windows

Cooking on Windows Sever..

Eugenio MarzoLeave a comment

Hi guys!

I have to manage Windows Server 2008 using Chef..

First of all, I need to choose the strategy for bootstrapping the new node and I am going to use an unattended bootstrap..

Configuring network card to talk with 33.33.33.10 (my Chef server)

Screen Shot 2016-08-04 at 18.19.09

Download and install  chef-client for Windows from https://downloads.chef.io/chef-client/windows/

Screen Shot 2016-08-04 at 15.41.06.png

Copy client.rb and validation.pem to c:\chef and launch chef-client from the command line.

This my new Windows node!

Screen Shot 2016-08-04 at 18.09.15

Let’s prepare a simple cookbook named mywindows:

knife cookbook create mywindows

Let’s insert the following resources in recipes/default.rb

#Modify the hosts file
template "C:\\Windows\\System32\\drivers\\etc\\hosts" do
  source "hosts.erb"
  action :create
end

 

#Restart an array of services
[ "Dnscache" , "UxSms" ].each do |s|
 service s do
    action :restart
   end
end

 

#Update Group Policy
execute 'gpupdate' do
  command "gpupdate.exe"
end

 

#Create a key into the registry
windows_registry 'HKCU\Software\Test' do
  values 'MySuperKEy' => Time.now
  action :create
end

 

#Install Putty
windows_package 'Putty' do
  source 'C:\\putty-0.60-installer.exe'
  installer_type :inno
  action :install
end

 

#Enable a Windows Feature
windows_feature "WindowsServerBackup" do
  action :install
end

Run chef-client and all works fine!

Screen Shot 2016-08-04 at 18.34.08.png

Bye!

 

Configure Samba with Active Directory integration (Centos 6)

Eugenio MarzoLeave a comment

Let’s see how to integrate your samba server with Microsoft Active Diretory.

Domain: NOODLES   (NETBIOS name)
FQDN: noodles.foo.org
Domain controller 1: dc01.noodles.foo.org
Domain controller 2: dc02.noodles.foo.org
Local Unix account: puppet
Domain Account: NOODLES\puppet

Packages to install via yum: [ krb5-libs , krb5-devel , samba , samba-common , samba-winbind , samba-client , samba-winbind-client ]

  • create unix local user named “puppet”
  • Install package using yum
  • map “puppet” with “NOODLES\puppet” editing /etc/samba/smbusers:

    • puppet = NOODLES\puppet

  • Make sure that you can reach the domain controllers by the Linux server
  • Configure Kerberos.  Example:[root@mylinuxbox puppet]# cat /etc/krb5.conf

[libdefaults]
default_realm = NOODLES.FOO.ORG[realms]
NOODLES.FOO.ORG = {
kdc = dc01.noodles.foo.org
kdc = dc02.noodles.foo.org

admin_server = dc01.noodles.foo.org
}

  • Configure Samba (/etc/samba/smb.conf)


    • [global]
    nameresolveorder = hosts wins bcast
    maxlogsize = 1500
    passwordserver = dc01 dc02
    usernamemap = /etc/samba/smbusers
    clientntlmv2auth = yes
    dnsproxy = no
    disablespoolss = yes
    printcapname = /dev/null
    realm = NOODLES.FOO.ORG
    logfile = /var/log/samba/smbd.log
    preferredmaster = no
    loadprinters = no
    printing = bsd
    socketoptions = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    localmaster = no
    workgroup = NOODLES
    serverstring = Samba Server
    security = ADS
    # auth methods = guest, sam, winbind
    restrict anonymous = 2

    follow symlinks = yes
    wide links = yes
    unix extensions = no

    [share]
    path=/usr/local/
    writable=yes
    browsable=yes
    create mask = 0766
    valid users= puppet
    force user = puppet

  • Join Linux server to the domain

    • net ads join -U puppetadmin@NOODLES.FOO.ORG

    print details of connection with active directory

    [puppet@mylinuxbox puppet]# net ads info

    LDAP server: [ ip address of dc01]
    LDAP server name: DC01.noodles.foo.org
    Realm: NOODLES.FOO.ORG
    Bind Path: dc=NOODLES,dc=FOO,dc=ORG
    LDAP port: 389
    Server time: Thu, 10 Apr 2014 10:52:59 CEST
    KDC server: [ ip address of dc01]
    Server time offset: 0

    restart samba
    Try access to //mylinuxbox/share using NOODLES\puppet