Wednesday, January 23, 2008

Samba for authentiation with AD - win2003 R2 using idmap_ad

I only paste my smb.conf here which I think may be useful for others. This smb.conf works fine on RHEL4-U6 and RHEL5 which uses idmap_ad module for getting user/group information.

[global]
workgroup = WORKGROUP
netbios name = netbiosname
realm = REALM
server string = RHEL4 Test Server
security = ads
password server =
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
idmap backend = ad
idmap uid = 1500-100000
idmap gid = 1500-100000
winbind separator = +
winbind use default domain = yes
cups options = raw
winbind nss info = rfc2307

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

Configure /etc/krb5.conf appropriately, if using kerberos for authentication.

Join the system to Active Directory Domain.

# net ads join -U administrator

Run authconfig and chose winbind for name service and kerberos for authentication. Don't join the system to domain in this attempt since we have already joined it.

Restart winbind. Now every ad user should be able to log in to linux system. Note that for idmap_ad to work, you should have Active Directory schema extended and Unix Attributes for AD users defined in advance.

Tuesday, January 22, 2008

Bonding with xen

1 - Stop all guests. Reboot dom0 after running "chkconfig xend off" and "chkconfig xendomains off".
2 - Configure bond0 by enslaving eth0 and eth1 to it. I added the below two entries to /etc/modprobe.conf.

alias bond0 bonding
options bond0 mode=1,miimon=100

Content of /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

Content of /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

Content of /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
IPADDR=
NETMASK=
ONBOOT=yes
BOOTPROTO=static
USERCTL=no

Did "modprobe bond0" and "service network restart" after that.

3 - Edit /etc/xen/xend-config.sxp

Change

(network-script network-bridge)

To

(network-script 'network-bridge netdev=bond0')

4 - Start xend. "service xend start".

5 - chkconfig xend on.

6 - Create guest images as usual and bridge it to xenbr0.