Workstation Notes
Table of Contents
- Images
- Current Bugs
- Version 11.6 (10/23/15)
- Version 11.5 (09/25/15)
- Version 11.4 (09/18/15)
- Version 11.3 (09/10/15)
- Version 11.2 (09/01/15)
- Version 11.1 (09/01/15)
- Version 11 (08/31/15)
- Version 10.1 (08/28/15)
- Version 10 (08/26/15)
- Version 9 (08/11/15)
- Image Issues and Tweaks
- Opera Repository
- Disable IPV6
- Troubleshooting ipa
- Troubleshooting automount
- Workstation Settings for successful freeipa install
Find Windows workstation notes at WindowsWorkstationNotes
Images
Image Version found in /etc/version-votesmart for images created after 08/11/15Current Bugs
Chrome DNS resolution issue- current workstations have secondary nameserver in /etc/resolv.conf as 8.8.8.8
- chrome sparatically fails over to secondary DNS and internal pages (wiki, mantis, admin) fail as they are resolving to 216.14.255.* and page is unable to display
- removing external DNS, forcing sites in /etc/hosts, or directly entering IP resolves problems.
- Version 44.0.2403.157 (64-bit)
- Version 45.0.2454 has better CPU utilization is and faster load times on pages with no flash
- Appears to be flash related
- Advanced settings - System - Uncheck Continue running background apps when Google Chrome is closed.
- Advanced settings - System - Uncheck Use hardware acceleration when available
- about:plugins
- disable PDF viewer, remote desktop and widevine
- https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=en-US
- options - whitelist - votesmart.org
- https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe?hl=en-US
- options - whitelist - *votesmart.org
Version 11.6 (10/23/15)
Added HP4350 available printersModified HP Office location to Front Office
'dnf -y update'
'dnf update' which includes Xorg update
dnf remove xorg-x11-drv-intel intel-gpu-tools
dnf install xorg-x11-drv-intel intel-gpu-tools
Version 11.5 (09/25/15)
- Modified /etc/sysctl.conf
echo vm.min_free_kbytes=1024 >> /etc/sysctl.conf echo vm.swappiness=10 >> /etc/sysctl.conf echo "vm.nr_hugepages=512" >> /etc/sysctl.conf
- added poprocks to /etc/hosts
- added the following to /etc/security/limits.conf
* - memlock 1048576
Version 11.4 (09/18/15)
- Installed Konqueror and set as default file manager
- Removed Sharp Printer
- Renamed HL6180DW to Brother HL6180DW
- Installed HP OfficeJetx476dn
- Installed Kyocera FS3920
- Install HP 4250dn
- System cleanup and update
- Cups updated to 2.03. Had to re-enable with 'systemctl enable cups.service'
- Updated /root/skel directory to replace pcmanfm with knoqueror
Version 11.3 (09/10/15)
Removed Chrome 44 x64Installed Chrome 45 x64
Install Shutter screen capturing tool
Added keybind for locking screen
- create the following on poprocks:/root/skel
- modify ~/.config/openbox/lxde-rc.xml
- add the following between <keyboard> </keyboard>
<keybind key="C-A-L"> <action name="Execute"> <command>xscreensaver-command -lock</command> </action> </keybind>
Version 11.2 (09/01/15)
Added /root/scripts/installipa.sh for ease of imagingVersion 11.1 (09/01/15)
VoteEasy not working on Firefox## Adobe Repository 64-bit x86_64 ## rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
Version 11 (08/31/15)
# Fedora 22 # dnf install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl
Version 10.1 (08/28/15)
Remove evolution: yum remove *evolution*Remove clipit: yum remove clipit
Upgrade to FC22: fedup --network 22
Version 10 (08/26/15)
Removed xfce desktop and installed lxdeModified /boot/grub2/grub.cfc and removed load_video
New packages: gthumb, thunderbird, evolution, inkscape, lynx, fedup, opera
Installed repository for opera
Version 9 (08/11/15)
Fixed Brother-HL-6180DWT printer settingsDisabling IPv6 by configuring /etc/sysctl.conf and using /etc/rc.d/rc.local to run sysctl -p
Image Issues and Tweaks
- FreeIPA password change/temp password
- Unable to change password from Login screen, requires command line password change
- Kristen specific
- Investigate Thunderbird email migration
- Investigate Evolution contacts issue with gmail *too many issues with evolution, removing from image*
- Known bug in Evolution, currently only work around is installing gnome control center
- Before launching Evolution install 'control-center'
- run '/bin/gnome-control-center' as user and add online account for google
- Ensure gmail setup to allow IMAP
- setup Evolution using IMAP and do NOT check calendar and contacts
- Investigate Evolution calendar and tasks with gmail
Opera Repository
cd /etc/yum.repos.d/wget http://download.opensuse.org/repositories/home:ruario:opera/Fedora_21/home:ruario:opera.repo
yum install opera-stable
Disable IPV6
Client startup script required to disable ipv6./etc/rc.d/rc.local runs sysctl -p.
This call in turn disables ipv6 on interfaces, but does not disable the ipv6 stack needed by FreeIPA.
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.ens32.disable_ipv6 =1
Troubleshooting ipa
Symptom: Login fails with "incorrect password" or screen briefly goes black then returns to login prompt
- 99% of the time this is caused by the clock on the workstation being out of sync with the server. They must be within a minute of each other.
- Check that ntpd is running and that the system date/time is correct. CMOS time must be correct! If it's not, change the battery and/or reset CMOS clock to GMT.
- Check that the IP address assigned (ip a) matches the dns record (dig ws<xx>.votesmart.org). These must match. If they do not, and the clocks are in sync, check /etc/sssd/sssd.conf and make sure dyndns_update = True is set. Restart sssd (systemctl stop sssd; systemctl start sssd, sometimes systemctl daemon-reload first). Check again.
- If still no luck, the nuclear option will usually clear things up:
chattr -i /etc/ntp.conf ipa-client-automount --uninstall ipa-client-install --uninstall ipa-client-install --enable-dns-updates --force-ntpd --hostname=ws#.votesmart.org --force-join ipa-client-automount chattr +i /etc/ntp.conf
Troubleshooting automount
Symptom: User password is accepted, but the login screen reappears after a moment
- Make sure you can mount /home/<user> manually
- If you see this error in the server krb5kdc.log: Decrypt integrity check failed then run the regenerateCert.sh script on the IPA server, then restart IPA: service ipa restart
- Try restarting the autofs daemon on the trouble client: service autofs restart
- Check these configuration settings (ignore the schema stuff, you'll create LDAP entries below)
- Be sure the client is forcing NFS3 for automounts (otherwise all users will get squashed to uid 0 on the server side, and the mounts won't be accessible):
- In /etc/sysconfig/autofs, change/set MOUNT_NFS_DEFAULT_PROTOCOL=3
- In /etc/nfsmount.conf, set Nfsvers=3 and Defaultnfsves=3
- Restart autofs: systemctl restart autofs
Workstation Settings for successful freeipa install
- check that nfs4 is disabled, two files are involved
- add new hostnames
- have to add new nfs keys for new hostnames
CategoryIT
