[Network Administration] : Ubuntu and encrypted swap space

Installing Ubuntu 14.04LTS, I’ve gotten the following error:
the disk drive for /dev/mapper/cryptswap1 is not ready yet or not present
The message is annoying, but worse, the swap partition is not encrypted.
I was able to get around this by editing the /dev/crypttab to list the /dev/ path to the drive instead of the UUID in the cryptswap1 entry:

cryptswap1 UUID=2f36a43f-0d3e-4c2e-92ad-ac12603c1ff0 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

was changed to:

cryptswap1 /dev/mapper/cerf--vg-swap_1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

I still get the message, but the swap space is encrypted now.

cerf:~> sudo swapon --summary
Filename				Type		Size	Used	Priority
/dev/mapper/cryptswap1                  partition	8314876	0	-1

[Network Administration]: OS X and Mobile Accounts

I have both Ubuntu and Linux machines. One of the goals is to have access to all of the same information regardless of where I log in, and to have it transparent to the machine that I’m actually using. Continue reading “[Network Administration]: OS X and Mobile Accounts”

[Network Administration]: Automounter over LDAP

This is basically an update to the autofs and automounter page that was published earlier to reflect some changes to how things are set up now. I still have my automount maps in the LDAP directory, but the DN for the maps is updated to the currently provided autofs schema that comes with the Ubuntu package instead of the rfc2307bis schema which seems to have languished in draft form. I’ve also unified some of the files across both Linux machines and OS X. Continue reading “[Network Administration]: Automounter over LDAP”

[Network Administration]: Linux Kerberos Authentication and LDAP Authorization

Once principals are added to the Keberos Database, and the account information is added to the LDAP directory, then the client Linux machines can be configured to access the information and allow for network accounts to be used. Continue reading “[Network Administration]: Linux Kerberos Authentication and LDAP Authorization”

[Network Administration]: Network Accounts

At a basic level, the Kerberos KDC manages the passwords, and the LDAP directory is used to manage user accounts and user groups for both Linux systems and OSX systems. In order to do this, the Kerberos KDC needs to have users and passwords, and the directory needs entries with some basic information that both systems require for authorization. Once the information is in both the KDC and the directory, then both linux and OSX systems can be configured to use the information.
Continue reading “[Network Administration]: Network Accounts”

[Network Administration]: LDAP Directory Service – Frontend and Scripts

I’ve got my authentication service and directory set up and running. Now it needs to be populated. In addition to keeping user and group records, I’m going to be using this for a couple of different services in addition to keeping user and group records such as automount maps and information for a mail server (currently in a MySQL database) as well as more traditional directory information. I’ve created the directory to be more deep than wide putting daemon information under it’s own organizational unit. There are also some packages to manage the entries in Perl.
Continue reading “[Network Administration]: LDAP Directory Service – Frontend and Scripts”

[Network Administration]: Some Notes on Security

Before moving on, I’ll put some notes here on security. Basically, there really isn’t any. At some point, if someone really wants to get in, they’re going to. Hopefully, it won’t be malicious, and it won’t be that easy, but unless you’re completely isolated from the internet, I just don’t see any way that a machine can be completely secure. Possibly the best way is to try to stay out ahead. There are some things that can make things harder for an intruder. Probably, the best way is to really limit the number of network services. Especially, ways that are less secure. The less services running that are unneeded, the less visibility on the network. Also, I don’t have my KDC or LDAP server directly accessible from the internet. Of course, all of this means that it’s all less accessible to me, but that’s something that I can live with. Also, there is a very limited set of users who have access.
Continue reading “[Network Administration]: Some Notes on Security”