[PC-BSD Testing] pc-activedirectory broken + workarounds

Ken Moore ken at pcbsd.org
Thu Apr 17 05:12:12 PDT 2014


All done.
PCDM should now use the "pw" utility to create the user's home directory 
if it does not exist, but the login credentials are valid.

On 04/14/2014 11:40, Kris Moore wrote:
>
> I merged those changes into freebsd/master. I'll backport it to 
> stable/10 and releng/10.0 as well. As for PCDM, I think it can be set 
> to do that automatically.
>
> Ken, can you make that change? If the login / pass is successful, yet 
> $HOME doesn't exist, create $HOME directory.
>
> On 04/12/2014 20:33, Joe Maloney wrote:
>> I've updated pc-samba again in master with another fix for starting 
>> samba and I've proposed a change for rc.conf.pcbsd to fix samba not 
>> starting up.  Those two changes will also fix the previous winbind 
>> startup issues and active directory users will now appear out of box 
>> when joined to an ad.
>>
>> The only thing left for it to be fully functional out of box would be 
>> to somehow have PCDM create a /usr/home/%username% directory when a 
>> new user logs in that doesn't yet have a home directory.  Otherwise 
>> if the user creates a home directory manually the login works fine.
>>
>> Joe Maloney
>>
>>
>> On Fri, Mar 28, 2014 at 11:07 AM, Joe Maloney <jmaloney at pcbsd.org 
>> <mailto:jmaloney at pcbsd.org>> wrote:
>>
>>     Changed.  Was just checking first because Ken said we should ask
>>     you before changing that one.
>>
>>     Joe Maloney
>>
>>
>>     On Fri, Mar 28, 2014 at 10:15 AM, Kris Moore <kris at pcbsd.org
>>     <mailto:kris at pcbsd.org>> wrote:
>>
>>
>>         Sure! Can you make the change, or would you like me to do it?
>>
>>
>>         On 03/27/2014 21:51, Joe Maloney wrote:
>>>         Kris,
>>>         can we change smb.conf here to smb4.conf to begin to fix
>>>         pc-adsldap domain joins?
>>>
>>>         https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>         <https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba>
>>>
>>>         Joe Maloney
>>>
>>>
>>>         On Wed, Mar 19, 2014 at 9:12 PM, Joe Maloney
>>>         <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>>
>>>             Login without the user list also works perfect.
>>>
>>>             Joe Maloney
>>>
>>>
>>>
>>>             On Wed, Mar 19, 2014 at 9:09 PM, Joe Maloney
>>>             <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>>
>>>                 It's not creating the home directories.  Once I
>>>                 created /usr/home/jmaloney manually it worked.  That
>>>                 explains why it was working on my old setup until I
>>>                 removed that user from my local system and nuked the
>>>                 dataset for that user.
>>>
>>>                 So.  4 steps required to make it work.
>>>
>>>                 Change smb.conf to smb4.conf in pc-samba
>>>                 launch winbindd
>>>                 restart PCDM after launching winbind
>>>                 mkdir /usr/home/%username%
>>>
>>>                 Joe Maloney
>>>
>>>
>>>                 On Wed, Mar 19, 2014 at 8:20 PM, Joe Maloney
>>>                 <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>>
>>>                     After some more testing I see that I can log in
>>>                     as a local user with just "admin" and no
>>>                     problems.  It seems now even if I bring back the
>>>                     list of users and click to login it still hangs.
>>>                      I more than likely just borked my setup when I
>>>                     tried to install samba port to see if it would
>>>                     bring back /usr/local/etc/rc.d/winbindd script
>>>                     so that I could make it start automatically.
>>>                      Which it didn't so I need to figure that out.
>>>                      I will start over fresh and just make that
>>>                     smb.conf > smb4.conf change in pc-samba and at
>>>                     most start winbindd manually and see what happens...
>>>
>>>                     Joe Maloney
>>>
>>>
>>>
>>>                     On Wed, Mar 19, 2014 at 10:18 AM, Ken Moore
>>>                     <ken at pcbsd.org <mailto:ken at pcbsd.org>> wrote:
>>>
>>>                         On 03/19/2014 10:45, Joe Maloney wrote:
>>>>                         I actually tested with FreeNAS 9.2.1.2
>>>>                         configured as a domain controller. :)  I'm
>>>>                         moving on to a new job full-time in a few
>>>>                         weeks where I've already deployed about 5
>>>>                         FreeNAS servers so far to replace an old
>>>>                         samba3 + openldap setup.  So I've been
>>>>                         consumed with figuring out the perfect
>>>>                         setup for that which I have and it's
>>>>                         working great so far.
>>>>
>>>>                         I'm hoping to get a new work PC set up my
>>>>                         first day with PCBSD joined to the
>>>>                         directory so I can kind of show that off. 
>>>>                         So far I can log in if I choose the option
>>>>                         in PCDM to list the users but the manual
>>>>                         entry method just freezes.  I'll have to
>>>>                         see if I can gather more logs somehow.
>>>>
>>>
>>>                         Both visible/invisible user lists use the
>>>                         exact same backend systems in PCDM, so maybe
>>>                         it is something in the "display name" to
>>>                         "username" conversion that is messing up
>>>                         active directory (or some AD "magic"
>>>                         resulting in needing a different username
>>>                         than you think for the manual entry). Try
>>>                         entering the normally-visible "Display Name"
>>>                         into the manual entry and see if that works
>>>                         - that should let the PCDM backend convert
>>>                         it to the auto-detected username associated
>>>                         with that display name and see if it works.
>>>
>>>
>>>>                         BTW after looking at the alternatives
>>>>                         Fedora, CentOS, Ubuntu, Debian only centos
>>>>                         had a GUI tool to actually bind a machine
>>>>                         to an active directory it was a little more
>>>>                         cumbersome to set up than yours was.  So I
>>>>                         have to say good job.
>>>>
>>>>                         Joe Maloney
>>>>
>>>>
>>>
>>>                         :-)
>>>
>>>>
>>>>                         On Wed, Mar 19, 2014 at 8:33 AM, Ken Moore
>>>>                         <ken at pcbsd.org <mailto:ken at pcbsd.org>> wrote:
>>>>
>>>>                             Thanks for the feedback on PCDM, this
>>>>                             is the first confirmation I have seen
>>>>                             that it works from somebody actually
>>>>                             testing it with a full AD setup.
>>>>
>>>>                             My guess would be that the samba conf
>>>>                             file location simply got changed
>>>>                             between samba3 and samba4, so moving
>>>>                             our default configuration over to
>>>>                             samba4.conf is probably a good idea
>>>>                             since we don't use samba3 anymore. I
>>>>                             will defer to Kris for the final say on
>>>>                             this matter though..... ;-)
>>>>
>>>>
>>>>                             On 03/18/2014 23:34, Joe Maloney wrote:
>>>>>                             After further research I touched this
>>>>>                             file and changed smb.conf to smb4.conf.
>>>>>
>>>>>                             https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>>
>>>>>                             I haven't yet edited in pcbsd git
>>>>>                             repo.  Is this ok to change?  Is there
>>>>>                             a reason for it to be smb.conf?
>>>>>
>>>>>                             After the above change I just had to
>>>>>                             launch only winbindd manually and
>>>>>                             problem solved. Indeed PCDM does not
>>>>>                             list users when in directory mode
>>>>>                             unless the box is checked to show
>>>>>                             users.  Pretty cool.
>>>>>
>>>>>                             Joe Maloney
>>>>>
>>>>>
>>>>>
>>>>>                             On Tue, Mar 18, 2014 at 9:27 PM, Joe
>>>>>                             Maloney <jmaloney at pcbsd.org
>>>>>                             <mailto:jmaloney at pcbsd.org>> wrote:
>>>>>
>>>>>                                 After configuring with
>>>>>                                 pc-activedirectory it doesn't
>>>>>                                 work.  After copying smb.conf to
>>>>>                                 smb4.conf the net ads join command
>>>>>                                 then works.  At this stage wbinfo
>>>>>                                 -u doesn't work to list users so
>>>>>                                 finally starting smb, nmbd,
>>>>>                                 winbind manually it fully works
>>>>>                                 now I can see all of my ad users
>>>>>                                 in PCDM.
>>>>>
>>>>>                                 Joe Maloney
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                             _______________________________________________
>>>>>                             Testing mailing list
>>>>>                             Testing at lists.pcbsd.org  <mailto:Testing at lists.pcbsd.org>
>>>>>                             http://lists.pcbsd.org/mailman/listinfo/testing
>>>>
>>>>
>>>>                             -- 
>>>>                             ~~ Ken Moore ~~
>>>>                             PC-BSD/iXsystems
>>>>
>>>>
>>>>                             _______________________________________________
>>>>                             Testing mailing list
>>>>                             Testing at lists.pcbsd.org
>>>>                             <mailto:Testing at lists.pcbsd.org>
>>>>                             http://lists.pcbsd.org/mailman/listinfo/testing
>>>>
>>>>
>>>
>>>
>>>                         -- 
>>>                         ~~ Ken Moore ~~
>>>                         PC-BSD/iXsystems
>>>
>>>
>>>
>>>
>>>
>>
>>
>>         -- 
>>         Kris Moore
>>         PC-BSD Software
>>         iXsystems
>>
>>
>>
>>
>>
>> _______________________________________________
>> Testing mailing list
>> Testing at lists.pcbsd.org
>> http://lists.pcbsd.org/mailman/listinfo/testing
>
>
> -- 
> Kris Moore
> PC-BSD Software
> iXsystems
>
>
> _______________________________________________
> Testing mailing list
> Testing at lists.pcbsd.org
> http://lists.pcbsd.org/mailman/listinfo/testing


-- 
~~ Ken Moore ~~
PC-BSD/iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140417/3a174258/attachment-0001.html>


More information about the Testing mailing list