License

Copyright (C) 2008-2020 Oliver Bohlen.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "GNU Free Documentation License".

Introduction

This documentation comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Howto: Thinclient - Thinclient as Server for Gentoo Linux

This is a Howto which describes how you can extend your Thinclient to a Thinclient-Server.
For easier administrative handling I decided to use LDAP for Services like DHCP and DNS.
After emerging the packages copy the default configurations to the Server Profile:

cp /etc/openldap/slapd.conf /etc/thinclient/server-profile/etc/openldap/slapd.conf
cp /usr/share/webapps/phpldapadmin/*/htdocs/config/config.php /etc/thinclient/server-profile/etc/phpldapadmin.conf
cp /etc/conf.d/nfs /etc/thinclient/server-profile/etc/conf.d/nfs
cp /etc/conf.d/in.tftpd /etc/thinclient/server-profile/etc/conf.d/in.tftpd
cp /etc/conf.d/apache2 /etc/thinclient/server-profile/etc/conf.d/apache2
cp /etc/bind/named.conf /etc/thinclient/server-profile/etc/bind/named.conf

If you want to use this solution you need the following howto(s) finished:

Required software

The required software has to be installed with the following command(s):
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-fs/nfs-utils'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge sys-boot/syslinux'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-ftp/tftp-hpa'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-misc/dhcp'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-dns/bind'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-dns/bind-tools'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-nds/openldap'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-fs/samba'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge net-nds/phpldapadmin'
chroot /gtc/test /bin/bash -c 'env-update &>/dev/null && source /etc/profile && emerge www-servers/apache'

Changes in /gtc/test/etc/thinclient/server-profile/etc/apache2/vhosts.d/vhosts.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/apache2/vhosts.d/vhosts.conf

Changed on 28.04.10
Issued by olli
Beginning line 1

The Webserver configuration fpr the GTC-Server

# Some default settings
Listen 80
Listen 443
NameVirtualHost *:80
NameVirtualHost *:443
# ServerName
ServerName localhost
# Directory Index
DirectoryIndex index.html

# Some security settings
Timeout 60
# Allow a maximum of 100MB for upload.
LimitRequestBody 104857600
# Mallow a maximum of 50 headersites
LimitRequestFields 50
# Sets maximum length of the from client sent HTTP-Request-Headers
LimitRequestFieldsize 4094
# Maximum leght of HTTP request line
LimitRequestLine 8190
# Allow a maximum of 100MB for upload. per webdav
LimitXMLRequestBody 104857600

# VHost logging
CustomLog /var/log/apache2/access_log vhost

# Load LDAP Auth modules
LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
Loadmodule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so

<Directory />
 Order Deny,Allow
 Deny from all
 Options None
 AllowOverride None
</Directory>
<Directory /var/www>
  Order Allow,Deny
  Allow from all
  Options None
  AllowOverride None
</Directory>
ServerSignature Off
TraceEnable off

# The default vHost
<VirtualHost *:80>
 ServerName default
 ServerAdmin gtc
 DocumentRoot /var/www/default/htdocs
</VirtualHost>
<VirtualHost *:443>
 ServerName default
 ServerAdmin gtc
 DocumentRoot /var/www/default/htdocs
 SSLEngine on
 SSLCertificateFile /etc/ssl/apache2/server.crt
 SSLCertificateKeyFile /etc/ssl/apache2/server.key
</VirtualHost>

Changes in /gtc/test/etc/thinclient/server-profile/etc/bind/named.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/bind/named.conf

Changed on 23.04.10
Issued by olli
Beginning line 13

Listen on localhost and the LAN and forward requests if they are not known by this DNS (for internet name resolution).


Before change
        listen-on { 127.0.0.1; };
After change
        // Listen
	listen-on { 127.0.0.1/8;
	            0.0.0.0/0;
	};
	// The way to the Internet
        allow-recursion { 127.0.0.1/8;
                          0.0.0.0/0;
        };
	// Local zones
        allow-query { 127.0.0.1/8;
	              0.0.0.0/0;
	};
	allow-notify { none; };
	allow-transfer { none; };

Changed on 23.04.10
Issued by olli
Beginning line 73

Zone definitions for some domains


# This is an entry for an LDAP Zone. Use this only if you want to use Bind with LDAP
zone "gtc" IN {
        type master;
	database "ldap ldap://127.0.0.1/cn=Computers,dc=gtc 172800";
	allow-update { none; };
};

zone "in-addr.arpa" {
        type master;
	database "ldap ldap://127.0.0.1/cn=Computers,dc=gtc 172800";
	allow-update { none; };
};

Changes in /gtc/test/etc/thinclient/server-profile/etc/conf.d/apache2

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/conf.d/apache2

Changed on 28.04.10
Issued by olli
Beginning line 35

Apache startoptions for enabling PHP5 and SSL


Before change
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D PHP5"
After change
APACHE2_OPTS="-D SSL -D PHP5"

Changes in /gtc/test/etc/thinclient/server-profile/etc/conf.d/nfs

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/conf.d/nfs

Changed on 26.04.10
Issued by olli
Beginning line 8

Thist starts the rpc.idmapd for UID/GID Mapping on NFSv4. It hast to be startet at the clientside too. If this Service is not started all UIDs/GIDs are mapped to ID 4294967294. The Configurationfile /etc/idmapd.conf should be the same on Client and Server


Before change
NFS_NEEDED_SERVICES=""
After change
NFS_NEEDED_SERVICES="rpc.idmapd"

Changed on 26.04.10
Issued by olli
Beginning line 16

Allow a maximum of 20 Clients at the same time on your NFS Server


Before change
#OPTS_RPC_NFSD="8"
After change
OPTS_RPC_NFSD="20"

Changed on 26.04.10
Issued by olli
Beginning line 24

The rpc mountd should listen on port 32767 (needed for some firewall settings).


Before change
#OPTS_RPC_MOUNTD=""
After change
OPTS_RPC_MOUNTD="-p 32767"

Changed on 26.04.10
Issued by olli
Beginning line 32

The rpc statd should listen on port 32765 and send outgoing connections over port 32766 (needed for some firewall settings).


Before change
#OPTS_RPC_STATD=""
After change
OPTS_RPC_STATD="-p 32765 -o 32766"

Changes in /gtc/test/etc/thinclient/server-profile/etc/dhcp/dhcpd.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/dhcp/dhcpd.conf

Changed on 23.04.10
Issued by olli
Beginning line 1

This are the DHCP settings for connecting to the LDAP Server.

ldap-server "127.0.0.1";
ldap-port 389;
ldap-username "";
ldap-password "";
ldap-base-dn "ou=DHCP-Servers,dc=gtc";
ldap-dhcp-server-cn "gtc-server";
ldap-method dynamic;
ldap-debug-file "/tmp/dhcp-ldap-startup-config";

Changes in /gtc/test/etc/thinclient/server-profile/etc/openldap/schema/gabosh.schema

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/openldap/schema/gabosh.schema

Changed on 24.04.10
Issued by olli
Beginning line 1

This is the schema for using nested groups (groups in groups)

objectclass ( 1.3.6.1.4.1.35312.1 NAME 'gaboshGroup'
        DESC 'adds uniqueMember attribut for groups'
        SUP top AUXILIARY
        MAY ( uniqueMember )
        )

Changed on 24.04.10
Issued by olli
Beginning line 9

This is for having DHCP and DNS in one ObjecClass.

objectclass ( 1.3.6.1.4.1.35312.2 NAME 'gaboshComputer'
        DESC 'for Computer DHCP and DNS entries'
        SUP top AUXILIARY
	MAY ( DNSTTL $ DNSClass $ ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord $ zoneName $ relativeDomainName )
        )

Changes in /gtc/test/etc/thinclient/server-profile/etc/openldap/slapd.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/openldap/slapd.conf

Changed on 23.04.10
Issued by olli
Beginning line 6

Include basic schamas

include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/dnszone.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/dhcp.schema
include         /etc/openldap/schema/gabosh.schema

Changed on 23.04.10
Issued by olli
Beginning line 23

Certificates for using TLS.

TLSCertificateFile      /etc/openldap/ssl/ldap.crt
TLSCertificateKeyFile   /etc/openldap/ssl/ldap.key

Changed on 23.04.10
Issued by olli
Beginning line 32

Set the search path for LDAP modules


Before change
# modulepath	/usr/lib/openldap/openldap
After change
modulepath  /usr/lib/openldap/openldap

Changed on 23.04.10
Issued by olli
Beginning line 44

Load the hdb-LDAP module for HDB storage-backend
You should create the HDB-configfile:

cp /var/lib/openldap-data/DB_CONFIG.example /var/lib/openldap-data/DB_CONFIG


Before change
# moduleload	back_hdb.so
After change
moduleload  back_hdb.so

Changed on 23.04.10
Issued by olli
Beginning line 78

Set ACLs on the encrypted User password. This disables to get the encrypted passwords with e.g. "getent passwd shadow" for shadow-accounts or with ldapsearch. If you don't want so use LDAP-Auth for Samba you can leave the samba* attributes and line with smbadmin out.

access to attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPasswordHistory,sambaAcctFlags,shadowLastChange
  by dn="cn=smbadmin,ou=People,dc=gtc" write
  by dn="cn=replicator,ou=People,dc=gtc" read
  by anonymous auth
  by self write
  by * none

access to * 
  by * read

Changed on 23.04.10
Issued by olli
Beginning line 95

LDAP Base DN


Before change
suffix		"dc=my-domain,dc=com"
After change
suffix                "dc=gtc"

Changed on 23.04.10
Issued by olli
Beginning line 102

LDAP Root DN


Before change
rootdn		"cn=Manager,dc=my-domain,dc=com"
After change
rootdn                "cn=Manager,dc=gtc"

Changed on 23.04.10
Issued by olli
Beginning line 110

Encrypted LDAP Root password from slappasswd


Before change
rootpw		secret
After change
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXX

Changed on 23.04.10
Issued by olli
Beginning line 120

Define slapd indexes for LDAP tuning and for getting rid of the "bdb_equality_candidates: (uid) not indexed" log entrys. Don't forget to run slapindex. I put it in a weekly cron job.


Before change
#index	objectClass	eq
After change
index objectclass,entryCSN,entryUUID   eq
index cn                      pres,sub,eq
index sn                      pres,sub,eq
index uid                     pres,sub,eq
index displayName             pres,sub,eq
index uidNumber               eq
index gidNumber               eq
index memberUid               eq
index uniqueMember            eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
index default               sub
index                       zoneName                         eq
index                       relativeDomainName               eq

Changed on 23.04.10
Issued by olli
Beginning line 140

This is only for LDAP Replication. If you don't want to use replication, do not insert this lines.

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

Changes in /gtc/test/etc/thinclient/server-profile/etc/phpldapadmin.conf

File permissions:
Owner: root
Group: root
Permissions: -rw-r--r--

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/etc/phpldapadmin.conf

Changed on 23.04.10
Issued by olli
Beginning line 283

Basedn for phpldapadmin


Before change
// $servers->setValue('server','base',array(''));
After change
$servers->setValue('server','base',array('dc=gtc'));

Changed on 23.04.10
Issued by olli
Beginning line 311

Login for phpldapadmin


Before change
#  $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
After change
$servers->setValue('login','bind_id','cn=Manager,dc=gtc');

Changes in /gtc/test/etc/thinclient/server-profile/start.sh

File permissions:
Owner: root
Group: root
Permissions: -rwxr-xr-x

Click here for a download of the complete file: /gtc/test/etc/thinclient/server-profile/start.sh

Changed on 23.04.10
Issued by olli
Beginning line 2

Create data and start the Services

#!/bin/bash

# Get network informations
IP=`cat /proc/cmdline | perl -pe 's/^.+ip=//; s/ .+$//'` 
SRV_IP=`echo $IP | cut -d: -f1`
SRV_GATEWAY=`echo $IP | cut -d: -f3`
SRV_SUBNET=`echo $IP | cut -d: -f4`
SRV_NETWORK=`ipcalc $SRV_IP/$SRV_SUBNET -b -n | grep Network | perl -pe 's/ +/ /g' | cut -d" " -f2 | cut -d"/" -f1`
SRV_BROADCAST=`ipcalc $SRV_IP/$SRV_SUBNET -b -n | grep Broadcast | perl -pe 's/ +/ /g' | cut -d" " -f2`

# Setup pxelinux-Bootloader-Files
mkdir -p /srv/pxe/pxelinux.cfg
cp /usr/share/syslinux/pxelinux.0 /srv/pxe/
cp /usr/share/syslinux/menu.c32 /srv/pxe/
cp /boot/kernel-genkernel-x86-`uname -r` /srv/pxe/
cp /boot/initramfs-genkernel-x86-`uname -r` /srv/pxe/

# LDAP
if [ -d "/srv/ldap" ]
then
 rm -r /var/lib/openldap-data
 ln -sf /srv/ldap /var/lib/openldap-data
 /etc/init.d/slapd start
else
 echo "Creating initial LDAP Database"
 SRV_REVIP=`echo "$SRV_IP" | awk 'BEGIN{FS=".";ORS="."} {for (i = NF; i > 0; i--){print $i}}' | sed 's/\.$//'` 
echo "
# Create LDAP DB and start it
# The basic structure
dn: dc=gtc
dc: gtc
objectClass: top
objectClass: domain

# The DHCP Object with some default settings. filename and next-server are only needed if you want to boot with PXE.
# The entriees for your DHCP-Server(s)
dn: ou=DHCP-Servers,dc=gtc
objectClass: organizationalUnit
objectClass: top
ou: DHCP-Servers

dn: cn=gtc-server,ou=DHCP-Servers,dc=gtc
objectClass: top
objectClass: dhcpServer
cn: gtc-server
dhcpServiceDN: cn=Computers,dc=gtc
dhcpStatements: next-server $SRV_IP
dhcpOption: routers $SRV_GATEWAY
dhcpOption: domain-name-servers $SRV_IP
dhcpOption: ntp-servers $SRV_IP

# The global settings for all your DHCP-Server(s)
dn: cn=Computers,dc=gtc
cn: Computers
dhcpOption: subnet-mask $SRV_SUBNET
dhcpOption: broadcast-address $SRV_BROADCAST
dhcpOption: domain-name \"gtc\"
dhcpStatements: ddns-update-style none
dhcpStatements: get-lease-hostnames true
dhcpStatements: use-host-decl-names true
dhcpStatements: filename \"/pxelinux.0\"
dhcpStatements: default-lease-time 7200
dhcpStatements: max-lease-time 14400
objectClass: dhcpService
objectClass: top
dhcpSecondaryDN: cn=gtc-server,ou=DHCP-Servers,dc=gtc

# The DHCP-Subnet entry:
dn: cn=$SRV_NETWORK,cn=Computers,dc=gtc
objectClass: top
objectClass: dhcpSubnet
objectClass: dhcpOptions
dhcpNetMask: 24
#dhcpRange: XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
cn: $SRV_NETWORK

# The GTC/DHCP-Server
dn: pTRRecord=gtc-server.gtc.,cn=Computers,dc=gtc
aRecord: $SRV_IP
pTRRecord: gtc-server.gtc.
zoneName: gtc
zoneName: in-addr.arpa
objectClass: dNSZone
objectClass: top
sOARecord: gtc hostmaster 2010033001 8H 4H 4W 3H
nSRecord: localhost.
relativeDomainName: $SRV_REVIP
relativeDomainName: @

# Gouups
dn: ou=Group,dc=gtc
objectclass: top
objectclass: organizationalUnit
ou: Group

# Admin group
dn: cn=admins,ou=Group,dc=gtc
cn: admins
gidnumber: 12345
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=Ad min,ou=Users,ou=People,dc=gtc

# System groups
dn: cn=audio,ou=Group,dc=gtc
cn: audio
gidnumber: 18
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=cdrom,ou=Group,dc=gtc
cn: cdrom
gidnumber: 19
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=cdrw,ou=Group,dc=gtc
cn: cdrw
gidnumber: 80
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=disk,ou=Group,dc=gtc
cn: disk
gidnumber: 6
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=games,ou=Group,dc=gtc
cn: games
gidnumber: 35
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=root,ou=Group,dc=gtc
cn: root
gidnumber: 0
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=admins,ou=Group,dc=gtc

dn: cn=usb,ou=Group,dc=gtc
cn: usb
gidnumber: 85
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=vboxusers,ou=Group,dc=gtc
cn: vboxusers
gidnumber: 1008
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=video,ou=Group,dc=gtc
cn: video
gidnumber: 27
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=users,ou=Group,dc=gtc

dn: cn=wheel,ou=Group,dc=gtc
cn: wheel
gidnumber: 10
objectclass: posixGroup
objectclass: top
objectclass: gaboshGroup
uniquemember: cn=admins,ou=Group,dc=gtc

# Users group
dn: cn=users,ou=Group,dc=gtc
cn: users
gidnumber: 100
objectclass: gaboshGroup
objectclass: posixGroup
objectclass: top
uniquemember: cn=Ad min,ou=Users,ou=People,dc=gtc
uniquemember: cn=Te St,ou=Users,ou=People,dc=gtc

# Users section:
dn: ou=People,dc=gtc
objectclass: top
objectclass: organizationalUnit
ou: People

dn: ou=SystemUsers,ou=People,dc=gtc
objectclass: organizationalUnit
objectclass: top
ou: SystemUsers

dn: ou=Users,ou=People,dc=gtc
objectclass: organizationalUnit
objectclass: top
ou: Users

# Admin User
dn: cn=Ad Min,ou=Users,ou=People,dc=gtc
cn: Ad Min
gidnumber: 100
givenname: Ad
homedirectory: /home/admin
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: sambaSamAccount
objectclass: posixAccount
objectclass: top
sambaacctflags: [U          ]
sambalmpassword: 69B3E05FE457CAAAAAD3B435B51404EE
sambantpassword: 8F6D7AB8FE0B9B159A50FE4F1174AFAF
sambapasswordhistory: 000000000000000000000000000000000000000000000000000000
 0000000000
sambaprimarygroupsid: S-1-5-21-130334517-3066763751-205333941-3002-
sambapwdlastset: 1243432646
sambasid: S-1-5-21-130334517-3066763751-205333941-3004
sn: Min
uid: admin
uidnumber: 1000
userpassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXX

# Test User
dn: cn=Te St,ou=Users,ou=People,dc=gtc
cn: Te St
gidnumber: 100
givenname: Te
homedirectory: /home/test
loginshell: /bin/false
objectclass: inetOrgPerson
objectclass: sambaSamAccount
objectclass: posixAccount
objectclass: top
sambaacctflags: [U          ]
sambalmpassword: 69B3E05FE457CAAAAAD3B435B51404EE
sambantpassword: 8F6D7AB8FE0B9B159A50FE4F1174AFAF
sambapasswordhistory: 000000000000000000000000000000000000000000000000000000
 0000000000
sambaprimarygroupsid: S-1-5-21-130334517-3066763751-205333941-3002-
sambapwdlastset: 1243432646
sambasid: S-1-5-21-130334517-3066763751-205333941-3005
sn: St
uid: test
uidnumber: 1001
userpassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXX

# Sambadomain
dn: sambaDomainName=GTCSERVER,dc=gtc
objectclass: sambaDomain
sambaalgorithmicridbase: 1000
sambadomainname: GTC
sambaforcelogoff: -1
sambalockoutduration: 30
sambalockoutobservationwindow: 30
sambalockoutthreshold: 0
sambalogontochgpwd: 0
sambamaxpwdage: -1
sambaminpwdage: 0
sambaminpwdlength: 5
sambanextuserrid: 1000
sambapwdhistorylength: 0
sambarefusemachinepwdchange: 0
sambasid: S-1-5-21-130334517-3066763751-205333941


" > /tmp/ldapinit.ldif
 mv /var/lib/openldap-data /srv/ldap
 ln -sf /srv/ldap /var/lib/openldap-data
 mv /srv/ldap/DB_CONFIG.example /srv/ldap/DB_CONFIG
 /etc/init.d/slapd start
 /etc/init.d/slapd stop
 slapadd < /tmp/ldapinit.ldif
 chown -R ldap:ldap /srv/ldap
 /etc/init.d/slapd start
fi
cp /etc/nsswitch.conf /tmp/nsswitch.conf.tcorig
cat /tmp/nsswitch.conf.tcorig | \
sed 's/^passwd:.*/passwd: ldap compat/' | \
sed 's/^shadow:.*/shadow: ldap compat/' | \
sed 's/^group:.*/group: ldap compat/' > /etc/nsswitch.conf
/etc/init.d/nscd restart

# Copy up-to-date default configs
if [ -d "/srv/config" ]
then
 rsync -a --exclude=thinclient.conf.local --exclude=profiles --exclude=global-profile --delete /etc/thinclient/ /srv/config/
else
 mkdir -p /srv/config
 rsync -a /etc/thinclient/ /srv/config/
fi

# Prepare Server gtcroot
mkdir -p /opt/gtcroot
mount -B /_gtcroot /opt/gtcroot
mount -B /srv/config /opt/gtcroot/etc/thinclient
mkdir -p /opt/gtcroot/etc/thinclient/profiles
mkdir -p /srv/profiles
mount -B /srv/profiles /opt/gtcroot/etc/thinclient/profiles
mkdir -p /srv/global-profile
mount -B /srv/profiles /opt/gtcroot/etc/thinclient/global-profile

# Configure phpldapadmin
mkdir -p /var/www/default/htdocs/phpldapadmin
rsync -a --delete /usr/share/webapps/phpldapadmin/*/htdocs/ /var/www/default/htdocs/phpldapadmin
cp /etc/phpldapadmin.conf /var/www/default/htdocs/phpldapadmin/config/config.php
chown -R apache:apache /var/www/default/htdocs

# DNS
echo "nameserver 127.0.0.1
search gtc" >/etc/resolv.conf
chmod 644 /etc/resolv.conf

# Start the other Services
/etc/init.d/named start
/etc/init.d/dhcpd start
killall -9 portmap 2>/dev/null
umount -lf /var/lib/nfs/rpc_pipefs 2>/dev/null
sleep 5
/etc/init.d/portmap start
/etc/init.d/rpc.statd start

/etc/init.d/nfs start
/etc/init.d/atftp start
/etc/init.d/apache2 start
mkdir -p /srv/log /srv/share/home/test /srv/share/home/admin
chown test:users /srv/share/home/test 
chown admin:admins /srv/share/home/admin
chmod 750 /srv/share/home/test
chmod 750 /srv/share/home/admin
mount -B /srv/share/home /home
/etc/init.d/samba start

# Write the Bootmanager-Config
mkdir -p /srv/pxe/pxelinux.cfg
echo "
default menu.c32
prompt 0
	    
menu title GTC Boot Menu
NOESCAPE 1
ALLOWOPTIONS 0
MENU AUTOBOOT Starting Gentoo Stable Thinclient in # seconds

label gtc
 menu default
 menu label ^GTC
 timeout 100
 kernel /kernel-genkernel-x86-`uname -r`
 append initrd=/initramfs-genkernel-x86-`uname -r` root=/dev/nfs nfsroot=$SRV_IP:/opt/gtcroot ramdisk_size=256000 acpi_sleep=s3_bios real_root=/dev/nfs
 ipappend 3

label bootlocal
 menu label ^Boot from local Disk
 localboot 0
" > /srv/pxe/pxelinux.cfg/default

Please send a feedback to: doc<at>gabosh.net

Howto listing
File Index

Here you can find the official Gentoo Linux Forums where you can find a lot of answers.

Here a link to the official Gentoo Linux Homepage.

Edit Howto

About / Impressum

Click here for About / Impressum

Wishlist

If you want to support my work you can find my Amazon whishlist here