The Big One - rosepheobieshea/SYS-255-Tech-Journal GitHub Wiki

1. Setup interfaces
Verify MAC addresses match from vSphere to PFSense
Select option (1) Assign Interfaces
(n) for setup vlans
WAN interface = em0
LAN interface = em1

Select 2
Pick the WAN interface
Do not use DHCP for the WAN IPv4 address
You are using a 24 bit subnet mask
For the WAN, your upstream gateway is 10.0.17.2
Use the gateway as your IPv4 name server as well
We will not be using IPv6, respond no when asked about DHCP.
Press <ENTER> to bypass IPv6 configuration
When asked about HTTP for the GUI, respond no (we want to use secure https)

Select 2
Pick the LAN interface
We are not using DHCP
Your LAN IP Address is 10.0.5.2.  This is the same for every student.
You are using a 24 bit subnet mask
You do not have an upstream LAN gateway (you are the gateway for the LAN).  Press <ENTER>
No DHCP
Press <ENTER> to bypass IPv6 configuration
Do not enable a LAN DHCP Server
Do not revert to HTTP


2. Setup wks01
Do this now so you can access the webconfig for pfsense

Change computer name
Open File Explorer
Right-click on “This PC”
Click “Properties”
Click on “Change Settings”
Click “Change” next to “To rename this computer…”
Then type: wks01-yourfirstname
Check “firstname” to your real first name.

3. Setup *local* admin account
open lusrmgr.msc
Create new user
right click on users folder and select new user
username: rose.davis-loc
fullname: rose.davis-loc
Desc: New Local Admin Acct
Enter password (duh)
Check password never expires.

Add user to admin group
right click on rose.davis-local, then click properties
goto Member Of then click add
Enter "WKS01-ROSE\Administrators"
Click okay (obvioulsy)
Logout and login again

4. Configure wks01 network settings 
IP: 10.0.5.100
Subnet: 255.255.255.0
Default Gateway: 10.0.5.2
DNS: 10.0.5.2


5. Finish config of fw01
from wks01's webbrowser open fw01's ip address (10.0.5.2)
login with the credentials: 
usr name: admin
password: pfsense

Skip through first wizard changing default password and leave override DNS server on PPP/WAN checked.
Click on System>General Information and enter the following:
Hostname: fw01-rose
Domain: rose.local
Primary DNS: 8.8.8.8
Secondary DNS: 1.1.1.1

Click on Interfaces>WAN
Uncheck "Block private networks and loopback addresses"

1. Configure IPv4 Settings
IP Addr: 10.0.5.5
Subnet: 255.255.255.0
Gateway: 10.0.5.2
DNS: 10.0.5.2

2. Set computer name to ad01-rose
Dont change the workgroup yet
Ensure time is set to GMT-5:00
Restart

3. Now setup ADDS (yay!)
Goto Manage>Add Roles and features
Click through defaults until the Server Roles Tab
Click on Active Directory Domain Services> Add features
Click through defaults again
Check Restart dest. server automatically
Click Install
After feature installation completes, click Promote this server to a domain controller
Select Add a new forest
Root domain name: rose.local
Enter DSRM password
Click through the rest of the defaults

4. DNS Configuration
Add DNS records for fw01
In server manager click on DNS> Right click on AD01-ROSE> DNS Manager
In Forward Lookup Zones right click on rose.local and select "New Host (A or AAAA)"
Host: fw01-rose
IP addr: 10.0.5.2
Check Create PTR record
Dont worry about the warning, this is normal

Click on Reverse Lookup zones and then right click and select New Zone
Click through wizard defaults until Reverse Lookup Zone Name
Network ID: 10.0.5
Go back to rose.local under forward lookup zones and select the fw01 record
Uncheck create PTR record, click apply, then recheck the box and click Okay
In reverse lookup zones click refresh and fw01 record should appear

5. Create priveleged and non-priveleged users
Click on the AD DS tab in server manager, then right click on AD01-ROSE, select AD Users and Computers
In Users folder right click and select New> User
FName: Rose
LName: Davis
Full Name: Rose Davis (adm)
User logon name: rose.davis-adm
Uncheck change password on next logon and check password never expires
Add (adm) for admin account
For admin account right click on user once it is created and select Add to group
Object name: Domain Admins
- For the non-priveleged user complete the same steps, but without adding (adm) to the name or adding the user to the Domain Admins group.

6. Join wks01 to rose.local domain
Set wks01's DNS to AD01's IP address (10.0.5.5)
Change wks01 hostname and domain (in Rename this PC (advanced))
Computer name: wks01-rose
Domain: rose
Auth this chnage with your newly created AD adm account
Restart wks01
Login to ur domain with username@rose

1. Configure Networking
Open nmtui
IP Addr: 10.0.5.3/24
Gateway: 10.0.5.2
DNS: 10.0.5.5
Search Domain: rose.local
Set hostname with:
> hostname dhcp01-rose

2. Add admin user
> useradd rose
> passwd rose
> usermod -aG wheel rose

3. Add PTR record for dhcp01
In DNS manager add "A" record in forward lookup zone
Name: dhcp01-rose
IP addr: 10.0.5.3
Check create PTR record

1. Install DHCP Services
> dnf install dhcp-server

2. Configure DHCP server
> vi /etc/dhcp/dhcpd.conf
Enter the following configuration:
subnet 10.0.5.0 netmask 255.255.255.0 {
	option routers 10.0.5.2;
	option subnet-mask 255.255.255.0;
	option domain-name "rose.local";
	option domain-name-servers 10.0.5.5;
	range 10.0.5.100 10.0.5.150;
}
Note: the default lease times should be fine, but if you need to edit them use these options:
    default-lease-time 3600;
    max-lease-time 14400;
Time is measured in seconds btw

Start the service
> systemctl start dhcpd
Enable service at startup 
> systemctl enable dhcpd

3. Configure firewall
> firewall-cmd --add-service=dhcp --permanent
> firewall-cmd --reload

4. Set wks01 to use dhcp