Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux

White Paper
Fabasoft on Linux - Preparation Guide for Red Hat
Enterprise Linux
Fabasoft Folio 2016 Update Rollup 5
Copyright ©
Fabasoft R&D GmbH, Linz, Austria, 2017.
All rights reserved. All hardware and software names used
are registered trade names and/or registered trademarks of
the respective manufacturers.
No rights to our software or our professional services, or
results of our professional services, or other protected rights
can be based on the handing over and presentation of these
documents.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
2
Contents
1 Introduction___________________________________________________________________ 4
2 Software Requirements _________________________________________________________ 4
3 Required Information ___________________________________________________________ 5
4 Installation of Red Hat Enterprise Linux ___________________________________________ 5
4.1 Required Packages __________________________________________________________ 5
4.2 Step by Step Guide __________________________________________________________ 6
5 Red Hat Linux Tests ___________________________________________________________ 22
6 Kerberos Authentication _______________________________________________________ 23
6.1 Key Creation for Fabasoft Folio Backend Services _________________________________ 23
6.1.1 ADERPC Key Creation ___________________________________________________ 23
6.1.2 HTTP Key Creation ______________________________________________________ 28
6.2 Import of Keys on Linux Servers _______________________________________________ 28
6.3 Kerberos Tests ____________________________________________________________ 28
6.3.1 First test ______________________________________________________________ 29
6.3.2 Second test ____________________________________________________________ 29
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
3
1 Introduction
This document describes the installation and preparation of Red Hat Enterprise Linux (x64) to run
Fabasoft Folio Services as there are:
 Fabasoft Folio Backend Services,
 Fabasoft Folio Web Services,
 Fabasoft Folio Conversion Services, and
 Fabasoft Folio AT Services.
Chapter 2 “Software Requirements” deals with assumed system environment and supported
platform as well as software the descriptions in this document are based on.
Chapter 3 “Required Information” lists information needed during the installation process.
Chapter 4 “Installation of Red Hat Enterprise Linux” describes the installation of Red Hat Enterprise
Linux on 64 bit architecture.
Chapter 5 “Red Hat Linux Tests” describes the tests, which have to be done after the installation of
Red Hat Enterprise Linux.
Chapter 6 “Kerberos Authentication” describes the necessary steps to prepare the environment to
use Kerberos authentication for Fabasoft Folio Services.
2 Software Requirements
System environments: All information contained in this document implicitly assumes a Red Hat
Linux environment.
Supported platforms: For detailed information on supported operating systems and software see
the software product information on the Fabasoft distribution media.
Make sure that the BIOS option to first try to start from CD-ROM is enabled.
This document assumes the utilization of a Microsoft Windows Active Directory domain controller
(Microsoft Windows Server 2003 Enterprise x64 Edition SP2) as Kerberos Key Distribution Centre
(KDC).
General Linux knowledge is necessary to perform and maintain an installation as described in this
document.
Descriptions in this document are based on following software:
Third-party products for nodes running
 Fabasoft Folio Backend Services (COO, MMC and gateway services):
o Red Hat Enterprise Linux 6.9 (x64)
 Fabasoft Folio Web Services
o Red Hat Enterprise Linux 6.9 (x64)
o Oracle Java SE Runtime Environment 8 Update 72 (JRE)
Current version: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Archive: http://www.oracle.com/technetwork/java/archive-139210.html
 Fabasoft Folio Conversion Services
o Red Hat Enterprise Linux 6.9 (x64)
o Oracle Java SE Runtime Environment 8 Update 72 (JRE)
Current version: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Archive: http://www.oracle.com/technetwork/java/archive-139210.html
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
4
o LibreOffice 5.0.4 (x64)
http://www.libreoffice.org
 Fabasoft Folio AT Services
o Red Hat Enterprise Linux 6.9 (x64)
o Oracle Java SE Runtime Environment 8 Update 72 (JRE)
Current version: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Archive: http://www.oracle.com/technetwork/java/archive-139210.html
3 Required Information
The following information is necessary during the installation and/or preparation of Red Hat
Enterprise Linux. Prepare this information before beginning the installation.
 Name or IP address of the time server
 IP address of the computer Red Hat Enterprise Linux is installed on
 Host name of the computer Red Hat Enterprise Linux is installed on
 IP address of the gateway server
 IP address(es) of the DNS server(s)
 Domain name
 IP address of the domain controller
4 Installation of Red Hat Enterprise Linux
4.1 Required Packages
Make sure that the following packages are installed. In case of a “Desktop” installation, the bold
written packages have to be installed.
Package
Fabasoft
Folio
Backend
Services
Fabasoft
Folio Web
Services
Fabasoft
Folio
Conversion
Services
Fabasoft
Folio AT
Services
Other
Fabasoft
Folio
Services
openldap
x
x
x
x
x
openssl
x
x
x
x
x
gtk2
x
x
x
x
x
dos2unix
x
x
x
x
x
xorg-x11-xinit
x
x
x
x
x
libjpeg
x
x
x
x
x
libpng
x
x
x
x
x
libtiff
x
x
x
x
x
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
5
alsa-lib
x
x
x
x
x
libtool-ltdl
x
x
x
x
x
httpd
x
x
unixODBC
x
x
x
xorg-x11-server-Xvfb
x
mod_ssl
x*
pam_ldap
x
firefox
x
Not on the Linux distribution media
Java Runtime
Environment
x
LibreOffice (64-bit)
Oracle Instant Client
(if Oracle is used as
RDBMS)
x
x
x
*(only if SSL enabled)
4.2 Step by Step Guide
To install Red Hat Enterprise Linux, perform the following steps:
1. Insert the installation CD number 1 of Red Hat Enterprise Linux into the CD-ROM drive. Restart
the computer.
2. After restarting, the installation setup of Red Hat Enterprise Linux starts.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
6
3. Press Enter to start the setup process.
4. First, it is possible to begin testing the CD media before actually starting the installation. Select
“Skip” to skip the CD test and press Enter.
Note: It is recommended to use original installation CDs from Red Hat. As these original CDs
are already tested the CD test need not to be performed. If own copies are used it is
recommended that the CD test is performed at least once. For further information about the CD
test consult the documentation of Red Hat.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
7
5. Now the mouse can be used to navigate. Click “Next” to continue.
6. Select the language that should be used during the installation process. To follow this
documentation, select “English (English)” and click “Next”.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
8
7. Select the appropriate keyboard connected to the system and click “Next”.
8. Select what type of devices your installation will involve and click “Next”.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
9
9. Specify the hostname (non fully qualified) of the computer and click “Configure Network” to
configure the network card of this computer. Afterwards click “Next”.
Note: If no network card has been installed or the network card is not recognized by the
installation program the network configuration screen is not displayed.
Select Method “Manual” and enter the IP address of the computer (Address field), the Prefix
(Netmask), Gateway and the DNS server(s) and click “Apply…”
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
10
10. Select the location to set the correct time zone. Click “Next” to continue the installation process.
11. Enter the password for the system administrator (root). Click “Next” to continue.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
11
12. Select Create custom layout and click “Next”.
13. Disk partitioning is dependent on the hardware.
We recommend using two partitions. One for the swap partition and one for the system partition.
The size of the swap partition should be the size of the working memory of the computer. As it is
possible that the working memory of the computer is upgraded in the future it is recommended
to set the size of the swap partition to the maximum possible size of the working memory of the
computer.
Note: All Fabasoft Folio MMC Areas should be persisted on secure and fast storage systems,
such as, for instance, a SAN.
Use at least one dedicated partition to store the Fabasoft Folio MMC Areas.
14. To create a new partition click “Create”.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
12
15. Enter the Mount Point and the Size (MB). Do not change the other options.
16. Click “OK”.
Repeat the process for all the partitions that should be created.
In the File System Type list, click “swap” for the swap partition.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
13
17. After all necessary partitions have been created an overview is displayed.
18. When disk partitioning is finished, click “Next” to continue the installation process.
19. Now you can set the boot loader to be installed. Click “Next”.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
14
20. Select Desktop, and click “Next”.
21. The installation process continues. A progress bar indicates the progress of the installation
process.
22. Finally the installation process is finished. The computer has to be restarted.
Click “Reboot” to restart the system.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
15
After the system restarted and finished the initialization process a welcome screen is displayed.
There are a few more steps to take before the system is ready to use.
23. Click “Forward” to continue.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
16
24. The License Agreement is shown on the screen. Read the License Agreement carefully and
click Yes, I agree to the Licence Agreement. Click “Forward” to continue.
25. Click “Forward” to continue.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
17
26. It is not necessary to create a system user in this case. Click “Forward” to continue.
The following message is displayed:
Click “Yes” to continue.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
18
27. The date and time for the system have to be set. Set the date by selecting the current year,
month and day and set the time by selecting the current hour, minute and second.
28. Select Synchronize date and time over the network.
Select each of the default servers in the server list and click “Delete”. In the NTP Servers box,
click “Add” and type the name or the IP address of the time server to use”.
Setting the correct time server is important for Kerberos authentication.
Note: When Kerberos is used, it is mandatory that all servers within the Fabasoft Folio Domain
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
19
have their local clocks running narrowly in sync. This is usually accomplished using NTP
(Network time Protocol) and a time server. Note that an Active Directory domain controller
provides a NTP-compliant time server, against which the system clocks of all Linux machines
are synchronized.
29. Don’t enable Kdump. Click “Finish”.
30. The installation of Red Hat Enterprise Linux is now completed. The graphical login screen is
displayed.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
20
31. Log on as user root.
32. Open “Applications” > “System Tools” > “Terminal”.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
21
The terminal is opened.
33. Make sure that the packages as described in chapter 4.1 “Required Packages” are installed.
After the installation process has finished, perform the following steps:
1. To set the hostname execute the following command:
# nano /etc/hosts.
2. Change the line
127.0.0.1 <computer name>
localhost.localdomain
localhost
into
127.0.0.1 localhost.localdomain
localhost
3. Add a second line:
<IP address of the computer> <computer name>.<domain name>
<computer name>
Note: Press “Tab” for the space between the entries in one line.
4. Press Ctrl + X and confirm with Y or Enter to save the changes made.
5. Make sure that SELinux is disabled.
5 Red Hat Linux Tests
To confirm, that the installation and configuration has been finished successfully, perform following
steps:
1. To display the hostname execute the following command:
# hostname
This command should only display the hostname of the Linux server (e.g.: fscbackend).
2. To display the fully qualified domain name, execute the following command:
# hostname -f
This command should display the hostname and the domain (e.g.: fscbackend.sub.comp.com).
3. localhost has to be resolved. Execute the following command:
# ping localhost
Note: Press Ctrl + C to end the command ping.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
22
4. localhost.localdomain has to be resolved. Execute the following command:
# ping localhost.localdomain
Note: Press Ctrl + C to end the command ping.
5. ping <computer name> has to work. Execute the following command:
# ping fscbackend
Note: Press Ctrl + C to end the command ping.
6. ping <computer name>.<domain name> has to work. Execute the following command:
# ping fscbackend.sub.comp.com
Note: Press Ctrl + C to end the command ping.
The Red Hat Linux installation has been tested on hostname and domain.
6 Kerberos Authentication
On nodes intended for Fabasoft Folio Web Services, SPNEGO authentication for the Apache Web
Server as an extension module is provided. SPNEGO authentication allows single sign on via
Kerberos and Active Directory even from a Fabasoft Folio Web Client (similar and compatible to
integrated login on the Microsoft platform).
Additionally, configure /etc/krb5.conf to use the Active Directory domain as Kerberos realm and
its domain controller as Kerberos Key Distribution Centre.
To configure /etc/krb5.conf, perform the following steps:
1. Open the /etc/krb5.conf file in an editor.
2. Configure krb5.conf as follows.
Replace the values in <> with the appropriate values for the domain. In case of troubles consult
the Kerberos documentation.
[libdefaults]
default_realm = <SUB.COMP.COM>
dns_fallback = false
forwardable = true
proxiable = true
[realms]
<SUB.COMP.COM> = {
kdc = <IP address of the Domain Controller>[:<port>, [options]]
admin_server = <IP address of the Domain Controller>[: <port>, [options]]
}
[domain_realm]
<.company.com> = <SUB.COMPANY.COM>
Note: Attend to entries written in uppercase (e.g. <SUB.COMP.COM>).
The Kerberos authentication has been configured basically on the newly installed server.
6.1 Key Creation for Fabasoft Folio Backend Services
6.1.1 ADERPC Key Creation
For each Linux server running kerberized Fabasoft Folio Services, a distinct ADERPC key has to be
exported.
To create an ADERPC key for Fabasoft Folio Backend Services, perform the following steps:
1. Log on to the primary Active Directory domain controller.
2. Open the MMC snap in „Active Directory Users and Computers” ( dsa.msc).
3. Add a user with an arbitrary logon name of your choice for each Fabasoft Folio server.
A common prefix is recommended.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
23
Example: ADERPC-fscbackend
4. Click “Next”.
5. Select the User cannot change password and the Password never expires check boxes.
6. To create the user click “Next“.
A Kerberos user has been created.
7. Execute the following command:
setspn -A ADERPC/<fqdn> <user account>
Example:
setspn -A ADERPC/fscbackend.sub.comp.com ADERPC-fscbackend
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
24
8. On the “Delegation” tab of the user’s properties dialog box click Trust this user for delegation to
any service (Kerberos only).
9. On the „Account“ tab of the users’s properties dialog box click Use DES encryption types for this
account or select This account supports Kerberos AES 256 bit encryption.
DES-CBC-MD5:
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
25
AES256-SHA1:
Now a Kerberos key needs to be transferred to the according Linux computer. To export the key
from Active Directory, the ktpass utility is required.
Note:
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
26
 In case of a Windows Server 2003 Domain Controller “Microsoft Windows 2003 Support Tools”
must be installed, which are located on the Microsoft Windows 2003 CD in the
\support\tools\suptools.msi directory.
 The support tools must match version and language of the Microsoft Windows operating system
installed on the domain controller.
Execute the following command:
ktpass -crypto <crypto-typ> -princ ADERPC/<fqdn>@<REALM> -ptype KRB5_NT_PRINCIPAL
-mapuser <user account> -pass <password of the user account> -out <filename>
Possible crypto types:
 DES-CBC-MD5 (Active Directory 2000/2003)
 AES256-SHA1 (Active Directory 2008/2008 R2)
Note:
 AES support is limited by some combinations of Microsoft operating systems.
For details see the Microsoft TechNet article “Kerberos Enhancements”.
http://technet.microsoft.com/en-us/library/cc749438(WS.10).aspx
Example:
ktpass -crypto DES-CBC-MD5 -princ ADERPC/fscbackend.sub.comp.com@SUB.COMP.COM ptype KRB5_NT_PRINCIPAL -mapuser ADERPC-fscbackend -pass <your password> -out
fscbackendADERPC.key
Via secure channel (e.g. using ssh) transfer the key file to the Linux server, where it needs to be
imported in the Kerberos key tab as described in chapter 6.2 “Import of Keys on Linux Servers”.
Note:
 <REALM> is always all-upper-case.
 It is imperative that <fqdn> matches the Linux server’s hostname in DNS and the entries in
Active Directory exactly, <fqdn> is also case-sensitive.
 DNS entries for each Linux machine must exist for forward (type A) as well as for reverse (type
PTR) lookups.
 The Active Directory user entries can be validated with “ADSI Edit”. Execute adsiedit.msc and
view the properties of the corresponding user. The attributes servicePrincipalName and
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
27
userPrincipalName shall look similar to the following example:
6.1.2 HTTP Key Creation
For each machine intended for Fabasoft Folio Web Services as well as all nodes running Fabasoft
Folio Web Management, a HTTP Kerberos key is required.
Perform the steps of chapter 6.1.1 ”ADERPC Key Creation” and replace “ADERPC” with “HTTP”.
Name the output file <hostname>HTTP.key, which would result in qavmlinuxrhelHTTP.key for our
example host.
6.2 Import of Keys on Linux Servers
First create a subdirectory fabasoft in /etc. In the terminal type:
mkdir /etc/fabasoft.
Run the utility /usr/kerberos/sbin/ktutil.
Execute the following commands:
 Read the specified Kerberos key file (created on the Microsoft Windows Server 2003 and
subsequently transferred to the Linux machine) into the current key list.
rkt /path/to/keyfile
 Write that key into the Kerberos keytab file utilized by all Fabasoft Folio Services:
wkt /etc/fabasoft/krb5.keytab
 Do the same for the HTTP key.
rkt /path/to/keyfile
wkt /etc/fabasoft/krb5.keytab
 Type quit and press Enter to exit ktutil.
Note: The ownership and permissions of the file /etc/fabasoft/krb5.keytab need to be changed
to 644.
6.3 Kerberos Tests
If one of the tests fails it is necessary to fix the problem before Fabasoft Folio is installed.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
28
6.3.1 First test
Execute the following command and enter the user’s password when prompted:
/usr/kerberos/bin/kinit <Microsoft Windows user>
If no error message is returned, view the ticket cache with the following command:
/usr/kerberos/bin/klist
Verify the output (the default principal must correspond to the provided user):
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <Microsoft Windows user>@<SUB.COMPANY.COM>
Valid starting
11/15/04 09:16:36
Expires
11/16/04 19:16:38
Service principal
krbtgt/<SUB.COMPANY.COM>@<SUB.COMPANY.COM>
6.3.2 Second test
Issue the following command to acquire a ticket using the key in the Kerberos key tab file instead of
an interactive password:
/usr/kerberos/bin/kinit –k –t /etc/fabasoft/krb5.keytab <principalname>
Example:
/usr/kerberos/bin/kinit –k –t /etc/fabasoft/krb5.keytab \
ADERPC/<hostname>.<sub.company.com>@<SUB.COMPANY.COM>
Note: ‘\’ denotes line continuation.
If no error message is returned, view the ticket cache with the following command:
/usr/kerberos/bin/klist
Verify the output (the default principal must correspond to the provided user):
Along the same lines, try the HTTP key.
/usr/kerberos/bin/kinit –k –t /etc/fabasoft/krb5.keytab \
HTTP/<hostname>.<sub.company.com>@<SUB.COMPANY.COM>
Note: ‘\’ denotes line continuation.
If no error message is returned, view the ticket cache with the following command:
/usr/kerberos/bin/klist
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
29
On any errors, please consult the extensive Kerberos documentation.
If no errors occur the installation and configuration of Kerberos has been successful.
Fabasoft on Linux - Preparation Guide for Red Hat Enterprise Linux
30
Download PDF
Similar pages
Trust 18725
Ewent EW1672
Trust 19175
Trust 19904
Trust 19217
Trust Folio Stand with Stylus Pen for iPad
PDF Tips for using the ZAGG Folio Bluetooth Keyboard