The first thing to do is find out whether your hardware is capable of running in master mode. The easiest way to check this is like so:

sudo apt-get install iw
iw list

Look through the output to find the Supported Interface Modes section:

...
Supported interface modes:
         * IBSS
         * managed
         * AP
         * AP/VLAN
         * monitor
         * mesh point
...

If, as in the example above, AP mode is listed, then congratulations you have everything you need! If not, all is not lost. Check out this guide to see how to test older hardware for master mode.

HostAPD

We’re going to use the hostapd service to manage our access point, the first thing to do is install, then configure it.

sudo apt-get install hostapd
sudo nano /etc/default/hostapd

This will install hostapd and present you with the default service configuration. We need to modify this file to start hostapd at boot and tell it where we’ll store the config file. Do this by editing the DAEMON_CONF line like so:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Now we need to create a config file at the location above:

sudo nano /etc/hostapd/hostapd.conf

Paste the following into it:

ctrl_interface=/var/run/hostapd
###############################
# Basic Config
###############################
macaddr_acl=0
auth_algs=1
# Most modern wireless drivers in the kernel need driver=nl80211
driver=nl80211
##########################
# Local configuration...
##########################
interface=wlan0
bridge=br0
hw_mode=g
channel=1
ssid=danlan
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=DONOTFORGETTOCHANGEME
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Most of the options above are fairly self-explantory, however, there are a few things to note. Firstly, “hw_mode=g” should be set as “g” even if you want an 802.11n access point. Furthermore, you need to set a WPA passphrase where indicated.

Bridging the Connections

Your AP is now configured and clients will be able to connect, however, they will not be assigned an IP and they will not be able to access the network on eth0. That’s where bridging comes in. This example assumes that your server has an eth0 connection to the network and wlan0 which is being used as the wireless AP.

First we need to install the bridge utilities:

sudo apt-get install bridge-utils

Edit your /etc/network/interfaces file like so:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
#auto eth0
#iface eth0 inet static
#       address 192.168.0.2
#       netmask 255.255.255.0
#       network 192.168.0.0
#       broadcast 192.168.0.255
#       gateway 192.168.0.1
 
auto br0
iface br0 inet static
        address 192.168.0.2
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        bridge-ports eth0 wlan0

Note that the new br0 interface effectively replaces your existing eth0 interface. If you’ve followed the Ubuntu SBS guide to configure DHCP then you’re done! Your new AP should be up and running after a simple reboot. If not, follow the DHCP Server section of the SBS guide on this site.

The first thing to do is find out whether your hardware is capable of running in master mode. The easiest way to check this is like so: sudo apt-get install iw iw list Look through the output to find the Supported Interface Modes section: ... Supported interface modes: * IBSS ...

This is mainly for my own future reference, but might be useful to others. First things first, I had to clean up the PDF filenames, some contained spaces, some did not.

rename 'y/ /-/' *

This will replace all spaces with hyphens (-).

Now for the converting process:

for i in `ls *.pdf`; do convert -density 125 "$i" "$i".jpg; done

This will convert all .pdf files in the current directory. It requires imagemagik to be installed (on Ubuntu you will be given instructions on how to do this if it’s not already installed when you run the command).

The option “-density 125″ can be adjusted to produce different sized Jpg files, the higher the number, the higher the resolution and consequently the file size.

This is mainly for my own future reference, but might be useful to others. First things first, I had to clean up the PDF filenames, some contained spaces, some did not. rename 'y/ /-/' * This will replace all spaces with hyphens (-). Now for the converting process: for i in `ls *.pdf`; do convert -density 125 "$i" ...

This guide will help you configure Ubuntu Server Edition 11.10 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network.

The first thing to get your server to do is act as a DHCP and DNS server. This will allow you to map hostnames to IP addresses (and vice versa!) automatically. This means all network clients will know that neo.danbishop.org and 192.168.0.2 are one and the same. This is ESSENTIAL if you plan to use Kerberos later on.

Read More >>

This guide will help you configure Ubuntu Server Edition 11.10 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network. The first thing to ...

If you’d like to use an sftp share directly though finder then this guide is for you.

First, you need to install OSXFuse from https://github.com/osxfuse/osxfuse/downloads

At the “Installation Type” stage, be sure to select MacFUSE Compatibility Layer. It’s unticked by default.

Once installed, you need to get Macfusion from http://macfusionapp.org/

Perform the usual drag and drop into your Applications folder then run Macfusion.

Add a new Macfusion share by clicking on the plus icon and selecting SSHFS, enter your details, click ok, then mount. After a few moments your share will be available. You can press cmd+r to show your share in the Finder.

You can now directly edit files on the sftp share using any app on your mac without the need to manually download and re-upload them.

If this process does not work for you, try restarting your mac, then re-adding the Macfusion share.

If you'd like to use an sftp share directly though finder then this guide is for you. First, you need to install OSXFuse from https://github.com/osxfuse/osxfuse/downloads At the "Installation Type" stage, be sure to select MacFUSE Compatibility Layer. It's unticked by default. Once installed, you need to get Macfusion from http://macfusionapp.org/ Perform the usual drag and drop into your ...

Create Ubuntu USB Stick

First download an Ubuntu iso from www.ubuntu.com/download

Be sure to get the 64bit+mac desktop version.

The first step is to convert the iso to a dmg using the terminal:

hdiutil convert -format UDRW -o ~/Downloads/ubuntu.dmg ~/Downloads/ubuntu-11.10-desktop-amd64+mac.iso

Run the command “diskutil list” without your usb stick in, then again once the stick has been inserted. The output from the second command should look something like:

dan-macbookair:~ dan$ diskutil  list
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *121.3 GB   disk0
   1:                        EFI                         209.7 MB   disk0s1
   2:                  Apple_HFS Macintosh HD            120.5 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *16.0 GB    disk1
   1:             Windows_FAT_32                         16.0 GB    disk1s1

As you can see, disk1 has appeared since the insertion of the USB stick. It is very important you work out which disk your USB stick is in this way, else the next step will cause you to wipe out data on your Macbook Air’s SSD!

Now run:

diskutil unmountDisk /dev/disk1

Substituting disk1 for your USB stick’s disk number.

Next we’re going to write the image to the stick like so:

sudo dd if=~/Downloads/ubuntu.dmg of=/dev/rdisk1 bs=1m

Note that this time we’ve added an r to the front of disk1, this is not essential, but will speed up the process.

Finally, once the above command has executed, run “diskutil eject /dev/disk1″ again replacing disk1 with your own stick’s reference.

Your USB stick has been created, restart your Macbook Air holding the alt key and choose to boot from the stick.

Installation

As soon as you see the purple screen with the white icon at the bottom, hit any key to get the USB stick’s boot menu. Select your language then press F6 and select the nomodeset option. Press ESC to return to the main menu and select “Try Ubuntu without any change to your computer”.

Proceed with the installation as normal, once finished, reboot the machine and hold down alt. Ubuntu will show up as “Windows”, select this option.

After a short pause you will see Grub and a list of boot options, press “e” to edit the default boot options. You will be presented with several strings of text, the penultimate line begins “Linux…” scroll along this line and add “nomodeset” directly before “quiet splash” so that it now reads “… nomodeset quiet splash …”.

Press ctrl+x to boot Ubuntu.

Fixing things…

First things first, install any updates that have come out since 11.10 was released:

sudo apt-get update
sudo apt-get upgrade

Now reboot. Yes, I know, how Windows-like… but we are about to start playing with your kernel and it’s a good idea to be using the new one you’ll have just installed through updates! Don’t forget to use the nomodeset trick from above again (don’t worry… this should be the last time!).

Now we’re going to run the incredible post-install-oneiric.sh script from almostsure.com:

wget http://almostsure.com/mba42/post-install-oneiric.sh
chmod +x post-install-oneiric.sh
./post-install-oneiric.sh

Create Ubuntu USB Stick First download an Ubuntu iso from www.ubuntu.com/download Be sure to get the 64bit+mac desktop version. The first step is to convert the iso to a dmg using the terminal: hdiutil convert -format UDRW -o ~/Downloads/ubuntu.dmg ~/Downloads/ubuntu-11.10-desktop-amd64+mac.iso Run the command "diskutil list" without your usb stick in, then again once the stick has been inserted. The ...

Sadly, it’s inevitable (until the resolution of bug number 1) that many organisations will use software only available for platforms other than Ubuntu. This section of the guide is going to look at adding Macs to your network.

Changes to the Server

At present, Mac OS X (10.6 and below) does not support NFSv4. There is alpha support, but only when mounting manually, not when using automount. In short, that means we need to make sure our server is capable of using NFSv3 alongside NFSv4.

If you’ve followed the rest of this guide to setup your server, there’s nothing to do here you can skip straight to configuring your mac!

If your /etc/exports file looks something like this:

# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#
/export         gss/krb5(rw,fsid=0,async,subtree_check,no_root_squash,crossmnt)
/export/home   gss/krb5(rw,sync,no_subtree_check)

Where the export lines contain gss/krb5(….) then you need to change them. This is a deprecated way of exporting NFS shares, but unfortunately lots of other guides still use it. You need to change the above lines to look like so:

/export *(rw,fsid=0,crossmnt,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)
/export/home *(rw,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)

Note the insecure option. This is required for OS X to be able to connect. It’s not as bad as it sounds though! You’ll still be using Kerberos, so your system will still be secure, it just means that ports above 1024 can be used. See this relevant snippet from “man mount_nfs” on OS X:

resvport
Use a reserved socket port number. This is useful for mounting
servers that require clients to use a reserved port number on the
mistaken belief that this makes NFS more secure. (For the rare
case where the client has a trusted root account but untrustwor-
thy users and the network cables are in secure areas this does
help, but for normal desktop clients this does not apply.)

All that remains to do on the server now, is restart NFS:

sudo service nfs-kernel-server restart

Configuring the Mac

Kerberos

Open the terminal from finder at Applications/Utilities/Terminal and create a /Library/Preferences/edu.mit.Kerberos file as follows:

sudo nano /Library/Preferences/edu.mit.Kerberos

This file will be completely empty so we only need to add basic information like so:

[libdefaults]
	default_realm = DANBISHOP.ORG
	dns_lookup_kdc = true
	forwardable = true
	noaddresses = true
	allow_weak_crypto = true
[realms]
	DANBISHOP.ORG = {
		kdc = neo.danbishop.org
		admin_server = neo.danbishop.org
	}

Remembering of course to change the realm information to math your own!

Now we need to enable Kerberos authentication for login. This is done by modifying the /private/etc/authorization file.

sudo cp -p /private/etc/authorization /private/etc/authorization_orig
sudo pico -w /private/etc/authorization

Press ctrl+W to begin a search, then enter system.login.console

You will get something like this depending on which version of OS X you are using:

...
                <key>system.login.console</key>
                <dict>
                        <key>class</key>
                        <string>evaluate-mechanisms</string>
                        <key>comment</key>
                        <string>Login mechanism based rule.  Not for general us$
                        <key>mechanisms</key>
                        <array>
                                <string>builtin:smartcard-sniffer,privileged</s$
                                <string>loginwindow:login</string>
                                <string>builtin:reset-password,privileged</stri$
                                <string>builtin:auto-login,privileged</string>
                                <string>builtin:authenticate,privileged</string>
                                <string>loginwindow:success</string>
                                <string>HomeDirMechanism:login,privileged</stri$
                                <string>HomeDirMechanism:status</string>
                                <string>MCXMechanism:login</string>
                                <string>loginwindow:done</string>
                        </array>
...

For Tiger (Mac OS X 10.4.x), change:
From:

<string>authinternal</string>

To:

<string>builtin:krb5authnoverify,privileged</string>

For Leopard (Mac OS X 10.5.x) or greater, change:

From:

<string>builtin:authenticate,privileged</string>

To:

<string>builtin:krb5authnoverify,privileged</string>

There may be multiple occurrences of ‘authinternal’ or ‘authenticate’ in the /etc/authorization file. Make sure you change the correct one!

Now we’re going to create a kerberos principal for NFS on the Mac and then add it to the Mac’s Kerberos keytab:

kadmin -p dan/admin -q "addprinc -randkey nfs/dan-macmini.danbishop.org"
sudo kadmin -p dan/admin -q "ktadd nfs/dan-desktop.danbishop.org"

LDAP

Now we need to configure OS X so that it knows how to find user details from our Ubuntu LDAP server. To do this we use the directory utility. In OS X Snow Leopard (10.6) this is found by going to System Preferences/Accounts/Login Options then clicking the join button by “Network Account Server:”. On the window that pops up, click “Open Directory Utility”.

Select LDAPv3 from the services list and click the edit icon (the pencil). Click show options and press the “New” button followed by the “Manual” button.

Now it’s time to enter the settings… you can set anything you like as the configuration name. For the server name enter the address of your LDAP server (“neo.danbishop.org” in my case). For LDAP Mappings you must select RFC 2307 (Unix). When you do this you will be prompted to enter the search base. This is your domain in ldap format… e.g. “dc=danbishop,dc=org”.

Leave SSL unticked (unless you know what you’re doing) and click OK.

Now we need to edit the search policy. Click the search policy button at the top of the Directory Utility and change the search dropdown from “Automatic” to “Custom Path”. Click on the + button that appears under the list of Directory Domains. You should see the domain we just setup listed as available. Click add, then apply. We’re done with the Directory Utility now

NFS

Try as I might, I cannot get the OS X automounter to work with this setup Any suggestions would be VERY welcome!

Meanwhile, we can mount the entire /home directory at boot (though Kerberos will prevent unauthorised access!) by going to the Disk Utility (spotlight it if you can’t find it) then selecting File/NFS Mounts…

Click the plus icon and enter the following two settings:

Remote NFS URL: nfs://neo.danbishop.org/export/home
Mount Location: /home

Reboot the Mac and you’re done

You can read about my efforts so far with the automounter below:

NFS and Automounts

PLEASE NOTE: THIS DOES NOT CURRENTLY WORK!

sudo nano /etc/auto_home

#
# Automounter map for /home
#
#+auto_home     # Use directory service

#
# Automounter map for /home
#
#+auto_home     # Use directory service
*   -fstype=nfs,sec=krb5   neo.danbishop.org:/export/home/&

Restart the Mac and you’re good to go!

References

http://clc.its.psu.edu/UnivServices/itadmins/mac/kerbldaplogins
http://krypted.com/mac-os-x-server/nfs-ubuntu-mac-os-x-clients-a-quickie/

Sadly, it's inevitable (until the resolution of bug number 1) that many organisations will use software only available for platforms other than Ubuntu. This section of the guide is going to look at adding Macs to your network. Changes to the Server At present, Mac OS X (10.6 and below) does not support NFSv4. There is ...

Many guides for changing the default operating system for Grub2 to boot involve setting the number indicating where in the list that OS appears… unfortunately, when kernel updates are released for Ubuntu they shift everything down two places and your default OS therefore changes.

Fortunately, it is possible to set the default by name

First we need to obtain the exact name of the OS you wish to boot by running the following command:

fgrep menuentry /boot/grub/grub.cfg

You’ll get something like this:

menuentry 'Ubuntu, with Linux 2.6.38-8-generic' --class ubuntu --class gnu-linux --class gnu --class os {
menuentry 'Ubuntu, with Linux 2.6.38-8-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os {
menuentry "Memory test (memtest86+)" {
menuentry "Memory test (memtest86+, serial console 115200)" {
menuentry "Mac OS X (32-bit) (on /dev/sda2)" --class osx --class darwin --class os {
menuentry "Mac OS X (64-bit) (on /dev/sda2)" --class osx --class darwin --class os {
menuentry “Windows Vista (loader) (on /dev/sda1)” {

Now exit /etc/default/grub:

sudo nano /etc/default/grub

The default file looks like this:

# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'
 
GRUB_DEFAULT=0
#GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX=""
 
# Uncomment to enable BadRAM filtering, modify to suit your needs
# This works with Linux (no patch required) and with any kernel that obtains
# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
 
# Uncomment to disable graphical terminal (grub-pc only)
#GRUB_TERMINAL=console
 
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command `vbeinfo'
#GRUB_GFXMODE=640x480
 
 
# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
#GRUB_DISABLE_LINUX_UUID=true
 
# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"
 
# Uncomment to get a beep at grub start
#GRUB_INIT_TUNE="480 440 1"

In order to set Windows Vista to be the default (I know, I know… who in their right mind?!… but still…) you need to change the line that reads GRUB_DEFAULT=0 to be like so:

GRUB_DEFAULT=”Windows Vista (loader) (on /dev/sda1)”

Basically copying and pasting everything in quotes (including the quotes!) for the entry you want to be the default.

The final step is to exit and save, then update grub with:

sudo update-grub

Many guides for changing the default operating system for Grub2 to boot involve setting the number indicating where in the list that OS appears... unfortunately, when kernel updates are released for Ubuntu they shift everything down two places and your default OS therefore changes. Fortunately, it is possible to set the default by name :) First ...

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network.

Part 1 – DHCP and DNS
Part 2 – NTP
Part 3 – OpenLDAP
Part 4 – Kerberos
Part 5 – NFS
Part 6 – Account Management
Part 7 – Setting Up Clients

The clients are going to be configured so that they mount home directories from the server and verify usernames/password using ldap and kerberos.

Read More >>

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network. Part ...

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network.

Part 1 – DHCP and DNS
Part 2 – NTP
Part 3 – OpenLDAP
Part 4 – Kerberos
Part 5 – NFS
Part 6 – Account Management
Part 7 – Setting Up Clients

Now you have OpenLDAP and Kerberos up and running, it’s time to learn how to manage your users and groups.

Read More >>

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network. Part ...

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network.

Part 1 – DHCP and DNS
Part 2 – NTP
Part 3 – OpenLDAP
Part 4 – Kerberos
Part 5 – NFS
Part 6 – Account Management
Part 7 – Setting Up Clients

This section will help you configure NFS; using Kerberos to secure it.

Read More >>

This is part of a guide to setting up Ubuntu Server Edition 11.04 for a small/medium business. The server will provide DHCP, DNS, NTP, LDAP, Kerberos and NFS services such that users can login to any machine on the network and all their files and settings will be the same across the entire network. Part ...