Install likewise-open on Ubuntu

apt-get install likewise-open
User that can join AD should be an EID. The –ou option can also be used to place this in a Organizational Unit.
domainjoin-cli join domain.com UserThatCanJoinAD
domainjoin-cli join –ou path/organizationalUnitName domainName joinAccount

To remove the computer from the domain run:
domainjoin-cli leave

Edit sudoers to allow users to become elevated users.
root@alb-netmon1:~# visudo # /etc/sudoers
# # This file MUST be edited with the ‘visudo’ command as root.
# # See the man page for details on how to write a sudoers file.
# Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification root ALL=(ALL) ALL
#To add just one user account add the line below with the correct EID. TWCCORP\\e0NNNNN ALL=(ALL) ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down) %sudo ALL=(ALL) ALL
# #includedir /etc/sudoers.d
# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL
#To add an entire group use something like the line below
%domain\\AD_Group ALL=(ALL) ALL

After making changes in visudo restart sudo /etc/init.d/sudo restart
I’m currently only adding single users.
Then to login with SSH and your EID
ssh domain\\E0NNNNN@hostname

I also did this for Debian recently but two things are different. I couldn’t find a DEB package  and the shell wasn’t set by default. Also Likewise was taken over by another company and has a new name, Power Broker Identity Services.

wget http://www.beyondtrust.com/Technical-Support/Downloads/files/PBISO/7.0.1/886/pbis-open- 7.0.1.886.linux.x86.deb.sh
chmod +x filename
Run the install ./filename
Read and understand the installation agreement, current license is GPL/GPLv2.

As above add you user to sudo and join to the AD domain. Set a shell if needed, I like bash and wasn’t getting that by default. 

opt/likewise/bin/lwconfig LoginShellTemplate /bin/bash

2006 Ford Freestar brakes

Today I did front and rear brakes on the minivan.

For the rear brakes I needed a special tool to push the piston in and twist it back to fully compressed.

I borrowed Uncle Harold’s garage and tools, he also lent a hand and did more of the work than he needed to do. I couldn’t have gotten it done nearly as quickly without him.

This old jack was great.

Youtube also helped with video of the work.

Ubuntu and UFW

Blocking traffic using UFW a lot of this is available elsewhere and better explained. I did have some problems finding correct information on blocking out bound traffic though. So I’m putting it here for my own notes.
First the basics. UFW Uncomplicated Fire Wall.
ufw enable Turns UFW on.
ufw disable Turns UFW off.
The default is to block all inbound traffic and allow all outbound traffic. by running the rules above in that order I allow SSH in and block all other traffic. Since I’m not physically on the machine I will need SSH to allow me to stay connected and make more changes as I go along.
ufw allow ssh
ufw allow http
ufw allow https
The two above are if I am running a web server and want to allow connections from any IP to this machine.

ufw allow out to 10.10.240.0/24 port 161
ufw deny out 161
This rule allows 161 (SNMP) to one range of IP addresses 10.10.240.0/24 and the second rule blocks any traffic on 161 (SNMP) to any other IP addresses.
I know you don’t need to block outbound traffic if you know what you are doing, but I have no clue so I did it this way.

ufw status numbered

To Action From
— —— —-
[ 1] 22 ALLOW IN any
[ 2] 443 ALLOW IN any
[ 3] 80 ALLOW IN any
[ 4] 10.10.240.0/24 161 ALLOW OUT Anywhere (out)
[ 5] 161 DENY OUT Anywhere (out)

Will show a list of what has been written in UFW and show the rules with numbers. To delete a rule select the rule number and run:
ufw delete 2
This would delete rule number two.

Insert will add a new rule and insert at the number that you specify.
ufw insert 4 allow out to 10.182.96.41 port 161

It is important in what order you add a rule as they are processed in order a rule to allow any connection to port 22 with a rule like “ufw deny from 1.1.1.1 to any port 22” will be ignored unless it comes before “ufw allow ssh” at rule number one.

There are also UFW limit rules to slow things like brute force attacks.
ufw insert 1 limit ssh
This will limit the number of SSH attempts to connect slowing a possible dictionary attack on SSH. Unless someone has a reason to keep hitting your machine they will usually just move on to the next target. Again since rules are processed in order this would need to come before before any allow SSH rules if you want it to work on all SSH connections. I found a useful bit on using port forwarding with UFW here.

How much

Just exactly how much do you need to get by and be comfortable? I used to watch Dad try and figure this out, maybe he was lazy or maybe he was actually a genius. I’m not sure, but I prefer to think it was some place in the middle.
I’ve got my subscription to Mother Earth News and I’ve read some things that seem to indicate its possible. Energy independence, food independence, income independence first?
I posted a list from cheaprvliving.com before that made a list of how to live off $1000 a month, I think that leaves out a few things but its a good start. Taxes with a house on a piece of land are going to be around three thousand a year today and probably three times that in twenty years.
I think I want a piece of land to at least call home base and use to generate some income but I don’t want it to be a boat anchor on me so I can’t go any place or do anything away from the land.
Some small stock, maybe goats, pigs, and chickens would be okay. I’d need someone else to do the butchering since I have no stomach for that, another expense.
Could I generate at least limited electricity from solar panels and a small wind turbine or would it be cheaper to just buy from the electric company? I want to keep things I enjoy like the motorcycle and a laptop a small car or truck to get around in and maybe find a way to run that off something I could grow.
Oh for that perfect world that I dream of.