HOWTO: Setup Gnome Classic on Ubuntu 11.10

HOWTO: install Gnome Classic on Ubuntu 11.10 Linux. It's easy! So you don't like Ubuntu's Unity interface. Can't say I'm a fan either.  Otherwise, Ubuntu is very user-friendly, solid and stable.  I don't know, I guess some people just don't like menus flying out from the edge of the screen when your mouse gets too close.

Anyway, we can simply install Gnome-shell on Ubuntu, which will give us both the modern Gnome 3.x interface (which some think is as bad as Unity) as well as the classic-look Gnome, with the traditional menu bar at the top of the screen.  To install Gnome, open a terminal and type:

sudo apt-get update && sudo apt-get install gnome-shell

When prompted, provide your password, and answer Y to the prompt to install the components.  After the install is finished, logout.  At the login screen, click the gear symbol and select Gnome Classic as shown below.

There you go.  Now if you want to tweak the look and feel of Gnome Classic on Ubuntu, have a look at: http://www.itadmintools.com/2011/11/tweaking-gnome-classic-on-linuxmint-or.html

Enjoy!

Related Posts:

• Ubuntu 11.10 - Logging into Active Directory
• Fedora 16 - Logging into Active Directory
• Linux Mint 12 vs Ubuntu 11.10
• Rolling Commentary on Popular Linux Distributions
• Learning Man's Linux - Arch Linux
• Another Alternative - Linux Mint Debian Edition (LMDE)
• A Look at Popular Linux Distributions
• Setting Up Gnome Classic on Fedora 16
• Tweaking Gnome Classic on Ubuntu and Mint
• Linksys Wireless Card on Ubuntu and Mint
• Installing VMware Tools on Fedora Linux

Read more »

HOWTO: Patch VMware vSphere ESXi 5.0 Free Edition

Here's how to patch a free version of vSphere ESXi 5.0.  They don't make it easy to figure this out, I guess they want you to spend the money for licenses, but the product is free and sometimes it needs to be patched.  If you launch the vSphere client, and look around the menu options, you can't find anything about patching (unless you have a licensed version, with vCenter and Update Manager installed).

When I looked around on the Internet to find out how to patch free ESXi, I found instructions to download the vSphere Management Assistant (vMA), which is a virtual appliance with the vCLI installed.  Sounds great, but it turns out that all your VMs need to be shut off, and the host put in maintenance mode for patches to be installed, so unless you have the vMA running on another host, then vMA is gonna be off when you need it.  So much for that idea.  Besides you don't need vMA.  We can do the upgrade right on the command line at the host.

Getting the Patches
OK, the first step is to download all of the patches for ESXi..  Go to http://www.vmware.com/patchmgr/download.portal, select ESXi (Embedded and Installable), 5.0.0, and click search.  Download each of the patch bundles listed, do NOT unzip the files.  Save the patches in a folder, maybe called esxi-patches.

Now launch the vSphere client, connect to the host, click on the host and click the summary tab.  Right click on a datastore and select "Browse Datastore".


Select a datastore - right-click and select "Browse DataStore"

In the datastore browser, click the upload button as shown below, and upload your esxi-patches to the datastore.

Upload the folder to the datastore

Enable ESXi Console and SSH
Next, we have to enable console access.  In the vSphere Client, with the host selected, click the Configuration tab, then click "Security Profile" in the software section of the configuration screen.  Now click the Properties link to the right of the Services list.  The services list is shown below.


Service Properties

 Now select "ESXi Shell, click Options, and click Start.  Repeat for SSH.  When both are started we can close the service properties window.

Preparing the Host
OK Now we can get the host ready to patch.  Shut down all of your VMs.  If you have VMware Tools installed, you can select a VM, and hit CTRL-D to initiate a shutdown.  After all of your VMs are shut down, right-click the host and select "Enter Maintenance Mode".

Logging into the Host via SSH
Now we can SSH into the host.  If you don't already have an ssh client, you can download Putty here from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

Launch Putty (or your favorite ssh client) and enter the name or IP address of your host and click Open (or connect).  Accept any warnings about the key mismatch, and when prompted, enter the root username and password.

Applying the Patches
Finally, we can apply the patches.  Now notice the patch zip files are named by date.  We will install the zip files one at a time, from oldest to newest.  For each zip file, type the following command:

esxcli software vib update --depot /vmfs/volumes/<dataStoreName>/<folderName>/zipfile.zip

The patch will take a few seconds to run, with no indication of progress, so be patient.  Repeat the command for each patch, from oldest to newest until complete.  After the patches have been installed, type reboot and press enter.  The host will be rebooted.

After the host has rebooted, reconnect to it with the vSphere client.  Right-click the host and select "Exit Maintenance Mode", then restart your VMs.

Upgrade VMware Tools
If the patches included a new version of VMware tools, you will notice that, in the summary page of the VMs, it will report that aq VMware tools upgrade is available.  Right-click the VM, select, Guest - Install/Upgrade VMware Tools.  You will be prompted to perform a manual or automatic upgrade.  Windows 2008R2 seems to perform the automatic upgrade, Windows 2003 does not.  If an automatic upgrade doesn't seem to be working, end it by selecting Guest - End VMware Tools Upgrade, then do a manual install.  Manual upgrades typicall require a reboot of the guest.  Reboot when prompted.

Once all of your VMs report up-to-date VMware Tools, the patching process is complete!

Related Posts:

• Installing VMware Tools on Fedora Linux
• HOWTO: Patch VMware ESXi 5.0 Free Edition
• Using an NFS Data Store for ISO Images in VMWare ESX
• HP Blades and Converged Infrastructure Design for vSphere 5.0

Read more »

Rolling Commentary on Popular Linux Distributions

I'll update this article periodically as I test new Linux Distributions.  I've been testing a lot of the more popular Linux distos, and some less popular ones, both as alternatives to Windows, and as learning platforms for Linux in general.  Here's my quick commentary on the latest versions I've tested.

Update - February 14, 2012

Recently I've stayed with three of the most popular distros, Linux Mint 12, Ubuntu 11.10, and Fedora 16.  I got some better hardware to test on, hardware that will run the Gnome-Shell interface, and I must say that I like Gnome-Shell much better than I like Ubuntu's Unity interface. 

Also, I've been running Linux inside VMware Player, which allieviates the need for the version of Linux to work well on my wireless hardware.  That levels the playing field so that I have no problems running Fedora.

One thing that I noticed, that makes Ubuntu and Mint look very nice, it's the default settings for the font hinting, set to "slight", which makes the fonts look full and solid.  On Fedora, the default setting is "medium", which makes the fonts look a little thin and grainy.  Having learned how to change this setting, I can now set the hinting to slight on Fedora, and boom, Fedora now has the same good look to its fonts.  Playing field even more even.

With those things out of the way, next is the development software.  I'm using Geany, Anjuta, Glade3, Gtkbuilder , and Python to develop GUI apps on Linux.  I can get all this working on all three distros without much trouble.  By the way, I tried OpenSUSE again, and it fell short again here.  Couldn't get my dev platform working.

So the choice beetween Ubuntu, Mint, and Fedora largely comes down to looks.  And given that you can tweak the themes, you can practically make them look alike.  I'm quickly learning to like Fedora above the others.  I'm busy reading the Fedora Project documentation, currently reading the SELinux guide, and although I dislike SELinux, I have to admit it is a powerful security tool, and it comes built into Fedora.  That's a pretty compelling feature for business and security-savvy home users alike.

My Recommendation for February 12, 2012: Check out Fedora!
Previous Comments from December 10, 2011

For ease of use: Ubuntu.  Although I don't like the Unity desktop, Gnome Classic and Xfce desktop work for me.  On fast hardware and a wired connection: Fedora.  For learning Linux and having ultimate control: Arch Linux.

Linux Mint 12 "Lisa"

Mint Offers the Mint Gnome Shell Extensions (MGSE) to make Gnome 3 more user friendly, and MATE which is a fork of Gnome 2.  I found that both of these desktops were broken and buggy, and Gnome Classic mode is the only thing that works right for me.  I'm cool with that, but you can run Gnome Classic on just about any distro.  Xfce desktop is also a good choice on Mint.  I gotta give Mint a fail on MATE and MGSE.

Ubuntu 11.10 "Oneiric Ocelot"

Probably deserves the title of "Best Distro" for ease of use.  It's solid as a rock, and looks very nice.  I don't love the Unity interface, so I've got a bunch of desktops installed, I'm currently using Xfce.

Fedora 16 "Verne"

If you like Gnome 3, this is a great distro.  Run by Red Hat, Fedora is generally very solid.  I did run into a problem with my Wireless card going off line after several minutes of working, so I had to ditch Fedora.  Not sure if that was just specific to my hardware or not, but I had to ditch.

OpenSUSE 12

Very nice looking in Gnome 3, but I ran into several problems.  I couldn't make zypper (the package manager) work through a proxy, Gnome 3 wouldn't fall back to classic mode on older hardware, and some dependencies were bugged up when running dev tools like Anjuta.  Fail!

Debian 6 and Linux Mint Debian Edition (LMDE)

Older-looking style, but fine performance and stability.  Debian is the base of the family tree that includes Ubuntu and Mint.  Debian moves more slowly in implementing newer packages to maintain that stability.  I give these distros high marks in that regard.

Arch Linux 2011.08.19

This is the distro you want if you want to learn Linux.  The install process takes a bit of work, you'll probably have to read the guide, and the guide is very good.  Along the way, you learn a lot, and it's so worth it.  When you're done, you've got a highly customizable yet solid build, that you know a lot about.  This may just become my favorite distro.

CentOS 6.0.3

Another older-looking distro, it is based on the Red Hat source code.  As such, it's solid and it's a great choice as a server in a corporate environment where Red Hat is predominant.  You can use CentOS as if it were just a free copy of Red Hat, where as you have to buy a license for Red Hat otherwise you can't use the repos for updates and software installs.  Boo Red Hat!  Yay CentOS!

FreeBSD 8.2

While not really Linux (FreeBSD has its own type of kernel), it runs much of the same software as Linux, so it kinda qualifies.  Man what a lot of work to install!  Getting the GUI setup took hours, partly because the repos were slow.  You can also install packages from source code that's installed on the local disk, but man that takes a long time too.  I eventually got everything working, and I guess it's all good but it seems like you do get a lot of hangs and failures when getting updates and packages from the repos.  Kind of a pain, and for what?

Vector 7.0

Ah, very cool.  This one looks and feels unique.  Seems very solid, but the installer is pretty weak, and you need to do a bit of work yourself.  I did have some trouble, after the install it wouldn't boot, but on my third try I got it working.  Also, it takes some effort to get rid of the LiveCD experience after the install: it continues to logon automatically with the Vector Live account, the install icon is still on the desktop, etc.  But after you deal with all that, this is one cool distro!

MacPUP

A variant of Puppy Linux that is intended to run right off the CD and loads into RAM for quick performance.  I installed it onto the hard disk anyway and it is tight!  Super low memory requirements.  Kinda fugly, but it's a neat little distro with potential for situaltions where you want something really small and fast.

Others

I also tested PCLinuxOS (feh), Mandriva (yawn), Chakra (needs work), Gentoo (kinda cool, especially with the hot girl wallpapers installed by default, didn't see that coming).

In the grand scheme of things, I realized that Linux is, generally speaking, Linux.  What you should be looking for is a a distro that is well integrated, that is, the provider has done a good job testing all of the packages and dependencies so that everything works together without a lot of bugs and missing dependencies.

We'll keep you posted as new versions come out...

Related Posts:

• Ubuntu 11.10 - Logging into Active Directory
• Fedora 16 - Logging into Active Directory
• Linux Mint 12 vs Ubuntu 11.10
• Rolling Commentary on Popular Linux Distributions
• Learning Man's Linux - Arch Linux
• Another Alternative - Linux Mint Debian Edition (LMDE)
• A Look at Popular Linux Distributions
• Setting Up Gnome Classic on Fedora 16
• Tweaking Gnome Classic on Ubuntu and Mint
• Linksys Wireless Card on Ubuntu and Mint
• Installing VMware Tools on Fedora Linux

Read more »

Ubuntu 11.10 - Logging into Active Directory

HOWTO: Configure Ubuntu 11.10 to log into Active Directory using SSSD.  My previous articles on this subject dealt with older versions of Linux that did not use SSSD (See "references" at the bottom of this article for links to the older articles).  SSSD provides the ability to integrate the LDAP and Kerberos configurations into one config file (/etc/sssd/sssd.conf), provides for multiple AD domain/forest configurations, and caches logon information for offline access.

Configuration of SSSD and related configuration of NSS and PAM is fairly easy on Ubuntu 11.10.  This will probably be the shortest article of the series.

Installing SSSD
To begin the configuration, we need to install SSSD. To do this, open up a shell prompt, and type the following command:

sudo apt-get update && sudo apt-get install sssd

Apt will install sssd and its dependencies, and perform much of the configuration for you, including adding sss to the NSS and PAM config files.

Configuring SSSD
Next, we need to edit the /etc/sssd/sssd.conf file and add the specifics of our Active Directory.  Edit your sssd.conf file to look like the following:

[sssd]
services = nss, pam
config_file_version = 2
domains = default

[nss]

[pam]

[domain/default]

access_provider = simple
simple_allow_users = myuser

enumerate = false
cache_credentials = True

id_provider = ldap
auth_provider = krb5
chpass_provider = krb5

krb5_realm = MYDOMAIN.COM
krb5_server = server1.myDomain.com
krb5_kpasswd = server1.myDomain.com

ldap_uri = ldap://server1.myDomain.com/
ldap_search_base = dc=myDomain,dc=com

ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_id_use_start_tls = False

ldap_default_bind_dn = cn=myLDAPuser,cn=Users,dc=myDomain,dc=com
ldap_default_authtok = myLDAPuserPassword
ldap_default_authtok_type = password

ldap_user_object_class = person
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_group_object_class = group
ldap_user_search_filter =(&(objectCategory=User)(uidNumber=*))

Replace myUser and myDomain references to match your Active Directory information.  Below is a description of some of the lines of the file:

As you can see, the configuration specifies the identity_provider (LDAP), auth_provider (Kerberos), and the LDAP and Kerberos settings that we entered previously, but we've also added a few things.  Our configuration for Active Directory is under the [domain/default] section.  You can name this section something else, like [domain/mydomain] if you like, and you can add more sections if for example you have multiple Active Directories or multiple domains in your AD forest.  Let's look at the various lines that we added and what they mean.

access_provider and simple_allow_users: (optional) this is a simple way to specify which users in AD are allowed to logon to this Linux machine.  If you remove these lines, any AD user will be able to logon.  You can add multiple users by adding more usernames to the simple_allow_users line, separated by commas.  There are a number of different ways to control access, via other access providers, group filters, etc, but I won't get into that here, let's keep things simple for now.

enumerate: If set to true, SSSD will cache all of the users in your AD, which could take a really long time if you have a lot of users.  Setting this to false is highly recommended.

cache_credentials: If set to true, after a user has successfully logged on, SSSD will store their credentials, allowing them to logon again even if the machine is off the network and AD is unavailable.  This is especially nice for laptops that are often off the network.  Without cached credentials, you would have to have a local account to logon to your laptop when you were offline.

ldap_tls_cacertdir and ldap_id_use_start_tls: you can configure LDAP to use SSL to encrypt traffic between Linux and AD.  Yes it is recommended to do so, but I'm not getting into it here, this article is getting long enough as it is.  The good news is that your user's password is not going over the wire in the clear, Kerberos still does the password check in an encrypted fashion, but the bind user ID that we will use to connect to the LDAP server will have it's password sent in clear text.  So yes, I recommend implementing SSL, but I'll save that for another article.

ldap_default_bind_dn: this is the distinguished name of an Active Directory user account that we will use to connect to AD to lookup our logon user.  This bind account needs no special rights (certainly not administrative rights!), just a plain old user.  Any old user can lookup users in AD.

ldap_default_authtok: this is the password for the bind user mentioned above.

ldap_default_authtok_type: set this to the word password.  There are other authtok types, but I'll save that for later.

The last few lines in the sssd.conf map SSSD ldap attributes and classes to Active Directory attibute and class names.  I've also added an ldap_user_search_filter that will help search performance.

Tweaking PAM
One other thing you must do for an AD user to logon to Ubuntu, is tell PAM to automatically create the home directory when a new user logs on for the first time.  To do this, edit the file /etc/pam.d/common-session and add the line for pam_mkhomedir.so as shown below:

session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session optional pam_sss.so
session optional pam_mkhomedir.so skel = /etc/skel/ mask=0077
session required pam_unix.so 
session optional pam_ck_connector.so nox11

Now reboot and you should be able to logon using the account you specified in simple_allow_users.  If you can not, then check below for common problems.

Check the Time and Date
Kerberos cannot work if your clock is more than five minutes off from the clock of the Kerberos server (AD domain controller).  Make sure the clock is correct and use NTP to keep the clock in sync.

AD Users Must Have Unix Attributes Populated
In order for AD users to logon, they should have the following attributes set in their AD account:

uidNumber (example: 1001)
gidNumber (example: 1003)
loginShell (example: /bin/bash)
unixHomeDirectory (example /home/myuser)

You can use ADSIEDIT.MSC to access these attributes, since the Microsoft GUI admin tools don't present these attributes to be edited.  uidNumber and gidNumber should be set to a number above 1000.  The uidNumber should be unique per user. 

Legacy Users with uid/gid Below 1000
If you already have users in your AD with uidNumber or gidNumber below 1000 (previous versions of Linux often set the minimum to 500), you can tweak the minimums on Ubuntu.  Edit the file /etc/login.defs and find the references to MIN_UID and MIN_GID, and change them from 1000 to 500.

References
I hope that helps.  I could go on about this subject, but I already have in previous articles.  If you aren't quite comfortable with this yet, please read my previous articles that went into some of this in a bit more depth.

Fedora 16 - Logging into Active Directory
Active Directory Authentication on Fedora/Redhat Linux
Active Directory Authentication on Ubuntu Linux

Good Luck!

Related Posts:

• Ubuntu 11.10 - Logging into Active Directory
• Fedora 16 - Logging into Active Directory
• Linux Mint 12 vs Ubuntu 11.10
• Rolling Commentary on Popular Linux Distributions
• Learning Man's Linux - Arch Linux
• Another Alternative - Linux Mint Debian Edition (LMDE)
• A Look at Popular Linux Distributions
• Setting Up Gnome Classic on Fedora 16
• Tweaking Gnome Classic on Ubuntu and Mint
• Linksys Wireless Card on Ubuntu and Mint
• Installing VMware Tools on Fedora Linux

Read more »