Recent Changes - Search:

HomePage

LBA

Mt Pleasant 26m

Ceduna 30m

Mt Pleasant 14m

Ceduna-Hobart Interferometer

Schedules

AuScope

PmWiki

edit SideBar

Computers /

Ares

Computers.Ares History

Hide minor edits - Show changes to markup

November 28, 2008, at 08:16 AM by 131.217.61.222 -
Changed lines 37-39 from:
to:
Changed lines 46-47 from:
to:
Added lines 62-63:
Added lines 66-67:
Changed lines 70-74 from:

Policy

to:

Policy

Restore
September 15, 2008, at 06:33 AM by 131.217.62.40 -
Changed lines 62-63 from:
to:

ares runs the sendmail mail server, the dovecot mail client, and SquirrelMail webmail client.

Restore
September 15, 2008, at 05:43 AM by 131.217.62.40 -
Changed lines 42-43 from:

Telescope Livepages

to:

ares runs an Apache2 web server that is accessible from the outside world. There is a set of administrator-only editable web pages, but each user can set up their own web site without administrator approval or assistance.

Telescope Live pages

The live pages for both the Mt Pleasant 26m and the Ceduna 30m are produced on ares, using data sent from machines at the observatories. This section describes the entire process used to generate the live pages, what can go wrong, and how to diagnose and fix problems.

Email

Restore
September 15, 2008, at 05:35 AM by 131.217.62.40 -
Changed lines 35-37 from:
to:
Restore
September 15, 2008, at 05:33 AM by 131.217.62.40 -
Changed lines 36-102 from:

To create a new user, follow the steps:

  • Login as root on ares
  • Create an LDIF file which describes the new user. There should be a template file /root/add_ldap_user.ldif, but it should look like:

dn: cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au
uid: jstevens
cn: Jamie Stevens
sn: Stevens
uidNumber: 111744
gidNumber: 260
homeDirectory: /home/jstevens
objectClass: person
objectClass: posixAccount
loginShell: /bin/tcsh
userPassword: {crypt}8edxUZX076fXk
dn: is the definitive name of the account. It consists of the cn (or common name) of the person, combined with the common name of the group (which will always be rastro, and then the basename of the directory, which will always be dc=astro,dc=utas.edu.au.

uid: is the user ID of the account. For ares, the user ID is usually the first letter of the first name, followed by the surname. This is not a hard and fast rule however, and people should be allowed to choose their username, and it should usually be possible to match their UTAS user ID and their ares user ID.

cn: is the common name, which is the first name and surname of the person. It should match exactly what was put as the common name in the definitive name entry.

sn: is just the surname.

uidNumber: is the user ID number, which must be unique to ares. Lately I have been making the UID on ares the same as the UTAS-wide UID so that using TPAC shares becomes easier, however this is not strictly required.

gidNumber: is the group ID number, which should always be 260 (the rastro group ID number).

homeDirectory: is the location of the account’s home directory, and should be /home/ followed by the UID.

objectClass: is the type of directory entry to make (and each account can be of multiple types). For user accounts on ares, there should be 2 such entries, one specifying a person and another specifying a posixAccount.

loginShell: is the shell the user will be given when logging in, and unless the user has a strong preference, should be /bin/tcsh.

userPassword: is the password for the user account. You should keep the default {crypt}8edxUZX076fXk and use the ldappasswd command to change it after the account has been created; how to do this is described below.

  • Enter the new user into the LDAP database. Do this with the command:

ldapadd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W < add_ldap_user.ldif
assuming that the file you just created with the new account details is called add_ldap_user.ldif and is in the current directory. The only account that has the ability to alter the LDAP database is the cn=mgr account, so you must bind to the database with this account, as shown in the command above; this account has the same password as ares’ root password, and you must enter it when prompted by the command above.

  • Make the new home directory: mkdir /home/uid where uid is the user ID of the new account.
  • Change the permissions on the new home directory: chown -R uid:rastro /home/uid
  • Generate a new random password for the new account: ldappasswd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W ‘cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au’ would assign a new password to the account owned by Jamie Stevens; you should change the cn entry to match that of the new account. After being prompted for the root password the new password for the user will be displayed - write this password down as it will be difficult to remember.
  • Log in as the new user to test whether everything is working: ssh uid@ares, and enter the new password when prompted. If you are able to log in without error messages appearing, the new account is ready to use.
  • Email or give the new account details to the user and ask them to log in and change their password immediately to something they will remember using the passwd command.
to:
Restore
September 15, 2008, at 05:32 AM by 131.217.62.40 -
Changed lines 34-35 from:
to:
Restore
September 15, 2008, at 05:31 AM by 131.217.62.40 -
Added lines 34-35:
Restore
September 15, 2008, at 05:20 AM by 131.217.62.40 -
Changed lines 95-98 from:
  • Generate a new random password for the new account: ldappasswd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W ‘cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au’ would assign a new password to the account owned by Jamie Stevens; you should

change the cn entry to match that of the new account. After being prompted for the root password the new password for the user will be displayed - write this password down

to:
  • Generate a new random password for the new account: ldappasswd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W ‘cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au’ would assign a new password to the account owned by Jamie Stevens; you should change the cn entry to match that of the new account. After being prompted for the root password the new password for the user will be displayed - write this password down as it will be difficult to remember.
  • Log in as the new user to test whether everything is working: ssh uid@ares, and enter the new password when prompted. If you are able to log in without error messages appearing, the new account is ready to use.
  • Email or give the new account details to the user and ask them to log in and change their password immediately to something they will remember using the passwd command.
Restore
September 15, 2008, at 05:08 AM by 131.217.62.40 -
Changed lines 83-84 from:
to:
  • Enter the new user into the LDAP database. Do this with the command:

ldapadd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W < add_ldap_user.ldif
assuming that the file you just created with the new account details is called add_ldap_user.ldif and is in the current directory. The only account that has the ability to alter the LDAP database is the cn=mgr account, so you must bind to the database with this account, as shown in the command above; this account has the same password as ares’ root password, and you must enter it when prompted by the command above.

  • Make the new home directory: mkdir /home/uid where uid is the user ID of the new account.
  • Change the permissions on the new home directory: chown -R uid:rastro /home/uid
  • Generate a new random password for the new account: ldappasswd -x -v -D ‘cn=mgr,dc=astro,dc=utas.edu.au’ -W ‘cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au’ would assign a new password to the account owned by Jamie Stevens; you should

change the cn entry to match that of the new account. After being prompted for the root password the new password for the user will be displayed - write this password down

Restore
September 15, 2008, at 04:49 AM by 131.217.62.40 -
Changed lines 72-73 from:
to:

objectClass: is the type of directory entry to make (and each account can be of multiple types). For user accounts on ares, there should be 2 such entries, one specifying a person and another specifying a posixAccount.

loginShell: is the shell the user will be given when logging in, and unless the user has a strong preference, should be /bin/tcsh.

userPassword: is the password for the user account. You should keep the default {crypt}8edxUZX076fXk and use the ldappasswd command to change it after the account has been created; how to do this is described below.

Restore
September 15, 2008, at 04:45 AM by 131.217.62.40 -
Changed line 43 from:

homeDirectory: /home/kbradford\\

to:

homeDirectory: /home/jstevens\\

Restore
September 15, 2008, at 01:08 AM by 131.217.62.40 -
Changed lines 49-50 from:
to:

dn: is the definitive name of the account. It consists of the cn (or common name) of the person, combined with the common name of the group (which will always be rastro, and then the basename of the directory, which will always be dc=astro,dc=utas.edu.au.

uid: is the user ID of the account. For ares, the user ID is usually the first letter of the first name, followed by the surname. This is not a hard and fast rule however, and people should be allowed to choose their username, and it should usually be possible to match their UTAS user ID and their ares user ID.

cn: is the common name, which is the first name and surname of the person. It should match exactly what was put as the common name in the definitive name entry.

sn: is just the surname.

uidNumber: is the user ID number, which must be unique to ares. Lately I have been making the UID on ares the same as the UTAS-wide UID so that using TPAC shares becomes easier, however this is not strictly required.

gidNumber: is the group ID number, which should always be 260 (the rastro group ID number).

homeDirectory: is the location of the account’s home directory, and should be /home/ followed by the UID.

Restore
September 15, 2008, at 12:58 AM by 131.217.62.40 -
Added lines 1-59:
System:ares.phys.utas.edu.au
IP address:131.217.62.74
Processor:Intel Xeon 2.4 GHz
RAM:1GB
HDD:4 x 200GB IDE (as 3 RAID devices), 36GB SCSI
Operating system:Kubuntu Dapper
Location:Office 461, School of Maths & Physics
Purpose:Primary Astro Server

Using ares

ares is responsible for many of the basic computing functions within the group. It acts as an LDAP authentication server, it hosts our webpages and creates the telescope live pages, it sends and receives mail, hosts the home and data directories, and is the only astro computer accessible from the outside world without needing a VPN connection. This wiki entry will describe in detail all the functions of ares, how they work, and how to administer this computer.

User accounts

Each person in the astro group at UTAS has a user account on ares. These user accounts are managed through the LDAP protocol, to allow other machines in the astro group to share authentication info for ease of administration.

Before getting into how to create a user account, you need to know about the groups that exist in the LDAP directory. The primary group is the rastro group, which every member of the astro group is a member of. This allows the home directories of all group members to be readable by all other members, as each home directory is owned by the rastro group. The rastro group has a GID number of 260.

There are a few other groups to be aware of. For access to the TPAC share (which will be described further below), there are 3 groups: ravlbi, rainter and rapulsar.

To create a new user, follow the steps:

  • Login as root on ares
  • Create an LDIF file which describes the new user. There should be a template file /root/add_ldap_user.ldif, but it should look like:

dn: cn=Jamie Stevens,cn=rastro,dc=astro,dc=utas.edu.au
uid: jstevens
cn: Jamie Stevens
sn: Stevens
uidNumber: 111744
gidNumber: 260
homeDirectory: /home/kbradford
objectClass: person
objectClass: posixAccount
loginShell: /bin/tcsh
userPassword: {crypt}8edxUZX076fXk

Web pages

Telescope Livepages

Disks

Software

Policy

Restore
Edit - History - Print - Recent Changes - Search
Page last modified on November 28, 2008, at 08:16 AM