+ Post New Thread
Results 1 to 9 of 9
*nix Thread, old linux web server and authenticating with W2k8 server in Technical; Dear All I have a question regarding an old Linux box we have which is running Gentoo 2.6.17-gentoo-r4. We host ...
  1. #1
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    728
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25

    old linux web server and authenticating with W2k8 server

    Dear All

    I have a question regarding an old Linux box we have which is running Gentoo 2.6.17-gentoo-r4. We host a web service on this box.

    Our network has 1 2003 DC which we want to decomission very soon and 2 2008 DC's which were recently put in to replace our old 2003 servers. This 1 2003 dc seem to be the bain of our problems because when we did a test shutdown on the 2003 server we wanted to test to see if any of our services because my worry was a lot of other services around school relied on this server because it was the first server in the forest when our AD network was created about 5 years ago. We did indeed find that some of our Linux boxes stopped working when we did a test shutdown. When the 2003 server was up and running again, all linux services began working again.

    On investigation we found that the linux boxes had entries which explicity pointed to this 2003 server. When we tried changing them to point to the new DC's on the most part some of our Linux boxes began working, there was some issues but these were resolved.

    One server though is still giving us problems when we change it to the new settings, the web service which is running doesnt seem to run properly. This web services relies on Active Directory from the windows network because the way the program works is it looks up AD groups and users.

    The files which we amended were:

    /etc/krb5.conf

    [libdefaults]
    default_realm = domain name of school

    [realms]
    domainname>PRI = {
    kdc = neww2k8server.domainname.pri was originally oldserver2k3.domainname.pri
    kdc = neww2k8server.domainname was originally oldserver2k3.domainname.pri
    }

    /etc/samba/smb.conf

    [global]
    workgroup = domainname
    netbios name = nameoflinuxserver
    realm = domainname.pri
    server string = Reboot System Server
    security = ads
    encrypt passwords = Yes
    password server = old 2003 DC, new 2008 dc, new 2008 dc
    log file = /var/log/samba/%m.log
    max log size = 0
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    preferred master = False
    local master = No
    domain master = False
    dns proxy = No
    winbind separator = \
    winbind enum user = yes
    winbind enum groups = yes
    winbind use default domain = yes
    idmap uid = 10000-20000
    idmap gid = 10000-20000

    We adjusted the line where it has password server. My understanding of Linux is beginner but I believe that this box may rely on Samba for it to work properly.

    I read on a few forums that maybe upgrading to the latest version of Samba may do the trick, as the Linux box is fairly old and with an old version of Samba it may have issues connecting to 2008 boxes.

    Not sure if this is related but I tried disabling NetBIOS over tcpip in the network settings on the 2003 server and found that when we went to the web page hosted by this linux server it comes up with a Internal server error "the server encountered an internal error or misconfiguration and was unable to complete your request". If I enable Netbios on the 2k3 server again, it works again.

    I have only amended smb.conf and krb5.conf on the gentoo box, could there be other configs which could need changing?

    Any advice on this would be most appreciated.

    Thanks

  2. #2

    Join Date
    Nov 2009
    Location
    Swansea
    Posts
    8
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    0
    Quote Originally Posted by ranj View Post
    I have a question regarding an old Linux box we have which is running Gentoo 2.6.17-gentoo-r4. We host a web service on this box.
    You could probably do with running some updates, but for a novice Gentoo user it can be a little scary... - concentrate on get it working if you can before trying out updates....


    Quote Originally Posted by ranj View Post
    [realms]
    domainname>PRI = {
    kdc = neww2k8server.domainname.pri was originally oldserver2k3.domainname.pri
    kdc = neww2k8server.domainname was originally oldserver2k3.domainname.pri
    }
    Do all these DNS entries resolve Ok on the Linux box, e.g. with the host or nslookup commands. Have you check if the entries are hard coded into the /etc/hosts file - If so update this accordingly.


    Quote Originally Posted by ranj View Post
    We adjusted the line where it has password server. My understanding of Linux is beginner but I believe that this box may rely on Samba for it to work properly.

    I read on a few forums that maybe upgrading to the latest version of Samba may do the trick, as the Linux box is fairly old and with an old version of Samba it may have issues connecting to 2008 boxes.
    I'm a bit of Linux junkie (Gentoo especially) but not so much of a Windows one (certainly not dabbled in 2008 yet). Linux could itself work fine without Samba working (should at least be able to login locally as root). Although it's possible that local authenitcation has been configured to talk to AD via LDAP or via Kerberos. Check /etc/ldap.conf and /etc/pam.d for details. You may find the packages nss_ldap and pam_ldap (i think?) are installed


    Quote Originally Posted by ranj View Post
    Not sure if this is related but I tried disabling NetBIOS over tcpip in the network settings on the 2003 server and found that when we went to the web page hosted by this linux server it comes up with a Internal server error "the server encountered an internal error or misconfiguration and was unable to complete your request". If I enable Netbios on the 2k3 server again, it works again.
    Linux will be talking over TCP/IP. I'm wondering if you have the webserver (Apache?) configured to use an NTLM module for authentication against web pages (possibly seperately to Samba) - check in /etc/apache2/ somewhere...

  3. Thanks to aggie from:

    ranj (13th January 2010)

  4. #3
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    728
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Hi

    One another question I had was how do I go about setting up webmin on this Gentoo machine? If I try to use the apt-get command it says the command cannot be found.

    It seems though that this machine has been completly stripped down with access to hardly anything. I do have root access to this machine so unsure why I still cannot do it

  5. #4
    Tyiell's Avatar
    Join Date
    Apr 2009
    Location
    Like everyone in IT - I'm omnipresent...
    Posts
    373
    Thank Post
    147
    Thanked 67 Times in 44 Posts
    Rep Power
    24
    I only know how to get it on in Ubuntu - but if it uses apt-get it should be similar.

    Edit your Sources list (/etc/apt/sources.list) and add the following line to the bottom of the file:

    Code:
    deb http://download.webmin.com/downlaod/repository sarge contrib
    Then in the terminsal enter the following:

    Code:
    cd ~
    wget http://www.webmin.com/jcameron-key.asc
    sudo apt-key add jcameron-key.asc
    sudo apt-get update
    sudo apt-get install webmin
    Hope that helps!

  6. #5
    Tyiell's Avatar
    Join Date
    Apr 2009
    Location
    Like everyone in IT - I'm omnipresent...
    Posts
    373
    Thank Post
    147
    Thanked 67 Times in 44 Posts
    Rep Power
    24
    Oops, looks like you've caught me not reading your post correctly - I read that as you couldn't get apt-get to work for webmin, not that apt-get itself doesn't run. Ive never heard of apt-get being stripped out of a machine, though I'm sure it's possible...

  7. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    Quote Originally Posted by Tyiell View Post
    Oops, looks like you've caught me not reading your post correctly - I read that as you couldn't get apt-get to work for webmin, not that apt-get itself doesn't run. Ive never heard of apt-get being stripped out of a machine, though I'm sure it's possible...
    It's priority important, so it will quite cheerfully remove itself if you're silly enough to tell it to. You really shouldn't though.

    dpkg, dselect and friends are priority required, so you can't remove them (without really telling it to, which it will then cheerfully do. You shouldn't ever do though.)

  8. #7

    Join Date
    Nov 2009
    Location
    Swansea
    Posts
    8
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    0
    I think this thread has drifted a little off course... maybe a bit like the british weather right now!

    Gentoo is a completely different distribution to Ubuntu. apt-get hasn't been stripped out, it never existed in Gentoo to start with. apt (and it's associated commands) are part of Debian and as a result Ubuntu.

    Gentoo uses a package manager/library called Portage.

    You should read this page

    Gentoo Linux Documentation -- A Portage Introduction

    The crux of it is will be.

    You need to run...

    emerge --sync
    Carefully follow any instructions, such as updates to portage, and then follow it's instructions also.

    then run

    emerge -up app-admin/webmin
    Check what 'use' flags it has and what dependencies it is going to install. If your happy with the defaults then just issue...

    emerge app-admin/webmin
    Note: that the packages probably take a little while to install as it involves the system compiling packages from the source code.

  9. 2 Thanks to aggie:

    ranj (13th January 2010), Tyiell (14th January 2010)

  10. #8
    Tyiell's Avatar
    Join Date
    Apr 2009
    Location
    Like everyone in IT - I'm omnipresent...
    Posts
    373
    Thank Post
    147
    Thanked 67 Times in 44 Posts
    Rep Power
    24
    Sorry, I had assumed from previous posts that Gentoo (which I haven't used) is debian based, and posted apt-get commands accordingly. My mistake - of course since it is not debian based, that would be why apt-get was an unknown command
    Last edited by Tyiell; 14th January 2010 at 02:23 PM.

  11. #9

    Join Date
    Oct 2008
    Posts
    213
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    21
    A quick wbinfo -t will tell you if the machine is still trusted and a wbinfo -g should pull a list of AD groups if it is. If these commands work then the machine is still part of your domain. I would consider removing the machine from AD then adding it again sans reference to the 2003 machine. That way you know it is part of the AD forest without the 2003 machine there (although technically it shouldnt matter).

    Dont forget to check your /etc/resolv.conf to see if the 2003 box is the only nameserver on there as you wont be able to resolve the names of the new boxes without the 2003 box in this case. Make sure there arent any fancy references in your HOSTS file pointing to hardcoded addresses on the old 2003 machine.

SHARE:
+ Post New Thread

Similar Threads

  1. Server Spec - XenServer/W2k8/XenApp
    By bodminman in forum Hardware
    Replies: 4
    Last Post: 19th June 2009, 12:28 PM
  2. Linux NAS or Server 2003 R2 File server
    By jonathan.lees in forum *nix
    Replies: 8
    Last Post: 27th March 2008, 01:09 PM
  3. Replies: 5
    Last Post: 27th April 2007, 06:30 PM
  4. using Linux for a web/intranet server
    By beeswax in forum *nix
    Replies: 47
    Last Post: 31st January 2006, 10:23 PM
  5. Replies: 19
    Last Post: 2nd November 2005, 12:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •