Intranet/Intranet Reference Build Ubuntu

This page documents the OS and initial configuration that is used and tested against within this series of pages. The focus is on a system that will work in the vast majority of corporate environments.

Hardware
See screenshot

Initial Installation

 * Ubuntu 16.04 minimal https://help.ubuntu.com/community/Installation/MinimalCD
 * Static IP address
 * Guided partitioning with LVM
 * Only add OpenSSH server role

Internet access via a web proxy
If www access must be via a proxy, then during the installation, when prompted enter a proxy URL similar to these:

NTLM authentication:

EXAMPLE is the domain name and %5C is the encoding for "\". The port number after the colon ":" is likely to be either 8080 or 3128 Basic authentication: This will set up APT to always use the proxy. See /etc/apt/apt.conf

VM Guest tools and ntp
Ensure that ntp is able to see enough time sources. You could use use your AD DCs for example, especially the one with the PDC emulator role. The reference system uses the esxi hosts themselves as sources each of which have five external sources of time.

The reference system also gets these (optional) packages

System proxy settings
If you need proxy settings then set the standard variables as follows in /etc/environment

CA SSL certificate
This will be necessary to use LDAPS against a domain controller, for example, without having to disable SSL checks.: Verify that you can connect to an AD Domain Controller via LDAPS. Here we are connecting to the Global Catalogue over TLS (port 3269) you can also test against :636. There is a lot more output but verify return:1 means that the certificate is trusted. Press CRTRL-C to abort. Now is a good time to shutdown the VM and take a snapshot
 * Export the AD CA certificate as Base 64 encoded. Its name must end in .crt
 * Copy it to /usr/local/share/ca-certificates
 * Run the following command. Also shown is a command to list of CA certs that the system uses.  The new one should be listed at the bottom.

AD integration - Samba

 * Verify DNS and time.  See the example commands below.
 * Ping the AD name. You should be pinging a random AD DC based on your site.  This shows you have DNS set up correctly.
 * Check that time is in sync (examine the offset column in the output of ntpq -p) and that the timezone is correct