[PC-BSD Testing] pc-activedirectory broken + workarounds

Joe Maloney jmaloney at pcbsd.org
Fri Mar 28 09:07:39 PDT 2014


Changed.  Was just checking first because Ken said we should ask you before
changing that one.

Joe Maloney


On Fri, Mar 28, 2014 at 10:15 AM, Kris Moore <kris at pcbsd.org> wrote:

>
> Sure! Can you make the change, or would you like me to do it?
>
>
> On 03/27/2014 21:51, Joe Maloney wrote:
>
> Kris,
> can we change smb.conf here to smb4.conf to begin to fix pc-adsldap domain
> joins?
>
>
> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/
> pc-adctl/scripts/pc-samba
>
>  Joe Maloney
>
>
> On Wed, Mar 19, 2014 at 9:12 PM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>
>> Login without the user list also works perfect.
>>
>>  Joe Maloney
>>
>>
>>
>> On Wed, Mar 19, 2014 at 9:09 PM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>>
>>> It's not creating the home directories.  Once I created
>>> /usr/home/jmaloney manually it worked.  That explains why it was working on
>>> my old setup until I removed that user from my local system and nuked the
>>> dataset for that user.
>>>
>>>  So.  4 steps required to make it work.
>>>
>>>  Change smb.conf to smb4.conf in pc-samba
>>> launch winbindd
>>> restart PCDM after launching winbind
>>> mkdir /usr/home/%username%
>>>
>>>  Joe Maloney
>>>
>>>
>>> On Wed, Mar 19, 2014 at 8:20 PM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>>>
>>>> After some more testing I see that I can log in as a local user with
>>>> just "admin" and no problems.  It seems now even if I bring back the list
>>>> of users and click to login it still hangs.  I more than likely just borked
>>>> my setup when I tried to install samba port to see if it would bring back
>>>> /usr/local/etc/rc.d/winbindd script so that I could make it start
>>>> automatically.  Which it didn't so I need to figure that out.  I will start
>>>> over fresh and just make that smb.conf > smb4.conf change in pc-samba and
>>>> at most start winbindd manually and see what happens...
>>>>
>>>>  Joe Maloney
>>>>
>>>>
>>>>
>>>> On Wed, Mar 19, 2014 at 10:18 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>
>>>>>  On 03/19/2014 10:45, Joe Maloney wrote:
>>>>>
>>>>>  I actually tested with FreeNAS 9.2.1.2 configured as a domain
>>>>> controller.  :)  I'm moving on to a new job full-time in a few weeks where
>>>>> I've already deployed about 5 FreeNAS servers so far to replace an old
>>>>> samba3 + openldap setup.  So I've been consumed with figuring out the
>>>>> perfect setup for that which I have and it's working great so far.
>>>>>
>>>>> I'm hoping to get a new work PC set up my first day with PCBSD joined
>>>>> to the directory so I can kind of show that off.  So far I can log in if I
>>>>> choose the option in PCDM to list the users but the manual entry method
>>>>> just freezes.  I'll have to see if I can gather more logs somehow.
>>>>>
>>>>>
>>>>>  Both visible/invisible user lists use the exact same backend systems
>>>>> in PCDM, so maybe it is something in the "display name" to "username"
>>>>> conversion that is messing up active directory (or some AD "magic"
>>>>> resulting in needing a different username than you think for the manual
>>>>> entry). Try entering the normally-visible "Display Name" into the manual
>>>>> entry and see if that works - that should let the PCDM backend convert it
>>>>> to the auto-detected username associated with that display name and see if
>>>>> it works.
>>>>>
>>>>>
>>>>>  BTW after looking at the alternatives Fedora, CentOS, Ubuntu, Debian
>>>>> only centos had a GUI tool to actually bind a machine to an active
>>>>> directory it was a little more cumbersome to set up than yours was.  So I
>>>>> have to say good job.
>>>>>
>>>>> Joe Maloney
>>>>>
>>>>>
>>>>>
>>>>>  :-)
>>>>>
>>>>>
>>>>> On Wed, Mar 19, 2014 at 8:33 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>>
>>>>>>  Thanks for the feedback on PCDM, this is the first confirmation I
>>>>>> have seen that it works from somebody actually testing it with a full AD
>>>>>> setup.
>>>>>>
>>>>>> My guess would be that the samba conf file location simply got
>>>>>> changed between samba3 and samba4, so moving our default configuration over
>>>>>> to samba4.conf is probably a good idea since we don't use samba3 anymore. I
>>>>>> will defer to Kris for the final say on this matter though..... ;-)
>>>>>>
>>>>>>
>>>>>> On 03/18/2014 23:34, Joe Maloney wrote:
>>>>>>
>>>>>>  After further research I touched this file and changed smb.conf to
>>>>>> smb4.conf.
>>>>>>
>>>>>>
>>>>>> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>>>
>>>>>>  I haven't yet edited in pcbsd git repo.  Is this ok to change?  Is
>>>>>> there a reason for it to be smb.conf?
>>>>>>
>>>>>>  After the above change I just had to launch only winbindd manually
>>>>>> and problem solved. Indeed PCDM does not list users when in directory mode
>>>>>> unless the box is checked to show users.  Pretty cool.
>>>>>>
>>>>>>  Joe Maloney
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Mar 18, 2014 at 9:27 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>>>
>>>>>>> After configuring with pc-activedirectory it doesn't work.  After
>>>>>>> copying smb.conf to smb4.conf the net ads join command then works.  At this
>>>>>>> stage wbinfo -u doesn't work to list users so finally starting smb, nmbd,
>>>>>>> winbind manually it fully works now I can see all of my ad users in PCDM.
>>>>>>>
>>>>>>>  Joe Maloney
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>  _______________________________________________
>>>>>> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> ~~ Ken Moore ~~
>>>>>> PC-BSD/iXsystems
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Testing mailing list
>>>>>> Testing at lists.pcbsd.org
>>>>>> http://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ~~ Ken Moore ~~
>>>>> PC-BSD/iXsystems
>>>>>
>>>>>
>>>>
>>>
>>
>
>
> --
> Kris Moore
> PC-BSD Software
> iXsystems
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140328/facfdf4b/attachment-0001.html>


More information about the Testing mailing list