Detailed Server Build

From Linuxcentre Wiki

Jump to: navigation, search



OS Build

  • Install Centos 5.4
  • Server name: ''
  • Nameserver:
  • IP address: /, gateway:

Add some yum repositories

rpm -ivh

Add some useful packages

yum -y install mtr tcpdump flash-plugin AdobeReader_enu

DNS / bind

  • Install bind
yum install bind
  • Setup bind with local domain = '.network'
  • Setup forward zones: 'network.'
  • Setup PTR reverse lookup zones for: '' and ''
  • Setup forwarding entries to external name servers
  • Added named service to start at boot:
chkconfig named on
service named start
  • Example /etc/named.conf :
options {
        directory       "/var/named/data";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        allow-transfer  {; };
        version         "Go Away!";
        recursion       yes;
        forward only;
        // list upstream nameserver(s) here:
        forwarders {; };

zone "network." {
        type master;
        file "network.forward";

zone "" {
        type master;
        file "";

zone "" {
        type master;
        file "";

include "/etc/rndc.key";
  • Example zone file: /var/named/data/
$ttl 3600
@       SOA (
        2009101100      ; Serial
        1200            ; Refresh seconds
        180             ; Retry seconds
        604800          ; Expiry seconds
        300 )           ; Negative cache seconds


; dhcp hosts
1       PTR
2       PTR
9       PTR
145     PTR
146     PTR
147     PTR
148     PTR
149     PTR
150     PTR
250     PTR
253     PTR
  • Example zone file: /var/named/data/network.forward
$ttl 3600                                               
@       SOA (         
        2009101100      ; Serial                        
        1200            ; Refresh seconds               
        180             ; Retry seconds                 
        604800          ; Expiry seconds                
        300 )           ; Negative cache seconds        

        NS      server

;;;;; server names ;;;;;

; Main linux file/dns/dhcp server
server          A
wpad            CNAME   server      

; Oxfordshire County Network local proxy server
proxy           A         

;;;;; network devices ;;;;;
; printers                 
photocopier     A
printer1        A

; routers
gw              A
gw2             A

; Access points
ap1             A
ap2             A
ap3             A
ap4             A
ap5             A
ap6             A

;;;;; dhcp hosts ;;;;;
dhcp001         A
dhcp002         A
dhcp003         A
dhcp004         A
dhcp005         A
dhcp006         A
dhcp007         A
dhcp008         A
dhcp009         A
dhcp010         A
; ...need to complete - also in PTR
dhcp170         A
dhcp171         A
dhcp172         A
dhcp173         A
dhcp174         A
dhcp175         A
dhcp176         A
dhcp177         A
dhcp178         A
dhcp179         A
dhcp180         A
dhcp181         A
dhcp182         A
dhcp183         A
dhcp184         A
dhcp185         A
dhcp186         A
dhcp187         A
dhcp188         A
dhcp189         A
dhcp190         A
dhcp191         A
dhcp192         A
dhcp193         A
dhcp194         A
dhcp195         A
dhcp196         A
dhcp197         A
dhcp198         A
dhcp199         A
dhcp200         A

DHCP Server

  • Install dhcpd
yum install dhcp
  • Configure /etc/dhcpd.conf as follows:
ddns-update-style none;

# Automatic web browser proxy configuration
option local-pac-server code 252 = text;
option local-pac-server "";

subnet netmask {

        # default gateway
        option routers;
        option subnet-mask;

        # Time server
        option ntp-servers;

        # Netbios stuff for windows
        option netbios-name-servers;
        option netbios-node-type 2;

        # PXE boot
        filename "pxelinux.0";

        # DNS
        option domain-name "network";
        option domain-name-servers;

        # Address pool
        # one day lease
        default-lease-time 86400;
        max-lease-time 86400;
  • Added dhcpd service to start at boot
chkconfig dhcpd on
service dhcpd start

Time Server

  • Create this as /etc/ntp.conf
# record clock drift
driftfile /var/lib/ntp/drift

# trust noone...
restrict default nomodify notrap noquery

# ...except myself...
fudge stratum 10

broadcastdelay  0.008
keys  /etc/ntp/keys


restrict mask nomodify
  • Ensure service starts on boot
chkconfig ntpd on
service ntpd restart

Samba / Windows File Server

  • Add the following users, passwords should be set:
adduser pupil
adduser staff
passwd pupil (then set a strong password that won't be used)
passwd staff (then set a strong password that won't be used)
  • Create the following file hierarchy:
mkdir -p /home/{staff,pupil}/samba/{share,share-backup}
mkdir -p /home/pupil/samba/share/Year\ {0,1,2,3,4,5,6}/
# Create some application specific shared dirs
mkdir -p /home/pupil/samba/share/Data/
chown -R root.root /home/pupil/samba/share/
chmod -R 1777 /home/pupil/samba/share/*
chown staff.staff -R /home/staff/samba/
  • Setup /etc/samba/smb.conf as follows:
workgroup = WORKGROUP                     
server string = Samba Server Version %v   
netbios name = SERVER                     

max log size = 500
log level = 2     

security = user
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
null passwords = yes                  

domain master = yes
preferred master = yes

wins support = yes
dns proxy = yes   

load printers = yes
cups options = raw 
printing = cups    

        comment = Home Directories
        browseable = no
        writable = no

        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

        comment = Pupil Files
        path = /home/pupil/samba/share
        public = yes
        writable = yes
        printable = no
        force user = pupil
        force group = pupil

        comment = Pupil Backup Files
        path = /home/pupil/samba/share-backup
        public = yes
        writable = no
        printable = no
        force user = pupil
        force group = pupil

        comment = Staff Files
        path = /home/staff/samba/share
        public = no
        writable = yes
        printable = no
        force user = staff
        force group = staff
        valid users = staff

        comment = Staff Backup Files
        path = /home/staff/samba/share-backup
        public = no
        writable = no
        printable = no
        force user = staff
        force group = staff
        valid users = staff
  • Create the smbusers:
smbpasswd -a pupil (then set a strong password that won't be used)
smbpasswd -a staff (set a shared password for staff)
smbpasswd -n pupil 
  • Added smb service to start at boot
chkconfig smb on
service smb restart

Squid Web Proxy

  • Installed squid
  • Allow all access to all and cache files up to 32MB in size, create this file /etc/squid/squid.conf:
http_port 8080

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
maximum_object_size 32768 KB
# emulate_httpd_log off
# debug_options ALL,1
# log_fqdn off
negative_ttl 1 minute
positive_dns_ttl 1 hour
negative_dns_ttl 1 minute

access_log /var/log/squid/access.log squid

### Only Allow These URLs or SSL domains ###
acl allowed_urls url_regex -i ^http://.*
acl allowed_ssl_domains dstdomain .

acl internal src
acl all src
acl manager proto cache_object
acl localhost src
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 8080        # http

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

# Only allow access to defined URLs
http_access allow all
http_access deny !internal
http_access allow CONNECT allowed_ssl_domains
http_access allow allowed_urls
http_access deny all
  • Added Squid service to start at boot
chkconfig squid on
/etc/init.d/squid restart

Client Proxy Setup

  • ref
  • Create the following file as follows in /var/www/html/wpad.dat :
function FindProxyForURL( url, host ) {

        var normal = "PROXY; DIRECT";
        var support = "PROXY; DIRECT";
        var direct = "DIRECT";

        // Don't use the proxy for these:, localhost, 10.104.186.*, 10.104.187.*, <unqualified hostname>
        var bypass_regex = /^https?:\/\/(127\.0\.0\.1|localhost|.+\.network|10\.104\.18[67]\.[0-9]+|[a-zA-Z0-9\-]+)(:[0-9]+)?(\/+.*)?$/;

        // Don't use the proxy for these:
        var support_regex = /^https?:\/\/(.+\.rm\.com)(:[0-9]+)?(\/+.*)?$/;

        if ( bypass_regex.test( url ) ) {
                return DIRECT;

        if ( support_regex.test( url ) ) {
                return support;

        return normal;
  • Configure Apache web server to use the right mime-type for .pac files
  • Add this to the end of /etc/httpd/conf/httpd.conf:
# Make sure we have the right mime-type for the proxy pac wpad.dat file
AddType application/x-ns-proxy-autoconfig .dat
  • Ensure apache is started at boot and restart apache
chkconfig httpd on
service httpd restart

System Synchronization

  • Setup rsyncd to serve out directories to sync to netbooks:
  • Enable rsyncd in startup:
chkconfig xinetd on
chkconfig rsync on
/etc/init.d/xinetd restart
  • Create file /etc/rsyncd.conf :
use chroot=no
pid file=/var/run/

read only=true
comment=custom scripts for pushing to all systems

read only=true
comment=pupil home directory for pushing to all systems
  • Create dirs
mkdir -p /opt/custom-scripts /opt/pupilhome
  • Copy the initial home directory on there before booting any clients, from the master build client:
sudo rsync -av --one-file-system --delete /home/pupil/ root@server:/opt/pupilhome/

Incremental Backups

Create a file: /opt/server-scripts/backup-shares as follows:

# Sync files from local dirs with incremental backups
# Phil Lewis (C)2009, License GPLv3
INCDIR="inc-`date +%Y%m%d-%H-%M-%S`"

# Remove old archives over 60 days old
find $BASEDIR/ -maxdepth 1 -mtime +60 -a -name 'inc-*' -exec rm -rf {} \;

echo "rsyncing from: '$SRCDIR' to: '$DESTDIR' with Options: '$OPTS'"
rsync   --archive \
        --safe-links \
        --progress \
        --update \
        --owner \
        --sparse \
        --one-file-system \
        --whole-file \
        --delete \
        --stats \
        -v \

# Backup pupils files, create incrementals in /home/pupil/samba/share-backup
sync-src /home/pupil/samba/share/ /home/pupil/samba/share-backup/latest/ --backup --backup-dir=/home/pupil/samba/share-backup/${INCDIR}
# Backup staff files, create incrementals in /home/staff/samba/share-backup
sync-src /home/staff/samba/share/ /home/staff/samba/share-backup/latest/ --backup --backup-dir=/home/staff/samba/share-backup/${INCDIR}

  • Make script executable:
chmod 755 /opt/server-scripts/backup-shares
  • Set up backups to run at 23:00h: Edit /etc/crontab and add:
# Run backups
0 23 * * * root /opt/server-scripts/backup-shares 2>&1

NX Remote Access

  • Install FreeNX:
yum install nx freenx
  • Create a privileged user called 'administrator':
adduser administrator
passwd administrator
[enter password twice]
  • Edit /etc/sudoers and uncomment this line:
%wheel  ALL=(ALL)       ALL
  • Add administrator to the wheel group in /etc/groups:
  • Append the commercial nxclient key into nx account. Edit this file and add the below ~nx/.ssh/authorized_keys2 :
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@hostname
  • Set an nx password for administrator
nxpasswd administrator
[enter password twice]
  • Install the latest NXclient from
  • Create a new session for the server's IP address, user administrator, and Gnome as the session type.

iTalc Master Server

  • As root, Download and install packages:
yum install qt4
rpm -ivh italc-1.0.9-6.el5.i386.rpm italc-master-1.0.9-6.el5.i386.rpm
  • As root, Create a key pair:
ica -createkeypair
chown -R administrator /etc/italc/keys/
  • Copy the teachers public key to all netbooks (i.e. the netbook image) from (ref):
  • to:

Custom Scripts

These scripts are required to be on all the netbooks. The netbooks will grab these scripts from this server. Install these scripts and untar/gzip them into /opt/custom-scripts/ as follows:

mkdir -p /opt/custom-scripts/
tar -C /opt/custom-scripts/ -xzvf Custom-scripts-1.2.tar.gz

Dell Specific Build Steps

Add Dell Repository

  • Run this as root:
wget -q -O - | bash

Configure Dell Remote Access Controller

  • Install DRAC command line tools (ref1 ref2):
yum install srvadmin-rac5-components srvadmin-racadm5 srvadmin-racsvc srvadmin-omacore srvadmin-storage
  • Start the dell data engine service
/etc/init.d/dataeng restart
  • View the current DRAC IP Address:
racadm getniccfg
  • Set the DRAC IP Address:
racadm setniccfg -s

Related Links:

Dell Storage Information

  • Show physical disk status:
/opt/dell/srvadmin/oma/bin/omreport storage pdisk controller=0
  • Show virtual disk status:
/opt/dell/srvadmin/oma/bin/omreport storage vdisk
Personal tools