[PC-BSD Testing] pc-activedirectory broken + workarounds

Joe Maloney jmaloney at pcbsd.org
Sun May 4 14:58:11 PDT 2014


Might be worth having someone add to docs on this page:

http://wiki.pcbsd.org/index.php/Active_Directory_%26_LDAP/10.0

Set the hostname to include the realm name otherwise a dns update warning
will appear on every boot.  I was able to go into network configuration and
change my hostname from pcbsd-3881 to pcbsd-3881.maloney.local.  After
restart this will fix this command which runs at every boot:

[root at pcbsd-3881] /etc# net ads dns register -P
DNS Update for localhost.pcbsd-3881 failed: ERROR_DNS_UPDATE_FAILED
DNS update failed!

Setting the hostname with realm name will result in:

[root at pcbsd-3881] ~# net ads dns register -P
Successfully registered hostname with DNS

Other than this all remaining errors/warnings should are fixed now from my
last few commits to pc-samba.

Joe Maloney





On Mon, Apr 21, 2014 at 7:37 AM, Ken Moore <ken at pcbsd.org> wrote:

>  Great!
>
>
> On 04/20/2014 17:55, Joe Maloney wrote:
>
> Confirmed the new pw code to create home directories for PDCM works.
>  Still have to modify /etc/rc.conf.pcbsd by hand to use
> samba_server_enable=“YES” until that part of the system update gets passed
> out.  Otherwise working out of box now.  :)
>
>  Joe Maloney
>
>
> On Thu, Apr 17, 2014 at 7:12 AM, Ken Moore <ken at pcbsd.org> wrote:
>
>>  All done.
>> PCDM should now use the "pw" utility to create the user's home directory
>> if it does not exist, but the login credentials are valid.
>>
>>
>> On 04/14/2014 11:40, Kris Moore wrote:
>>
>>
>> I merged those changes into freebsd/master. I'll backport it to stable/10
>> and releng/10.0 as well. As for PCDM, I think it can be set to do that
>> automatically.
>>
>> Ken, can you make that change? If the login / pass is successful, yet
>> $HOME doesn't exist, create $HOME directory.
>>
>> On 04/12/2014 20:33, Joe Maloney wrote:
>>
>> I’ve updated pc-samba again in master with another fix for starting samba
>> and I’ve proposed a change for rc.conf.pcbsd to fix samba not starting up.
>>  Those two changes will also fix the previous winbind startup issues and
>> active directory users will now appear out of box when joined to an ad.
>>
>>  The only thing left for it to be fully functional out of box would be
>> to somehow have PCDM create a /usr/home/%username% directory when a new
>> user logs in that doesn’t yet have a home directory.  Otherwise if the user
>> creates a home directory manually the login works fine.
>>
>>  Joe Maloney
>>
>>
>> On Fri, Mar 28, 2014 at 11:07 AM, Joe Maloney <jmaloney at pcbsd.org> wrote:
>>
>>> Changed.  Was just checking first because Ken said we should ask you
>>> before changing that one.
>>>
>>>  Joe Maloney
>>>
>>>
>>> On Fri, Mar 28, 2014 at 10:15 AM, Kris Moore <kris at pcbsd.org> wrote:
>>>
>>>>
>>>> Sure! Can you make the change, or would you like me to do it?
>>>>
>>>>
>>>> On 03/27/2014 21:51, Joe Maloney wrote:
>>>>
>>>> Kris,
>>>> can we change smb.conf here to smb4.conf to begin to fix pc-adsldap
>>>> domain joins?
>>>>
>>>>
>>>> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/
>>>> pc-adctl/scripts/pc-samba
>>>>
>>>>  Joe Maloney
>>>>
>>>>
>>>> On Wed, Mar 19, 2014 at 9:12 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>
>>>>> Login without the user list also works perfect.
>>>>>
>>>>>  Joe Maloney
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Mar 19, 2014 at 9:09 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>>
>>>>>> It’s not creating the home directories.  Once I created
>>>>>> /usr/home/jmaloney manually it worked.  That explains why it was working on
>>>>>> my old setup until I removed that user from my local system and nuked the
>>>>>> dataset for that user.
>>>>>>
>>>>>>  So.  4 steps required to make it work.
>>>>>>
>>>>>>  Change smb.conf to smb4.conf in pc-samba
>>>>>> launch winbindd
>>>>>> restart PCDM after launching winbind
>>>>>> mkdir /usr/home/%username%
>>>>>>
>>>>>>  Joe Maloney
>>>>>>
>>>>>>
>>>>>> On Wed, Mar 19, 2014 at 8:20 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>>>
>>>>>>> After some more testing I see that I can log in as a local user with
>>>>>>> just “admin” and no problems.  It seems now even if I bring back the list
>>>>>>> of users and click to login it still hangs.  I more than likely just borked
>>>>>>> my setup when I tried to install samba port to see if it would bring back
>>>>>>> /usr/local/etc/rc.d/winbindd script so that I could make it start
>>>>>>> automatically.  Which it didn’t so I need to figure that out.  I will start
>>>>>>> over fresh and just make that smb.conf > smb4.conf change in pc-samba and
>>>>>>> at most start winbindd manually and see what happens...
>>>>>>>
>>>>>>>  Joe Maloney
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Mar 19, 2014 at 10:18 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>>>>
>>>>>>>>  On 03/19/2014 10:45, Joe Maloney wrote:
>>>>>>>>
>>>>>>>>  I actually tested with FreeNAS 9.2.1.2 configured as a domain
>>>>>>>> controller.  :)  I'm moving on to a new job full-time in a few weeks where
>>>>>>>> I've already deployed about 5 FreeNAS servers so far to replace an old
>>>>>>>> samba3 + openldap setup.  So I've been consumed with figuring out the
>>>>>>>> perfect setup for that which I have and it's working great so far.
>>>>>>>>
>>>>>>>> I'm hoping to get a new work PC set up my first day with PCBSD
>>>>>>>> joined to the directory so I can kind of show that off.  So far I can log
>>>>>>>> in if I choose the option in PCDM to list the users but the manual entry
>>>>>>>> method just freezes.  I'll have to see if I can gather more logs somehow.
>>>>>>>>
>>>>>>>>
>>>>>>>>  Both visible/invisible user lists use the exact same backend
>>>>>>>> systems in PCDM, so maybe it is something in the "display name" to
>>>>>>>> "username" conversion that is messing up active directory (or some AD
>>>>>>>> "magic" resulting in needing a different username than you think for the
>>>>>>>> manual entry). Try entering the normally-visible "Display Name" into the
>>>>>>>> manual entry and see if that works - that should let the PCDM backend
>>>>>>>> convert it to the auto-detected username associated with that display name
>>>>>>>> and see if it works.
>>>>>>>>
>>>>>>>>
>>>>>>>>  BTW after looking at the alternatives Fedora, CentOS, Ubuntu,
>>>>>>>> Debian only centos had a GUI tool to actually bind a machine to an active
>>>>>>>> directory it was a little more cumbersome to set up than yours was.  So I
>>>>>>>> have to say good job.
>>>>>>>>
>>>>>>>> Joe Maloney
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>  :-)
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Mar 19, 2014 at 8:33 AM, Ken Moore <ken at pcbsd.org> wrote:
>>>>>>>>
>>>>>>>>>  Thanks for the feedback on PCDM, this is the first confirmation
>>>>>>>>> I have seen that it works from somebody actually testing it with a full AD
>>>>>>>>> setup.
>>>>>>>>>
>>>>>>>>> My guess would be that the samba conf file location simply got
>>>>>>>>> changed between samba3 and samba4, so moving our default configuration over
>>>>>>>>> to samba4.conf is probably a good idea since we don't use samba3 anymore. I
>>>>>>>>> will defer to Kris for the final say on this matter though..... ;-)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 03/18/2014 23:34, Joe Maloney wrote:
>>>>>>>>>
>>>>>>>>>  After further research I touched this file and changed smb.conf
>>>>>>>>> to smb4.conf.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> https://github.com/pcbsd/pcbsd/blob/91d60cdbfb76269232372ffcdd3239c069453899/src-sh/pc-adctl/scripts/pc-samba
>>>>>>>>>
>>>>>>>>>  I haven’t yet edited in pcbsd git repo.  Is this ok to change?
>>>>>>>>>  Is there a reason for it to be smb.conf?
>>>>>>>>>
>>>>>>>>>  After the above change I just had to launch only winbindd
>>>>>>>>> manually and problem solved. Indeed PCDM does not list users when in
>>>>>>>>> directory mode unless the box is checked to show users.  Pretty cool.
>>>>>>>>>
>>>>>>>>>  Joe Maloney
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Mar 18, 2014 at 9:27 PM, Joe Maloney <jmaloney at pcbsd.org>wrote:
>>>>>>>>>
>>>>>>>>>> After configuring with pc-activedirectory it doesn’t work.  After
>>>>>>>>>> copying smb.conf to smb4.conf the net ads join command then works.  At this
>>>>>>>>>> stage wbinfo -u doesn’t work to list users so finally starting smb, nmbd,
>>>>>>>>>> winbind manually it fully works now I can see all of my ad users in PCDM.
>>>>>>>>>>
>>>>>>>>>>  Joe Maloney
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  _______________________________________________
>>>>>>>>> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> ~~ Ken Moore ~~
>>>>>>>>> PC-BSD/iXsystems
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Testing mailing list
>>>>>>>>> Testing at lists.pcbsd.org
>>>>>>>>> http://lists.pcbsd.org/mailman/listinfo/testing
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> ~~ Ken Moore ~~
>>>>>>>> PC-BSD/iXsystems
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>   --
>>>> Kris Moore
>>>> PC-BSD Software
>>>> iXsystems
>>>>
>>>>
>>>
>>
>>
>> _______________________________________________
>> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>>
>>
>>
>> --
>> Kris Moore
>> PC-BSD Software
>> iXsystems
>>
>>
>>
>> _______________________________________________
>> Testing mailing listTesting at lists.pcbsd.orghttp://lists.pcbsd.org/mailman/listinfo/testing
>>
>>
>>
>> --
>> ~~ Ken Moore ~~
>> PC-BSD/iXsystems
>>
>>
>> _______________________________________________
>> Testing mailing list
>> Testing at lists.pcbsd.org
>> http://lists.pcbsd.org/mailman/listinfo/testing
>>
>>
>
>
> --
> ~~ Ken Moore ~~
> PC-BSD/iXsystems
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140504/524ed1ac/attachment-0001.html>


More information about the Testing mailing list