How to get llama 2 up and running , in a VM, with no GPU, and limited memory on Ubuntu

-
Image
OK I decided to write this up after unsuccessfully being able to find all the required info I needed in one place. In this setup we will be using Ubuntu Server 22.04.2 LTS as the OS. I have this running on a home lab ESXi server 8, on a HP Compaq Pro 6300 SFF CPU = Intel Core i7-3770 Installed Memory 16 GB I have some 10K SAS drives installed for the VM's If you have not already, navigate to  Get Ubuntu Server | Download | Ubuntu and download the 22.04.2 LTS ISO Next Lets create our VM that we are going to run this in. *Note Im using ESXi however you can probably do this in Workstation, Fusion, VirtualBox etc The main things to note on the VM creation. Set Ubuntu 64 bit as the guest OS Set your CPU relevant to the physicals CPU, I will be starting with 4 VCPU Set your Memory to as much as you can tolerate, I will be using 12 Disk Space - we are creating a 100G swap file, and the rest of the file can take up some room , so more is better if you can afford it Dont forget to add the U
Post a Comment

VMware View 2-factor authentication with Google Authenticator - Part Three

-
Installing Google Authenticator pbis-open and freeradius
Now that we have the VM and Ubuntu installed, we now need to install our packages.

First make sure you have a DNS record for the server in active directory, as we are going to need it. This must be done first!

Also create a AD security group named:
GG_S_GOOGLE_AUTH_DISABLED

Once done, go back to your console and run the following:
sudo su
enter your password

apt-get update

 apt-get dist-upgrade
say Y when prompted

 apt-get install ntp
say Y when prompted

apt-get install ntpdate
should not prompt

ntpdate pool.ntp.org

Now we are going to install pbis-open for our connection to Active Directory

wget -O - http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis|sudo apt-key add - 
wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbiso.list 
apt-get update
apt-get install pbis-open
say Y when prompted

Once that completes we can Join our Ubuntu server to the domain.
domainjoin-cli join yourdomain.com administrator@yourdomain.com

change the above statement to reflect your environment.














Don't reboot just yet we are not done.
Run the following:
/opt/pbis/bin/config LoginShellTemplate /bin/bash
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config HomeDirTemplate %H/%D/%U

And Clear cache
/opt/pbis/bin/ad-cache --delete-all

now go ahead ad reboot, then reconnect to your sever.
Now we are going to install google authenticator and freeradius and other required packages
Once logged in, same as before:
sudo su
enter password
apt-get install build-essential git libpam0g-dev libqrencode3
say Y when prompted

apt-get install libpam-google-authenticator
say Y when prompted

apt-get install freeradius
say Y when prompted

Now time to edit raidus files:
vi /etc/freeradius/radiusd.conf

Scroll down until you see this:

And change it to this
user = root (instead of user = freerad)
group = root (instead of user = freerad)
Save changes and exit vi

Edit the file /etc/freeradius/users
vi /etc/freeradius/users

This entry is towards the top. Un-comment it out and and make it look like the next entry:



DEFAULT Group == "GG_S_GOOGLE_AUTH_DISABLED", Auth-Type := Reject
Reply-Message = "Your account has been disabled."
DEFAULT Auth-Type := PAM



Save and close the file.

Now edit the file /etc/freeradius/sites-enabled/default
vi /etc/freeradius/sites-enabled/default

Search for “pam” by typing /pam
And un-comment the line it to read: pam

Save and close the file.

Now edit the file /etc/pam.d/radiusd
vi /etc/pam.d/radiusd




Comment all line from this file and add the following:
auth requisite pam_google_authenticator.so forward_pass
account required pam_lsass.so use_first_pass



Save and close the file.

Now edit /etc/freeradius/clients.conf 
vi /etc/freeradius/clients.conf 

find  client some.host.org
modify it with the following

client {
secret =
shortname =
}

Save and close the file.

Now restart free radius:
service freeradius restart

Now edit /etc/skel/.bashrc
vi /etc/skel/.bashrc
add the following line under alias l='ls -CF'
alias gauth= 'google-authenticator -tdf -l "Horizon View" -r 3 -R 30 -w 17 -Q UTF8'


 Save and close the file.

reboot


Comments

Post a Comment

Popular posts from this blog

vSphere 7 - Specify a vmkernel adapter to use for NFS datastores Step By Step \ Walkthrough on a DVS

-
Image
 Recently I needed to setup a NFS server but needed it to specifically be on a specific vmkernel adapter. I found this KB https://kb.vmware.com/s/article/50112854 however there were some things missing so I decided to write this walkthrough incase it helps any one else. First thing , remove all NFS mounted datastores if you haven't already. I ran through this on 7.0.2 however is probably the same for other versions. Step 1: This is going to be on a DVS, so we want to go ahead and create a port group to silo off our NFS traffic. To make life easy, we will just call it NFS Static binding and elastic port allocation were the defaults so I let these there. If you are VLAN'ing your traffic modify this info here, and complete the wizard. Next put your host into Maintenance Mode We are going to add a New TCP/IP stack to the host. First check that you have not already created one in the UI by opening a browser to the ESXi host, navigate to networking > TCP/IP Stacks SSH into your ES
Read more

Horizon View 2-factor Authentication for Free! with Google Authenticator or others

-
Image
So after quite a bit of work on my proof of concept google authenticator server, a colleague pointed out that LinOPT has already created this, along a whole slew of other options. So after spending a couple of nights reading and testing I figured id post a simple walk-through to get this up and running in your environment. As mentioned in the title this is a Free solution , however if you are wanting to scale this in a large organization you would most likely want to explore their support contracts , this is a good fall back when things just don't work and this also help the developers keep this type of software free for the rest of us. To start off we want to create 2 objects in Active Director. The first is just a standard user account LinOTP will use to connect to your domain. You can put these any where in your domain as we will access them directly later. In my case i create one called 'LinOTP Svc' and put it in the default Users OU. Next create a Global or
Read more

Windows 11 Insider Preview Instant Clones Horizon 8 2103 walkthrough - Part 1 Image setup

-
Image
 Just a reminder , non of this is supported by Microsoft, VMware, or any other software vendor at the time of this writing, any thing you do is for testing purposes. Enjoy! ----------Updated Guide for Windows 11 GA build can be found here  https://jeramythompson.blogspot.com/2021/10/windows-11-ga-instant-clone-lab-with.html ------ Now that you have your Windows 11 Insider Preview up and running (if not see this post) we can get an Instant Clone pool up and running. First thing we need to do is enable the local administrator account, and setup a password if not done already. Open Computer management (run compmgmt.msc). Next log out of your temp admin you setup originally and log in as Administrator. You will get some prompts for the new user setup. Open up Computer Management and delete the old user: Go ahead and reboot. Once you have rebooted log back in as the local Administrator Profile. Right click the Windows Icon and choose System: In System Click on Advanced System Settings clic
Read more