{"id":172,"date":"2015-02-03T12:36:58","date_gmt":"2015-02-03T12:36:58","guid":{"rendered":"http:\/\/www.troliver.com\/?p=172"},"modified":"2015-02-03T12:39:58","modified_gmt":"2015-02-03T12:39:58","slug":"multiple-user-student-webserver-part-2","status":"publish","type":"post","link":"https:\/\/www.troliver.com\/?p=172","title":{"rendered":"Multiple-user student webserver – Part 2"},"content":{"rendered":"

Further to the previous post<\/a>\u00a0on this, we have had a second catastrophic outage of our storage array which, once again, has taken Studentnet with it. However, going from my previous blog post has allowed me to get this up and running fairly quickly. In the process, I found some addendums that I would make to the original – but rather than edit it in, I thought it would be better to make a new post to explain the differences. Plus, I found a much quicker way to get it up and running..<\/p>\n

 <\/p>\n

Change 1: Install Linux as a LAMP server<\/h2>\n

This is really simple. Lots of things will get installed by default here; the pear, php and mysql modules all get installed with this. Selecting this and OpenSSH is all I did this time around. Straight afterward this, all that needs to be done is the original step of altering \/etc\/apache2\/mods-enabled\/dir.conf\u00a0<\/em>to push index.php to the start as well as an apt-get<\/em> update<\/em> and upgrade<\/em><\/p>\n

Change 2: Powerbroker\/Likewise installation<\/h2>\n

This time around, I used pbis 8.2, rather than 7.5.\u00a0apt-get install pbis-open<\/em> doesn’t work – so we need to get it from Beyondtrust’s download site manually. Over at http:\/\/download1.beyondtrust.com\/Technical-Support\/Downloads\/PowerBroker-Identity-Services-Open-Edition\/?Pass=True can be found the latest version for a given distribution; for Ubuntu, currently, this is currently located at \u00a0http:\/\/download.beyondtrust.com\/PBISO\/8.2.1\/linux.deb.x64\/pbis-open-8.2.1.2979.linux.x86_64.deb.sh\u00a0<\/em>which uses the Debian release.<\/p>\n

The following commands are how I got this working:<\/p>\n

cd \/tmp\r\n\/\/Make a temporary directory\r\n\r\nwget http:\/\/download.beyondtrust.com\/PBISO\/8.2.1\/linux.deb.x64\/pbis-open-8.2.1.2979.linux.x86_64.deb.sh\r\n\/\/Download to this directory\r\n\r\nsudo chmod +x pbis-open-8.2.1.2979.linux.x86_64.deb.sh\r\n\/\/Give execution permission for this file\r\n\r\nsudo .\/pbis-open-8.2.1.2979.linux.x86_64.deb.sh\r\n\/\/Run the installer. Dont select legacy links, dont need it, and select yes to install now\r\n\r\nsudo domainjoin-cli join --ou \"OU=ComputerFolder,DC=company,DC=co,DC=uk\" company.co.uk myaccount\r\n\/\/The account \"myaccount\" has to be able to join the domain. You'll be prompted to enter a password.\r\n<\/pre>\n
After this, the server can now accept domain logins. The only other thing to do now is to add in some AD configuration, for things like the prefix for the domain (so users don’t have to type their username@domain.. they only need to type username) as well as where their home directory is located. The following lines add entries to the PBIS configuration:<\/p>\n
sudo \/opt\/pbis\/bin\/config UserDomainPrefix MYDOMAIN\r\nsudo \/opt\/pbis\/bin\/config AssumeDefaultDomain true\r\nsudo \/opt\/pbis\/bin\/config LoginShellTemplate \/bin\/bash \r\nsudo \/opt\/pbis\/bin\/config HomeDirTemplate %H\/%D\/%U \r\nsudo \/opt\/pbis\/bin\/config RequireMembershipOf \"MYDOMAIN\\\\students\" \"MYDOMAIN\\\\staff\" \"UOB\\\\TechStaff\"\r\nsudo \/opt\/pbis\/bin\/config HomeDirUmask 072<\/pre>\n
 <\/p>\n
Change 3: Quick permissions changes<\/h2>\n
The only next thing to do now is to ensure that “TechStaff” are able to act as admins. We can do this by adding the following, somewhere in the sudoers file (nano \/etc\/sudoers):<\/p>\n
%TechStaff ALL=(ALL:ALL) ALL<\/pre>\n
TechStaff users can now do everything. Now, for the web server part, we set home directories to be only changed by their owners (and read by anyone in the group and executed by anyone else) already, but we need to change one small thing in the apache2 user directory config after making sure we have run\u00a0a2enmod userdir –\u00a0<\/em>Inside\u00a0\/etc\/apache2\/mods-enabled\/userdir.conf\u00a0<\/em>, the line\u00a0\/home\/*\/public_html <\/em>needs to be changed to \/home\/domain<\/strong>\/*\/public_html<\/em> – which is specified in the HomeDirTemplate above (home\/domain\/user – %H\/%D\/%D). The next line,\u00a0AllowOverride, should just say All<\/em> after it, too.<\/p>\n
After restarting apache2, everything should work alright, as before. PBIS was a lot easier to install and join the domain with this time around and with the LAMP installation automated, everything was just a lot quicker to get running.<\/p>\n
\n","protected":false},"excerpt":{"rendered":"
Further to the previous post\u00a0on this, we have had a second catastrophic outage of our storage array which, once again, has taken Studentnet with it. However, going from my previous blog post has allowed me to get this up and running fairly quickly. In the process, I found some addendums that I would make to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[2],"tags":[10,20,36],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6PQZ3-2M","_links":{"self":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/172"}],"collection":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=172"}],"version-history":[{"count":2,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/172\/revisions"}],"predecessor-version":[{"id":176,"href":"https:\/\/www.troliver.com\/index.php?rest_route=\/wp\/v2\/posts\/172\/revisions\/176"}],"wp:attachment":[{"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.troliver.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}