[PC-BSD Testing] pc-activedirectory broken + workarounds

Joe Maloney jmaloney at pcbsd.org
Sun Apr 20 14:55:52 PDT 2014


Confirmed the new pw code to create home directories for PDCM works.  Still
have to modify /etc/rc.conf.pcbsd by hand to use samba_server_enable=“YES”
until that part of the system update gets passed out.  Otherwise working
out of box now.  :)

Joe Maloney


On Thu, Apr 17, 2014 at 7:12 AM, Ken Moore <ken at pcbsd.org> wrote:

>  All done.
> PCDM should now use the "pw" utility to create the user's home directory
> if it does not exist, but the login credentials are valid.
>
>
> On 04/14/2014 11:40, Kris Moore wrote:
>
>
> I merged those changes into freebsd/master. I'll backport it to stable/10
> and releng/10.0 as well. As for PCDM, I think it can be set to do that
> automatically.
>
> Ken, can you make that change? If the login / pass is successful, yet
> $HOME doesn't exist, create $HOME directory.
>
> On 04/12/2014 20:33, Joe Maloney wrote:
>
> I’ve updated pc-samba again in master with another fix for starting samba
> and I’ve proposed a change for rc.conf.pcbsd to fix samba not starting up.
>  Those two changes will also fix the previous winbind startup issues and
> active directory users will now appear out of box when joined to an ad.
>
>  The only thing left for it to be fully functional out of box would be to
> somehow have PCDM create a /usr/home/%username% directory when a new user
> logs in that doesn’t yet have a home directory.  Otherwise if the user
> creates a home directory manually the login works fine.
>
>  Joe Maloney
>
>
> On Fri, Mar 28, 2014 at 11:07 AM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>
>> Changed.  Was just checking first because Ken said we should ask you
>> before changing that one.
>>
>>  Joe Maloney
>>
>>
>> On Fri, Mar 28, 2014 at 10:15 AM, Kris Moore <kris at pcbsd.org> wrote:
>>
>>>
>>> Sure! Can you make the change, or would you like me to do it?
>>>
>>>
>>> On 03/27/2014 21:51, Joe Maloney wrote:
>>>
>>> Kris,
>>> can we change smb.conf here to smb4.conf to begin to fix pc-adsldap
>>> domain joins?
>>>
>>>
>>> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/
>>> pc-adctl/scripts/pc-samba
>>>
>>>  Joe Maloney
>>>
>>>
>>> On Wed, Mar 19, 2014 at 9:12 PM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>>>
>>>> Login without the user list also works perfect.
>>>>
>>>>  Joe Maloney
>>>>
>>>>
>>>>
>>>> On Wed, Mar 19, 2014 at 9:09 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>
>>>>> It’s not creating the home directories.  Once I created
>>>>> /usr/home/jmaloney manually it worked.  That explains why it was working on
>>>>> my old setup until I removed that user from my local system and nuked the
>>>>> dataset for that user.
>>>>>
>>>>>  So.  4 steps required to make it work.
>>>>>
>>>>>  Change smb.conf to smb4.conf in pc-samba
>>>>> launch winbindd
>>>>> restart PCDM after launching winbind
>>>>> mkdir /usr/home/%username%
>>>>>
>>>>>  Joe Maloney
>>>>>
>>>>>
>>>>> On Wed, Mar 19, 2014 at 8:20 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>>
>>>>>> After some more testing I see that I can log in as a local user with
>>>>>> just “admin” and no problems.  It seems now even if I bring back the list
>>>>>> of users and click to login it still hangs.  I more than likely just borked
>>>>>> my setup when I tried to install samba port to see if it would bring back
>>>>>> /usr/local/etc/rc.d/winbindd script so that I could make it start
>>>>>> automatically.  Which it didn’t so I need to figure that out.  I will start
>>>>>> over fresh and just make that smb.conf > smb4.conf change in pc-samba and
>>>>>> at most start winbindd manually and see what happens...
>>>>>>
>>>>>>  Joe Maloney
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Mar 19, 2014 at 10:18 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>>>
>>>>>>>  On 03/19/2014 10:45, Joe Maloney wrote:
>>>>>>>
>>>>>>>  I actually tested with FreeNAS 9.2.1.2 configured as a domain
>>>>>>> controller.  :)  I'm moving on to a new job full-time in a few weeks where
>>>>>>> I've already deployed about 5 FreeNAS servers so far to replace an old
>>>>>>> samba3 + openldap setup.  So I've been consumed with figuring out the
>>>>>>> perfect setup for that which I have and it's working great so far.
>>>>>>>
>>>>>>> I'm hoping to get a new work PC set up my first day with PCBSD
>>>>>>> joined to the directory so I can kind of show that off.  So far I can log
>>>>>>> in if I choose the option in PCDM to list the users but the manual entry
>>>>>>> method just freezes.  I'll have to see if I can gather more logs somehow.
>>>>>>>
>>>>>>>
>>>>>>>  Both visible/invisible user lists use the exact same backend
>>>>>>> systems in PCDM, so maybe it is something in the "display name" to
>>>>>>> "username" conversion that is messing up active directory (or some AD
>>>>>>> "magic" resulting in needing a different username than you think for the
>>>>>>> manual entry). Try entering the normally-visible "Display Name" into the
>>>>>>> manual entry and see if that works - that should let the PCDM backend
>>>>>>> convert it to the auto-detected username associated with that display name
>>>>>>> and see if it works.
>>>>>>>
>>>>>>>
>>>>>>>  BTW after looking at the alternatives Fedora, CentOS, Ubuntu,
>>>>>>> Debian only centos had a GUI tool to actually bind a machine to an active
>>>>>>> directory it was a little more cumbersome to set up than yours was.  So I
>>>>>>> have to say good job.
>>>>>>>
>>>>>>> Joe Maloney
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  :-)
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Mar 19, 2014 at 8:33 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>>>>
>>>>>>>>  Thanks for the feedback on PCDM, this is the first confirmation I
>>>>>>>> have seen that it works from somebody actually testing it with a full AD
>>>>>>>> setup.
>>>>>>>>
>>>>>>>> My guess would be that the samba conf file location simply got
>>>>>>>> changed between samba3 and samba4, so moving our default configuration over
>>>>>>>> to samba4.conf is probably a good idea since we don't use samba3 anymore. I
>>>>>>>> will defer to Kris for the final say on this matter though..... ;-)
>>>>>>>>
>>>>>>>>
>>>>>>>> On 03/18/2014 23:34, Joe Maloney wrote:
>>>>>>>>
>>>>>>>>  After further research I touched this file and changed smb.conf
>>>>>>>> to smb4.conf.
>>>>>>>>
>>>>>>>>
>>>>>>>> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>>>>>
>>>>>>>>  I haven’t yet edited in pcbsd git repo.  Is this ok to change?
>>>>>>>>  Is there a reason for it to be smb.conf?
>>>>>>>>
>>>>>>>>  After the above change I just had to launch only winbindd
>>>>>>>> manually and problem solved. Indeed PCDM does not list users when in
>>>>>>>> directory mode unless the box is checked to show users.  Pretty cool.
>>>>>>>>
>>>>>>>>  Joe Maloney
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Mar 18, 2014 at 9:27 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>>>>>
>>>>>>>>> After configuring with pc-activedirectory it doesn’t work.  After
>>>>>>>>> copying smb.conf to smb4.conf the net ads join command then works.  At this
>>>>>>>>> stage wbinfo -u doesn’t work to list users so finally starting smb, nmbd,
>>>>>>>>> winbind manually it fully works now I can see all of my ad users in PCDM.
>>>>>>>>>
>>>>>>>>>  Joe Maloney
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>  _______________________________________________
>>>>>>>> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> ~~ Ken Moore ~~
>>>>>>>> PC-BSD/iXsystems
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Testing mailing list
>>>>>>>> Testing at lists.pcbsd.org
>>>>>>>> http://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> ~~ Ken Moore ~~
>>>>>>> PC-BSD/iXsystems
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>   --
>>> Kris Moore
>>> PC-BSD Software
>>> iXsystems
>>>
>>>
>>
>
>
> _______________________________________________
> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>
>
>
> --
> Kris Moore
> PC-BSD Software
> iXsystems
>
>
>
> _______________________________________________
> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>
>
>
> --
> ~~ Ken Moore ~~
> PC-BSD/iXsystems
>
>
> _______________________________________________
> Testing mailing list
> Testing at lists.pcbsd.org
> http://lists.pcbsd.org/mailman/listinfo/testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140420/5e0dcaf7/attachment-0001.html>


More information about the Testing mailing list