Client Configuration

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search

Follow these step-by-step instructions to configure a new client system on the NPG network. NPG servers generally run Red Hat Enterprise Linux 5 (or CentOS 5), and workstation run CentOS 6. These setup instructions are written based on the CentOS installer, but the RHEL install process isn't much different so these directions should work for setting up RHEL systems as well.

Pre-Install Preparation

Here are some things you should know before you start installing Linux on a system.

Choose a Partition Layout

For most general purpose workstations it's safe to accept the default partition layout from the installer (in most cases this makes a 100 MB /boot partition and a second partition that contains an LVM with separate volumes for / and swap). For special cases (especially servers) you'll probably have to spend some time thinking about how the system will be used to determine the best partitioning layout. Look here for a fairly comprehensive introduction to the Linux filesystem. Generally it's a good idea to put /boot on a separate partition, which only needs to be about 100 MB.


Before you set up a machine it's a good idea to collect the IP addresses and other configuration information you'll need to have on hand before you start the OS install. As a general rule NPG machines should have a static IP address and hostname reserved for them by UNH. If this is a brand new machine and there aren't any spare hostnames lying around you'll have to register a new one before you start. Make sure to add any new hostnames to the DNS (for farm addresses) and LDAP netgroup configurations in order for them to be able to access necessary network services (the firewall is configured to block connections to things like LDAP and NFS from machines it doesn't know about).

If you're using an existing NPG hostname, run this command on an NPG system to find its IP address:

nslookup <hostname> 

Network Configuration Details You Should Know


  • Netmask:
  • Default Gateway:
  • Primary DNS:
  • Secondary DNS:


  • Netmask:
  • Primary DNS:
  • Secondary DNS:

Note: Farm Connections do not use a default gateway.


If the machine you're configuring is located in the server room and only has a connection to the Farm switch you can configure a vlan interface to connect to the outside world. You won't be able to set it up during the install process, which means that you shouldn't try to use a netinstall disk to install the system. Once you've installed the OS here's how you configure the VLAN:

  • Make sure the interface connected to the switch is configured and running.
  • Run this command:
vconfig add <interface-name> <vlan-id> 

where <interface-name> is the name of the network device (e.g. eth0) and the vlan-id is the ID number you want to use. For example the following command:

vconfig add eth0 2

would create a vlan inteface called eth0.2 which can now be configured as if it were a normal interface connected to the UNH network.

Downloading Install Disks

The Research Computing Center in Morse Hall hosts repository mirrors for CentOS and Fedora, so if you're looking to Download a DVD or CD iso to install one of these operating systems it's probably fastest to download from there. The URL is

Here are some quick links for various ISO images you might want to use:

CentOS 5 (for servers)

64 Bit

32 Bit

CentOS 6 (for workstations)

64 Bit

32 Bit

Installing CentOS

This guide assumes you're using the CentOS 5 DVD install image. See here for notes on using the netinstall disk.

  1. Download a CentOS CD or DVD image and burn it to a disk.
  2. Boot from the disk. You may need to change the system's boot device settings in the BIOS to get this to work. Often pressing F12 during startup will bring up a menu of devices you can choose from.
  3. Select the language and keyboard layout. Unless you have a really good reason not to, just pick U.S. English.
  4. Partition the hard drive. If you followed my advice and planned your partition layout ahead of time you already know what you need to do. In any case make sure you're at least 99.98% certain that you've got everything configured the way it should be before you apply your partitioning layout (both because in certain cases you could accidentally erase some data you shouldn't, and that it'snot possible to reconfigure partitioning after the fact).
  5. At this point if you opted to review your layout you may be asked to configure your bootloader preferences. It's generally safe to accept defaults here.
  6. Configure the Network (see above for details).
    • Set a static IPv4 address/netmask and disable IPv6 for each interface.
    • Set the hostname for the system manually
    • Set the Gateway and DNS configuration
  7. Set the region / Time Zone to America/New_York (though this is probably the default).
  8. Set the root password using the standard admin password scheme
  9. At the package configuration screen select whichever package set you think you will need and then choose Customize later and move to the next step.
  10. At this point the system is going to format the disk(s) and copy the OS onto the system. It will probably take a little while. This is a good time to go grab a snack and a cup of coffee. Once this finishes you'll be prompted to reboot the system. Make sure to take the install CD out to ensure the system boots from the new CentOS install. Once the system reboots you need to make some configuration changes.
  11. If this system will be a server just choose the default firewall configuration (you'll reconfigure it later anyway). If it will be a workstation just make sure the firewall is enabled and access is restricted for all but the SSH service.
  12. Set SELinux to Disabled
  13. Enable Network Time Protocol
  14. Create User
    • First, create a local user for the system to use in case LDAP is unavailable. I usually just set the username to "admin", and the password to the standard administrator password.
    • Click Use Network Login to configure LDAP authentication
    • Under the User Information tab check Enable LDAP Support and then click Configure LDAP
    • Set the LDAP Server to ldap:// (if you're setting up a machine with a connection to the farm network use ldap://
    • Check Use TLS to encrypt connections and then click Download CA Certificate
    • Under the Authentication tab check Enable LDAP Support
    • Set the Base DN to dc=physics,dc=unh,dc=edu
  15. At this point your install should be finished. Reboot and continue on to Post-Install Configuration

Post-Install Configuration

These are the configuration steps you need to take after a successful OS install. This includes configuring the automount service, denyhosts, the npg iptables firewall, making sure LDAP logins work. Most if not all commands indicated below should be performed with administrator privileges.

  1. Make sure SSH starts on boot:
    chkconfig sshd on
  2. If for some reason you did not configure LDAP login settings during the OS install you can use the "system-config-authentication" utility complete those steps. This tool is also in the GUI menus at System->Administration->Authentication.
  3. Configure the automounter
    • Copy the automount configuration from another NPG system using the following command:
      scp <user>@<npg-hostname>:/etc/auto.* /etc/
    • restart the autofs service:
      service autofs restart
    • make sure autofs runs at boot time:
      chkconfig autofs on
  4. Configure the firewall. If this system is a workstation and not a server you can skip this step and make sure that the default firewall is configured only to allow access to SSH and no other services.
    • Install the package perl-LDAP via yum. This is needed for the firewall to function.
    • Copy the following files from another NPG system (put them in the same locations, of course):
    • Edit iptables-npg to make sure that the farm and unh interface rule refer to the correct network devices for this system, and that that input rules for this system are configured appropriately for the services it is running.
    • Restart iptables:
      service iptables restart
    • Start iptables-netgroups:
      service iptables-netgroups start
    • Make sure iptables and iptables-netgroups start at boot time:
      chkconfig iptables on
      chkconfig iptables-netgroups on
  5. Install Denyhosts.
    • The denyhosts RPM is available from the EPEL package repository. Use the following instructions to make this package available to yum.
      1. Download the EPEL repository install RPM:
        RHEL 5
        RHEL 6
      2. Install the rpm:
        rpm -ivh epel-release-<version>.noarch.rpm
    • Install Denyhosts via yum:
      yum install denyhosts
    • Edit /etc/denyhosts.conf and change the option BLOCK_SERVICE=sshd to BLOCK_SERVICE=ALL
    • Start denyhosts:
      service denyhosts start
    • Make sure denyhosts starts at boot:
      chkconfig denyhosts on