Request a topic or
contact an Arke consultant
404-812-3123
Installing Debian and Subversion on Hyper-V (DRAFT) - Updated

Arke Systems Blog

Useful technical and business information straight from Arke.

About the author

Author Name is someone.
E-mail me Send mail

Recent comments

Archive

Authors

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2017

Installing Debian and Subversion on Hyper-V (DRAFT) - Updated

Part 1: Setting up the Hyper-V VM

 

The network adapter was the tricky part.  I mentioned the fix in this previous post:  http://arkesystems.com/blog/post/2008/04/Hyper-V-Miscellaneous.aspx

 

Part 2: Installing Debian - Lenny

  1. Start the Debian install
  2. When it asks for you to create a user DO NOT use the same username as your AD account, this will just be confusing.  Use something else, or something like 'defaultdebianuser'.
  3. When it asks for software selection choose the following:
    • Standard System
  4. Now wait while it finishes the initial install.
  5. Reboot
  6. Login as root
  7. Install sudo  #>aptitude install sudo
  8. Setup your network settings:
    • #> sudo nano -w /etc/network/interfaces
    • Create a static entry such as:

      allow-hotplug eth0
      iface eth0 inet static
      address 192.168.1.57
      netmask 255.255.255.0
      gateway 192.168.1.254

      auto eth0

    • Save and exit
    • #> sudo nano -w /etc/resolv.conf
    • Update the domain, search and nameserver fields
    • Save and exit
    • Restart the machine and re-login
  9. install the ssh server #> aptitude install ssh
  10. You can now ssh into the machine so you don't have to be on the actual box in order to finish setting subversion up.
Part 3: Connecting to the Active Domain

We have our base install of Debian now, and it's available via ssh.  We now need to install the necessary components for connecting to the Windows Domain.

  1. Modify the sources list accordingly
  2. #> sudo apt-get update
  3. #> sudo aptitude install libkrb53
  4. #> sudo aptitude install krb5-config
    • Asks for the AD server's hostname 
  5. #> sudo aptitude install samba
  6. #> sudo aptitude install winbind
  7. #> sudo aptitude install ntpdate
  8. #> sudo apt-get install ntp-server
  9. The previous items may ask for some configuration options, you can fill them in if you know them otherwise we'll be modifying the configuration files later...
  10. #> sudo /etc/init.d/samba stop
  11. #> sudo /etc/init.d/winbind stop
  12. #> sudo /etc/init.d/ntp stop
  13. #> sudo nano -w /etc/krb5.conf
    • Under the [realms] section add your AD controller's Hostname (if it's not already filled in from the configuration)

      REALMNAME {
      kdc= ARKEDC

      }

    • Look for the default_realm parameter and set it equal to your domain name.  The domain name MUST BE IN ALL CAPS.  For example, ARKESYSTEMS not arkesystems or arkesystems.com
    • Save and Exit
  14. #> sudo ntpdate <ip of the time or AD server>
  15. #> sudo nano -w /etc/ntp.conf
    • Add a server like:
      • server <ip of the time or AD server>
    • Save and exit
  16. #> sudo /etc/init.d/ntp start
  17. check to see if this is working so far by:
    • #> ntpq -p
    • If it has your server in the list you good to keep going.
  18. #> sudo nano -w /etc/samba/smb.conf

      realm = ARKESYSTEMS.COM
      workgroup = ARKESYSTEMS
      security = ads
      idmap uid = 10000-20000
      idmap gid = 10000-20000
      template shell = /bin/bash
      template homedir = /home/%D/%U
      winbind use default domain = yes

    • Save and quit
  19. #> sudo nano -w /etc/nsswitch.conf
    • Add the winbind flag to the passwd and group field:

        passwd: files winbind
        group: files winbind

      1. In Lenny it will look like

      passwd: compat files winbind
      group: compat files winbind

  1. #> sudo ldconfig
  2. What we've done in the last few steps is synced the debian box with the time server.  They both need to be within a few seconds of each other in order to properly authenticate on the domain.  We then setup our user folders and samba authentication.  Finally we added the ability of Debian to validate against the AD for users.  We're now ready to attempt to join this machine to the domain. .
  3. ... But first add an entry for this machine in the Active Directory ...
  4. #> sudo net ads join -U "DOMAINADMIN"
  5. #> sudo /etc/init.d/samba start
  6. #> sudo /etc/init.d/winbind start
  7. use the getent passwd and getent group commands to check to see if they're listing the users and groups from your domain.  If they are not, double check your config files.
  8. Next we're going to configure PAM (Pluggable Authentication Module Subsystem)  This allows programs in the Linux environment to authenticate through the domain. We've got to update three configuration files to use the winbind extensions

      # sudo nano -w /etc/pam.d/common-account
      account sufficient pam_winbind.so
      account required pam_unix.so

      # sudo nano -w /etc/pam.d/common-auth
      auth sufficient pam_winbind.so
      auth required pam_unix.so use_first_pass

      # sudo /etc/pam.d/common-session

      session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
      session sufficient pam_winbind.so
      session required pam_unix.so

  9. Now we need to edit our skeleton files for users who logon to debian for the first time.
    • #> cd /etc/skel
    • #> sudo mkdir .ssh
    • #> sudo nano -w .ssh/authorized_keys
    • Save and Exit
    • #> sudo chmod -R 744 .ssh
    • #> sudo nano -w .bashrc
    • add the line: umask 007 at the bottom, save and exit
    • #> sudo nano -w .bash_profile
    • change the umask to 007, save and exit
Part 4: Installing and Configuring Subversion
  1. #> sudo apt-get install subversion
  2. **THE FOLLOWING IS ONLY IF YOU WANT WEB ACCESS**
  3. #> sudo apt-get install apache2
  4. #> sudo a2enmod dav_fs
  5. #> sudo /etc/init.d/apache2 force-reload


Categories: Server 2008
Posted by Trenton Adams on Tuesday, April 15, 2008 12:11 AM
Permalink | Comments (3) | Post RSSRSS comment feed

Comments (3) -

:dtm. Italy

Wednesday, May 7, 2008 10:03 PM

I followed your instructions, but got stuck at step 22 [AD domain joining].
Here's what I get:

# net ads join -U Administrator
Administrator's password: **********
[2008/05/08 02:37:35, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Server not found in Kerberos database

Some clues I have about this not working:

1. When I installed the Active Directory Domain Services role in Windows Server 2008, I chose the latest and greatest and not a legacy AD version

2. I have the default Debian 4.0r3 AMD64 Samba package installed [3.0.24], and not the latest which may have resolved Longhorn compatibility problems

3. I tried adding my VM in AD in the Computers OU... but I guess that's not the Kerberos database mentioned in the error, right?

Can you help me out?
Regards, LaughingTM. aka Daniele Gubert


PS: libkrb43 package does not exist in my system, I have libkrb53 instead.

Trenton Adams United States

Thursday, May 8, 2008 11:40 AM

Hi Daniele!

Could you email me your:
/etc/samba/smb.conf
/etc/ntp.conf
/etc/network/interfaces

files, I'll look over them and see if I can find any issues in them?

In the meantime, it may be one of the first issues you mentioned, you could try upgrading the Samba package.

In Server 2003, I know that it required DNS to be setup before you could install the Active Directory.  Not sure about 2008, do you have DNS installed on the network and Debian pointed to the right server?


:DTM. Italy

Thursday, May 8, 2008 11:31 PM

Thank you Trenton for your reply.
Basically what I'm trying to do is using Hyper-V Debian as a LAMP platform for web development, while the file storage stays in Windows Server 2008.

With the help of this doc [in Italian] download.microsoft.com/.../Integrazione_AD.pdf and a little tampering I was able to read/write a Windows NFS share from a Virtualized Linux user (oh yes, your debianuser ;)

I wonder how to get the Apache user [www-data:www-data] to do the same though, since it has no password and AD won't let me create it as such; moreover it won't allow a group name identical to a user name.

Regards, LaughingTM. aka Daniele Gubert