Tuesday, December 31, 2013

ubuntu 8.04 upgrade samba process

samba 3.0.28a and windows 7 are having a bad day.
i've done all the usual registry tricks and uninstalled KB2536276.  it is time.

of course, i'm running ubuntu 8.04; so no amount of apt-get updating is going to 
bring samba to higher level.
let's sort of roll our own, shall we?  3.4.4 is a nice, stable rev.

pre-prep system.

# apt-get update ; apt-get upgrade ; apt-get apt-get dist-upgrade

what?!  it is time.  this system does nothing but samba anyway... and yes, i have backups.

# apt-get install libldap2-dev libkrb5-dev uuid-dev libpam0g-dev zlib1g-dev build-essential 
# apt-get build-dep samba

# cd ~/
# apt-get source samba
# cat ~/samba-3.0.28a/debian/rules | less

take note of all the switches, we're going to use them later.

time to download the source.

# mkdir -p /usr/local/src/samba
# cd /usr/local/src/samba
# wget http://samba.org/samba/ftp/stable/samba-3.4.4.tar.gz
# tar zxvf samba-3.4.4.tar.gz
# cd samba-3.4.4/source3

if you're working with windows server 2012, just download the samba-3.6.8.tar.gz 
and follow the same instructions...

now, run configure using the os-specific switches:

./configure -–cache-file=./config.cache \
-–prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-privatedir=/etc/samba \
--with-piddir=/var/run/samba \
--with-fhs \
--enable-shared \
--enable-static \
--disable-pie \
--with-rootsbindir=/sbin \
--with-pammodulesdir=/lib/security \
--with-pam \
--with-syslog \
--with-utmp \
--with-readline \
--with-pam_smbpass \
--with-libsmbclient \
--with-winbind \
--with-shared-modules=idmap_rid,idmap_ad \
--with-automount \
--with-ldap \
--with-ads \
--with-dnsupdate \
--with-cifsmount \ <-- is not recognized in samba 3.6.8 (rev compat with win 2012)
--with-acl-support \

take note:
sometimes in the process of doing configure your system will bark.  in my case, uuid.h .
note apt-get command above only includes my missing packages; your mileage may vary.

# apt-cache search uuid | grep -- -dev
libblkid-dev - block device id library - headers and static libraries
libossp-uuid-dev - OSSP uuid ISO-C and C++ - headers and static libraries
uuid-dev - universally unique id library - headers and static libraries

neat.  it works.

# make

Using CFLAGS = -O -I. -I/root/samba-3.4.3/source3 -I/root/samba-3.4.3/source3/../lib/popt -I/root/samba-3.4.3/source3/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -DHAVE_CONFIG_H -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -I./../lib/popt -DLDAP_DEPRECATED -I/root/samba-3.4.3/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3

... snip ...

that went okay.

# make install

neat.  i just installed over my old binaries.

take note:
The binaries are installed. You may restore the old binaries (if there
were any) using the command "make revert". You may uninstall the binaries
using the command "make uninstallbin" or "make uninstall" to uninstall
binaries, man pages and shell scripts.

register samba libs.

# echo "/etc/samba" > /etc/ld.so.conf.d/samba.conf
# ldconfig

make sure we've got all the handles for our windows clients set.  to make those permanent, reboot.
otherwise, command-line it.

in "/etc/security/limits.conf" add line: 
* - nofile 16384 

# ulimit -n 16384

then start the daemon.

# /etc/init.d/samba start
* Starting Samba daemons [ OK ]

neat.  it works.

take note:
you may need to re-add the system to your domain; as alluded to in spiffy messages such as the below:

[2013/12/31 10:51:08.876223,  0] auth/auth_domain.c:212(connect_to_domain_password_server)
  connect_to_domain_password_server: could not fetch trust account password for domain 'DOMAIN'
[2013/12/31 10:51:08.876964,  0] auth/auth_domain.c:292(domain_client_validate)
  domain_client_validate: Domain password server not available.


Wednesday, December 18, 2013

ssh is offline on my sol11 box. great.

from here http://pg8873.blogspot.com/2011/02/solaris-ssh-is-offline.html
Solaris ssh is offline

I'm sure you must have seen a situation like this, where for some reason ssh died and you cannot login to the server remotely. If you have console access to box, you see the ssh is offline. 

root@app1 # svcs -a | grep ssh
offline 1:40:22 svc:/network/ssh:default

svcs -d will tell us what other services depends on ssh 

root@app1 # svcs -d ssh
online 1:40:19 svc:/network/loopback:default
online 1:40:24 svc:/network/physical:default
disable 1:41:04 svc:/system/cryptosvc:default
online 1:41:16 svc:/system/filesystem/local:default
online 1:42:44 svc:/system/filesystem/autofs:default
online 1:42:43 svc:/system/utmp:default

Offline means that the service is enabled, but something it depends on is missing, disable or in maintenance mode

Here in our case crypto is disable. You might have a service with lots of dependencies that are disabled, or you might have dependencies disabled many levels deep.

Do you want to walk through all those services, find out why they're not on, and enable every dependency by hand? Of course you don't. So svcadm has a "recursive enable" option that goes through and enables everything that your service depends on.

# svcadm enable -r network/ssh

#svcs network/ssh
online 1:02:23 svc:/network/ssh:default

#svcs -d network/ssh:default
online 1:40:19 svc:/network/loopback:default
online 1:40:24 svc:/network/physical:default
disabled 1:41:04 svc:/system/cryptosvc:default
online 1:41:16 svc:/system/filesystem/local:default
online 1:42:44 svc:/system/filesystem/autofs:default
online 1:42:43 svc:/system/utmp:default

As you can see, we recursively enabled not only ssh, but everything it depended on, allowing it to come online.

One last option of note for enable/disable is the "temporary" option. Say that you want to enable/disable a service just for this session, but have it revert to its previous state on reboot, in case there are problems. If ssh is disabled and you issue:

#svcadm enable -t network/ssh
The enable will only be temporary. If you reboot the machine, the service will once again be disabled.

Refresh serves two purposes. One is if you've changed any of the properties of your service, say that you've added a dependency or changed the timeout for starting, you refresh the service, and the properties become active. The other purpose is that there's an optional method, in addition to "start" and "stop", called "refresh" that you can define. If your daemon can be sent a HUP signal to re-read its configuration file, you put this in the refresh method, and when you refresh the service, this method is called.

Restart is pretty self evident. Restarting a service means that you stop it and start it again. Where in the past you might have issued a

/etc/init.d/sendmail stop followed by /etc/init.d/sendmail start, now you would use:

#svcadm restart network/smtp:sendmail
... which will restart sendmail.

mark (degraded | maintenance)
Mark is used to force a service into a certain state. (The states are here if you've forgotten them) An administrator might want to force a service into the maintenance state to let other administrators know that there's something wrong with it that needs to be addressed before it's started again. You can force a service into either maintenance (which will shut the service down) or degraded (which will leave it running, but let others know that it's running in a degraded state).

Keeping with our earlier example of ssh:

#svcadm mark maintenance network/ssh

#svcs network/ssh
maintenance 1:12:47 svc:/network/ssh:default

Clear is used to "reset" the state of a service, and have it be re-evaluated. For example, say that syslog is in maintenance:

#svcs system/system-log
maintenance 1:15:33 svc:/system/system-log:default
You debug the problem, and realize that syslog failed to start because someone had accidentally deleted syslog.conf, which syslog needs to start. It attempted to start, saw that the conf file was missing, and fell into maintenance. You repair the file, and issue a clear:

# svcadm clear system/system-log

# svcs system/system-log
online 1:25:07 svc:/system/system-log:default