Installing Debian and Subversion on Hyper-V (EARLY DRAFT)

Part 1: Setting up the Hyper-V VM

The network adapter was the tricky part. I mentioned the fix in this previous post: http://arkesystems.com/blog/post/2008/04/Hyper-V-Miscellaneous.aspx

Part 2: Installing Debian

Start the Debian install (I use mostly all the default settings)
When it asks for you to create a user DO NOT use the same username as your AD account, this will just be confusing. Use something else, or something like 'defaultdebianuser'.
When it asks for software selection choose the following:
- Desktop Environment
- Web Server
- SQL Database
- Standard System
Now wait forever while it finishes the initial install.
Finish up the install and reboot
Login as root
Setup your network settings:
- #> sudo nano -w /etc/network/interfaces
- Create a static entry such as:
  allow-hotplug eth0
  iface eth0 inet static
  address 192.168.1.57
  netmask 255.255.255.0
  gateway 192.168.1.254
  
  auto eth0
- Save and exit
- Restart the machine and re-login
install the ssh server #> apt-get install ssh
You can now ssh into the machine so you don't have to be on the actual box in order to finish setting subversion up.

Part 3: Connecting to the Active Domain

We have our base install of Debian now, and it's available via ssh. We now need to install the necessary components for connecting to the Windows Domain.

Modify the sources list accordingly
- #> sudo nano -w /etc/apt/sources.list
  deb http://ftp.us.debian.org/debian/ etch main contrib non-free
  deb-src http://ftp.us.debian.org/debian/ etch main contrib non-free
  
  deb http://security.debian.org/ etch/updates main contrib
  deb-src http://security.debian.org/ etch/updates main contrib
#> sudo apt-get update
#> sudo apt-get install libkrb43
#> sudo apt-get install krb5-config
- It may ask you to enter the IP address of your AD server
#> sudo apt-get install samba
#> sudo apt-get install winbind
#> sudo apt-get install ntpdate
#> sudo apt-get install ntp-server
The previous items may ask for some configuration options, you can fill them in if you know them otherwise we'll be modifying the configuration files later...
#> sudo /etc/init.d/samba stop
#> sudo /etc/init.d/winbind stop
#> sudo /etc/init.d/ntp stop
#> sudo nano -w /etc/krb5.conf
- Under the [realms] section add your AD controller's IP
  REALMNAME {
  kdc= 192.168.1.XXX
  
  }
- Look for the default_realm parameter and set it equal to your domain name. The domain name MUST BE IN ALL CAPS. For example, ARKESYSTEMS not arkesystems or arkesystems.com
- Save and Exit
#> sudo ntpdate <ip of the time or AD server>
#> sudo nano -w /etc/ntp.conf
- Add a server like:
  - server <ip of the time or AD server>
- Save and exit
#> sudo /etc/init.d/ntp start
check to see if this is working so far by:
- #> ntpq -p
- If it has your server in the list you good to keep going.
#> sudo nano -w /etc/samba/smb.conf
- Save and quit
#> sudo nano -w /etc/nsswitch.conf
- Add the winbind flag to the passwd and group field:
#> sudo ldconfig
What we've done in the last few steps is synced the debian box with the time server. They both need to be within a few seconds of each other in order to properly authenticate on the domain. We then setup our user folders and samba authentication. Finally we added the ability of Debian to validate against the AD for users. We're now ready to attempt to join this machine to the domain.
#> sudo net ads join -U "DOMAINADMIN"
#> sudo /etc/init.d/samba start
#> sudo /etc/init.d/winbind start
use the getent passwd and getent group commands to check to see if they're listing the users and groups from your domain. If they are not, double check your config files.
Next we're going to configure PAM (Pluggable Authentication Module Subsystem) This allows programs in the Linux environment to authenticate through the domain. We've got to update three configuration files to use the winbind extensions
Now we need to edit our skeleton files for users who logon to debian for the first time.
- #> cd /etc/skel
- #> sudo mkdir .ssh
- #> sudo nano -w .ssh/authorized_keys
- Save and Exit
- #> sudo chmod -R 744 .ssh
- #> sudo nano -w .bashrc
- add the line: umask 007 at the bottom, save and exit
- #> sudo nano -w .bash_profile
- change the umask to 007, save and exit

Part 4: Installing and Configuring Subversion

#> sudo apt-get install subversion
**THE FOLLOWING IS ONLY IF YOU WANT WEB ACCESS**
#> sudo apt-get install apache2
#> sudo a2enmod dav_fs
#> sudo /etc/init.d/apache2 force-reload

Currently rated 5.0 by 1 people

Currently 5/5 Stars.
1
2
3
4
5

Tags: debian, linux, windows, hyper-v

Categories: Server 2008

Posted by Trenton Adams on Tuesday, April 15, 2008 12:11 AM

E-mail | Kick it! | DZone it! | del.icio.us

Permalink | Comments (3) | Post RSS RSS comment feed

Moving Virtual Machines to Server 2008 and Hyper-VWeb Application Foundation - Part 2 - Preparing a client machine with Visual Studio 2008 for Continuous Integration (Draft)Web Application Foundation - Part 1 - Preparing a Continuous Integration Server

Comments

:dtm.

Wednesday, May 07, 2008 10:03 PM

I followed your instructions, but got stuck at step 22 [AD domain joining].
Here's what I get:

# net ads join -U Administrator
Administrator's password: **********
[2008/05/08 02:37:35, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Server not found in Kerberos database

Some clues I have about this not working:

1. When I installed the Active Directory Domain Services role in Windows Server 2008, I chose the latest and greatest and not a legacy AD version

2. I have the default Debian 4.0r3 AMD64 Samba package installed [3.0.24], and not the latest which may have resolved Longhorn compatibility problems

3. I tried adding my VM in AD in the Computers OU... but I guess that's not the Kerberos database mentioned in the error, right?

Can you help me out?
Regards, TM. aka Daniele Gubert

PS: libkrb43 package does not exist in my system, I have libkrb53 instead.

Trenton Adams

Thursday, May 08, 2008 11:40 AM

Hi Daniele!

Could you email me your:
/etc/samba/smb.conf
/etc/ntp.conf
/etc/network/interfaces

files, I'll look over them and see if I can find any issues in them?

In the meantime, it may be one of the first issues you mentioned, you could try upgrading the Samba package.

In Server 2003, I know that it required DNS to be setup before you could install the Active Directory. Not sure about 2008, do you have DNS installed on the network and Debian pointed to the right server?

:DTM.

Thursday, May 08, 2008 11:31 PM

Thank you Trenton for your reply.
Basically what I'm trying to do is using Hyper-V Debian as a LAMP platform for web development, while the file storage stays in Windows Server 2008.

With the help of this doc [in Italian] download.microsoft.com/.../Integrazione_AD.pdf and a little tampering I was able to read/write a Windows NFS share from a Virtualized Linux user (oh yes, your debianuser ;)

I wonder how to get the Apache user [www-data:www-data] to do the same though, since it has no password and AD won't let me create it as such; moreover it won't allow a group name identical to a user name.

Regards, TM. aka Daniele Gubert

Add comment

Name*
E-mail* (Will show your Gravatar icon)
Website
Country Country flag

Comment* [b][/b] - [i][/i] - [u][/u]- [quote][/quote]

Notify me when new comments are added

Live preview

Friday, September 05, 2008 5:11 PM

Arke Systems Blog

Useful technical and business information straight from Arke.

About the author

Recent posts

Recent comments

Archive

Authors

Tags

Categories

Blogroll

Disclaimer