CSIM Technical Notes

Use the option -p to preserve the full pathnames.

Typical rsync (1) configuration file on the server is located in /usr/local/etc/rsynchd.conf and should have a section of the form:

[section]
	path = /directory
	auth users = username
	secrets file = /usr/local/etc/rsyncd.secrets
	uid = 0
	gid = 0
	hosts allow = 192.41.170.22
	host deny = 0.0.0.0/0

The rsyncd.secrets file contains the username:password used by the client to connect to the server. It must be chmod 600.

On the client the user username must launch the synchronization with the rsync (1) command:

rsync -aczHAX --delete --password-file=passwd_file server::section /directory

To allow ordinary users to mount fuse devices, set the kernel state:

# sysctl vfs.usermount=1

Now fuse filesystems (sysutils/fusefs-x) can be munted at startup from /etc/fstab with ethe late parameter.

You may need to create a symbolic link for /usr/sbin/mount_fusefs is it was not created when installing the port.

In order to build and install net/vmware-vsphere-cli you need the following ports installed first:

• compat6x
• glib
• gettext
• perl (install)

When installing Ruby Gems RDoc port on FreeBSD, there is a conflict between UTF-8 and ASCII coding.

To remove the conflict, add the environment variable: RDOCOPT --encoding=UTF-8

When installing asciidoc(1) on FreeBSD, the port is looking for the directory /usr/local/ETC. I create a symbolic link with /usr/local/etc/asciidoc:

ln -s /usr/local/etc/asciidoc /usr/local/ETC

Student should not be allowed to lock the machines in the laboratory. This prevents them to prepend a machine and prevent access to other fellow students.

In a similar way, the password change menu should be disabled to encourage students using the web page for account management.

Use the Groupd Policiy Editor to disable both functions on Windows XP, follow the step-by-step instructions bellow:

1. Run gpedit from command line, press Windows-R and type gpedic.msc.
2. in the left pane, select User Configuration/Administrative Templates/System/Ctrl+Alt+Del Options.
3. Change the options for Remove Lock Computer and Remove Password Change in the right pane.

A filesystem have been saved in an image file, this image can be mounted in FreeBSD like any other filesystem.

More information is available in FreeBSD Handbook, in the section Network, Memory and File Backed File System.

1. The first step is to configure and enable a memory disk associated to the image file; the memory disk has a device of the form /dev/md0 or /dev/md0s1c:

   # mdconfig -a -t vnode -f filename

2. The device can now be mounted like any other device:

   # mount -t type memory-disk-device mount-point

3. To have the list of available memory disks:

   # mdconfig -l

4. After umounting the memory disk, you can remove it with:

   # mdconfig -d -u memory-disk-ID

This step-by-step intructions gives an how-to install (or re-install) and confugure Mac OS X on CSIM iMac machines.

1. Insert the Mac OS X Install DVD in the drive.
2. Hold the ALT key for 10-20 seconds while booting; until an arrow appears on the screen.
3. Select the DVD icon.
4. Proceed with accepting any menu until the Install Mac OS X screen.
5. The first step of to reformat the hard disk. On the Install Mac OS X screen, select Utilities/Disk Utility.
6. Select Machintosh HD and Erase.
7. Go on and erase, this will apply the default format operation which is a quick format.
8. Exit Disk Utility. The disk has been reformatted.
9. Continue with installation and accept all the defaults.
10. Select country Thailand.
11. Select Keyboard US.
12. Select No information transfer.
13. Do not enter Apple ID.
14. Do not enter Registration Information.
15. Create the user toor, full name Charlie, with the Administrator password use on Windows machines.
16. Install the applications from Applications Install DVD.
17. Cancel Keyboard Setup Assistant.
18. This step will configure the login options. Go to System Preferences/Accounts/Login Options.
19. Select Automatic Login: off.
20. Select Display login window as: Name and password.
21. Now you need to install AIT root CA certificate. Open a shell window and create the directory that will hold the root CA:

    # sudo mkdir -p /usr/local/ssl/ca

22. Import the certificate from banyan.cs.ait.ac.th:

    # scp on@banyan:SSL/ca/ca-bundle.crt .

23. In the Finder, open ca-bundle.crt.
24. Add it in the Keychain system, always trust it.
25. Move the certificate to its final location:

    # sudo mv ca-bundle.crt /usr/local/ssl/ca

26. Next step will be to download and install system updates. Launch Safari.
27. Modify the preference to use www.cs.ait.ac.th for home page.
28. Authenticate to access to Internet.
29. In the Finder, launch Software Update.
30. Restart at step 26. and relaunch the Software Update until there is no more update (minimum twice).
31. Configure syslog to log to CSIM loggin server. Edit /etc/syslog.conf add a line:

    *.*  			@sysl.cs.ait.ac.th

32. Configure NFS to autiomatically mount the disk from oak.cs.ait.ac.th/etc/auto_master, comment out all lines except /net and /Network/Servers.
33. Edit /etc/fstab and enter the line:

    oak.cs.ait.ac.th:/home /home nfs -P,-i,-b 0 0

34. Add an entry to start fstab automatically:

    # scp on@banyan:_Library_LaunchDaemon_fstab.plist to /Library/LaunchDaemon/fstab.plist

35. Now configure the date and time. In System Preferences/Date & Time/Date & Time, set Set date and time automatically to: ntp.cs.ait.ac.th.
36. In Clock, select Use 24-hour clock.
37. In System Preferences/Sharing, change the Computer Name. The name are in the form of Macx.
38. Install the C-shell .rc file:

    # scp on@banyan:/etc/.cshrc /etc/.cshrc
    
    Configure LDAP and the users accounts. Edit /etc/openldap/ldap.conf and add the line: 
    TLS_CACERT /usr/local/ss/ca/ca-bundle.crt
    
    In System Preferences/Account/Login Options, click on Network Account Server Join...
    
    Enter the name ldap.cs.ait.ac.th and click Open Directory Utility.
    
    Edit LDAPv3.
    
    Click New and enter Server Name or IP Address: ldap.cs.ait.ac.th.
    
    Select Encrypt using SSL.
    
    Click on Continue.
    
    Enter in Pick a Template: RFC 2307 (Unix).
    
    Enter in Searchbase: ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
    
    Click Continue then OK.
    
    Lock the Directory Utility.
    
    Enter CSIM in Configuration Name.
    
    Click Edit, in Search & Mappings.
    
    Click Groups and change Search base to: ou=Group,ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
    
    Change Search only at the first level.
    
    Click People and change Search base to: ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
    
    Change Search only at the first level.
    
    Expand People, under RealName, add gecos and delete cn.
    
    Under RecordName add uid.
    
    Click on Users and change Search base to: ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th.
    
    Change Search only at the first level.
    
    Expand Users.
    
    Repeat the changes for RealName.
    
    OK everything and close
    
    In a shell window, make the users tempadmin and on administrators of the machine:
    # dscl . -append /Groups/admin GroupMembership  on tempadmin
    
    Configure the printers. Edit /etc/hosts.lpd on banyan. Add a line with the full name of the iMac computer macx.desktops.cs.ait.ac.th. Restart the lpd(8) daemon:
    # /etc/rc.d/lpd restart
    
    In System Preferences/Printers & Fax:
    
    
    Add Address: banyan.cs.ait.ac.th
    Queue: big
    Name: Big
    Print Using Print software
    Select HP Laserjet 4300 Series
    Select Optional Tray3: 500 sheets
    Select Duplex Unit selected
    Select Fit to Page: Nearest Size and Scale
    
    
    Same for Queue: magnum; Name: Magnum; select HP Laserjet P4010 series.
    
    Same for Queue: Ricoh; Name: Ricoh; select Ricoh Aficio 2051 -Gutenprint v5.2.3; this one has no option to select duplex or tray.
    
    Lock the System Preferences.
    
    Reboot
    
    

Part of WEA class is installing Ubuntu on the machines in the lab. During the process, the students will install their own version of grub.

To have the machines boot normally, you must re-install a stanard version of grub.

1. Choose CSIM Ubuntu from grub. The name may vary, the version number will be different, but it should be on /dev/sda3.
2. Mount the WEA sandbox Ubuntu:

   # mount /dev/sda5 /mnt

3. Open /mnt/boot/grub/grub.conf in a text editor:

   # edit /mnt/boot/grub/grub.conf

4. Locate the first menuentry and copy it to the clipboard.
5. Open /boot/grub/grub.cfg in a text editor:

   # edit /boot/grub/grub.cfg

6. Locate the entry for Windows.
7. After the entry for Windows, paste the contents of the clipboard from point 4 above.
9. In the entry you just pasted, change the label to WEA Ubuntu 13.4 (on /dev/sda5).
10. Re-install grub:

    # grub-install --nofloppy /dev/sda5

11. Reboot.

There is no GUI method to enable syslog on VMware ESXi server (ESXi); it must be enabled using console access and command line.

1. Remote connect to ESXi with ssh(1):

   # ssh root@ESXi

2. Enable syslog in ESXi firewall:

   # esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true
   # esxcli network firewall refresh

3. Define the syslog server; you must use an IP address, not the server's name:

   # esxcli system syslog config set --loghost='udp://192.41.170.20:514'
   # esxcli system syslog reload

4. Check the configuration:

   # esxcli system syslog config get
      Default Network Retry Timeout: 180
      Local Log Output: /scratch/log
      Local Log Output Is Configured: false
      Local Log Output Is Persistent: true
      Local Logging Default Rotation Size: 1024
      Local Logging Default Rotations: 8
      Log To Unique Subdirectory: false
      Remote Host: udp://192.41.170.20:514

When upgrading all the ports with portupgrade(1), use the -x option to ignore Perl modules installed from CPAN:

# portupgrade -fa -x bsdpan\*

On the mail server, you want to ignore Kaspersky anti-virus:

# portupgrade -fa -x bsdpan\* kav4\*

To have administrator priviledges on a VMware ESXi server (ESXi), a user must be listed in the Domain Admins group on the Active Directory server (AD).

To list the users of the group Domain Admins, execute the following command on the AD:

# samba-tool group listmembers "Domain Admins"

To add a user to the group Domain Admins, execute the following command on the AD:

# samba-tool group addmembers "Domain Admins" user_name

Note: it may be possible that a user has to be re-added to the group after the account has been disabled and then re-enabled.

To grant administrator priviledges on an ESXi to the AD group Domain Admins, use the following procedure.

1. Connect to the ESXi using the VMware vSphere standalone client. Authenticate with the root account.
   Select the Configuration tab, the Authentication Services item and click on Properties....
   
2. In the popup window, select Active Directory, enter the Domain cs.ait.ac.th and click on Join Domain.
   
3. In authentitcation window, enter the User Name Administrator and the Unix root password. Click on Join Domain.
   Now the ESXi can access the accounts defined in the AD.
4. Select the tab Permissions, right click on the window and select Add Permission...
   
5. In the popup window, select the Assigned Role Administrator and click on Add...
   
6. In configuration window, select the Domain SMB4, in the Users and Groups select the group Domain Admins and click on Add.
   SMB4\Domain Admins is now listed in the Groups, click on OK.
   
   All the users listed in the group Domain Admins of the AD have Administrator priviledges on the ESXi.

After upgrading ClamAV, ownership must be fixed on /var/run/clamav and /var/log/clamav:

# chown vscan:vscan /var/run/clamav
# chown vscan:vscan /var/log/clamav

To restore files from amanda, login to amanda server, get root and change directory to /holding/recover. You can then issue the command:

# amrecover normal -t localhost -s localhost -oauth=bsd

When upgrading Amanda, do all the clients first, and only then do the server.