樹心幽徑

20190225安裝Ubuntu1604Linux作業系統
2019/02/25,12:54

 

REF: 20180424安裝Linux作業系統套件Ubuntu 1604

(0)先自windows 7既有分割區切出一塊後面的空間來給ubuntu用:

win7重新切割磁碟:「我的電腦/右鍵」/「管理」/「磁碟管理」/選「要切的分割區」/右鍵/「壓縮磁碟區」/輸入新的容量值為既有的一半/「在既有的分割區後出現未用空間(容量為既有的一半)」

ref:https://www.techbang.com/posts/4023-windows-7-get-their-own-partition

 

(1)自https://www.ubuntu-tw.org 下載ubuntu1604的iso檔.

Ubuntu 桌面版本、16.04 LTS(支援至 2021 年 04 月)、64 位元版本

http://ftp.ubuntu-tw.org/mirror/ubuntu-releases/16.04.5/ubuntu-16.04.5-desktop-amd64.iso

 

(2)自https://sourceforge.net/projects/win32diskimager/files/Archive/

下載 磁碟映像檔工具:win32diskimager-1.0.0-install.exe並安裝之

操作參考:https://all.freewarehome.tw/archives/2506

(3)執行win32diskimager將(1)下載的ubuntu-16.04.5-desktop-amd64.iso展開寫入到你的usb隨身碟中,Linux-OS可參考如下文章用dd指令來製作開機隨身碟

(4)重開機按DEL鍵進入bios,選boot/設定BootOption1為你在(3)剛製作的Ubuntu安裝隨身碟

(5)按F10寫入設定並重開機

(6)進入Ubuntu安裝首頁/挑第1選項TryUbuntu/登入後設定左上角的網路連線來連上網路(如有DHCP服務則不用設定)/確認可上網

以下供參考Manual網路組態:

IPv4 位址: 10.10.10.8
子網路遮罩: 255.255.255.0
預設閘道 : 10.10.10.254

dns: 163.25.20.1

search domain: kmvs.km.edu.tw

(7)點選執行桌面上的InstallUbuntu16.04.03LTS圖示進入安裝畫面

(8)挑中文(繁體)

(9)勾「安裝同時下載更新」及「裝第3方軟體」

(10)安裝類型用「其他」

(11)選住/dev/sda磁碟的可用空間(246980MB)按下方「+」來新增一個磁碟分割區:

大小「30000MB」,分割區類型挑「主分割」,用途挑「EXT4檔案系統」,掛載點挑根目錄「/」。

(12)選住(11)剩下的可用空間,按下方「+」來新增一個swap分割區

大小「8000MB」,分割區類型挑「主分割」,分割區類型挑「主分割」,用途挑「置換空間」。

(13)接受用來安裝開機程式的裝置為/dev/sda

(14)確認要「將sda的第3分割區格式化為ext4檔案系統,第4分割區則將格式化為swap檔案系統」並按立即安裝。

(15)選Taipei

(16)接受漢語鍵盤

(17)輸入你的名稱(例加sice)

電腦名稱自動為sice-BM6660...用戶名為sice,給密碼abc123abc123,挑要密碼才可登入

(18)出現暴龍圖案檔案拷備安裝中…

(19)安裝完成,移除隨身碟。

(20)重開機出現grub開機選單/挑第1項以sice帳號登入Ubuntu桌面成功。

20190224ubuntu1604無法登入GUI問題處理
2019/02/24,10:50

執行如下指令:$ sudo dpkg --configure -a

重建initramfs並重開機後即可登入gui

 

20190217在fedora28裝ImagicMagicK並設計chopcrop.c來裁切影像、lrcat.c來接合左右二張影像、udcat.c來接合上下二張影像。
2019/02/17,21:06

REF:http://oldwww.kmvs.km.edu.tw/lf/index.php?op=ViewArticle&articleId=357&blogId=70

下載頁面: https://www.imagemagick.org/script/install-source.php

(0)$ identify -version
Version: ImageMagick 6.9.9-38 Q16 x86_64 2018-03-12 http://www.imagemagick.org
Copyright: © 1999-2018 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: Cipher DPC Modules OpenMP
Delegates (built-in): bzlib cairo djvu fftw fontconfig freetype gslib jbig jng jp2 jpeg lcms ltdl lzma openexr pangocairo png ps rsvg tiff webp wmf x xml zlib

(1)下載原始碼檔:$ wget  https://imagemagick.org/download/ImageMagick.tar.gz

(2)解壓、組態並編譯:

tar xvzf ImageMagick.tar.gz

cd ImageMagick-7.0.8-27/

$ ./configure

$  make

(3)安裝並測試使用

(3-1)安裝$  sudo make install

(3-2)連結程式庫:$  sudo ldconfig /usr/local/lib

(3-3)測試有無功能:$  /usr/local/bin/convert logo: logo.gif  

$ ls logo.gif -l
-rw-rw-r-- 1 treehrt treehrt 28576  2月 17 21:38 logo.gif

(3-4)$ make check

============================================================================
Testsuite summary for ImageMagick 7.0.8
============================================================================
# TOTAL: 86
# PASS:  84
# SKIP:  0
# XFAIL: 0
# FAIL:  2
# XPASS: 0
# ERROR: 0
============================================================================
See ./test-suite.log
Please report to https://github.com/ImageMagick/ImageMagick/issues

(4-1)編寫chopcrop.c如下,用以將給定的圖檔依給定的左上角座標(ox,oy)及寬高(w,h)進行裁切:

#include <stdio.h>
#include <math.h>
#include <Magick++.h>
using namespace Magick;
int main(int argc, char *argv[]){
    if (argc!=6) {
        printf("語法 ./chopcrop 1.png 22 77 1897 1002\n");
        printf("輸出檔為chopcrop.jpg\n");
        exit(-1);
    }
    Image ima;
    ima=Image(argv[1]);
    int ox=atoi(argv[2]);
    int oy=atoi(argv[3]);
    int w=atoi(argv[4]);
    int h=atoi(argv[5]);

    Geometry size =  ima.size();
    int iw=size.width();
    int ih=size.height();
    printf("original image size: iw=%d,ih=%d\n",iw,ih);
    ima.chop(Geometry(ox,oy));
    size =  ima.size(); iw=size.width(); ih=size.height();
    printf("After chop(%d,%d) step 1:  new image size: iw=%d,ih=%d\n",ox,oy,iw,ih);

    ima.crop(Geometry(w,h));
    size =  ima.size(); iw=size.width(); ih=size.height();
    printf("After crop(%d,%d) step 2:  new image size: iw=%d,ih=%d\n",w,h,iw,ih);
    ima.write("chopcrop.jpg");
    printf("輸出圖檔 chopcrop.jpg 成功!\n");
}

(4-2)編譯chopcrop.c

$ g++  `Magick++-config --cxxflags --cppflags` -I/usr/local/include/ImageMagick-7  chopcrop.c `Magick++-config --ldflags --libs`  -L/usr/local/zlib/lib -lz   -Wall  -export-dynamic -lm -o chopcrop

(4-3)執行chopcrop以裁剪6張1920*1080的png圖檔

如下指令將J02_247000x2594700m300.png圖檔依給定的左上角座標(22,43)及寬、高(1876,997)進行裁切,並將結果改名為J2.jpg

$ ./chopcrop J02_247000x2594700m300.png 22 43 1876 997

original image size: iw=1920,ih=1080
After chop(22,43) step 1:  new image size: iw=1898,ih=1037
After crop(1876,997) step 2:  new image size: iw=1876,ih=997
輸出圖檔 chopcrop.jpg 成功!

$ mv chopcrop.jpg J2.jpg

(5-1)編寫lrcat.c如下:

#include <stdio.h>
#include <math.h>
#include <Magick++.h>
using namespace Magick;
int main(int argc, char *argv[]){
    if (argc!=4) {
        printf("語法 ./lrcat 1.jpg 2.jpg 0\n");
        printf("輸出檔為lrcat.jpg\n");
        exit(-1);
    }
    Image ima,imb;
    ima=Image(argv[1]);
    imb=Image(argv[2]);
    int overlap=atoi(argv[3]);

    Geometry size =  ima.size();
    int wa=size.width();
    int ha=size.height();
    size =  imb.size();
    int wb=size.width();
    int hb=size.height();
    int h=(ha>hb)?ha:hb;
    Image im(Magick::Geometry(wa+wb-overlap,h),"white");
    im.composite(ima, 0, 0, OverCompositeOp);
    im.composite(imb, wa-overlap, 0, OverCompositeOp);
    im.write("lrcat.jpg");
    printf("輸出圖檔 lrcat.jpg 成功!\n");
}

(5-2)編譯lrcat.c

g++  `Magick++-config --cxxflags --cppflags` -I/usr/local/include/ImageMagick-7  lrcat.c `Magick++-config --ldflags --libs`  -L/usr/local/zlib/lib -lz   -Wall  -export-dynamic -lm -o lrcat

(5-3)執行lrcat 將左右二圖接合(重疊92像素)

$ ./lrcat J6.jpg J1.jpg 92
輸出圖檔 lrcat.jpg 成功!

$ mv lrcat.jpg J6J1.jpg

$ ./lrcat J5.jpg J2.jpg 92
輸出圖檔 lrcat.jpg 成功!

$ mv lrcat.jpg J5J2.jpg

$ ./lrcat J4.jpg J3.jpg 92
輸出圖檔 lrcat.jpg 成功!

$ mv lrcat.jpg J4J3.jpg

(6-1)編寫udcat.c如下:

#include <stdio.h>
#include <math.h>
#include <Magick++.h>
using namespace Magick;
int main(int argc, char *argv[]){
    if (argc!=4) {
        printf("語法 ./udcat 1.jpg 2.jpg 0\n");
        printf("輸出檔為udcat.jpg\n");
        exit(-1);
    }
    Image ima,imb;
    ima=Image(argv[1]);
    imb=Image(argv[2]);
    int overlap=atoi(argv[3]);

    Geometry size =  ima.size();
    int wa=size.width();
    int ha=size.height();
    size =  imb.size();
    int wb=size.width();
    int hb=size.height();
    int w=(wa>wb)?wa:wb;
    Image im(Magick::Geometry(w,ha+hb-overlap),"white");
    im.composite(ima, 0, 0, OverCompositeOp);
    im.composite(imb, 0, ha-overlap, OverCompositeOp);
    im.write("udcat.jpg");
    printf("輸出圖檔 udcat.jpg 成功!\n");
}

(6-2)編譯udcat.c

$ g++  `Magick++-config --cxxflags --cppflags` -I/usr/local/include/ImageMagick-7  udcat.c `Magick++-config --ldflags --libs`  -L/usr/local/zlib/lib -lz   -Wall  -export-dynamic -lm -o udcat

(6-3)執行udcat 將上下二圖接合(重疊57像素)

$ ./udcat J6J1.jpg J5J2.jpg 57
輸出圖檔 udcat.jpg 成功!

$ mv udcat.jpg J6J1-J5J2.jpg

$ ./udcat J6J1-J5J2.jpg J4J3.jpg 57
輸出圖檔 udcat.jpg 成功!

$ mv udcat.jpg J6J1-J5J2-J4J3.jpg

(6-4)將J6J1-J5J2-J4J3.jpg(3660x2877)裁切為左、右二半各一張圖(1830x2400),由上而下超過2400的部份也裁去。

$ ./chopcrop J6J1-J5J2-J4J3.jpg 1830 0 1830 2400
original image size: iw=3660,ih=2877
After chop(1830,0) step 1:  new image size: iw=1830,ih=2877
After crop(1830,2400) step 2:  new image size: iw=1830,ih=2400
輸出圖檔 chopcrop.jpg 成功!

$ mv chopcrop.jpg jadeE.jpg

 $ ./chopcrop J6J1-J5J2-J4J3.jpg 0 0 1830 2400
original image size: iw=3660,ih=2877
After chop(0,0) step 1:  new image size: iw=3660,ih=2877
After crop(1830,2400) step 2:  new image size: iw=1830,ih=2400
輸出圖檔 chopcrop.jpg 成功!

$ mv chopcrop.jpg jadeW.jpg


(7-1)結果檔: http://insecta.idv.tw/mtwalker/J6J1-J5J2-J4J3.jpg

(7-2)結果檔:http://insecta.idv.tw/mtwalker/jadeE.jpg

(7-3)結果檔:http://insecta.idv.tw/mtwalker/jadeW.jpg

(7-4)過程截圖:

alt

 

20190216在Fedora28裝googleEarth成功,可順利載入gpx航跡檔。
2019/02/14,20:34

(1)下載google-earth-pro-stable-current.x86_64.rpm

https://www.google.com/earth/download/thanks.html#os=linux#version=pro#linux_dl=rpm_64

(2)$ sudo dnf install at

(3)$ sudo dnf install ./google-earth*.rpm

:

已安裝:  google-earth-pro-stable.x86_64 7.3.2.5495-0  mesa-libGLU.x86_64 9.0.0-14.fc28 完成!

(4)執行結果抓圖如下:

alt

20190208用Kerberos安全地分享NFS家目錄…尚未成。
2019/02/08,17:23

(1)$ sudo -i

# MY_HOSTNAME=$(</etc/hostname)

# MY_DOMAIN=${MY_HOSTNAME#*.}

# echo $MY_DOMAIN
home.idv.tw

# echo $MY_HOSTNAME
sice.home.idv.tw

(2)# dnf install -y ntpdate

(3)#  ntpdate $MY_DOMAIN
 8 Feb 17:31:24 ntpdate[15877]: no server suitable for synchronization found

# ntpdate time.stdtime.gov.tw;
 8 Feb 17:40:49 ntpdate[16074]: adjust time server 118.163.81.61 offset 0.000618 sec

# ntpdate -s watch.stdtime.gov.tw;

# ntpdate  watch.stdtime.gov.tw;
 8 Feb 17:42:22 ntpdate[16081]: adjust time server 118.163.81.63 offset 0.000549 sec
#  hwclock -u -w

# date
五  2月  8 17:43:10 CST 2019

(4)# dnf install -y ntp

# MY_NETWORK=192.168.1.0

# MY_NETMASK=255.255.255.0

# MY_ADSERVER1=192.168.1.103

#  vi /etc/ntp.conf
# cat /etc/ntp.conf
tinker panic 0
restrict -6 default ignore

driftfile /var/lib/ntp/drift
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys

restrict default ignore
restrict 192.168.1.0 mask 255.255.255.0
restrict 127.0.0.1

server 192.168.1.103

# nslookup $MY_DOMAIN
Server:        192.168.1.1
Address:    192.168.1.1#53

Non-authoritative answer:
Name:    home.idv.tw
Address: 121.254.84.64

# sudo firewall-cmd --add-service=ntp --permanent

# sudo firewall-cmd --reload

# systemctl enable ntpd.service

# systemctl start ntpd.service

#  ntpq -4 -p

# firewall-cmd --runtime-to-permanent

#   ntpdate $MY_DOMAIN
 8 Feb 20:52:50 ntpdate[17733]: the NTP socket is in use, exiting

(5)# dnf install -y krb5-workstation

(6)# echo ${MY_DOMAIN^^}
HOME.IDV.TW

MY_REALM=${MY_DOMAIN^^}

# echo ${MY_DOMAIN%%.*}
home

# echo ${MY_DOMAIN}
home.idv.tw

# cat << END > /etc/krb5.conf.d/${MY_DOMAIN%%.*}
> [libdefaults]
>   default_realm = $MY_REALM
>   dns_lookup_kdc = true
>
> [domain_realm]
>   .$MY_DOMAIN = $MY_REALM
> END

# ls /etc/krb5.conf.d/ -t
home  crypto-policies

# cat /etc/krb5.conf.d/home
[libdefaults]
  default_realm = HOME.IDV.TW
  dns_lookup_kdc = true

[domain_realm]
  .home.idv.tw = HOME.IDV.TW

(7-1)# dnf install -y sssd

(7-2)# cat << END > /etc/sssd/sssd.conf
> [sssd]
>   services = nss
>   config_file_version = 2
>   domains = $MY_DOMAIN
>
> [domain/$MY_DOMAIN]
>   id_provider = ad
>   ldap_idmap_range_min = 0
>   ldap_idmap_range_max = 2100000000
>   ldap_idmap_range_size = 100000000
>   ldap_idmap_default_domain_sid = S-1-5-21-0-0-0
>   krb5_store_password_if_offline = true
>   cache_credentials = true
>   ignore_group_members = true
>   override_gid = 100
>   override_shell = /bin/bash
>   override_homedir = /home/%u
> END

(7-3)# cat /etc/sssd/sssd.conf
[sssd]
  services = nss
  config_file_version = 2
  domains = home.idv.tw

[domain/home.idv.tw]
  id_provider = ad
  ldap_idmap_range_min = 0
  ldap_idmap_range_max = 2100000000
  ldap_idmap_range_size = 100000000
  ldap_idmap_default_domain_sid = S-1-5-21-0-0-0
  krb5_store_password_if_offline = true
  cache_credentials = true
  ignore_group_members = true
  override_gid = 100
  override_shell = /bin/bash
  override_homedir = /home/%u

(7-5)# chmod 600 /etc/sssd/sssd.conf

(7-6)# echo DenyGroups users >> /etc/ssh/sshd_config && systemctl restart sshd.service

(8) 安裝SSSD(System Security Services Daemon )供遠端目錄存取與認證

(8-1)# systemctl start sssd.service
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.

(8-2)# systemctl status sssd.service
● sssd.service - System Security Services Daemon
:
 2月 09 19:49:18 sice.home.idv.tw sssd[be[home.idv.tw]][5419]: Failed to read keytab [default]: 沒有此一檔案或目錄
:

(8-3)# dnf install -y authconfig

(9)安裝samba及samba-dc

dnf -y install samba samba-dc

(10-1) #  mv /etc/samba/smb.conf /etc/samba/smb.conf.org

(10-2) # cat  /etc/samba/smb.conf.org
:
[global]
    workgroup = SAMBA
    security = user

    passdb backend = tdbsam

    printing = cups
    printcap name = cups
    load printers = yes
    cups options = raw

[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes

[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @printadmin root
    force group = @printadmin
    create mask = 0664
    directory mask = 0775

(10-3)# samba-tool domain provision
Realm [HOME.IDV.TW]:
 Domain [HOME]: SMB01
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]:
Administrator password: !w?????
Retype password: !w?????
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

Adding DomainDN: DC=home,DC=idv,DC=tw
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers and extended rights
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=home,DC=idv,DC=tw
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Once the above files are installed, your Samba AD server will be ready to use
Server Role:           active directory domain controller
Hostname:              sice
NetBIOS Domain:        SMB01
DNS Domain:            home.idv.tw
DOMAIN SID:            S-1-5-21-2956589458-940804405-3848506313
(10-4)

# samba-tool domain provision
Realm [HOME.IDV.TW]:
 Domain [HOME]: SMB01
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]:
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

Adding DomainDN: DC=home,DC=idv,DC=tw
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers and extended rights
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=home,DC=idv,DC=tw
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Once the above files are installed, your Samba AD server will be ready to use
Server Role:           active directory domain controller
Hostname:              sice
NetBIOS Domain:        SMB01
DNS Domain:            home.idv.tw
DOMAIN SID:            S-1-5-21-512889258-4134431294-676729561

(10-5) # cat /var/lib/samba/private/kdc.conf
[kdcdefaults]
    kdc_ports = 88
    kdc_tcp_ports = 88
    kadmind_port = 464

[realms]
    HOME.IDV.TW = {
    }

    home.idv.tw = {
    }

    SMB01 = {
    }

[dbmodules]
    db_module_dir = /usr/lib64/krb5/plugins/kdb

    HOME.IDV.TW = {
        db_library = samba
    }

    home.idv.tw = {
        db_library = samba
    }

    SMB01 = {
        db_library = samba
    }

[logging]
    kdc = FILE:/var/log/samba/mit_kdc.log
    admin_server = FILE:/var/log/samba/mit_kadmin.log

(10-6)# cat  /var/lib/samba/private/krb5.conf
[libdefaults]
    default_realm = HOME.IDV.TW
    dns_lookup_realm = false
    dns_lookup_kdc = true

(11-1)

#  cp /var/lib/samba/private/krb5.conf /etc/
cp:是否覆寫 '/etc/krb5.conf'? n

# mv /etc/krb5.conf /etc/krb5.conf.20190209

#  cp /var/lib/samba/private/krb5.conf /etc/

# systemctl start samba

# systemctl enable samba
Created symlink /etc/systemd/system/multi-user.target.wants/samba.service → /usr/lib/systemd/system/samba.service.

(11-2)

#  cp /var/lib/samba/private/krb5.conf /etc
cp:是否覆寫 '/etc/krb5.conf'? n

# mv /etc/krb5.conf /etc/krb5.conf.20190209b

#  cp /var/lib/samba/private/krb5.conf /etc

#  systemctl start samba

# systemctl enable samba

(12)

# samba-tool domain level show
Domain and forest function level for domain 'DC=home,DC=idv,DC=tw'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

# samba-tool user create fedora
New Password:
Retype Password:
User 'fedora' created successfully

# samba-tool user create fedora28
New Password:
Retype Password:
User 'fedora28' created successfully

samba-tool user list
krbtgt
Administrator
fedora28
Guest

(13)

firewall-cmd --add-service={dns,kerberos,kpasswd,ldap,ldaps,samba} --permanent
success

# firewall-cmd --add-port={135/tcp,137-138/udp,139/tcp,3268-3269/tcp,49152-65535/tcp} --permanent
success

# firewall-cmd --reload
success

 

(14) #  MY_USERNAME=treehrt

adcli delete-computer "${MY_HOSTNAME%%.*}" -U "$MY_USERNAME"
adcli: couldn't connect to home.idv.tw domain: Couldn't find usable domain controller to connect to

(15) # rm -f /etc/krb5.keytab

# MY_OU="cn=computers,dc=${MY_DOMAIN//./,dc=}"

# echo $MY_OU
cn=computers,dc=home,dc=idv,dc=tw

# adcli join $MY_DOMAIN --login-user="$MY_USERNAME" --computer-name="${MY_HOSTNAME%%.*}" --host-fqdn="$MY_HOSTNAME" --user-principal="host/$MY_HOSTNAME@$MY_REALM" --service-name="host" --service-name="nfs" --domain-ou="$MY_OU"
adcli: couldn't connect to home.idv.tw domain: Couldn't find usable domain controller to connect to

# echo  $MY_DOMAIN --login-user="$MY_USERNAME" --computer-name="${MY_HOSTNAME%%.*}" --host-fqdn="$MY_HOSTNAME" --user-principal="host/$MY_HOSTNAME@$MY_REALM" --service-name="host" --service-name="nfs" --domain-ou="$MY_OU"
home.idv.tw --login-user=treehrt --computer-name=sice --host-fqdn=sice.home.idv.tw --user-principal=host/sice.home.idv.tw@HOME.IDV.TW --service-name=host --service-name=nfs --domain-ou=cn=computers,dc=home,dc=idv,dc=tw

(16)# cat /etc/samba/smb.conf
:
[global]
    dns forwarder = 192.168.1.1
    netbios name = SICE
    realm = HOME.IDV.TW
    server role = active directory domain controller
    workgroup = SMB01

[netlogon]
    path = /var/lib/samba/sysvol/home.idv.tw/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No
[root@sice ~]#

 

(17)

#  groupadd security

#  mkdir /home/security

#  chgrp security /home/security

#  chmod 770 /home/security

# vi /etc/samba/smb.conf

# cat /etc/samba/smb.conf
# Global parameters
[global]
    dns forwarder = 192.168.1.1
    netbios name = SICE 

    realm = HOME.IDV.TW
    server role = active directory domain controller
    workgroup = SMB01

unix charset = UTF-8
dos charset = CP932
hosts allow =192.168.1. 127.
 

[Security]
    path = /home/security
    writable = yes
    create mode = 0770
    directory mode = 0770
    # not allow guest user
    guest ok = no
    # allow only security group
    valid users = @security

[netlogon]
    path = /var/lib/samba/sysvol/home.idv.tw/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

(18)

#  systemctl start smb nmb

Job for nmb.service failed because the control process exited with error code.
See "systemctl status nmb.service" and "journalctl -xe" for details.
Job for smb.service failed because the control process exited with error code.
See "systemctl status smb.service" and "journalctl -xe" for details.

systemctl enable smb nmb

Created symlink /etc/systemd/system/multi-user.target.wants/smb.service → /usr/lib/systemd/system/smb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/nmb.service → /usr/lib/systemd/system/nmb.service.

(19)

# firewall-cmd --add-service=samba --permanent
Warning: ALREADY_ENABLED: samba
success

#  firewall-cmd --reload
success

# setsebool -P samba_enable_home_dirs on
setsebool:  SELinux is disabled.

#  restorecon -R /home/security

(20-1)# realm discover HOME.IDV.TW
home.idv.tw
  type: kerberos
  realm-name: HOME.IDV.TW
  domain-name: home.idv.tw
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
  login-formats: %U
  login-policy:
[root@sice ~]#

(20-2)# realm join HOME.IDV.TW
realm: Already joined to this domain

(20-3)# id  SMB01\\fedora28
id: ‘SMB01\\fedora28’: no such user

(20-4)# samba-tool group add fedoraGRP

(21)

# restorecon /etc/krb5.conf

# cat /etc/krb5.conf
[libdefaults]
    default_realm = HOME.IDV.TW
    dns_lookup_realm = false
    dns_lookup_kdc = true
[root@sice ~]#  systemctl restart sssd
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
[root@sice ~]#  systemctl status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sat 2019-02-09 20:52:13 CST; 8s ago
  Process: 5933 ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER} (code=exited, status=1/FAILURE)
 Main PID: 5933 (code=exited, status=1/FAILURE)

 2月 09 20:52:08 sice.home.idv.tw sssd[be[home.idv.tw]][5937]: Failed to read keytab [default]: 沒有此一檔案或目錄
 2月 09 20:52:11 sice.home.idv.tw sssd[nss][5938]: Starting up
 2月 09 20:52:11 sice.home.idv.tw sssd[nss][5939]: Starting up
 2月 09 20:52:12 sice.home.idv.tw sssd[be[home.idv.tw]][5940]: Starting up
 2月 09 20:52:13 sice.home.idv.tw sssd[be[home.idv.tw]][5940]: Failed to read keytab [default]: 沒有此一檔案或目錄
 2月 09 20:52:13 sice.home.idv.tw sssd[5933]: Exiting the SSSD. Could not restart critical service [home.idv.tw].
 2月 09 20:52:13 sice.home.idv.tw sssd[be[implicit_files]][5934]: Shutting down
 2月 09 20:52:13 sice.home.idv.tw systemd[1]: sssd.service: Main process exited, code=exited, status=1/FAILURE
 2月 09 20:52:13 sice.home.idv.tw systemd[1]: sssd.service: Failed with result 'exit-code'.
 2月 09 20:52:13 sice.home.idv.tw systemd[1]: Failed to start System Security Services Daemon.

(22)

# nmcli connection mod br0 ipv4.dns 192.168.1.1

# nmcli connection down br0
Connection 'br0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)

# nmcli connection up br0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)

# systemctl restart samba.service

# systemctl status samba.service

● samba.service - Samba AD Daemon
   Loaded: loaded (/usr/lib/systemd/system/samba.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2019-02-09 21:15:00 CST; 2s ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 6363 (samba)
   Status: "winbindd: ready to serve connections..."
    Tasks: 25 (limit: 4915)
   Memory: 202.2M
   CGroup: /system.slice/samba.service
           ├─6363 /usr/sbin/samba --foreground --no-process-group
           ├─6364 /usr/sbin/samba --foreground --no-process-group
           ├─6365 /usr/sbin/samba --foreground --no-process-group
           ├─6366 /usr/sbin/samba --foreground --no-process-group
           ├─6367 /usr/sbin/samba --foreground --no-process-group
           ├─6368 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─6369 /usr/sbin/samba --foreground --no-process-group
           ├─6370 /usr/sbin/samba --foreground --no-process-group
           ├─6371 /usr/sbin/samba --foreground --no-process-group
           ├─6372 /usr/sbin/samba --foreground --no-process-group
           ├─6373 /usr/sbin/samba --foreground --no-process-group
           ├─6374 /usr/sbin/samba --foreground --no-process-group
           ├─6375 /usr/sbin/samba --foreground --no-process-group
           ├─6376 /usr/sbin/samba --foreground --no-process-group
           ├─6377 /usr/sbin/samba --foreground --no-process-group
           ├─6378 /usr/sbin/samba --foreground --no-process-group
           ├─6379 /usr/sbin/samba --foreground --no-process-group
           ├─6380 /usr/sbin/samba --foreground --no-process-group
           ├─6381 /usr/sbin/krb5kdc -n
           ├─6382 /usr/sbin/samba --foreground --no-process-group
           ├─6383 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─6384 /usr/bin/python2 /usr/sbin/samba_dnsupdate
           ├─6389 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─6390 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           └─6391 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground

 2月 09 21:15:03 sice.home.idv.tw samba[6377]: [2019/02/09 21:15:03.425669,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
 2月 09 21:15:03 sice.home.idv.tw samba[6377]:   /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
 2月 09 21:15:03 sice.home.idv.tw samba[6377]: [2019/02/09 21:15:03.425835,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
 2月 09 21:15:03 sice.home.idv.tw samba[6377]:   /usr/sbin/samba_dnsupdate:   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
 2月 09 21:15:03 sice.home.idv.tw samba[6377]: [2019/02/09 21:15:03.425892,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
 2月 09 21:15:03 sice.home.idv.tw samba[6377]:   /usr/sbin/samba_dnsupdate:     return self.run(*args, **kwargs)
 2月 09 21:15:03 sice.home.idv.tw samba[6377]: [2019/02/09 21:15:03.425934,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
 2月 09 21:15:03 sice.home.idv.tw samba[6377]:   /usr/sbin/samba_dnsupdate:   File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line 940, in run
 2月 09 21:15:03 sice.home.idv.tw samba[6377]: [2019/02/09 21:15:03.425978,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
 2月 09 21:15:03 sice.home.idv.tw samba[6377]:   /usr/sbin/samba_dnsupdate:     raise e
[root@sice ~]#

(23)# net ads testjoin
kerberos_kinit_password SMB01@HOME.IDV.TW failed: Client not found in Kerberos database
kerberos_kinit_password SMB01@HOME.IDV.TW failed: Client not found in Kerberos database
Join to domain is not valid: The name provided is not a properly formed account name.
[root@sice ~]#

(24)# net ads leave -U Administrator
Enter Administrator's password:
Failed to leave domain: This machine is a domain controller and cannot be unjoined from a domain.

(25)# net ads join -U Administrator
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.

(26)# net ads keytab create -U Administrator
Enter Administrator's password:
kerberos_kinit_password SMB01@HOME.IDV.TW failed: Client not found in Kerberos database
kerberos_kinit_password SMB01@HOME.IDV.TW failed: Client not found in Kerberos database
[root@sice ~]#

(27)# klist -k
Keytab name: FILE:/etc/krb5.keytab
klist: Key table file '/etc/krb5.keytab' not found while starting keytab scan

[root@sice ~]# service sssd restart
Redirecting to /bin/systemctl restart sssd.service
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
[root@sice ~]#

(28)

# rm /etc/samba/smb.conf
rm:是否移除普通檔案'/etc/samba/smb.conf'? y

samba-tool domain provision
Realm [HOME.IDV.TW]: SICE.HOME.IDV.TW
 Domain [SICE]: SMB01
 Server Role (dc, member, standalone) [dc]:
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]:
Administrator password:
Retype password:
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

Adding DomainDN: DC=sice,DC=home,DC=idv,DC=tw
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers and extended rights
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=sice,DC=home,DC=idv,DC=tw
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Once the above files are installed, your Samba AD server will be ready to use
Server Role:           active directory domain controller
Hostname:              sice
NetBIOS Domain:        SMB01
DNS Domain:            sice.home.idv.tw
DOMAIN SID:            S-1-5-21-3256789770-3481484408-2431171835

# net ads testjoin
kerberos_kinit_password SMB01@SICE.HOME.IDV.TW failed: Cannot contact any KDC for requested realm
ads_connect: Cannot contact any KDC for requested realm
Join to domain is not valid: No logon servers are currently available to service the logon request.

# net ads leave -U Administrator
Enter Administrator's password:
Failed to leave domain: This machine is a domain controller and cannot be unjoined from a domain.

# net ads join -U Administrator
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.

 

# net ads keytab create -U Administrator

Warning: "kerberos method" must be set to a keytab method to use keytab functions.
Enter Administrator's password:
kerberos_kinit_password SMB01@SICE.HOME.IDV.TW failed: Cannot contact any KDC for requested realm
ads_connect: Cannot contact any KDC for requested realm
kerberos_kinit_password SMB01@SICE.HOME.IDV.TW failed: Cannot contact any KDC for requested realm
ads_connect: Cannot contact any KDC for requested realm

 

# klist -k
Keytab name: FILE:/etc/krb5.keytab
klist: Key table file '/etc/krb5.keytab' not found while starting keytab scan

 

REF1:https://fedoramagazine.org/secure-nfs-home-directories-kerberos/

REF2:https://www.server-world.info/en/note?os=Fedora_28&p=samba&f=3

REF3: http://felipeferreira.net/index.php/2017/01/failed-to-read-keytab-default/

20190208用client的PXE連接Linux Fedora 28 NFS Server進行網路開機成功
2019/02/08,08:02

續:20190207Boot Asus-Notbook from FC28 NetBoot Server ok

(0)伺服端cpu

$ lscpu
架構:               x86_64

Model name:          Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz

(1)安裝 tftp server 以支援無硬碟主機用有PXE功能的網路卡來進行網路開機:

(1-1)$ sudo dnf install -y tftp-server

(1-2) $ sudo firewall-cmd --add-service=tftp --permanent
success

(1-3) $ sudo firewall-cmd --reload
success

(1-4) $  sudo systemctl enable tftp
Created symlink /etc/systemd/system/sockets.target.wants/tftp.socket → /usr/lib/systemd/system/tftp.socket.

(1-5) $  sudo systemctl restart tftp

(1-6) $ sudo dnf install -y tftp

(1-7) $  echo "hello" | sudo tee /var/lib/tftpboot/hello.txt
hello

(1-8) $ cat /var/lib/tftpboot/hello.txt
hello

(1-9) $ echo "get hello.txt" | tftp 127.0.0.1
tftp> get hello.txt
tftp>

$ cat hello.txt
hello

(2)安裝 dhcp server 以支援完全無硬碟主機的netboot:

(2-1)$ sudo dnf install -y dhcp

(2-2)$ sudo firewall-cmd --add-service=dhcp --permanent
success

(2-3)$ sudo firewall-cmd --reload
success

(2-4)$ sudo systemctl enable dhcpd
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.

(2-5)$  sudo systemctl restart dhcpd
Job for dhcpd.service failed because the control process exited with error code.
See "systemctl status dhcpd.service" and "journalctl -xe" for details.

(2-6)設定讓筆電可用網卡的mac位址10:7B:44:33:59:6F自dhcp server租用取得ip:192.168.1.4 及pxelinux.0

$ sudo vi  /etc/dhcp/dhcpd.conf

$ sudo cat  /etc/dhcp/dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
allow booting;
allow bootp;

subnet 192.168.1.0 netmask 255.255.255.0 {
  option domain-name "home.idv.tw";
  option domain-name-servers 192.168.1.1, 163.25.20.1;
  option routers 192.168.1.1;
}

host client03 {
  hardware ethernet 2c:56:dc:27:bb:05;

  next-server     192.168.1.103;

  fixed-address 192.168.1.3;
  option host-name "client03.home.idv.tw";
}
host client04 {
  hardware ethernet 10:7B:44:33:59:6F;

 next-server     192.168.1.103;

 filename "pxelinux.0";

  fixed-address 192.168.1.4;
  option host-name "client04.home.idv.tw";
}


(2-7)$ sudo systemctl restart dhcpd

$ ps ax|grep dhcp
 9104 ?        Ss     0:00 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
 9115 pts/0    S+     0:00 grep --color=auto dhcp

(3)安裝syslinux來取用pxelinux

(3-1) $ sudo dnf install syslinux

(3-2) $ sudo mkdir -p /var/lib/tftpboot/pxelinux.cfg

(3-3) $ sudo cp /usr/share/syslinux/{pxelinux.0,vesamenu.c32,ldlinux.c32,libcom32.c32,libutil.c32} /var/lib/tftpboot/

(3-4) $ sudo dnf install shim grub2-efi --installroot=/tmp/fedora --releasever 28

(3-5) $ sudo  mkdir -p /var/lib/tftpboot/uefi

(3-6) $ sudo cp /tmp/fedora/boot/efi/EFI/fedora/{shim.efi,grubx64.efi} /var/lib/tftpboot/uefi/
cp: 無法 stat '/tmp/fedora/boot/efi/EFI/fedora/grubx64.efi': 沒有此一檔案或目錄

(3-7) $ sudo ls /tmp/fedora/boot/efi/EFI/fedora
BOOT.CSV  BOOTX64.CSV  grubia32.efi  loader  mmx64.efi    MokManager.efi    shim.efi  shimx64.efi  shimx64-fedora.efi

(4)製作pxelinux的開機設定檔

(4-1) $ sudo vi /var/lib/tftpboot/pxelinux.cfg/default

(4-2) $ sudo cat /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
prompt 1
timeout 600

label linux
menu label ^Boot Fedora 28 64-bit
menu default

 kernel linux/vmlinuz-4.19.16-200.fc28.x86_64 root=nfs4:192.168.1.103:/fc28 console=tty0 console=ttyS0,115200n8 audit=0 selinux=0
append initrd=linux/initramfs-4.19.16-200.fc28.x86_64.img ip=dhcp

label local
menu label Boot from ^local drive
localboot 0xffff

(5)自$HOME/esp/linux拷取Boot用的vmlinuz及initramfs 到/var/lib/tftpboot

esp目錄內容請參考文章:建立EFI系統分割所需的目錄樹及檔案

(5-1) $ sudo cp  -r $HOME/esp/linux /var/lib/tftpboot/

(5-2) $ tree /var/lib/tftpboot

/var/lib/tftpboot

├── hello.txt
├── ldlinux.c32
├── libcom32.c32
├── libutil.c32
├── linux
│   ├── boot.cfg(用不上了)
│   ├── initramfs-4.19.16-200.fc28.x86_64.img
│   └── vmlinuz-4.19.16-200.fc28.x86_64
├── pxelinux.0
├── pxelinux.cfg
│   └── default
├── uefi
│   └── shim.efi
└── vesamenu.c32

3 directories, 11 files

(6)在用戶端機器的BIOS設定選取pxe來開機

:

Realtek PCEe GBE Family Controller Series v2.53....


DHCP取得ip:192.168.1.4


PXELINUX 6.04 PXE ....

:

(7) asus-notebook A 開機成功,抓圖如下:(用戶端ip:192.168.1.4、伺服端ip:192.168.1.103)

alt

(8) asus-notebook B 開機成功,抓圖如下:(用戶端ip:192.168.1.3、伺服端ip:192.168.1.103)

alt

(9)asus-PC  開機成功,抓圖如下:(用戶端ip:10.10.10.208、伺服端ip:10.10.10.100)

alt


 

(10)asus-PC  開機成功,抓圖如下:(用戶端ip:10.10.10.201、伺服端ip:10.10.10.100)

alt

 

 

REF 1: https://docs.fedoraproject.org/en-US/fedora/f29/install-guide/advanced/Network_based_Installations/

REF 0:https://fedoramagazine.org/how-to-build-a-netboot-server-part-1/

 

20190207在Asus筆電用usb隨身碟自Fedora 28 NetBoot Server網路開機成功
2019/02/07,09:30

續:http://oldwww.kmvs.km.edu.tw/lf/index.php?op=ViewArticle&articleId=476&blogId=70

(1) 製作網路開機隨身碟:

(1-0) 置入隨身碟並用df或lsblk指令察看得知為隨身碟的裝置代號為/dev/sdd

(1-1)用parted在/dev/sdd建立出分割區/dev/sdd1:

$  sudo parted /dev/sdd -s mklabel gpt mkpart EFI FAT16 1MiB 100% toggle 1 boot

(1-2)用mkfs在分割區(/dev/sdd1)建立msdos檔案系統:

$  sudo mkfs -t msdos /dev/sdd1

(1-3)將/dev/sdd1掛在$HOME/mnt

$  sudo mount /dev/sdd1 $HOME/mnt

(1-4)重編產生新的 bootx64.efi

$ cd $HOME/ipxe/src

$ vi  ipxe/init.ipxe

$ cat ipxe/init.ipxe
#!ipxe
prompt --key 0x02 --timeout 9000 Press Ctrl-B for the iPXE command line... && shell ||
set prefix file:///linux
chain ${prefix}/boot.cfg ||

$ make clean

$ make bin-x86_64-efi/ipxe.efi EMBED=../init.ipxe

$ cp  bin-x86_64-efi/ipxe.efi   $HOME/esp/efi/boot/bootx64.efi

(1-5)將$HOME/esp目錄檔案全部拷到新掛上的隨身碟中:

$ sudo cp -r $HOME/esp/* $HOME/mnt

(1-6) $ df
檔案系統                               1K-區段     已用     可用 已用% 掛載點

/dev/sdd1                             60046944    56160 59990784    1% /home/treehrt/mnt

(1-7) $ lsblk
NAME                          MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT

sdd                             8:48   1  57.3G  0 disk
└─sdd1                          8:49   1  57.3G  0 part /home/treehrt/mnt
:

(1-8) $ tree mnt
mnt
├── efi
│   └── boot
│       └── bootx64.efi
└── linux
    ├── boot.cfg
    ├── initramfs-4.19.16-200.fc28.x86_64.img
    └── vmlinuz-4.19.16-200.fc28.x86_64

3 directories, 4 files

(1-8) $ sudo vi mnt/linux/boot.cfg

(1-9) $ cat mnt/linux/boot.cfg
#!ipxe

echo Step-0: Setup network
ifopen net0
set net0/ip 192.168.1.3
set net0/netmask 255.255.255.0
set net0/gateway 192.168.1.1
echo ${net0/ip}
echo ${net0/gateway}

prompt --key 0x02 --timeout 2000 Press Ctrl+B to continue ||

echo Step-1: Load Kernel ${prefix}/vmlinuz-4.19.16-200.fc28.x86_64  ......
kernel --name kernel.efi ${prefix}/vmlinuz-4.19.16-200.fc28.x86_64 initrd=initrd.img ro ip=dhcp rd.peerdns=0 nameserver=192.168.1.1 nameserver=163.25.20.1 root=nfs4:192.168.1.103:/fc28 console=tty0 console=ttyS0,115200n8 audit=0 selinux=0 quiet ||


echo Step-2: Make Initrd ${prefix}/initramfs-4.19.16-200.fc28.x86_64.img......
initrd --name initrd.img ${prefix}/initramfs-4.19.16-200.fc28.x86_64.img ||


prompt --timeout 9000 Press any key to install Linux && goto install ||
echo Setp-3 Net Booting Fedora 28 from 192.168.1.103 ........
boot ||

 

(2)設定用戶端機器(client machine)的 BIOS以usb隨身碟優先開機並以剛製妥的usb碟開機

(3-0) 開機過程中,在伺服端執行arp及ifconfig

$ arp

Address                  HWtype  HWaddress           Flags Mask            Iface
ZyXEL.Home               ether   fc:f5:28:73:1a:d4   C                     br0
DESKTOP-9VAD8V7          ether   10:7b:44:33:59:6f   C                     br0
192.168.1.3              ether   2c:56:dc:27:bb:05   C                     br0
sice-client1             ether   2c:56:dc:27:bb:05   C                     br0

$ ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.103  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f588:bbfc:a9df:bfca  prefixlen 64  scopeid 0x20<link>
        ether b0:6e:bf:60:9d:23  txqueuelen 1000  (Ethernet)
        RX packets 470977  bytes 141039404 (134.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 165932  bytes 966901439 (922.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether b0:6e:bf:60:9d:23  txqueuelen 1000  (Ethernet)
        RX packets 471293  bytes 149539265 (142.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 762633  bytes 1009348541 (962.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xdf100000-df120000 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 57  bytes 4453 (4.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 57  bytes 4453 (4.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

(3-1)第1台用戶端機器(asus notebook)網路開機並以liveuser登入成功:

[liveuser@sice-client1 ~]$ df
Filesystem          1K-blocks     Used Available Use% Mounted on
devtmpfs              3995748        0   3995748   0% /dev
tmpfs                 4022204    22512   3999692   1% /dev/shm
tmpfs                 4022204    26640   3995564   1% /run
tmpfs                 4022204        0   4022204   0% /sys/fs/cgroup
192.168.1.103:/fc28  15718400 13077504   2640896  84% /
none                  4022204    82632   3939572   3% /tmp
tmpfs                  804440       16    804424   1% /run/user/42
tmpfs                  804440     4668    799772   1% /run/user/1000

[liveuser@sice-client1 ~]$ uname -a
Linux sice-client1.home.idv.tw 4.19.16-200.fc28.x86_64 #1 SMP Thu Jan 17 00:16:20 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[liveuser@sice-client1 ~]$ date
Thu Feb  7 01:33:40 UTC 2019

[liveuser@sice-client1 ~]$ w
 01:33:55 up 10 min,  1 user,  load average: 0.22, 0.46, 0.36
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
liveuser tty2      01:26     ?     1:21   0.23s /usr/lib64/firefox/firefox -con

(3-2)遠端開機成功的抓圖畫面如下:

alt

 

(4)第2台遠端開機成功的資訊及抓圖畫面如下:

(4-1)[liveuser@sice-client1 ~]$ uname -a
Linux sice-client1.home.idv.tw 4.19.16-200.fc28.x86_64 #1 SMP Thu Jan 17 00:16:20 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[liveuser@sice-client1 ~]$ date
Thu Feb  7 03:52:26 UTC 2019
[liveuser@sice-client1 ~]$ w
 03:52:45 up 5 min,  1 user,  load average: 0.69, 0.48, 0.21
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
liveuser tty2      03:51     ?    15.19s  0.15s /usr/libexec/tracker-miner-fs
[liveuser@sice-client1 ~]$ df
Filesystem          1K-blocks     Used Available Use% Mounted on
devtmpfs              1941968        0   1941968   0% /dev
tmpfs                 1968424        0   1968424   0% /dev/shm
tmpfs                 1968424    26548   1941876   2% /run
tmpfs                 1968424        0   1968424   0% /sys/fs/cgroup
192.168.1.103:/fc28  15718400 13078528   2639872  84% /
none                  1968424    39416   1929008   3% /tmp
tmpfs                  393684       16    393668   1% /run/user/42
tmpfs                  393684     5808    387876   2% /run/user/1000
[liveuser@sice-client1 ~]$ ^C

(4-2)第2台用戶端機器桌面抓圖如下:

alt

 

(5-1)電腦教室的PC遠端開機結果

alt

REF 1:https://www.hiroom2.com/2017/07/13/fedora-26-pxeboot-automated-install-en/#sec-1

REF 2:https://www.debian.org/releases/sarge/i386/ch04s06.html.zh_TW

 

 
Accessible and Valid XHTML 1.0 Strict and CSS Powered by LifeType