This HOW-TO is an supplement to the Rembo Server's documentation and to the INSTALL file in its distribution. The method explained below prepares the installation for
The Rembo Wizard contain two built-in user names: root and rembo. The authentication of these users is done on the server on which the Rembo Server runs. Obviously, it is not a good idea to divulge the root password of the server machine to The Rembo Wizard's end users. It is preferable to create a non-login, public user for the authentication purposes only. Using the operating system's system administration tool (linuxconf, YaST, ...) or just by editing /etc/passwd and /etc/group, do the following:
The authentication for the installation could be as follows in the rembo.conf of the Rembo Server:
AuthLocalDomain remboauth {
UserGroup "comp"
}
...
GROUP test {
Options unicast
AuthDomain "remboauth"
# triumph
Host 00:02:b3:1a:5f:16 {
StartPage "net://global/rembowiz.shtml"
}
...
If the server's operating system supports PAM-authentication and Rembo Toolkit's version is 1.1.017 or superior, you can create a file /etc/pam.d/rembo with following, example contents for RedHat 7.1 server (you can use LDAP, or other suitable service for your organization):
#%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-authFollowing example is for the Solaris 8 PAM authentication file /etc/pam.conf:
# Rembo Client Authentication Requests rembo auth required /usr/lib/security/$ISA/pam_unix.so.1 rembo account required /usr/lib/security/$ISA/pam_unix.so.1
For example, Rembo Toolkit [release] = 1.1 [version] = 008. Distribution is downloaded from the Rembo's web shop and placed in the shared NFS-directory /csadmin/common/install/rembo/dist/ in the following example.
cd /opt tar xvzf /csadmin/common/install/rembo/dist/rembo-[release].[version]_linux.tgz - or - tar xvf /csadmin/common/install/rembo/dist/rembo-[release].[version]_solaris.tar mv rembo-[release] rembo-[release].[version] rm -f rembo ln -s rembo-[release].[version] rembo cd rembo mv rembo.conf rembo.conf_dist
- create /opt/rembo/files to point to a free disk space big enough (+10GB) (if on NFS, use option nolock), for example, on a mounting point /rembo
- make the rembo file system mounting point writable to the administration group comp
chmod 775 /rembo chown [you] /rembo chgrp comp /rembo
cd /rembo mkdir files ln -s /rembo/files /opt/rembo/files
- still on the (example /rembo) file system, with the installation group name comp, create configuration file (the example rembo.conf is in the Appendices).
cd /rembo cp /csadmin/common/install/rembo/conf_examples/rembo.conf . mkdir RCS chmod 775 RCS chown [you] RCS chgrp comp RCS ci -u rembo.conf ln -s /rembo/rembo.conf /opt/rembo/rembo.conf
- install the license key that you have obtained from the Rembo Shop (on example, the key is stored in the shared NFS-directory /csadmin/common/install/rembo/dist/ and installed on the /rembo file system)
cd /rembo cp /csadmin/common/install/rembo/dist/rembo.key_[release] . ln -s /rembo/rembo.key_[release] /opt/rembo/rembo.key
- start The Rembo Server on a new file system
/opt/rembo/rembo -d -v 3
- .... WAIT until crypto key is generated ... and leave in foreground.
- log in as root on an other window and install Rembo plugin distribution on Rembo file system
cd /opt/rembo vi srvfiles.nc (replace (pass)word "install" by "rembo") ./misc/netclnt srvfiles.nc
- stop now the foreground running rembo server with CTRL-C
- Take the rembo startup script from the initd.[os-specific] directory, and install it on /etc/init.d, for example (the rembo.sh referred below is in the Appendices),
cp /csadmin/common/install/rembo/initd.rh71/rembo.sh /etc/init.d/rembo.sh - or - cp /csadmin/common/install/rembo/initd.solaris8/rembo.sh /etc/init.d/rembo.sh
- Compile on the target system a program that allows any user to call the above rembo.sh with supervisor's privileges. For example (the rembo.c referred below is in the Appendices),
cd /tmp cc -o rembo /csadmin/common/install/rembo/initd/rembo.c mv rembo /etc/init.d/rembo chmod +s /etc/init.d/rembo
- Make sure that there is a symbolic link from the rembo's default installation directory to the actual, /opt based installation:
ln -s /opt/rembo /usr/local/rembo
- It may occur that TiNA (Time Navigator, a product of Atempo) is used as backup daemon later to backup Rembo file system. Check now that TiNA (or other non-root user) can stop/start Rembo. If OK, leave The Rembo Server running on background.
su - tina /etc/init.d/rembo start /etc/init.d/rembo stop /etc/init.d/rembo start exit
- Make the required links on the System V init.d directories so that Rembo
will start automatically on the server, for example, again as root (example for
RedHat Linux 7.1 and for Solaris8)
- Note: For the startup, you will call the actual script /etc/init.d/rembo.sh
and not the root privilege interface program /etc/init.d/rembo
cd /etc/rc.d/rc3.d - or Solaris:- cd /etc/rc3.d ln -s ../init.d/rembo.sh S65rembo ln -s ../init.d/rembo.sh K65rembo - RedHat Linux only: - cd /etc/rc.d/rc5.d ln -s ../init.d/rembo.sh S65rembo ln -s ../init.d/rembo.sh K65rembo
# ESRF Rembo NBP config file
# Modified: $Date: 2002/03/05 15:04:23 $
# BaseDir <string>
# Specifies the home dir for the server. All paths can then be
# specified as relative to this base directory
# e.g. Basedir "c:/bootrom/rembo"
BaseDir "/opt/rembo"
# NetPassword <string>
# This password will protect your server against illegal access
# to the server's files through netclnt
# This option is mandatory
NetPassword "rembo"
# Interfaces <ip-addresses>
# Specify the server IP addresses on which you want Rembo to
# receive and send packets
# When not specified, Rembo uses the IP address bound to the host name
#Interfaces 192.168.1.1
# ESRF DCHP servers will provide the initial PXE answer
DisableDHCPProxy
BootNoMulticastDiscovery
# ESRF: We allow the UDP and MCAST datagrams to cross just one router
# Note that other, client side limitations may have been programmed
# to the initial StartPage file.
FileMCASTTTL 2
MTFTPMCastTTL 2
AuthLocalDomain remboauth {
UserGroup "comp"
}
# Collect all non-defined hosts here
GROUP Default {
Options unicast
AuthDomain "remboauth"
StartPage "net://global/rembowiz_nodefs.shtml"
}
#
# end of rembo.conf
#!/bin/sh
#
# Sample init script for starting REMBO automatically on boot-up
#
# For RedHat Linux 7.x
#
# This is the path where REMBO is installed
#
REMBODIR=/usr/local/rembo
cmdline="${REMBODIR}/rembo -v 3 -c ${REMBODIR}/rembo.conf"
# Source function library.
. /etc/rc.d/init.d/functions
check_that_running() { # verify that the named process(es) running, else error
pid=`/bin/ps -ef |
/bin/grep $1 | /bin/grep -v $0 | /bin/grep -v $$ |
/bin/grep -v "rembo start" |
/bin/grep -v "rembo stop" |
/bin/grep -v "rembo restart" |
/bin/grep -v "rembo reload" |
/bin/grep -v "rembo.sh start" |
/bin/grep -v "rembo.sh stop" |
/bin/grep -v "rembo.sh restart" |
/bin/grep -v "rembo.sh reload" |
/bin/grep -v "tina_" |
/bin/grep -v "emacs " |
/bin/grep -v "vi " |
/bin/grep -v "view " |
/bin/grep -v grep | /bin/awk '{print \$2 }' `
echo " check_that_running():"
if [ "$pid" = "" ]
then
echo " - no process(es) named $1 running"
echo -n " - error exit from script"
echo_failure
echo ""
exit 1
else
echo " - named process(es) $1 are running ($pid)"
fi
}
check_that_not_running() { # verify that the named process(es) not there
pid=`/bin/ps -ef |
/bin/grep $1 | /bin/grep -v $0 | /bin/grep -v $$ |
/bin/grep -v "rembo start" |
/bin/grep -v "rembo stop" |
/bin/grep -v "rembo restart" |
/bin/grep -v "rembo reload" |
/bin/grep -v "rembo.sh start" |
/bin/grep -v "rembo.sh stop" |
/bin/grep -v "rembo.sh restart" |
/bin/grep -v "rembo.sh reload" |
/bin/grep -v "tina_" |
/bin/grep -v "emacs " |
/bin/grep -v "vi " |
/bin/grep -v "view " |
/bin/grep -v grep | /bin/awk '{print \$2 }' `
echo " check_that_not_running():"
if [ "$pid" != "" ]
then
echo " - named process(es) $1 still running ($pid)"
echo -n " - error exit from script"
echo_failure
echo ""
exit 1
else
echo " - no process(es) named $1 running"
fi
}
killmasterprocess() { # finds out the process forked by daemon(), kills it
pid=`/bin/ps -ef | /bin/grep $1 | /bin/grep -v $0 | /bin/grep -v $$ |
/bin/grep -v "rembo start" |
/bin/grep -v "rembo stop" |
/bin/grep -v "rembo restart" |
/bin/grep -v "rembo reload" |
/bin/grep -v "rembo.sh start" |
/bin/grep -v "rembo.sh stop" |
/bin/grep -v "rembo.sh restart" |
/bin/grep -v "rembo.sh reload" |
/bin/grep -v "tina_" |
/bin/grep -v "emacs " |
/bin/grep -v "vi " |
/bin/grep -v "view " |
/bin/grep -v grep | awk '{printf ("parent%s %s\n",\$3,\$2);}' |
grep "parent1 " | awk '{print \$2}' `
echo " killmasterprocess():"
if [ "$pid" = "" ]
then
echo " - could not find process(es) named $1 forked by (1)"
else
echo " - kill(1):signal($2),process($pid),named($1),forked by (1)"
kill $2 $pid
fi
}
echo "/etc/init.d/rembo:"
case "$1" in
'start')
check_that_not_running rembo
echo " - Starting rembo with commandline"
echo -n " $cmdline"
daemon $cmdline > /dev/null 2>&1
sleep 2
echo ""
check_that_running rembo
;;
'stop')
killmasterprocess rembo -TERM
sleep 2
check_that_not_running rembo
;;
'reload')
check_that_running rembo
killmasterprocess rembo -HUP
sleep 2
check_that_running rembo
;;
'restart')
killmasterprocess rembo -TERM
sleep 2
check_that_not_running rembo
echo " - Starting rembo with commandline"
echo -n " $cmdline"
daemon $cmdline > /dev/null 2>&1
sleep 2
echo ""
check_that_running rembo
;;
*)
echo -n " usage: rembo {start|stop|restart|reload}"
echo_failure
echo ""
exit 1
;;
esac
echo -n " exiting - no errors"
echo_success
echo ""
exit 0
/* This is a wrapper program to execute rembo.sh script */
#include <sys/wait.h>
int main(int narg,
char *argv[])
{
char command[128];
char buff[80];
int i,rc;
strcpy(command,"/etc/init.d/rembo.sh ");
strcat(command,argv[1]);
/* get stdin and stdout, stderr OK */
setuid(0);
rc=system(command);
if ( WIFEXITED(rc) != 0 ) {
return(WEXITSTATUS(rc));
}
else {
return(0);
}
}
18 Nov 2002