Like most OSs out of the box the system is set to get it’s IP address from a DHCP server (i.e. dynamically). On the rare occasions I’m deploying Linux its to perform a specific task, so in nearly all cases I want it to have a static IP. Here is how to achieve that.
Solution : Ubuntu Static IP
Disable Cloud-Init
Since Ubuntu version 18.04, it has shipped with this enabled, you can proceed with it enabled, but the procedure is different and your efforts can be ignored, so I simply disable it. the first command sees if its running (if it yields any output, {as shown} then it is).
Remember: This procedure changes the IP address, if you are connected remotely by SSH for example, you may lose connectivity. Perform this at the console or ensure you can reconnect to the new IP address (post change).
Paste in the following, then save and exit (CTRL+X > Y > Enter).
[box]
network: {config: disabled}
[/box]
Then reboot the machine.
[box]
reboot
[/box]
Ubuntu Static IP Netplan
Ubuntu will apply a set of network configuration settings that are formatted as YAML. Before we create that file let’s look to find out what our network interface is called, what the current IP address and network range is, and where the default gateway (or default route) has been pointed to.
[box]
ip addr
ip route
[/box]
From the above we can see our interface is called ens33 (yours may be called something different like eth0), it has an IP address of 192.168.100.103/24 (i.e it has a netmask of 255.255.255.0), and its default gateway is 192.168.100.1 To see the current netplan we need to look in/etc/netplan as you can see (below) mines called 50-cloud-init.yaml (yours may have a slightly different name, so change to the directory and list is contents to make sure.
[box]
cd /etc/netplan
ls
sudoedit {name-of-your-netplan-file}.yaml
[/box]
Here is an idea of what your file may currently look like.
And here is one I’ve edited to include the required IP 192.168.100.20/24 and the default route (gateway) 192.168.100.1, and my local DNS servers 192.168.100.10 and 192.168.100.3.
[box]
network:
ethernets:
ens33:
dhcp4: no
addresses:
- 192.168.100.20/24
routes:
- to: default
via: 192.168.100.1
nameservers:
addresses: [192.168.100.10,192.168.100.3]
Version: 2
[/box]
Save and exit the file, then apply the netplan (Note: if you are connected via SSH you may lose connectivity).
Note: For an example of setting up a bridged network see the link below.
[box]
sudo netplan apply
AT THIS POINT CHECK CONNECTIVITY
[/box]
Related Articles, References, Credits, or External Links
Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VMware Option Tab > Advanced > Edit configuration > Add in the following;
1. Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > Option Tab > Advanced > General > Configuration Parameters.
2. Select “Add Row” and add the following two options:
[box]isolation.tools.copy.disable
isolation.tools.paste.disable [/box]
Set both these values to FALSE > OK > OK > Power the VM back on again.
Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.
Option 2 (Enable Copy and Paste to VM on an individual Guest machine)
1. You can also achieve the same as above by directly editing the .vmx file for the virtual machine, Add the following two values as shown below:
[box]isolation.tools.copy.disable=”FALSE”
isolation.tools.paste.disable=”FALSE” [/box]
Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.
Option 3 (Enable Copy and Paste on the ESX host for all the VM’s on that host)
Note: This procedure will be removed/reset after an ESX upgrade. (You will need to carry out this procedure again post upgrade).
1. Connect to your ESX server, either directly on the console, or via SSH. and execute the following command:
[box]vi /etc/vmware/config[/box]
2. Press i to insert text and paste in the following two lines:
[box]isolation.tools.copy.disable=”FALSE”
isolation.tools.paste.disable=”FALSE” [/box]
Press Escape > then type :wq to save the changes.
Additional Steps for Linux / Ubuntu to allow Copy and Paste to VM
1. Assuming you have the VMware tools installed in your Linux guest VM, if not execute the following command:
[box]sudo apt-get install open-vm-toolbox[/box]
To enable copy paste on the guest execute the following command:
[box]vmware-toolbox &[/box]
One the VMware tools properties page pops up you will be able to copy and paste.
Enabling Copy and Paste in VMware Workstation
Out of the box, this functionality is switched on. However if you lose it then open the virtual machines settings > Options tab > Guest Isolation > Enable the Copy and paste option.
Related Articles, References, Credits, or External Links
First of all not being able to connect to your Ubuntu server via SSH as root is ‘by design’, and it’s a perfectly good security measure. I do find it interesting that every hosting company I ever used, spin up a new machine and then email me the root password and they’ve enabled it anyway?
I needed to enable this recently and the internet is full of posts saying ‘just edit the config file, and restart the service’. What they don’t tell you is that the root user is disabled by default, even with a valid password, IT STILL WONT WORK!
Solution
Connect to your Ubuntu machine, and reset the root user password, (so you know what it is).
[box]sudo passwd root[/box]
As shown you will need to enter your password first, then enter and confirm a new root password.
Then ‘unlock the root account’;
[box]sudo passwd -u root[/box]
Note: If you ever want to ‘lock‘ it again, use (sudo passwd -l root).
Now you can edit the sshd config file;
[box]sudo nano /etc/ssh/sshd_config[/box]
Locate the line ‘PermitRootLogin’ and change it so it ONLY says yes (as below).
Note: Here I’m also changing the SSH port (to 2223 in this example, from the default port of 22), I usually change the default SSH port.
Now finally, restart the SSH Daemon, (that always looks like it’s spelled incorrectly!) With the following command;
[box]sudo service sshd restart[/box]
Don’t forget if, (like me) you changed the port, you will need to specify that in your client connection software (i.e. PuTTy or RoyalTSX).
Related Articles, References, Credits, or External Links
At the time of writing this site is running on CentOS7 LAMP (Linux Apache MySQL and PHP). Well I’m actually using MariaDB not MySQL as it’s ‘supposed’ to be a little faster, but they are similar enough to be accepted. I’m planning to migrate to Ubuntu 17 LEMP (Linux ‘EnginX’ MySQL and PHP) again with MariaDB. As the site is getting more traffic I want to utilise the better performance of nginx (I know I called it EnginX above but LNMP stack doesn’t sound so good, and nginx is ‘pronounced ‘engine x’).
So the following series of articles will be how to install nginx, MariaDB, PHP and WordPress.
Solution
Installing Linux
You have essentially two choices, do what most people do and go to a hosting company and rent a VPS, (virtual private server) for a monthly fee. Then when you set it up you can select what flavour of Linux you require, press go, and by the time you have had a coffee, they will have emailed you the IP and logon details, and Linux is already installed for you. You can of course install linux on your own server, and as long as you can make it publicly available use that.
The main difference is, if your hosting company build it for you, the root user will be enabled and you will connect with the root user and password. If you build your own server you will connect with user account and root will be disabled. If you know nothing about Linux that means to execute any system level commands you need to prefix them with ‘sudo’ (or type su and enter the root password). If you are logged in as root and use sudo it does not make any difference so I will prefix all the commands I use below with sudo to make things easier, just remember the first time you use sudo it will ask for your password again.
Why Ubuntu? Well I use CentOS presently, but while doing research there was little information on getting nginx and PHP7 running on CentOS, but there was for Ubuntu that’s the only reason I’m switching OS.
Update The Server
It might have been built from an image, but that does not mean that the image was up to date, thankfully that’s simple to do, run the following command to see if there’s any updates.
[box]sudo apt update[/box]
In my example theres two updates, I can upgrade to them with the following command, (you may be asked to answer ‘y’ for yes);
[box]sudo apt upgrade[/box]
Change the Linux SSH Port
Note: If you built the server, you may need to install openssh server.
[box]sudo apt-get install openssh-server[/box]
I’ve had servers compromised in the past so let’s start with some basic security, I always change the default SSH port, in this example I’ll use 2223 (instead of the default SSH port of 22).
Edit the SSH config file;
[box]sudo nano /etc/ssh/sshd_config[/box]
Uncomment and change the Port number to something other than 22, (make it above 1024 to be on the safe side, I’m using 2223).
Note: If you built your own server, and you are allowing root access to SSH you may want to see the following article;
Traditionally Linux uses iptables, (or FirewallD for CentOS.) I like iptables, because like all things Linux I worked out how to set it up, and wrote it down. Ubuntu has a ‘front-end’ to iptables thats still command driven, it’s called UFW (uncomplicated firewall). Which I didn’t want to learn about because I use iptables! But in all honestly UFW is so simple it’s painfully easy.
I want to allow TCP 80 (http), TCP 443 (https), and TCP 2223 (for my SSH server). And that’s it, block everything else incoming, allow the server to speak out, and secure the server.
Note: If it looks like it’s frozen, press Ctrl+C to get the cursor back
Set MariaDB to start when the server restarts;
[box]systemctl enable mariadb[/box]
Secure MariaDB: At the moment MariaDB will have a blank root password, (it has its own root user). So to secure it you simply run;
[box]sudo mysql_secure_installation[/box]
Note: It immediately asks for a password, (it will be blank so hit (Enter},) answer ‘Y’ to set a root password, set a fresh one (you will need it in a minute, so remember what it is!) Then accept all the defaults by just pressing {Enter}.
Create Your WordPress Database
WordPress needs a database, to get WordPress talking to MariaDB (or MySQL) you need three things;
A database name.
A username to access the database.
A password for that user.
So in the following example I will use;
Database Name: PETESDATABASE
Username: petesuser
Password: P@ssword12345
Execute the following commands one by one;
[box]
sudo mysql -u root -p
{Enter the root password you just set for MariaDB}
CREATE DATABASE PETESDATABASE;
CREATE USER 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
GRANT ALL ON PETESDATABASE.* TO 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
FLUSH PRIVILEGES;
exit
I have a guest VM on my vSphere test rig that’s running Ubuntu 10.10. That I use for testing, for a while I could not get the screen resolution above 854×480 (For wide screen or 16:9 format).
Solution
Note I’m assuming you already have the VMware tools installed!
1. Shut down your guest machine, open the VMware VI client and go to the settings of the guest machine. go the the hardware tab and select video card. By default it will be set to auto detect, change it to a nice high resolution, and click OK.
Note: For VMware workstation the setting is under “Display” see below.
2. Power the guest VM back on again and now you should have a better range of resolutions.
Related Articles, References, Credits, or External Links
Seen when trying to connect the Evolution mail client to a Microsoft Exchange server (via evolution-mapi). As soon as you hit authenticate you will see the following error.
You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.
Note: The domain controller is a Windows 2008 R2 Server.
Solution
Notes
1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).
2. Then to allow users to logon from the Ubuntu welcome screen,
[box]sudo nano /etc/samba/lwiauthd.conf[/box]
3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.
[box]winbind use default domain = yes[/box]
4. Then reboot.
[box]sudo reboot[/box]
5. To allow sudo for the domain user(s),
[box]sudo nano /etc/sudoers[/box]
Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).
[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>
Problem 1
Error: Lsass Error [code 0x00080047]
9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.
This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.
FIX
Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,
[box]cat /etc/resolv.conf[/box]
Then get the domain syntax right, in my case the domain name.
If you would like to add your domain user(s) to the welcome screen click here.
Update 04/01/12
Attention: PeteNetLive – Suggestion
Message: Hi,
Thanks very much for you YouTube and description of joining Ubuntu to a domain. There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account. To do this I had to add the following line to /etc/lightdm/lightdm.conf
greeter-show-manual-login=true
I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.
Thanks again.
From: Roland Elferink
Related Articles, References, Credits, or External Links
I’m far to lazy to type my user name in every time I start up, I tried and searched for a solution to no avail, I asked on the ubuntu forums and user KryTarik pointed me at the document I needed.
Solution
1. The settings are stored in /etc/gdm/custom.conf
2. We need to edit that file (Applications > Accessories > Terminal), and execute the following command.
3. I am going to add my domain user object, and hide the local user I created, by adding the following.
Did you know you can install Java and Flash with the Ubuntu Restricted extras pack?click here
Im not a big fan of Java, In the past I’ve either had the wrong version, or it’s made something run like a dog, but I need it for the Cisco management stuff I need to do. (Guess what the next article is going to be 🙂 Like Adobe Flash, there seems to be a lot of different info out on the web about how to do this, so it took me a while to do something that was painfully easy in the end.
Solution
1. Click Applications > Ubuntu Software Centre > Type “java” in the search terms > Locate OpenJDK Java 6 Runtime.
2. Hit install.
3. You may be asked to authenticate, do so. My netbook is a little slow so at this point it appeared to hand for a while (Go and have a brew! It will be finished by the time you come back.
Related Articles, References, Credits, or External Links
A while back I ran though “Managing Cisco ASA devices via the ASDM with Ubuntu“, I prefer to work at command line, with a new firewall my only choice is via the console port, In a windows environment I can fire up Hyperterminal and I’m away. With Linux there a couple of things to do first.
Solution
Step 1 (Get the Serial / RS232 / COM Port working)
As pictured above, this is being done on my Acer Netbook so I don’t have a serial port. I need to use a USB to Serial converter, If your machine has a serial port then simply skip this section.
1. Plug in your serial converter and wait a few seconds, open a terminal window (Applications > Accessories > Terminal) and issue the following command,
[box]dmesg[/box]
2. Amazingly it looks like been installed with the correct driver, without any effort by me at all! Lets make sure, unplug the USB to serial converter then issue the following command,
[box]lusb[/box]
Then plug the device back in and run the same command, notice the serial port has popped onto the list.
Note: If you not as lucky as me follow the excellent advice here to install the drivers you need.
Step 2 Install and Configure Minicom
1. Open a terminal window and issue the following command,
[box]sudo apt-get install minicom[/box]
Tap in your password, then enter “Y” for yes when prompted.
4. We need to know the connection name for the USB to Serial converter, issue the following command (See mines called ttyUSB0).
[box]dmesg | grep tty[/box]
5. Now lets fire up Minicom with the following command,
[box]sudo minicom[/box]
Tap in your password again, then as requested press CTRL+A, then Z.
6. To configure the serial settings press O (that’s O for Oscar not zero).
7. Select “Serial Port Setup”.
8. Press A to set the device.
9. As we discovered (above) ours is called ttyUSB0, so change the device to /dev/ttyUSB0.
10. Press C to change the connection speed to 9600 baud, Press Q (to set 8 bits, no stop bit, and 1 parity bit. On mine this was set by default), press {enter} to exit.
11. Press F to turn off hardware flow control (Some posts will say leave it on, I generally turn if off and I’ve never seen anything break!). Press G to disable software flow control (if enabled).
12. Then Select “Save setup as..”, and give is a sensible name. (If you went back too far simply press O again to get back here).
13. Now the settings are saved you can launch them at anytime with,
[box]sudo minicom {filename}[/box]
Note: Sometimes your serial drive gets locked up but a reboot will solve the problem.
14. Here’s me connected to an ancient old catalyst switch.