Intranet/Intranet Reference Build Ubuntu

This page documents the OS and initial configuration that is used and tested against within this series of pages. The focus is on a system that will work in the vast majority of corporate environments.

Hardware
See screenshot

Initial Installation

 * Ubuntu 16.04 minimal https://help.ubuntu.com/community/Installation/MinimalCD
 * Static IP address
 * Guided partitioning with LVM
 * Only add OpenSSH server role

Internet access via a web proxy
If www access must be via a proxy, then during the installation, when prompted enter a proxy URL similar to these:

NTLM authentication:

EXAMPLE is the domain name and %5C is the encoding for "\". The port number after the colon ":" is likely to be either 8080 or 3128 Basic authentication: This will set up APT to always use the proxy. See /etc/apt/apt.conf

VM Guest tools and ntp
Ensure that ntp is able to see enough time sources. You could use use your AD DCs for example, especially the one with the PDC emulator role. The reference system uses the esxi hosts themselves as sources each of which have five external sources of time.

The reference system also gets these (optional) packages

System proxy settings
If you need proxy settings then set the standard variables as follows in /etc/environment

CA SSL certificate
This will be necessary to use LDAPS against a domain controller, for example, without having to disable SSL checks.: Verify that you can connect to an AD Domain Controller via LDAPS. Here we are connecting to the Global Catalogue over TLS (port 3269) you can also test against :636. There is a lot more output but verify return:1 means that the certificate is trusted. Press CRTRL-C to abort. Now is a good time to shutdown the VM and take a snapshot
 * Export the AD CA certificate as Base 64 encoded. Its name must end in .crt
 * Copy it to /usr/local/share/ca-certificates
 * Run the following command. Also shown is a command to list of CA certs that the system uses.  The new one should be listed at the bottom.

AD integration - Samba
Install software. When prompted for a realm, type in the Active Directory domain name in CAPITALS. For example: EXAMPLE.CO.UK.

By default, smbd and nmbd will be started. They are unnecessary for the purpose of running a wiki. Unless you want them running them, shut them down and disable them: Configure Samba


 * 1) REFERENCE SMB.CONF HERE #####

Check that all is OK. Fix any issues first. Join the domain. "username" should be a user that has AD permissions to create a workstation object. DNS update errors are not fatal Restart winbind and verify that the domain can be accessed and that Kerberos is working

Database - MariaDB
Install software and secure it. The root password is initially blank so hit enter when prompted for the current root password. Note that root in this case is not the same as the root user for the system itself, it simply has the same name. Keep a note of the password that you set. Check that you can access the database server with the password you set earlier. Type \q and hit enter to exit.