Part 1: Setting up the Hyper-V VM
The network adapter was the tricky part. I mentioned the fix in this previous post: http://arkesystems.com/blog/post/2008/04/Hyper-V-Miscellaneous.aspx
Part 2: Installing Debian - Lenny
- Start the Debian install
- When it asks for you to create a user DO NOT use the same username as your AD account, this will just be confusing. Use something else, or something like 'defaultdebianuser'.
- When it asks for software selection choose the following:
- Now wait while it finishes the initial install.
- Reboot
- Login as root
- Install sudo #>aptitude install sudo
- Setup your network settings:
- install the ssh server #> aptitude install ssh
- You can now ssh into the machine so you don't have to be on the actual box in order to finish setting subversion up.
Part 3: Connecting to the Active Domain
We have our base install of Debian now, and it's available via ssh. We now need to install the necessary components for connecting to the Windows Domain.
Modify the sources list accordingly
#> sudo apt-get update
- #> sudo aptitude install libkrb53
- #> sudo aptitude install krb5-config
- Asks for the AD server's hostname
- #> sudo aptitude install samba
- #> sudo aptitude install winbind
- #> sudo aptitude install ntpdate
#> sudo apt-get install ntp-server
The previous items may ask for some configuration options, you can fill them in if you know them otherwise we'll be modifying the configuration files later...
- #> sudo /etc/init.d/samba stop
- #> sudo /etc/init.d/winbind stop
#> sudo /etc/init.d/ntp stop
- #> sudo nano -w /etc/krb5.conf
- Under the [realms] section add your AD controller's Hostname (if it's not already filled in from the configuration)
REALMNAME {
kdc= ARKEDC
}
- Look for the default_realm parameter and set it equal to your domain name. The domain name MUST BE IN ALL CAPS. For example, ARKESYSTEMS not arkesystems or arkesystems.com
- Save and Exit
- #> sudo ntpdate <ip of the time or AD server>
- #>
sudo nano -w /etc/ntp.conf
Add a server like:
server <ip of the time or AD server>
Save and exit
- #>
sudo /etc/init.d/ntp start
check to see if this is working so far by:
#> ntpq -p
If it has your server in the list you good to keep going.
- #> sudo nano -w /etc/samba/smb.conf
realm = ARKESYSTEMS.COM
workgroup = ARKESYSTEMS
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind use default domain = yes
- Save and quit
- #> sudo nano -w /etc/nsswitch.conf
- Add the winbind flag to the passwd and group field:
passwd: files winbind
group: files winbind
-
In Lenny it will look like
passwd: compat files winbind
group: compat files winbind
#> sudo ldconfig
- What we've done in the last few steps is synced the debian box with the time server. They both need to be within a few seconds of each other in order to properly authenticate on the domain. We then setup our user folders and samba authentication. Finally we added the ability of Debian to validate against the AD for users. We're now ready to attempt to join this machine to the domain. .
- ... But first add an entry for this machine in the Active Directory ...
- #> sudo net ads join -U "DOMAINADMIN"
- #> sudo /etc/init.d/samba start
- #> sudo /etc/init.d/winbind start
- use the getent passwd and getent group commands to check to see if they're listing the users and groups from your domain. If they are not, double check your config files.
- Next we're going to configure PAM (Pluggable Authentication Module Subsystem) This allows programs in the Linux environment to authenticate through the domain. We've got to update three configuration files to use the winbind extensions
# sudo nano -w /etc/pam.d/common-account
account sufficient pam_winbind.so
account required pam_unix.so
# sudo nano -w /etc/pam.d/common-auth
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass
# sudo /etc/pam.d/common-session
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session sufficient pam_winbind.so
session required pam_unix.so
- Now we need to edit our skeleton files for users who logon to debian for the first time.
- #> cd /etc/skel
- #> sudo mkdir .ssh
- #> sudo nano -w .ssh/authorized_keys
- Save and Exit
- #> sudo chmod -R 744 .ssh
- #> sudo nano -w .bashrc
- add the line: umask 007 at the bottom, save and exit
- #> sudo nano -w .bash_profile
- change the umask to 007, save and exit
Part 4: Installing and Configuring Subversion
- #> sudo apt-get install subversion
- **THE FOLLOWING IS ONLY IF YOU WANT WEB ACCESS**
- #> sudo apt-get install apache2
- #> sudo a2enmod dav_fs
- #> sudo /etc/init.d/apache2 force-reload