Once the base OS is installed and we have all of the interfaces properly configured we'll need to instruct the dhcp server to hand out address on the appropriate interfaces. To configure the DHCP server we need to modify the /etc/dhcp/dhcpd.conf file. The following example has all the relvant configurations.

To use this file you will have to modify the following portions:

  • domain-name
  • Node CMC mac addresses (labeled cons#)
  • Node Control mac address (labeled node#)
  • Node Data mac address (labeled data#)

these fields MUST be modified to reflect your configuration.

option domain-name "";
use-host-decl-names on;
get-lease-hostnames true;
ping-check false;
ping-timeout 0;
log-facility local7;
default-lease-time 86400;
max-lease-time 86400;
ddns-updates off;

subnet netmask {
  option domain-name-servers;
  option routers;
  option ntp-servers;

  host cons1 { hardware ethernet 00:20:4a:d5:94:83; fixed-address; }
  host cons2 { hardware ethernet 00:20:4a:d5:94:f1; fixed-address; }
  host cons3 { hardware ethernet 00:20:4a:d5:94:e1; fixed-address; }

subnet netmask {
  option domain-name-servers;
  option routers;
  option log-servers;
  option ntp-servers;
  filename "pxelinux.0";
#  allow booting;
#  allow bootp;
#  option option-150 code 150 = text;

  host node1 { hardware ethernet 00:03:1d:0c:d3:73; fixed-address; }
  host node2 { hardware ethernet 00:03:1d:0c:d3:89; fixed-address; }
  host node3 { hardware ethernet 00:03:1d:0c:d3:71; fixed-address; }

subnet netmask {
#  option domain-name-servers;
#  option routers;
  option ntp-servers;
  filename "/pxelinux.fake";

  host data1 { hardware ethernet 00:03:1d:0c:d3:72; fixed-address; }
  host data2 { hardware ethernet 00:03:1d:0c:d3:88; fixed-address; }
  host data3 { hardware ethernet 00:03:1d:0c:d3:70; fixed-address; }


The DNS configuration is split between a few files. The config files that tell named what db files to ready, and then the specific db files. There are other portions of the config that are included as part of the default install. They are not listed here.

This is the default /etc/bind/named.conf.

// This is the primary configuration file for the BIND DNS server named.
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

The /etc/bind/named.conf.local is modified to point to our specific database files.

// Do any local configuration here

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "" {
     type master;
        file "/etc/bind/";

zone "" {
        type master;
        file "/etc/bind/db.10";

The primary config file is /etc/bind/ The name can be modified to reflect your site, but it has to match the entry in named.conf.local. Aside from the domain, this file can remain in tact.

; BIND data file for
$TTL    604800
@       IN      SOA (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
                IN      A
@               IN      NS
@               IN      A
@               IN      AAAA    ::1
consolec        IN      A
xmpp            IN      CNAME

node1           IN      A
node2           IN      A
node3           IN      A

cons1           IN      A
cons2           IN      A
cons3           IN      A

data1           IN      A
data2           IN      A
data3           IN      A

/etc/bind/db.10 is the reverse look-up database. This file will also need to be modified to reflect the domain.

; BIND reverse data file for 10.1
$TTL    604800
@       IN      SOA     consolec. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      consolec.
1.0     IN      PTR
2.0     IN      PTR
3.0     IN      PTR

1.1     IN      PTR
2.1     IN      PTR
3.1     IN      PTR
254.1   IN      PTR

1.2     IN      PTR
2.2     IN      PTR
3.2     IN      PTR

LDAP Server

Accounting and scheduling depend on LDAP. The following steps will configure the LDAP server.

  1. Create file /etc/ssl/ with:
    cn = GENI WiMAX Company
  2. Create file /etc/ssl/ with (please change to match your FQDN):
    organization = Example Company
    cn =
    expiration_days = 3650
  3. Execute the following command to create SSL certificates:
  4. Create LDIF file for our newly created certificates in the file named /etc/ssl/geni-cert-info.ldif:
    dn: cn=config
    add: olcTLSCACertificateFile
    olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
    add: olcTLSCertificateFile
    olcTLSCertificateFile: /etc/ssl/certs/console_slapd_cert.pem
    add: olcTLSCertificateKeyFile
    olcTLSCertificateKeyFile: /etc/ssl/private/console_slapd_key.pem
    and then execute:
    ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/geni-cert-info.ldif
    The expected output is:
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    modifying entry "cn=config"
  5. Fix the configuration for newly create LDAP for phpldapadmin by editing /etc/phpldapadmin/config.php and changing dc=example,dc=com to dc=geni,dc=net
  6. Point the Firefox web browser to http://<console-ip-address>/phpldapadmin. Set password for group admin user (add attribute → Password → set password → update object)
  7. Make sure you can access the service with admin credentials:
       ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=organizationalRole"
       ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=organizationalUnit"
       ldapsearch -x   -b "dc=geni,dc=net"  "objectclass=organizationalUnit"
       ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=posixGroup"
       ldapsearch -x localhost -D "cn=admin,dc=geni,dc=net" -W -b "dc=geni,dc=net" uid=*
Last modified 6 years ago Last modified on Oct 10, 2014, 6:03:56 PM
Note: See TracWiki for help on using the wiki.