=====End-User configuration/LAIR deployment=====
====LDAP====
I installed the following Ubuntu packages (which brought along the necessary prerequisites):

  * libpam-ldap
  * libnss-ldap

===ldap.conf===
Edit /etc/ldap.conf (merges both pam and libnss into one file):

<code>
host                    auth
base                    dc=lair,dc=lan
uri                     ldap://auth
ldap_version            3
bind_policy             soft

pam_password            exop

nss_base_passwd         ou=People,dc=lair,dc=lan?one
nss_base_passwd         ou=People,dc=dslab,dc=lan?one
nss_base_passwd         ou=People,dc=sunyit,dc=lan?one

nss_base_shadow         ou=People,dc=lair,dc=lan?one
nss_base_shadow         ou=People,dc=dslab,dc=lan?one
nss_base_shadow         ou=People,dc=sunyit,dc=lan?one

nss_base_group          ou=Group,dc=lair,dc=lan?one
nss_base_group          ou=Group,dc=dslab,dc=lan?one
nss_base_group          ou=Group,dc=sunyit,dc=lan?one
</code>

===nsswitch.conf===
Configure /etc/nsswitch.conf as follows:

<code>
passwd:         files [SUCCESS=return] ldap
group:          files [SUCCESS=return] ldap
shadow:         files [SUCCESS=return] ldap

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      files
services:       files
ethers:         files
rpc:            files

netgroup:       nis
</code>

===ldap/ldap.conf===
And /etc/ldap/ldap.conf:

<code>
BASE    dc=lair,dc=lan
URI     ldap://auth
</code>

===pam.d/common-* files===
The /etc/pam.d/common-* files came preset with LDAP entries that look like they'll "just work" for us. No changes were made.
====NFS====
To configure nfs, I installed the following packages (which brought in necessary prerequisites):

  * nfs-common
  * autofs5

===auto.master===
In /etc/auto.master:

<code>
/home   /etc/auto.home --timeout=60 -fstype=nfs4,rw
</code>

===auto.home===
In /etc/auto.home:

<code>
*   nfs:/home/&
</code>

===default/nfs-common===
We need to enable idmapd support in /etc/default/nfs-common:

<code>
# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".

# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=

# Options for rpc.statd.
#   Should rpc.statd listen on a specific port? This is especially useful
#   when you have a port-based firewall. To use a fixed port, set this
#   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
#   For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS
STATDOPTS=

# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=yes

# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=
</code>

===idmapd.conf===
Finally, in /etc/idmapd.conf:

<code>
[General]
Domain = lair
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Verbosity = 0

[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup

[Translation]
Method = nsswitch
</code>

===useful nfs tips===

Be sure to restart **nfs-common** and then **autofs**.

Remove any existing directories in /home (such as those of local users). This will lead to less problems (it actually wouldn't automount for me if there were local files in /home).
====Xorg====
===xserverrc===
In /etc/X11/xinit/xserverrc, we want to remove the "-nolisten tcp" so we can do X networking.

Before:

<code>
#!/bin/sh

# $Id: xserverrc 189 2005-06-11 00:04:27Z branden $

exec /usr/bin/X11/X -nolisten tcp
</code>

After:

<code>
#!/bin/sh

# $Id: xserverrc 189 2005-06-11 00:04:27Z branden $

exec /usr/bin/X11/X
</code>
====sudo====
To enable lair members sudo access, in visudo:

<code>
# User privilege specification
root            ALL=(ALL) ALL
%lair           ALL=(ALL) ALL
</code>

I removed the %admin reference.

I also removed all local users (bob, jim, roy).

=====USB automount=====
In Ubuntu, for a user to have the ability to mount an inserted USB stick, they must be a member of group 'plugdev' (apparently in cases where pmount/pumount is used).

It doesn't appear as if Ubuntu 9.04 uses pmount, but I did find somewhere that might solve the problem for me...

In /etc/gnome-system-tools/users/profiles, I added the line:

<code>
groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,video
</code>

to the stanza for Unprivileged users. Total updated file looks as follows:

<code>
[Unprivileged]name=Unprivileged
name[es]=Usuario sin privilegios
shell=/bin/bash
home-prefix=/home
uid-min=1000
uid-max=6000
groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,video

[Desktop]
name=Desktop user
name[es]=Usuario del escritorio
default=1
shell=/bin/bash
home-prefix=/home
uid-min=1000
uid-max=6000
groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,video

[Administrator]
name=Administrator
name[es]=Administrador
shell=/bin/bash
home-prefix=/home
uid-min=1000
uid-max=6000
groups=cdrom,floppy,dialout,tape,dip,adm,plugdev,fax,audio,scanner,fuse,admin,sambashare,l
padmin,video
</code>