TurnKey Linux (TKL) appliances provides an easy turn key solution to deploy essential and common network services for your organization or team on LAN or WAN. It is deployed as an appliance. All configurations is done via web browser. It save your time to study and install related software packages by packing everything in a single 130~200MB ISO file. You may install these software appliance in bare machine, virtual machine or even Amazon EC2 could server.
At the time this article is written, there are 45+ ready TurnKey appliances ranging from content management, web development, issue tracking and messaging. These appliances are based on Ubuntu Linux – one of the most friendly and easy to use Linux distributor in the market.
Once install, the console will show you how to access the server. The configuration may perform in Webmin GUI via HTTP web browser. This save your time and efforts compare to command line configuration practice in used by Linux community. User with little or no knowledge of Linux may perform the job well too.
However, TurnKey Linux appliance is not perfect. This article is not about using TurnKey Linux appliance but attempt to illustrate some features that you may want in TKL appliance. Some of these features need to configure in command line console.
Webmin is widely used in TurnKey appliance as front end configuration control panel. Both Webmin and TurnKey Linux are independent to each others. You may attempt to upgrade Webmin to latest version to get more updated features.
To upgrade Webmin, simply use “Upgrade Webmin” icon in Webmin configuration page.
To ease the installation and save your time and bandwidth if you have many TKL appliances deployed, try download the latest Webmin .tar.gz file and use the upload option to upgrade Webmin.
Add or Upgrade Webmin modules
Use “Webmin Modules” icon in Webmin configuration page to manage Webmin modules. You may install or upgrade new Webmin module that you need but missing in TKL appliance.
Add or Upgrade Software Packages
New features or updates may available in updated software packages. Using System | Software Packages to upgrade to latest updates.
Webmin Time module is missing in TKL appliance. Install a time module and you are ready to configure time zone and date time of TKL appliance instance.
If LDAP directory services is available to serve the account information, you may configure TKL to support account authentication via LDAP.
First, install these packages:
You may use apt-get in console:
# apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db
or using the Webmin’s Software Packages to install those packages.
Configure LDAP client via:
# dpkg-reconfigure ldap-auth-config
LDAP client configuration is available in Webmin too. Install “ldap-client” to get this feature in Webmin.
Edit /etc/nsswitch.conf to add ldap support:
# vi /etc/nsswitch.conf passwd: compat ldap group: compat ldap
This may also configured by “Services using LDAP” of Webmin LDAP client:
To verify the LDAP configuration, run “getent passwd” to check if the LDAP accounts appears in the list.
If LDAP accounts are alias accounts. You may add “DEREF always” in /etc/ldap.conf to make dereference works.
Create home directory
A common usage of LDAP account authentication is provide a secure shell login option for users. Home directories will not be created for LDAP accounts by default. There is a feature in pam that may automatically create home directory for user when login.
Edit “/etc/auth-client-config//profile.d/acc-default” to add pam_mkhomedir.so as follow:
# cat /etc/auth-client-config//profile.d/acc-default ... # # this example is for using ldap to authenticate and authorize. This is only # an example, and you will most likely have to create your own profiles to # authenticate with your system. Note that this example requires the # libpam-cracklib package to be installed. # [ldap_example] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ session optional pam_ldap.so
Next execute this to update pam configuration:
# auth-client-config -a -p ldap_example
Now, user login to via ssh may have the home directory created automatically.