[PC-BSD Testing] pc-activedirectory broken + workarounds

Ken Moore ken at pcbsd.org
Mon Apr 21 05:37:55 PDT 2014


Great!

On 04/20/2014 17:55, Joe Maloney wrote:
> Confirmed the new pw code to create home directories for PDCM works. 
>  Still have to modify /etc/rc.conf.pcbsd by hand to use 
> samba_server_enable=“YES” until that part of the system update gets 
> passed out.  Otherwise working out of box now.  :)
>
> Joe Maloney
>
>
> On Thu, Apr 17, 2014 at 7:12 AM, Ken Moore <ken at pcbsd.org 
> <mailto:ken at pcbsd.org>> wrote:
>
>     All done.
>     PCDM should now use the "pw" utility to create the user's home
>     directory if it does not exist, but the login credentials are valid.
>
>
>     On 04/14/2014 11:40, Kris Moore wrote:
>>
>>     I merged those changes into freebsd/master. I'll backport it to
>>     stable/10 and releng/10.0 as well. As for PCDM, I think it can be
>>     set to do that automatically.
>>
>>     Ken, can you make that change? If the login / pass is successful,
>>     yet $HOME doesn't exist, create $HOME directory.
>>
>>     On 04/12/2014 20:33, Joe Maloney wrote:
>>>     I’ve updated pc-samba again in master with another fix for
>>>     starting samba and I’ve proposed a change for rc.conf.pcbsd to
>>>     fix samba not starting up.  Those two changes will also fix the
>>>     previous winbind startup issues and active directory users will
>>>     now appear out of box when joined to an ad.
>>>
>>>     The only thing left for it to be fully functional out of box
>>>     would be to somehow have PCDM create a /usr/home/%username%
>>>     directory when a new user logs in that doesn’t yet have a home
>>>     directory.  Otherwise if the user creates a home directory
>>>     manually the login works fine.
>>>
>>>     Joe Maloney
>>>
>>>
>>>     On Fri, Mar 28, 2014 at 11:07 AM, Joe Maloney
>>>     <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>>
>>>         Changed.  Was just checking first because Ken said we should
>>>         ask you before changing that one.
>>>
>>>         Joe Maloney
>>>
>>>
>>>         On Fri, Mar 28, 2014 at 10:15 AM, Kris Moore <kris at pcbsd.org
>>>         <mailto:kris at pcbsd.org>> wrote:
>>>
>>>
>>>             Sure! Can you make the change, or would you like me to
>>>             do it?
>>>
>>>
>>>             On 03/27/2014 21:51, Joe Maloney wrote:
>>>>             Kris,
>>>>             can we change smb.conf here to smb4.conf to begin to
>>>>             fix pc-adsldap domain joins?
>>>>
>>>>             https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>             <https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba>
>>>>
>>>>             Joe Maloney
>>>>
>>>>
>>>>             On Wed, Mar 19, 2014 at 9:12 PM, Joe Maloney
>>>>             <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>>>
>>>>                 Login without the user list also works perfect.
>>>>
>>>>                 Joe Maloney
>>>>
>>>>
>>>>
>>>>                 On Wed, Mar 19, 2014 at 9:09 PM, Joe Maloney
>>>>                 <jmaloney at pcbsd.org <mailto:jmaloney at pcbsd.org>> wrote:
>>>>
>>>>                     It’s not creating the home directories.  Once I
>>>>                     created /usr/home/jmaloney manually it worked.
>>>>                      That explains why it was working on my old
>>>>                     setup until I removed that user from my local
>>>>                     system and nuked the dataset for that user.
>>>>
>>>>                     So.  4 steps required to make it work.
>>>>
>>>>                     Change smb.conf to smb4.conf in pc-samba
>>>>                     launch winbindd
>>>>                     restart PCDM after launching winbind
>>>>                     mkdir /usr/home/%username%
>>>>
>>>>                     Joe Maloney
>>>>
>>>>
>>>>                     On Wed, Mar 19, 2014 at 8:20 PM, Joe Maloney
>>>>                     <jmaloney at pcbsd.org
>>>>                     <mailto:jmaloney at pcbsd.org>> wrote:
>>>>
>>>>                         After some more testing I see that I can
>>>>                         log in as a local user with just “admin”
>>>>                         and no problems.  It seems now even if I
>>>>                         bring back the list of users and click to
>>>>                         login it still hangs.  I more than likely
>>>>                         just borked my setup when I tried to
>>>>                         install samba port to see if it would bring
>>>>                         back /usr/local/etc/rc.d/winbindd script so
>>>>                         that I could make it start automatically.
>>>>                          Which it didn’t so I need to figure that
>>>>                         out.  I will start over fresh and just make
>>>>                         that smb.conf > smb4.conf change in
>>>>                         pc-samba and at most start winbindd
>>>>                         manually and see what happens...
>>>>
>>>>                         Joe Maloney
>>>>
>>>>
>>>>
>>>>                         On Wed, Mar 19, 2014 at 10:18 AM, Ken Moore
>>>>                         <ken at pcbsd.org <mailto:ken at pcbsd.org>> wrote:
>>>>
>>>>                             On 03/19/2014 10:45, Joe Maloney wrote:
>>>>>                             I actually tested with FreeNAS 9.2.1.2
>>>>>                             configured as a domain controller. :) 
>>>>>                             I'm moving on to a new job full-time
>>>>>                             in a few weeks where I've already
>>>>>                             deployed about 5 FreeNAS servers so
>>>>>                             far to replace an old samba3 +
>>>>>                             openldap setup.  So I've been consumed
>>>>>                             with figuring out the perfect setup
>>>>>                             for that which I have and it's working
>>>>>                             great so far.
>>>>>
>>>>>                             I'm hoping to get a new work PC set up
>>>>>                             my first day with PCBSD joined to the
>>>>>                             directory so I can kind of show that
>>>>>                             off.  So far I can log in if I choose
>>>>>                             the option in PCDM to list the users
>>>>>                             but the manual entry method just
>>>>>                             freezes.  I'll have to see if I can
>>>>>                             gather more logs somehow.
>>>>>
>>>>
>>>>                             Both visible/invisible user lists use
>>>>                             the exact same backend systems in PCDM,
>>>>                             so maybe it is something in the
>>>>                             "display name" to "username" conversion
>>>>                             that is messing up active directory (or
>>>>                             some AD "magic" resulting in needing a
>>>>                             different username than you think for
>>>>                             the manual entry). Try entering the
>>>>                             normally-visible "Display Name" into
>>>>                             the manual entry and see if that works
>>>>                             - that should let the PCDM backend
>>>>                             convert it to the auto-detected
>>>>                             username associated with that display
>>>>                             name and see if it works.
>>>>
>>>>
>>>>>                             BTW after looking at the alternatives
>>>>>                             Fedora, CentOS, Ubuntu, Debian only
>>>>>                             centos had a GUI tool to actually bind
>>>>>                             a machine to an active directory it
>>>>>                             was a little more cumbersome to set up
>>>>>                             than yours was.  So I have to say good
>>>>>                             job.
>>>>>
>>>>>                             Joe Maloney
>>>>>
>>>>>
>>>>
>>>>                             :-)
>>>>
>>>>>
>>>>>                             On Wed, Mar 19, 2014 at 8:33 AM, Ken
>>>>>                             Moore <ken at pcbsd.org
>>>>>                             <mailto:ken at pcbsd.org>> wrote:
>>>>>
>>>>>                                 Thanks for the feedback on PCDM,
>>>>>                                 this is the first confirmation I
>>>>>                                 have seen that it works from
>>>>>                                 somebody actually testing it with
>>>>>                                 a full AD setup.
>>>>>
>>>>>                                 My guess would be that the samba
>>>>>                                 conf file location simply got
>>>>>                                 changed between samba3 and samba4,
>>>>>                                 so moving our default
>>>>>                                 configuration over to samba4.conf
>>>>>                                 is probably a good idea since we
>>>>>                                 don't use samba3 anymore. I will
>>>>>                                 defer to Kris for the final say on
>>>>>                                 this matter though..... ;-)
>>>>>
>>>>>
>>>>>                                 On 03/18/2014 23:34, Joe Maloney
>>>>>                                 wrote:
>>>>>>                                 After further research I touched
>>>>>>                                 this file and changed smb.conf to
>>>>>>                                 smb4.conf.
>>>>>>
>>>>>>                                 https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>>>
>>>>>>                                 I haven’t yet edited in pcbsd git
>>>>>>                                 repo.  Is this ok to change?  Is
>>>>>>                                 there a reason for it to be smb.conf?
>>>>>>
>>>>>>                                 After the above change I just had
>>>>>>                                 to launch only winbindd manually
>>>>>>                                 and problem solved. Indeed PCDM
>>>>>>                                 does not list users when in
>>>>>>                                 directory mode unless the box is
>>>>>>                                 checked to show users.  Pretty cool.
>>>>>>
>>>>>>                                 Joe Maloney
>>>>>>
>>>>>>
>>>>>>
>>>>>>                                 On Tue, Mar 18, 2014 at 9:27 PM,
>>>>>>                                 Joe Maloney <jmaloney at pcbsd.org
>>>>>>                                 <mailto:jmaloney at pcbsd.org>> wrote:
>>>>>>
>>>>>>                                     After configuring with
>>>>>>                                     pc-activedirectory it doesn’t
>>>>>>                                     work.  After copying smb.conf
>>>>>>                                     to smb4.conf the net ads join
>>>>>>                                     command then works.  At this
>>>>>>                                     stage wbinfo -u doesn’t work
>>>>>>                                     to list users so finally
>>>>>>                                     starting smb, nmbd, winbind
>>>>>>                                     manually it fully works now I
>>>>>>                                     can see all of my ad users in
>>>>>>                                     PCDM.
>>>>>>
>>>>>>                                     Joe Maloney
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>                                 _______________________________________________
>>>>>>                                 Testing mailing list
>>>>>>                                 Testing at lists.pcbsd.org  <mailto:Testing at lists.pcbsd.org>
>>>>>>                                 http://lists.pcbsd.org/mailman/listinfo/testing
>>>>>
>>>>>
>>>>>                                 -- 
>>>>>                                 ~~ Ken Moore ~~
>>>>>                                 PC-BSD/iXsystems
>>>>>
>>>>>
>>>>>                                 _______________________________________________
>>>>>                                 Testing mailing list
>>>>>                                 Testing at lists.pcbsd.org
>>>>>                                 <mailto:Testing at lists.pcbsd.org>
>>>>>                                 http://lists.pcbsd.org/mailman/listinfo/testing
>>>>>
>>>>>
>>>>
>>>>
>>>>                             -- 
>>>>                             ~~ Ken Moore ~~
>>>>                             PC-BSD/iXsystems
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>             -- 
>>>             Kris Moore
>>>             PC-BSD Software
>>>             iXsystems
>>>
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     Testing mailing list
>>>     Testing at lists.pcbsd.org  <mailto:Testing at lists.pcbsd.org>
>>>     http://lists.pcbsd.org/mailman/listinfo/testing
>>
>>
>>     -- 
>>     Kris Moore
>>     PC-BSD Software
>>     iXsystems
>>
>>
>>     _______________________________________________
>>     Testing mailing list
>>     Testing at lists.pcbsd.org  <mailto:Testing at lists.pcbsd.org>
>>     http://lists.pcbsd.org/mailman/listinfo/testing
>
>
>     -- 
>     ~~ Ken Moore ~~
>     PC-BSD/iXsystems
>
>
>     _______________________________________________
>     Testing mailing list
>     Testing at lists.pcbsd.org <mailto:Testing at lists.pcbsd.org>
>     http://lists.pcbsd.org/mailman/listinfo/testing
>
>


-- 
~~ Ken Moore ~~
PC-BSD/iXsystems

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140421/b544d944/attachment-0001.html>


More information about the Testing mailing list