ubermix Forums
Technical => General Support => Topic started by: otter on August 15, 2013, 10:13:16 AM
-
Hi!
Let me start with a little background so you understand what I'm trying to do. I work in the IT Dept at a community college and as part of my FOSS/Linux advocacy I've gained tentative permission to setup a few computers with Linux in public areas, like the library. Upper management has given me these 2 requirements:
- machines must log into the Active Directory
- machines must wipe/reset daily
So far I've been pretty successful. I am able to join to the AD with likewise-open and though I haven't implemented it yet I've read the instructions for auto-reset on each boot and don't expect any issues there. (http://wiki.ubermix.org/page/Auto-Reset)
The problem I am having is that the user I've created on my base machine, the username that I am required to use for the AD login for all student PCs (lanstudent), is not being fully transferred when I create an updated key. I can login as that user but there is no /home/lanstudent/, and the autologin for that user is not working either (which just may be a first time boot issue - I've noticed fresh installs of Ubermix require entering a password for "user" the first time they're booted)
Here are the notes I've made during this process. Though not very thorough (details of steps are omitted) they should provide an idea of what I'm doing.
***********************************
After fresh install ...
RESIZE BASE SYSTEM PARTITION
reboot w/ key
option 5, option 3
set to 16G
option 5, option 5
set hostname
REBUILD THE BASE IMAGE
reboot (no key)
ESC, normal, 'e', replace 'aufs' with 'generic', ctrl-x
adduser lanstudent
addgroup lanstudent <all of user's groups>
edit /etc/lightdm/lightdm.conf
to autologin lanstudent
PURGE
Thunderbird
UPGRADE
(run apt-get update)
localepurge, select 'en_US' (run it, saves 158M)
firefox
google-chrome-stable
libreoffice
likewise-open-gui
vim
run apt-get autoclean
add zotero to FF
set homepages
set Favorites screen
use gparted to resize USB key
reboot w/ key
option 5, option 1
<wait>
*****************************************************************
I guess the question comes down to: how to I get that 'lanstudent' user _fully_ transferred over with my new installation image?
I guess another problem will also be: how do I protect that account from getting destroyed each time I do a reset?
Thanks in advance!
-
The only account that the reset process handles is the "user" account - any additional accounts that may be on the machine are ignored. Is there a particular reason the account has to be named "lanuser"?
-
The only account that the reset process handles is the "user" account - any additional accounts that may be on the machine are ignored.
Ok. So if I understand this correctly (reading from ubermix.org/customization.html as well), there's no ability to write more than one user into 'Default System'. It sounds like in 'Default System' there is just /home/ that is written to /home/user/ on the 'User Home' partition on a reset or (in my case) a new install from a key I've made.
Additionally, even if I have another user set up in 'User Home' doing a 'Restore Unit Completely' (which is what I'm required to be do) will erase that user, won't it?
Sound about right?
Is there a particular reason the account has to be named "lanuser"?
Well, it's actually 'lanstudent' and I'm using that because that's the username/password combo convention we use to auto-login all "public" PCs to Active Directory. It doesn't necessarily have to be that username (though I'd like to stick with the established convention) but it does have to be a valid AD username/password.
I'm pretty sure that 'user' will not be accepted as a valid AD login, though I'll check into that when I'm at work tomorrow.
(BTW, the 'lan' in 'lanstudent' has nothing to do with a Local Area Network - it's an abbreviation of the name of the city where the branch campus is where I work)
-
You are correct. Default settings are on the base partition (sda1) in /home/user and the writable home is on the home partition (sda3), which mounts on top of /home.
Your custom user would not, however, get deleted on a full reset. In the interest of reducing reset time, the home partition is not formatted, rather the user folder on sda3 is simply deleted and then /home/user from the base is copied back in. So, you could, theoretically, create your lanstudent folder at startup in the /etc/rc.local script. A better option would be to use pam_mkhomedir to auto create the home folder if it doesn't exist on login.
-
Ok. Good info. Thanks!
I follow what you're saying about the /etc/rc.local script. Not familiar with pam_mkhomedir, though. Will have to look into that.
But here's what I'm thinking: either of those solutions seem to be emulating what the reset process is (sort of) already doing. Would it be possible to modify it to copy a different set of files/folders or to copy additional files/folders? What's the actual mechanism that's doing the reset? (it sure would be nice if it's a script that can be edited, but I doubt it's gonna be that easy)
-
The scripts are all built into the initrd, because everything has to happen before the disk is mounted, so not easy to edit. Technically possible to reset all the users to the default user's settings on a reset, however it could get kinda wonky and slow. Might be able to send you something that works the way you want it to - let me see what I can do. Would definitely look at pam_mkhomedir in the mean time.
-
I really appreciate your efforts here jnetman1. Thanks!
FWIW, I only have a need for one additional user. And before you make any great efforts until I verify that 'user' can't be used as a login name in our environment. I'll be at work ~10 hours from now and will find out then. If it can be used that solves the whole problem.
-
It appears that I was working on an incorrect assumption about using 'user' as an AD login. It may be possible, but I won't be able to find out for sure until Monday. I'll post back then.
-
Alright. It's actually Tuesday, not Monday - it took me a little longer to get in touch with person I needed to speak to than I thought.
I'm 99% that I can use "user" as the login, so I'm just gonna go with that assumption. That should clear up any of the above issues I've been having. Thanks for your help!
cheers
mark