Differences

This shows you the differences between two versions of the page.

--- sysadmin:procedures:ldapkerbsetup [2024/03/27 15:01] – kjohns23
+++ sysadmin:procedures:ldapkerbsetup [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Run automated config tasks with Ansible ======
-  * **ssh** to ansible.socs and copy //.ssh/rsa_id.pub// to new vm //.ssh/authorized_keys// (append if exists already)
-  * Add sysadmin account on new to local sudo group (via **visudo**, sudo must be installed)
-  * Run **scripts/dhcp-free-addresses.py** to find a free 48.x ip (or 49.x if 48 exhausted). Student stuff can go directly on 49.x.
-  * In **ldapvi** find the sOARecord for socs.uoguelph.ca (see **492 relativeDomainName=@** and increment the first int in the line (this is picked up by an hourly cron on fluffy that will trigger bind dns to update).
-    * Also do the same for ldap record 512 (49.x ip's) or 514 (48.x)
-  * On the ansible server, add name/ip of new machine to provision group in **/etc/ansible/** hosts, run **$ ansible -m ping provision**
-  * Run **ansible-playbook playbook/role.yml** (Make sure role.yml includes //ldap2//)
-FIXME remove the host setup stuff and only keep things related to ansible
-====== Final steps ======
-  * Restart autofs on new machine and confirm that ldap home dirs can be mounted. A system reboot may be required before dirs will mount.
-  * Unless other groups need ssh access, append //simple_allow_groups = sysadmin// to ///etc/sssd/sssd.conf//
-  * In ///etc/ssh/sshd_config// uncomment //GSSAPIAuthentication// and //GSSAPICleanupCredentials// and set both to 'yes'. If you want to make sure only a specific group can access ssh, append AllowGroups sysadmin to the file.