cyborgworkshop.org

I seem to be running on a theme here. Setting your centos 5 boxes to authenticate users against your Openfiler LDAP server isn’t as straight forward as setting samba up to auth against it. You’ll obviously need to have Openfiler and LDAP already setup, but you’re also going to have to do some per user modifications in LDAP and some PAM configuration changes on the Centos box. So, starting with the easiest part. Download and copy this script to your openfiler machine. I did not write this script (I found it here) I just modified it for my use.

#!/bin/bash
# change shell and home for user in OpenFiler LDAP server

BINDDN=”cn=Manager,dc=themclarks,dc=com”
BASEDN=”ou=People,dc=themclarks,dc=com”

USER=$1
SHELL=$2

if [ -z "${SHELL}" -o -n "${3}" ]; then
echo “Usage: $0 ”
exit 1
fi

ldapsearch -s base -x -b “uid=${USER},${BASEDN}” > /dev/null
if [ $? -ne 0 ]; then
echo “Error: User ${USER} not found in LDAP server”
exit 1
fi

grep -q -E -e “^${SHELL}$” /etc/shells
if [ $? -ne 0 ]; then
echo “Error: ${SHELL} not found in /etc/shells”
exit 1
fi

ldapmodify -x -D ${BINDDN} -W <
dn: uid=${USER},${BASEDN}
changetype: modify
replace: homeDirectory
homeDirectory: /home/${USER}
EOF
ldapmodify -x -D ${BINDDN} -W <
dn: uid=${USER},${BASEDN}
changetype: modify
replace: loginShell
loginShell: ${SHELL}
EOF

Before you run this script, go into openfiler and make a backup of your LDAP config and database. I doubt their will be a problem, but if you don’t do a backup I can almost guarantee something bad will happen.
Be sure to chmod 775 that script. When you run it you will need to supply the user you want to modify and the shell you want them to have. Home directories will be in /home, but you can modify that as you see fit.
Once that script has run, you will have a user setup with a shell and a home directory in LDAP. moving on to the Centos box
run authconfig as root and select “Use LDAP” in User Information and “Use LDAP Authentication” in Authentication. I also like to select “Local Authentication is sufficient” so I can add an oh-crap account. When you select next, you will be prompted for some LDAP settings.
Leave Use TLS unchecked.
LDAP Server will be ldap://OPEN_FILER_SERVER_NAME
Base DN: will be “dc=your_domain,dc=com”
Hit OK. you can test to see if this works by doing an

su - $USER

for the user that you setup in LDAP. This should work, but it will give you an error about not having a home directory. To fix that, we need to make a change to the pam config. If you did this using the gui authconfig, I believe you will have had an option to setup the automatic creation of home directories, so if you don’t get an error, you’re done.
as root on the centos box, edit /etc/pam.d/system-auth and add the following line to the bottom of the file

session required pam_mkhomedir.so skel=/etc/skel umask=0022

save the file and do an su – to the user you setup in LDAP. You should see a message about a home directory being created. Congratulations, you are authing to LDAP!

I have an openfiler based NAS running as my main file server and an ubuntu VM running rsync that backs that server up. I wanted to be able to browse my backups via samba, and for giggles, authenticate that samba server against the openfiler LDAP that is already configured. This turned out to be really easy.   First install samba.

sudo apt-get install samba

In the new /etc/samba/smb.conf, you need to replace the passdb backend statement with

passdb backend ldapsam:ldap://$DNS_NAME_OF_OPENFILE

and add the following lines

ldap ssl = no
ldap admin dn = cn=Manager,dc=$YOURDOMAIN,dc=com
ldap suffix = dc=$YOURDOMAIN,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group

Be sure to replace $YOURDOMAIN with the domain you configured when you first setup LDAP in openfiler.
The last step is to store LDAP auth credentials in the secrets.tdb file so samba can query your LDAP. you do that by running

smbpasswd -w $OPENFILER_LDAP_PASSWORD

and replace $OPENFILER_LDAP_PASSWORD with the LDAP password you configured when you created the openfiler LDAP. restart samba with

service smbd restart

And you should now be authenticating to you openfiler LDAP!

I’m not going to say that this is a really embarrassing bug, but a whole bunch of other people will. If you are using openfiler 2.3 64 bit and select a network’s access to a share to be read only, samba will panic and create a core every time you try to access that share. The bug does appear to be upstream, not openfiler specific, but damn man! The fix is to revert back to an older version of samba and stay there. To revert back, ssh into your openfiler and run the following.

conary update samba=3.2.6-0.0.1-1
conary update samba-client=3.2.6-0.0.1-1
conary update samba-server=3.2.6-0.0.1-1
/etc/init.d/smb restart

That should take care of it.

I back up my DVDs. I rip them to H264 using handbrake and then store the originals in a DVD holder and hopefully never have to touch, or scratch, them again. But I occasionaly run into a DVD that I can play, but I can’t copy. Shoot Em Up is a good example. So here is how to dump the stream to an mpeg that can then be used in handbrake with mplayer.

mplayer -dumpstream -dumpfile test.mpg -chapter 1-17 dvd://1

Should be pretty obvious, but chapter is the title chapters and dvd://1 is your dvd drive title number 1.

The iproute2 tools are default installed on most major linux distributions now, but few people know how to use them. Once you are familiar with them though, you will lament having to use ifconfig and route. Here is a quick chart on iproute2 replacement commands.