recommend using netselect-apt to figure out the fastest mirror, and use that for your first choice. The ftp.us.debian.org can be used as a backup. It’s also important to use the terms stable, testing, unstable, etc., instead of squeeze, wheezy, sid, etc., since stable is a moving target and when it comes time to upgrade to the latest stable, apt/aptitude will figure that out automatically.
You can also add a oldstable in sources.lists.d and preferences.d (use a priority of 1), though this moniker will tend to expire and disappear before the next stable cycle. In cases like that, you can use http://archive.debian.org/debian/ and hardcode the Debian version (etch, lenny, etc.).
To install the testing version of a package, simply use aptitude install lib-foobar-package/testing, or just jump into aptitude’s GUI and select the version inside of the package details (hit enter on the package you’re looking at).
If you get complaints of package conflicts, look at the solutions first. In most cases, the first one is going to be don’t install this version. Learn to use the per-package accept/reject resolver choices. For example, if you’re installing foobar-package/testing, and the first solution is don’t install foobar-package/testing, then mark that choice as rejected, and the other solutions will never veer to that path again. In cases like these, you’ll probably have to install a few other testing packages.
If it’s getting too hairy (like it’s trying to upgrade libc or the kernel or some other huge core system), then you can either reject those upgrade paths or just back out of the initial upgrade altogether. Remember that it’s only going to upgrade stuff to testing/unstable if you allow it to.

Observium Notes

A few notes on my Observium setup on a Debian 8 Jessie system. All configuration options and details can be found at the Observium documentation page.

Bad Interfaces

These entries are in /opt/observium/config.php

$config['bad_if'][] = voip-null;
$config['bad_if'][] = virtual-;
$config['bad_if_regexp'][] = /serial[0-9]:/;
$config['bad_if'][] = loopback;
$config['bad_if'][] = lo;
$config['bad_if'][] = dummy;
$config['bad_if_regexp'][] = /tunnel_[0-9]/;
$config['bad_iftype'][] = voiceEncap;

Other Configuration Options

A few other customizations in the /opt/observium/config.php file.

$config['rrdgraph_real_95th'] = TRUE;
$config['allow_unauth_graphs']    = 1;
$config['login_message']    = Unauthorised access shall render the user liable to criminal and/or civil prosecution.;
$config['page_title_prefix'] = Rich Kreider - Monitoring :: ;

ManageEngine ServiceDesk Plus MSP – Bind to Specific IP

I’m testing out ManageEngine ServiceDesk Plus MSP and trying to get it to bind to a specific IP address on my Linux server to no avail.
Documentation from 2005, 2008, 2011 and 2014 all indicate to modify server/default/conf/TrayIconInfo.xml and add the following changes:

<SDP-PROPERTIES RequestScheme="http" WebPort="80" ipToBind="ww.xx.yy.zz"/>
 <ADDITIONALPARAMS ParamName="ipToBind" ParamValue="-bww.xx.yy.zz"/>

This doesn’t work and still listens on all interfaces causing my other services a conflict.
Eventually if I figure this out, I’ll put a note here for my future reference.

Windows 10 with Ubuntu: Bash + Conky + Firefox

2016-07-12_165719

Install the Windows Subsystem for Linux (Beta)

2016-07-12_170013

Set Windows 10 Developer Mode

2016-07-12_170058

Install X Server in Windows

I prefer Xming;  get it and install it from here:  http://sourceforge.net/projects/xming/files/latest/download
The defaults should work just fine.

Install stuff in Bash

2016-07-12_174934Open a Bash prompt;  you can hit the Windows Key and start typing bash (without quotes).  It’ll go through some installation stuff the first time you run it… give it a minute or two.
When it’s all done, time to install things…
Install some things in Bash.  I’m just going to install Firefox and Conky.

$ sudo apt-get install firefox conky

My conkyrc

The own_window_transparent yes causes weird issues for me; so I commented that out.
~/.conkyrc

own_window yes
#own_window_transparent yes
own_window_type desktop
own_window_hints undecorated,below,sticky,skip_taskbar,skip_pager
own_window_argb_visual true
own_window_argb_value 0
out_to_console no
use_xft yes
xftfont cure:size=10
update_interval 2
cpu_avg_samples 2
net_avg_samples 2
double_buffer yes
maximum_width 320
draw_shades no
draw_outline no
draw_borders no
stippled_borders 1
border_width 20
default_color white
default_shade_color white
default_outline_color white
alignment top_right
gap_x 15
gap_y 0
use_spacer left
no_buffers yes
uppercase no
TEXT
${color}${alignc}${time %A %B %d %Y | %H:%M:%S}
${alignc}$color Linux $kernel on $machine
${color}${alignc}${color lightgrey}Uptime: ${color}$uptime | ${color lightgrey}Load: $color$loadavg${color lightgrey}
${color lightgrey}${alignc}Battery :$color ${battery} | ${color lightgrey}Time: ${color}$battery_time
${alignc}${color #FFEF00}${battery_bar 8,278}
${color #656565}$stippled_hr$color
${alignc}${color lightgrey}${execi 1000 cat /proc/cpuinfo | grep 'model name' | sed -e 's/model name.*: //'| uniq}
${alignc}${color lightgrey}Total CPU Usage: ${color}${cpu cpu0}%
${alignc}${color #FFEF00}${cpubar cpu0 6,150}$color
${color lightgrey}Core: ${color}1 ${color #FFEF00}${cpubar cpu1 6,270}$color $alignc
${color lightgrey}Core: ${color}2 ${color #FFEF00}${cpubar cpu2 6,270}$color $alignc
${color lightgrey}Core: ${color}3 ${color #FFEF00}${cpubar cpu3 6,270}$color $alignc
${color lightgrey}Core: ${color}4 ${color #FFEF00}${cpubar cpu4 6,270}$color $alignc
${alignc}${color lightgrey}CPU Temperature: ${color}${hwmon 1 temp 1}C
${color #656565}$stippled_hr$color
${alignc}${color lightgrey}Resources
${color lightgrey}Ram ${alignc} ${color}$mem / $memmax ${alignr}${memperc}% Used
${color #FFEF00}${membar 6,318}
${color lightgrey}Swap ${alignc} ${color}${swap} / ${swapmax} ${alignr}${swapperc}% Used
${color #FFEF00}${swapbar 6,318}
${color lightgrey}Disk ${alignc} ${color}${fs_used} / ${fs_size} ${alignr}${fs_used_perc /}% Used
${color #FFEF00}${fs_bar 6,318 /}
${color lightgrey}Disk IO: $color ${diskio /dev/sda} ${alignr}${color lightgrey}Filesystem: ${color}${fs_type}
${color #656565}$stippled_hr$color
${alignc}${color lightgrey}Processes
${color lightgrey} PID Process${alignr}Memory CPU
${color}${top pid 1} ${top name 1}${alignr}${top mem_res 1} ${top cpu 1}%
${color}${top pid 2} ${top name 2}${alignr}${top mem_res 2} ${top cpu 2}%
${color}${top pid 3} ${top name 3}${alignr}${top mem_res 3} ${top cpu 3}%
${color}${top pid 4} ${top name 4}${alignr}${top mem_res 4} ${top cpu 4}%
${color}${top pid 5} ${top name 5}${alignr}${top mem_res 5} ${top cpu 5}%
${color}${top pid 6} ${top name 6}${alignr}${top mem_res 6} ${top cpu 6}%
${color}${top pid 7} ${top name 7}${alignr}${top mem_res 7} ${top cpu 7}%
${color}${top pid 8} ${top name 8}${alignr}${top mem_res 8} ${top cpu 8}%
${color}${top pid 9} ${top name 9}${alignr}${top mem_res 9} ${top cpu 9}%
${color}${top pid 10} ${top name 10}${alignr}${top mem_res 10} ${top cpu 10}%
${color #656565}$stippled_hr$color

E233: cannot open display

Trying to launch Firefox or Conky results in the error:  E233: cannot open display.
This is because we need to set the DISPLAY variable.  I prefer adding to my ~/.bashrc file.
So add the following line to the end of your ~/.bashrc:

export DISPLAY=:0

Save and close the Windows Bash prompt and re-open it.