Re: FreeBSD samba+winbind
Hi! Thanks for your reply! Sorry, but that didn't help. I even tried installing samba 3.4 (also form ports). With the same configuration as Samba 3.5 there was no idmapping at all. I'll try to raise loglevel to see what happens. With Samba 3.5 and loglevel 10 there were no significant errors and I think the problem is with nssd and nss_winbind.so (some specific behavior for getting all users - getent). Best wishes, Ivo Timur I. Bakeyev wrote: Hi, Ivo! Just a wild guess - could it be the result of moving lockdir in Samba3.5 port from /var/db/samba34 back to /var/db/samba ? Can you check, that, by renaming appropriate directory? Regards, Timur. On Mon, Nov 22, 2010 at 10:15 PM, Ivo Karabojkov i...@kit-bg.com wrote: Perhaps I couldn't get any attention with my problem or I couldn't explain it in enough details. As you probably read, IDMapping works OK. It seems that my problem occurs in nsswitch. In my /etc/nsswitch.conf I have: group: files winbind #group_compat: nis hosts: files dns networks: files passwd: files winbind #passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files wbinfo -u / -g / -i DOMAIN_user works OK. Name service switch works almost OK, since system utilities like id, pw /usershow/, chown, ls resolve domain usernames - IDMapped UIDs OK. But getent passwd and getent group return only local (system) users /groups. Any clue how to make this work too? Ivo Karabojkov wrote: Dear Sirs, I am having troubles with IDMapping users from Server 2003 AD to my FreeBSD 8.1 Samba 3.5. Well, most of Samba documentation should be considered outdated, I had total failure with RID backend for IDMap. The only working (so far) for me is the default: tdb. I have set nsswitch.conf, pam.d and so on correctly. And here is my problem: everything works almost fine, wbinfo shows my domain accounts, I am able to set these accounts and groups as owners of files. Commands like ls, chown, id show AD accounts correctly. pw, getent - show only local system accounts. I need Samba only for file sharing with ACLs, no PAM authentication or something more. So, technically, it works but since I can't see ALL accounts with getent I think something is wrong. IDMapped accounts are with uid and gid 1 I think I am missing something very small and simple, so I hope someone will help me! Thanks in advance, Ivo -- View this message in context: http://old.nabble.com/FreeBSD-samba%2Bwinbind-tp30252640p30282675.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- View this message in context: http://old.nabble.com/FreeBSD-samba%2Bwinbind-tp30252640p30366636.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD samba+winbind
Perhaps I couldn't get any attention with my problem or I couldn't explain it in enough details. As you probably read, IDMapping works OK. It seems that my problem occurs in nsswitch. In my /etc/nsswitch.conf I have: group: files winbind #group_compat: nis hosts: files dns networks: files passwd: files winbind #passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files wbinfo -u / -g / -i DOMAIN_user works OK. Name service switch works almost OK, since system utilities like id, pw /usershow/, chown, ls resolve domain usernames - IDMapped UIDs OK. But getent passwd and getent group return only local (system) users /groups. Any clue how to make this work too? Ivo Karabojkov wrote: Dear Sirs, I am having troubles with IDMapping users from Server 2003 AD to my FreeBSD 8.1 Samba 3.5. Well, most of Samba documentation should be considered outdated, I had total failure with RID backend for IDMap. The only working (so far) for me is the default: tdb. I have set nsswitch.conf, pam.d and so on correctly. And here is my problem: everything works almost fine, wbinfo shows my domain accounts, I am able to set these accounts and groups as owners of files. Commands like ls, chown, id show AD accounts correctly. pw, getent - show only local system accounts. I need Samba only for file sharing with ACLs, no PAM authentication or something more. So, technically, it works but since I can't see ALL accounts with getent I think something is wrong. IDMapped accounts are with uid and gid 1 I think I am missing something very small and simple, so I hope someone will help me! Thanks in advance, Ivo -- View this message in context: http://old.nabble.com/FreeBSD-samba%2Bwinbind-tp30252640p30282675.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD samba+winbind
Dear Sirs, I am having troubles with IDMapping users from Server 2003 AD to my FreeBSD 8.1 Samba 3.5. Well, most of Samba documentation should be considered outdated, I had total failure with RID backend for IDMap. The only working (so far) for me is the default: tdb. I have set nsswitch.conf, pam.d and so on correctly. And here is my problem: everything works almost fine, wbinfo shows my domain accounts, I am able to set these accounts and groups as owners of files. Commands like ls, chown, id show AD accounts correctly. pw, getent - show only local system accounts. I need Samba only for file sharing with ACLs, no PAM authentication or something more. So, technically, it works but since I can't see ALL accounts with getent I think something is wrong. IDMapped accounts are with uid and gid 1 I think I am missing something very small and simple, so I hope someone will help me! Thanks in advance, Ivo -- View this message in context: http://old.nabble.com/FreeBSD-samba%2Bwinbind-tp30252640p30252640.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: won't boot after 8.0-RELEASE upgrade
Can someone give me a clue what went wrong in so described upgrade and what made Kernel 8.0 REL not to see either disklabel nor even partition of my gmirror? I need some advice prior starting upgrade process of the rest of my servers. As you see in my previous posts the problem is NOT in DD mode! Ivo Karabojkov wrote: As I guessed, I am using standard, not DD mode. Despite of this I was unable to boot, and even more: FreeBSD 8.0 sysinstall did not find any partitions neither on the (g)mirror, hardware RAID I described above or any individual disks part of the RAID. I had to use FreeBSD 7.2 livefs to copy my data after I formatted one of the disks with new 8.0 sysinstall. I think this makes our problem totally unexplained. As an example I'll show you my unable to boot system with gmirror fstab: # DeviceMountpoint FStype Options Dump Pass# /dev/mirror/gm0s1b noneswapsw 0 0 /dev/mirror/gm0s1a / ufs rw 1 1 /dev/mirror/gm0s1d /usrufs rw 2 2 /dev/mirror/gm0s1e /varufs rw,acls 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 Something I've noticed: when formatting an entire disk with sysinstall prior 7.0 its partition looks like this: Offset Size(ST)End Name PType Desc Subtype Flags 0 63 62- 12 unused0 63 781417602 781417664ad4s1 8freebsd 165 781417665 2990 781420654- 12 unused0 When formatted with later versions of sysinstall it looks like this: Offset Size(ST)End Name PType Desc Subtype Flags 0 63 62- 12 unused0 63 625142385 625142447ad4s1 8freebsd 165 I notice that the free part at the end is missing. My hardware raid, described above in this thread, stores its metadata in the beginning of the disk. Writes in the first sectors result in mirror break and the error I wrote already. I know all of this because I did a lot of tests to help all of you to find our problem out. I have to say that my problems occured with system initially installed with FreeBSD 5 or 6. One system with single drive installed with 7.2 (second example) upgraded with no problems. I hope my tests will help to find out what happens wit our older disklabelled systems. Polytropon wrote: On Tue, 8 Dec 2009 14:09:16 -0800 (PST), Ivo Karabojkov i...@kit-bg.com wrote: So I'd like to know how to distinguish mode of my current filesystems - is it standard or dangerously dedicated? If you've first created a slice on the disk, and then partitions inside the slice, it's standard mode, e. g. ad0 ab d e f g { [ (/) (swap) (/tmp) (/var) (/usr) (/home) ] } s1 If you've omitted the slice, and created the partitions on the disk device itself, it's dangerosly dedicated mode, e. g. ad0 { (/) (swap) (/tmp) (/var) (/usr) (/home) } ab d e f g You can tell by the existence of ad0s1[adefg] vs. ad0[adefg] in /dev, or by trying to print the disks's slice table. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- View this message in context: http://old.nabble.com/won%27t-boot-after-8.0-RELEASE-upgrade-tp26628661p26739396.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Root exploit for FreeBSD
I think democracy is a choice of freedom. Freedom what to use, AND, in such cases - freedom where to work! If you are marketing specialist probably you should NOT touch much of your computer's control gear. If you are an IT specialist or support such treatment is similar to treat you as a cattle. It's only up to you to allow or forbid such treatment. The freedom has it's price, of course. I always choose to pay it. If someone hires me to manage something he should listen to my or my team's advices. Otherwise he spends money for nothing and I earn headache and broken nerves! And as for academic battle: If universities deny to make tests, experiments and cutting edge implementations then who would??? If IT or computing science, or telecommunication departments are treated in such manner probably they should be dismissed for not letting them to damage our future specialists! It's a sin to read just one book, even if it is the Holly Bible! God, forgive me for comparing М$ with the Bible, it's just for conviction ;-)! In fact I won partially such a battle in 2002-2003, and even if I don't work for our University they still relay on FreeBSD for major part of their IT infrastructure. I wish you all freedom and success! Jerry-107 wrote: On Thu, 10 Dec 2009 20:21:26 +0100 Julian H. Stacey j...@berklix.com replied: Fortuantely, I had no problem setting up a black FreeBSD box to preserve my sanity. A tip for those threatened with no BSD box at work: FreeBSD runs fine _inside_ a box that looks like a multi sheet scanner. OK, slow, but invisible to managers who require MS only. These scanners often lie abandoned in company junk rooms ( cheap on web), as people know they used to need MS's abandoned NT (= Not There) operating system. Well they do ... until one installs BSD. Credit to David M. who did the FreeBSD work. Pictures of hardware to look for in junk rooms: http://www.berklix.com/scanjet/ Cheers, Julian Out of pure morbid curiosity, would you please answer this question for me. You work for a corporation that specifically requires the use of a specific OS, the OS itself is not material to this question. It also forbids the use of any unauthorized OS or equipment on the companies network. You decide to ignore their directives and eventually: 1) Get caught 2) Cause a problem with the company's network, etc. Now, when you get fired and possible charged with a crime, do you: 1) Cry and bitch that they are being unfair? 2) Accept the fact that you deserved to be dismissed? Where I use to work, two or three employees were fired each year because they thought they knew more than everyone else. They failed to realize that they were being compensated to do what they were told and not what they thought they should be doing. The bottom line is if they are not smart enough to follow company directives, they are certainly not capable of instigating their own protocol. -- Jerry ges...@yahoo.com |=== |=== |=== |=== | Grandpa Charnock's Law: You never really learn to swear until you learn to drive. [I thought it was when your kids learned to drive. Ed.] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- View this message in context: http://old.nabble.com/Root-exploit-for-FreeBSD-tp26728358p26739505.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: won't boot after 8.0-RELEASE upgrade
As I guessed, I am using standard, not DD mode. Despite of this I was unable to boot, and even more: FreeBSD 8.0 sysinstall did not find any partitions neither on the (g)mirror, hardware RAID I described above or any individual disks part of the RAID. I had to use FreeBSD 7.2 livefs to copy my data after I formatted one of the disks with new 8.0 sysinstall. I think this makes our problem totally unexplained. As an example I'll show you my unable to boot system with gmirror fstab: # DeviceMountpoint FStype Options Dump Pass# /dev/mirror/gm0s1b noneswapsw 0 0 /dev/mirror/gm0s1a / ufs rw 1 1 /dev/mirror/gm0s1d /usrufs rw 2 2 /dev/mirror/gm0s1e /varufs rw,acls 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 Something I've noticed: when formatting an entire disk with sysinstall prior 7.0 its partition looks like this: Offset Size(ST)End Name PType Desc Subtype Flags 0 63 62- 12 unused0 63 781417602 781417664ad4s1 8freebsd 165 781417665 2990 781420654- 12 unused0 When formatted with later versions of sysinstall it looks like this: Offset Size(ST)End Name PType Desc Subtype Flags 0 63 62- 12 unused0 63 625142385 625142447ad4s1 8freebsd 165 I notice that the free part at the end is missing. My hardware raid, described above in this thread, stores its metadata in the beginning of the disk. Writes in the first sectors result in mirror break and the error I wrote already. I know all of this because I did a lot of tests to help all of you to find our problem out. I have to say that my problems occured with system initially installed with FreeBSD 5 or 6. One system with single drive installed with 7.2 (second example) upgraded with no problems. I hope my tests will help to find out what happens wit our older disklabelled systems. Polytropon wrote: On Tue, 8 Dec 2009 14:09:16 -0800 (PST), Ivo Karabojkov i...@kit-bg.com wrote: So I'd like to know how to distinguish mode of my current filesystems - is it standard or dangerously dedicated? If you've first created a slice on the disk, and then partitions inside the slice, it's standard mode, e. g. ad0 ab d e f g { [ (/) (swap) (/tmp) (/var) (/usr) (/home) ] } s1 If you've omitted the slice, and created the partitions on the disk device itself, it's dangerosly dedicated mode, e. g. ad0 { (/) (swap) (/tmp) (/var) (/usr) (/home) } ab d e f g You can tell by the existence of ad0s1[adefg] vs. ad0[adefg] in /dev, or by trying to print the disks's slice table. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- View this message in context: http://old.nabble.com/won%27t-boot-after-8.0-RELEASE-upgrade-tp26628661p26706523.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: won't boot after 8.0-RELEASE upgrade
I have no problems with the hardware. In fact neither Release notes nor UPDATING says anything about my possible (and actually occured) problems. The only thing is: “dangerously dedicated” mode for the UFS file system is no longer supported. I never supposed that I'm using this mode. I format disks and install with sysinstall without any special tuning for fdisk or disklabel. I prefer standard options to ensure smooth future upgrades. So I'd like to know how to distinguish mode of my current filesystems - is it standard or dangerously dedicated? Ruben de Groot wrote: On Mon, Dec 07, 2009 at 08:40:52AM -0800, Ivo Karabojkov typed: I'm sharing this experience to bring your attention to major advice in the update procedure - to take full backup. While not very new, that's allways good advice ;) My question is: how can I guess the result - Glory or Sorrow BEFORE starting the update? Before starting: read the relnotes and errata and search for possible problems, especially with your particular hardware. Then, if you decide to go ahead, install the new kernel and try to boot it in single user mode. This won't destroy anything and if you experience problems like missing devices you can easily back out by booting kernel.old. Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- View this message in context: http://old.nabble.com/won%27t-boot-after-8.0-RELEASE-upgrade-tp26628661p26701709.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: won't boot after 8.0-RELEASE upgrade
I had to reformat my drive since I had reached the point of no return... So I am also nervous. My first failure was with a-kind-of hardware raid, ar, built with cheap VIA VT6421A controller. After installkernel the system refused to boot and on its display was message hardware failure, you have to destroy and build the mirror again. You will lose ALL data. Frightening, isn't it. So i tested the disks, found them OK and replaced the controller - newer MB with GEOM mirror. Reformat, of course, occurred and all the data was salvaged from the mirror disk. Now I see the card works. It's something with FreeBSD 8.0. This system was installed with FreeBSD 5.1 about may be 4 years ago and upgraded via cvsup til now. I'm sharing this experience to bring your attention to major advice in the update procedure - to take full backup. I think good RAIDs do not store data on the disks in readable by any adapter with same interface format. My question is: how can I guess the result - Glory or Sorrow BEFORE starting the update? Otherwise, needless to say, 8.0 works perfectly. I mostly use AMD64 version. Tom Worster wrote: On 12/6/09 1:06 PM, Ivo Karabojkov i...@kit-bg.com wrote: Since I have some servers to manage I am very interested how should I upgrade to 8.0 Rel? this is a big question. for my production servers i like to keep things simple and use the generic binary distribution. and i've been trying to develop a habit of using freebsd-update. but now i'm very nervous. unlike the machine that failed, my production systems have hw raid and don't use gmirror so i suspect the update may go smoothly. i also have a redundant config so i can take a machine offline to do the update. nevertheless, this experience has unnerved me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- View this message in context: http://old.nabble.com/won%27t-boot-after-8.0-RELEASE-upgrade-tp26628661p26679927.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: won't boot after 8.0-RELEASE upgrade
I don't think it's FreeBSD update. I always use CVSup and build world. So I fall into the same hole with no way up. I use gmirror, my device names are full including slice (e.g. /dev/mirror/gm0s1a and it was produced from /dev/ad4s1a some years ago), so I think I'm not using “dangerously dedicated” mode... After the update I'm unable to mount root. Thanks God I have my old (7.2 release) kernel... Since I have some servers to manage I am very interested how should I upgrade to 8.0 Rel? Thanks in advance for all your advices! Regards, Ivo Tom Worster wrote: after running freebsd-update -r 8.0-RELEASE upgrade my system won't boot. it gets stuck on mountroot and i can't find the magic word it wants. the system used to have two sata drives /dev/ad4 and ad6. they were partitioned and sliced using the deafaults that sysinstall suggested. at the boot prompt, lsdev says: disk devices disk0: BIOS drive C: disk0s1a: FFS disk0s1b: swap disk0s1d: FFS disk0s1e: FFS disk0s1f: FFS disk1: BIOS drive D: disk1s1a: FFS disk1s1b: swap disk1s1d: FFS disk1s1e: FFS disk1s1f: FFS which looks right, although i'm not familiar with the disk nomenclature. entering ? at mountroot mentions ad4 and ad6. geom_mirror was being used. i've tried saying load geom_mirror and/or enable-module geom_mirror at the boot prompt. neither made any difference. nothing i've said to mountroot works: ufs:/dev/ad4s1a ufs:/dev/ad6s1a ufs:/dev/mirror/gm0s1a ufs:/dev/disk0s1a ufs:/dev/disk1s1a does anyone know the magic word? i'd be very grateful. tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- View this message in context: http://old.nabble.com/won%27t-boot-after-8.0-RELEASE-upgrade-tp26628661p26667339.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
changing architecture from i386 to amd64
Hi! I have machine working with i386 version of FreeBSD 7.0 Release (after several source updates from 6.0 during the years). Is it possible to re-build kernel and world with another architecture, in my case AMD64? I've tried to build kernel in /sys/amd64/conf, but on make depend everything fails. I see it includes paths with .../I386/.. even link machine in compile directory points to .../I386. I hope to be able to switch my architecture without re-installing FreeBSD with AMD64. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]