Tutorial: Kickstart for Ubuntu 8.04 with LDAP Authentication
Monday, August 4th, 2008We had to install a few Desktop computers with an up to date operating system like Ubuntu, because neither Scientific Linux 5.x, nor SUSE Linux Enterprise was supporting the chipset of our new workstations. But Ubuntu does.
To make life easier for the normal users and to have a homogeneous computing environment we decided to write a kickstart file for Ubuntu. Ubuntu has support for kickstart files, but the documentation is really outdated and quite incomplete:
We needed LDAP Authentication which is currently not working with Ubuntu kickstart. The trick is to include the LDAP configuration into the %post section of the kickstart file.
Creating a basic kickstart file
We started creating a kickstart file using the GUI utility on a working Ubuntu installation (you may use an Ubuntu Live CD for this)
system-config-kickstart
which can be installed on an Ubuntu system with
apt-get install system-config-kickstart
You need to add a meta package like ubuntu-desktop to the kickstart file created by system-config-kickstart in the %packages section and you might want to add other packages like nfs-common:
%packages ubuntu-desktop nfs-common
Configuration of LDAP in the kickstart file
The GUI utility provides some LDAP options which unfortunately do not work with Ubuntu 8.04. So we needed to add the LDAP configuration to the post section of the kickstart file.
During the LDAP installation (with apt-get install) some configuration options have to be filled in interactively. To do this automatically, you can use the preseed mechanism (see here for more information on preseed under Ubuntu 8.04).
At first you have to install LDAP on your own machine (or use a livecd) and configure it interactively:
apt-get install ldap-auth-client --assume-yes auth-client-config -a -p lac_ldap
After that run the followin command to get all the LDAP options
debconf-get-selections | grep ldap
Now you should see something like this:
ldap-auth-config ldap-auth-config/bindpw password ldap-auth-config ldap-auth-config/rootbindpw password ldap-auth-config ldap-auth-config/binddn string cn=proxyuser,dc=example,dc=net ldap-auth-config ldap-auth-config/dbrootlogin boolean false ldap-auth-config ldap-auth-config/rootbinddn string cn=manager,dc=example,dc=net ldap-auth-config ldap-auth-config/pam_password select md5 ldap-auth-config ldap-auth-config/move-to-debconf boolean true ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap_server_name ldap-auth-config ldap-auth-config/ldapns/base-dn string dc=your,dc=domain,dc=tld ldap-auth-config ldap-auth-config/override boolean true ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 ldap-auth-config ldap-auth-config/dblogin boolean false
Now include these information into your kickstart file with the preseed option. The result should look similar to this:
preseed --owner ldap-auth-config ldap-auth-config/bindpw password preseed --owner ldap-auth-config ldap-auth-config/rootbindpw password preseed --owner ldap-auth-config ldap-auth-config/binddn string cn=proxyuser,dc=example,dc=net preseed --owner ldap-auth-config ldap-auth-config/dbrootlogin boolean false preseed --owner ldap-auth-config ldap-auth-config/rootbinddn string cn=manager,dc=example,dc=net preseed --owner ldap-auth-config ldap-auth-config/pam_password select md5 preseed --owner ldap-auth-config ldap-auth-config/move-to-debconf boolean true preseed --owner ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap_server_name preseed --owner ldap-auth-config ldap-auth-config/ldapns/base-dn string dc=your,dc=domain,dc=tld preseed --owner ldap-auth-config ldap-auth-config/override boolean true preseed --owner ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 preseed --owner ldap-auth-config ldap-auth-config/dblogin boolean false
In the %post section of the kickstart file add the following to install and configure LDAP
%post --interpreter=/bin/bash apt-get install ldap-auth-client --assume-yes auth-client-config -a -p lac_ldap
Other useful stuff
There are some other useful things you can put into the %post section of the kickstart file:
You might want to moun the home directories like this:
echo "host:/export/home /home nfs defaults 0 0" >> /etc/fstab
If you want to enable auto update on a regular base you can use the package cron-apt
apt-get install cron-apt --assume-yes
By default the cron job just downloads the updates. To automatically install the updates you have to strip the -d option from the apt-get command. This can be done as following:
sed -e 's/ -d / /g' /etc/cron-apt/action.d/3-download > /etc/cron-apt/action.d/3-download2 mv /etc/cron-apt/action.d/3-download2 /etc/cron-apt/action.d/3-download
You might want to set the rootmail user or add users to the sudoers list:
### ROOTMAIL echo "root: rootmail@your.domain.de" >> /etc/aliases ### SUDOERS echo "username ALL=(ALL) ALL" >> /etc/sudoers