Isn't he cute?
So on with the recovery experience. First some lessons learned. When ubuntu says a user name is reserved, it means it. So I switch all my 'admin' users to 'super'. Second lesson, allocation more memory for the LAMP host as it also hosts apache tomcat which is a big memory hog. DNS, DHCP, and LDAP all live very nicely in 256M, but tomcat pretty much requires 1G. Considering that I only have 2G of memory to start, things are going to be tight until I can upgrade that. I've been looking at DDR2 memory, but it's out of my budget to upgrade him for right now, and I don't want to upgrade until I can get him up to at least 8G (yes it's a 64-bit OS).
The reinstalls of phantom and the two virtual machines went without a hitch. I setup SSH and certificates for the three systems as before. My CA was setup on servy, so that didn't need to change, but I had to learn how to revoke certificates in order to reissue new certificates. The CA keeps an index of the certificates issued, and a copy of the certificates. Detailed instructions can be found here for revoking and renewing certificates.
I was able to reconfigure DNS easily, because I made servy a slave DNS server for my network, and it only required copying the cached files from servy back to namer, and doing a little editing. DHCP was a breeze to configure as usual. LDAP once again provided problems, and in fact the exact same issue as on the last install. The instructions on the ubuntu website don't clearly demarcate what's boilerplate and what needs to be changed, and of the elements that need to be changed, the relationship between the elements. In my case, I setup a basic server at dc=kamradtfamily,dc=net to match my domain (in hind site I should have made it match my local network berkeley.local) Then it ask for dc again, and I wasn't sure what for, so I just put in kfn, my short name for the kamradtfamily.net. It turns out it needs to match the first dc of the server name, 'kamradtfamily'.
My first attempt to use LDAP was as an authentication server. My hope is to be able to log on to any of my computers with my normal user name and be authenticated via LDAP. So my first victim was pearl, my little ubuntu netbook. She's just a cloud access computer, so I'm not afraid to brick her. Instructions for LDAP authentication can be found here. Soon I was able to su randysr on pearl. The only issue is that now it has trouble on the main logon screen. I figured that I had bricked pearl, until I discovered that the 'other' option on the logon screen still lets me log on. Also I have some scary looking messages that come up when restarting. I still have to figure that out, but I suspect that it has something to do with the wireless network being unavailable prior to logon. Another chicken-and-egg problem to make my head spin.
My second attempt to use LDAP was for web authentication. Fortunately my main web server is on servy, which acts as a reverse proxy for all the internal sites that I want exposed to the internet. His configuration wasn't lost, so it was just a matter of setting up a groupOfUniqueNames in LDAP.
Lastly I installed Nagios on cloudy to be able to monitor my network. Instructions can be found here.
My next project is to move the main mail system from pal to a new mail virtual machine.
No comments:
Post a Comment