[PC-BSD Testing] pc-activedirectory broken + workarounds

Kris Moore kris at pcbsd.org
Mon Apr 14 08:40:44 PDT 2014


I merged those changes into freebsd/master. I'll backport it to
stable/10 and releng/10.0 as well. As for PCDM, I think it can be set to
do that automatically.

Ken, can you make that change? If the login / pass is successful, yet
$HOME doesn't exist, create $HOME directory.

On 04/12/2014 20:33, Joe Maloney wrote:
> I've updated pc-samba again in master with another fix for starting
> samba and I've proposed a change for rc.conf.pcbsd to fix samba not
> starting up.  Those two changes will also fix the previous winbind
> startup issues and active directory users will now appear out of box
> when joined to an ad.
>
> The only thing left for it to be fully functional out of box would be
> to somehow have PCDM create a /usr/home/%username% directory when a
> new user logs in that doesn't yet have a home directory.  Otherwise if
> the user creates a home directory manually the login works fine.
>
> Joe Maloney
>
>
> On Fri, Mar 28, 2014 at 11:07 AM, Joe Maloney <jmaloney at pcbsd.org
> <mailto:jmaloney at pcbsd.org>> wrote:
>
>     Changed.  Was just checking first because Ken said we should ask
>     you before changing that one.
>
>     Joe Maloney
>
>
>     On Fri, Mar 28, 2014 at 10:15 AM, Kris Moore <kris at pcbsd.org
>     <mailto:kris at pcbsd.org>> wrote:
>
>
>         Sure! Can you make the change, or would you like me to do it?
>
>
>         On 03/27/2014 21:51, Joe Maloney wrote:
>>         Kris,
>>         can we change smb.conf here to smb4.conf to begin to fix
>>         pc-adsldap domain joins?
>>
>>         https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>         <https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba>
>>
>>         Joe Maloney
>>
>>
>>         On Wed, Mar 19, 2014 at 9:12 PM, Joe Maloney
>>         <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>
>>             Login without the user list also works perfect.
>>
>>             Joe Maloney
>>
>>
>>
>>             On Wed, Mar 19, 2014 at 9:09 PM, Joe Maloney
>>             <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>
>>                 It's not creating the home directories.  Once I
>>                 created /usr/home/jmaloney manually it worked.  That
>>                 explains why it was working on my old setup until I
>>                 removed that user from my local system and nuked the
>>                 dataset for that user.
>>
>>                 So.  4 steps required to make it work.
>>
>>                 Change smb.conf to smb4.conf in pc-samba
>>                 launch winbindd
>>                 restart PCDM after launching winbind
>>                 mkdir /usr/home/%username%
>>
>>                 Joe Maloney
>>
>>
>>                 On Wed, Mar 19, 2014 at 8:20 PM, Joe Maloney
>>                 <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>
>>                     After some more testing I see that I can log in
>>                     as a local user with just "admin" and no
>>                     problems.  It seems now even if I bring back the
>>                     list of users and click to login it still hangs.
>>                      I more than likely just borked my setup when I
>>                     tried to install samba port to see if it would
>>                     bring back /usr/local/etc/rc.d/winbindd script so
>>                     that I could make it start automatically.  Which
>>                     it didn't so I need to figure that out.  I will
>>                     start over fresh and just make that smb.conf >
>>                     smb4.conf change in pc-samba and at most start
>>                     winbindd manually and see what happens...
>>
>>                     Joe Maloney
>>
>>
>>
>>                     On Wed, Mar 19, 2014 at 10:18 AM, Ken Moore
>>                     <ken at pcbsd.org <mailto:ken at pcbsd.org>> wrote:
>>
>>                         On 03/19/2014 10:45, Joe Maloney wrote:
>>>                         I actually tested with FreeNAS 9.2.1.2
>>>                         configured as a domain controller.  :)  I'm
>>>                         moving on to a new job full-time in a few
>>>                         weeks where I've already deployed about 5
>>>                         FreeNAS servers so far to replace an old
>>>                         samba3 + openldap setup.  So I've been
>>>                         consumed with figuring out the perfect setup
>>>                         for that which I have and it's working great
>>>                         so far.
>>>
>>>                         I'm hoping to get a new work PC set up my
>>>                         first day with PCBSD joined to the directory
>>>                         so I can kind of show that off.  So far I
>>>                         can log in if I choose the option in PCDM to
>>>                         list the users but the manual entry method
>>>                         just freezes.  I'll have to see if I can
>>>                         gather more logs somehow. 
>>>
>>
>>                         Both visible/invisible user lists use the
>>                         exact same backend systems in PCDM, so maybe
>>                         it is something in the "display name" to
>>                         "username" conversion that is messing up
>>                         active directory (or some AD "magic"
>>                         resulting in needing a different username
>>                         than you think for the manual entry). Try
>>                         entering the normally-visible "Display Name"
>>                         into the manual entry and see if that works -
>>                         that should let the PCDM backend convert it
>>                         to the auto-detected username associated with
>>                         that display name and see if it works.
>>
>>
>>>                         BTW after looking at the alternatives
>>>                         Fedora, CentOS, Ubuntu, Debian only centos
>>>                         had a GUI tool to actually bind a machine to
>>>                         an active directory it was a little more
>>>                         cumbersome to set up than yours was.  So I
>>>                         have to say good job. 
>>>
>>>                         Joe Maloney
>>>
>>>
>>
>>                         :-)
>>
>>>
>>>                         On Wed, Mar 19, 2014 at 8:33 AM, Ken Moore
>>>                         <ken at pcbsd.org <mailto:ken at pcbsd.org>> wrote:
>>>
>>>                             Thanks for the feedback on PCDM, this is
>>>                             the first confirmation I have seen that
>>>                             it works from somebody actually testing
>>>                             it with a full AD setup.
>>>
>>>                             My guess would be that the samba conf
>>>                             file location simply got changed between
>>>                             samba3 and samba4, so moving our default
>>>                             configuration over to samba4.conf is
>>>                             probably a good idea since we don't use
>>>                             samba3 anymore. I will defer to Kris for
>>>                             the final say on this matter though.....
>>>                             ;-)
>>>
>>>
>>>                             On 03/18/2014 23:34, Joe Maloney wrote:
>>>>                             After further research I touched this
>>>>                             file and changed smb.conf to smb4.conf.  
>>>>
>>>>                             https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>
>>>>                             I haven't yet edited in pcbsd git repo.
>>>>                              Is this ok to change?  Is there a
>>>>                             reason for it to be smb.conf?
>>>>
>>>>                             After the above change I just had to
>>>>                             launch only winbindd manually and
>>>>                             problem solved. Indeed PCDM does not
>>>>                             list users when in directory mode
>>>>                             unless the box is checked to show
>>>>                             users.  Pretty cool.
>>>>
>>>>                             Joe Maloney
>>>>
>>>>
>>>>
>>>>                             On Tue, Mar 18, 2014 at 9:27 PM, Joe
>>>>                             Maloney <jmaloney at pcbsd.org
>>>>                             <mailto:jmaloney at pcbsd.org>> wrote:
>>>>
>>>>                                 After configuring with
>>>>                                 pc-activedirectory it doesn't work.
>>>>                                  After copying smb.conf to
>>>>                                 smb4.conf the net ads join command
>>>>                                 then works.  At this stage wbinfo
>>>>                                 -u doesn't work to list users so
>>>>                                 finally starting smb, nmbd, winbind
>>>>                                 manually it fully works now I can
>>>>                                 see all of my ad users in PCDM.
>>>>
>>>>                                 Joe Maloney
>>>>
>>>>
>>>>
>>>>
>>>>                             _______________________________________________
>>>>                             Testing mailing list
>>>>                             Testing at lists.pcbsd.org <mailto:Testing at lists.pcbsd.org>
>>>>                             http://lists.pcbsd.org/mailman/listinfo/testing
>>>
>>>
>>>                             -- 
>>>                             ~~ Ken Moore ~~
>>>                             PC-BSD/iXsystems
>>>
>>>
>>>                             _______________________________________________
>>>                             Testing mailing list
>>>                             Testing at lists.pcbsd.org
>>>                             <mailto:Testing at lists.pcbsd.org>
>>>                             http://lists.pcbsd.org/mailman/listinfo/testing
>>>
>>>
>>
>>
>>                         -- 
>>                         ~~ Ken Moore ~~
>>                         PC-BSD/iXsystems
>>
>>
>>
>>
>>
>
>
>         -- 
>         Kris Moore
>         PC-BSD Software
>         iXsystems
>
>
>
>
>
> _______________________________________________
> Testing mailing list
> Testing at lists.pcbsd.org
> http://lists.pcbsd.org/mailman/listinfo/testing


-- 
Kris Moore
PC-BSD Software
iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140414/5550dea5/attachment-0001.html>


More information about the Testing mailing list