Wiki source for DepricatedWorkStationNotes
======Workstation Notes======
>>{{{toc levels="h2,h3,h4"}}}>>
Find Windows workstation notes at WindowsWorkstationNotes
====Images====
Image Version found in /etc/version-votesmart for images created after 08/11/15
===Current Bugs===
Chrome DNS resolution issue
~- current workstations have secondary nameserver in /etc/resolv.conf as 8.8.8.8
~- chrome sparatically fails over to secondary DNS and internal pages (wiki, mantis, admin) fail as they are resolving to 216.14.255.* and page is unable to display
~- removing external DNS, forcing sites in /etc/hosts, or directly entering IP resolves problems.
Chrome high CPU usage and general slowness
~- Version 44.0.2403.157 (64-bit)
~~- Version 45.0.2454 has better CPU utilization is and faster load times on pages with no flash
~- Appears to be flash related
~- Advanced settings - System - Uncheck Continue running background apps when Google Chrome is closed.
~- Advanced settings - System - Uncheck Use hardware acceleration when available
~- about:plugins
~~- disable PDF viewer, remote desktop and widevine
Look for adblockplus and flashcontrol for chrome
~- https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=en-US
~~- options - whitelist - votesmart.org
~- https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe?hl=en-US
~~- options - whitelist - *votesmart.org
===Version 11.6 (10/23/15)===
Added HP4350 available printers
Modified HP Office location to Front Office
'dnf -y update'
'dnf update' which includes Xorg update
dnf remove xorg-x11-drv-intel intel-gpu-tools
dnf install xorg-x11-drv-intel intel-gpu-tools
===Version 11.5 (09/25/15)===
~- Modified /etc/sysctl.conf
%%
echo vm.min_free_kbytes=1024 >> /etc/sysctl.conf
echo vm.swappiness=10 >> /etc/sysctl.conf
echo "vm.nr_hugepages=512" >> /etc/sysctl.conf
%%
~- added poprocks to /etc/hosts
~- added the following to /etc/security/limits.conf
%%
* - memlock 1048576
%%
===Version 11.4 (09/18/15)===
~- Installed Konqueror and set as default file manager
~- Removed Sharp Printer
~- Renamed HL6180DW to Brother HL6180DW
~- Installed HP OfficeJetx476dn
~- Installed Kyocera FS3920
~- Install HP 4250dn
~- System cleanup and update
~- Cups updated to 2.03. Had to re-enable with 'systemctl enable cups.service'
~- Updated /root/skel directory to replace pcmanfm with knoqueror
===Version 11.3 (09/10/15)===
Removed Chrome 44 x64
Installed Chrome 45 x64
Install Shutter screen capturing tool
Added keybind for locking screen
~- create the following on poprocks:/root/skel
~- modify ~/.config/openbox/lxde-rc.xml
~- add the following between <keyboard> </keyboard>
%%
<keybind key="C-A-L">
<action name="Execute">
<command>xscreensaver-command -lock</command>
</action>
</keybind>
%%
===Version 11.2 (09/01/15)===
Added /root/scripts/installipa.sh for ease of imaging
===Version 11.1 (09/01/15)===
VoteEasy not working on Firefox
%%## Adobe Repository 64-bit x86_64 ##
rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux%%
===Version 11 (08/31/15)===
%%# Fedora 22 #
dnf install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl%%
===Version 10.1 (08/28/15)===
Remove evolution: yum remove *evolution*
Remove clipit: yum remove clipit
Upgrade to FC22: fedup --network 22
===Version 10 (08/26/15)===
Removed xfce desktop and installed lxde
Modified /boot/grub2/grub.cfc and removed load_video
New packages: gthumb, thunderbird, evolution, inkscape, lynx, fedup, opera
Installed repository for opera
===Version 9 (08/11/15)===
Fixed Brother-HL-6180DWT printer settings
Disabling IPv6 by configuring /etc/sysctl.conf and using /etc/rc.d/rc.local to run sysctl -p
====Image Issues and Tweaks====
~- FreeIPA password change/temp password
~~- Unable to change password from Login screen, requires command line password change
~- Kristen specific
~~- Investigate Thunderbird email migration
~~- Investigate Evolution contacts issue with gmail *too many issues with evolution, removing from image*
~~~- Known bug in Evolution, currently only work around is installing gnome control center
~~~- Before launching Evolution install 'control-center'
~~~- run '/bin/gnome-control-center' as user and add online account for google
~~~- Ensure gmail setup to allow IMAP
~~~- setup Evolution using IMAP and do NOT check calendar and contacts
~~- Investigate Evolution calendar and tasks with gmail
====Opera Repository====
cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/home:ruario:opera/Fedora_21/home:ruario:opera.repo
yum install opera-stable
====Disable IPV6====
Client startup script required to disable ipv6.
/etc/rc.d/rc.local runs sysctl -p.
This call in turn disables ipv6 on interfaces, but does not disable the ipv6 stack needed by FreeIPA.
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens32.disable_ipv6 =1
====Troubleshooting ipa====
===Symptom: Login fails with "incorrect password" or screen briefly goes black then returns to login prompt===
~- 99% of the time this is caused by the clock on the workstation being out of sync with the server. They must be within a minute of each other.
~- Check that ##ntpd## is running and that the system date/time is correct. **CMOS time must be correct!** If it's not, change the battery and/or reset CMOS clock to GMT.
~- Check that the IP address assigned (##ip a##) matches the dns record (##dig ws<xx>.votesmart.org##). These must match. If they do not, and the clocks are in sync, check ##/etc/sssd/sssd.conf## and make sure ##dyndns_update = True## is set. Restart sssd (##systemctl stop sssd; systemctl start sssd##, sometimes ##systemctl daemon-reload## first). Check again.
~- If still no luck, the nuclear option will usually clear things up:
%%
chattr -i /etc/ntp.conf
ipa-client-automount --uninstall
ipa-client-install --uninstall
ipa-client-install --enable-dns-updates --force-ntpd --hostname=ws#.votesmart.org --force-join
ipa-client-automount
chattr +i /etc/ntp.conf
%%
====Troubleshooting automount====
===Symptom: User password is accepted, but the login screen reappears after a moment===
~- Make sure you can mount /home/<user> manually
~- If you see this error in the server ##krb5kdc.log##: ##Decrypt integrity check failed## then run the ##regenerateCert.sh## script on the IPA server, then restart IPA: ##service ipa restart##
~- Try restarting the autofs daemon on the trouble client: ##service autofs restart##
~- Check [[http://www.freeipa.org/docs/2.0.0/Administration_Guide/en-US/html/#chap-Administration_Guide-Configuring_Automount|these configuration settings]] (ignore the schema stuff, you'll create LDAP entries below)
~- Be sure the client is forcing NFS3 for automounts (otherwise all users will get squashed to uid 0 on the server side, and the mounts won't be accessible):
~~- In ##/etc/sysconfig/autofs##, change/set MOUNT_NFS_DEFAULT_PROTOCOL=3
~~- In ##/etc/nfsmount.conf##, set Nfsvers=3 and Defaultnfsves=3
~~- Restart autofs: ##systemctl restart autofs##
====Workstation Settings for successful freeipa install====
~- check that nfs4 is disabled, two files are involved
~- add new hostnames
~- have to add new nfs keys for new hostnames
----
CategoryIT
>>{{{toc levels="h2,h3,h4"}}}>>
Find Windows workstation notes at WindowsWorkstationNotes
====Images====
Image Version found in /etc/version-votesmart for images created after 08/11/15
===Current Bugs===
Chrome DNS resolution issue
~- current workstations have secondary nameserver in /etc/resolv.conf as 8.8.8.8
~- chrome sparatically fails over to secondary DNS and internal pages (wiki, mantis, admin) fail as they are resolving to 216.14.255.* and page is unable to display
~- removing external DNS, forcing sites in /etc/hosts, or directly entering IP resolves problems.
Chrome high CPU usage and general slowness
~- Version 44.0.2403.157 (64-bit)
~~- Version 45.0.2454 has better CPU utilization is and faster load times on pages with no flash
~- Appears to be flash related
~- Advanced settings - System - Uncheck Continue running background apps when Google Chrome is closed.
~- Advanced settings - System - Uncheck Use hardware acceleration when available
~- about:plugins
~~- disable PDF viewer, remote desktop and widevine
Look for adblockplus and flashcontrol for chrome
~- https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=en-US
~~- options - whitelist - votesmart.org
~- https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe?hl=en-US
~~- options - whitelist - *votesmart.org
===Version 11.6 (10/23/15)===
Added HP4350 available printers
Modified HP Office location to Front Office
'dnf -y update'
'dnf update' which includes Xorg update
dnf remove xorg-x11-drv-intel intel-gpu-tools
dnf install xorg-x11-drv-intel intel-gpu-tools
===Version 11.5 (09/25/15)===
~- Modified /etc/sysctl.conf
%%
echo vm.min_free_kbytes=1024 >> /etc/sysctl.conf
echo vm.swappiness=10 >> /etc/sysctl.conf
echo "vm.nr_hugepages=512" >> /etc/sysctl.conf
%%
~- added poprocks to /etc/hosts
~- added the following to /etc/security/limits.conf
%%
* - memlock 1048576
%%
===Version 11.4 (09/18/15)===
~- Installed Konqueror and set as default file manager
~- Removed Sharp Printer
~- Renamed HL6180DW to Brother HL6180DW
~- Installed HP OfficeJetx476dn
~- Installed Kyocera FS3920
~- Install HP 4250dn
~- System cleanup and update
~- Cups updated to 2.03. Had to re-enable with 'systemctl enable cups.service'
~- Updated /root/skel directory to replace pcmanfm with knoqueror
===Version 11.3 (09/10/15)===
Removed Chrome 44 x64
Installed Chrome 45 x64
Install Shutter screen capturing tool
Added keybind for locking screen
~- create the following on poprocks:/root/skel
~- modify ~/.config/openbox/lxde-rc.xml
~- add the following between <keyboard> </keyboard>
%%
<keybind key="C-A-L">
<action name="Execute">
<command>xscreensaver-command -lock</command>
</action>
</keybind>
%%
===Version 11.2 (09/01/15)===
Added /root/scripts/installipa.sh for ease of imaging
===Version 11.1 (09/01/15)===
VoteEasy not working on Firefox
%%## Adobe Repository 64-bit x86_64 ##
rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux%%
===Version 11 (08/31/15)===
%%# Fedora 22 #
dnf install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl%%
===Version 10.1 (08/28/15)===
Remove evolution: yum remove *evolution*
Remove clipit: yum remove clipit
Upgrade to FC22: fedup --network 22
===Version 10 (08/26/15)===
Removed xfce desktop and installed lxde
Modified /boot/grub2/grub.cfc and removed load_video
New packages: gthumb, thunderbird, evolution, inkscape, lynx, fedup, opera
Installed repository for opera
===Version 9 (08/11/15)===
Fixed Brother-HL-6180DWT printer settings
Disabling IPv6 by configuring /etc/sysctl.conf and using /etc/rc.d/rc.local to run sysctl -p
====Image Issues and Tweaks====
~- FreeIPA password change/temp password
~~- Unable to change password from Login screen, requires command line password change
~- Kristen specific
~~- Investigate Thunderbird email migration
~~- Investigate Evolution contacts issue with gmail *too many issues with evolution, removing from image*
~~~- Known bug in Evolution, currently only work around is installing gnome control center
~~~- Before launching Evolution install 'control-center'
~~~- run '/bin/gnome-control-center' as user and add online account for google
~~~- Ensure gmail setup to allow IMAP
~~~- setup Evolution using IMAP and do NOT check calendar and contacts
~~- Investigate Evolution calendar and tasks with gmail
====Opera Repository====
cd /etc/yum.repos.d/
wget http://download.opensuse.org/repositories/home:ruario:opera/Fedora_21/home:ruario:opera.repo
yum install opera-stable
====Disable IPV6====
Client startup script required to disable ipv6.
/etc/rc.d/rc.local runs sysctl -p.
This call in turn disables ipv6 on interfaces, but does not disable the ipv6 stack needed by FreeIPA.
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens32.disable_ipv6 =1
====Troubleshooting ipa====
===Symptom: Login fails with "incorrect password" or screen briefly goes black then returns to login prompt===
~- 99% of the time this is caused by the clock on the workstation being out of sync with the server. They must be within a minute of each other.
~- Check that ##ntpd## is running and that the system date/time is correct. **CMOS time must be correct!** If it's not, change the battery and/or reset CMOS clock to GMT.
~- Check that the IP address assigned (##ip a##) matches the dns record (##dig ws<xx>.votesmart.org##). These must match. If they do not, and the clocks are in sync, check ##/etc/sssd/sssd.conf## and make sure ##dyndns_update = True## is set. Restart sssd (##systemctl stop sssd; systemctl start sssd##, sometimes ##systemctl daemon-reload## first). Check again.
~- If still no luck, the nuclear option will usually clear things up:
%%
chattr -i /etc/ntp.conf
ipa-client-automount --uninstall
ipa-client-install --uninstall
ipa-client-install --enable-dns-updates --force-ntpd --hostname=ws#.votesmart.org --force-join
ipa-client-automount
chattr +i /etc/ntp.conf
%%
====Troubleshooting automount====
===Symptom: User password is accepted, but the login screen reappears after a moment===
~- Make sure you can mount /home/<user> manually
~- If you see this error in the server ##krb5kdc.log##: ##Decrypt integrity check failed## then run the ##regenerateCert.sh## script on the IPA server, then restart IPA: ##service ipa restart##
~- Try restarting the autofs daemon on the trouble client: ##service autofs restart##
~- Check [[http://www.freeipa.org/docs/2.0.0/Administration_Guide/en-US/html/#chap-Administration_Guide-Configuring_Automount|these configuration settings]] (ignore the schema stuff, you'll create LDAP entries below)
~- Be sure the client is forcing NFS3 for automounts (otherwise all users will get squashed to uid 0 on the server side, and the mounts won't be accessible):
~~- In ##/etc/sysconfig/autofs##, change/set MOUNT_NFS_DEFAULT_PROTOCOL=3
~~- In ##/etc/nfsmount.conf##, set Nfsvers=3 and Defaultnfsves=3
~~- Restart autofs: ##systemctl restart autofs##
====Workstation Settings for successful freeipa install====
~- check that nfs4 is disabled, two files are involved
~- add new hostnames
~- have to add new nfs keys for new hostnames
----
CategoryIT
