virtual grind thoughts from the virtual world

15Oct/120

Using Likewise To Integrate Ubuntu Into Active Directory

Just thought I would share a quick post on adding your Ubuntu servers to Active Directory. Using Active Directory for centralized and distributed management of computers and users is a common practice. Allowing Linux machines to interact with the Active Directory extends this functionality into the Linux world, allowing administrators to use things like security groups and permissions for easy access.

Fortunately, in today's times, this process is a lot easier than it was years ago with the use of Likewise. To install Likewise, simply add the package via apt:

sudo apt-get install likewise-open

Once the package is installed, you have to join your Ubuntu installation to the Active Directory:

sudo domainjoin-cli join virtualgrind.local Administrator

In the above line, you are joining an Active Directory domain with a name of "virtualgrind.local" with the user "Administrator". Note that you will need to enter your domain name and a user account that has permissions to join the domain, if you do not use the Administrator account.

Once you enter the domainjoin-cli command, you will be prompted for the Active Directory account's password that was specified. If all goes well, you will see a "SUCCESS" message. You will also see the Ubuntu machine added as a computer in your Active Directory.

At this point, any Active Directory account will be able to ssh into the server. You can test this by creating a ssh session to the machine with an Active Directory account:

ssh virtualgrind\\johndoe@ubuntu-server
or
ssh 'virtualgrind\johndoe'@ubuntu-server

In the above example, you are providing the standard UNC naming convention as the username for your ssh connection, or DOMAINNAME\USERNAME. In this particular example, the domain name is "VIRTUALGRIND" and the user name is "johndoe". Also note that the hostname of this example is "ubuntu-server". You could also use the IP address of the server as well.

To limit the groups of users that are able to ssh into the server, you will then need to use the "lwregshell" command:

sudo lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]' RequireMembershipOf "virtualgrind\\SSH^Users" "virtualgrind\\Linux_Admins"

...then, to apply the changes and restart the service:

sudo lwsm refresh lsass

In this example, the lwregshell command is requiring that ssh users are members of the Active Group "SSH Users" or "Linux_Admins". I included two groups to show how to deal with spaces in a group name, or by using something like an underscore for your group names in Active Directory.

Finally, if any of the users that are accessing the system from Active Directory need to use the sudo command, you will also need to provide the UNC style name to the sudoers file:

%VIRTUALGRIND\\Linux_Admins ALL=(ALL)ALL

In this example, we are adding a line to the /etc/sudoers with the UNC name of the domain and group. For this instance, we are allowing the "Linux_Admins" group from the domain "VIRTUALGRIND" full sudo access. Remember to use the visudo command when performing this versus using something like pico or vi.

14May/110

Bitcricket IP Subnet Calculator

For years, I have been using the IP Subnet Calculator dashboard widget for quick IPv4 sanity. Jeremy Williams released this handy tool in 2005, and has been on every Mac I have owned since.

Since IPv6 is becoming more commonplace, I recently started looking for a nice simple calculator for OSX. Low and behold, I ran across Bitcricket's IP Subnet Calculator recently. The Bitcricket calculator is very simple and also contains CIDR and IPv6 functionality. I have been using the calculator for a few weeks now and highly recommend it.

Please note that the Bitcricket calculator works on OSX and Windows.

Links:
IP Subnet Calculator Widget
Bitcricket IP Subnet Calculator

17Nov/100

Manually Removing ThinPrint Drivers Installed by VMware Tools

1. Deleting the printer object:

Go to the Printers and Faxes folder and delete the printer _#VmwareVirtualPrinter

2. Uninstalling Services:

First go to the services menu and make sure that TPautoconnect is stopped.

Open a command prompt and run the command:

C:\Program Files\VMware\VMware Tools\tpautoconnsvc –uninstall

Delete the files TPAutoConnect.exe and TPAutoConnSvc.exe in the C:\Program Files\VMware\VMware Tools directory.

Open the Printers and Faxes folder, and under File, select Server Properties, select the driver tab, and delete TP Output Gateway.

3. Delete the following keys from the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Enviroments\Windows NT x86\Drivers\Print Processors\tpwinprn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ThinPrint Print Port Monitor for VMWare
HKEY_LOCAL_MACHINE\SOFTWARE\ThinPrint

4. Restart the Image or Print Spooler

5. Deleting Files:

Remove C:\Program Files\VMware\VMware Tools and delete TPOG3 subfolder completely.
Open C:\WINDOWS\system32 and delete TPSvc.dll, TPVMMon.dll, TPVMMonUI.dll and TPVMW32.dll.
Finally, open C:\WINDOWS\system32\spool\prtprocs\w32x86 and delete TPwinprn.dll.

Filed under: VDI, View, VMware, Windows No Comments