Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: SME and Openfiler
« previous next »
Pages: [1]   Go Down

SME and Openfiler

  • 6 Replies
  • 3850 Views

Offline frenchi6625

  • *
  • 15
  • +0/-0
SME and Openfiler
« on: May 19, 2008, 11:53:57 AM »
I have posted this topic at both the Openfiler and SME forums.

Purpose:
To add an Openfiler 2.2 server (www.openfiler.com) to an SME (www.contribs.org) domain, enabling the Openfiler NAS server to access user and group information on the SME server, NOT using LDAP.

Running SME 7.3 on a DELL PowerEdge 2950 III, with a PERC 6/i RAID controller. 4 x 160Gb SATA drives in hardware RAID5.

Sme is installed, updated and working, users and groups have been created, users can log on to the SME domain from XP workstations and access server recources. Windows workgroup is 'ABC'

Installed Openfiler on a DELL PowerEdge 2950 III, with a PERC 6/i RAID controller. 6 x 250Gb SATA drives, and updated to latest version, 2.2.r1227-3-1, details below:

Canonical Hostname     1nas.mydomain.com
Listening IP:      192.168.5.2
Kernel Version:       2.6.19.7-0.3.smp.gcc3.4.x86_64 (SMP)
Distro Name:      Openfiler NAS/SAN

Filesystems:

VD1 - 2 x 250Gb Seagate SATA, RAID1

/boot:         101mb
/var/log:      2048mb
swap:         2048mb
/:         remainder of drive capacity

VD2 - 4 x 250Gb Seagate SATA, RAID5

Nothing configured here yet.

Configuration attemp1:

In Openfiler webmin control panel (https://serverip:446)

Set hostname to 1nas.mydomain.com.
Set ip in LAN range, 192.168.5.2
Set primary DNS to 192.168.5.1 (SME address)
Added 192.168.5.0/255.255.255.0 as LAN
Clock is set to the same time as SME server.

Enabled SMB/CIFS
SMB Settings

Server string:   Openfiler NAS
NetBIOS name:   1nas
WINS server:   192.168.5.1 (SME address)

Under accounts:

Ticked 'Use Windows domain controller and authentication'
Security model:      NT4-style Domain (RPC)
Domain / Workgroup:   ABC
Join domain ticked
Use user admin and root password to join domain.

Once joined, I have the following groups, and NO users on Openfiler:

16777216     

Members of the group BUILTIN+System Operators
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+System Operators    Unknown

16777217    

Members of the group BUILTIN+Replicators
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Replicators    Unknown

16777218    

Members of the group BUILTIN+Guests
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Guests    Unknown

16777219    

Members of the group BUILTIN+Power Users
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Power Users    Unknown

16777220    

Members of the group BUILTIN+Print Operators
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Print Operators    Unknown

16777221    

Members of the group BUILTIN+Administrators
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Administrators    Unknown

16777222    

Members of the group BUILTIN+Account Operators
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Account Operators    Unknown

16777223    

Members of the group BUILTIN+Backup Operators
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Backup Operators    Unknown

16777224    

Members of the group BUILTIN+Users
UID    User Name    User Type    Primary Group
Close Window
BUILTIN+Users

After joining, I look at the SME logs for

/var/log/samba/log.1nas:

[2008/05/19 11:41:05, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242)
  get_md4pw: Workstation 1NAS$: no account in domain
[2008/05/19 11:41:05, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461)
  _net_auth2: failed to get machine password for account 1NAS$: NT_STATUS_ACCESS_DENIED

/var/log/messages:

May 19 11:41:05 box1 esmith::event[18587]: Processing event: machine-account-create 1nas$
May 19 11:41:05 box1 esmith::event[18587]: Running event handler: /etc/e-smith/events/machine-account-create/S10create-machine-account
May 19 11:41:05 box1 /etc/e-smith/events/machine-account-create/S10create-machine-account[18588]: /home/e-smith/db/accounts: OLD 1nas$=(undefined)
May 19 11:41:05 box1 /etc/e-smith/events/machine-account-create/S10create-machine-account[18588]: /home/e-smith/db/accounts: NEW 1nas$=machine
May 19 11:41:05 box1 esmith::event[18587]: create-machine-account 1nas$: Creating Unix user and group

It seems that SME is creating the machine account but locking the password, as it does with user accounts?
Logged

Offline frenchi6625

  • *
  • 15
  • +0/-0
Re: SME and Openfiler
« Reply #1 on: May 19, 2008, 12:24:43 PM »
UPDATE

After adding the 1nas machineaccount manually to SME using /sbin/e-smith/signal-event machine-account-create 1nas, I tried joining the domain from Openfiler again, generating the following logs:

/var/log/messages:

May 19 12:14:35 box1 smbd[5045]: [2008/05/19 12:14:35, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
May 19 12:14:35 box1 smbd[5045]:   _net_auth2: creds_server_check failed. Rejecting auth request from client 1NAS machine account 1NAS$

Is it possible to set the password for a machine account to none?
Logged

Offline frenchi6625

  • *
  • 15
  • +0/-0
Re: SME and Openfiler
« Reply #2 on: May 19, 2008, 03:59:45 PM »
UPDATE

Edited the file /etc/krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = MYDOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
MYDOMAIN.COM = {
  kdc = kerberos.mydomain.com:88
  admin_server = kerberos.mydomain.com:749
  default_domain = mydomain.com
 }

[domain_realm]
 .mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

No dice. Gave this in the SME logs -

/var/log/messages:

May 19 15:51:09 box1 smbd[5108]: [2008/05/19 15:51:09, 0] lib/util_sock.c:read_data(534)
May 19 15:51:09 box1 smbd[5108]:   read_data: read failure for 4 bytes to client 192.168.5.2. Error = Connection reset by peer

/var/log/samba/log.1nas:

[2008/05/19 15:49:09, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.5.2. Error = Connection reset by peer
[2008/05/19 15:51:09, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.5.2. Error = Connection reset by peer

Logged

Offline byte

  • *
  • 2,183
  • +2/-0
Re: SME and Openfiler
« Reply #3 on: May 19, 2008, 04:39:56 PM »
Moving this topic to the SME 7.x contribs forum, it is more appropriate there. Thanks!
Logged
--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

Offline steever

  • *
  • 185
  • +0/-0
    • Open-Sesame
Re: SME and Openfiler
« Reply #4 on: May 23, 2008, 04:48:23 AM »
Yes, it's weird, isn't it.  Even after joining the domain successfully, you can run wbinfo -g and pull up SME's groups and wbinfo -t confirms the secret trust, but wbinfo -u fails.  What gives?

Steve
Logged
Saving the world ... one server at a time.

Offline frenchi6625

  • *
  • 15
  • +0/-0
Re: SME and Openfiler
« Reply #5 on: May 30, 2008, 12:14:32 PM »
seems no one knows. not a good sign.
Logged

Offline steever

  • *
  • 185
  • +0/-0
    • Open-Sesame
Re: SME and Openfiler
« Reply #6 on: May 31, 2008, 03:19:19 PM »
It's not an SME problem.  The openfiler forums are full of unanswered questions re joining openfiler to samba domains.  Doesn't work.
Logged
Saving the world ... one server at a time.
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: SME and Openfiler