[PC-BSD Testing] pc-activedirectory broken + workarounds

Joe Maloney jmaloney at pcbsd.org
Sat Apr 12 17:33:07 PDT 2014


I've updated pc-samba again in master with another fix for starting samba
and I've proposed a change for rc.conf.pcbsd to fix samba not starting up.
 Those two changes will also fix the previous winbind startup issues and
active directory users will now appear out of box when joined to an ad.

The only thing left for it to be fully functional out of box would be to
somehow have PCDM create a /usr/home/%username% directory when a new user
logs in that doesn't yet have a home directory.  Otherwise if the user
creates a home directory manually the login works fine.

Joe Maloney


On Fri, Mar 28, 2014 at 11:07 AM, Joe Maloney <jmaloney at pcbsd.org> wrote:

> Changed.  Was just checking first because Ken said we should ask you
> before changing that one.
>
> Joe Maloney
>
>
> On Fri, Mar 28, 2014 at 10:15 AM, Kris Moore <kris at pcbsd.org> wrote:
>
>>
>> Sure! Can you make the change, or would you like me to do it?
>>
>>
>> On 03/27/2014 21:51, Joe Maloney wrote:
>>
>> Kris,
>> can we change smb.conf here to smb4.conf to begin to fix pc-adsldap
>> domain joins?
>>
>>
>> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/
>> pc-adctl/scripts/pc-samba
>>
>>  Joe Maloney
>>
>>
>> On Wed, Mar 19, 2014 at 9:12 PM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>>
>>> Login without the user list also works perfect.
>>>
>>>  Joe Maloney
>>>
>>>
>>>
>>> On Wed, Mar 19, 2014 at 9:09 PM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>>>
>>>> It's not creating the home directories.  Once I created
>>>> /usr/home/jmaloney manually it worked.  That explains why it was working on
>>>> my old setup until I removed that user from my local system and nuked the
>>>> dataset for that user.
>>>>
>>>>  So.  4 steps required to make it work.
>>>>
>>>>  Change smb.conf to smb4.conf in pc-samba
>>>> launch winbindd
>>>> restart PCDM after launching winbind
>>>> mkdir /usr/home/%username%
>>>>
>>>>  Joe Maloney
>>>>
>>>>
>>>> On Wed, Mar 19, 2014 at 8:20 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>
>>>>> After some more testing I see that I can log in as a local user with
>>>>> just "admin" and no problems.  It seems now even if I bring back the list
>>>>> of users and click to login it still hangs.  I more than likely just borked
>>>>> my setup when I tried to install samba port to see if it would bring back
>>>>> /usr/local/etc/rc.d/winbindd script so that I could make it start
>>>>> automatically.  Which it didn't so I need to figure that out.  I will start
>>>>> over fresh and just make that smb.conf > smb4.conf change in pc-samba and
>>>>> at most start winbindd manually and see what happens...
>>>>>
>>>>>  Joe Maloney
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Mar 19, 2014 at 10:18 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>>
>>>>>>  On 03/19/2014 10:45, Joe Maloney wrote:
>>>>>>
>>>>>>  I actually tested with FreeNAS 9.2.1.2 configured as a domain
>>>>>> controller.  :)  I'm moving on to a new job full-time in a few weeks where
>>>>>> I've already deployed about 5 FreeNAS servers so far to replace an old
>>>>>> samba3 + openldap setup.  So I've been consumed with figuring out the
>>>>>> perfect setup for that which I have and it's working great so far.
>>>>>>
>>>>>> I'm hoping to get a new work PC set up my first day with PCBSD joined
>>>>>> to the directory so I can kind of show that off.  So far I can log in if I
>>>>>> choose the option in PCDM to list the users but the manual entry method
>>>>>> just freezes.  I'll have to see if I can gather more logs somehow.
>>>>>>
>>>>>>
>>>>>>  Both visible/invisible user lists use the exact same backend systems
>>>>>> in PCDM, so maybe it is something in the "display name" to "username"
>>>>>> conversion that is messing up active directory (or some AD "magic"
>>>>>> resulting in needing a different username than you think for the manual
>>>>>> entry). Try entering the normally-visible "Display Name" into the manual
>>>>>> entry and see if that works - that should let the PCDM backend convert it
>>>>>> to the auto-detected username associated with that display name and see if
>>>>>> it works.
>>>>>>
>>>>>>
>>>>>>  BTW after looking at the alternatives Fedora, CentOS, Ubuntu,
>>>>>> Debian only centos had a GUI tool to actually bind a machine to an active
>>>>>> directory it was a little more cumbersome to set up than yours was.  So I
>>>>>> have to say good job.
>>>>>>
>>>>>> Joe Maloney
>>>>>>
>>>>>>
>>>>>>
>>>>>>  :-)
>>>>>>
>>>>>>
>>>>>> On Wed, Mar 19, 2014 at 8:33 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>>>
>>>>>>>  Thanks for the feedback on PCDM, this is the first confirmation I
>>>>>>> have seen that it works from somebody actually testing it with a full AD
>>>>>>> setup.
>>>>>>>
>>>>>>> My guess would be that the samba conf file location simply got
>>>>>>> changed between samba3 and samba4, so moving our default configuration over
>>>>>>> to samba4.conf is probably a good idea since we don't use samba3 anymore. I
>>>>>>> will defer to Kris for the final say on this matter though..... ;-)
>>>>>>>
>>>>>>>
>>>>>>> On 03/18/2014 23:34, Joe Maloney wrote:
>>>>>>>
>>>>>>>  After further research I touched this file and changed smb.conf to
>>>>>>> smb4.conf.
>>>>>>>
>>>>>>>
>>>>>>> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>>>>
>>>>>>>  I haven't yet edited in pcbsd git repo.  Is this ok to change?  Is
>>>>>>> there a reason for it to be smb.conf?
>>>>>>>
>>>>>>>  After the above change I just had to launch only winbindd manually
>>>>>>> and problem solved. Indeed PCDM does not list users when in directory mode
>>>>>>> unless the box is checked to show users.  Pretty cool.
>>>>>>>
>>>>>>>  Joe Maloney
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Mar 18, 2014 at 9:27 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>>>>
>>>>>>>> After configuring with pc-activedirectory it doesn't work.  After
>>>>>>>> copying smb.conf to smb4.conf the net ads join command then works.  At this
>>>>>>>> stage wbinfo -u doesn't work to list users so finally starting smb, nmbd,
>>>>>>>> winbind manually it fully works now I can see all of my ad users in PCDM.
>>>>>>>>
>>>>>>>>  Joe Maloney
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  _______________________________________________
>>>>>>> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> ~~ Ken Moore ~~
>>>>>>> PC-BSD/iXsystems
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Testing mailing list
>>>>>>> Testing at lists.pcbsd.org
>>>>>>> http://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> ~~ Ken Moore ~~
>>>>>> PC-BSD/iXsystems
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Kris Moore
>> PC-BSD Software
>> iXsystems
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140412/8315bc6c/attachment-0001.html>


More information about the Testing mailing list